last executing test programs: 13m50.344728152s ago: executing program 2 (id=277): r0 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0x1c, {0xa, 0xfffc, 0x4, @dev}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=[{0xc, 0x110, 0x1}], 0xc}, 0xfc00) r1 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33) recvmsg(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000004700)=""/4098, 0x1002}, {&(0x7f0000003700)=""/4074, 0xfea}, {&(0x7f0000002500)=""/4137, 0x1029}, {&(0x7f0000000200)=""/100, 0x64}, {&(0x7f0000000780)=""/190, 0xbe}, {&(0x7f0000000400)=""/170, 0xaa}, {&(0x7f0000000140)=""/184, 0xb8}], 0x7}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x1, 0x4, 0x4, 0x4, 0x0, 0x1}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000540)={&(0x7f00000003c0)="15736f", 0x0, 0x0, 0x0, 0x8, r2}, 0x38) exit(0x0) exit(0xf) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000002c0)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r4, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r4, &(0x7f0000000080)={0x50, 0x0, r5, {0x7, 0x29, 0x2009, 0xffffffff9080edc4, 0xfffd, 0x0, 0x0, 0x4, 0x0, 0x0, 0x9}}, 0x50) write$FUSE_INIT(r3, &(0x7f0000000100)={0x50, 0x0, r5, {0x7, 0x2b, 0x7ff, 0x100000, 0x9, 0xfe01, 0xffffff81, 0xffff, 0x0, 0x0, 0x80, 0x4}}, 0x50) 13m49.486613981s ago: executing program 2 (id=279): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) openat$cdrom(0xffffff9c, &(0x7f0000000180), 0x500, 0x0) mknod$loop(&(0x7f0000000400)='./file0\x00', 0x10, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private}}, 0x80, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000001001000001"], 0x10}, 0x8000) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'tunl0\x00', &(0x7f0000000480)={'tunl0\x00', 0x0, 0x7, 0x700, 0x9, 0x9, {{0x13, 0x4, 0x2, 0x5, 0x4c, 0x64, 0x0, 0x1, 0x4, 0x0, @broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@rr={0x7, 0xb, 0xd0, [@dev={0xac, 0x14, 0x14, 0x2f}, @loopback]}, @cipso={0x86, 0x14, 0xffffffffffffffff, [{0x6, 0x5, '\\xw'}, {0x0, 0x9, "ffcec376557c0c"}]}, @noop, @rr={0x7, 0x17, 0x66, [@multicast1, @private=0xa010100, @local, @multicast2, @dev={0xac, 0x14, 0x14, 0xa}]}]}}}}}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@getqdisc={0x38, 0x26, 0x400, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0xc, 0x6}, {0xfff3}, {0x6, 0x2}}, [{0x4}, {0x4}, {0x4}, {0x4}, {0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x844}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0xb8, 0x19, 0x1, 0x70bd29, 0x0, {{@in6=@private2, @in=@multicast1, 0x0, 0x6, 0x0, 0x0, 0xa, 0xa0, 0x0, 0x2c}, {0x0, 0x4, 0x1000000, 0xfffffffffffffffe, 0x4, 0x0, 0x0, 0x1d}, {0x7f, 0xc99, 0x0, 0x2dd}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2}}, 0xb8}}, 0x40044) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r6, 0x40186f40, &(0x7f0000000440)=0x1f) sendmsg$NL80211_CMD_NEW_MPATH(r0, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)=ANY=[], 0x14}}, 0x40000) r7 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/sockstat\x00') r8 = open_tree(r7, &(0x7f0000000640)='\x00', 0x89901) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4008, 0x7, &(0x7f0000006680)) ioperm(0x5, 0x1, 0x3) migrate_pages(0x0, 0x8, 0x0, &(0x7f0000000100)=0x2) unshare(0x26020480) open_tree(r8, &(0x7f0000000100)='\x00', 0x89901) 13m49.094004348s ago: executing program 2 (id=281): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmsg$NL80211_CMD_NEW_MPATH(r0, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)=ANY=[], 0x14}}, 0x40000) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000a00)) (fail_nth: 2) 13m48.985786984s ago: executing program 2 (id=282): bind$alg(0xffffffffffffffff, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(cast6)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad44b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) sendmmsg$alg(r0, &(0x7f0000000e00)=[{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="7926b8687de4d9065d", 0x9}, {&(0x7f0000000280)="b5f1dfc0fe810c", 0x7}], 0x2, 0x0, 0x0, 0x840}], 0x1, 0x400480d1) recvmmsg(r0, &(0x7f0000001440)=[{{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000001c0)=""/156, 0x9c}], 0x1}}], 0x1, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f0000000000), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8002, &(0x7f0000000700)=ANY=[@ANYBLOB="56c78e3c733d76697274676f2c6e6f65bc33dbde548d51f5638173733d616e792c63616368653d66736361636865"]) chdir(&(0x7f0000000300)='./file0\x00') capset(&(0x7f00000004c0)={0x20080522}, &(0x7f0000000500)={0x0, 0x2000, 0xb6fa, 0x0, 0x0, 0x3cd}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r1, 0x890b, &(0x7f0000000040)={0x0, @l2tp={0x2, 0x0, @empty, 0x2}, @generic={0x2, "fddbfa43af4f308f2c8ab5f15238"}, @l2tp={0x2, 0x0, @multicast2}, 0xa00, 0x0, 0x0, 0x0, 0x52, 0x0, 0x2, 0x2}) rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file1\x00') r2 = creat(&(0x7f0000000440)='./file0\x00', 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) r4 = socket(0x3a, 0x3, 0x0) write(r4, &(0x7f0000000100)="140000001a004f7fb3e45f2024d2f1c9fb470000", 0x14) recvmmsg(r4, &(0x7f0000005c80), 0x1b, 0x10122, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r3}, 0x10) recvmmsg(r2, &(0x7f0000006b00)=[{{&(0x7f0000000280)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000340)=""/11, 0xb}, {&(0x7f0000000380)=""/88, 0x58}], 0x2, &(0x7f0000000500)=""/10, 0xa}, 0x85a}, {{&(0x7f0000000540)=@vsock={0x28, 0x0, 0x0, @local}, 0x80, &(0x7f0000000680)=[{&(0x7f0000001340)=""/4096, 0x1000}, {&(0x7f00000005c0)=""/87, 0x57}, {&(0x7f0000000640)=""/36, 0x24}, {&(0x7f0000000800)=""/214, 0xd6}, {&(0x7f0000000980)=""/194, 0xc2}, {&(0x7f0000000a80)=""/210, 0xd2}], 0x6, &(0x7f0000000b80)=""/108, 0x6c}, 0x2}, {{&(0x7f0000000c00)=@un=@abs, 0x80, &(0x7f00000010c0)=[{&(0x7f00000006c0)=""/11, 0xb}, {&(0x7f0000000c80)=""/207, 0xcf}, {&(0x7f0000000740)=""/41, 0x29}, {&(0x7f0000000900)=""/3, 0x3}, {&(0x7f0000000d80)=""/19, 0x13}, {&(0x7f0000000dc0)=""/98, 0x62}, {&(0x7f0000000e40)=""/175, 0xaf}, {&(0x7f0000000f00)=""/169, 0xa9}, {&(0x7f0000000fc0)=""/54, 0x36}, {&(0x7f0000001000)=""/139, 0x8b}], 0xa, &(0x7f0000001140)=""/210, 0xd2}, 0xe6a}, {{&(0x7f0000002340)=@l2={0x1f, 0x0, @none}, 0x80, &(0x7f0000004580)=[{&(0x7f00000023c0)=""/90, 0x5a}, {&(0x7f0000002440)=""/4096, 0x1000}, {&(0x7f0000003440)=""/107, 0x6b}, {&(0x7f0000001240)=""/56, 0x38}, {&(0x7f00000034c0)=""/14, 0xe}, {&(0x7f0000003500)=""/4096, 0x1000}, {&(0x7f0000004500)=""/64, 0x40}, {&(0x7f0000004540)=""/7, 0x7}], 0x8, &(0x7f00000045c0)=""/19, 0x13}}, {{&(0x7f0000004600)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x80, &(0x7f0000006a00)=[{&(0x7f0000004680)=""/186, 0xba}, {&(0x7f0000004740)=""/146, 0x92}, {&(0x7f0000004800)=""/80, 0x50}, {&(0x7f0000004880)=""/4096, 0x1000}, {&(0x7f0000005880)=""/70, 0x46}, {&(0x7f0000005900)=""/4096, 0x1000}, {&(0x7f0000006900)=""/207, 0xcf}], 0x7, &(0x7f0000006a40)=""/147, 0x93}, 0x80000000}], 0x5, 0x21, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0) capset(&(0x7f0000a31000)={0x20080521}, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000006bc0)={0x0, @in={{0x2, 0x4e20, @multicast2}}, 0x6, 0x7fff, 0x6, 0x4, 0x21, 0x6, 0x5}, &(0x7f0000006c80)=0x9c) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r4, 0x84, 0x1a, &(0x7f0000006cc0)={r6, 0x80, "262416d2432e4709f8c803b46aede723be35579e61c451e284ba6a185ac5331f26760fc35b2ccb28ec5379e206b9fed91059be47a803b0edc56b3c7442549a6218dc8f5af4bf9de7c1087ab563547c1eee0aaf56bfc36c663fcd1684af46b015f74c48c3de0f7fa9ccb71543dc4c8364fadd4363deaf7524297c328586b57328"}, &(0x7f0000006d80)=0x88) close_range(r5, 0xffffffffffffffff, 0x0) syz_clone(0x80, &(0x7f0000000100)="5de502281e49ecd8ff67801c144e0f46b02f8c71dd82628314ffa2cc736679c66b8e77baf5f8bc6829ab9109f36a1834d9437a298ad81331bb63587b146fd781445123d1fc224629a28cce2fe2ac1412094c4224b191914bdfe295981c996ebcfdd3febf043f", 0x66, &(0x7f0000000080), &(0x7f0000000180), &(0x7f00000001c0)="ab5a6278ce9d4a4ba50057dfc13cab56a9e629b2ef7b852e485a20cb7254128c0027cd711c9b3594018e288aa57b33272d0dab8770b2692e419b5e68a2165c89af30d5cf04eac4022074fb0983cf02a7cf2cd49c8b34f3c94744c55325dc3189e7348ce017308b4f1053b92915a4d7a41a3b6c35b2c99a7f3451170aaad109") r7 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r8) 13m48.933123085s ago: executing program 2 (id=284): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x35, 0x1, 0x4, 0x0, 0x0) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00') lseek(r7, 0x10000000005, 0x0) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x2c, r4, 0x1, 0x80, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r6}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x87}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$tipc(r8, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) socket$nl_route(0x10, 0x3, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) 13m48.424430267s ago: executing program 2 (id=287): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) openat$audio(0xffffff9c, 0x0, 0x402, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r2 = gettid() sched_getattr(r2, &(0x7f0000000840)={0x38}, 0x38, 0x0) prctl$PR_MCE_KILL_GET(0x22) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, 0x0) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x2000000000001}}, 0x30) socket(0x10, 0x80002, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010e7010000000000000000000000000a20000000000a03000000000000000000070000000c00044000000000000000021c000000090a010400000000000000000700000008000a4000000003"], 0x64}, 0x1, 0x0, 0x0, 0x4004001}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0xfffffffffffffe47, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x44, 0x10, 0x40d, 0x70bd25, 0x25ffdbfc, {0x0, 0x0, 0x0, 0x0, 0x10}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_HELLO_TIME={0x8, 0x2, 0x6}, @IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x84}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb011c1800000000000000000000000000000003000000005f00"], 0x0, 0x1b, 0x0, 0x1}, 0x28) socket$inet6_udp(0xa, 0x2, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="50000000020605000000000000000000000000000c00078008000640001000000500010006000000050005000200000005000400000000000900020073797a31000000000c000300686173683a6970"], 0x50}}, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="40000000090601020000000000000000000000000900020073797a31000000000500010007000000180007800c00018008000140fffffffe0500030008"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) 13m48.390161538s ago: executing program 32 (id=287): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) openat$audio(0xffffff9c, 0x0, 0x402, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r2 = gettid() sched_getattr(r2, &(0x7f0000000840)={0x38}, 0x38, 0x0) prctl$PR_MCE_KILL_GET(0x22) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, 0x0) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x2000000000001}}, 0x30) socket(0x10, 0x80002, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010e7010000000000000000000000000a20000000000a03000000000000000000070000000c00044000000000000000021c000000090a010400000000000000000700000008000a4000000003"], 0x64}, 0x1, 0x0, 0x0, 0x4004001}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0xfffffffffffffe47, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x44, 0x10, 0x40d, 0x70bd25, 0x25ffdbfc, {0x0, 0x0, 0x0, 0x0, 0x10}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_HELLO_TIME={0x8, 0x2, 0x6}, @IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x84}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb011c1800000000000000000000000000000003000000005f00"], 0x0, 0x1b, 0x0, 0x1}, 0x28) socket$inet6_udp(0xa, 0x2, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="50000000020605000000000000000000000000000c00078008000640001000000500010006000000050005000200000005000400000000000900020073797a31000000000c000300686173683a6970"], 0x50}}, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="40000000090601020000000000000000000000000900020073797a31000000000500010007000000180007800c00018008000140fffffffe0500030008"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) 5.308972173s ago: executing program 1 (id=2611): r0 = socket$inet6(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000ed3fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) shutdown(r0, 0x0) sendto$inet6(r0, &(0x7f0000000100)="bc", 0x1, 0x4, &(0x7f00000000c0)={0xa, 0x4e20, 0x8, @loopback, 0x1}, 0x1c) 5.281047998s ago: executing program 1 (id=2613): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000680)="93378efcd17301726272853a9fa88608996042ab60ae09f9a90efedde424f36d", 0x20) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg$unix(r1, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000004c0)=""/101, 0x65}], 0x1}}, {{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f00000000c0)=""/130, 0x82}], 0x1}}], 0x2, 0x40002023, 0x0) io_submit(0x0, 0x0, &(0x7f0000000600)) r2 = socket$unix(0x1, 0x2, 0x0) bind$unix(r2, 0x0, 0x0) r3 = socket$unix(0x1, 0x2, 0x0) connect$unix(r3, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r5 = getpid() sched_setaffinity(r5, 0x8, &(0x7f0000000200)=0x1) read$msr(r4, &(0x7f0000004300)=""/102400, 0x19000) setsockopt$SO_TIMESTAMP(r2, 0x1, 0x23, &(0x7f0000000080)=0x6, 0x26) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r6, 0x0) r7 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0xa83b, 0x10, 0x2}, &(0x7f0000000340)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) recvmmsg(r1, &(0x7f0000003f00)=[{{&(0x7f0000000240)=@pptp={0x18, 0x2, {0x0, @remote}}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000380)=""/164, 0xa4}, {&(0x7f0000001740)=""/4096, 0x1000}, {&(0x7f0000000300)=""/3, 0x3}, {&(0x7f0000002740)=""/194, 0xc2}], 0x4, &(0x7f0000002840)=""/211, 0xd3}, 0x2}, {{&(0x7f00000005c0)=@in, 0x80, &(0x7f0000002940)=[{&(0x7f0000000480)=""/25, 0x19}, {&(0x7f0000000640)=""/8, 0x8}], 0x2, &(0x7f0000002980)=""/5, 0x5}, 0x3}, {{&(0x7f00000029c0)=@isdn, 0x80, &(0x7f0000002d40)=[{&(0x7f0000002a40)=""/176, 0xb0}, {&(0x7f0000002b00)=""/213, 0xd5}, {&(0x7f0000002c00)=""/47, 0x2f}, {&(0x7f0000002c40)=""/77, 0x4d}, {&(0x7f0000002cc0)=""/80, 0x50}], 0x5, &(0x7f0000002d80)=""/4096, 0x1000}, 0x5}, {{&(0x7f0000003d80)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000003ec0)=[{&(0x7f0000003e00)=""/90, 0x5a}, {&(0x7f0000003e80)=""/33, 0x21}], 0x2}, 0xbf9}], 0x4, 0x40002040, &(0x7f0000003f80)={0x77359400}) ioctl$TCSETS2(r2, 0x402c542b, &(0x7f0000000040)={0x7, 0x101, 0x8, 0x1, 0x6, "5df0d1d1c466b976038d249aa10fcc21df3cbb", 0x6, 0xba8}) syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r6, 0x0, 0x0, 0x0, 0x80000}) io_uring_enter(r7, 0x3516, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vim2m(0x0, 0x7, 0x2) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, 0x0, 0x0) r10 = socket$nl_generic(0x10, 0x3, 0x10) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000004040)={0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$nl_generic(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=ANY=[@ANYBLOB="20100000080000000000fd0000000400018008000200", @ANYRES32=r11, @ANYBLOB="b9640460b166a9e4d5e5d5441a9bbd2b775c9d9efe2ed780c0225c3690203a736f9014c5905f23cd3fb83dc74aff2b09668df5d9da85b251c82e8a40013b1469ba11695845c55f3b935da9e389eb58de53d20d99cc5d7bbeb686315cb988a555be1286c5a1fc3fe977fe78d743ddb7d0ac9d01b0788963642b11698da15680a89389a534d00640a19d964fb5a47e7385b18464a3038a437e3ad4f34e41e5b0ac3f40424f8c8c38206945fb37e748abcab7772fd7e792ee55253e68200026cf718d4e2821065acc3d556a690f42a0db6d590262c0822b40e07ed3024b44d0d44f164c9efd79b7325c81b7b17ebadc247999e1089b4488c7fd78b867f1990ce1733b8ce7ef22e0be572587bdfb9ab09aa48f9456a562fc4f3f021430217fee8c19d11cfa39209c6d8fd69e6cd483d5bd9527a8ef486f06636e3e2648fb0a3eb32e3974ed7f71931396546592cb8bdf6fedb5ae5bd21760cabab6c5d60bf315fafd663db6181dd3b5060cf908f2e6d2e7ccca88d5655013ba8a7d46f1b5f0c90648580f2b9cef36f6ee44042532763a68130fc482030f6276cc624a575fef2b80b8f4f37b917aae968393da6b90263428c7550137ed209b09b27d56bc83de69b6c8d9af52b61e98639724be7eb6e0f7f1a329a9876e0d3b88d47e57338078a20c64b6ffb95aae1ca110f72eae5a9ba5c97b786047d58facc8c66620cf997511fb1fa1ef27238179cbe5e19c189a66c7f2b82ff185fc9563e15c66c61480464972d81864fc25940d5d0b8894bf99173565e8b635752d8e6039f3d0d1cee8c4140c14a2a19eae95ab4faf075e3e39dfdc1ea44c7b368b05cdafdbdbfedc816a98102852b90e0d39c145a09f8b0af1a6b041715903dbb547f4547629693098122145565ddf4d65c473e0f942ba0d3cb51cd26cd64ee80521a287be1ccf45276d8ba32224791dc7c86e9d0a2a0b2de04a4709d38b018d47eef56c4c0ac5362418cc8ae7dadbc7d8e95f8481b1f52d006195396265da60ca4081fd8ea98e4b1f0c60a0852dcede57744edc266acd0dd8feeb28bde81aa3bce5f19bdbe4ea7cef404c5108bbbbafd461c7cd320c6158b6e120dbb396d1c70eb56fcef02449bd19c136397f0658138b5661a137c7cfd5572121b7cbda7b247e51d5eddcde8adf0369ec857b345432eee4c1bcbbaa825089c4e98ea5f5ab3ce2375ca8c8686e4fd845c0505930346a586cc324d56298f97631043da0bda85f7109880047b5cfad89df33ca138e543dfc51b4842a15953db46ecfb76dff4c28bd6c28e21f1f8bb5187a684b0be0c3ce5a993438dc24ae9bd106dc7859d1804c3528932854d0011620f545446f11411aaa1ba4fc794613b71df7ff99556faf4117eca4ea01c8a3ab1ec967de91719177500137704192cec0c2597574b04aafd2eebaeb1a3e70c12dfc037ea41cb063ab1d6b7b752fb6507aa3246914a60af2a8d06f6b7a4a88c9e4361f97e9b463e987e5a71807f3afa2ff9e10b3da62298ec720c7de351f8ffa504df92d856dcb94d5d39bf2e6e50a8ce57ba83267fedc7c29c19bad8822dc7a1cc59ac0082f941ccfbd5c03428a648108b69f3879804bb530ffbc4e208a9b77193fc0a4dd5504b9cdf47f679389db7469c5bf451b80480381cc5c8ba855fce47e02c87ae45a0e9dfabd68bcd8e97d5ec494f5980c9886174fd327491013da003006691705ca13e08e86f66d34c7e0dbf2bcd136b69d73ecf7619f6f1b26e276abc93f3c56f635bd15058acd9d2cbbd6df603b9cd3b5e05a9798f288f68c11d8f52d4dfd97992a68779b5c57f645499da178430d52301e3eab9a12d7c780f5ed759370af50ee82d1cb922ff4ed2c3fb5c946cc58fa4f8fc3b3c867a4a6b081fbc10cfeb138073108e53b6ea305a0ed9dd24e3921eb6e886e51bac537cecbd0877c25c8f93b23b98c508b8968df94843430fde675749f005b2b842d2bf366d4229acaecd9b87fd85f4186615d86e75a71ce3a617770b8d029381fca6c447213bb77d3b245c04fd47af2658d194653d84c6d42eb5720da054a80321a11844058cc360a5545f23dccf16fbc974b1e72acd477610ba7b7c3727251980ef7b4e9978d65d1f09b4945f2b1e94816249a31bb202a1999f6aa55425d7a812e6decbdb871ee5ac887a8b479aeb431cd2a651a3baca9fc0ac6566919769d9f2e85abc64660be97bd877d637238e8c73f0f500d93ac0a6c920904bf9ec3e9b73619f6b5d0ead493adaaea6be10614b4ffd7e6397e42bd1b81736183b704f79f2789e275611a9ad6cdde3d9cd2348bbc353b67851b4b2ba08edca04615615cc0f604b2675e696b5095cf2ad7898841d29d351fa309d4c0ab7dc63be20d9f7f0865977d16e2aabec868e7e43b4ca6fcd412b0514ffff93620061a439dcbfe3c8d13163c23cdf4120803f486b5f6d508dc355d9be9c26182d643cec53ef3fdf02c0ab7d6b9eac6133705e8fcbc7c4067d000a280905d005324170b1b9249737d46d3be7997153923f3947d50b8f33d1be33e06576a1b7c06e3f3d51f2fcbc881dc7add3e3f1b6bb2131310906949a8fc940d624d8ba2391c8fce7