last executing test programs: 1m21.431509991s ago: executing program 0 (id=235): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000000000000400850000"], 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xe, 0x4, 0x8, 0x7}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000670000007b8af0ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 1m13.448551696s ago: executing program 0 (id=235): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000000000000400850000"], 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xe, 0x4, 0x8, 0x7}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000670000007b8af0ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 1m5.415412574s ago: executing program 0 (id=235): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000000000000400850000"], 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xe, 0x4, 0x8, 0x7}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000670000007b8af0ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 19.837489632s ago: executing program 0 (id=235): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000000000000400850000"], 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xe, 0x4, 0x8, 0x7}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000670000007b8af0ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 13.346594647s ago: executing program 0 (id=235): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000000000000400850000"], 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xe, 0x4, 0x8, 0x7}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000670000007b8af0ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 4.628639609s ago: executing program 0 (id=235): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000000000000400850000"], 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xe, 0x4, 0x8, 0x7}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000670000007b8af0ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 3.341263868s ago: executing program 2 (id=878): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40bc5311, &(0x7f0000000000)={0x80, 0x1, 0x0, 0x0, 0x4000000}) 3.340999277s ago: executing program 2 (id=879): r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r0, &(0x7f0000000180)={0x1a, 0x0, 0xfc, 0x8, 0x0, 0x0, @multicast}, 0x10) sendmmsg$unix(r0, &(0x7f0000002b40)=[{{&(0x7f0000000580)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4000094}, 0xeffd}, {{&(0x7f0000000bc0)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x24040848}}], 0x2, 0x24044002) 2.774649355s ago: executing program 3 (id=881): openat(0xffffffffffffff9c, &(0x7f0000000080)='./file3\x00', 0x105042, 0x0) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f0000000000)='./file3\x00', &(0x7f00000003c0)='ocfs2\x00', 0x0, &(0x7f0000000300)='acl') (fail_nth: 12) 2.690906173s ago: executing program 3 (id=883): bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x2, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_emit_ethernet(0x482, &(0x7f0000000800)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa0086dd63ee2886044c110000000000000000000000000000000001fe88000000000000000000000000010100190000000000000102000005020001000100088caa3d9fc34610b96650af8b7759466a9a2493ebb0be5ee44f28a4a0804da09125fe957a68658da34ba0d628d0084a0a4346259bae17d28eedcde583bbf68690bc7ae234ce95f0f8b30ce1bc4fad9abb4dfd951cf242f06c54e7dcb889084b7f1aa87d8e5f7c4b446e0baab9c896857b779c078b9bacdad243cd53aeec911192408f0ac93d2fb3238e813e4163000100000100000100c910ff020000000000000000000000000001c910fe80000000000000000000000000003a050200000000000000007332000000000000050200090740000000010e0608000180ffffffffffff00020000000000000900000000000000010000000000000004000000000000000100000000000000bd9b000000000000c2040000000481aee29af31e62dba058e676be61a35214a83e45a88d07ca8903436ebc981602622e85bea50f9eae419b18774c3587b040659ac014880220b5b36b3488eda1bf9ed6aa21223358a82cc44b035307d0bcb2b6a2db0a649da291555cf3ec2fc2f713b2bec5cfa0df2d7c855bbead7e29aa63aaa25d2007f4183a54aa8dc5dd4ff872088c0938554fdc1122308949fdfe6f5438f67f828d5fbbb8794af8a782598e9c869981a631d8fc9695444f569d4ca3040101018b26289fed7ee581029317cc63c72358cceb3358d820b4e6fc3873f03aeac5f034e32d356a87215c1cab0d9ec13038fa08adba99e57b0499b9754609f6e5066847a3bbdc26c4fba18ee5a742927752e14420e3630da4064e5ca15961b67c27ee1261d9cfa4f035a71b279a36707de16a54c7712e8e398c5bb9f135f5bb45b7b7d6a65ba97aefae2baec023fb0502000201000000000000008704040280100600fe880000000000000000000000000101fc0100000000000000000000000000001201000000000000000100c20400000005000000000000002c0b0000000000005e43e32b4823f0b16b7717e86c8c10d005afd0466b509b56063f809ab742441c2d4e8fdaeaef0c9058658052103c876416d709d56ed8f561be9ac7c901a748ca954e2e144607100000000302020700ffffffffffffffffc204000010000000003b0404020028ff0320010000000000000000000000000001fc02000000000000000000000000000116010000000000000101000800c204fffffff700000000004e224e2200ec9078820400018000000034065ad17fec7227d872a5324d38306e4711f6177cc8c1f6c585ea4d1f6ddd644f858273babc902c18361d993580db96c386cd893b9f3208c945f3bd37afe49804e59ebba7c07cc69ce76d85dfaa249c77b02f61dbc4265b7a7abd2cadd165afa8fc8911b16d66641fe65d5e0cd18e0d005fbfeda1817b6a79cbaabdbd1c38119b6c5b8e65eccd8ed3734693730f39c953af7daf23c8ac3ea934729589998c306b71221075c87cf661929145f9eeed5ad1b542e848161cb2ec24751e2d10c1ef56f23daa32c0a74cdc42"], 0x0) ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045011, 0x0) openat$rtc(0xffffff9c, 0x0, 0x8103, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x0, @win={{0x3, 0x4, 0x4, 0x6}, 0x2, 0x4, &(0x7f0000000400)={{0x2, 0xf66, 0x401, 0x7fff}, &(0x7f00000003c0)={{0x6804af13, 0x81, 0x277, 0x4}, &(0x7f0000000280)={{0x0, 0x2, 0x2, 0x9f1}}}}, 0x4, &(0x7f0000000440)="b791b08a5745359030df1c0c23be05b72deb709a4811c4844a64198a598dd1ed9791d6a9b1883e54626f2632bce4ea35bc2713bb343859bbd62997ed54326ae454d49fc066445a16959915dd44b2a6833459239fba1c570ecf38e201997a0e2934f68827a2e7dfc8e2a5404f62d4895d"}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x4) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) openat$nmem0(0xffffff9c, &(0x7f0000000040), 0x101040, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) r1 = socket$kcm(0x10, 0x2, 0x4) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000300)={'ip6_vti0\x00', 0x0}) ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000c80)={0x3, 0x3, {0x3, @struct={0x3, 0x6}, 0x0, 0x7, 0xa9, 0x10001, 0x93, 0xfff, 0x28, @usage=0x2, 0x6, 0x3, [0x2, 0x8, 0x1, 0x400, 0x6, 0x10001]}, {0xff, @struct={0x6, 0x5}, 0x0, 0x8, 0x2, 0x401, 0x58a, 0xfffffffffffffffd, 0x40, @struct={0x2, 0x2}, 0xfff, 0xd, [0x4, 0x200, 0x3, 0xa, 0xd, 0x4]}, {0x4, @struct={0x4, 0xffffff58}, 0x0, 0x3, 0x1, 0x6, 0x0, 0x1, 0xa0, @usage=0x3, 0x0, 0x4dcfe0e9, [0x2eae800000000, 0x1, 0x1, 0xdf00, 0x0, 0xa]}, {0x0, 0x2, 0x10000}}) ioctl$BTRFS_IOC_GET_DEV_STATS(r1, 0xc4089434, &(0x7f0000001080)={r4, 0x2, 0x0, [0x100000001, 0x80000001, 0x8, 0x79, 0x8], [0x6, 0xffff, 0x40, 0x3, 0x4, 0x4d, 0xc, 0x9, 0xfffffffffffff801, 0xf, 0x6, 0xa, 0x30ac, 0xffff, 0x94, 0x2, 0x200, 0x1a600, 0xfffffffffffffffc, 0x9204, 0x7, 0x59ef, 0xfffffffffffffff8, 0xfffffffffffffff7, 0x8, 0x8, 0x0, 0x1, 0x7fffffff, 0xb, 0x4abc6081, 0x8, 0x8000, 0x9, 0x9, 0x44, 0x401, 0x9, 0x6, 0xf8, 0xffffffffffffffff, 0xa6, 0x6, 0x1, 0x4, 0x4e, 0xfffffffffffffffc, 0x82, 0x3, 0x8000, 0x4f55, 0x2000000000000000, 0x3, 0x6, 0x40, 0xd91e, 0x7, 0xfffffffffffffffa, 0x40, 0x0, 0xd7, 0x7, 0x6, 0x5, 0x4000000, 0x5, 0x4, 0x4, 0xfffffffffffffffe, 0x0, 0x8001, 0x2, 0x8, 0xf, 0x8000, 0x7f25, 0x6, 0x4, 0x6, 0x3ff, 0x2, 0x8000000000000000, 0x100000000, 0x5, 0x7, 0x1, 0x4, 0x7, 0x3, 0xffffffff, 0x5, 0x4, 0x8, 0x9, 0x7, 0x4a2, 0xc, 0x4, 0x400, 0x5f41, 0x6, 0x5d, 0x1, 0x2, 0xf11, 0x9, 0x2, 0xfffffffffffffff9, 0x8, 0x9, 0x10, 0x9, 0x6, 0x9, 0x0, 0x2e3, 0x1ff, 0x5, 0xb, 0x10000, 0x6]}) r5 = syz_open_dev$I2C(&(0x7f0000003000), 0x0, 0x0) ioctl$I2C_SMBUS(r5, 0x720, &(0x7f0000003080)={0x1, 0x0, 0x6, &(0x7f0000003040)={0x0, "f4e1a230be8f46463fb1a5f1b44f44eaa65e485b747aa95df8c01eaf07677d18bc"}}) openat$hpet(0xffffffffffffff9c, &(0x7f0000000240), 0x40100, 0x0) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) socket$phonet_pipe(0x23, 0x5, 0x2) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x9, 0x2) r6 = socket$inet6(0xa, 0x2, 0x3a) sendmmsg$inet6(r6, &(0x7f0000000080)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x12}, 0x1c, &(0x7f0000000000)=[{&(0x7f0000000100)="a0002883781ecc0e", 0x8}], 0x1}}], 0x1, 0x4) 2.502374693s ago: executing program 2 (id=885): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x1f, 0xb, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, [@printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3f}, {0x85, 0x0, 0x0, 0x4}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) r1 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000300), r0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) clock_settime(0x6, &(0x7f0000000100)={r2, r3+60000000}) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r4) sendmsg$NLBL_MGMT_C_ADDDEF(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)={0x1c, r5, 0x1, 0x703d25, 0x25dfdbfb, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4044040}, 0xc042) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_MGMT_C_LISTDEF(r6, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, r5, 0x300, 0x70bd2c, 0x25dfdbfd, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0xffffffffffffffff}]}, 0x24}, 0x1, 0x0, 0x0, 0x4002}, 0x4000001) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x58, r5, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @rand_addr=0x64010100}, @NLBL_MGMT_A_CV4DOI={0x8}, @NLBL_MGMT_A_CV4DOI={0x8}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @multicast2}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @empty}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008080}, 0x800) sendmsg$NET_DM_CMD_START(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r1, 0x1}, 0x14}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x8, 0x10001, 0x9, 0x1}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\'\x00\x00\x00\a'], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='2', 0x1, 0x4fed0) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r7, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r7, &(0x7f0000000000), 0xd) sendmsg$NET_DM_CMD_STOP(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r1, 0x1, 0x70bd25, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4010}, 0x4040004) 2.330983248s ago: executing program 2 (id=888): ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000040)={0x1, 0x3, 0xfffffffe, 0x717e387b, 0x40, "1ae34e0626788a22b2fb12dab240794233a5bd", 0x6, 0x2}) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000020c0), 0x60081, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) syz_open_dev$sg(&(0x7f0000000080), 0xb1e, 0x101000) ioctl$TCSETS(r0, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x1000, 0xe5, 0x10, "3ecc8735000048acec6e0010060000040100"}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0xf9) r1 = syz_open_dev$usbfs(&(0x7f0000000300), 0x200, 0x102) syz_open_dev$dri(&(0x7f0000000000), 0x2e, 0x8000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000340)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close(r1) r5 = socket(0x40000000015, 0x5, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r7 = socket(0x400000000010, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x10}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x800) sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001300)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r9, {0xf0, 0xffe0}, {}, {0xa}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x2}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x20000000) connect$inet(r5, &(0x7f0000000080)={0x2, 0x4e21, @loopback}, 0x10) 2.328890347s ago: executing program 1 (id=896): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000440)=@gcm_256={{0x303}, "b65b97f47cb8f212", "3d906889a315ca06db39e7ef7fe5d8aaa3d9e19afe94c5fa320527e300", "ce9502a3"}, 0x38) sendto$inet6(r0, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137) 2.260059552s ago: executing program 1 (id=889): r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r1 = dup(r0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x4, &(0x7f00000004c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x4}, [@ldst={0x1, 0x814bf49abd6f44da, 0x0, 0x9, 0x1, 0x20, 0xfffffffffffffffc}]}, &(0x7f0000000980)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x305e, &(0x7f00000005c0)={0x0, 0xbc23, 0x10000, 0x2, 0x403f, 0x0, r1}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x9, 0x0, 0x0, 0x0, {0x40}}) io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000040)=[r1, r1, r0, r0, r1, r1, r1, r0, r1, r0], 0xa) io_uring_enter(r2, 0x2def, 0x4000, 0x0, 0x0, 0x0) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) listen(r5, 0x7) accept4$x25(r5, 0x0, 0x0, 0x80800) io_uring_register$IORING_REGISTER_MEM_REGION(r2, 0x22, &(0x7f0000000200)={&(0x7f0000000180)={&(0x7f00000000c0)="0381c98301286adbaaa0ab67e692fc5d22af0953b24d930020f2d708768da7", 0x1f, 0x1, 0x0, 0x6}, 0x1}, 0x1) 2.259726715s ago: executing program 3 (id=890): openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x6, &(0x7f0000000100), 0x4) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x8, 0x4}) r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0xfffffd52, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r4, 0xc01c64a3, &(0x7f0000000100)={0x3, r6, 0xffffffff, 0x400, 0xa, 0x1ff, 0x1}) syz_emit_ethernet(0x42, &(0x7f0000000280)=ANY=[@ANYRES8], 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26}) read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f00000000c0)={0x0, 0x80600}) r7 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r7, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) setsockopt$SO_BINDTODEVICE_wg(r7, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4) sendto$inet(r7, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) r8 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="02010089080000000000000000000000030005000000000002000000ac1414000000000000000000030006000000000002"], 0x40}}, 0x0) 1.379901407s ago: executing program 1 (id=891): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=@getlink={0x28, 0x12, 0xb23, 0x7000000, 0x0, {}, [@IFLA_VFINFO_LIST={0x8, 0x12, 0x0, 0x1, [{0x4}]}]}, 0x28}}, 0x0) 1.290597637s ago: executing program 3 (id=892): setrlimit(0xd, &(0x7f0000000300)={0x200, 0xffffffffffffffff}) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4f, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000002c0)={0x4c, 0x0, &(0x7f0000000640)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) 1.290288973s ago: executing program 3 (id=893): creat(&(0x7f0000000240)='./file0\x00', 0x40) unshare(0x62040200) (async) unshare(0x62040200) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_dsack\x00', 0x1, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000005580)='/sys/kernel/vmcoreinfo', 0x0, 0x0) (async) openat$sysfs(0xffffffffffffff9c, &(0x7f0000005580)='/sys/kernel/vmcoreinfo', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) syz_open_dev$dri(0x0, 0x1f, 0x0) (async) syz_open_dev$dri(0x0, 0x1f, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000d84000)={0xa, 0x2, 0x200008, @loopback, 0x39}, 0x1c) r3 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) (async) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$igmp(0x2, 0x3, 0x2) (async) socket$igmp(0x2, 0x3, 0x2) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c0002800500010000000000080007"], 0x98}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002800)=ANY=[@ANYBLOB="940000000001010300000000000000000a0000003c0001802c00018014000300000000000000000000000000000000001400040000000000000000000000ffffac1e00010c00028005000100000000003c0002802c000180140003000000000000000005000000000000000114000400fe800000000000000000820000aa0c00028005000100"/148], 0x94}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x14, 0x2, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x8094}, 0x4) (async) sendmsg$IPCTNL_MSG_CT_DELETE(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x14, 0x2, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x8094}, 0x4) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000010c0)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}}, 0x0, 0x0, 0x1b, 0x0, "61a1ed8439cde8054f2ada6fcd5fe76b933e8bb0ac60081e33dffa150835f7519d5f73b4f5d80eb4881a5b98cb9fb96d225d602392f816d0bdcc09b5063087117502d8c24f1fe97f61fd27a06d6a38a7"}, 0xd8) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000841, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @empty}, 0x1c) (async) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000841, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @empty}, 0x1c) socket$phonet_pipe(0x23, 0x5, 0x2) 459.78716ms ago: executing program 1 (id=894): r0 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff}, 0xf2117729d4c83f22) r2 = dup(r0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000012900)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f00000000c0)) r3 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_LOOPBACK(r3, 0x65, 0x3, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x38, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}, @NFT_MSG_NEWSETELEM={0x38, 0xc, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x1}]}], {0x14, 0x10}}, 0xb8}}, 0x0) syz_emit_ethernet(0x86, &(0x7f00000010c0)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x3, 0x78, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local}, @redirect={0x5, 0x0, 0x0, @multicast2, {0x17, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @loopback, @local, {[@timestamp_addr={0x44, 0xc, 0x0, 0x1, 0x0, [{@rand_addr, 0x4e210000}]}, @timestamp_addr={0x44, 0x3c, 0x0, 0x1, 0x0, [{@multicast1}, {}, {@dev}, {@private, 0x4}, {@broadcast}, {@multicast2}, {@dev}]}]}}}}}}}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file3\x00', 0x105042, 0x0) mount(&(0x7f0000000040)=@md0, &(0x7f0000000000)='./file0\x00', &(0x7f00000003c0)='bdev\x00', 0x60454, &(0x7f0000000100)='\x80\x00\x00') ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000140)=0x200) 459.230434ms ago: executing program 1 (id=895): r0 = socket$pppoe(0x18, 0x1, 0x0) mmap(&(0x7f0000409000/0x2000)=nil, 0x2000, 0x0, 0x200000005c831, 0xffffffffffffffff, 0x2000) r1 = socket(0x10, 0x3, 0x0) r2 = syz_open_dev$vim2m(&(0x7f0000000040), 0x94, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000000)={0x6, 0x2, 0x4, 0x0, 0x1}) ioctl$vim2m_VIDIOC_QBUF(r2, 0xc0445609, &(0x7f0000000180)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "ecc33085"}, 0x0, 0x1, {0x0}}) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10) connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) connect$pppoe(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, {0x15, @random="168d2bc25cd2", 'gretap0\x00'}}, 0x1e) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000040)=0x2) lseek(0xffffffffffffffff, 0x2084, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e22, @private=0xa010101}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000140)={&(0x7f0000000cc0)=ANY=[@ANYRES32=0x0], 0x8d0}, 0x1, 0x0, 0x0, 0x2}, 0x4090) ioctl$PPPIOCSNPMODE(r3, 0x4008744b, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) io_uring_setup(0x194e, &(0x7f0000000a80)={0x0, 0xd3d5, 0x80, 0x5, 0x2b0}) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000280)) socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet6(0xa, 0xa, 0x400000) connect$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e26, 0xfd9, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x2}, 0x1c) sendmmsg$inet6(r6, 0x0, 0xfffffffffffffdfe, 0x801) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) 350.483886ms ago: executing program 2 (id=897): r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, &(0x7f0000000000)={'8255\x00', [0xb1, 0xb, 0x32, 0x3, 0x2, 0x46, 0x3, 0x8, 0xfffffffe, 0x3, 0x7, 0x3, 0x5, 0x3, 0x6, 0x8, 0x101, 0xfff, 0x3, 0x3, 0x4, 0x1, 0xcb, 0x2, 0x33, 0x3, 0x2, 0xf7a, 0x9984, 0x6, 0x6, 0xa]}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000bc0), r1) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000080)="5c00000011006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac00400020208000200030001a05c10220964df4809139114b20004000300eab556a705251e618294bf0051f60a84c9f4d4938037e786a6d000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) sendmsg$NL802154_CMD_GET_WPAN_PHY(r1, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000c00)={0x14, r2, 0x301, 0x70bd27, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4008881}, 0x800) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) lseek(r4, 0x0, 0x3) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000240)='fsi_master_acf_cmd_rel_addr\x00', r4}, 0x18) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r1) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000340), r1) r5 = openat$fb1(0xffffff9c, &(0x7f00000000c0), 0x123000, 0x0) ioctl$FBIOPUTCMAP(r5, 0x4605, &(0x7f0000000200)={0x3, 0x6, &(0x7f0000000100)=[0x2, 0x6, 0x8001, 0xfff, 0x8, 0x7fff], &(0x7f0000000140)=[0x5, 0x1ff, 0x1, 0x0, 0x2, 0x5, 0x13], &(0x7f0000000180)=[0x72d6, 0x0, 0x7, 0xc6ca, 0xe, 0x8], &(0x7f00000001c0)=[0x2, 0x815, 0x7f]}) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000700)='source', &(0x7f0000000780)='c:::/\x83\xc1\xcfD\xc4AO\x06)\xb03\xfcI\x95w\x96\x9b\xe9\xa6\x1a\x96\xael\x11\xa6\x06\xe3G\xb1\x1d$\xc2;\x8f\xf3\x13\xebB\x93\x94\x01\x8b\x88\xeb\xa3\x01\rx\x86bK&\x13a~\x04/\x18\x14ZM\xcb\xad\x92>\xe5\x01V\xdc\x05#\x13\xe9F\xa0\x1b\xf8\xe12\xe9\x80\x988\xd8?