425f150699988375a3533843f764aa9e8ff397cb3c97384d446b28baf4b102f805fcac5789f063df564f712736f0b18190c8beb2e9f53f71ecf2b120392dee41f0e5bda7ece9e93fdbc5c7291de9b50decb2218e1f48cb4e330f11d27af37a88f1fb99b3c51a87744e5a19ecbe0be5db6ce6debf3dbeeac6a376ab3b5f9f8e953556da99d61c20be17b21d67b1efe1a423dfd291c8ac5f5f2abc058fdf2f97e77948710225a360829c36f0b5d2b6faffb4e9e9d3584528a919f312ab90174ae75a1cde5b560313d4415944bd5d3056ad85af00d3bd90b5f1a1152e4837c0e4ab4575603736f35f5c247af3752875c29e612ec203b8519289950ea1392cdbdbacbd303dc9b400b8bc14be419070b0d2b18b918a23ab1afacd18bf053ae580f40533e4297f735f7e17191fe23790a1397d735d8787aaa6c31a210a0a4bb6f7ad16e82260288ceced9a2e4168bd19b4f6662838194c3450dade30b4f087dfe70a4549e69e501992aa5aa9901dcf2ba5ce293fb00c0aff1507f5d7d64e35ce66132be398571e29303788edf99854d8cc6d727ef28a1355996fd7366976c011cacdbba88535f85dc80caa75a0929c34d87c9a84e1d1051f4f76b27cccc44cb09a836ebde5c3d1c3de9e907a782dbe9816a5c93b1ee74e28972e28f93148d82f5d920ad7526ef49c8ec219c3dde47f68c7f03d1694e2b0b4fa59291ab0910ba29ca2aef2406e9116790d0fe523bb127cad2a6b7875044436b40ae0c52a9e56c2b221846aa038b1f80856d2669a12a76a1ec8d900c317fb2db73fe38dcad7b295dfee9b60600a1fa56254a6fe22b0b57cf838b62d8cbcfff1ddb30262e874fa86169c48c53d4ea2d4b7c68e3178f8e7ec8a759a48e1b1cae751dffec5c24b02702eadd425dc1795fb52f46e45590d75367ff7b3e4a24b411368a2147baf29c172b71e6e683caa66fd4ed94b9cfd9284b9d6c8ba6dda13553119164fb997730d9faf617e862e95a61fa6b3b50c86a97248a665e0459c94f180bea5420725a37d5e26bbdb1015b8cd5a595535eb16a8fab810f1b5dab9e42790fbedfcc5c95db39ef0af697587a70854158cf5601b7673b29d9c5798dc13b6e63f221702f7df4b29c794847846d06a475a985c3a09d7eb97295fa7337b73e642be09f7f784d24a785eca1e5e60fa4efe8d03645e713ff028686e4fba3263c26137ebe9a5af5bed814894e5f66b4670f0aa99d7c0b478e5ab58c817da4f50e9cddf84ef4d46a3ee78e08fb97e6261352a6578f90eb809ebb3b99c1121ad63b23cce7d15684fa4c47cd386efd654cad83df0f2d065d46c4376791d36a67178deb7d82d19f09d85726bb41c12910c2a3ce7eb73cfdfc766aeb35dd8912e822994bb27ac9b9b4abc67e86bc25988acbabe31c837834baf7a8c49bb992addaa290e66ca309baf51d6cab585dcaa4b10a241ffad96639d5865829c1b8b345b569cc657dac7f9b23458270e460c4a3d5cbde79574cf9c8f20b66761cf80dfa35f94f9017573818d82e20739292436f99270007504d7cdd5dbf43b12688bd0a34121af4957a61e24ff8ce29cdb17608028d37a3b7e47d10d50b1d88abbb40d6afabf8d350b9b5ef25f0b4ba7dced32c802f158f224b1eb796fee1e0d41b9807c866d8eec6a48f6b3d67aafcb92450c712bcd092481656b4828f511bca599b46c9344bca5f10365c8dadee25a12b1d263e5245d868e665e82f98571fce15e64f442d7118eb7da49922ac9e6cd5121fe7d362814f7bf85e1f4a8cfe2e7d01fb6fbc3fdce16d3dcb3227560fd43582a01577801265d3005dd8931e680917e303a745e65e36b05ed400b1065f5320d8a1162f0fcac6d1b9fd4706bb690dd643641e6d25e4ea63ac6d6c232ae049e1daaa0e55c2cef4266ab5e98267d9a183aef0ef0edca010c5301ad97239f933bb1d201684a4975c4c64d16299b634f702932a03ca3dfb9b96d854ad8ecabeb902f402c543b6506d7cd57d558da4aa275077410ae4bf93406fc1ca9704bba566cc75017f166c55c0bffce9777e3d6a30829e20f4ee4ee3e41107b1b1a9416866a519b802fb30445673fc8d41a41b07a4b123a9c21c4dee22d0b7db39536d80e527c9accc75577f186f7b0e9019c068da06962539bd0f854e364d4fe21996d3cc67ebff61bc6ac2bbf19b432878eb8e766608ec082d056c8fe7a4a066b1eb44244ad80d136ae9b4dcedec5cd0761bf19530a9ea8a38c85b7c409b73b1f2cd39f0c9fbdbefe91908006ddce02763cbee7c03748884b0e6a83a972f24ab07ee1332fe4d52a1f932fc9ae92c69f05fcb62baeb6f63d67f500a1508cbfff4a71c261858c73700cea9b653e790a046b8f540dbb10fee38be924667c5b5ee5583ad173cb993e7db31e5c6e48eeb9e2757486cccef897f35913161ea3b21de39704d6637e1f9a6228126f29ac88e1787bdc6ca1421e6ef68adf304940f29ecb23258d5847284502af131dc106eef6e7138344d5401c0d175324e4645bcffe64bf7c4bd22fe575e38f68ea2ce648d01d2726bb29e250232c995083521cb27f7d0d5671030a2842f2a5a72ddd4764d8dcfff080b133a30285240dc01a05a92867e7d1488c7a74f90beecba18d6759fbabd3ef1fbb7f1c56b972fc5fa763d380f077e729f24fea38a0005c24b7b3af407b8c970f82b1602f498875768acf9be2c1bf6bf1e82928c8592e54917dbce051306af1129fd5bbce5a425b3931aff55fcc370993e22b65c1d43fa8d876cd27b9e71bc5d4f9beba983f5b8d2f58c15a8c41160517b28ea0f9f04da298dad4e0c8478efa44468ca0cfc71607cc189721c3ba6517c80cc0924ac331efd61806a8d7e7a57dd7f25fcb48f34e985724bd23887732cde9a19c90240e8e2880e0541a676658961f440c01f4b4d87da72b3d5163fab13dbd157b8dd042dfada5ea91e59699bebdd0cc2544b464b774995ae8c5186e03d7fee33dde7fd9eaac0f4711b68229f3fe6ee8e5dcd894ece71084e24c482d45412bd62a3f1272702f181ec12806188f30de9062cebabb70571523320db5bb9a40e95420324165f813b345699558ea237e8544f2c7d16be5b41c6587641b705d3e901f3f836accebd2eb301f6df7d5f8f5f1641963ee0cd29a3c71e9bf627a660d0904ee83e4b7c28b46ddfb97f9824dcc30b67974de61e55e4"], 0x1020}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094) 5.215735658s ago: executing program 0 (id=2614): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000003b00)={0x0, 0x0, &(0x7f0000003ac0)={&(0x7f0000000000)={0x34, 0x2, 0x3, 0x3, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x1}, @NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x28}}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000001}, 0x4044004) 5.155363589s ago: executing program 0 (id=2615): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={0x3c, r6, 0x1, 0x0, 0x8000, {0x34}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x73}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x3c}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r7, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r4, {0xa, 0xffff}, {}, {0xfff3, 0xe}}, [@filter_kind_options=@f_flow={{0x9}, {0x1c, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_PERTURB={0x8, 0xc, 0x6}, @TCA_FLOW_KEYS={0x8, 0x1, 0x18d34}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x200008c2) r8 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000180), 0x20802, 0x0) writev(r8, &(0x7f0000000040)=[{&(0x7f0000000000)="cfe9ef6d6ee1d433ba73a5ddf753c74ac91bc34a934afacb0751028db60a", 0x1e}], 0x1) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@multicast, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0xfffffffffffffffc, @remote, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r8, 0x6, 0x1f, &(0x7f00000000c0), 0x4) syz_emit_ethernet(0x14a, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0000000000000800440e013c006500000d01907864010100ac1414aa830b81ac1414aa0a010101008640000000020610822fd66f744f903859d47b9e644c001236f51297effb8daccadc5006fe7a6371060a50bbe65420e6fc07020ea2fe67f326e91548a04b97ac0100863cffffffff0510d0785aac22004da8f6a7d480b11f050207076e7bf1926b0602060cf9583e219b1041b25f46000f042d8d01717e2cf74346223598010100442c8580030000000000e5f40000008d0000000400000ff100000769000000040000000000000001000000010000000303907800030001490c04000064000901f207ffac1414aaffffffff07278164010102000000000a0101017f000001ac1e0001ac141417e0000100000000ac1414aa4414ceb1ac1e01010000427dac14140b00001000071308ac1414aae00000027f000001e00000013600"], 0x0) 5.025566335s ago: executing program 0 (id=2617): r0 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$IP_SET_OP_GET_BYNAME(r0, 0x1, 0x53, &(0x7f0000000040)={0x6, 0x7, 'syz1\x00'}, &(0x7f00000000c0)=0x28) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x5, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x3000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) syz_genetlink_get_family_id$smc(&(0x7f0000000300), 0xffffffffffffffff) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000003a40), 0x41, 0x0) ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000000)={0x6, 0x801}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, 0x0, {0x5, 0x10}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_MPU={0x8, 0xe, 0xb0}, @TCA_CAKE_AUTORATE={0x8, 0x9, 0x36}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x91}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000280)=ANY=[@ANYBLOB="004c60193afae3a3409f00e6c55155000000000039c654b0a979404be5c562a7fd63416f59781242f284ff07000000006d913ceddbe45d269dba7fb69a000016de6f778fcaa5a773b152259dc7e51e198f9ac92d75cdc57111020b52a62c65638d318ceff034cbd75f1d966b3c7cae4fb5248487af38dd649b209bd015680b"]) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000540), 0x3c) setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f0000000040)=@ccm_128={{0x304}, "8d1741bef71a2b96", "c6fe0d671846cfeb9832d9dead65eae6", "bf04be57", "cde471b460208b74"}, 0x28) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xbb, 0x0, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}}) r6 = socket$kcm(0x29, 0x7, 0x0) getsockopt$kcm_KCM_RECV_DISABLE(r6, 0x119, 0x1, &(0x7f00000001c0), 0x4) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x8000000000000035, 0xfff, 0x0, 0x40180, 0x5, 0x14, 0xf2, 0x3, 0x7fffffffffffe, 0x5, 0x5, 0xc6bd, 0x566, 0x45, 0x5, 0xbdb], 0x4000, 0x100800}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}, 0x1, 0x0, 0x0, 0x800}, 0x4000000) 4.688001814s ago: executing program 3 (id=2620): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x2, 0x100000, 0xd, 0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x1}, {0x0, 0xeeef0000, 0x3, 0xfb, 0x0, 0x0, 0x0, 0x0, 0x8, 0x9, 0x8}, {0x3000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x8, 0x3, 0x0, 0x4}, {0xdddd0000, 0xffff1000, 0xc, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x1, 0xffff1000, 0xf, 0x2, 0xfe, 0x10, 0x6, 0x0, 0x1, 0x8, 0x4}, {0x0, 0x8000000, 0x0, 0x0, 0x0, 0xfd, 0xfb, 0x0, 0x2, 0x6}, {0xe000, 0x5000, 0xa, 0x0, 0x7, 0xf9, 0x0, 0xfe, 0x3a, 0x2, 0xff}, {0x3000, 0x3000, 0x0, 0x2, 0x0, 0x54, 0x7, 0xfd, 0x2, 0x0, 0x0, 0x5}, {0x8080000, 0x400}, {}, 0xddf8ffdb, 0x0, 0x1, 0x100, 0x8, 0x8000, 0x2000, [0xdd41, 0x0, 0x2, 0x40000000000d]}) ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f00000002c0)={0x1000, 0x4, 0x2, 0x5, 0x50}) r3 = syz_clone(0x100b300, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000001c0)={0xa, 0x4e21, 0x4, @empty, 0x3}, 0x1c, &(0x7f0000000300)=[{0x0}, {&(0x7f0000000240)="590fe0e794235d7b86c1341163c4d6c5ce1a46f51b509c0b163a0f266c9be7ccdafc0b7a01fb92a1fdf5386e83f22cd126ceee9ff1a054a927226a2a848029c386f128cffad87a2b4156f98603f19ad01c68eb88b2aead56ebae82b6033b454d88bdb5bbfc1b35a462dbffb71ab0348fa203d978c1ad4ffcf5b8dd60f8fa2a495931661e9d9e4164efce98621ca7543fe5e468", 0x93}], 0x2, &(0x7f00000003c0)=[@pktinfo={{0x20, 0x29, 0x32, {@private2={0xfc, 0x2, '\x00', 0x1}}}}, @tclass={{0x10, 0x29, 0x43, 0x5}}], 0x30}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x3, 0x0, 0x0, 0x0, 0x2}, 0x94) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x8001000000000000, 0x40, 0x0, 0x0) r4 = socket$vsock_stream(0x28, 0x1, 0x0) listen(r4, 0x0) r5 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r5, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) sendmmsg(r5, &(0x7f0000000d40)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000240)="e9a4ea8d246a02fb3d7b6d", 0xb}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x4008) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/150, 0x96}], 0x5}, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) r9 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB], 0x1c}}, 0x0) fcntl$setpipe(r8, 0x407, 0x0) write$FUSE_INIT(r8, &(0x7f0000000340)={0x50, 0x0, 0x0, {0x7, 0x28, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0x50) mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xa8\xc4\xd2o\xae\xb4W`\xfd\x196\xa0Rd\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7', 0x42, 0x1f0, 0x0) process_vm_writev(r3, 0x0, 0x0, 0x0, 0x0, 0x0) mq_unlink(0x0) vmsplice(r8, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0) 4.459474342s ago: executing program 0 (id=2621): r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc) r1 = syz_io_uring_setup(0x49b, &(0x7f0000000380)={0x0, 0x4661, 0x400, 0x7, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r4 = syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x3416, 0x13100}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r4, 0x2def, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}) io_uring_enter(r1, 0x40f6, 0x29a7, 0x0, 0x0, 0x0) (fail_nth: 3) 4.21603369s ago: executing program 0 (id=2622): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000880)=ANY=[@ANYBLOB="340100003600020028bd7000fcdbdf25ef2c04e39bf75096de5a2960042a80d377b9ec8325e2f932185c1ce10ba88585033dab08b75ee83cc7c991e40e8d7ec2ca3c467904000080c0e2d76ece076559a7ae9c17c74313f02c4bf9fdb9ba7a6fff45147d7a97f86a0af4da9eecb85d44cd5ad7bf94f115ef155af58968317b913561529a361a6f17d26d013ecc0965eb61a798d126ce5084386ab99115f91a0085fa683e11e4e0bad746d874a00800c300e00000017c00fe8075003b009c89a3b4eb4bd8afb544aa6509ad0948c30fe6658b93b6035a9f51bc0bd9364fdc8a3a58243b8dead7faf4f4affeb9a150ffb22a6f62ce2f8501bfc737453cd8945ad7ead9024b26a69a6d882fd2cede3ad9c4b0588108100b000000000000006cc2498aed0110fcaaf22476980b7b7e850000000000004778f4d1c9446c76fc2f6027953cb972c81a0459fd3a23df1bdb68e3d483eb"], 0x134}], 0x1, 0x0, 0x0, 0x40000}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000001c0)={0xfffffffc, 0x5, 0x0, 'queue0\x00', 0x10000}) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) socket$netlink(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', 0x0}) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000140)={r3, 0x1, 0x6, @local}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x4000814}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='net/vlan/config\x00') read$FUSE(r4, &(0x7f0000003940)={0x2020}, 0x2020) getpeername$l2tp6(r4, &(0x7f0000000480)={0xa, 0x0, 0x0, @mcast1}, &(0x7f00000004c0)=0x20) getpid() r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0x1) ioctl$TCSETS(r5, 0x8926, &(0x7f0000000280)={0x9, 0x5, 0x5, 0x10007ff, 0x0, "87d69053b80a046800"}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x910ec27568a00e35, 0x40000002, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000851000000100000095000000000000001800000020646c2500000000002020207b1a00fe00000000bda100000000000007010000f8ffffffb702000008000000b703000000000000850000007600000095"], &(0x7f0000000180)='GPL\x00', 0x9}, 0x94) 3.722098531s ago: executing program 1 (id=2624): r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc) r1 = syz_io_uring_setup(0x49b, &(0x7f0000000380)={0x0, 0x4661, 0x400, 0x7, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r4 = syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x3416, 0x13100}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r4, 0x2def, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}) io_uring_enter(r1, 0x40f6, 0x29a7, 0x0, 0x0, 0x0) 3.535727919s ago: executing program 1 (id=2625): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000240)=@sr0, &(0x7f00000012c0)='./file0\x00', &(0x7f0000001300)='gfs2\x00', 0x0, &(0x7f00000035c0)='quota') write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x9d) ioctl$SNDCTL_DSP_SETFMT(r0, 0x40045010, &(0x7f0000000300)=0x100) 3.528932665s ago: executing program 3 (id=2626): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000240)=@sr0, &(0x7f00000012c0)='./file0\x00', &(0x7f0000001300)='gfs2\x00', 0x0, &(0x7f00000035c0)='quota') write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x9d) ioctl$SNDCTL_DSP_SETFMT(r0, 0x40045010, &(0x7f0000000300)=0x100) 2.894993164s ago: executing program 3 (id=2628): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x15, &(0x7f0000000400)={0x3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$int_in(r0, 0x40000000af01, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000340)={0x1, 0x6}, 0x8) r4 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$sock_cred(r4, 0x1, 0x11, 0x0, 0x0) r5 = syz_genetlink_get_family_id$gtp(&(0x7f0000000300), r4) r6 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r6, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="400000001000370400000000fcdbdf2500000000", @ANYRES32=r7, @ANYBLOB="890c0400000000002000128008000100677470001400028005000500"], 0x40}}, 0x0) sendmsg$GTP_CMD_DELPDP(r4, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002cbd7000ffdbdf250100000008000200010000ef08000100", @ANYRES32=r7, @ANYBLOB="05000d002700"], 0x34}, 0x1, 0x0, 0x0, 0x8004}, 0x4) r8 = fsopen(&(0x7f0000000280)='btrfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0) 2.666257806s ago: executing program 1 (id=2629): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x24, &(0x7f0000000080)=0x9, 0x4) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000001980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/26, 0x11}}, {{0x0, 0x0, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/47}, {&(0x7f0000000100)=""/224}, {&(0x7f0000000200)=""/4096}, {&(0x7f0000001200)=""/124}, {&(0x7f0000001280)=""/60}]}}, {{&(0x7f0000001380)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x0, &(0x7f0000001840)=[{&(0x7f0000001400)=""/149}, {&(0x7f0000001b00)=""/118}, {&(0x7f0000001540)=""/188}, {&(0x7f0000001600)=""/57}, {&(0x7f0000001640)=""/135}, {&(0x7f00000014c0)=""/101}, {&(0x7f0000001780)=""/171}], 0x0, &(0x7f00000018c0)=""/176}}], 0x15cbc1ab4c0933f, 0x0, 0x0) 1.838227789s ago: executing program 3 (id=2631): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=@newtfilter={0x30, 0x2c, 0xd2b, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x1}, {}, {0xe, 0x1}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x893}, 0x20040084) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x58, &(0x7f00000001c0)={&(0x7f0000000780)=@newtfilter={0x38, 0x2c, 0xd2b, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x1, 0x6}, {}, {0xe, 0x1}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_MASK={0x8, 0x5, 0x8}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x893}, 0x2404c084) (fail_nth: 3) 1.747470165s ago: executing program 3 (id=2632): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) syz_io_uring_setup(0x49a, 0x0, &(0x7f0000000340)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, 0x0, 0x0, 0x4) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x8090) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r4 = getpid() getpriority(0x1, r4) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)={0x424, 0x0, 0x4, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x800, 0x28}}}}, [@NL80211_ATTR_TX_RATES={0x1cc, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc0, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HT={0x48, 0x2, [{0x4, 0x6}, {0x7, 0x6}, {0x4, 0x5}, {0x7, 0x5}, {0x0, 0x3}, {0x3, 0x6}, {0x3, 0x5}, {0x1, 0x2}, {0x0, 0x8}, {0x4, 0x9}, {0x0, 0xa}, {0x6, 0x8}, {0x7, 0x3}, {0x6}, {0x4, 0x5}, {0x4, 0x3}, {0x6, 0x8}, {0x7, 0x2}, {0x7}, {0x0, 0x1}, {0x5, 0x8}, {0x7, 0x7}, {0x6, 0x5}, {0x2, 0x8}, {0x5}, {0x6, 0x3}, {0x6, 0x4}, {0x6, 0x4}, {0x2, 0x3}, {0x1, 0x8}, {0x6, 0x6}, {0x2, 0x9}, {0x1, 0x3}, {0x5, 0x9}, {0x0, 0x9}, {0x4, 0x2}, {0x2, 0x9}, {0x3, 0x7}, {0x0, 0x3}, {0x0, 0x2}, {0x0, 0x6}, {0x3, 0x7}, {0x1, 0x9}, {0x1, 0x8}, {0x6, 0x2}, {0x7, 0x7}, {0x3, 0x4}, {0x2, 0x5}, {0x6, 0x5}, {0x2, 0x7}, {0x5}, {}, {0x3, 0x7}, {0x7, 0x2}, {0x1, 0xa}, {0x6, 0x8}, {0x1, 0x1}, {0x5, 0xa}, {0x5, 0x3}, {0x0, 0x5}, {0x0, 0x8}, {0x5, 0x7}, {0x4, 0x3}, {0x3, 0x4}, {0x5, 0x8}, {0x2, 0x1}, {0x7, 0x6}, {0x1, 0x4}]}, @NL80211_TXRATE_HT={0x47, 0x2, [{0x5, 0x4}, {0x6, 0x2}, {0x7}, {0x3, 0x8}, {0x2, 0xa}, {0x0, 0x8}, {0x5}, {0x5}, {0x1, 0xa}, {0x1, 0x9}, {0x6, 0x4}, {0x7, 0x1}, {0x7, 0x4}, {0x5, 0x5}, {0x4, 0x7}, {0x3, 0x2}, {0x7, 0x5}, {0x5, 0x1}, {0x0, 0xa}, {0x6, 0xa}, {0x3}, {0x1, 0x2}, {0x5, 0x4}, {0x1, 0x7}, {0x3, 0x9}, {0x7, 0x1}, {0x0, 0x7}, {0x5, 0x8}, {0x3, 0x7}, {0x6, 0x1}, {0x4, 0x8}, {0x5, 0x3}, {0x6, 0x7}, {0x5, 0x9}, {0x7}, {0x6, 0x8}, {0x1, 0x9}, {0x7, 0x6}, {0x3, 0x6}, {0x3, 0x8}, {0x1, 0x5}, {0x0, 0x1}, {0x5}, {0x4, 0x4}, {0x2, 0xa}, {0x4, 0x4}, {0x1, 0x9}, {0x3, 0x2}, {0x5, 0xa}, {0x2, 0x2}, {0x1}, {0x4, 0xa}, {0x4, 0x1}, {0x2}, {0x0, 0x2}, {0x1, 0x1}, {0x0, 0x5}, {0x6, 0x6}, {0x0, 0x9}, {0x7, 0x5}, {0x1, 0x9}, {0x3, 0x6}, {0x2, 0x4}, {0x5, 0x7}, {0x5, 0x4}, {0x1, 0xa}, {0x1, 0x1}]}, @NL80211_TXRATE_LEGACY={0x19, 0x1, [0x36, 0x24, 0x48, 0x12, 0x9, 0x36, 0x6, 0x24, 0xb, 0x6, 0xb, 0x60, 0x30, 0x0, 0x18, 0xc, 0xc, 0xc, 0x24, 0x1b, 0x3]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}, @NL80211_BAND_5GHZ={0x44, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x24, 0x1, [0x4, 0x2, 0x6c, 0x2, 0x5, 0x9, 0x30, 0x4, 0x1, 0x24, 0x1b, 0x6c, 0x4, 0x9, 0xc, 0x48, 0x24, 0x48, 0x1b, 0xb, 0x3a, 0x2, 0x5, 0x9, 0x1b, 0x1, 0x30, 0x6c, 0x1, 0x9, 0xc, 0xb]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0xc716, 0x1, 0x4, 0x400, 0x7, 0x3, 0x1]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_2GHZ={0x74, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x5, 0x4, 0x5, 0xc2ba, 0x8, 0x1000, 0x1, 0x965]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x2a, 0x2, [{0x6, 0x3}, {0x0, 0x4}, {0x5, 0x3}, {0x7, 0x9}, {0x6, 0x1}, {0x7, 0x6}, {0x6}, {0x7, 0x6}, {0x6, 0x3}, {0x1, 0x6}, {0x6, 0x7}, {0x2, 0x4}, {0x4}, {0x7, 0x7}, {0x6, 0x2}, {0x5, 0xa}, {0x5, 0x8}, {0x2, 0x4}, {0x4, 0x4}, {0x6, 0x1}, {0x1, 0x3}, {0x3, 0x9}, {0x6, 0x6}, {0x3, 0x6}, {0x1, 0x3}, {0x1, 0x1}, {0x3, 0x9}, {0x4, 0x8}, {0x6, 0x4}, {0x7, 0xa}, {0x4, 0xa}, {0x1, 0xa}, {0x4, 0x5}, {0x2, 0x9}, {0x0, 0x4}, {0x4, 0x7}, {0x3, 0x1}, {0x2, 0x2}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_LEGACY={0xd, 0x1, [0x54, 0x5, 0x30, 0xc, 0x8f0b3064ac857d2b, 0x16, 0x36, 0x3, 0x24]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_2GHZ={0x50, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x2e49, 0x0, 0x5, 0x6, 0x0, 0x7, 0xdf, 0x24]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x4cda, 0x5, 0x5, 0x599c, 0x6, 0x3, 0x1000]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x6, 0x8001, 0x9, 0xb, 0x9, 0x4, 0x401]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}]}, @NL80211_ATTR_TX_RATES={0x164, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x3c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x6, 0x2, 0x8, 0xfffe, 0x9, 0xf8b, 0x1, 0xfff7]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7f, 0x3, 0xd, 0x6, 0x6db, 0x9, 0x5]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_6GHZ={0xf8, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x42, 0x2, [{0x7, 0x9}, {0x2, 0x4}, {0x0, 0x1}, {0x3, 0x9}, {0x7, 0x2}, {0x5, 0x2}, {0x4, 0x6}, {0x5, 0x6}, {0x5, 0x4}, {0x0, 0x9}, {0x6}, {0x3, 0x4}, {0x7, 0x2}, {0x7, 0x6}, {0x2, 0x4}, {0x2, 0x4}, {0x7, 0x1}, {0x3, 0x1}, {0x1, 0x7}, {0x0, 0x7}, {}, {0x3, 0x9}, {0x4}, {0x3, 0x9}, {0x3, 0xa}, {0x0, 0x3}, {0x4, 0x1}, {0x3, 0x2}, {0x2}, {0x4}, {0x7, 0xa}, {0x1, 0x7}, {0x0, 0x2}, {0x1, 0x3}, {0x0, 0x1}, {0x3, 0x9}, {0x7}, {0x5, 0x6}, {0x2, 0x2}, {0x5, 0x5}, {0x1, 0x6}, {0x5, 0xa}, {0x3, 0x9}, {0x3, 0x2}, {}, {0x5, 0x2}, {0x1, 0x4}, {0x6, 0x7}, {0x2, 0x7}, {0x1, 0x9}, {0x6, 0x1}, {0x5, 0x3}, {0x3, 0x9}, {0x1, 0xa}, {0x7, 0x1}, {0x7, 0x7}, {0x4, 0x9}, {0x0, 0xa}, {0x6, 0x3}, {0x2, 0x2}, {0x6, 0x4}, {0x2, 0x3}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x7f, 0x0, 0xa, 0x4, 0x1, 0x4, 0x9]}}, @NL80211_TXRATE_HT={0x1e, 0x2, [{0x0, 0x1}, {0x3, 0x4}, {0x0, 0x8}, {0x5, 0x1}, {0x2, 0x3}, {0x5}, {0x1}, {0x1, 0x9}, {0x0, 0x4}, {0x0, 0x4}, {0x0, 0xa}, {0x1, 0x6}, {0x4, 0xa}, {0x5, 0x6}, {0x0, 0x6}, {0x3}, {0x3, 0x6}, {0x4, 0x3}, {0x1, 0x8}, {0x5, 0x9}, {0x7, 0x1}, {0x6, 0x6}, {0x0, 0x7}, {}, {0x5, 0x2}, {0x7, 0x8}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x40, 0x2, [{0x7, 0x6}, {0x2, 0x3}, {0x1, 0x4}, {0x7}, {0x3}, {0x1, 0x8}, {0x7, 0xa}, {0x4, 0x1}, {0x0, 0x7}, {0x3, 0x9}, {0x4, 0x8}, {0x7, 0x2}, {0x7, 0x6}, {0x1, 0x4}, {0x4, 0x6}, {0x2, 0x8}, {0x7, 0x7}, {0x0, 0x1}, {0x4, 0x5}, {0x3, 0x8}, {0x0, 0x1}, {0x7, 0x6}, {0x1, 0x9}, {0x1, 0x8}, {0x6, 0x6}, {0x4, 0x3}, {0x0, 0x1}, {0x6, 0x9}, {0x1, 0x8}, {0x7, 0x4}, {0x3, 0x9}, {0x0, 0x6}, {0x4, 0x1}, {0x6, 0x7}, {0x2, 0x6}, {0x7, 0x6}, {0x3, 0x3}, {0x0, 0x2}, {0x1, 0x2}, {0x4, 0x3}, {0x4, 0x5}, {0x6, 0x5}, {0x6, 0x3}, {0x1, 0x6}, {0x2, 0xa}, {0x5, 0xa}, {0x0, 0x1}, {0x5, 0xa}, {0x3, 0x7}, {0x2, 0x4}, {0x7, 0x4}, {0x2, 0x10}, {0x4, 0x7}, {0x1, 0x2}, {0x7, 0x7}, {0x5, 0x4}, {}, {0x4, 0x8}, {0x5, 0x1}, {0x2, 0x9}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x4, 0x2, 0x3, 0x3, 0x5, 0x92, 0x3]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}, @NL80211_BAND_60GHZ={0x2c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_LEGACY={0x20, 0x1, [0x2, 0x1b, 0x6, 0x9, 0xe, 0x18, 0x3, 0x6c, 0x24, 0x48, 0x36, 0x12, 0x17, 0x2, 0x5, 0x16, 0x2, 0xb, 0xb, 0x6c, 0x3, 0x3, 0xb, 0x16, 0xc, 0x6c, 0x6, 0x48]}]}]}, @NL80211_ATTR_TX_RATES={0x98, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x58, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_LEGACY={0x20, 0x1, [0x12, 0x0, 0x9, 0x4, 0x1, 0x24, 0x56, 0x36, 0x48, 0xb, 0x60, 0x1, 0x18, 0x9, 0x36, 0x48, 0x30, 0x12, 0x2, 0x16, 0x1b, 0x3, 0x1b, 0x16, 0x18, 0x6c, 0xc, 0x16]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xf1, 0x1, 0x3, 0xe, 0x400, 0x829c, 0x5, 0xd572]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_5GHZ={0x24, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0xe, 0x2, [{0x5, 0x3}, {0x4, 0x7}, {0x1, 0x8}, {0x0, 0x7}, {0x6, 0xa}, {0x0, 0x6}, {0x3}, {0x5, 0x7}, {0x4, 0x5}, {0x4, 0x6}]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_60GHZ={0x18, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x3, 0x5, 0x7, 0x7, 0x4, 0x7fff, 0xf6c4, 0xa]}}]}]}, @NL80211_ATTR_TX_RATES={0x28, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x4}, @NL80211_BAND_2GHZ={0x20, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0xab, 0x4, 0x800, 0x2, 0x9, 0xa, 0x1, 0x3ff]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0xff}]}]}, @NL80211_ATTR_TX_RATES={0xc, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x4}, @NL80211_BAND_2GHZ={0x4}]}]}, 0x424}, 0x1, 0x0, 0x0, 0x800}, 0x1) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1d) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 1.715061201s ago: executing program 3 (id=2633): syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}, @m_ife={0x48, 0xb, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) r4 = syz_open_dev$cec(0x0, 0x0, 0x82002) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) ioctl$CEC_S_MODE(r4, 0x40046109, &(0x7f0000000080)=0xd0) r6 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) ioctl$SNDCTL_DSP_SETFMT(r6, 0xc0045005, &(0x7f0000000000)=0x1000) r7 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r7, 0xc004500a, &(0x7f0000001340)) sendmsg$kcm(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x2e}], 0x1}, 0x0) 1.367132385s ago: executing program 4 (id=2634): socket$xdp(0x2c, 0x3, 0x0) (async) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_qrtr_TIOCINQ(r0, 0x541b, &(0x7f0000000000)) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000002000000000000000000000085000000bc00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, r4, 0x25, 0x0, @val=@iter={0x0}}, 0x20) syz_emit_ethernet(0x4e, &(0x7f00000029c0)={@broadcast, @empty, @void, {@ipv6={0x86dd, @tipc_packet={0xe, 0x6, "d19d8a", 0x18, 0x6, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {[], @payload_conn={{{0x18, 0x0, 0x0, 0x1, 0x1, 0x6, 0x3, 0x2, 0x400, 0x0, 0x0, 0x9, 0x0, 0x0, 0x8299, 0x8, 0x1, 0x4e24, 0x4e20}}}}}}}}, 0x0) (async) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001100)=ANY=[], 0x0}, 0x94) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r6, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYRES16=r5]) (async) ioctl$KVM_GET_VCPU_EVENTS(r6, 0x4048aecb, &(0x7f0000000080)) 1.319141751s ago: executing program 4 (id=2635): syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x20002) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000014c0)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3, 0x0, 0xfffffffffffffffc}, 0x18) r4 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x484b1e3341a13be1, 0x0) fchdir(r4) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid_for_children\x00') mount(&(0x7f0000000000), &(0x7f0000000040)='./cgroup\x00', 0x0, 0x9001, 0x0) flock(r4, 0x0) r5 = socket(0x2b, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup2(r5, r6) ioctl$TIOCVHANGUP(r7, 0x8905, 0x1000000000000) setsockopt$MRT_INIT(r7, 0x0, 0xc8, &(0x7f0000000040), 0x4) openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) r8 = socket$alg(0x26, 0x5, 0x0) ioctl$KDADDIO(r7, 0x4b34, 0x6) bind$alg(r8, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160-generic\x00'}, 0x58) setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f00000000c0)={0x32, @dev={0xac, 0x14, 0x14, 0x43}, 0x4e21, 0x7, 'nq\x00', 0x2, 0x5, 0x52}, 0x2c) 733.517939ms ago: executing program 0 (id=2636): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x6}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x3}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x20000800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x35, 0x1, 0x4, 0x0, 0x0) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00') lseek(r7, 0x10000000005, 0x0) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x2c, r4, 0x1, 0x80, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r6}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x87}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$tipc(r8, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="340000001000010829bd7000ffffffff00000000", @ANYRES32=0x0, @ANYBLOB="2880cb19510c8054", @ANYRES32, @ANYBLOB="08001b0000000000"], 0x34}, 0x1, 0x0, 0x0, 0x5b4efbb362ec214f}, 0x7000000) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) 275.871152ms ago: executing program 1 (id=2637): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socket(0x2, 0x80805, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$qrtr(0x2a, 0x2, 0x0) r3 = getpgid(0xffffffffffffffff) syz_open_procfs$namespace(r3, &(0x7f0000000140)='ns/pid_for_children\x00') connect$qrtr(r2, &(0x7f0000002140)={0x2a, 0xffffffffffffffff, 0x7ffe}, 0x1d) r4 = socket$inet_udp(0x2, 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="300000003e000701fcfffffffddbdf25017c0000100036800c00020004000000000000000c00018006000600894f"], 0x30}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x100) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="9803000657616760dce35b0ba13e0b", @ANYRES16=r6, @ANYRES32=r5, @ANYRES32], 0x398}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r4, 0x0, 0x4ffe6, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="4eaa000000000000711017000000006420ff3f165bc7511f"], &(0x7f0000000480)='syzkaller\x00'}, 0x80) r7 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r7, 0x7a7, 0x0) ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r7, 0x7a6, 0x0) openat$binfmt_format(0xffffff9c, &(0x7f0000000340)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0) r8 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000040)=0x7) ioctl$TIOCSTI(r8, 0x5412, &(0x7f00000000c0)=0xf9) ioctl$TIOCSTI(r8, 0x5412, &(0x7f00000004c0)=0xff) syz_open_procfs(0x0, &(0x7f0000000080)='net/ip_mr_cache\x00') r9 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r9, 0xc01064bd, &(0x7f0000000000)={&(0x7f00000001c0)=';', 0x1}) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r9, 0xc01064bd, &(0x7f0000000200)={&(0x7f0000000300)='I', 0x1}) 257.179634ms ago: executing program 4 (id=2638): r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x1000) (async, rerun: 32) mmap$dsp(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x100000f, 0x11, r0, 0x0) (async, rerun: 32) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f00000000c0)=0x5) (async) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x2, 0x3, 0x0, 0x3, 0xe, 0x0, 0x4070bd2c, 0x25dfdbfc, [@sadb_key={0x3, 0x9, 0x80, 0x0, "1cdc0dca1d9f68846960e56de42944af"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x4e22, @empty}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x7, 0xc, 0x80000000}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xb}}}, @sadb_x_nat_t_type={0x1, 0x14, 0x6}]}, 0x70}, 0x1, 0x7}, 0x0) 210.883141ms ago: executing program 4 (id=2639): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x100) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='devtmpfs\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x21, &(0x7f0000000200)={[{@nr_blocks={'nr_blocks', 0x3d, [0x35, 0x30, 0x34]}}]}) 190.90812ms ago: executing program 4 (id=2640): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=@newtfilter={0x30, 0x2c, 0xd2b, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x1}, {}, {0xe, 0x1}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x893}, 0x20040084) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='devices.list\x00', 0x275a, 0x0) write$FUSE_NOTIFY_RETRIEVE(r6, &(0x7f0000000740)={0x30, 0x5, 0x0, {0x0, 0x2, 0x0, 0x1}}, 0x30) r7 = syz_open_procfs(0x0, &(0x7f0000000040)='fd\x00') fchdir(r7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000000), 0x1) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000007c0)=@newtfilter={0x4b0, 0x2c, 0xd2b, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x1, 0x6}, {}, {0xe, 0x1}}, [@filter_kind_options=@f_fw={{0x7}, {0x484, 0x2, [@TCA_FW_POLICE={0x480, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0x7, 0xc, 0x8, 0x0, {0x6, 0x2, 0x0, 0x7, 0x2, 0x7}, {0xf3, 0x2, 0x2, 0x3, 0x9, 0x3d}, 0x50, 0xf, 0x8}}, @TCA_POLICE_TBF={0x3c, 0x1, {0x2369800, 0x8, 0x1, 0x5, 0x10c, {0x52, 0x0, 0x9, 0x4, 0x7d, 0x6}, {0x4, 0x1, 0x3d2, 0xffc0, 0x7, 0x9}, 0x1, 0x8b, 0x401}}, @TCA_POLICE_RATE={0x404, 0x2, [0x7, 0x79c2, 0x80000000, 0x4, 0x3ff, 0x7, 0x2e69, 0x7, 0x0, 0x80000001, 0x9, 0x10000, 0xff, 0x40, 0x5, 0x1, 0x9, 0x3, 0x57e, 0x88, 0x4, 0x1, 0x0, 0x3, 0x4, 0x8, 0xd, 0x10000, 0x4, 0x5, 0x6, 0x4, 0x0, 0x0, 0x10001, 0x6206, 0x7, 0x8, 0x8, 0x3, 0x4, 0x6, 0x99e, 0x800, 0xff, 0xffff, 0xd5ea, 0x2, 0x7ff, 0x3, 0xfffffffa, 0x5, 0x7ff, 0xfffff42d, 0x3, 0x800, 0x2, 0x2, 0x5, 0x5, 0x4fb0c68d, 0x80, 0x2, 0x5, 0x9, 0x3, 0x382, 0xf9d, 0x2, 0x7, 0x2, 0x6, 0x100, 0x200, 0x4, 0x4, 0x10000, 0x8001, 0x1, 0x4fe7, 0x0, 0x2, 0x5, 0xfffffff9, 0x9, 0x6, 0x0, 0x0, 0x8, 0x0, 0x101, 0x100, 0x8000, 0xffffff16, 0x2, 0x8, 0x9, 0x1, 0x5, 0x4, 0x9, 0x80000000, 0x8000, 0x3, 0x3, 0x3b6, 0x4, 0x8244, 0x8, 0x6, 0xfffffff9, 0x1, 0x9, 0x9, 0x8, 0x6, 0x2, 0x3, 0x5b6, 0x2, 0x6, 0x3, 0x5, 0x400, 0x8, 0x3, 0x3, 0x6, 0x1, 0x4, 0x5, 0xe, 0x0, 0x2, 0x8, 0x0, 0x4, 0x7ff, 0x8, 0x10000, 0x9, 0x3, 0x4, 0x7, 0x2, 0x3, 0xf, 0x3ff, 0xde, 0xe5, 0x200, 0x9, 0x9, 0x6, 0xc, 0x32, 0x8, 0xfffffffa, 0x0, 0x9, 0x9c, 0x2e23, 0x3a, 0xb, 0x8, 0x4, 0x0, 0x1, 0x10000, 0x5, 0xff, 0xec, 0x4, 0x4, 0x7f, 0x0, 0x1, 0x6, 0x1, 0x7, 0xd106, 0x3, 0xea4, 0xafb9, 0x5f81, 0xf1d5, 0x3, 0x5, 0x10000, 0x5993, 0x10001, 0x9, 0x40, 0x97a, 0x7, 0x9, 0x3, 0x4, 0xd017, 0x9, 0x70, 0x18, 0xfffffffc, 0x49c6897b, 0x4, 0x1000, 0x8, 0xa4, 0x1000, 0x3, 0x1, 0xfff, 0xd2b, 0x7, 0x6, 0xa278, 0x80000000, 0x4, 0xa000000, 0xffffffc0, 0x4, 0x9, 0x6, 0x1, 0x7, 0x9, 0x27f34165, 0x11, 0x401, 0xc, 0x1ff, 0x0, 0xc, 0xd, 0xcddb, 0x6, 0x5, 0x4, 0x9, 0x8001, 0x2, 0xa8f, 0x8, 0x8e, 0x8, 0x101, 0x6, 0x1ff, 0x0, 0x4, 0x0, 0x1, 0xffff3da5, 0x6, 0x3a, 0x2]}]}]}}]}, 0x4b0}, 0x1, 0x0, 0x0, 0x893}, 0x2404c084) 0s ago: executing program 4 (id=2641): r0 = open(&(0x7f0000000280)='.\x00', 0x80, 0x122) fcntl$notify(r0, 0x402, 0x8000003d) fcntl$setown(r0, 0x8, 0xffffffffffffffff) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="d40000001a0010002abd7000ffdbdf2508000000676ec4dd40753f2524563515a6e3c67b2958f862b40f0dd53148c21e374a790189d0244c36675107ccac2330c259570d846e030000008ca9088755b17508a10ede1528e20c23e09d560cd7e33da05c1796142903175b3d42b49e7fb28d6abad8b237dcf45c27c0227435f207000000ea218feec8907a89243e7a60ed1da691475bddfdb3ef4fed1a609a97fe87c6411a16b681660fcc4f3555311befba78cb07a60b4c6b5a405da86e7dde3623edfce3ee3c88718f0dd87fdc76dc6df04ca2cf"], 0xd4}, 0x1, 0x0, 0x0, 0x804}, 0x80) unshare(0x2c020400) openat$6lowpan_control(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x8, 0x0, 0x0, 0x8, 0x0, 0x1, 0x6, 0x1000000000000}, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'bridge0\x00', 0x0}) r5 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r5, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x4}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184b8a34f9015cc99e570000002b21c90b000000000000721a5dbb56a3d9e16e7c2179c9b5b24722944820e624fc5b17d0822ca4232c98a9936ba722475ca5", 0x72}, {&(0x7f0000000440)="63f805d7649496db72959832930469edc7b700c9e37eed5653ecb716cdb8981cd819af0b33254465cc904b7b31789d65c0e0d33330e2ef36205dd154e363bcadf8f2ea93f45503c6d9fd8dfe5a638cfeb9f79c930a4d18260e5a08ffd35ed8371cff78119319b2b62c7cd9378c73ae90c801681f55ef26cb00"/135, 0x87}, {&(0x7f0000001400)="7f4ba13c5a27118dc920175650f0c9ba1809dd13a6e2d5b38f40adfa278c09e0e3bd05add4d780cd753b50f06f3b51f43761c7783f38ceaefc2dad57889d8b3a2d21314410f64ec2fa92e3a14b0141b39c020021d1edd011fbccb808a317fff4cf49aab12da619d67102048ec43c76cdb9d395e8b7b6e589d788aeeecb5080fc3d5ec6ccd656e49c0a642671d3fc363b46240bbc46ad965399b71db3c8f2b269b20870a3d2a6a8de5213b0f9d41c510c827056b7284391da244ec7653648b670f9a3483b314d861992ed7fb369eda093e1643c300b94d996fc592adb22c379be070ce5cd806da85a492dd4199cceb4c5b750222485325cf1073bf87e93bdf7da8af8f5f626541afd142e24ee8f4be9f038453c0edf500deabfe4d1a7a9de51df012bc2f3b767b3c03be6ace8c37ad571323cd363116e01f98a8ff8148d3900a65b788e99ddf9d9a2383f1730c7868d2dd031034bce5a77bd1ef3385105968be7bd830bde788092f657be36f89ea55ced486e18982d01339ed04a934a43c7b3", 0x17f}], 0x3}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) r8 = openat$fuse(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0) r9 = openat$cuse(0xffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r8, 0x8004e500, &(0x7f00000001c0)=r9) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@ipv4_newroute={0x38, 0x18, 0x1, 0x0, 0x0, {0x2, 0x0, 0x20, 0x0, 0x0, 0x3, 0xc8, 0x9}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x4}, @RTA_ENCAP={0x14, 0x16, 0x0, 0x1, @LWTUNNEL_IP_OPTS={0x10, 0x8, 0x0, 0x1, @LWTUNNEL_IP_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, @LWTUNNEL_IP_OPT_GENEVE_CLASS={0x1c, 0x1, 0x4}}}}]}, 0x38}}, 0x0) r11 = socket$packet(0x11, 0x3, 