\x86\xe9i\x7f\xa8\xe0c\x94\xc1\xae\x9c\xba\x1c\xfa\xbc\xa8\xbf\xff\xfe\xfe!\x7f2\xf1\xc7P\x80A\x1c2k\xf6}P\x19\xee:i|0\x1c\x13u\xb0I\xaa\xe3\x14\x9a\x1f\x9f(\xd1$\x06\xa8&t&A0\xa7\xef\x9cL\x8e1K', 0x0) 290.632175ms ago: executing program 1 (id=898): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) fanotify_mark(0xffffffffffffffff, 0x105, 0x40009975, 0xffffffffffffffff, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r3, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4) setsockopt$inet6_int(r3, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz1\x00'}) ioctl$sock_bt_hidp_HIDPCONNDEL(r4, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_genetlink_get_family_id$team(&(0x7f00000001c0), r5) sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in6=@remote, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@local, 0x0, 0x33}, @in6=@local, {}, {0x1ff}, {}, 0x0, 0x0, 0xa, 0x5}, [@algo_auth_trunc={0x4c, 0x14, {{'ghash\x00'}}}]}, 0x138}}, 0x20040000) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32, @ANYBLOB="08004e01"], 0x24}, 0x1, 0x0, 0x0, 0x90}, 0x4) syz_emit_ethernet(0xd0, &(0x7f0000000080)={@broadcast, @remote, @void, {@mpls_mc={0x8848, {[{0x6, 0x0, 0x1}, {0x7}, {0x4}, {0x5}, {0x1, 0x0, 0x1}, {0xd43}], @generic="0e25cad3922cb223c7f196353ab2bf21139c8d032cd8a08fb1de1424f64283e19d432c0bb45c670ec1dc3b46baba6085baaebc34b1a5c48503371f2ba1dde174780cbf08fd41334b7116e96d5c50eb3e77cb5f958236540418645473b3479560e0878cb561b7eb786dad4f8d3180256a75177f662b1540172256b9ee7e7870d80eb01f8cf2c14cf44f305cd7b4087ac3d880573904f7cf0f93f14c276dd2c28680c2a8dee9f244f39cd7"}}}}, 0x0) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) 221.001059ms ago: executing program 2 (id=899): ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f00000000c0)={{0xa, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x8, 0x0, 0xfffffffffffffffe, 0x0, 0x80000000005, 0x4, 0x10000, 0x4, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x3, 0x6, 0x0, 0x0, 0x6, 0xae4f, 0x0, 0x0, 0x1, 0x0, 0x20000, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x9, 0xffffefff, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfa2, 0x0, 0xfffffffffffffffb, 0xea4d, 0x375, 0xffffffffffffffff, 0xffffffff, 0x0, 0x0, 0x0, 0x4000, 0x1, 0x3ffffffe, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xc, 0x0, 0x0, 0x9, 0x4000000000000, 0x0, 0x0, 0x0, 0x6, 0x4, 0x0, 0x7, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x71]}) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket(0x2d, 0x2, 0x0) ioctl$SIOCRSGCAUSE(r1, 0x89e0, &(0x7f0000005d80)) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000cc0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000c80)={&(0x7f0000000700)=ANY=[@ANYBLOB="50050000", @ANYRES16=r0, @ANYBLOB="010025bd7000ffdbdf2539000000cc035a801800018014000500090009000400dc3a050003000200090080000380050007000200000005000700010000000500060001000000050006000000000014000300040009bbfcfffcff01010a0000040800240001000b0216240b48020605046c0b0336240b0b120501126c010248048f1801121800140005006b00070000000d000200b6000500020005000600b200000005000600010000005c00008014000300f3ff0000000800081fc50900070085ab050006000200000005000100360000000500070002000000050006000200000019000100020906061b046c60090c1b0912161b02160509060200000005000600010000009c00018009000100360318164800000005000400020000000500040001000000120001002400000c120324090b0b0a043004000005000700010000000a000200573f3d46461800000500060001000000140003000300090000070000df66ff0f4100040038000200232c28001451130c092d2e450443475428083e3328335749352614402007293a395225184f2b453345394a3d17202d361934520268000380050006000000000005000400010000002f000200434112523900492d51450e3e2f011e4f290929493e0b193d42481c023057024829002e364838081e0a2c4f0005000700021400000700020007495500140003000200040008000100070004007d060500700003801400050008de460000000000018014000700fcff05000400000000002e0002004602263d2915383c1b504e2c104d240a4e4720291f56092c1431215738543920205557060035483c162000000e000100060c0c12480306600c600000050006000100000005000600020000000c0000800500070002000000480001801d0001000c6c7104040306016c24030486f03001120b06a3031b06126000000014000300ffff0300010400000b0000060002000000050004000100000078000080050007000900000007000100300036000500070000000000450002005501032150234711423725134603351208142008304a3a154044194c15112d36531c3e470d520a2b12313646592e0d1f30531550042531063948113516102c04510000001400030037520300050003000400050002000d009400018014000300060007000300fbff01000300001008000c00010060063618000b09600500070000000000110001000c3d360316180524101603161b0000001e000100090916360316646c1b02064807362216043002366c304e040c06000005000700020000001600010024091b6c300b04161b090404003002180610000014000500ff7f0900050005000300010002000600b4005a804c000380140003003200ff7f00000500030001000900000405000700000000002a000200310f2652212d39222f07202405480f4d2d1835011104471651565144504e2e082f02002c193b00000c00038005000400010000005800018014000300050081000400ecc800dcff7f8100f7ff1400050002000080000248b7070007000200ffff140003000d0007000700ff01c40002000200f00a050006000000000005000700000000000500070002000000bc005a80580001800a000100050b18020909000014000500ffffae010800bb02080003000b00010007000200391d11002a0002003e0b1b40214b1413410130172e2313040f471d081331082a4657325350504c26010052563d0b0000600003800500070001000000040002000500040001000000140068e39f34690500010000000700000206000400f9ff3000050007000200000005000700020000002400020005104d274d362b07101b4b050a2c2e22944475ba975e6e7e73bd96"], 0x550}, 0x1, 0x0, 0x0, 0x40040}, 0x40000) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r4, 0x800442d2, &(0x7f0000000680)={0x6, &(0x7f00000005c0)=[{0x0, 0x0, 0x0, @link_local}, {}, {0x0, 0x0, 0x0, @link_local}, {0x0, 0x0, 0x0, @local}, {}, {0x0, 0x0, 0x0, @link_local}]}) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x8e, 0x88, 0x5, 0x20, 0x8086, 0x9500, 0xb6d8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1, 0x0, 0x0, 0x15, 0xcc, 0x1c}}]}}]}}, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10) r6 = socket(0x10, 0x3, 0x0) r7 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=@newqdisc={0x78, 0x24, 0x3fe3aa0262d8c783, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xffe8}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x3, 0x0, 0x7ff, 0x1}, 0x0, 0xfffffffc, 0x0, 0x10000, 0xfffffffc, 0x1e, 0x8, 0xc, 0x0, 0x0, {0x0, 0x0, 0xfffffffc, 0x0, 0xfff}}}}]}, 0x78}}, 0x0) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x2, 0x4e20, @multicast1}, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), r2) sendmsg$NL80211_CMD_PROBE_CLIENT(r2, &(0x7f0000000580)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x58, r9, 0x8, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x58}}, 0x8080) r10 = syz_open_dev$I2C(&(0x7f0000000000), 0x80000004, 0x402) preadv(r10, &(0x7f0000000240)=[{&(0x7f0000000140)=""/143, 0x8f}], 0x1, 0x10f, 0x3) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010040000000000002034400000008000300", @ANYRES32=r3, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140002"], 0x4c}}, 0x0) socket(0x11, 0x1, 0x8) 0s ago: executing program 3 (id=900): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) request_key(&(0x7f0000000300)='id_legacy\x00', &(0x7f0000000780)={'syz', 0x3}, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) syz_open_dev$sndctrl(&(0x7f0000000280), 0xffff, 0x220f80) sendmsg$NFT_BATCH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)=ANY=[@ANYBLOB="140000001000010200000000000000000000000a60000000060a0b0400000000000000000200000034000480200001800e000100636f6e6e6c696d69740000000c000280080001400000000010000180090001006c617374000000000900010073797a30000000000900020073797a320000000014000000110001"], 0x88}}, 0x0) close(r2) syz_open_dev$midi(&(0x7f00000001c0), 0x2, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0xe, 0x123100) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) io_uring_enter(0xffffffffffffffff, 0x48e9, 0x0, 0x2, 0x0, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0305720, &(0x7f00000004c0)={0x1, 0xffffffff, 0x2}) io_uring_enter(0xffffffffffffffff, 0x708, 0x41e3, 0x0, 0x0, 0x0) r3 = syz_io_uring_setup(0x88f, &(0x7f0000000340)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000180)=0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x1965cc75d1916e48, &(0x7f00000000c0)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x3, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='rxrpc_conn\x00', r1, 0x0, 0x31}, 0x18) socket$inet6(0xa, 0x80002, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) syz_emit_ethernet(0x4e, &(0x7f00000003c0)=ANY=[], 0x0) syz_emit_ethernet(0x5e, &(0x7f0000000180)=ANY=[@ANYBLOB="aa0086dd602a2af200280600fe8000000000000000000000000000bbfe80000000000000000000f5ffffffa900004e2200000000000000e30000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="a0000003907800001312181adeaa1869189160a10da3dfcad7240000"], 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) socket$xdp(0x2c, 0x3, 0x0) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x2000, @fd_index=0x4, 0x8, &(0x7f0000000140)=""/55, 0x37, 0x1, 0x1}) io_uring_enter(r3, 0x47f6, 0x0, 0x4, 0x0, 0x0) kernel console output (not intermixed with test programs): ? fput+0x70/0xf0 [ 113.841893][ T7802] ? __bpf_prog_get+0x97/0x2a0 [ 113.841907][ T7802] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 113.841917][ T7802] __sys_bpf+0x1485/0x4d80 [ 113.841926][ T7802] ? __lock_acquire+0x622/0x1c90 [ 113.841943][ T7802] ? __pfx___sys_bpf+0x10/0x10 [ 113.841951][ T7802] ? __schedule+0x1181/0x5de0 [ 113.841965][ T7802] ? ksys_write+0x190/0x250 [ 113.841981][ T7802] ? lock_acquire+0x179/0x350 [ 113.842004][ T7802] ? __might_fault+0xe3/0x190 [ 113.842018][ T7802] ? __might_fault+0x13b/0x190 [ 113.842033][ T7802] ? find_held_lock+0x2b/0x80 [ 113.842044][ T7802] ? syscall_trace_enter+0x1cb/0x260 [ 113.842064][ T7802] __ia32_sys_bpf+0x76/0xe0 [ 113.842075][ T7802] __do_fast_syscall_32+0x7c/0x3a0 [ 113.842092][ T7802] do_fast_syscall_32+0x32/0x80 [ 113.842108][ T7802] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 113.842122][ T7802] RIP: 0023:0xf7fd1579 [ 113.842131][ T7802] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 113.842142][ T7802] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 113.842152][ T7802] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000280 [ 113.842159][ T7802] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000 [ 113.842165][ T7802] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 113.842170][ T7802] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 113.842189][ T7802] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 113.842203][ T7802] [ 113.932454][ C1] vkms_vblank_simulate: vblank timer overrun [ 113.939365][ T7796] chnl_net:caif_netlink_parms(): no params data found [ 113.972410][ T7808] i801_smbus 0000:00:1f.3: Illegal SMBus block read size 0 [ 114.078790][ T7796] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.081160][ T7796] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.083627][ T7796] bridge_slave_0: entered allmulticast mode [ 114.090263][ T7796] bridge_slave_0: entered promiscuous mode [ 114.093315][ T7815] netlink: 32 bytes leftover after parsing attributes in process `syz.3.441'. [ 114.096519][ T7796] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.099296][ T7796] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.101749][ T7796] bridge_slave_1: entered allmulticast mode [ 114.109886][ T7796] bridge_slave_1: entered promiscuous mode [ 114.213918][ T7796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 114.226258][ T7796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 114.323892][ T7796] team0: Port device team_slave_0 added [ 114.329242][ T7796] team0: Port device team_slave_1 added [ 114.392423][ T7796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 114.395796][ T7796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 114.405239][ T7796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 114.409506][ T7796] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 114.412442][ T7796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 114.433670][ T7796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 114.500038][ T7796] hsr_slave_0: entered promiscuous mode [ 114.503067][ T7796] hsr_slave_1: entered promiscuous mode [ 114.506158][ T7796] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 114.509226][ T7796] Cannot create hsr debugfs directory [ 114.764225][ T7838] netlink: 8 bytes leftover after parsing attributes in process `syz.3.445'. [ 114.847335][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.920716][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.954700][ T24] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 115.014929][ T61] libceph: connect (1)[c::]:6789 error -101 [ 115.015202][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.016928][ T61] libceph: mon0 (1)[c::]:6789 connect error [ 115.114644][ T24] usb 6-1: Using ep0 maxpacket: 16 [ 115.119544][ T24] usb 6-1: config 1 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 115.122879][ T24] usb 6-1: config 1 interface 0 altsetting 6 endpoint 0x81 has invalid wMaxPacketSize 0 [ 115.127373][ T24] usb 6-1: config 1 interface 0 has no altsetting 0 [ 115.131554][ T12] bridge_slave_1: left allmulticast mode [ 115.133387][ T12] bridge_slave_1: left promiscuous mode [ 115.136428][ T24] usb 6-1: New USB device found, idVendor=172f, idProduct=0038, bcdDevice= 0.40 [ 115.139456][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.141939][ T24] usb 6-1: Product: ч [ 115.143225][ T24] usb 6-1: Manufacturer: ӿ [ 115.145101][ T24] usb 6-1: SerialNumber: 椑☂驁䒉뗲뷷຋밡ӫ㿇硥〥롣㊬馼恘閇枦᤿基޽ﻡ࿑皧답먧 [ 115.145809][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.149874][ T24] usb 6-1: rejected 1 configuration due to insufficient available bus power [ 115.154815][ T24] usb 6-1: no configuration chosen from 1 choice [ 115.160184][ T12] bridge_slave_0: left allmulticast mode [ 115.162703][ T12] bridge_slave_0: left promiscuous mode [ 115.165296][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.276025][ T24] libceph: connect (1)[c::]:6789 error -101 [ 115.278093][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 115.454795][ T3329] vhci_hcd: vhci_device speed not set [ 115.527827][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 115.532701][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 115.546089][ T12] bond0 (unregistering): Released all slaves [ 115.677179][ T7845] ceph: No mds server is up or the cluster is laggy [ 115.844860][ T5970] Bluetooth: hci1: command tx timeout [ 115.860035][ T12] hsr_slave_0: left promiscuous mode [ 115.862800][ T12] hsr_slave_1: left promiscuous mode [ 115.870431][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 115.873516][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 115.878197][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 115.881276][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 115.917280][ T12] veth1_macvtap: left promiscuous mode [ 115.919701][ T12] veth0_macvtap: left promiscuous mode [ 115.922092][ T12] veth1_vlan: left promiscuous mode [ 115.924282][ T12] veth0_vlan: left promiscuous mode [ 115.957587][ T7870] program syz.2.454 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 116.618351][ T12] team0 (unregistering): Port device team_slave_1 removed [ 116.687607][ T12] team0 (unregistering): Port device team_slave_0 removed [ 117.252061][ T7796] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 117.267212][ T7796] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 117.273698][ T7796] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 117.287172][ T7796] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 117.437994][ T7796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 117.451349][ T7796] 8021q: adding VLAN 0 to HW filter on device team0 [ 117.453251][ T7905] syz.3.460 (7905): /proc/7904/oom_adj is deprecated, please use /proc/7904/oom_score_adj instead. [ 117.456966][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.460721][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.480425][ T1138] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.483349][ T1138] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.568990][ T7910] netlink: 'syz.2.458': attribute type 10 has an invalid length. [ 117.731623][ T24] usb 6-1: USB disconnect, device number 4 [ 117.740090][ T7796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.762246][ T7796] veth0_vlan: entered promiscuous mode [ 117.768261][ T7796] veth1_vlan: entered promiscuous mode [ 117.795925][ T7796] veth0_macvtap: entered promiscuous mode [ 117.799686][ T7796] veth1_macvtap: entered promiscuous mode [ 117.809290][ T7796] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 117.815497][ T7796] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 117.819942][ T7796] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.822665][ T7796] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.826053][ T7796] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.828754][ T7796] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.879715][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.883199][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.917694][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.924516][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.924721][ T5970] Bluetooth: hci1: command tx timeout [ 118.839837][ T7955] nr0: entered promiscuous mode [ 118.855218][ T6021] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 118.894871][ T7957] FAULT_INJECTION: forcing a failure. [ 118.894871][ T7957] name failslab, interval 1, probability 0, space 0, times 0 [ 118.898922][ T7957] CPU: 0 UID: 0 PID: 7957 Comm: syz.3.473 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 118.898937][ T7957] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 118.898943][ T7957] Call Trace: [ 118.898948][ T7957] [ 118.898953][ T7957] dump_stack_lvl+0x16c/0x1f0 [ 118.898973][ T7957] should_fail_ex+0x512/0x640 [ 118.898990][ T7957] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 118.899006][ T7957] should_failslab+0xc2/0x120 [ 118.899017][ T7957] __kmalloc_cache_noprof+0x6a/0x3e0 [ 118.899031][ T7957] ? trace_kmalloc+0x2b/0xd0 [ 118.899041][ T7957] ? call_usermodehelper_setup+0xaf/0x360 [ 118.899053][ T7957] ? __pfx_free_modprobe_argv+0x10/0x10 [ 118.899072][ T7957] call_usermodehelper_setup+0xaf/0x360 [ 118.899085][ T7957] __request_module+0x3bd/0x690 [ 118.899102][ T7957] ? __pfx___request_module+0x10/0x10 [ 118.899123][ T7957] ? find_held_lock+0x2b/0x80 [ 118.899135][ T7957] ? rtnl_link_ops_get+0x17b/0x2c0 [ 118.899156][ T7957] ? __pfx_rtnl_newlink+0x10/0x10 [ 118.899171][ T7957] rtnl_newlink+0x1466/0x2000 [ 118.899192][ T7957] ? __pfx_rtnl_newlink+0x10/0x10 [ 118.899207][ T7957] ? kasan_quarantine_put+0x10a/0x240 [ 118.899222][ T7957] ? lockdep_hardirqs_on+0x7c/0x110 [ 118.899240][ T7957] ? kmem_cache_free+0x2d1/0x4d0 [ 118.899255][ T7957] ? kfree_skbmem+0x1a4/0x1f0 [ 118.899273][ T7957] ? rcu_is_watching+0x12/0xc0 [ 118.899286][ T7957] ? trace_cap_capable+0x18d/0x200 [ 118.899300][ T7957] ? find_held_lock+0x2b/0x80 [ 118.899310][ T7957] ? __pfx_rtnl_newlink+0x10/0x10 [ 118.899326][ T7957] ? __pfx_rtnl_newlink+0x10/0x10 [ 118.899400][ T7957] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 118.899417][ T7957] ? __pfx_rtnl_newlink+0x10/0x10 [ 118.899434][ T7957] rtnetlink_rcv_msg+0x95b/0xe90 [ 118.899452][ T7957] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 118.899472][ T7957] ? ref_tracker_free+0x37c/0x830 [ 118.899496][ T7957] netlink_rcv_skb+0x155/0x420 [ 118.899513][ T7957] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 118.899541][ T7957] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 118.899567][ T7957] ? netlink_deliver_tap+0x1ae/0xd30 [ 118.899601][ T7957] netlink_unicast+0x53a/0x7f0 [ 118.899619][ T7957] ? __pfx_netlink_unicast+0x10/0x10 [ 118.899633][ T7957] netlink_sendmsg+0x8d1/0xdd0 [ 118.899647][ T7957] ? __pfx_netlink_sendmsg+0x10/0x10 [ 118.899658][ T7957] ? __import_iovec+0x1dd/0x650 [ 118.899671][ T7957] ____sys_sendmsg+0xa98/0xc70 [ 118.899685][ T7957] ? __pfx_____sys_sendmsg+0x10/0x10 [ 118.899696][ T7957] ? get_compat_msghdr+0x11a/0x170 [ 118.899718][ T7957] ___sys_sendmsg+0x134/0x1d0 [ 118.899735][ T7957] ? __pfx____sys_sendmsg+0x10/0x10 [ 118.899757][ T7957] ? find_held_lock+0x2b/0x80 [ 118.899776][ T7957] __sys_sendmsg+0x16d/0x220 [ 118.899792][ T7957] ? __pfx___sys_sendmsg+0x10/0x10 [ 118.899830][ T7957] ? rcu_is_watching+0x12/0xc0 [ 118.899844][ T7957] __do_fast_syscall_32+0x7c/0x3a0 [ 118.899862][ T7957] do_fast_syscall_32+0x32/0x80 [ 118.899879][ T7957] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 118.899893][ T7957] RIP: 0023:0xf70fe579 [ 118.899902][ T7957] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 118.899912][ T7957] RSP: 002b:00000000f50ee55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 118.899922][ T7957] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000340 [ 118.899929][ T7957] RDX: 0000000000004882 RSI: 0000000000000000 RDI: 0000000000000000 [ 118.899935][ T7957] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 118.899941][ T7957] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 118.899947][ T7957] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 118.899960][ T7957] [ 118.902305][ T7957] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.906270][ T7971] FAULT_INJECTION: forcing a failure. [ 119.906270][ T7971] name failslab, interval 1, probability 0, space 0, times 0 [ 119.911682][ T7971] CPU: 3 UID: 0 PID: 7971 Comm: syz.2.478 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 119.911707][ T7971] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 119.911718][ T7971] Call Trace: [ 119.911725][ T7971] [ 119.911733][ T7971] dump_stack_lvl+0x16c/0x1f0 [ 119.911764][ T7971] should_fail_ex+0x512/0x640 [ 119.911794][ T7971] should_failslab+0xc2/0x120 [ 119.911818][ T7971] __kmalloc_cache_noprof+0x6a/0x3e0 [ 119.911841][ T7971] ? __pfx___might_resched+0x10/0x10 [ 119.911860][ T7971] ? __hw_addr_add_ex+0x3c9/0x7c0 [ 119.911882][ T7971] __hw_addr_add_ex+0x3c9/0x7c0 [ 119.911906][ T7971] ? __pfx___hw_addr_add_ex+0x10/0x10 [ 119.911925][ T7971] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 119.911956][ T7971] ? __pfx_geneve_setup+0x10/0x10 [ 119.911980][ T7971] dev_addr_init+0x161/0x250 [ 119.912002][ T7971] ? __pfx_dev_addr_init+0x10/0x10 [ 119.912033][ T7971] alloc_netdev_mqs+0x3d2/0x1570 [ 119.912063][ T7971] rtnl_create_link+0xc08/0xf90 [ 119.912092][ T7971] rtnl_newlink+0xb69/0x2000 [ 119.912117][ T7971] ? __pfx_rtnl_newlink+0x10/0x10 [ 119.912133][ T7971] ? kasan_quarantine_put+0x10a/0x240 [ 119.912148][ T7971] ? lockdep_hardirqs_on+0x7c/0x110 [ 119.912167][ T7971] ? kfree_skbmem+0x1a4/0x1f0 [ 119.912186][ T7971] ? rcu_is_watching+0x12/0xc0 [ 119.912197][ T7971] ? trace_cap_capable+0x18d/0x200 [ 119.912212][ T7971] ? find_held_lock+0x2b/0x80 [ 119.912222][ T7971] ? __pfx_rtnl_newlink+0x10/0x10 [ 119.912238][ T7971] ? __pfx_rtnl_newlink+0x10/0x10 [ 119.912254][ T7971] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 119.912271][ T7971] ? __pfx_rtnl_newlink+0x10/0x10 [ 119.912288][ T7971] rtnetlink_rcv_msg+0x95b/0xe90 [ 119.912306][ T7971] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 119.912327][ T7971] ? ref_tracker_free+0x37c/0x830 [ 119.912345][ T7971] netlink_rcv_skb+0x155/0x420 [ 119.912357][ T7971] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 119.912375][ T7971] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 119.912391][ T7971] ? netlink_deliver_tap+0x1ae/0xd30 [ 119.912411][ T7971] netlink_unicast+0x53a/0x7f0 [ 119.912424][ T7971] ? __pfx_netlink_unicast+0x10/0x10 [ 119.912439][ T7971] netlink_sendmsg+0x8d1/0xdd0 [ 119.912452][ T7971] ? __pfx_netlink_sendmsg+0x10/0x10 [ 119.912464][ T7971] ? __import_iovec+0x1dd/0x650 [ 119.912477][ T7971] ____sys_sendmsg+0xa98/0xc70 [ 119.912490][ T7971] ? __pfx_____sys_sendmsg+0x10/0x10 [ 119.912501][ T7971] ? get_compat_msghdr+0x11a/0x170 [ 119.912525][ T7971] ___sys_sendmsg+0x134/0x1d0 [ 119.912542][ T7971] ? __pfx____sys_sendmsg+0x10/0x10 [ 119.912566][ T7971] ? find_held_lock+0x2b/0x80 [ 119.912586][ T7971] __sys_sendmsg+0x16d/0x220 [ 119.912602][ T7971] ? __pfx___sys_sendmsg+0x10/0x10 [ 119.912624][ T7971] ? rcu_is_watching+0x12/0xc0 [ 119.912637][ T7971] __do_fast_syscall_32+0x7c/0x3a0 [ 119.912655][ T7971] do_fast_syscall_32+0x32/0x80 [ 119.912671][ T7971] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 119.912685][ T7971] RIP: 0023:0xf7fd1579 [ 119.912693][ T7971] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 119.912704][ T7971] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 119.912714][ T7971] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080 [ 119.912721][ T7971] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 119.912727][ T7971] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 119.912733][ T7971] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 119.912739][ T7971] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 119.912752][ T7971] [ 120.137611][ T54] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.356701][ T5967] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 121.360735][ T5967] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 121.363836][ T5967] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 121.368389][ T5967] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 121.371316][ T5967] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 121.582978][ T7999] chnl_net:caif_netlink_parms(): no params data found [ 121.866903][ T7999] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.869241][ T7999] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.871552][ T7999] bridge_slave_0: entered allmulticast mode [ 121.887602][ T7999] bridge_slave_0: entered promiscuous mode [ 121.899326][ T7999] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.901671][ T7999] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.904012][ T7999] bridge_slave_1: entered allmulticast mode [ 121.918898][ T7999] bridge_slave_1: entered promiscuous mode [ 122.029164][ T7999] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 122.043067][ T7999] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 122.104640][ T7999] team0: Port device team_slave_0 added [ 122.108890][ T7999] team0: Port device team_slave_1 added [ 122.142179][ T7999] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 122.144511][ T7999] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 122.153229][ T7999] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 122.158700][ T7999] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 122.161527][ T7999] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 122.170042][ T7999] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 122.214664][ T6456] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 122.230706][ T7999] hsr_slave_0: entered promiscuous mode [ 122.233872][ T7999] hsr_slave_1: entered promiscuous mode [ 122.242245][ T7999] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 122.244964][ T7999] Cannot create hsr debugfs directory [ 122.264521][ T54] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.285092][ T8018] trusted_key: encrypted_key: master key parameter '' is invalid [ 122.329780][ T54] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.387195][ T6456] usb 8-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 122.390938][ T6456] usb 8-1: config 220 has 1 interface, different from the descriptor's value: 3 [ 122.393917][ T6456] usb 8-1: config 220 interface 0 has no altsetting 0 [ 122.398938][ T6456] usb 8-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 122.401900][ T6456] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.404439][ T6456] usb 8-1: Product: syz [ 122.406889][ T6456] usb 8-1: Manufacturer: syz [ 122.408391][ T6456] usb 8-1: SerialNumber: syz [ 122.475107][ T6021] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 122.488368][ T54] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.627996][ T54] bridge_slave_1: left allmulticast mode [ 122.629827][ T54] bridge_slave_1: left promiscuous mode [ 122.631701][ T54] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.636968][ T54] bridge_slave_0: left allmulticast mode [ 122.638730][ T54] bridge_slave_0: left promiscuous mode [ 122.640507][ T54] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.965079][ T54] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 122.969701][ T54] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 122.974690][ T54] bond0 (unregistering): Released all slaves [ 123.019359][ T6456] usb 8-1: Found UVC 0.00 device syz (8086:0b07) [ 123.021487][ T6456] usb 8-1: No valid video chain found. [ 123.025215][ T6456] usb 8-1: USB disconnect, device number 5 [ 123.349591][ T54] hsr_slave_0: left promiscuous mode [ 123.352213][ T54] hsr_slave_1: left promiscuous mode [ 123.354221][ T54] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 123.358829][ T54] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 123.363083][ T54] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 123.367691][ T54] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 123.403818][ T54] veth1_macvtap: left promiscuous mode [ 123.408663][ T54] veth0_macvtap: left promiscuous mode [ 123.411113][ T54] veth1_vlan: left promiscuous mode [ 123.413399][ T54] veth0_vlan: left promiscuous mode [ 123.445995][ T5967] Bluetooth: hci1: command tx timeout [ 123.765145][ T8063] No buffer was provided with the request [ 123.828652][ T8065] netlink: 4 bytes leftover after parsing attributes in process `syz.3.506'. [ 123.886281][ T8070] FAULT_INJECTION: forcing a failure. [ 123.886281][ T8070] name failslab, interval 1, probability 0, space 0, times 0 [ 123.890329][ T8070] CPU: 2 UID: 0 PID: 8070 Comm: syz.1.507 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 123.890344][ T8070] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 123.890350][ T8070] Call Trace: [ 123.890355][ T8070] [ 123.890359][ T8070] dump_stack_lvl+0x16c/0x1f0 [ 123.890379][ T8070] should_fail_ex+0x512/0x640 [ 123.890395][ T8070] ? __kmalloc_noprof+0xbf/0x510 [ 123.890413][ T8070] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 123.890428][ T8070] should_failslab+0xc2/0x120 [ 123.890438][ T8070] __kmalloc_noprof+0xd2/0x510 [ 123.890454][ T8070] ? __pfx___mutex_trylock_common+0x10/0x10 [ 123.890473][ T8070] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 123.890490][ T8070] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 123.890503][ T8070] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 123.890516][ T8070] ? rcu_is_watching+0x12/0xc0 [ 123.890531][ T8070] ? bpf_lsm_capable+0x9/0x10 [ 123.890545][ T8070] ? security_capable+0x7e/0x260 [ 123.890558][ T8070] genl_rcv_msg+0x55c/0x800 [ 123.890573][ T8070] ? __pfx_genl_rcv_msg+0x10/0x10 [ 123.890585][ T8070] ? __pfx_net_dm_nl_pre_doit+0x10/0x10 [ 123.890601][ T8070] ? __pfx_net_dm_cmd_trace+0x10/0x10 [ 123.890618][ T8070] ? __pfx_net_dm_nl_post_doit+0x10/0x10 [ 123.890636][ T8070] ? __lock_acquire+0x622/0x1c90 [ 123.890652][ T8070] netlink_rcv_skb+0x155/0x420 [ 123.890664][ T8070] ? __pfx_genl_rcv_msg+0x10/0x10 [ 123.890677][ T8070] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 123.890694][ T8070] ? netlink_deliver_tap+0x1ae/0xd30 [ 123.890710][ T8070] ? is_vmalloc_addr+0x86/0xa0 [ 123.890727][ T8070] genl_rcv+0x28/0x40 [ 123.890738][ T8070] netlink_unicast+0x53a/0x7f0 [ 123.890751][ T8070] ? __pfx_netlink_unicast+0x10/0x10 [ 123.890765][ T8070] netlink_sendmsg+0x8d1/0xdd0 [ 123.890778][ T8070] ? __pfx_netlink_sendmsg+0x10/0x10 [ 123.890790][ T8070] ? __import_iovec+0x1dd/0x650 [ 123.890803][ T8070] ____sys_sendmsg+0xa98/0xc70 [ 123.890814][ T8070] ? gfs2_pin+0x444/0x460 [ 123.890827][ T8070] ? __pfx_____sys_sendmsg+0x10/0x10 [ 123.890838][ T8070] ? get_compat_msghdr+0x11a/0x170 [ 123.890865][ T8070] ___sys_sendmsg+0x134/0x1d0 [ 123.890882][ T8070] ? __pfx____sys_sendmsg+0x10/0x10 [ 123.890904][ T8070] ? find_held_lock+0x2b/0x80 [ 123.890924][ T8070] __sys_sendmsg+0x16d/0x220 [ 123.890941][ T8070] ? __pfx___sys_sendmsg+0x10/0x10 [ 123.890976][ T8070] ? rcu_is_watching+0x12/0xc0 [ 123.890999][ T8070] __do_fast_syscall_32+0x7c/0x3a0 [ 123.891028][ T8070] do_fast_syscall_32+0x32/0x80 [ 123.891053][ T8070] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 123.891067][ T8070] RIP: 0023:0xf7f57579 [ 123.891076][ T8070] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 123.891086][ T8070] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 123.891097][ T8070] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800000c0 [ 123.891103][ T8070] RDX: 0000000004040004 RSI: 0000000000000000 RDI: 0000000000000000 [ 123.891110][ T8070] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 123.891115][ T8070] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 123.891121][ T8070] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 123.891134][ T8070] [ 124.063993][ T8077] SET target dimension over the limit! [ 124.079063][ T8077] netlink: 9 bytes leftover after parsing attributes in process `syz.2.509'. [ 124.288847][ T54] team0 (unregistering): Port device team_slave_1 removed [ 124.358672][ T54] team0 (unregistering): Port device team_slave_0 removed [ 124.884187][ T8077] gretap0: entered promiscuous mode [ 124.910987][ T8082] FAULT_INJECTION: forcing a failure. [ 124.910987][ T8082] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 124.915533][ T8082] CPU: 1 UID: 0 PID: 8082 Comm: syz.3.511 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 124.915547][ T8082] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 124.915555][ T8082] Call Trace: [ 124.915558][ T8082] [ 124.915563][ T8082] dump_stack_lvl+0x16c/0x1f0 [ 124.915582][ T8082] should_fail_ex+0x512/0x640 [ 124.915601][ T8082] _copy_to_user+0x32/0xd0 [ 124.915620][ T8082] simple_read_from_buffer+0xcb/0x170 [ 124.915636][ T8082] proc_fail_nth_read+0x197/0x270 [ 124.915650][ T8082] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 124.915663][ T8082] ? rw_verify_area+0xcf/0x680 [ 124.915677][ T8082] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 124.915689][ T8082] vfs_read+0x1e1/0xc60 [ 124.915705][ T8082] ? fdget_pos+0x2a2/0x370 [ 124.915723][ T8082] ? __pfx_vfs_read+0x10/0x10 [ 124.915736][ T8082] ? find_held_lock+0x2b/0x80 [ 124.915752][ T8082] ? __fget_files+0x20e/0x3c0 [ 124.915770][ T8082] ksys_read+0x12a/0x250 [ 124.915785][ T8082] ? __pfx_ksys_read+0x10/0x10 [ 124.915801][ T8082] ? rcu_is_watching+0x12/0xc0 [ 124.915815][ T8082] __do_fast_syscall_32+0x7c/0x3a0 [ 124.915833][ T8082] do_fast_syscall_32+0x32/0x80 [ 124.915849][ T8082] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 124.915868][ T8082] RIP: 0023:0xf70fe579 [ 124.915877][ T8082] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 124.915888][ T8082] RSP: 002b:00000000f50ee590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 124.915899][ T8082] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f50ee620 [ 124.915905][ T8082] RDX: 000000000000000f RSI: 00000000f7463ff4 RDI: 0000000000000000 [ 124.915912][ T8082] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 124.915917][ T8082] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 124.915923][ T8082] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 124.915936][ T8082] [ 124.993004][ C1] vkms_vblank_simulate: vblank timer overrun [ 125.196874][ T7999] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 125.212025][ T7999] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 125.225086][ T7999] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 125.259874][ T7999] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 125.327900][ T8110] netlink: 8 bytes leftover after parsing attributes in process `syz.1.515'. [ 125.331233][ T8110] netlink: 8 bytes leftover after parsing attributes in process `syz.1.515'. [ 125.521639][ T7999] 8021q: adding VLAN 0 to HW filter on device bond0 [ 125.527824][ T5967] Bluetooth: hci1: command tx timeout [ 125.542380][ T7999] 8021q: adding VLAN 0 to HW filter on device team0 [ 125.550926][ T54] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.553044][ T54] bridge0: port 1(bridge_slave_0) entered forwarding state [ 125.559192][ T54] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.561272][ T54] bridge0: port 2(bridge_slave_1) entered forwarding state [ 125.901314][ T7999] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 125.928482][ T7999] veth0_vlan: entered promiscuous mode [ 125.937306][ T7999] veth1_vlan: entered promiscuous mode [ 125.968016][ T7999] veth0_macvtap: entered promiscuous mode [ 125.974043][ T7999] veth1_macvtap: entered promiscuous mode [ 125.993269][ T7999] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 126.003795][ T7999] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 126.013904][ T7999] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.018028][ T7999] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.020726][ T7999] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.034071][ T7999] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.125952][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.128404][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.152223][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.154792][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.298127][ T8120] mkiss: ax0: crc mode is auto. [ 126.305401][ T8120] netlink: 12 bytes leftover after parsing attributes in process `syz.3.516'. [ 126.337166][ T8126] FAULT_INJECTION: forcing a failure. [ 126.337166][ T8126] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 126.341262][ T8126] CPU: 1 UID: 0 PID: 8126 Comm: syz.1.519 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 126.341277][ T8126] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 126.341284][ T8126] Call Trace: [ 126.341288][ T8126] [ 126.341294][ T8126] dump_stack_lvl+0x16c/0x1f0 [ 126.341314][ T8126] should_fail_ex+0x512/0x640 [ 126.341352][ T8126] _copy_to_user+0x32/0xd0 [ 126.341371][ T8126] simple_read_from_buffer+0xcb/0x170 [ 126.341386][ T8126] proc_fail_nth_read+0x197/0x270 [ 126.341400][ T8126] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 126.341413][ T8126] ? rw_verify_area+0xcf/0x680 [ 126.341427][ T8126] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 126.341440][ T8126] vfs_read+0x1e1/0xc60 [ 126.341455][ T8126] ? fdget_pos+0x2a2/0x370 [ 126.341473][ T8126] ? __pfx_vfs_read+0x10/0x10 [ 126.341487][ T8126] ? find_held_lock+0x2b/0x80 [ 126.341502][ T8126] ? __fget_files+0x20e/0x3c0 [ 126.341520][ T8126] ksys_read+0x12a/0x250 [ 126.341535][ T8126] ? __pfx_ksys_read+0x10/0x10 [ 126.341552][ T8126] ? rcu_is_watching+0x12/0xc0 [ 126.341565][ T8126] __do_fast_syscall_32+0x7c/0x3a0 [ 126.341583][ T8126] do_fast_syscall_32+0x32/0x80 [ 126.341600][ T8126] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 126.341614][ T8126] RIP: 0023:0xf7f57579 [ 126.341622][ T8126] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 126.341633][ T8126] RSP: 002b:00000000f5076590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 126.341643][ T8126] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5076620 [ 126.341650][ T8126] RDX: 000000000000000f RSI: 00000000f73e3ff4 RDI: 0000000000000000 [ 126.341656][ T8126] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 126.341662][ T8126] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 126.341668][ T8126] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 126.341681][ T8126] [ 126.405269][ C1] vkms_vblank_simulate: vblank timer overrun [ 126.885551][ T40] kauditd_printk_skb: 9 callbacks suppressed [ 126.885587][ T40] audit: type=1800 audit(1751962460.067:846): pid=8130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.518" name="file0" dev="9p" ino=35913946 res=0 errno=0 [ 126.901525][ T8141] netlink: 4 bytes leftover after parsing attributes in process `syz.3.522'. [ 127.359541][ T8145] tmpfs: Bad value for 'mpol' [ 127.791572][ T8160] FAULT_INJECTION: forcing a failure. [ 127.791572][ T8160] name failslab, interval 1, probability 0, space 0, times 0 [ 127.795930][ T8160] CPU: 0 UID: 0 PID: 8160 Comm: syz.2.530 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 127.795951][ T8160] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 127.795960][ T8160] Call Trace: [ 127.795966][ T8160] [ 127.795973][ T8160] dump_stack_lvl+0x16c/0x1f0 [ 127.796003][ T8160] should_fail_ex+0x512/0x640 [ 127.796026][ T8160] ? __kmalloc_noprof+0xbf/0x510 [ 127.796049][ T8160] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 127.796067][ T8160] should_failslab+0xc2/0x120 [ 127.796082][ T8160] __kmalloc_noprof+0xd2/0x510 [ 127.796107][ T8160] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 127.796138][ T8160] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 127.796157][ T8160] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 127.796177][ T8160] ? trace_cap_capable+0x18d/0x200 [ 127.796196][ T8160] ? bpf_lsm_capable+0x9/0x10 [ 127.796215][ T8160] ? security_capable+0x7e/0x260 [ 127.796231][ T8160] ? ns_capable+0xd7/0x110 [ 127.796249][ T8160] genl_rcv_msg+0x55c/0x800 [ 127.796268][ T8160] ? __pfx_genl_rcv_msg+0x10/0x10 [ 127.796287][ T8160] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 127.796307][ T8160] ? __pfx_nl80211_join_mesh+0x10/0x10 [ 127.796324][ T8160] ? __pfx_nl80211_post_doit+0x10/0x10 [ 127.796352][ T8160] netlink_rcv_skb+0x155/0x420 [ 127.796367][ T8160] ? __pfx_genl_rcv_msg+0x10/0x10 [ 127.796385][ T8160] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 127.796409][ T8160] ? netlink_deliver_tap+0x1ae/0xd30 [ 127.796436][ T8160] genl_rcv+0x28/0x40 [ 127.796450][ T8160] netlink_unicast+0x53a/0x7f0 [ 127.796467][ T8160] ? __pfx_netlink_unicast+0x10/0x10 [ 127.796488][ T8160] netlink_sendmsg+0x8d1/0xdd0 [ 127.796508][ T8160] ? __pfx_netlink_sendmsg+0x10/0x10 [ 127.796524][ T8160] ? __import_iovec+0x1dd/0x650 [ 127.796543][ T8160] ____sys_sendmsg+0xa98/0xc70 [ 127.796563][ T8160] ? __pfx_____sys_sendmsg+0x10/0x10 [ 127.796578][ T8160] ? get_compat_msghdr+0x11a/0x170 [ 127.796610][ T8160] ___sys_sendmsg+0x134/0x1d0 [ 127.796633][ T8160] ? __pfx____sys_sendmsg+0x10/0x10 [ 127.796665][ T8160] ? find_held_lock+0x2b/0x80 [ 127.796701][ T8160] __sys_sendmsg+0x16d/0x220 [ 127.796723][ T8160] ? __pfx___sys_sendmsg+0x10/0x10 [ 127.796754][ T8160] ? rcu_is_watching+0x12/0xc0 [ 127.796773][ T8160] __do_fast_syscall_32+0x7c/0x3a0 [ 127.796805][ T8160] do_fast_syscall_32+0x32/0x80 [ 127.796827][ T8160] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 127.796846][ T8160] RIP: 0023:0xf7fd1579 [ 127.796858][ T8160] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 127.796872][ T8160] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 127.796888][ T8160] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000400 [ 127.796898][ T8160] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 127.796907][ T8160] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 127.796917][ T8160] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 127.796927][ T8160] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 127.796949][ T8160] [ 127.806205][ T53] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 127.844949][ T839] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 127.973503][ T8164] syz.2.532: attempt to access beyond end of device [ 127.973503][ T8164] loop2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 127.978590][ T8164] (syz.2.532,8164,1):ocfs2_get_sector:1714 ERROR: status = -5 [ 127.981027][ T8164] (syz.2.532,8164,1):ocfs2_sb_probe:753 ERROR: status = -5 [ 127.983881][ T8164] (syz.2.532,8164,1):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 127.989362][ T8164] (syz.2.532,8164,1):ocfs2_fill_super:1177 ERROR: status = -5 [ 128.004773][ T53] usb 6-1: Using ep0 maxpacket: 32 [ 128.008639][ T53] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 128.014212][ T53] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 128.017197][ T53] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 128.019819][ T53] usb 6-1: Product: syz [ 128.021199][ T53] usb 6-1: Manufacturer: syz [ 128.022723][ T53] usb 6-1: SerialNumber: syz [ 128.026428][ T53] usb 6-1: config 0 descriptor?? [ 128.028623][ T8156] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 128.075489][ T839] usb 8-1: Using ep0 maxpacket: 8 [ 128.139345][ T839] usb 8-1: unable to get BOS descriptor or descriptor too short [ 128.143949][ T839] usb 8-1: unable to read config index 0 descriptor/start: -71 [ 128.146745][ T839] usb 8-1: can't read configurations, error -71 [ 128.172887][ T1149] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.333617][ T53] usb 6-1: USB disconnect, device number 5 [ 129.085107][ T5967] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 129.206081][ T5970] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 129.210338][ T5970] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 129.214275][ T5970] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 129.218317][ T5970] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 129.221745][ T5970] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 130.418279][ T8176] chnl_net:caif_netlink_parms(): no params data found [ 130.478307][ T8191] netlink: 512 bytes leftover after parsing attributes in process `syz.1.546'. [ 130.490737][ T8191] netlink: 'syz.1.546': attribute type 5 has an invalid length. [ 130.585529][ T8176] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.588661][ T8176] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.591661][ T8176] bridge_slave_0: entered allmulticast mode [ 130.595621][ T8176] bridge_slave_0: entered promiscuous mode [ 130.612158][ T8176] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.614821][ T8176] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.617015][ T8176] bridge_slave_1: entered allmulticast mode [ 130.620004][ T8176] bridge_slave_1: entered promiscuous mode [ 130.673722][ T8176] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 130.680031][ T8176] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 130.713164][ T8202] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 130.721501][ T8202] CIFS mount error: No usable UNC path provided in device string! [ 130.721501][ T8202] [ 130.725215][ T8202] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 130.745598][ T8203] netlink: 4 bytes leftover after parsing attributes in process `syz.2.538'. [ 130.911609][ T8211] netlink: 72 bytes leftover after parsing attributes in process `syz.3.544'. [ 131.020693][ T8176] team0: Port device team_slave_0 added [ 131.038966][ T1149] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.049922][ T8176] team0: Port device team_slave_1 added [ 131.086851][ T8176] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 131.089238][ T8176] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 131.097264][ T8176] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 131.101859][ T8176] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 131.104033][ T8176] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 131.112261][ T8176] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 131.167779][ T1149] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.176739][ T8176] hsr_slave_0: entered promiscuous mode [ 131.179022][ T8176] hsr_slave_1: entered promiscuous mode [ 131.181367][ T8176] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 131.184532][ T8176] Cannot create hsr debugfs directory [ 131.245668][ T1149] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.295051][ T5970] Bluetooth: hci1: command tx timeout [ 131.415666][ T1149] bridge_slave_1: left allmulticast mode [ 131.419131][ T1149] bridge_slave_1: left promiscuous mode [ 131.421650][ T1149] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.455633][ T1149] bridge_slave_0: left allmulticast mode [ 131.457749][ T1149] bridge_slave_0: left promiscuous mode [ 131.459976][ T1149] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.499132][ T8238] netlink: 12 bytes leftover after parsing attributes in process `syz.1.555'. [ 131.584821][ T40] audit: type=1800 audit(1751962464.767:847): pid=8242 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.555" name="/" dev="fuse" ino=0 res=0 errno=0 [ 131.798293][ T1149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 131.802335][ T1149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 131.807173][ T1149] bond0 (unregistering): Released all slaves [ 132.118862][ T8270] binder: 8268:8270 ioctl c0306201 0 returned -14 [ 132.123647][ T8270] binder: 8268:8270 ioctl 4018620d 0 returned -22 [ 132.205025][ T8176] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 132.209301][ T8176] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 132.213323][ T8176] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 132.217794][ T8176] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 132.247635][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.251097][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.261396][ T1149] hsr_slave_0: left promiscuous mode [ 132.263457][ T1149] hsr_slave_1: left promiscuous mode [ 132.266005][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 132.268272][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 132.271431][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 132.273719][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 132.321019][ T1149] veth1_macvtap: left promiscuous mode [ 132.322889][ T1149] veth0_macvtap: left promiscuous mode [ 132.324821][ T1149] veth1_vlan: left promiscuous mode [ 132.326593][ T1149] veth0_vlan: left promiscuous mode [ 132.564819][ T8296] tmpfs: Unknown parameter '' [ 132.965235][ T1149] team0 (unregistering): Port device team_slave_1 removed [ 133.046588][ T1149] team0 (unregistering): Port device team_slave_0 removed [ 133.093747][ T8300] FAULT_INJECTION: forcing a failure. [ 133.093747][ T8300] name failslab, interval 1, probability 0, space 0, times 0 [ 133.098836][ T8300] CPU: 2 UID: 0 PID: 8300 Comm: syz.3.565 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 133.098851][ T8300] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 133.098858][ T8300] Call Trace: [ 133.098861][ T8300] [ 133.098866][ T8300] dump_stack_lvl+0x16c/0x1f0 [ 133.098885][ T8300] should_fail_ex+0x512/0x640 [ 133.098902][ T8300] ? __kmalloc_noprof+0xbf/0x510 [ 133.098919][ T8300] ? ovl_lookup+0x1243/0x21a0 [ 133.098929][ T8300] should_failslab+0xc2/0x120 [ 133.098940][ T8300] __kmalloc_noprof+0xd2/0x510 [ 133.098959][ T8300] ovl_lookup+0x1243/0x21a0 [ 133.098975][ T8300] ? __pfx_ovl_lookup+0x10/0x10 [ 133.098985][ T8300] ? __lock_acquire+0xb8a/0x1c90 [ 133.099007][ T8300] ? do_raw_spin_lock+0x12c/0x2b0 [ 133.099027][ T8300] ? do_raw_spin_unlock+0x172/0x230 [ 133.099058][ T8300] ? _raw_spin_unlock+0x28/0x50 [ 133.099075][ T8300] lookup_one_qstr_excl_raw.part.0+0xec/0x160 [ 133.099087][ T8300] ? lookup_dcache+0x66/0x170 [ 133.099100][ T8300] lookup_one_qstr_excl+0x3e/0x120 [ 133.099112][ T8300] do_renameat2+0x5aa/0xc90 [ 133.099130][ T8300] ? __pfx_do_renameat2+0x10/0x10 [ 133.099146][ T8300] ? find_held_lock+0x2b/0x80 [ 133.099163][ T8300] ? __might_fault+0xe3/0x190 [ 133.099200][ T8300] ? __might_fault+0x13b/0x190 [ 133.099233][ T8300] ? getname_flags.part.0+0x1c5/0x550 [ 133.099248][ T8300] __ia32_sys_renameat2+0xe7/0x130 [ 133.099260][ T8300] __do_fast_syscall_32+0x7c/0x3a0 [ 133.099278][ T8300] do_fast_syscall_32+0x32/0x80 [ 133.099294][ T8300] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 133.099308][ T8300] RIP: 0023:0xf70fe579 [ 133.099316][ T8300] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 133.099327][ T8300] RSP: 002b:00000000f50ee55c EFLAGS: 00000296 ORIG_RAX: 0000000000000161 [ 133.099338][ T8300] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000140 [ 133.099344][ T8300] RDX: 0000000000000004 RSI: 0000000080000980 RDI: 0000000000000000 [ 133.099350][ T8300] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 133.099356][ T8300] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 133.099362][ T8300] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 133.099375][ T8300] [ 133.184823][ C2] hpet: Lost 4 RTC interrupts [ 133.364682][ T5970] Bluetooth: hci1: command tx timeout [ 133.695041][ T8176] 8021q: adding VLAN 0 to HW filter on device bond0 [ 133.708820][ T8176] 8021q: adding VLAN 0 to HW filter on device team0 [ 133.720545][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.722842][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.735169][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.737453][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.766840][ T8176] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 133.785831][ T8316] netlink: 20 bytes leftover after parsing attributes in process `syz.1.571'. [ 133.832174][ T8316] : entered promiscuous mode [ 133.937164][ T8328] netlink: 14 bytes leftover after parsing attributes in process `syz.2.574'. [ 134.026770][ T8328] bond0 (unregistering): left promiscuous mode [ 134.029778][ T8328] bond0 (unregistering): Released all slaves [ 134.046279][ T8176] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 134.079095][ T8176] veth0_vlan: entered promiscuous mode [ 134.082298][ T8335] fuse: Bad value for 'fd' [ 134.083688][ T8176] veth1_vlan: entered promiscuous mode [ 134.100355][ T8176] veth0_macvtap: entered promiscuous mode [ 134.104051][ T8176] veth1_macvtap: entered promiscuous mode [ 134.113661][ T8176] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 134.121860][ T8176] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 134.126044][ T8176] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.128695][ T8176] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.131350][ T8176] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.133978][ T8176] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.141248][ T8337] loop4: detected capacity change from 0 to 7 [ 134.149050][ T8337] Dev loop4: unable to read RDB block 7 [ 134.151990][ T8337] loop4: unable to read partition table [ 134.154288][ T8337] loop4: partition table beyond EOD, truncated [ 134.164504][ T8337] loop_reread_partitions: partition scan of loop4 (被x ) failed (rc=-5) [ 134.173503][ T8337] Dev loop4: unable to read RDB block 7 [ 134.176083][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.176683][ T8337] loop4: unable to read partition table [ 134.179488][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.183784][ T8337] loop4: partition table beyond EOD, truncated [ 134.190479][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.193021][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.856682][ T8371] FAULT_INJECTION: forcing a failure. [ 134.856682][ T8371] name failslab, interval 1, probability 0, space 0, times 0 [ 134.861430][ T8371] CPU: 2 UID: 0 PID: 8371 Comm: syz.3.589 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 134.861444][ T8371] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 134.861451][ T8371] Call Trace: [ 134.861455][ T8371] [ 134.861460][ T8371] dump_stack_lvl+0x16c/0x1f0 [ 134.861484][ T8371] should_fail_ex+0x512/0x640 [ 134.861500][ T8371] ? __kvmalloc_node_noprof+0x124/0x620 [ 134.861517][ T8371] should_failslab+0xc2/0x120 [ 134.861528][ T8371] __kvmalloc_node_noprof+0x137/0x620 [ 134.861543][ T8371] ? bpf_test_init.isra.0+0x9e/0x140 [ 134.861559][ T8371] ? kasan_save_stack+0x42/0x60 [ 134.861574][ T8371] ? kasan_addr_to_slab+0x51/0x80 [ 134.861588][ T8371] ? bpf_test_run_xdp_live+0x16b/0x500 [ 134.861604][ T8371] ? __kasan_kmalloc+0xaa/0xb0 [ 134.861621][ T8371] ? bpf_test_run_xdp_live+0x16b/0x500 [ 134.861636][ T8371] bpf_test_run_xdp_live+0x16b/0x500 [ 134.861654][ T8371] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 134.861675][ T8371] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 134.861703][ T8371] ? _copy_from_user+0x59/0xd0 [ 134.861720][ T8371] ? bpf_test_init.isra.0+0x6b/0x140 [ 134.861737][ T8371] bpf_prog_test_run_xdp+0x824/0x1590 [ 134.861751][ T8371] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 134.861762][ T8371] ? __might_fault+0x50/0x190 [ 134.861780][ T8371] ? fput+0x70/0xf0 [ 134.861790][ T8371] ? __bpf_prog_get+0x97/0x2a0 [ 134.861804][ T8371] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 134.861814][ T8371] __sys_bpf+0x1485/0x4d80 [ 134.861826][ T8371] ? __pfx___sys_bpf+0x10/0x10 [ 134.861835][ T8371] ? ksys_write+0x190/0x250 [ 134.861852][ T8371] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 134.861876][ T8371] ? fput+0x70/0xf0 [ 134.861886][ T8371] ? ksys_write+0x1ac/0x250 [ 134.861900][ T8371] ? __pfx_ksys_write+0x10/0x10 [ 134.861917][ T8371] __ia32_sys_bpf+0x76/0xe0 [ 134.861928][ T8371] __do_fast_syscall_32+0x7c/0x3a0 [ 134.861946][ T8371] do_fast_syscall_32+0x32/0x80 [ 134.861962][ T8371] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 134.861976][ T8371] RIP: 0023:0xf70fe579 [ 134.861985][ T8371] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 134.861996][ T8371] RSP: 002b:00000000f50ee55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 134.862009][ T8371] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000280 [ 134.862019][ T8371] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000 [ 134.862028][ T8371] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 134.862036][ T8371] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 134.862044][ T8371] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 134.862063][ T8371] [ 134.951435][ C2] hpet: Lost 4 RTC interrupts [ 135.142985][ T8381] 9pnet_virtio: no channels available for device [ 136.209028][ T8393] tmpfs: Bad value for 'mpol' [ 136.213543][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.279798][ T8409] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.601'. [ 137.420953][ T5967] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 137.426016][ T5967] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 137.430368][ T5967] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 137.433644][ T5967] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 137.441477][ T5967] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 137.678985][ T8422] tipc: Started in network mode [ 137.680653][ T8422] tipc: Node identity , cluster identity 4711 [ 137.682708][ T8422] tipc: Failed to set node id, please configure manually [ 137.685599][ T8422] tipc: Enabling of bearer rejected, failed to enable media [ 137.823513][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.854305][ T8415] chnl_net:caif_netlink_parms(): no params data found [ 137.944204][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.983705][ T8415] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.986229][ T8415] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.989066][ T8415] bridge_slave_0: entered allmulticast mode [ 137.991989][ T8415] bridge_slave_0: entered promiscuous mode [ 138.003450][ T8415] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.014732][ T8415] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.017239][ T8415] bridge_slave_1: entered allmulticast mode [ 138.019872][ T8415] bridge_slave_1: entered promiscuous mode [ 138.111364][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.129014][ T8415] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 138.135560][ T8415] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 138.180964][ T8415] team0: Port device team_slave_0 added [ 138.187274][ T8415] team0: Port device team_slave_1 added [ 138.331822][ T8415] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 138.333997][ T8415] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 138.354696][ T8415] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 138.366299][ T8415] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 138.368462][ T8415] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 138.394171][ T8415] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 138.522138][ T8415] hsr_slave_0: entered promiscuous mode [ 138.525755][ T8415] hsr_slave_1: entered promiscuous mode [ 138.528974][ T8415] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 138.532883][ T8415] Cannot create hsr debugfs directory [ 138.674834][ T12] bridge_slave_1: left allmulticast mode [ 138.677155][ T12] bridge_slave_1: left promiscuous mode [ 138.679724][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.685432][ T12] bridge_slave_0: left allmulticast mode [ 138.687622][ T12] bridge_slave_0: left promiscuous mode [ 138.690299][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.055332][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 139.069083][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 139.073411][ T12] bond0 (unregistering): Released all slaves [ 139.243158][ T8448] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 139.504813][ T12] hsr_slave_0: left promiscuous mode [ 139.509830][ T12] hsr_slave_1: left promiscuous mode [ 139.512504][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 139.515118][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 139.519287][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 139.521763][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 139.525252][ T5970] Bluetooth: hci1: command tx timeout [ 139.558757][ T12] veth1_macvtap: left promiscuous mode [ 139.560530][ T12] veth0_macvtap: left promiscuous mode [ 139.563599][ T12] veth1_vlan: left promiscuous mode [ 139.565985][ T12] veth0_vlan: left promiscuous mode [ 139.578158][ T8479] vivid-002: ================= START STATUS ================= [ 139.581721][ T8479] vivid-002: RDS Tx I/O Mode: Controls [ 139.585645][ T8479] vivid-002: RDS Program ID: 32904 [ 139.587986][ T8479] vivid-002: RDS Program Type: 3 [ 139.589994][ T8479] vivid-002: RDS PS Name: VIVID-TX [ 139.592040][ T8479] vivid-002: RDS Radio Text: This is a VIVID default Radio Text template text, change at will [ 139.596949][ T8479] vivid-002: RDS Stereo: true [ 139.600046][ T8479] vivid-002: RDS Artificial Head: false [ 139.602306][ T8479] vivid-002: RDS Compressed: false [ 139.604342][ T8479] vivid-002: RDS Dynamic PTY: false [ 139.607040][ T8479] vivid-002: RDS Traffic Announcement: false [ 139.609558][ T8479] vivid-002: RDS Traffic Program: true [ 139.611820][ T8479] vivid-002: RDS Music: true [ 139.613830][ T8479] vivid-002: ================== END STATUS ================== [ 140.258463][ T12] team0 (unregistering): Port device team_slave_1 removed [ 140.347471][ T12] team0 (unregistering): Port device team_slave_0 removed [ 140.613449][ T8491] netlink: 116 bytes leftover after parsing attributes in process `syz.2.614'. [ 141.039233][ T8415] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 141.055051][ T8415] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 141.062855][ T8415] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 141.067544][ T8415] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 141.117790][ T8415] 8021q: adding VLAN 0 to HW filter on device bond0 [ 141.132175][ T8415] 8021q: adding VLAN 0 to HW filter on device team0 [ 141.141088][ T1138] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.143502][ T1138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 141.160346][ T1138] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.162614][ T1138] bridge0: port 2(bridge_slave_1) entered forwarding state [ 141.330389][ T8415] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 141.351509][ T8415] veth0_vlan: entered promiscuous mode [ 141.356460][ T8415] veth1_vlan: entered promiscuous mode [ 141.372234][ T8415] veth0_macvtap: entered promiscuous mode [ 141.384465][ T8415] veth1_macvtap: entered promiscuous mode [ 141.396020][ T8415] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 141.401444][ T8415] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 141.413002][ T8415] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.421650][ T8415] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.424415][ T8415] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.428956][ T8415] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.493050][ T1149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 141.498245][ T1149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 141.524728][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 141.527208][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 141.570675][ T40] audit: type=1804 audit(1751962474.757:848): pid=8533 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.619" name="/newroot/174/file0/file0" dev="9p" ino=35913946 res=1 errno=0 [ 141.604793][ T5967] Bluetooth: hci1: command tx timeout [ 141.755008][ T8527] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 141.861483][ T8527] netlink: 8 bytes leftover after parsing attributes in process `syz.2.621'. [ 142.437604][ T8535] syz.2.621 (8535) used greatest stack depth: 19624 bytes left [ 143.293975][ T8563] netlink: 4 bytes leftover after parsing attributes in process `syz.2.631'. [ 143.306399][ T8565] FAULT_INJECTION: forcing a failure. [ 143.306399][ T8565] name failslab, interval 1, probability 0, space 0, times 0 [ 143.311079][ T8565] CPU: 3 UID: 0 PID: 8565 Comm: syz.3.632 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 143.311101][ T8565] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 143.311112][ T8565] Call Trace: [ 143.311119][ T8565] [ 143.311127][ T8565] dump_stack_lvl+0x16c/0x1f0 [ 143.311176][ T8565] should_fail_ex+0x512/0x640 [ 143.311211][ T8565] should_failslab+0xc2/0x120 [ 143.311229][ T8565] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 143.311254][ T8565] ? sctp_bind_addrs_to_raw+0x2c7/0x3e0 [ 143.311279][ T8565] ? sctp_chunkify+0x51/0x2d0 [ 143.311306][ T8565] sctp_chunkify+0x51/0x2d0 [ 143.311329][ T8565] _sctp_make_chunk+0x148/0x270 [ 143.311360][ T8565] sctp_make_control+0x2f/0x2d0 [ 143.311383][ T8565] sctp_make_init+0x6f0/0xdc0 [ 143.311414][ T8565] ? __pfx_sctp_make_init+0x10/0x10 [ 143.311440][ T8565] ? kernel_text_address+0x8d/0x100 [ 143.311468][ T8565] ? unwind_get_return_address+0x59/0xa0 [ 143.311496][ T8565] ? arch_stack_walk+0xa6/0x100 [ 143.311516][ T8565] ? sctp_sm_lookup_event+0x15b/0x570 [ 143.311540][ T8565] ? __pfx_sctp_sm_lookup_event+0x10/0x10 [ 143.311569][ T8565] sctp_sf_do_prm_asoc+0xbf/0x360 [ 143.311590][ T8565] ? __pfx_sctp_pname+0x10/0x10 [ 143.311612][ T8565] sctp_do_sm+0x17e/0x5c80 [ 143.311640][ T8565] ? kasan_save_stack+0x42/0x60 [ 143.311664][ T8565] ? kasan_save_stack+0x33/0x60 [ 143.311686][ T8565] ? kasan_save_track+0x14/0x30 [ 143.311711][ T8565] ? __pfx_sctp_do_sm+0x10/0x10 [ 143.311731][ T8565] ? sctp_sendmsg+0xef5/0x1ee0 [ 143.311748][ T8565] ? __sys_sendto+0x43c/0x520 [ 143.311768][ T8565] ? __ia32_sys_sendto+0xdd/0x1b0 [ 143.311790][ T8565] ? __do_fast_syscall_32+0x7c/0x3a0 [ 143.311815][ T8565] ? do_fast_syscall_32+0x32/0x80 [ 143.311837][ T8565] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 143.311886][ T8565] ? sk_leave_memory_pressure+0xdd/0x130 [ 143.311906][ T8565] ? __sk_mem_raise_allocated+0x94d/0x1670 [ 143.311940][ T8565] sctp_primitive_ASSOCIATE+0x9c/0xd0 [ 143.311965][ T8565] sctp_sendmsg_to_asoc+0xa45/0x1bf0 [ 143.311982][ T8565] ? sctp_assoc_set_primary+0x177/0x300 [ 143.312010][ T8565] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 143.312031][ T8565] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 143.312052][ T8565] ? sctp_endpoint_lookup_assoc+0x15c/0x2a0 [ 143.312079][ T8565] sctp_sendmsg+0xef5/0x1ee0 [ 143.312108][ T8565] ? __pfx_sctp_sendmsg+0x10/0x10 [ 143.312131][ T8565] ? __pfx___might_resched+0x10/0x10 [ 143.312159][ T8565] ? __might_fault+0xe3/0x190 [ 143.312185][ T8565] ? __pfx_aa_sk_perm+0x10/0x10 [ 143.312210][ T8565] ? __pfx_sctp_sendmsg+0x10/0x10 [ 143.312231][ T8565] inet_sendmsg+0x11c/0x140 [ 143.312256][ T8565] __sys_sendto+0x43c/0x520 [ 143.312279][ T8565] ? __pfx___sys_sendto+0x10/0x10 [ 143.312324][ T8565] ? ksys_write+0x1ac/0x250 [ 143.312349][ T8565] ? __pfx_ksys_write+0x10/0x10 [ 143.312379][ T8565] __ia32_sys_sendto+0xdd/0x1b0 [ 143.312401][ T8565] ? lockdep_hardirqs_on+0x7c/0x110 [ 143.312423][ T8565] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 143.312448][ T8565] __do_fast_syscall_32+0x7c/0x3a0 [ 143.312475][ T8565] do_fast_syscall_32+0x32/0x80 [ 143.312501][ T8565] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 143.312521][ T8565] RIP: 0023:0xf70fe579 [ 143.312535][ T8565] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 143.312551][ T8565] RSP: 002b:00000000f50ee55c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 143.312568][ T8565] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100 [ 143.312579][ T8565] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000000008005ffe4 [ 143.312589][ T8565] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000 [ 143.312599][ T8565] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 143.312608][ T8565] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 143.312632][ T8565] [ 143.407648][ T8567] netlink: 292 bytes leftover after parsing attributes in process `syz.2.631'. [ 143.470186][ T40] audit: type=1804 audit(1751962476.657:849): pid=8563 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.631" name="/newroot/181/file0" dev="tmpfs" ino=985 res=1 errno=0 [ 143.556693][ T8573] netlink: 'syz.2.634': attribute type 5 has an invalid length. [ 143.755983][ T8581] mac80211_hwsim hwsim7 wlan0: entered promiscuous mode [ 143.765119][ T5967] Bluetooth: hci2: command 0x0406 tx timeout [ 143.977918][ T8589] atomic_op ffff88804ae6a198 conn xmit_atomic 0000000000000000 [ 144.057148][ T8595] netlink: 'syz.3.642': attribute type 20 has an invalid length. [ 144.198067][ T8601] CIFS mount error: No usable UNC path provided in device string! [ 144.198067][ T8601] [ 144.202335][ T8601] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 144.206613][ T8601] netlink: 12 bytes leftover after parsing attributes in process `syz.2.645'. [ 144.269933][ T8604] 9p: Unknown Cache mode or invalid value fscach [ 144.408485][ T8610] netlink: 8 bytes leftover after parsing attributes in process `syz.2.648'. [ 144.412454][ T8610] program syz.2.648 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 144.415692][ T8610] ata1.00: invalid service action 2 [ 144.420573][ T8610] netlink: 32 bytes leftover after parsing attributes in process `syz.2.648'. [ 144.549344][ T8621] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 144.551890][ T8621] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 144.640662][ T8623] FAULT_INJECTION: forcing a failure. [ 144.640662][ T8623] name failslab, interval 1, probability 0, space 0, times 0 [ 144.644733][ T8623] CPU: 3 UID: 0 PID: 8623 Comm: syz.1.653 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 144.644748][ T8623] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 144.644754][ T8623] Call Trace: [ 144.644758][ T8623] [ 144.644762][ T8623] dump_stack_lvl+0x16c/0x1f0 [ 144.644782][ T8623] should_fail_ex+0x512/0x640 [ 144.644797][ T8623] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 144.644816][ T8623] should_failslab+0xc2/0x120 [ 144.644826][ T8623] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 144.644842][ T8623] ? __alloc_skb+0x2b2/0x380 [ 144.644858][ T8623] ? bpf_lsm_capable+0x9/0x10 [ 144.644874][ T8623] __alloc_skb+0x2b2/0x380 [ 144.644889][ T8623] ? __pfx___alloc_skb+0x10/0x10 [ 144.644903][ T8623] ? genl_rcv_msg+0x4f0/0x800 [ 144.644915][ T8623] ? genl_rcv_msg+0x4bb/0x800 [ 144.644931][ T8623] netlink_ack+0x15d/0xb80 [ 144.644946][ T8623] netlink_rcv_skb+0x332/0x420 [ 144.644957][ T8623] ? __pfx_genl_rcv_msg+0x10/0x10 [ 144.644970][ T8623] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 144.644986][ T8623] ? netlink_deliver_tap+0x1ae/0xd30 [ 144.645006][ T8623] genl_rcv+0x28/0x40 [ 144.645017][ T8623] netlink_unicast+0x53a/0x7f0 [ 144.645029][ T8623] ? __pfx_netlink_unicast+0x10/0x10 [ 144.645043][ T8623] netlink_sendmsg+0x8d1/0xdd0 [ 144.645056][ T8623] ? __pfx_netlink_sendmsg+0x10/0x10 [ 144.645068][ T8623] ? __import_iovec+0x1dd/0x650 [ 144.645081][ T8623] ____sys_sendmsg+0xa98/0xc70 [ 144.645095][ T8623] ? __pfx_____sys_sendmsg+0x10/0x10 [ 144.645106][ T8623] ? get_compat_msghdr+0x11a/0x170 [ 144.645128][ T8623] ___sys_sendmsg+0x134/0x1d0 [ 144.645145][ T8623] ? __pfx____sys_sendmsg+0x10/0x10 [ 144.645185][ T8623] ? find_held_lock+0x2b/0x80 [ 144.645207][ T8623] __sys_sendmsg+0x16d/0x220 [ 144.645223][ T8623] ? __pfx___sys_sendmsg+0x10/0x10 [ 144.645245][ T8623] ? rcu_is_watching+0x12/0xc0 [ 144.645258][ T8623] __do_fast_syscall_32+0x7c/0x3a0 [ 144.645276][ T8623] do_fast_syscall_32+0x32/0x80 [ 144.645292][ T8623] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 144.645306][ T8623] RIP: 0023:0xf7f57579 [ 144.645315][ T8623] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 144.645325][ T8623] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 144.645335][ T8623] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000400 [ 144.645342][ T8623] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 144.645348][ T8623] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 144.645354][ T8623] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 144.645360][ T8623] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 144.645376][ T8623] [ 145.478641][ T5967] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 145.775111][ T6021] e1000 0000:00:06.0 eth0: Reset adapter [ 145.835290][ T8659] ALSA: mixer_oss: invalid OSS volume '' [ 145.844664][ T5967] Bluetooth: hci2: command 0x0406 tx timeout [ 145.914918][ T6021] e1000 0000:00:06.0 eth0: Reset adapter [ 146.064340][ T8674] mkiss: ax0: crc mode is auto. [ 148.085771][ T6021] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 157.818288][ T40] audit: type=1326 audit(1751962491.007:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8715 comm="syz.1.670" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f57579 code=0x0 [ 158.114853][ T6456] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 158.265408][ T6456] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 158.269128][ T6456] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 158.271897][ T6456] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 158.275278][ T6456] usb 6-1: config 0 interface 0 has no altsetting 0 [ 158.278074][ T6456] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 158.280816][ T6456] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 158.284526][ T6456] usb 6-1: config 0 interface 0 has no altsetting 0 [ 158.287475][ T6456] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 158.290227][ T6456] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 158.293550][ T6456] usb 6-1: config 0 interface 0 has no altsetting 0 [ 158.296747][ T6456] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 158.299541][ T6456] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 158.302847][ T6456] usb 6-1: config 0 interface 0 has no altsetting 0 [ 158.305757][ T6456] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 158.308366][ T6456] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 158.311668][ T6456] usb 6-1: config 0 interface 0 has no altsetting 0 [ 158.314635][ T6456] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 158.317474][ T6456] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 158.320789][ T6456] usb 6-1: config 0 interface 0 has no altsetting 0 [ 158.323590][ T6456] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 158.326484][ T6456] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 158.329830][ T6456] usb 6-1: config 0 interface 0 has no altsetting 0 [ 158.332579][ T6456] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 158.335940][ T6456] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 158.339288][ T6456] usb 6-1: config 0 interface 0 has no altsetting 0 [ 158.342815][ T6456] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 158.345912][ T6456] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 158.348521][ T6456] usb 6-1: Product: syz [ 158.349845][ T6456] usb 6-1: Manufacturer: syz [ 158.351295][ T6456] usb 6-1: SerialNumber: syz [ 158.354019][ T6456] usb 6-1: config 0 descriptor?? [ 158.360103][ T6456] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 158.669427][ C3] usb 6-1: yurex_control_callback - control failed: -71 [ 158.673476][ T6456] usb 6-1: USB disconnect, device number 6 [ 158.678726][ T6456] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 161.729623][ T8725] netlink: 4 bytes leftover after parsing attributes in process `syz.1.671'. [ 161.838462][ T8732] netlink: 'syz.3.673': attribute type 10 has an invalid length. [ 161.877117][ T8732] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 161.886280][ T8732] batadv0: entered promiscuous mode [ 161.890885][ T8732] batadv0: entered allmulticast mode [ 161.909738][ T8732] .: (slave batadv0): Enslaving as an active interface with an up link [ 161.915601][ T8736] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 161.919138][ T8736] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 162.794726][ T8736] .: (slave batadv0): Releasing backup interface [ 162.797822][ T8736] batadv0 (unregistering): left promiscuous mode [ 162.799930][ T8736] batadv0 (unregistering): left allmulticast mode [ 163.572428][ T8755] 9pnet_fd: Insufficient options for proto=fd [ 164.484942][ T8773] input: syz1 as /devices/virtual/input/input10 [ 164.509724][ T8773] netlink: 'syz.2.684': attribute type 9 has an invalid length. [ 164.512148][ T8773] netlink: 8 bytes leftover after parsing attributes in process `syz.2.684'. [ 164.517896][ T8773] hsr0: entered promiscuous mode [ 164.520057][ T8773] macvlan0: entered promiscuous mode [ 164.521849][ T8773] macvlan0: entered allmulticast mode [ 164.523586][ T8773] hsr0: entered allmulticast mode [ 164.526094][ T8773] hsr_slave_0: entered allmulticast mode [ 164.531323][ T8773] hsr_slave_1: entered allmulticast mode [ 164.765395][ T8780] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(19) [ 164.767431][ T8780] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 164.770414][ T8780] vhci_hcd vhci_hcd.0: Device attached [ 164.773805][ T8780] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(21) [ 164.775865][ T8780] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 164.780348][ T8780] vhci_hcd vhci_hcd.0: Device attached [ 164.783549][ T8780] vhci_hcd vhci_hcd.0: pdev(2) rhport(2) sockfd(23) [ 164.785635][ T8780] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 164.789550][ T8780] vhci_hcd vhci_hcd.0: Device attached [ 164.792849][ T8780] vhci_hcd vhci_hcd.0: pdev(2) rhport(3) sockfd(25) [ 164.794992][ T8780] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 164.797564][ T8780] vhci_hcd vhci_hcd.0: Device attached [ 164.801476][ T8780] vhci_hcd vhci_hcd.0: pdev(2) rhport(4) sockfd(27) [ 164.803593][ T8780] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 164.806828][ T8780] vhci_hcd vhci_hcd.0: Device attached [ 164.809971][ T8780] vhci_hcd vhci_hcd.0: pdev(2) rhport(5) sockfd(29) [ 164.812225][ T8780] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 164.815181][ T8780] vhci_hcd vhci_hcd.0: Device attached [ 164.817530][ T8780] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 164.823803][ T8780] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(33) [ 164.826000][ T8780] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 164.828806][ T8780] vhci_hcd vhci_hcd.0: Device attached [ 164.837445][ T8792] vhci_hcd: connection closed [ 164.837607][ T8788] vhci_hcd: connection closed [ 164.837994][ T8784] vhci_hcd: connection closed [ 164.838193][ T8786] vhci_hcd: connection closed [ 164.838339][ T8782] vhci_hcd: connection closed [ 164.839702][ T8790] vhci_hcd: connection closed [ 164.846244][ T1139] vhci_hcd: stop threads [ 164.850717][ T1139] vhci_hcd: release socket [ 164.852332][ T1139] vhci_hcd: disconnect device [ 164.855076][ T1139] vhci_hcd: stop threads [ 164.857242][ T1139] vhci_hcd: release socket [ 164.858997][ T1139] vhci_hcd: disconnect device [ 164.860900][ T1139] vhci_hcd: stop threads [ 164.862369][ T1139] vhci_hcd: release socket [ 164.863877][ T1139] vhci_hcd: disconnect device [ 164.866592][ T1139] vhci_hcd: stop threads [ 164.868002][ T1139] vhci_hcd: release socket [ 164.869469][ T1139] vhci_hcd: disconnect device [ 164.871113][ T1139] vhci_hcd: stop threads [ 164.872527][ T1139] vhci_hcd: release socket [ 164.873979][ T1139] vhci_hcd: disconnect device [ 164.877051][ T1139] vhci_hcd: stop threads [ 164.878519][ T1139] vhci_hcd: release socket [ 164.880046][ T1139] vhci_hcd: disconnect device [ 165.018581][ T8799] binder: 8798:8799 ioctl c0306201 80000240 returned -11 [ 165.105551][ T6097] usb 42-1: SetAddress Request (2) to port 0 [ 165.111629][ T6097] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd [ 165.191885][ T839] libceph: connect (1)[c::]:6789 error -101 [ 165.194198][ T839] libceph: mon0 (1)[c::]:6789 connect error [ 165.367356][ T8794] vhci_hcd: connection reset by peer [ 165.374615][ T1249] vhci_hcd: stop threads [ 165.376113][ T1249] vhci_hcd: release socket [ 165.377594][ T1249] vhci_hcd: disconnect device [ 165.410800][ T8809] binder: Binderfs stats mode cannot be changed during a remount [ 165.413888][ T8809] kvm: Disabled LAPIC found during irq injection [ 165.454862][ T839] libceph: connect (1)[c::]:6789 error -101 [ 165.456912][ T839] libceph: mon0 (1)[c::]:6789 connect error [ 166.022435][ T8801] ceph: No mds server is up or the cluster is laggy [ 166.094874][ T839] libceph: connect (1)[c::]:6789 error -101 [ 166.096842][ T839] libceph: mon0 (1)[c::]:6789 connect error [ 166.724720][ T5967] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 167.134683][ T5389] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 167.315909][ T5389] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 167.320443][ T5389] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 167.324916][ T5389] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 167.328751][ T5389] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 167.333642][ T5389] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 167.337240][ T5389] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.341511][ T5389] usb 7-1: config 0 descriptor?? [ 167.783817][ T5389] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 167.904075][ T8866] netlink: 12 bytes leftover after parsing attributes in process `syz.1.704'. [ 167.919882][ T8866] netlink: 5376 bytes leftover after parsing attributes in process `syz.1.704'. [ 168.344666][ T6024] usb 8-1: new low-speed USB device number 8 using dummy_hcd [ 168.484765][ T6024] usb 8-1: device descriptor read/64, error -71 [ 168.744689][ T6024] usb 8-1: new low-speed USB device number 9 using dummy_hcd [ 168.874652][ T6024] usb 8-1: device descriptor read/64, error -71 [ 168.984847][ T6024] usb usb8-port1: attempt power cycle [ 169.324682][ T6024] usb 8-1: new low-speed USB device number 10 using dummy_hcd [ 169.345367][ T6024] usb 8-1: device descriptor read/8, error -71 [ 169.594698][ T6024] usb 8-1: new low-speed USB device number 11 using dummy_hcd [ 169.615329][ T6024] usb 8-1: device descriptor read/8, error -71 [ 169.734748][ T6024] usb usb8-port1: unable to enumerate USB device [ 170.189204][ T6456] usb 7-1: USB disconnect, device number 14 [ 170.244684][ T6097] usb 42-1: device descriptor read/8, error -110 [ 170.555553][ T8890] netlink: 116 bytes leftover after parsing attributes in process `syz.1.711'. [ 170.647275][ T6097] usb usb42-port1: attempt power cycle [ 171.277218][ T6097] usb usb42-port1: unable to enumerate USB device [ 172.031827][ T8913] binder: 8912:8913 ioctl c0306201 0 returned -14 [ 172.101947][ T8914] netlink: 4 bytes leftover after parsing attributes in process `syz.1.714'. [ 172.976729][ T8932] netlink: 71 bytes leftover after parsing attributes in process `syz.3.721'. [ 173.085659][ T8935] FAULT_INJECTION: forcing a failure. [ 173.085659][ T8935] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 173.089717][ T8935] CPU: 3 UID: 0 PID: 8935 Comm: syz.2.722 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 173.089731][ T8935] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 173.089739][ T8935] Call Trace: [ 173.089743][ T8935] [ 173.089748][ T8935] dump_stack_lvl+0x16c/0x1f0 [ 173.089768][ T8935] should_fail_ex+0x512/0x640 [ 173.089786][ T8935] _copy_to_user+0x32/0xd0 [ 173.089805][ T8935] simple_read_from_buffer+0xcb/0x170 [ 173.089820][ T8935] proc_fail_nth_read+0x197/0x270 [ 173.089834][ T8935] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 173.089847][ T8935] ? rw_verify_area+0xcf/0x680 [ 173.089861][ T8935] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 173.089873][ T8935] vfs_read+0x1e1/0xc60 [ 173.089889][ T8935] ? fdget_pos+0x2a2/0x370 [ 173.089906][ T8935] ? __pfx_vfs_read+0x10/0x10 [ 173.089919][ T8935] ? find_held_lock+0x2b/0x80 [ 173.089934][ T8935] ? __fget_files+0x20e/0x3c0 [ 173.089953][ T8935] ksys_read+0x12a/0x250 [ 173.089968][ T8935] ? __pfx_ksys_read+0x10/0x10 [ 173.089984][ T8935] ? rcu_is_watching+0x12/0xc0 [ 173.089997][ T8935] __do_fast_syscall_32+0x7c/0x3a0 [ 173.090015][ T8935] do_fast_syscall_32+0x32/0x80 [ 173.090032][ T8935] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 173.090045][ T8935] RIP: 0023:0xf7fd1579 [ 173.090053][ T8935] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 173.090064][ T8935] RSP: 002b:00000000f50f6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 173.090074][ T8935] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f50f6620 [ 173.090081][ T8935] RDX: 000000000000000f RSI: 00000000f7463ff4 RDI: 0000000000000000 [ 173.090087][ T8935] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 173.090093][ T8935] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 173.090099][ T8935] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 173.090112][ T8935] [ 174.054932][ T8952] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 174.357754][ T8959] netlink: 4 bytes leftover after parsing attributes in process `syz.2.729'. [ 175.455574][ T8983] tmpfs: Bad value for 'mpol' [ 175.502168][ T8985] binder: 8984:8985 ioctl c0306201 80000080 returned -22 [ 175.506505][ T8985] binder: 8984:8985 ioctl 8933 80000a00 returned -22 [ 175.956375][ T9000] tipc: Enabled bearer , priority 0 [ 175.959975][ T9000] syzkaller0: entered promiscuous mode [ 175.961885][ T9000] syzkaller0: entered allmulticast mode [ 175.979078][ T9000] syzkaller0: MTU too low for tipc bearer [ 175.980801][ T9000] tipc: Disabling bearer [ 176.142042][ T9003] FAULT_INJECTION: forcing a failure. [ 176.142042][ T9003] name failslab, interval 1, probability 0, space 0, times 0 [ 176.148333][ T9003] CPU: 3 UID: 0 PID: 9003 Comm: syz.2.741 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 176.148370][ T9003] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 176.148382][ T9003] Call Trace: [ 176.148389][ T9003] [ 176.148396][ T9003] dump_stack_lvl+0x16c/0x1f0 [ 176.148429][ T9003] should_fail_ex+0x512/0x640 [ 176.148453][ T9003] ? __kmalloc_noprof+0xbf/0x510 [ 176.148480][ T9003] ? __d_alloc+0x640/0xaa0 [ 176.148505][ T9003] should_failslab+0xc2/0x120 [ 176.148522][ T9003] __kmalloc_noprof+0xd2/0x510 [ 176.148547][ T9003] ? __d_alloc+0x31/0xaa0 [ 176.148576][ T9003] __d_alloc+0x640/0xaa0 [ 176.148605][ T9003] d_alloc+0x4a/0x1e0 [ 176.148633][ T9003] d_alloc_parallel+0xe3/0x12e0 [ 176.148656][ T9003] ? bpf_ksym_find+0x124/0x1c0 [ 176.148674][ T9003] ? look_up_lock_class+0x59/0x150 [ 176.148699][ T9003] ? register_lock_class+0x41/0x4c0 [ 176.148722][ T9003] ? map_id_range_up+0x2ce/0x3b0 [ 176.148748][ T9003] ? __pfx_d_alloc_parallel+0x10/0x10 [ 176.148770][ T9003] ? lockdep_init_map_type+0x5c/0x280 [ 176.148795][ T9003] ? lockdep_init_map_type+0x5c/0x280 [ 176.148824][ T9003] __lookup_slow+0x193/0x460 [ 176.148844][ T9003] ? __pfx___lookup_slow+0x10/0x10 [ 176.148888][ T9003] ? pcpu_balance_workfn+0xc60/0xe00 [ 176.148924][ T9003] ? pcpu_balance_workfn+0xc60/0xe00 [ 176.148948][ T9003] ? d_lookup+0xe7/0x190 [ 176.148974][ T9003] lookup_one_unlocked+0xd4/0x120 [ 176.148997][ T9003] ovl_lookup_single+0x214/0xfc0 [ 176.149024][ T9003] ? __pfx_ovl_lookup_single+0x10/0x10 [ 176.149052][ T9003] ovl_lookup_layer+0x3d4/0x480 [ 176.149075][ T9003] ? __pfx_ovl_lookup_layer+0x10/0x10 [ 176.149091][ T9003] ? trace_kmalloc+0x2b/0xd0 [ 176.149118][ T9003] ovl_lookup+0x13f9/0x21a0 [ 176.149148][ T9003] ? __pfx_ovl_lookup+0x10/0x10 [ 176.149165][ T9003] ? __lock_acquire+0xb8a/0x1c90 [ 176.149203][ T9003] ? do_raw_spin_lock+0x12c/0x2b0 [ 176.149237][ T9003] ? do_raw_spin_unlock+0x172/0x230 [ 176.149264][ T9003] ? _raw_spin_unlock+0x28/0x50 [ 176.149291][ T9003] lookup_one_qstr_excl_raw.part.0+0xec/0x160 [ 176.149310][ T9003] ? lookup_dcache+0x66/0x170 [ 176.149334][ T9003] lookup_one_qstr_excl+0x3e/0x120 [ 176.149355][ T9003] do_renameat2+0x5aa/0xc90 [ 176.149379][ T9003] ? __pfx_do_renameat2+0x10/0x10 [ 176.149397][ T9003] ? find_held_lock+0x2b/0x80 [ 176.149414][ T9003] ? __might_fault+0xe3/0x190 [ 176.149439][ T9003] ? __might_fault+0x13b/0x190 [ 176.149477][ T9003] ? getname_flags.part.0+0x1c5/0x550 [ 176.149502][ T9003] __ia32_sys_renameat2+0xe7/0x130 [ 176.149521][ T9003] __do_fast_syscall_32+0x7c/0x3a0 [ 176.149550][ T9003] do_fast_syscall_32+0x32/0x80 [ 176.149577][ T9003] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 176.149598][ T9003] RIP: 0023:0xf7fd1579 [ 176.149613][ T9003] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 176.149630][ T9003] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000161 [ 176.149647][ T9003] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000140 [ 176.149658][ T9003] RDX: 0000000000000004 RSI: 0000000080000980 RDI: 0000000000000000 [ 176.149668][ T9003] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 176.149678][ T9003] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 176.149688][ T9003] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 176.149712][ T9003] [ 176.284055][ T5967] Bluetooth: hci2: unexpected event for opcode 0x2012 [ 176.363689][ T9013] input: syz0 as /devices/virtual/input/input12 [ 176.474220][ T9020] netlink: 16 bytes leftover after parsing attributes in process `syz.1.749'. [ 177.586810][ T9036] loop8: detected capacity change from 0 to 7 [ 177.592724][ T9036] Dev loop8: unable to read RDB block 7 [ 177.595342][ T9036] loop8: AHDI p1 p2 p3 [ 177.596680][ T9036] loop8: partition table partially beyond EOD, truncated [ 177.598965][ T9036] loop8: p1 start 1601398130 is beyond EOD, truncated [ 177.601261][ T9036] loop8: p2 start 1702059890 is beyond EOD, truncated [ 177.656194][ T9036] Dev loop8: unable to read RDB block 7 [ 177.657950][ T9036] loop8: AHDI p1 p2 p3 [ 177.659279][ T9036] loop8: partition table partially beyond EOD, truncated [ 177.661554][ T9036] loop8: p1 start 1601398130 is beyond EOD, truncated [ 177.663693][ T9036] loop8: p2 start 1702059890 is beyond EOD, truncated [ 177.688190][ T9040] netlink: 2020 bytes leftover after parsing attributes in process `syz.3.754'. [ 177.691468][ T9040] netlink: 24 bytes leftover after parsing attributes in process `syz.3.754'. [ 178.518123][ T9065] netlink: 8 bytes leftover after parsing attributes in process `syz.3.761'. [ 178.520861][ T9065] netlink: 4 bytes leftover after parsing attributes in process `syz.3.761'. [ 178.524031][ T9065] netlink: 'syz.3.761': attribute type 12 has an invalid length. [ 178.526663][ T9065] netlink: 'syz.3.761': attribute type 11 has an invalid length. [ 178.779699][ T9068] tmpfs: Unknown parameter 'usrquota_inode_hardL [ 178.779699][ T9068] Dja' [ 179.317482][ T9080] netlink: 192 bytes leftover after parsing attributes in process `syz.2.765'. [ 180.000822][ T9093] sctp: [Deprecated]: syz.3.769 (pid 9093) Use of struct sctp_assoc_value in delayed_ack socket option. [ 180.000822][ T9093] Use struct sctp_sack_info instead [ 180.057503][ T9097] tipc: Started in network mode [ 180.060674][ T9097] tipc: Node identity d2da47211f5d, cluster identity 4711 [ 180.063021][ T9097] tipc: Enabled bearer , priority 0 [ 180.066033][ T9097] syzkaller0: entered promiscuous mode [ 180.067875][ T9097] syzkaller0: entered allmulticast mode [ 180.327822][ T9100] netlink: 116 bytes leftover after parsing attributes in process `syz.1.771'. [ 180.401665][ T9102] IPVS: set_ctl: invalid protocol: 12 172.20.20.14:20002 [ 180.468769][ T9111] netlink: 72 bytes leftover after parsing attributes in process `syz.1.774'. [ 180.782581][ T9095] tipc: Resetting bearer [ 180.796472][ T9095] tipc: Disabling bearer [ 181.047813][ T9120] netlink: 116 bytes leftover after parsing attributes in process `syz.3.777'. [ 181.290255][ T9134] netlink: 116 bytes leftover after parsing attributes in process `syz.3.781'. [ 181.423345][ T5967] Bluetooth: hci2: unexpected event for opcode 0x202d [ 181.646613][ T9143] netlink: 36 bytes leftover after parsing attributes in process `syz.3.782'. [ 181.754674][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.807119][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.867718][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.930751][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.034804][ T12] bridge_slave_1: left allmulticast mode [ 182.036641][ T12] bridge_slave_1: left promiscuous mode [ 182.038613][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.042375][ T12] bridge_slave_0: left allmulticast mode [ 182.044223][ T12] bridge_slave_0: left promiscuous mode [ 182.046873][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.323922][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 182.329976][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 182.335241][ T12] bond0 (unregistering): Released all slaves [ 182.754533][ T12] hsr_slave_0: left promiscuous mode [ 182.757285][ T12] hsr_slave_1: left promiscuous mode [ 182.759167][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 182.761352][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 182.764032][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 182.767274][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 182.788347][ T12] veth1_macvtap: left promiscuous mode [ 182.790612][ T12] veth0_macvtap: left promiscuous mode [ 182.792969][ T12] veth1_vlan: left promiscuous mode [ 182.796268][ T12] veth0_vlan: left promiscuous mode [ 183.015801][ T5967] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 183.019441][ T5967] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 183.022322][ T5967] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 183.027405][ T5967] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 183.033923][ T5967] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 183.342570][ T5967] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 183.585824][ T12] team0 (unregistering): Port device team_slave_1 removed [ 183.653657][ T12] team0 (unregistering): Port device team_slave_0 removed [ 183.810601][ T9189] netlink: 116 bytes leftover after parsing attributes in process `syz.1.787'. [ 184.052164][ T5967] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 184.298620][ T9198] netlink: 116 bytes leftover after parsing attributes in process `syz.2.791'. [ 184.345597][ T9175] chnl_net:caif_netlink_parms(): no params data found [ 184.485506][ T9225] netlink: 116 bytes leftover after parsing attributes in process `syz.3.797'. [ 184.492961][ T9175] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.496044][ T9175] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.498362][ T9175] bridge_slave_0: entered allmulticast mode [ 184.500974][ T9175] bridge_slave_0: entered promiscuous mode [ 184.505114][ T9175] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.509595][ T9175] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.511859][ T9175] bridge_slave_1: entered allmulticast mode [ 184.515904][ T9175] bridge_slave_1: entered promiscuous mode [ 184.590662][ T9175] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 184.595989][ T9175] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 184.642907][ T9175] team0: Port device team_slave_0 added [ 184.649655][ T9175] team0: Port device team_slave_1 added [ 184.702679][ T9175] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 184.707374][ T9175] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 184.716739][ T5967] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 184.719576][ T9175] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 184.730355][ T9175] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 184.732540][ T9175] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 184.758111][ T9175] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 184.844369][ T9175] hsr_slave_0: entered promiscuous mode [ 184.846766][ T9175] hsr_slave_1: entered promiscuous mode [ 184.848823][ T9175] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 184.851357][ T9175] Cannot create hsr debugfs directory [ 185.045617][ T5967] Bluetooth: hci1: command tx timeout [ 185.487291][ T9175] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 185.492562][ T9175] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 185.497726][ T9175] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 185.502306][ T9175] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 185.551831][ T9175] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.563047][ T9175] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.572368][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.574799][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.581853][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.584240][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.713990][ T9175] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 185.744271][ T9175] veth0_vlan: entered promiscuous mode [ 185.753365][ T9175] veth1_vlan: entered promiscuous mode [ 185.782710][ T9175] veth0_macvtap: entered promiscuous mode [ 185.787564][ T9175] veth1_macvtap: entered promiscuous mode [ 185.798169][ T9175] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 185.809600][ T9175] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 185.818005][ T9175] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.820811][ T9175] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.823483][ T9175] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.827503][ T9175] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.903568][ T1149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 185.908088][ T1149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 185.945415][ T1249] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 185.947934][ T1249] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 186.475850][ T9323] netlink: 116 bytes leftover after parsing attributes in process `syz.1.806'. [ 188.138390][ T9351] netlink: 4 bytes leftover after parsing attributes in process `syz.1.816'. [ 188.255194][ T1149] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.508509][ T9363] netlink: 116 bytes leftover after parsing attributes in process `syz.1.817'. [ 189.765193][ T5970] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 189.794898][ T5970] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 189.799367][ T5970] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 189.817171][ T5970] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 189.821392][ T5970] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 190.011729][ T9380] chnl_net:caif_netlink_parms(): no params data found [ 190.080297][ T9380] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.082548][ T9380] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.085363][ T9380] bridge_slave_0: entered allmulticast mode [ 190.087972][ T9380] bridge_slave_0: entered promiscuous mode [ 190.091121][ T9380] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.093465][ T9380] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.096019][ T9380] bridge_slave_1: entered allmulticast mode [ 190.098641][ T9380] bridge_slave_1: entered promiscuous mode [ 190.149459][ T1149] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.161075][ T9380] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 190.166091][ T9380] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 190.200344][ T9380] team0: Port device team_slave_0 added [ 190.206216][ T9380] team0: Port device team_slave_1 added [ 190.234406][ T1149] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.271140][ T9380] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 190.274095][ T9380] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.284097][ T9380] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 190.290299][ T9380] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 190.292626][ T9380] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.306135][ T9380] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 190.332583][ T1149] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.342966][ T9396] FAULT_INJECTION: forcing a failure. [ 190.342966][ T9396] name failslab, interval 1, probability 0, space 0, times 0 [ 190.351793][ T9396] CPU: 2 UID: 0 PID: 9396 Comm: syz.1.827 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 190.351809][ T9396] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 190.351816][ T9396] Call Trace: [ 190.351820][ T9396] [ 190.351825][ T9396] dump_stack_lvl+0x16c/0x1f0 [ 190.351845][ T9396] should_fail_ex+0x512/0x640 [ 190.351861][ T9396] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 190.351877][ T9396] should_failslab+0xc2/0x120 [ 190.351887][ T9396] __kmalloc_cache_noprof+0x6a/0x3e0 [ 190.351902][ T9396] ? alloc_netdev_mqs+0xf3a/0x1570 [ 190.351919][ T9396] ? kasan_save_track+0x14/0x30 [ 190.351936][ T9396] alloc_netdev_mqs+0xf3a/0x1570 [ 190.351956][ T9396] rtnl_create_link+0xc08/0xf90 [ 190.351975][ T9396] rtnl_newlink+0xb69/0x2000 [ 190.351996][ T9396] ? __pfx_rtnl_newlink+0x10/0x10 [ 190.352018][ T9396] ? kasan_quarantine_put+0x10a/0x240 [ 190.352033][ T9396] ? lockdep_hardirqs_on+0x7c/0x110 [ 190.352051][ T9396] ? kfree_skbmem+0x1a4/0x1f0 [ 190.352070][ T9396] ? rcu_is_watching+0x12/0xc0 [ 190.352081][ T9396] ? trace_cap_capable+0x18d/0x200 [ 190.352096][ T9396] ? find_held_lock+0x2b/0x80 [ 190.352107][ T9396] ? __pfx_rtnl_newlink+0x10/0x10 [ 190.352123][ T9396] ? __pfx_rtnl_newlink+0x10/0x10 [ 190.352138][ T9396] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 190.352155][ T9396] ? __pfx_rtnl_newlink+0x10/0x10 [ 190.352172][ T9396] rtnetlink_rcv_msg+0x95b/0xe90 [ 190.352190][ T9396] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 190.352211][ T9396] ? ref_tracker_free+0x37c/0x830 [ 190.352229][ T9396] netlink_rcv_skb+0x155/0x420 [ 190.352240][ T9396] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 190.352258][ T9396] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 190.352274][ T9396] ? netlink_deliver_tap+0x1ae/0xd30 [ 190.352294][ T9396] netlink_unicast+0x53a/0x7f0 [ 190.352306][ T9396] ? __pfx_netlink_unicast+0x10/0x10 [ 190.352321][ T9396] netlink_sendmsg+0x8d1/0xdd0 [ 190.352334][ T9396] ? __pfx_netlink_sendmsg+0x10/0x10 [ 190.352347][ T9396] ? __import_iovec+0x1dd/0x650 [ 190.352359][ T9396] ____sys_sendmsg+0xa98/0xc70 [ 190.352373][ T9396] ? __pfx_____sys_sendmsg+0x10/0x10 [ 190.352384][ T9396] ? get_compat_msghdr+0x11a/0x170 [ 190.352407][ T9396] ___sys_sendmsg+0x134/0x1d0 [ 190.352424][ T9396] ? __pfx____sys_sendmsg+0x10/0x10 [ 190.352447][ T9396] ? find_held_lock+0x2b/0x80 [ 190.352466][ T9396] __sys_sendmsg+0x16d/0x220 [ 190.352483][ T9396] ? __pfx___sys_sendmsg+0x10/0x10 [ 190.352504][ T9396] ? rcu_is_watching+0x12/0xc0 [ 190.352517][ T9396] __do_fast_syscall_32+0x7c/0x3a0 [ 190.352535][ T9396] do_fast_syscall_32+0x32/0x80 [ 190.352552][ T9396] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 190.352565][ T9396] RIP: 0023:0xf7f57579 [ 190.352574][ T9396] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 190.352585][ T9396] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 190.352595][ T9396] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080 [ 190.352602][ T9396] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 190.352608][ T9396] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 190.352613][ T9396] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 190.352619][ T9396] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 190.352632][ T9396] [ 190.462840][ C2] hpet: Lost 6 RTC interrupts [ 190.493870][ T9380] hsr_slave_0: entered promiscuous mode [ 190.499603][ T9380] hsr_slave_1: entered promiscuous mode [ 190.502189][ T9380] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 190.506908][ T9380] Cannot create hsr debugfs directory [ 190.521926][ T9399] netlink: 'syz.3.826': attribute type 2 has an invalid length. [ 190.595305][ T9403] dummy0: entered promiscuous mode [ 190.598238][ T9403] bond0: entered promiscuous mode [ 190.601470][ T9403] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 190.605081][ T9403] Cannot create hsr debugfs directory [ 190.607429][ T9403] hsr1: Slave B (bond0) is not up; please bring it up to get a fully working HSR network [ 190.611582][ T9403] hsr1: entered allmulticast mode [ 190.613255][ T9403] dummy0: entered allmulticast mode [ 190.615166][ T9403] bond0: entered allmulticast mode [ 190.658750][ T9410] netlink: 116 bytes leftover after parsing attributes in process `syz.2.832'. [ 190.743503][ T1149] bridge_slave_1: left allmulticast mode [ 190.745843][ T1149] bridge_slave_1: left promiscuous mode [ 190.747758][ T1149] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.752536][ T1149] bridge_slave_0: left allmulticast mode [ 190.754425][ T1149] bridge_slave_0: left promiscuous mode [ 190.764350][ T1149] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.820150][ T6361] libceph: connect (1)[c::]:6789 error -101 [ 190.822487][ T6361] libceph: mon0 (1)[c::]:6789 connect error [ 191.070195][ T1149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 191.075828][ T1149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 191.079632][ T1149] bond0 (unregistering): Released all slaves [ 191.084915][ T6361] libceph: connect (1)[c::]:6789 error -101 [ 191.086888][ T6361] libceph: mon0 (1)[c::]:6789 connect error [ 191.477607][ T1149] hsr_slave_0: left promiscuous mode [ 191.480597][ T1149] hsr_slave_1: left promiscuous mode [ 191.482646][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 191.485745][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 191.488853][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 191.491319][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 191.514400][ T1149] veth1_macvtap: left promiscuous mode [ 191.517215][ T1149] veth0_macvtap: left promiscuous mode [ 191.519056][ T1149] veth1_vlan: left promiscuous mode [ 191.520820][ T1149] veth0_vlan: left promiscuous mode [ 191.595611][ T6361] libceph: connect (1)[c::]:6789 error -101 [ 191.597630][ T6361] libceph: mon0 (1)[c::]:6789 connect error [ 191.620574][ T9423] ceph: No mds server is up or the cluster is laggy [ 191.857908][ T5970] Bluetooth: hci1: command tx timeout [ 191.877323][ T9453] netlink: 116 bytes leftover after parsing attributes in process `syz.3.843'. [ 192.376132][ T1149] team0 (unregistering): Port device team_slave_1 removed [ 192.454831][ T1149] team0 (unregistering): Port device team_slave_0 removed [ 193.029509][ T9380] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 193.042497][ T9380] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 193.051855][ T9380] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 193.066588][ T9380] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 193.110800][ T9485] netlink: 'syz.2.845': attribute type 2 has an invalid length. [ 193.167527][ T9380] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.193781][ T9380] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.214162][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.217321][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.233343][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.236449][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.342147][ T9492] netlink: 'syz.1.849': attribute type 1 has an invalid length. [ 193.346019][ T9492] netlink: 'syz.1.849': attribute type 1 has an invalid length. [ 193.436851][ T9380] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.482825][ T9380] veth0_vlan: entered promiscuous mode [ 193.488830][ T9380] veth1_vlan: entered promiscuous mode [ 193.507886][ T9380] veth0_macvtap: entered promiscuous mode [ 193.511417][ T9380] veth1_macvtap: entered promiscuous mode [ 193.527019][ T9380] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 193.533906][ T9380] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 193.542642][ T9380] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.545492][ T9503] netlink: 116 bytes leftover after parsing attributes in process `syz.1.853'. [ 193.548632][ T9380] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.553021][ T9380] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.558474][ T9380] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.680004][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 193.686375][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 193.696196][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.698777][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 193.709474][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 193.712558][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 193.936808][ T9507] befs: (loop3): No write support. Marking filesystem read-only [ 193.939627][ T9507] syz.1.855: attempt to access beyond end of device [ 193.939627][ T9507] loop3: rw=0, sector=0, nr_sectors = 2 limit=0 [ 193.943605][ T9507] befs: (loop3): unable to read superblock [ 194.190242][ T9511] netlink: 116 bytes leftover after parsing attributes in process `syz.2.864'. [ 194.267781][ T6101] IPVS: starting estimator thread 0... [ 194.354637][ T9515] IPVS: using max 42 ests per chain, 100800 per kthread [ 195.151692][ T9527] syz.1.860: attempt to access beyond end of device [ 195.151692][ T9527] sr0: rw=0, sector=0, nr_sectors = 4 limit=0 [ 195.594324][ T9535] netlink: 116 bytes leftover after parsing attributes in process `syz.2.863'. [ 195.806948][ T9543] netlink: 8 bytes leftover after parsing attributes in process `syz.3.867'. [ 195.806969][ T9543] netlink: 4 bytes leftover after parsing attributes in process `syz.3.867'. [ 195.811916][ T9543] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 195.811961][ T9543] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 195.811980][ T9543] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 195.811996][ T9543] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 196.369494][ T9561] FAULT_INJECTION: forcing a failure. [ 196.369494][ T9561] name failslab, interval 1, probability 0, space 0, times 0 [ 196.374173][ T9561] CPU: 2 UID: 0 PID: 9561 Comm: syz.3.872 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 196.374189][ T9561] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 196.374196][ T9561] Call Trace: [ 196.374200][ T9561] [ 196.374204][ T9561] dump_stack_lvl+0x16c/0x1f0 [ 196.374225][ T9561] should_fail_ex+0x512/0x640 [ 196.374244][ T9561] should_failslab+0xc2/0x120 [ 196.374255][ T9561] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 196.374273][ T9561] ? skb_clone+0x190/0x3f0 [ 196.374291][ T9561] skb_clone+0x190/0x3f0 [ 196.374307][ T9561] netlink_deliver_tap+0xabd/0xd30 [ 196.374329][ T9561] netlink_unicast+0x6b2/0x7f0 [ 196.374341][ T9561] ? __pfx_netlink_unicast+0x10/0x10 [ 196.374351][ T9561] ? genl_rcv_msg+0x4bb/0x800 [ 196.374367][ T9561] netlink_ack+0x696/0xb80 [ 196.374382][ T9561] netlink_rcv_skb+0x332/0x420 [ 196.374393][ T9561] ? __pfx_genl_rcv_msg+0x10/0x10 [ 196.374406][ T9561] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 196.374423][ T9561] ? netlink_deliver_tap+0x1ae/0xd30 [ 196.374443][ T9561] genl_rcv+0x28/0x40 [ 196.374454][ T9561] netlink_unicast+0x53a/0x7f0 [ 196.374466][ T9561] ? __pfx_netlink_unicast+0x10/0x10 [ 196.374481][ T9561] netlink_sendmsg+0x8d1/0xdd0 [ 196.374494][ T9561] ? __pfx_netlink_sendmsg+0x10/0x10 [ 196.374506][ T9561] ? __import_iovec+0x1dd/0x650 [ 196.374519][ T9561] ____sys_sendmsg+0xa98/0xc70 [ 196.374532][ T9561] ? __pfx_____sys_sendmsg+0x10/0x10 [ 196.374556][ T9561] ? get_compat_msghdr+0x11a/0x170 [ 196.374580][ T9561] ___sys_sendmsg+0x134/0x1d0 [ 196.374597][ T9561] ? __pfx____sys_sendmsg+0x10/0x10 [ 196.374620][ T9561] ? find_held_lock+0x2b/0x80 [ 196.374641][ T9561] __sys_sendmsg+0x16d/0x220 [ 196.374657][ T9561] ? __pfx___sys_sendmsg+0x10/0x10 [ 196.374679][ T9561] ? rcu_is_watching+0x12/0xc0 [ 196.374693][ T9561] __do_fast_syscall_32+0x7c/0x3a0 [ 196.374711][ T9561] do_fast_syscall_32+0x32/0x80 [ 196.374727][ T9561] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 196.374741][ T9561] RIP: 0023:0xf70fe579 [ 196.374750][ T9561] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 196.374761][ T9561] RSP: 002b:00000000f50ee55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 196.374771][ T9561] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000400 [ 196.374778][ T9561] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 196.374784][ T9561] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 196.374790][ T9561] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 196.374796][ T9561] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 196.374809][ T9561] [ 196.457804][ C2] hpet: Lost 4 RTC interrupts [ 196.496127][ T9563] netlink: 116 bytes leftover after parsing attributes in process `syz.3.873'. [ 196.536564][ T9565] netlink: 2 bytes leftover after parsing attributes in process `syz.3.874'. [ 196.547132][ T9565] Cannot find del_set index 320 as target [ 196.862589][ T1149] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.303633][ T5967] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 198.308576][ T5967] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 198.312597][ T5967] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 198.317399][ T5967] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 198.320853][ T5967] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 198.425680][ T9586] chnl_net:caif_netlink_parms(): no params data found [ 198.522769][ T9586] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.525931][ T9586] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.528242][ T9586] bridge_slave_0: entered allmulticast mode [ 198.530899][ T9586] bridge_slave_0: entered promiscuous mode [ 198.534079][ T9586] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.536427][ T9586] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.539104][ T9586] bridge_slave_1: entered allmulticast mode [ 198.541762][ T9586] bridge_slave_1: entered promiscuous mode [ 198.579877][ T9586] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.585161][ T9586] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.615047][ T1149] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.621857][ T9597] trusted_key: encrypted_key: insufficient parameters specified [ 198.625630][ T9597] trusted_key: encrypted_key: insufficient parameters specified [ 198.639279][ T9586] team0: Port device team_slave_0 added [ 198.642642][ T9586] team0: Port device team_slave_1 added [ 198.684023][ T1149] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.691223][ T9586] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 198.693441][ T9586] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.702826][ T9586] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 198.707622][ T9586] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 198.711250][ T9586] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.720951][ T9586] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 198.807628][ T9586] hsr_slave_0: entered promiscuous mode [ 198.810349][ T9586] hsr_slave_1: entered promiscuous mode [ 198.812422][ T9586] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 198.815503][ T9586] Cannot create hsr debugfs directory [ 198.822716][ T9599] FAULT_INJECTION: forcing a failure. [ 198.822716][ T9599] name failslab, interval 1, probability 0, space 0, times 0 [ 198.827792][ T9599] CPU: 3 UID: 0 PID: 9599 Comm: syz.3.881 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 198.827814][ T9599] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 198.827825][ T9599] Call Trace: [ 198.827831][ T9599] [ 198.827838][ T9599] dump_stack_lvl+0x16c/0x1f0 [ 198.827866][ T9599] should_fail_ex+0x512/0x640 [ 198.827888][ T9599] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 198.827922][ T9599] should_failslab+0xc2/0x120 [ 198.827937][ T9599] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 198.827961][ T9599] ? getname_kernel+0x52/0x370 [ 198.827980][ T9599] getname_kernel+0x52/0x370 [ 198.827997][ T9599] kern_path+0x1d/0x50 [ 198.828018][ T9599] tomoyo_mount_acl+0x624/0x850 [ 198.828040][ T9599] ? __kernel_text_address+0xd/0x40 [ 198.828064][ T9599] ? unwind_get_return_address+0x59/0xa0 [ 198.828095][ T9599] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 198.828144][ T9599] ? tomoyo_domain+0xbb/0x150 [ 198.828166][ T9599] ? tomoyo_profile+0x47/0x60 [ 198.828192][ T9599] tomoyo_mount_permission+0x16d/0x420 [ 198.828211][ T9599] ? tomoyo_mount_permission+0x14f/0x420 [ 198.828232][ T9599] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 198.828269][ T9599] security_sb_mount+0x9b/0x260 [ 198.828288][ T9599] path_mount+0x128/0x2020 [ 198.828313][ T9599] ? kmem_cache_free+0x2d1/0x4d0 [ 198.828335][ T9599] ? __pfx_path_mount+0x10/0x10 [ 198.828358][ T9599] ? getname_flags.part.0+0x1c5/0x550 [ 198.828378][ T9599] ? putname+0x154/0x1a0 [ 198.828397][ T9599] __ia32_sys_mount+0x28b/0x310 [ 198.828422][ T9599] ? __pfx___ia32_sys_mount+0x10/0x10 [ 198.828449][ T9599] ? rcu_is_watching+0x12/0xc0 [ 198.828470][ T9599] __do_fast_syscall_32+0x7c/0x3a0 [ 198.828497][ T9599] do_fast_syscall_32+0x32/0x80 [ 198.828520][ T9599] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 198.828540][ T9599] RIP: 0023:0xf70fe579 [ 198.828554][ T9599] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 198.828570][ T9599] RSP: 002b:00000000f50ee55c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 198.828587][ T9599] RAX: ffffffffffffffda RBX: 0000000080000040 RCX: 0000000080000000 [ 198.828598][ T9599] RDX: 00000000800003c0 RSI: 0000000000000000 RDI: 0000000080000300 [ 198.828608][ T9599] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 198.828618][ T9599] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 198.828628][ T9599] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 198.828651][ T9599] [ 198.831644][ T1149] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.085392][ T1149] bridge_slave_1: left allmulticast mode [ 199.090734][ T1149] bridge_slave_1: left promiscuous mode [ 199.093331][ T1149] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.097922][ T1149] bridge_slave_0: left allmulticast mode [ 199.100194][ T1149] bridge_slave_0: left promiscuous mode [ 199.102879][ T1149] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.465446][ T1149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 199.470054][ T1149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 199.473608][ T1149] bond0 (unregistering): Released all slaves [ 199.879685][ T1149] hsr_slave_0: left promiscuous mode [ 199.882022][ T1149] hsr_slave_1: left promiscuous mode [ 199.883997][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 199.886580][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 199.889380][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 199.891718][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 199.910774][ T1149] veth1_macvtap: left promiscuous mode [ 199.912616][ T1149] veth0_macvtap: left promiscuous mode [ 199.914431][ T1149] veth1_vlan: left promiscuous mode [ 199.916436][ T1149] veth0_vlan: left promiscuous mode [ 200.404767][ T5967] Bluetooth: hci1: command tx timeout [ 200.494015][ T1149] team0 (unregistering): Port device team_slave_1 removed [ 200.566199][ T1149] team0 (unregistering): Port device team_slave_0 removed [ 201.305988][ T9586] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 201.316700][ T9586] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 201.326573][ T9586] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 201.333381][ T9661] netlink: 368 bytes leftover after parsing attributes in process `syz.2.899'. [ 201.365205][ T9586] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 201.520447][ T9665] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input14 [ 201.546030][ T9586] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.582065][ T9586] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.615332][ T838] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 201.626596][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.628948][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.647079][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.649399][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.784694][ T838] usb 7-1: Using ep0 maxpacket: 32 [ 201.788916][ T838] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 201.795468][ T838] usb 7-1: config 0 has no interface number 0 [ 201.803399][ T838] usb 7-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 201.808808][ T838] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.813799][ T838] usb 7-1: Product: syz [ 201.817503][ T838] usb 7-1: Manufacturer: syz [ 201.821739][ T838] usb 7-1: SerialNumber: syz [ 201.835133][ T838] usb 7-1: config 0 descriptor?? [ 201.841089][ T838] usb 7-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 201.845082][ T838] usb 7-1: selecting invalid altsetting 1 [ 201.847349][ T838] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 201.872855][ T838] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 201.878986][ T838] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 201.883030][ T838] usb 7-1: media controller created [ 201.896975][ T838] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 202.007170][ T9586] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.073653][ T9586] veth0_vlan: entered promiscuous mode [ 202.090185][ T9586] veth1_vlan: entered promiscuous mode [ 202.123964][ T9586] veth0_macvtap: entered promiscuous mode [ 202.142795][ T9586] veth1_macvtap: entered promiscuous mode [ 202.161257][ T9586] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 202.172733][ T9586] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 202.183698][ T9586] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.186864][ T9586] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.189665][ T9586] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.192362][ T9586] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.280667][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.283865][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.320273][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.323256][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.410992][ T9586] [ 202.411890][ T9586] ====================================================== [ 202.414139][ T9586] WARNING: possible circular locking dependency detected [ 202.416350][ T9586] 6.16.0-rc5-syzkaller #0 Not tainted [ 202.418346][ T9586] ------------------------------------------------------ [ 202.421792][ T9586] syz-executor/9586 is trying to acquire lock: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 202.424011][ T9586] ffff88806b239040 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: __flush_work+0x4d0/0xcc0 [ 202.427813][ T9586] [ 202.427813][ T9586] but task is already holding lock: [ 202.430191][ T9586] ffff88806b239338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x730 [ 202.433162][ T9586] [ 202.433162][ T9586] which lock already depends on the new lock. [ 202.433162][ T9586] [ 202.436818][ T9586] [ 202.436818][ T9586] the existing dependency chain (in reverse order) is: [ 202.439648][ T9586] [ 202.439648][ T9586] -> #1 (&conn->lock#2){+.+.}-{4:4}: [ 202.442077][ T9586] __mutex_lock+0x199/0xb90 [ 202.443782][ T9586] l2cap_info_timeout+0x79/0xa0 [ 202.445516][ T9586] process_one_work+0x9cc/0x1b70 [ 202.447280][ T9586] worker_thread+0x6c8/0xf10 [ 202.448960][ T9586] kthread+0x3c5/0x780 [ 202.450469][ T9586] ret_from_fork+0x5d4/0x6f0 [ 202.452114][ T9586] ret_from_fork_asm+0x1a/0x30 [ 202.453878][ T9586] [ 202.453878][ T9586] -> #0 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}: [ 202.457423][ T9586] __lock_acquire+0x126f/0x1c90 [ 202.459210][ T9586] lock_acquire+0x179/0x350 [ 202.460863][ T9586] __flush_work+0x4e4/0xcc0 [ 202.462469][ T9586] __cancel_work_sync+0x10c/0x130 [ 202.464264][ T9586] l2cap_conn_del+0x5af/0x730 [ 202.466204][ T9586] l2cap_disconn_cfm+0x96/0xd0 [ 202.467889][ T9586] hci_conn_hash_flush+0x10e/0x260 [ 202.469707][ T9586] hci_dev_close_sync+0x602/0x11d0 [ 202.471488][ T9586] hci_dev_do_close+0x2e/0x90 [ 202.473175][ T9586] hci_unregister_dev+0x227/0x640 [ 202.474998][ T9586] vhci_release+0x79/0xf0 [ 202.476589][ T9586] __fput+0x402/0xb70 [ 202.478057][ T9586] task_work_run+0x14d/0x240 [ 202.479732][ T9586] do_exit+0x86c/0x2bd0 [ 202.481264][ T9586] do_group_exit+0xd3/0x2a0 [ 202.482902][ T9586] __ia32_sys_exit_group+0x3e/0x50 [ 202.484686][ T9586] ia32_sys_call+0xd56/0x1c40 [ 202.486399][ T9586] __do_fast_syscall_32+0x7c/0x3a0 [ 202.488173][ T9586] do_fast_syscall_32+0x32/0x80 [ 202.489926][ T9586] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 202.492132][ T9586] [ 202.492132][ T9586] other info that might help us debug this: [ 202.492132][ T9586] [ 202.495474][ T9586] Possible unsafe locking scenario: [ 202.495474][ T9586] [ 202.497801][ T9586] CPU0 CPU1 [ 202.499462][ T9586] ---- ---- [ 202.501130][ T9586] lock(&conn->lock#2); [ 202.502459][ T9586] lock((work_completion)(&(&conn->info_timer)->work)); [ 202.505455][ T9586] lock(&conn->lock#2); [ 202.507551][ T9586] lock((work_completion)(&(&conn->info_timer)->work)); [ 202.509731][ T9586] [ 202.509731][ T9586] *** DEADLOCK *** [ 202.509731][ T9586] [ 202.512229][ T9586] 5 locks held by syz-executor/9586: [ 202.513912][ T9586] #0: ffff888051700dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90 [ 202.515031][ T5967] Bluetooth: hci1: command tx timeout [ 202.516870][ T9586] #1: ffff8880517000b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ae/0x11d0 [ 202.521591][ T9586] #2: ffffffff905d4f68 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x260 [ 202.524691][ T9586] #3: ffff88806b239338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x730 [ 202.527610][ T9586] #4: ffffffff8e5c47c0 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xfb/0xcc0 [ 202.530458][ T9586] [ 202.530458][ T9586] stack backtrace: [ 202.532292][ T9586] CPU: 3 UID: 0 PID: 9586 Comm: syz-executor Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 202.532306][ T9586] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 202.532313][ T9586] Call Trace: [ 202.532318][ T9586] [ 202.532322][ T9586] dump_stack_lvl+0x116/0x1f0 [ 202.532339][ T9586] print_circular_bug+0x275/0x350 [ 202.532354][ T9586] check_noncircular+0x14c/0x170 [ 202.532370][ T9586] __lock_acquire+0x126f/0x1c90 [ 202.532385][ T9586] ? irqentry_exit+0x3b/0x90 [ 202.532401][ T9586] lock_acquire+0x179/0x350 [ 202.532415][ T9586] ? __flush_work+0x4d0/0xcc0 [ 202.532425][ T9586] ? preempt_schedule_thunk+0x16/0x30 [ 202.532440][ T9586] ? __flush_work+0x4d0/0xcc0 [ 202.532450][ T9586] __flush_work+0x4e4/0xcc0 [ 202.532460][ T9586] ? __flush_work+0x4d0/0xcc0 [ 202.532470][ T9586] ? __pfx___timer_delete+0x1/0x10 [ 202.532483][ T9586] ? __pfx___flush_work+0x10/0x10 [ 202.532494][ T9586] ? __pfx_wq_barrier_func+0x10/0x10 [ 202.532510][ T9586] ? __pfx___might_resched+0x10/0x10 [ 202.532523][ T9586] __cancel_work_sync+0x10c/0x130 [ 202.532534][ T9586] l2cap_conn_del+0x5af/0x730 [ 202.532547][ T9586] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 202.532565][ T9586] ? __pfx_l2cap_disconn_cfm+0x10/0x10 [ 202.532577][ T9586] l2cap_disconn_cfm+0x96/0xd0 [ 202.532590][ T9586] hci_conn_hash_flush+0x10e/0x260 [ 202.532603][ T9586] hci_dev_close_sync+0x602/0x11d0 [ 202.532614][ T9586] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 202.532624][ T9586] ? up_write+0x1b2/0x520 [ 202.532657][ T9586] hci_dev_do_close+0x2e/0x90 [ 202.532666][ T9586] hci_unregister_dev+0x227/0x640 [ 202.532677][ T9586] ? __pfx_vhci_release+0x10/0x10 [ 202.532693][ T9586] vhci_release+0x79/0xf0 [ 202.532708][ T9586] __fput+0x402/0xb70 [ 202.532720][ T9586] task_work_run+0x14d/0x240 [ 202.532737][ T9586] ? __pfx_task_work_run+0x10/0x10 [ 202.532754][ T9586] do_exit+0x86c/0x2bd0 [ 202.532769][ T9586] ? do_raw_spin_lock+0x12c/0x2b0 [ 202.532786][ T9586] ? __pfx_do_exit+0x10/0x10 [ 202.532800][ T9586] ? rcu_is_watching+0x12/0xc0 [ 202.532812][ T9586] do_group_exit+0xd3/0x2a0 [ 202.532826][ T9586] __ia32_sys_exit_group+0x3e/0x50 [ 202.532842][ T9586] ia32_sys_call+0xd56/0x1c40 [ 202.532854][ T9586] __do_fast_syscall_32+0x7c/0x3a0 [ 202.532875][ T9586] do_fast_syscall_32+0x32/0x80 [ 202.532891][ T9586] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 202.532905][ T9586] RIP: 0023:0xf711e579 [ 202.532912][ T9586] Code: Unable to access opcode bytes at 0xf711e54f. [ 202.532917][ T9586] RSP: 002b:00000000ffe4debc EFLAGS: 00000286 ORIG_RAX: 00000000000000fc [ 202.532926][ T9586] RAX: ffffffffffffffda RBX: 0000000000000043 RCX: 00000000ffe4df08 [ 202.532933][ T9586] RDX: 0000000000000000 RSI: 00000000f7306b3f RDI: 00000000f72514c6 [ 202.532939][ T9586] RBP: 00000000f7483ff4 R08: 0000000000000000 R09: 0000000000000000 [ 202.532945][ T9586] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 202.532952][ T9586] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 202.532961][ T9586] [ 202.975350][ T838] usb 7-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 202.977614][ T838] zl10353_read_register: readreg error (reg=127, ret==-110) [ 202.994985][ T9661] usb 7-1: dvb_usb_ce6230: usb_control_msg() failed=-32 [ 203.105681][ T9661] syz_tun (unregistering): left promiscuous mode [ 203.229305][ T838] usb 7-1: USB disconnect, device number 15 [ 203.289612][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.347936][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.438775][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.507716][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.822470][ T12] tipc: Left network mode [ 203.983789][ T12] dummy0: left promiscuous mode [ 203.986543][ T12] batadv_slave_0: left promiscuous mode [ 203.995229][ T12] hsr0: left allmulticast mode [ 203.997462][ T12] veth1_macvtap: left promiscuous mode [ 203.999813][ T12] veth0_macvtap: left allmulticast mode [ 204.002163][ T12] veth0_macvtap: left promiscuous mode VM DIAGNOSIS: 08:15:35 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=ffffc90003da7b60 RCX=0000000000000000 RDX=0000000000000000 RSI=ffffffff850be3a4 RDI=ffffc90003da7b60 RBP=ffffc90003da7b20 RSP=ffffc90003da7a80 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=0000000000000000 R13=ffffc90003da7b60 R14=ffffc90003da7b28 R15=0000000000000000 RIP=ffffffff850be3cd RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097523000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080fce000 CR3=0000000065bb4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000f8000000 Opmask01=000000000007ffff Opmask02=000000000007ffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 006b636f732e7669 72706e752f646370 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7834302578302074 6e65766520646574 63657078656e7520 3a7325006b636f73 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5d1115005d150551 4b40534005414051 4640555d404b5005 1f5600004e464a56 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0016000000000003 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000559134d7ab60 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000200000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6d650a6564646136 7020203365626965 0a6465626d650020 6569746220003233 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 37360a6136636120 0a20203361203720 0a31206261630020 0a69696220003220 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbff52532232d20 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 262821df2e2e33df 3228df3232202b22 df312e232d2435bf 2324353124322431 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=00000000004e9314 RBX=0000000000000001 RCX=ffffffff8b843c39 RDX=ffffed1005666646 RSI=ffffffff8c156fe0 RDI=ffffffff81918b41 RBP=ffffed1003bdb488 RSP=ffffc9000046fdf8 R8 =0000000000000000 R9 =ffffed1005666645 R10=ffff88802b33322b R11=ffff88802b23b260 R12=0000000000000001 R13=ffff88801deda440 R14=ffffffff90a98e50 R15=0000000000000000 RIP=ffffffff8b84279f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097623000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080dd8000 CR3=000000004bd6e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffffea0001d3b3c0 RCX=ffffffff822cdb94 RDX=ffff888025ffc880 RSI=ffffffff822cdbaf RDI=0000000000000007 RBP=ffffffff8df2e440 RSP=ffffc900035c7748 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000000 R11=0000000000007c37 R12=ffffea0001d3b3c0 R13=0000000000000001 R14=0000000000000000 R15=0000000000000001 RIP=ffffffff81bb5396 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097723000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f7f56e40 CR3=000000004a0dd000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f73f3ff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85582c95 RDI=ffffffff9b0a9980 RBP=ffffffff9b0a9940 RSP=ffffc900038bf208 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=000000000000002d R14=ffffffff9b0a9940 R15=ffffffff85582c30 RIP=ffffffff85582cbf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097823000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000555a1f8af138 CR3=000000006ccc7000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000