0x300) sendmsg$802154_raw(r0, &(0x7f0000000680)={&(0x7f0000000500)={0x24, @short={0x2, 0x3, 0xaaa3}}, 0x14, &(0x7f0000000640)={&(0x7f0000000540)="bdf3b595bd107a8726d0b2b48cdb14b7b0de6807b77c3101edd0783152e55f459f24ddf863b63b176bc0f06ec60681b1eba861d92d92c82ad5b5255d227f7a5f792bd27459aac8fc1c9c8655b1bfe623b4088c23fc17daa96e018e1e8d9f5d60e5a31acfbb32c42b25e526acbdf70653c67fa7f84b6ca9f8062c149a2a8bb2b18ada428a9c5917c63d3b2e6e2f85ab2e8348183e0fbb5ba57a00fac016fd9ca91bdbab9f8004198e80c6fe71edb98c10beee5f3435834e639f70f97fa5d01cd531a8f3053b98dcc0e7a4f8cea9194279ed0bbfe299d468d8a110ebda9016ec21fa39006d117bc71d819f7117", 0xec}, 0x1, 0x0, 0x0, 0x4000452}, 0x20008080) ioctl$sock_inet_SIOCSIFDSTADDR(r11, 0x8918, &(0x7f0000000040)={'veth0_to_batadv\x00', {0x2, 0x4e20, @empty}}) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x1200, &(0x7f0000001140)={&(0x7f0000000400)=ANY=[@ANYBLOB="440000001000030500000000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="15460100ef000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r4, @ANYBLOB="000a0065ed854361ce1cd203384a53220a2fb86358f2f8ef777c5211cac64db33e39be2b8d35511fc848c6648300003aa47a932c79190c31a83308e7389eb922b96e9ae9f157ae4d0193eda1735dc93d0a9dac09011ce420c4fa0f50131d50", @ANYRES32=r7, @ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x200488c0}, 0x0) kernel console output (not intermixed with test programs): mum allowed: 30 [ 889.163398][ T24] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 889.167129][ T24] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 889.170945][ T24] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 889.174894][ T24] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 889.179027][ T24] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 889.183598][ T24] usb 6-1: config 168 interface 0 has no altsetting 0 [ 889.186648][ T24] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 889.189170][ T24] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 889.192952][ T24] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 889.196721][ T24] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 889.200548][ T24] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 889.204522][ T24] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 889.208466][ T24] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 889.212865][ T24] usb 6-1: config 168 interface 0 has no altsetting 0 [ 889.218776][ T24] usb 6-1: string descriptor 0 read error: -22 [ 889.221053][ T24] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 889.224475][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 889.234884][ T24] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 889.304345][ T1018] vhci_hcd: vhci_device speed not set [ 889.362437][ T1018] usb 37-1: new full-speed USB device number 7 using vhci_hcd [ 889.620406][ T34] usb 6-1: USB disconnect, device number 21 [ 889.682468][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 889.835764][T15860] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2141'. [ 889.986201][T15847] vhci_hcd: connection reset by peer [ 889.991528][T15744] vhci_hcd: stop threads [ 889.995837][T15744] vhci_hcd: release socket [ 889.998094][T15744] vhci_hcd: disconnect device [ 890.722395][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 890.885807][T15866] openvswitch: netlink: Flow actions attr not present in new flow. [ 891.061090][T15874] netlink: 'syz.0.2147': attribute type 10 has an invalid length. [ 891.348249][ T40] kauditd_printk_skb: 8 callbacks suppressed [ 891.348295][ T40] audit: type=1326 audit(1756001355.649:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15878 comm="syz.4.2148" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd2579 code=0x7ffc0000 [ 891.362389][ T40] audit: type=1326 audit(1756001355.649:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15878 comm="syz.4.2148" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd2579 code=0x7ffc0000 [ 891.372399][ T40] audit: type=1326 audit(1756001355.659:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15878 comm="syz.4.2148" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fd2579 code=0x7ffc0000 [ 891.380358][ T40] audit: type=1326 audit(1756001355.659:839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15878 comm="syz.4.2148" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd2579 code=0x7ffc0000 [ 891.391201][ T40] audit: type=1326 audit(1756001355.659:840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15878 comm="syz.4.2148" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd2579 code=0x7ffc0000 [ 891.399689][ T40] audit: type=1326 audit(1756001355.659:841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15878 comm="syz.4.2148" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fd2579 code=0x7ffc0000 [ 891.408046][ T40] audit: type=1326 audit(1756001355.659:842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15878 comm="syz.4.2148" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd2579 code=0x7ffc0000 [ 891.415478][ T40] audit: type=1326 audit(1756001355.659:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15878 comm="syz.4.2148" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd2579 code=0x7ffc0000 [ 891.462455][ T40] audit: type=1326 audit(1756001355.659:844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15878 comm="syz.4.2148" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fd2579 code=0x7ffc0000 [ 891.497114][ T40] audit: type=1326 audit(1756001355.659:845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15878 comm="syz.4.2148" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd2579 code=0x7ffc0000 [ 891.762377][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 892.016021][T15891] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2150'. [ 892.802363][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 893.842400][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 894.472458][ T1018] vhci_hcd: vhci_device speed not set [ 894.882394][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 895.205412][T15943] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2163'. [ 895.375688][T15944] netlink: 'syz.3.2162': attribute type 10 has an invalid length. [ 895.922410][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 896.347177][T15961] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 896.349562][T15961] UDF-fs: Scanning with blocksize 2048 failed [ 896.352123][T15961] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 896.354559][T15961] UDF-fs: Scanning with blocksize 4096 failed [ 896.917738][T15967] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2170'. [ 896.962859][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 898.012329][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 898.474649][T15984] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2175'. [ 898.522541][ T9] kernel read not supported for file /media0 (pid: 9 comm: kworker/0:0) [ 898.634874][ T40] kauditd_printk_skb: 41 callbacks suppressed [ 898.634886][ T40] audit: type=1326 audit(1756001362.959:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15981 comm="syz.1.2174" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f48579 code=0x7ffc0000 [ 898.644465][ T40] audit: type=1326 audit(1756001362.959:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15981 comm="syz.1.2174" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f48579 code=0x7ffc0000 [ 898.651430][ T40] audit: type=1326 audit(1756001362.959:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15981 comm="syz.1.2174" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f48579 code=0x7ffc0000 [ 898.659516][ T40] audit: type=1326 audit(1756001362.959:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15981 comm="syz.1.2174" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f48579 code=0x7ffc0000 [ 898.666546][ T40] audit: type=1326 audit(1756001362.959:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15981 comm="syz.1.2174" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f48579 code=0x7ffc0000 [ 898.838956][T15990] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2177'. [ 899.042397][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 899.925308][T16004] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 899.927599][T16004] UDF-fs: Scanning with blocksize 2048 failed [ 899.930133][T16004] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 899.932461][T16004] UDF-fs: Scanning with blocksize 4096 failed [ 900.092343][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 900.419623][T16012] overlayfs: invalid origin (0000) [ 900.810271][T16028] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10) [ 900.812492][T16028] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 900.815296][T16028] vhci_hcd vhci_hcd.0: Device attached [ 901.002412][ T24] vhci_hcd: vhci_device speed not set [ 901.062595][ T24] usb 43-1: new full-speed USB device number 9 using vhci_hcd [ 901.122385][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 901.534927][T16029] vhci_hcd: connection reset by peer [ 901.537127][ T46] vhci_hcd: stop threads [ 901.538582][ T46] vhci_hcd: release socket [ 901.540304][ T46] vhci_hcd: disconnect device [ 902.161933][T16040] netlink: 'syz.0.2188': attribute type 10 has an invalid length. [ 902.162373][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 902.306284][T16051] netlink: 'syz.4.2189': attribute type 10 has an invalid length. [ 902.882219][T16060] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 902.884808][T16060] UDF-fs: Scanning with blocksize 2048 failed [ 902.887734][T16060] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 902.890139][T16060] UDF-fs: Scanning with blocksize 4096 failed [ 902.942097][T16061] netlink: 'syz.1.2191': attribute type 10 has an invalid length. [ 903.202363][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 903.667116][T16069] netlink: 'syz.4.2193': attribute type 10 has an invalid length. [ 903.763459][T16077] 9pnet_virtio: no channels available for device syz [ 904.242407][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 905.282424][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 906.303095][T16113] input: syz0 as /devices/virtual/input/input14 [ 906.322331][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 906.381826][T16114] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 906.385520][T16114] block device autoloading is deprecated and will be removed. [ 906.388538][T16112] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 906.391643][T16112] block device autoloading is deprecated and will be removed. [ 906.412550][ T24] vhci_hcd: vhci_device speed not set [ 907.043540][ T40] audit: type=1326 audit(1756001371.369:892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16106 comm="syz.0.2203" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7fc00000 [ 907.346045][ T9] kernel read not supported for file /media0 (pid: 9 comm: kworker/0:0) [ 907.362415][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 907.511242][T16141] input: syz0 as /devices/virtual/input/input15 [ 907.514981][T16140] netlink: 'syz.1.2209': attribute type 10 has an invalid length. [ 907.601628][ T40] audit: type=1326 audit(1756001371.919:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16137 comm="syz.3.2212" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x0 [ 908.402406][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 909.213676][T16163] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 909.217882][T16163] block device autoloading is deprecated and will be removed. [ 909.220882][T16159] md: md2 stopped. [ 909.263003][T16159] FAULT_INJECTION: forcing a failure. [ 909.263003][T16159] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 909.267626][T16159] CPU: 3 UID: 0 PID: 16159 Comm: syz.1.2217 Not tainted syzkaller #0 PREEMPT(full) [ 909.267642][T16159] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 909.267648][T16159] Call Trace: [ 909.267653][T16159] [ 909.267658][T16159] dump_stack_lvl+0x16c/0x1f0 [ 909.267677][T16159] should_fail_ex+0x512/0x640 [ 909.267695][T16159] _copy_from_user+0x2e/0xd0 [ 909.267714][T16159] md_ioctl+0x2830/0x4650 [ 909.267742][T16159] ? __pfx_md_ioctl+0x10/0x10 [ 909.267753][T16159] ? do_vfs_ioctl+0x128/0x14f0 [ 909.267775][T16159] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 909.267793][T16159] ? __pfx_md_compat_ioctl+0x10/0x10 [ 909.267804][T16159] compat_blkdev_ioctl+0x2ee/0x7a0 [ 909.267817][T16159] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 909.267832][T16159] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 909.267845][T16159] __ia32_compat_sys_ioctl+0x242/0x370 [ 909.267873][T16159] __do_fast_syscall_32+0x7c/0x3a0 [ 909.267889][T16159] do_fast_syscall_32+0x32/0x80 [ 909.267903][T16159] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 909.267917][T16159] RIP: 0023:0xf7f48579 [ 909.267926][T16159] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 909.267936][T16159] RSP: 002b:00000000f546655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 909.267947][T16159] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000040140921 [ 909.267953][T16159] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000000 [ 909.267959][T16159] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 909.267965][T16159] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 909.267972][T16159] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 909.267985][T16159] [ 909.442424][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 909.645201][T16170] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 909.647422][T16170] UDF-fs: Scanning with blocksize 2048 failed [ 909.651609][T16170] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 909.654851][T16170] UDF-fs: Scanning with blocksize 4096 failed [ 910.481445][T16178] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 910.482674][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 910.484624][T16178] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 910.488473][T16177] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 910.492735][T16177] UDF-fs: Scanning with blocksize 2048 failed [ 910.496137][T16178] vhci_hcd vhci_hcd.0: Device attached [ 910.497004][T16177] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 910.500877][T16177] UDF-fs: Scanning with blocksize 4096 failed [ 910.553181][T16184] PKCS7: Unknown OID: [5] (bad) [ 910.555215][T16184] PKCS7: Only support pkcs7_signedData type [ 910.672391][ T9] vhci_hcd: vhci_device speed not set [ 910.732384][ T9] usb 39-1: new full-speed USB device number 8 using vhci_hcd [ 911.099569][T16179] vhci_hcd: connection reset by peer [ 911.106046][ T1137] vhci_hcd: stop threads [ 911.107449][ T1137] vhci_hcd: release socket [ 911.109304][ T1137] vhci_hcd: disconnect device [ 911.522377][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 911.813768][T16199] 9pnet_virtio: no channels available for device syz [ 912.562340][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 913.030217][T16220] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2241'. [ 913.090263][T16221] netlink: 'syz.0.2230': attribute type 10 has an invalid length. [ 913.612387][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 914.403103][T16255] netlink: 'syz.3.2239': attribute type 10 has an invalid length. [ 914.642411][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 914.990348][T16260] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2244'. [ 915.245793][T16265] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 915.248788][T16265] UDF-fs: Scanning with blocksize 2048 failed [ 915.251563][T16265] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 915.254034][T16265] UDF-fs: Scanning with blocksize 4096 failed [ 915.682883][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 915.833226][ T9] vhci_hcd: vhci_device speed not set [ 916.513155][T16289] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 916.515587][T16289] UDF-fs: Scanning with blocksize 2048 failed [ 916.518715][T16289] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 916.521334][T16289] UDF-fs: Scanning with blocksize 4096 failed [ 916.722362][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 916.839313][T16294] overlay: Unknown parameter 'smackfsfloor' [ 916.978477][T16298] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2254'. [ 917.089602][ T40] audit: type=1326 audit(1756001381.409:894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16300 comm="syz.1.2255" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f48579 code=0x0 [ 917.174269][T16306] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10) [ 917.176460][T16306] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 917.179300][T16306] vhci_hcd vhci_hcd.0: Device attached [ 917.352438][ T1018] vhci_hcd: vhci_device speed not set [ 917.412474][ T1018] usb 37-1: new full-speed USB device number 8 using vhci_hcd [ 917.432427][ T9] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 917.582618][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 917.772357][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 917.881678][T16307] vhci_hcd: connection reset by peer [ 917.883656][ T1137] vhci_hcd: stop threads [ 917.884860][ T1137] vhci_hcd: release socket [ 917.889235][ T1137] vhci_hcd: disconnect device [ 918.205157][ T9] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 918.207428][ T9] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 918.210768][ T9] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 918.214245][ T9] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 918.217778][ T9] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 918.221156][ T9] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 918.224774][ T9] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 918.228834][ T9] usb 6-1: config 168 interface 0 has no altsetting 0 [ 918.232162][ T9] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 918.234731][ T9] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 918.238112][ T9] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 918.241634][ T9] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 918.245419][ T9] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 918.248728][ T9] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 918.252454][ T9] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 918.256526][ T9] usb 6-1: config 168 interface 0 has no altsetting 0 [ 918.263148][ T9] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 918.265480][ T9] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 918.268890][ T9] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 918.272499][ T9] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 918.276824][ T9] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 918.280841][ T9] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 918.285787][ T9] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 918.290535][ T9] usb 6-1: config 168 interface 0 has no altsetting 0 [ 918.304893][ T9] usb 6-1: string descriptor 0 read error: -22 [ 918.306904][ T9] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 918.310291][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 918.316588][ T9] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 918.323394][ T40] audit: type=1326 audit(1756001382.639:895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16320 comm="syz.3.2261" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 918.330225][ T40] audit: type=1326 audit(1756001382.649:896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16320 comm="syz.3.2261" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 918.337304][ T40] audit: type=1326 audit(1756001382.649:897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16320 comm="syz.3.2261" exe="/syz-executor" sig=0 arch=40000003 syscall=81 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 918.345656][ T40] audit: type=1326 audit(1756001382.649:898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16320 comm="syz.3.2261" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 918.352970][ T40] audit: type=1326 audit(1756001382.649:899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16320 comm="syz.3.2261" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 918.361099][ T40] audit: type=1326 audit(1756001382.649:900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16320 comm="syz.3.2261" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 918.367909][ T40] audit: type=1326 audit(1756001382.649:901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16320 comm="syz.3.2261" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 918.374825][ T40] audit: type=1326 audit(1756001382.649:902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16320 comm="syz.3.2261" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 918.381484][ T40] audit: type=1326 audit(1756001382.649:903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16320 comm="syz.3.2261" exe="/syz-executor" sig=0 arch=40000003 syscall=41 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 918.711769][T16333] IPVS: set_ctl: invalid protocol: 50 172.20.20.67:20001 [ 918.802401][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 918.924674][ T34] usb 6-1: USB disconnect, device number 22 [ 919.493313][T16339] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 919.496308][T16339] block device autoloading is deprecated and will be removed. [ 919.502954][T16338] md: md2 stopped. [ 919.842358][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 920.109759][T16340] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 920.112121][T16340] UDF-fs: Scanning with blocksize 2048 failed [ 920.115350][T16340] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 920.124214][T16340] UDF-fs: Scanning with blocksize 4096 failed [ 920.882379][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 921.314457][T16379] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 921.319982][T16379] block device autoloading is deprecated and will be removed. [ 921.327526][T16376] md: md2 stopped. [ 921.566333][T16384] IPVS: set_ctl: invalid protocol: 50 172.20.20.67:20001 [ 921.847557][T16389] FAULT_INJECTION: forcing a failure. [ 921.847557][T16389] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 921.852756][T16389] CPU: 0 UID: 0 PID: 16389 Comm: syz.4.2281 Not tainted syzkaller #0 PREEMPT(full) [ 921.852783][T16389] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 921.852790][T16389] Call Trace: [ 921.852795][T16389] [ 921.852800][T16389] dump_stack_lvl+0x16c/0x1f0 [ 921.852818][T16389] should_fail_ex+0x512/0x640 [ 921.852835][T16389] _copy_from_iter+0x29f/0x1720 [ 921.852856][T16389] ? __pfx__copy_from_iter+0x10/0x10 [ 921.852872][T16389] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 921.852892][T16389] copy_page_from_iter+0xde/0x180 [ 921.852910][T16389] tun_build_skb.constprop.0+0x2e8/0x1500 [ 921.852927][T16389] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 921.852941][T16389] ? __lock_acquire+0x62e/0x1ce0 [ 921.852964][T16389] tun_get_user+0x14ae/0x3ce0 [ 921.852981][T16389] ? __pfx_tun_get_user+0x10/0x10 [ 921.852992][T16389] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 921.853016][T16389] ? find_held_lock+0x2b/0x80 [ 921.853027][T16389] ? tun_get+0x191/0x370 [ 921.853045][T16389] tun_chr_write_iter+0xdc/0x210 [ 921.853057][T16389] vfs_write+0x7d3/0x11d0 [ 921.853070][T16389] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 921.853082][T16389] ? __pfx_vfs_write+0x10/0x10 [ 921.853093][T16389] ? find_held_lock+0x2b/0x80 [ 921.853112][T16389] ksys_write+0x12a/0x250 [ 921.853123][T16389] ? __pfx_ksys_write+0x10/0x10 [ 921.853136][T16389] ? rcu_is_watching+0x12/0xc0 [ 921.853149][T16389] __do_fast_syscall_32+0x7c/0x3a0 [ 921.853165][T16389] do_fast_syscall_32+0x32/0x80 [ 921.853179][T16389] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 921.853192][T16389] RIP: 0023:0xf7fd2579 [ 921.853201][T16389] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 921.853213][T16389] RSP: 002b:00000000f54f6520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 921.853223][T16389] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000000 [ 921.853230][T16389] RDX: 000000000000002a RSI: 00000000f7464ff4 RDI: 0000000000000000 [ 921.853236][T16389] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 921.853243][T16389] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 921.853249][T16389] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 921.853262][T16389] [ 921.922376][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 922.403795][ T24] usb 9-1: new high-speed USB device number 17 using dummy_hcd [ 922.552467][ T1018] vhci_hcd: vhci_device speed not set [ 922.572423][ T24] usb 9-1: Using ep0 maxpacket: 8 [ 922.576015][ T24] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 922.579185][ T24] usb 9-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 922.583733][ T24] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 922.588318][ T24] usb 9-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 922.593091][ T24] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 922.597389][ T24] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 922.601900][ T24] usb 9-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 922.616425][ T24] usb 9-1: config 168 interface 0 has no altsetting 0 [ 922.620483][ T24] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 922.623602][ T24] usb 9-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 922.627869][ T24] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 922.632447][ T24] usb 9-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 922.637033][ T24] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 922.641402][ T24] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 922.646055][ T24] usb 9-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 922.651256][ T24] usb 9-1: config 168 interface 0 has no altsetting 0 [ 922.654783][ T24] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 922.657764][ T24] usb 9-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 922.662108][ T24] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 922.666902][ T24] usb 9-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 922.737192][T16409] IPVS: set_ctl: invalid protocol: 50 172.20.20.67:20001 [ 922.892601][ T24] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 922.896985][ T24] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 922.901459][ T24] usb 9-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 922.907228][ T24] usb 9-1: config 168 interface 0 has no altsetting 0 [ 922.912562][ T24] usb 9-1: string descriptor 0 read error: -22 [ 922.915225][ T24] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 922.918818][ T24] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 922.932447][ T24] adutux 9-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 922.962405][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 923.177474][T16410] netlink: 'syz.1.2285': attribute type 10 has an invalid length. [ 923.543516][ T7400] usb 9-1: USB disconnect, device number 17 [ 924.002409][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 924.601963][T16435] 9pnet_fd: Insufficient options for proto=fd [ 925.042353][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 925.267735][T16446] IPVS: set_ctl: invalid protocol: 50 172.20.20.67:20001 [ 926.032919][T16454] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 926.035166][T16454] UDF-fs: Scanning with blocksize 2048 failed [ 926.037657][T16454] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 926.039907][T16454] UDF-fs: Scanning with blocksize 4096 failed [ 926.092344][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 926.543416][T16464] netlink: 'syz.4.2301': attribute type 10 has an invalid length. [ 926.966197][ T24] IPVS: starting estimator thread 0... [ 927.122348][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 927.122571][T16468] IPVS: using max 43 ests per chain, 103200 per kthread [ 927.328983][T16478] 9pnet_fd: Insufficient options for proto=fd [ 927.965559][T16489] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 927.967855][T16489] UDF-fs: Scanning with blocksize 2048 failed [ 927.972891][T16489] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 927.975203][T16489] UDF-fs: Scanning with blocksize 4096 failed [ 928.172366][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 929.202725][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 929.686219][ T5984] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 929.691973][ T5984] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 929.698519][ T5984] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 929.707440][ T5984] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 929.713393][ T5984] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 929.735018][T13068] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 929.740149][T13068] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 929.745901][T13068] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 929.752662][T13068] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 929.755793][T13068] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 929.873320][ T1187] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 929.933294][T16523] chnl_net:caif_netlink_parms(): no params data found [ 930.033167][ T1187] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 930.068579][T16539] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 930.070914][T16539] UDF-fs: Scanning with blocksize 2048 failed [ 930.074837][T16539] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 930.077177][T16539] UDF-fs: Scanning with blocksize 4096 failed [ 930.080503][T16523] bridge0: port 1(bridge_slave_0) entered blocking state [ 930.084120][T16523] bridge0: port 1(bridge_slave_0) entered disabled state [ 930.087310][T16523] bridge_slave_0: entered allmulticast mode [ 930.091041][T16523] bridge_slave_0: entered promiscuous mode [ 930.096964][T16523] bridge0: port 2(bridge_slave_1) entered blocking state [ 930.099990][T16523] bridge0: port 2(bridge_slave_1) entered disabled state [ 930.103246][T16523] bridge_slave_1: entered allmulticast mode [ 930.106860][T16523] bridge_slave_1: entered promiscuous mode [ 930.128250][ T1187] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 930.220480][ T1187] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 930.235870][T16523] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 930.242543][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 930.247743][T16523] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 930.291779][T16523] team0: Port device team_slave_0 added [ 930.295373][T16523] team0: Port device team_slave_1 added [ 930.356027][T16523] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 930.358802][T16523] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 930.367250][T16523] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 930.409486][T16523] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 930.411727][T16523] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 930.420077][T16523] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 930.670769][ T1187] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 930.677680][ T1187] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 930.684284][ T1187] bond0 (unregistering): (slave macvlan0): Releasing backup interface [ 930.687847][ T1187] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 930.690729][ T1187] bond0 (unregistering): Released all slaves [ 930.700426][ T1187] bond1 (unregistering): Released all slaves [ 930.710810][ T1187] bond2 (unregistering): Released all slaves [ 930.719251][ T1187] bond3 (unregistering): Released all slaves [ 930.725612][ T1187] bond4 (unregistering): Released all slaves [ 930.731565][ T1187] bond5 (unregistering): Released all slaves [ 930.740834][ T1187] bond6 (unregistering): Released all slaves [ 930.755313][ T1187] bond7 (unregistering): Released all slaves [ 930.768238][ T1187] bond8 (unregistering): Released all slaves [ 930.783641][ T1187] bond9 (unregistering): Released all slaves [ 930.789697][ T1187] bond10 (unregistering): Released all slaves [ 930.798045][ T1187] bond11 (unregistering): Released all slaves [ 930.857359][ T40] kauditd_printk_skb: 11 callbacks suppressed [ 930.857370][ T40] audit: type=1326 audit(1756001395.179:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16542 comm="syz.0.2330" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x0 [ 930.889834][ T1187] bond12 (unregistering): Released all slaves [ 931.025639][T16523] hsr_slave_0: entered promiscuous mode [ 931.027938][T16523] hsr_slave_1: entered promiscuous mode [ 931.030159][T16523] debugfs: 'hsr0' already exists in 'hsr' [ 931.031946][T16523] Cannot create hsr debugfs directory [ 931.048398][ T1187] tipc: Left network mode [ 931.055126][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.057177][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 931.152402][ T9] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 931.269809][ T1187] hsr_slave_0: left promiscuous mode [ 931.271965][ T1187] hsr_slave_1: left promiscuous mode [ 931.274784][ T1187] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 931.277873][ T1187] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 931.280213][ T1187] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 931.284352][ T1187] batman_adv: batadv0: Removing interface: team0 [ 931.292387][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 931.298825][ T1187] veth1_macvtap: left promiscuous mode [ 931.300608][ T1187] veth0_macvtap: left promiscuous mode [ 931.302531][ T1187] veth1_vlan: left promiscuous mode [ 931.304248][ T1187] veth0_vlan: left promiscuous mode [ 931.322380][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 931.325319][ T9] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 931.327683][ T9] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 931.331154][ T9] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 931.339308][ T9] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 931.343312][ T9] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 931.346861][ T9] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 931.350551][ T9] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 931.355070][ T9] usb 5-1: config 168 interface 0 has no altsetting 0 [ 931.358190][ T9] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 931.360595][ T9] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 931.366131][ T9] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 931.370009][ T9] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 931.373726][ T9] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 931.377386][ T9] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 931.381027][ T9] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 931.385562][ T9] usb 5-1: config 168 interface 0 has no altsetting 0 [ 931.388763][ T9] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 931.391155][ T9] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 931.394703][ T9] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 931.398620][ T9] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 931.402622][ T9] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 931.406089][ T9] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 931.409779][ T9] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 931.414354][ T9] usb 5-1: config 168 interface 0 has no altsetting 0 [ 931.436861][ T9] usb 5-1: string descriptor 0 read error: -22 [ 931.438922][ T9] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 931.441927][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 931.452762][ T9] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 931.825193][ T6064] usb 5-1: USB disconnect, device number 26 [ 931.846234][ T5984] Bluetooth: hci0: command tx timeout [ 932.000833][ T1187] team0 (unregistering): Port device team_slave_1 removed [ 932.080030][ T1187] team0 (unregistering): Port device team_slave_0 removed [ 932.322433][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 932.713717][ T40] audit: type=1326 audit(1756001397.039:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16571 comm="syz.3.2327" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x0 [ 932.982222][T16523] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 932.986360][T16523] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 932.991177][T16523] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 933.003915][T16523] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 933.039951][T16523] 8021q: adding VLAN 0 to HW filter on device bond0 [ 933.049675][T16523] 8021q: adding VLAN 0 to HW filter on device team0 [ 933.056649][T15744] bridge0: port 1(bridge_slave_0) entered blocking state [ 933.058975][T15744] bridge0: port 1(bridge_slave_0) entered forwarding state [ 933.067927][ T1172] bridge0: port 2(bridge_slave_1) entered blocking state [ 933.070294][ T1172] bridge0: port 2(bridge_slave_1) entered forwarding state [ 933.076304][ T1187] IPVS: stop unused estimator thread 0... [ 933.248721][T16523] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 933.280884][T16523] veth0_vlan: entered promiscuous mode [ 933.290201][T16523] veth1_vlan: entered promiscuous mode [ 933.323652][T16523] veth0_macvtap: entered promiscuous mode [ 933.328509][T16523] veth1_macvtap: entered promiscuous mode [ 933.336778][T16523] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 933.344180][T16523] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 933.350299][T15744] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 933.354614][T15744] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 933.358460][T15744] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 933.361112][T15744] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 933.372470][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 933.410213][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 933.414944][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 933.431706][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 933.435512][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 933.691464][T16609] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 933.694208][T16609] UDF-fs: Scanning with blocksize 2048 failed [ 933.696802][T16609] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 933.699121][T16609] UDF-fs: Scanning with blocksize 4096 failed [ 933.908132][ T40] audit: type=1326 audit(1756001398.229:917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16612 comm="syz.0.2333" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x0 [ 933.922605][ T5984] Bluetooth: hci0: command tx timeout [ 934.273724][ T53] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 934.402481][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 934.447382][ T53] usb 5-1: Using ep0 maxpacket: 8 [ 934.450583][ T53] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 934.453686][ T53] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 934.457558][ T53] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 934.461903][ T53] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 934.466439][ T53] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 934.470479][ T53] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 934.474257][ T53] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 934.478486][ T53] usb 5-1: config 168 interface 0 has no altsetting 0 [ 934.502708][ T53] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 934.505646][ T53] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 934.523080][ T53] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 934.527311][ T53] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 934.531094][ T53] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 934.536021][ T53] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 934.539777][ T53] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 934.544624][ T53] usb 5-1: config 168 interface 0 has no altsetting 0 [ 934.548617][ T53] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 934.551157][ T53] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 934.554752][ T53] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 934.558395][ T53] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 934.562141][ T53] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 934.567712][ T53] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 934.571351][ T53] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 934.575980][ T53] usb 5-1: config 168 interface 0 has no altsetting 0 [ 934.581018][ T53] usb 5-1: string descriptor 0 read error: -22 [ 934.583780][ T53] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 934.587295][ T53] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 934.600796][ T53] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 934.977467][ T53] usb 5-1: USB disconnect, device number 27 [ 935.442458][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 936.002436][ T5984] Bluetooth: hci0: command tx timeout [ 936.249190][T16650] Dead loop on virtual device ip6_vti0, fix it urgently! [ 936.251943][T16650] Dead loop on virtual device ip6_vti0, fix it urgently! [ 936.255870][T16650] Dead loop on virtual device ip6_vti0, fix it urgently! [ 936.258629][T16650] Dead loop on virtual device ip6_vti0, fix it urgently! [ 936.261235][T16650] Dead loop on virtual device ip6_vti0, fix it urgently! [ 936.373308][T16653] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 936.482455][ C3] net_ratelimit: 1 callbacks suppressed [ 936.482468][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 936.503251][T16653] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 936.592001][T16653] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 936.646515][T16653] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 936.737404][ T46] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 936.749389][ T9693] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 936.764241][ T9693] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 936.775722][ T9693] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 937.187032][T16666] IPVS: set_ctl: invalid protocol: 50 172.20.20.67:20001 [ 937.522446][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 937.715077][ T40] audit: type=1326 audit(1756001402.039:918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16672 comm="syz.3.2348" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x0 [ 937.754155][T16678] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2349'. [ 937.776293][T16678] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2349'. [ 937.806644][T16680] random: crng reseeded on system resumption [ 938.097268][ T24] IPVS: starting estimator thread 0... [ 938.135377][ T5984] Bluetooth: hci0: command tx timeout [ 938.238091][T16686] IPVS: using max 43 ests per chain, 103200 per kthread [ 938.366513][T16678] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2349'. [ 938.562532][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 938.895267][ T40] audit: type=1326 audit(1756001403.219:919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16689 comm="syz.0.2351" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x0 [ 939.178194][T16701] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2354'. [ 939.282519][ T1018] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 939.442483][ T1018] usb 5-1: Using ep0 maxpacket: 8 [ 939.446409][ T1018] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 939.448780][ T1018] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 939.452386][ T1018] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 939.455974][ T1018] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 939.459677][ T1018] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 939.463297][ T1018] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 939.467316][ T1018] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 939.471488][ T1018] usb 5-1: config 168 interface 0 has no altsetting 0 [ 939.474588][ T1018] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 939.476922][ T1018] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 939.480346][ T1018] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 939.484034][ T1018] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 939.487668][ T1018] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 939.491150][ T1018] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 939.494848][ T1018] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 939.498971][ T1018] usb 5-1: config 168 interface 0 has no altsetting 0 [ 939.501841][ T1018] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 939.504382][ T1018] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 939.507866][ T1018] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 939.511573][ T1018] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 939.515431][ T1018] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 939.519004][ T1018] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 939.523687][ T1018] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 939.529164][ T1018] usb 5-1: config 168 interface 0 has no altsetting 0 [ 939.535086][ T1018] usb 5-1: string descriptor 0 read error: -22 [ 939.537784][ T1018] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 939.541518][ T1018] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 939.555373][ T1018] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 939.602381][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 939.869206][ T1018] usb 5-1: USB disconnect, device number 28 [ 940.652331][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 941.682351][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 942.107722][T16739] IPVS: set_ctl: invalid protocol: 50 172.20.20.67:20001 [ 942.452919][T16744] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2365'. [ 942.732380][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 942.931013][ T40] audit: type=1326 audit(1756001407.249:920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16747 comm="syz.0.2367" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x0 [ 943.237564][T16757] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 943.240395][T16757] UDF-fs: Scanning with blocksize 2048 failed [ 943.243650][T16757] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 943.246456][T16757] UDF-fs: Scanning with blocksize 4096 failed [ 943.542500][ T1018] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 943.692431][ T1018] usb 5-1: Using ep0 maxpacket: 8 [ 943.696653][ T1018] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 943.706410][ T1018] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 943.713370][ T1018] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 943.716885][ T1018] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 943.720532][ T1018] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 943.725129][ T1018] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 943.728561][ T1018] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 943.733180][ T1018] usb 5-1: config 168 interface 0 has no altsetting 0 [ 943.736192][ T1018] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 943.738511][ T1018] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 943.741871][ T1018] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 943.746487][ T1018] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 943.751964][ T1018] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 943.757956][ T1018] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 943.762356][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 943.767938][ T1018] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 943.772778][ T1018] usb 5-1: config 168 interface 0 has no altsetting 0 [ 943.775891][ T1018] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 943.778718][ T1018] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 943.786964][ T1018] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 943.790583][ T1018] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 943.794672][ T1018] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 943.798157][ T1018] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 943.801598][ T1018] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 943.806793][ T1018] usb 5-1: config 168 interface 0 has no altsetting 0 [ 943.811367][ T1018] usb 5-1: string descriptor 0 read error: -22 [ 943.813762][ T1018] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 943.816502][ T1018] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 943.895476][ T1018] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 943.904749][T16761] netlink: 'syz.3.2369': attribute type 10 has an invalid length. [ 944.197495][T16768] IPVS: set_ctl: invalid protocol: 50 172.20.20.67:20001 [ 944.437187][ T53] usb 5-1: USB disconnect, device number 29 [ 944.802446][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 945.153003][T16781] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2373'. [ 945.618046][T16785] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2374'. [ 945.842398][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 946.093871][T16794] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=83886082 (335544328 ns) > initial count (1488 ns). Using initial count to start timer. [ 946.398288][T16801] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 946.400610][T16801] UDF-fs: Scanning with blocksize 2048 failed [ 946.405170][T16801] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 946.407385][T16801] UDF-fs: Scanning with blocksize 4096 failed [ 946.474401][T16802] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11) [ 946.476513][T16802] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 946.479148][T16802] vhci_hcd vhci_hcd.0: Device attached [ 946.749113][ T29] vhci_hcd: vhci_device speed not set [ 946.812435][ T29] usb 39-1: new full-speed USB device number 9 using vhci_hcd [ 946.882503][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 946.935457][T16808] netlink: 'syz.0.2380': attribute type 10 has an invalid length. [ 947.173463][T16803] vhci_hcd: connection reset by peer [ 947.176850][ T1187] vhci_hcd: stop threads [ 947.178289][ T1187] vhci_hcd: release socket [ 947.180344][ T1187] vhci_hcd: disconnect device [ 947.343526][T16814] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5) [ 947.345598][T16814] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 947.348684][T16814] vhci_hcd vhci_hcd.0: Device attached [ 947.672683][ T61] usb 46-1: SetAddress Request (2) to port 0 [ 947.675064][ T61] usb 46-1: new SuperSpeed USB device number 2 using vhci_hcd [ 947.922333][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 948.867351][T16832] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 948.959997][T16832] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 948.963892][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 949.087163][T16832] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 949.164516][T16815] vhci_hcd: connection reset by peer [ 949.203049][ T1187] vhci_hcd: stop threads [ 949.211952][ T1187] vhci_hcd: release socket [ 949.213760][ T1187] vhci_hcd: disconnect device [ 949.260354][T16832] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 949.288896][T16838] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 949.291665][T16838] UDF-fs: Scanning with blocksize 2048 failed [ 949.294943][T16838] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 949.297457][T16838] UDF-fs: Scanning with blocksize 4096 failed [ 949.406747][T15744] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 949.443123][T15744] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 949.467915][T15744] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 949.513357][ T1137] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 950.002360][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 950.723068][T16857] netlink: 'syz.3.2393': attribute type 10 has an invalid length. [ 951.052535][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 951.177112][T16864] IPVS: set_ctl: invalid protocol: 50 172.20.20.67:20001 [ 951.877811][T16868] loop7: detected capacity change from 0 to 16384 [ 951.980847][ T29] vhci_hcd: vhci_device speed not set [ 952.082495][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 952.474314][T16874] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 952.476508][T16874] UDF-fs: Scanning with blocksize 2048 failed [ 952.479056][T16874] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 952.481293][T16874] UDF-fs: Scanning with blocksize 4096 failed [ 952.778706][ T61] usb 46-1: device descriptor read/8, error -110 [ 953.122343][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 953.193957][ T61] usb usb46-port1: attempt power cycle [ 953.256784][ T40] audit: type=1326 audit(1756001417.579:921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16886 comm="syz.0.2403" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x0 [ 953.341881][T16892] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 953.344484][T16892] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 953.348197][T16892] vhci_hcd vhci_hcd.0: Device attached [ 953.522399][T16603] vhci_hcd: vhci_device speed not set [ 953.582417][T16603] usb 39-1: new full-speed USB device number 10 using vhci_hcd [ 953.602374][ T53] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 953.752466][ T53] usb 5-1: Using ep0 maxpacket: 8 [ 953.755551][ T53] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 953.758134][ T53] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 953.761685][ T53] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 953.765363][ T53] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 953.769429][ T53] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 953.773829][ T53] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 953.778639][ T53] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 953.782997][ T61] usb usb46-port1: unable to enumerate USB device [ 953.785548][ T53] usb 5-1: config 168 interface 0 has no altsetting 0 [ 953.790776][ T53] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 953.793967][ T53] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 953.798549][ T53] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 953.803440][ T53] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 953.808305][ T53] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 953.813013][ T53] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 953.817748][ T53] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 953.823368][ T53] usb 5-1: config 168 interface 0 has no altsetting 0 [ 953.827447][ T53] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 953.830644][ T53] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 953.834797][ T53] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 953.838394][ T53] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 953.842204][ T53] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 953.846026][ T53] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 953.849630][ T53] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 953.853844][ T53] usb 5-1: config 168 interface 0 has no altsetting 0 [ 953.858126][ T53] usb 5-1: string descriptor 0 read error: -22 [ 953.859947][ T53] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 953.862798][ T53] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 953.873069][ T53] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 954.060789][T16893] vhci_hcd: connection reset by peer [ 954.063662][T15744] vhci_hcd: stop threads [ 954.070740][T15744] vhci_hcd: release socket [ 954.077980][T15744] vhci_hcd: disconnect device [ 954.162351][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 954.191773][ T5838] usb 5-1: USB disconnect, device number 30 [ 954.412642][T16898] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2404'. [ 954.557449][T16905] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2405'. [ 954.907766][T16911] netlink: 'syz.4.2408': attribute type 10 has an invalid length. [ 954.910996][T16911] syz_tun: entered promiscuous mode [ 954.918038][T16911] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 955.202404][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 955.754369][T16926] usb 2-1: USB disconnect, device number 2 [ 955.931688][T16927] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2413'. [ 956.099910][T16937] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 956.102698][T16937] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 956.107668][T16937] vhci_hcd vhci_hcd.0: Device attached [ 956.224958][T16941] IPVS: set_ctl: invalid protocol: 50 172.20.20.67:20001 [ 956.252364][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 956.770551][T16945] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 956.776492][T16945] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 956.780594][T16945] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 956.789275][T16945] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 956.793069][T16945] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 956.842959][T16938] vhci_hcd: connection closed [ 956.854118][ T1187] vhci_hcd: stop threads [ 956.868702][ T1187] vhci_hcd: release socket [ 956.870238][ T1187] vhci_hcd: disconnect device [ 956.896112][T16947] veth0: entered promiscuous mode [ 957.033429][ T1172] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 957.057303][T16943] chnl_net:caif_netlink_parms(): no params data found [ 957.076311][T16948] veth0: left promiscuous mode [ 957.147978][ T1172] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 957.183780][T16960] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2420'. [ 957.282372][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 957.284208][T16943] bridge0: port 1(bridge_slave_0) entered blocking state [ 957.287130][T16943] bridge0: port 1(bridge_slave_0) entered disabled state [ 957.289731][T16943] bridge_slave_0: entered allmulticast mode [ 957.294210][T16943] bridge_slave_0: entered promiscuous mode [ 957.311671][ T1172] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 957.318667][T16943] bridge0: port 2(bridge_slave_1) entered blocking state [ 957.325386][T16943] bridge0: port 2(bridge_slave_1) entered disabled state [ 957.328517][T16943] bridge_slave_1: entered allmulticast mode [ 957.334706][T16943] bridge_slave_1: entered promiscuous mode [ 957.422231][ T1172] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 957.430392][T16943] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 957.435508][T16943] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 957.502479][T16943] team0: Port device team_slave_0 added [ 957.508475][T16943] team0: Port device team_slave_1 added [ 957.563108][T16943] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 957.566099][T16943] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 957.575669][T16943] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 957.589047][T16943] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 957.591501][T16943] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 957.600065][T16943] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 957.678795][ T1172] bridge_slave_1: left allmulticast mode [ 957.680689][ T1172] bridge_slave_1: left promiscuous mode [ 957.684289][ T1172] bridge0: port 2(bridge_slave_1) entered disabled state [ 957.688061][ T1172] bridge_slave_0: left allmulticast mode [ 957.689897][ T1172] bridge_slave_0: left promiscuous mode [ 957.692456][ T1172] bridge0: port 1(bridge_slave_0) entered disabled state [ 958.176186][ T1172] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 958.181027][ T1172] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 958.186216][ T1172] bond0 (unregistering): Released all slaves [ 958.197811][ T1172] bond1 (unregistering): Released all slaves [ 958.210358][ T1172] bond2 (unregistering): Released all slaves [ 958.230711][ T1172] bond3 (unregistering): Released all slaves [ 958.247163][ T1172] bond4 (unregistering): Released all slaves [ 958.261299][ T1172] bond5 (unregistering): Released all slaves [ 958.270633][ T1172] bond6 (unregistering): Released all slaves [ 958.280439][ T1172] bond7 (unregistering): Released all slaves [ 958.294978][ T1172] bond8 (unregistering): Released all slaves [ 958.312467][T16943] hsr_slave_0: entered promiscuous mode [ 958.316410][T16943] hsr_slave_1: entered promiscuous mode [ 958.322389][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 958.684276][T16980] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2424'. [ 958.688136][T16980] openvswitch: netlink: Missing key (keys=40, expected=100) [ 958.727062][T16603] vhci_hcd: vhci_device speed not set [ 958.848045][T16986] FAULT_INJECTION: forcing a failure. [ 958.848045][T16986] name failslab, interval 1, probability 0, space 0, times 0 [ 958.853412][T16986] CPU: 0 UID: 0 PID: 16986 Comm: syz.1.2424 Not tainted syzkaller #0 PREEMPT(full) [ 958.853435][T16986] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 958.853447][T16986] Call Trace: [ 958.853452][T16986] [ 958.853459][T16986] dump_stack_lvl+0x16c/0x1f0 [ 958.853484][T16986] should_fail_ex+0x512/0x640 [ 958.853500][T16986] ? fs_reclaim_acquire+0xae/0x150 [ 958.853517][T16986] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 958.853533][T16986] should_failslab+0xc2/0x120 [ 958.853547][T16986] __kmalloc_noprof+0xd2/0x510 [ 958.853563][T16986] tomoyo_realpath_from_path+0xc2/0x6e0 [ 958.853579][T16986] ? tomoyo_profile+0x47/0x60 [ 958.853590][T16986] tomoyo_path_number_perm+0x245/0x580 [ 958.853602][T16986] ? tomoyo_path_number_perm+0x237/0x580 [ 958.853616][T16986] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 958.853643][T16986] ? find_held_lock+0x2b/0x80 [ 958.853655][T16986] ? hook_file_ioctl_common+0x145/0x410 [ 958.853677][T16986] ? __fget_files+0x20e/0x3c0 [ 958.853692][T16986] security_file_ioctl_compat+0x9b/0x240 [ 958.853707][T16986] __ia32_compat_sys_ioctl+0xc3/0x370 [ 958.853726][T16986] __do_fast_syscall_32+0x7c/0x3a0 [ 958.853741][T16986] do_fast_syscall_32+0x32/0x80 [ 958.853755][T16986] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 958.853768][T16986] RIP: 0023:0xf7f38579 [ 958.853777][T16986] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 958.853790][T16986] RSP: 002b:00000000f541455c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 958.853806][T16986] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000080047437 [ 958.853817][T16986] RDX: 0000000080001f00 RSI: 0000000000000000 RDI: 0000000000000000 [ 958.853829][T16986] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 958.853838][T16986] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 958.853846][T16986] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 958.853866][T16986] [ 958.854452][T16986] ERROR: Out of memory at tomoyo_realpath_from_path. [ 958.883299][T16945] Bluetooth: hci3: command tx timeout [ 958.999883][ T1172] hsr_slave_0: left promiscuous mode [ 959.003872][ T1172] hsr_slave_1: left promiscuous mode [ 959.011496][ T1172] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 959.020439][ T1172] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 959.042247][ T1172] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 959.045855][ T1172] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 959.050924][ T1172] batman_adv: batadv0: Removing interface: team0 [ 959.091139][T16994] netlink: 'syz.3.2426': attribute type 10 has an invalid length. [ 959.102234][ T1172] veth1_macvtap: left promiscuous mode [ 959.104780][ T1172] veth0_macvtap: left promiscuous mode [ 959.107023][ T1172] veth1_vlan: left promiscuous mode [ 959.109155][ T1172] veth0_vlan: left promiscuous mode [ 959.364444][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 959.869753][T17005] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 959.872538][T17005] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 959.876346][T17005] vhci_hcd vhci_hcd.0: Device attached [ 959.879076][ T1172] team0 (unregistering): Port device team_slave_1 removed [ 959.952995][ T1172] team0 (unregistering): Port device team_slave_0 removed [ 960.062510][ T1018] vhci_hcd: vhci_device speed not set [ 960.122577][ T1018] usb 39-1: new full-speed USB device number 11 using vhci_hcd [ 960.402465][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 960.515446][T16994] syz_tun: entered promiscuous mode [ 960.520196][T16994] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 960.588342][T17006] vhci_hcd: connection reset by peer [ 960.590562][ T1137] vhci_hcd: stop threads [ 960.595340][ T1137] vhci_hcd: release socket [ 960.597770][ T1137] vhci_hcd: disconnect device [ 960.728420][T16943] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 960.733260][T16943] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 960.745311][T16943] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 960.880331][T16943] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 960.972477][T16945] Bluetooth: hci3: command tx timeout [ 961.051927][ T1172] IPVS: stop unused estimator thread 0... [ 961.075907][T16943] 8021q: adding VLAN 0 to HW filter on device bond0 [ 961.104280][T16943] 8021q: adding VLAN 0 to HW filter on device team0 [ 961.113345][ T9693] bridge0: port 1(bridge_slave_0) entered blocking state [ 961.115832][ T9693] bridge0: port 1(bridge_slave_0) entered forwarding state [ 961.125406][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 961.127790][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 961.273151][T17044] netlink: 3 bytes leftover after parsing attributes in process `syz.4.2431'. [ 961.278904][T17044] batadv1: entered allmulticast mode [ 961.333820][T16943] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 961.345308][T17045] input: syz1 as /devices/virtual/input/input16 [ 961.410049][T16943] veth0_vlan: entered promiscuous mode [ 961.416502][T16943] veth1_vlan: entered promiscuous mode [ 961.442429][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 961.457635][T16943] veth0_macvtap: entered promiscuous mode [ 961.461554][T16943] veth1_macvtap: entered promiscuous mode [ 961.487042][T16943] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 961.496041][T16943] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 961.504853][ T60] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 961.508259][ T60] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 961.516198][ T60] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 961.520832][ T60] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 961.557337][ T9693] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 961.560826][ T9693] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 961.581409][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 961.584269][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 961.913862][T17055] vlan2: entered promiscuous mode [ 961.915667][T17055] dummy0: entered promiscuous mode [ 961.919626][T17055] vlan2: entered allmulticast mode [ 961.921360][T17055] dummy0: entered allmulticast mode [ 962.482451][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 962.493437][T17059] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10) [ 962.495740][T17059] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 962.498321][T17059] vhci_hcd vhci_hcd.0: Device attached [ 962.682453][T17049] vhci_hcd: vhci_device speed not set [ 962.742450][T17049] usb 43-1: new full-speed USB device number 10 using vhci_hcd [ 963.042636][T16945] Bluetooth: hci3: command tx timeout [ 963.187140][T17070] e1000e 0000:00:02.0 eth1: NIC Link is Down [ 963.224370][T17060] vhci_hcd: connection reset by peer [ 963.232646][ T1137] vhci_hcd: stop threads [ 963.237072][ T1137] vhci_hcd: release socket [ 963.238620][ T1137] vhci_hcd: disconnect device [ 963.522340][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 963.640651][T17103] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2440'. [ 963.718714][ T61] libceph: connect (1)[c::]:6789 error -101 [ 963.721056][ T61] libceph: mon0 (1)[c::]:6789 connect error [ 963.755568][T17108] ceph: No mds server is up or the cluster is laggy [ 963.829599][T17093] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 963.830547][T17115] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 963.835254][T17115] UDF-fs: Scanning with blocksize 2048 failed [ 963.838342][T17115] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 963.840640][T17115] UDF-fs: Scanning with blocksize 4096 failed [ 963.882376][ T24] usb 9-1: new high-speed USB device number 18 using dummy_hcd [ 964.084004][ T24] usb 9-1: config 1 interface 0 altsetting 5 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 964.087989][ T24] usb 9-1: config 1 interface 0 has no altsetting 0 [ 964.091587][ T24] usb 9-1: New USB device found, idVendor=18d1, idProduct=5022, bcdDevice= 0.40 [ 964.094592][ T24] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 964.097061][ T24] usb 9-1: Product: syz [ 964.098401][ T24] usb 9-1: Manufacturer: á° [ 964.099862][ T24] usb 9-1: SerialNumber: syz [ 964.310729][ T24] usbhid 9-1:1.0: can't add hid device: -71 [ 964.312811][ T24] usbhid 9-1:1.0: probe with driver usbhid failed with error -71 [ 964.317331][ T24] usb 9-1: USB disconnect, device number 18 [ 964.562360][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 964.762423][T16603] usb 9-1: new high-speed USB device number 19 using dummy_hcd [ 964.914512][T16603] usb 9-1: config 1 interface 0 altsetting 5 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 964.920055][T16603] usb 9-1: config 1 interface 0 has no altsetting 0 [ 964.925094][T16603] usb 9-1: New USB device found, idVendor=18d1, idProduct=5022, bcdDevice= 0.40 [ 964.928897][T16603] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 964.931746][T16603] usb 9-1: Product: syz [ 964.933282][T16603] usb 9-1: Manufacturer: syz [ 964.934761][T16603] usb 9-1: SerialNumber: syz [ 965.122637][T16945] Bluetooth: hci3: command tx timeout [ 965.154190][T16603] usbhid 9-1:1.0: can't add hid device: -71 [ 965.156185][T16603] usbhid 9-1:1.0: probe with driver usbhid failed with error -71 [ 965.159789][T16603] usb 9-1: USB disconnect, device number 19 [ 965.292550][ T1018] vhci_hcd: vhci_device speed not set [ 965.602503][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 965.857006][T17135] netlink: 'syz.0.2444': attribute type 10 has an invalid length. [ 965.869194][T17135] batman_adv: batadv0: Adding interface: team0 [ 965.871222][T17135] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 965.922756][T17135] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 966.323330][T17154] 9pnet_fd: Insufficient options for proto=fd [ 966.472599][T17156] netlink: 'syz.1.2450': attribute type 10 has an invalid length. [ 966.486449][T17156] batman_adv: batadv0: Adding interface: team0 [ 966.488501][T17156] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 966.496560][T17156] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 966.652413][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 967.682354][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 967.713052][T16945] block nbd1: Receive control failed (result -32) [ 967.721119][T17173] block nbd1: shutting down sockets [ 967.722123][T17174] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2456'. [ 967.726323][T17174] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2456'. [ 967.832417][T17049] vhci_hcd: vhci_device speed not set [ 968.654879][T17180] IPVS: set_ctl: invalid protocol: 50 172.20.20.67:20001 [ 968.732515][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 969.340011][T17202] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2464'. [ 969.579509][T17207] netlink: 'syz.1.2463': attribute type 10 has an invalid length. [ 969.762401][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 969.829247][T17208] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2465'. [ 970.556574][T17218] netlink: 'syz.4.2466': attribute type 10 has an invalid length. [ 970.589762][T17219] 9pnet_fd: Insufficient options for proto=fd [ 970.802468][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 970.930969][T17226] 9pnet_fd: Insufficient options for proto=fd [ 971.056891][T17229] FAULT_INJECTION: forcing a failure. [ 971.056891][T17229] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 971.061045][T17229] CPU: 3 UID: 0 PID: 17229 Comm: syz.0.2471 Not tainted syzkaller #0 PREEMPT(full) [ 971.061061][T17229] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 971.061067][T17229] Call Trace: [ 971.061072][T17229] [ 971.061076][T17229] dump_stack_lvl+0x16c/0x1f0 [ 971.061094][T17229] should_fail_ex+0x512/0x640 [ 971.061112][T17229] copy_fpstate_to_sigframe+0x854/0xaf0 [ 971.061130][T17229] ? __pfx_copy_fpstate_to_sigframe+0x10/0x10 [ 971.061143][T17229] ? posixtimer_deliver_signal+0x105/0x6b0 [ 971.061161][T17229] ? posixtimer_deliver_signal+0x1c7/0x6b0 [ 971.061175][T17229] ? x86_task_fpu+0x5f/0x90 [ 971.061188][T17229] get_sigframe+0x4a8/0x9c0 [ 971.061203][T17229] ? __pfx_get_sigframe+0x10/0x10 [ 971.061217][T17229] ? _raw_spin_unlock_irq+0x23/0x50 [ 971.061229][T17229] ? siginfo_layout+0x177/0x290 [ 971.061242][T17229] ia32_setup_rt_frame+0xe3/0xb30 [ 971.061261][T17229] ? __pfx_ia32_setup_rt_frame+0x10/0x10 [ 971.061277][T17229] ? find_held_lock+0x2b/0x80 [ 971.061290][T17229] arch_do_signal_or_restart+0x480/0x790 [ 971.061304][T17229] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 971.061332][T17229] ? ksys_read+0x1ac/0x250 [ 971.061345][T17229] ? __pfx_ksys_read+0x10/0x10 [ 971.061359][T17229] exit_to_user_mode_loop+0x84/0x110 [ 971.061376][T17229] __do_fast_syscall_32+0x2ac/0x3a0 [ 971.061392][T17229] do_fast_syscall_32+0x32/0x80 [ 971.061406][T17229] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 971.061419][T17229] RIP: 0023:0xf70ce577 [ 971.061428][T17229] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 [ 971.061438][T17229] RSP: 002b:00000000f54be55c EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 971.061448][T17229] RAX: 0000000000000003 RBX: 0000000000000003 RCX: 0000000080000380 [ 971.061455][T17229] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000000 [ 971.061461][T17229] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 971.061466][T17229] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 971.061472][T17229] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 971.061485][T17229] [ 971.070529][T17230] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2468'. [ 971.073171][T17229] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2471'. [ 971.138610][T17229] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2471'. [ 971.842327][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 971.914509][T17261] 9pnet_fd: Insufficient options for proto=fd [ 972.540489][T17290] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2485'. [ 972.882410][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 973.336003][T17309] FAULT_INJECTION: forcing a failure. [ 973.336003][T17309] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 973.341166][T17309] CPU: 3 UID: 0 PID: 17309 Comm: syz.4.2492 Not tainted syzkaller #0 PREEMPT(full) [ 973.341183][T17309] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 973.341189][T17309] Call Trace: [ 973.341194][T17309] [ 973.341198][T17309] dump_stack_lvl+0x16c/0x1f0 [ 973.341216][T17309] should_fail_ex+0x512/0x640 [ 973.341233][T17309] _copy_from_user+0x2e/0xd0 [ 973.341250][T17309] get_compat_msghdr+0xa7/0x170 [ 973.341265][T17309] ? __pfx_get_compat_msghdr+0x10/0x10 [ 973.341283][T17309] ___sys_sendmsg+0x1ae/0x1d0 [ 973.341306][T17309] ? __pfx____sys_sendmsg+0x10/0x10 [ 973.341325][T17309] ? find_held_lock+0x2b/0x80 [ 973.341345][T17309] __sys_sendmsg+0x16d/0x220 [ 973.341359][T17309] ? __pfx___sys_sendmsg+0x10/0x10 [ 973.341378][T17309] ? rcu_is_watching+0x12/0xc0 [ 973.341391][T17309] __do_fast_syscall_32+0x7c/0x3a0 [ 973.341407][T17309] do_fast_syscall_32+0x32/0x80 [ 973.341421][T17309] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 973.341434][T17309] RIP: 0023:0xf7fd2579 [ 973.341443][T17309] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 973.341453][T17309] RSP: 002b:00000000f54b455c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 973.341464][T17309] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800000c0 [ 973.341470][T17309] RDX: 0000000000040089 RSI: 0000000000000000 RDI: 0000000000000000 [ 973.341477][T17309] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 973.341483][T17309] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 973.341488][T17309] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 973.341501][T17309] [ 973.842434][T17320] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2496'. [ 973.922557][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 974.317558][T17328] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 974.319898][T17328] UDF-fs: Scanning with blocksize 2048 failed [ 974.323003][T17328] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 974.325599][T17328] UDF-fs: Scanning with blocksize 4096 failed [ 974.652445][T16603] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 974.821407][T16603] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 974.827554][T16603] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 974.852214][T16603] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 974.860874][T16603] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 974.865018][T16603] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 974.879829][T16603] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 974.882953][T16603] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 974.885655][T16603] usb 5-1: Product: syz [ 974.887125][T16603] usb 5-1: Manufacturer: syz [ 974.962347][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 974.994894][T16603] cdc_wdm 5-1:1.0: skipping garbage [ 975.003466][T16603] cdc_wdm 5-1:1.0: skipping garbage [ 975.012101][T16603] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 975.017051][T16603] cdc_wdm 5-1:1.0: Unknown control protocol [ 975.298919][T16855] usb 5-1: USB disconnect, device number 31 [ 975.781477][T17359] bond0: (slave syz_tun): Releasing backup interface [ 975.791214][T17359] batman_adv: batadv0: Removing interface: team0 [ 975.798654][T17359] bridge_slave_1: left allmulticast mode [ 975.801327][T17359] bridge_slave_1: left promiscuous mode [ 975.806934][T17359] bridge0: port 2(bridge_slave_1) entered disabled state [ 975.842357][T17359] bond0: (slave bond_slave_0): Releasing backup interface [ 975.858762][T17359] bond0: (slave bond_slave_1): Releasing backup interface [ 975.896136][T17359] team0: Port device C removed [ 975.900341][T17365] netlink: 'syz.3.2510': attribute type 10 has an invalid length. [ 975.902761][T17359] team0: Port device team_slave_1 removed [ 975.907067][T17359] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 975.909564][T17359] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 975.915688][T17359] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 975.918972][T17359] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 975.977772][T17367] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2510'. [ 975.983710][ T40] audit: type=1326 audit(1756001440.309:922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17363 comm="syz.0.2511" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x0 [ 975.991565][T17361] team0: Mode changed to "loadbalance" [ 976.002405][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 976.009387][T17365] 8021q: adding VLAN 0 to HW filter on device bond0 [ 976.017462][T17365] team0: Port device bond0 added [ 976.216284][T17367] team0 (unregistering): Port device bond0 removed [ 976.282375][T16603] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 976.452483][T16603] usb 5-1: Using ep0 maxpacket: 8 [ 976.455555][T16603] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 976.457932][T16603] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 976.461555][T16603] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 976.465615][T16603] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 976.469420][T16603] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 976.473081][T16603] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 976.476785][T16603] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 976.481022][T16603] usb 5-1: config 168 interface 0 has no altsetting 0 [ 976.484401][T16603] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 976.487211][T16603] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 976.491238][T16603] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 976.495083][T16603] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 976.498771][T16603] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 976.502442][T16603] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 976.506267][T16603] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 976.510664][T16603] usb 5-1: config 168 interface 0 has no altsetting 0 [ 976.523339][T16603] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 976.525804][T16603] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 976.529486][T16603] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 976.533187][T16603] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 976.536877][T16603] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 976.540788][T16603] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 976.544766][T16603] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 976.548835][T16603] usb 5-1: config 168 interface 0 has no altsetting 0 [ 976.553878][T16603] usb 5-1: string descriptor 0 read error: -22 [ 976.555923][T16603] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 976.558917][T16603] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 976.571034][T16603] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 976.887231][T16855] usb 5-1: USB disconnect, device number 32 [ 977.042430][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 978.092374][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 979.122410][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 979.535870][T17400] 9pnet_fd: Insufficient options for proto=fd [ 979.792662][T17399] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 979.795089][T17399] UDF-fs: Scanning with blocksize 2048 failed [ 979.797736][T17399] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 979.799986][T17399] UDF-fs: Scanning with blocksize 4096 failed [ 979.874097][T17402] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2518'. [ 979.935451][T17409] Driver unsupported XDP return value 0 on prog (id 688) dev N/A, expect packet loss! [ 979.951239][ T1018] libceph: connect (1)[c::]:6789 error -101 [ 979.957498][ T1018] libceph: mon0 (1)[c::]:6789 connect error [ 979.994529][ T1018] libceph: connect (1)[c::]:6789 error -101 [ 979.996955][ T1018] libceph: mon0 (1)[c::]:6789 connect error [ 980.162385][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 980.223252][ T1018] libceph: connect (1)[c::]:6789 error -101 [ 980.223350][ T1018] libceph: mon0 (1)[c::]:6789 connect error [ 980.252821][ T1018] libceph: connect (1)[c::]:6789 error -101 [ 980.252940][ T1018] libceph: mon0 (1)[c::]:6789 connect error [ 980.633921][ C3] vcan0: j1939_tp_rxtimer: 0xffff88805f1ca000: rx timeout, send abort [ 980.639976][ C3] vcan0: j1939_tp_rxtimer: 0xffff88805f1c9000: rx timeout, send abort [ 980.643816][ C3] vcan0: j1939_xtp_rx_abort_one: 0xffff88805f1ca000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 980.649806][ C3] vcan0: j1939_xtp_rx_abort_one: 0xffff88805f1c9000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 980.659659][T17427] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 980.662100][T17427] UDF-fs: Scanning with blocksize 2048 failed [ 980.666727][T17427] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 980.669131][T17427] UDF-fs: Scanning with blocksize 4096 failed [ 980.742727][ T1018] libceph: connect (1)[c::]:6789 error -101 [ 980.744782][ T1018] libceph: mon0 (1)[c::]:6789 connect error [ 980.762805][ T1018] libceph: connect (1)[c::]:6789 error -101 [ 980.772779][ T1018] libceph: mon0 (1)[c::]:6789 connect error [ 980.775341][T17411] ceph: No mds server is up or the cluster is laggy [ 980.779131][T17414] ceph: No mds server is up or the cluster is laggy [ 980.900700][ T40] audit: type=1326 audit(1756001445.219:923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17428 comm="syz.3.2526" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x0 [ 981.111442][T17435] FAULT_INJECTION: forcing a failure. [ 981.111442][T17435] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 981.117602][T17435] CPU: 0 UID: 0 PID: 17435 Comm: syz.0.2528 Not tainted syzkaller #0 PREEMPT(full) [ 981.117624][T17435] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 981.117634][T17435] Call Trace: [ 981.117641][T17435] [ 981.117648][T17435] dump_stack_lvl+0x16c/0x1f0 [ 981.117676][T17435] should_fail_ex+0x512/0x640 [ 981.117705][T17435] _copy_from_user+0x2e/0xd0 [ 981.117733][T17435] dma_buf_ioctl+0x3c6/0x8d0 [ 981.117755][T17435] ? __pfx_dma_buf_ioctl+0x10/0x10 [ 981.117777][T17435] ? find_held_lock+0x2b/0x80 [ 981.117793][T17435] ? hook_file_ioctl_common+0x145/0x410 [ 981.117816][T17435] ? __fget_files+0x20e/0x3c0 [ 981.117835][T17435] ? __pfx_dma_buf_ioctl+0x10/0x10 [ 981.117854][T17435] compat_ptr_ioctl+0x6e/0xa0 [ 981.117877][T17435] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 981.117901][T17435] __ia32_compat_sys_ioctl+0x242/0x370 [ 981.117930][T17435] __do_fast_syscall_32+0x7c/0x3a0 [ 981.117956][T17435] do_fast_syscall_32+0x32/0x80 [ 981.117978][T17435] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 981.117999][T17435] RIP: 0023:0xf70ce579 [ 981.118013][T17435] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 981.118030][T17435] RSP: 002b:00000000f54be55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 981.118048][T17435] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000040086200 [ 981.118060][T17435] RDX: 0000000080000440 RSI: 0000000000000000 RDI: 0000000000000000 [ 981.118071][T17435] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 981.118081][T17435] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 981.118091][T17435] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 981.118116][T17435] [ 981.202373][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 981.536034][T17445] IPVS: set_ctl: invalid protocol: 50 172.20.20.67:20001 [ 981.656010][T17446] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 981.659278][T17446] UDF-fs: Scanning with blocksize 2048 failed [ 981.664431][T17446] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 981.667607][T17446] UDF-fs: Scanning with blocksize 4096 failed [ 982.191890][T17450] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2532'. [ 982.215690][T17450] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2532'. [ 982.242404][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 982.571576][T17459] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2533'. [ 983.282410][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 983.514258][T17470] /dev/sr0: Can't open blockdev [ 983.551287][T17474] netlink: 'syz.4.2537': attribute type 4 has an invalid length. [ 984.048620][ T5984] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 984.054614][ T5984] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 984.059614][ T5984] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 984.066792][ T5984] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 984.073259][ T5984] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 984.115162][ T9693] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 984.209681][ T9693] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 984.294131][T17477] chnl_net:caif_netlink_parms(): no params data found [ 984.322432][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 984.391376][ T9693] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 984.479617][T17477] bridge0: port 1(bridge_slave_0) entered blocking state [ 984.482051][T17477] bridge0: port 1(bridge_slave_0) entered disabled state [ 984.483971][T17491] IPVS: set_ctl: invalid protocol: 50 172.20.20.67:20001 [ 984.490045][T17477] bridge_slave_0: entered allmulticast mode [ 984.493731][T17477] bridge_slave_0: entered promiscuous mode [ 984.525667][ T9693] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 984.532586][T17477] bridge0: port 2(bridge_slave_1) entered blocking state [ 984.535252][T17477] bridge0: port 2(bridge_slave_1) entered disabled state [ 984.538345][T17477] bridge_slave_1: entered allmulticast mode [ 984.541811][T17477] bridge_slave_1: entered promiscuous mode [ 984.585032][T17477] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 984.590915][T17477] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 984.626086][T17477] team0: Port device team_slave_0 added [ 984.629767][T17477] team0: Port device team_slave_1 added [ 984.673168][T17477] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 984.675451][T17477] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 984.684479][T17477] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 984.693913][T17477] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 984.696672][T17477] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 984.705050][T17477] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 984.716348][T17496] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 984.718767][T17496] UDF-fs: Scanning with blocksize 2048 failed [ 984.722158][T17496] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 984.724644][T17496] UDF-fs: Scanning with blocksize 4096 failed [ 984.775104][T17477] hsr_slave_0: entered promiscuous mode [ 984.777382][T17477] hsr_slave_1: entered promiscuous mode [ 984.779580][T17477] debugfs: 'hsr0' already exists in 'hsr' [ 984.781454][T17477] Cannot create hsr debugfs directory [ 985.205388][ T9693] bond0 (unregistering): Released all slaves [ 985.216777][ T9693] bond1 (unregistering): Released all slaves [ 985.227152][ T9693] bond2 (unregistering): Released all slaves [ 985.238318][ T9693] bond3 (unregistering): Released all slaves [ 985.249040][ T9693] bond4 (unregistering): Released all slaves [ 985.264603][ T9693] bond5 (unregistering): Released all slaves [ 985.280502][ T9693] bond6 (unregistering): Released all slaves [ 985.294372][ T9693] bond7 (unregistering): Released all slaves [ 985.362396][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 985.569837][T17507] sp0: Synchronizing with TNC [ 985.737846][ T9693] hsr_slave_0: left promiscuous mode [ 985.746975][ T9693] hsr_slave_1: left promiscuous mode [ 985.795211][ T9693] veth1_macvtap: left promiscuous mode [ 985.797604][ T9693] veth0_macvtap: left promiscuous mode [ 985.800712][ T9693] veth1_vlan: left promiscuous mode [ 985.803529][ T9693] veth0_vlan: left promiscuous mode [ 986.082466][ T5984] Bluetooth: hci2: command tx timeout [ 986.096842][T17521] FAULT_INJECTION: forcing a failure. [ 986.096842][T17521] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 986.103269][T17521] CPU: 1 UID: 0 PID: 17521 Comm: syz.1.2548 Not tainted syzkaller #0 PREEMPT(full) [ 986.103296][T17521] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 986.103309][T17521] Call Trace: [ 986.103316][T17521] [ 986.103323][T17521] dump_stack_lvl+0x16c/0x1f0 [ 986.103365][T17521] should_fail_ex+0x512/0x640 [ 986.103395][T17521] _copy_to_user+0x32/0xd0 [ 986.103414][T17521] simple_read_from_buffer+0xcb/0x170 [ 986.103436][T17521] proc_fail_nth_read+0x197/0x240 [ 986.103456][T17521] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 986.103477][T17521] ? rw_verify_area+0xcf/0x6c0 [ 986.103494][T17521] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 986.103512][T17521] vfs_read+0x1e1/0xcf0 [ 986.103536][T17521] ? __pfx_vfs_read+0x10/0x10 [ 986.103552][T17521] ? find_held_lock+0x2b/0x80 [ 986.103574][T17521] ? __fget_files+0x20e/0x3c0 [ 986.103601][T17521] ksys_read+0x12a/0x250 [ 986.103628][T17521] ? __pfx_ksys_read+0x10/0x10 [ 986.103645][T17521] ? fput+0x9b/0xd0 [ 986.103667][T17521] ? rcu_is_watching+0x12/0xc0 [ 986.103686][T17521] __do_fast_syscall_32+0x7c/0x3a0 [ 986.103710][T17521] do_fast_syscall_32+0x32/0x80 [ 986.103730][T17521] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 986.103746][T17521] RIP: 0023:0xf7f38579 [ 986.103756][T17521] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 986.103767][T17521] RSP: 002b:00000000f5456590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 986.103777][T17521] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5456620 [ 986.103784][T17521] RDX: 000000000000000f RSI: 00000000f73c4ff4 RDI: 0000000000000000 [ 986.103790][T17521] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 986.103796][T17521] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 986.103802][T17521] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 986.103816][T17521] [ 986.181448][ C1] vkms_vblank_simulate: vblank timer overrun [ 986.212772][T17523] FAULT_INJECTION: forcing a failure. [ 986.212772][T17523] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 986.217935][T17523] CPU: 1 UID: 0 PID: 17523 Comm: syz.1.2549 Not tainted syzkaller #0 PREEMPT(full) [ 986.217951][T17523] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 986.217957][T17523] Call Trace: [ 986.217961][T17523] [ 986.217966][T17523] dump_stack_lvl+0x16c/0x1f0 [ 986.217985][T17523] should_fail_ex+0x512/0x640 [ 986.218002][T17523] _copy_from_user+0x2e/0xd0 [ 986.218019][T17523] vt_compat_ioctl+0x27c/0x4e0 [ 986.218032][T17523] ? __pfx_vt_compat_ioctl+0x10/0x10 [ 986.218042][T17523] ? hook_file_ioctl_common+0x145/0x410 [ 986.218072][T17523] ? __fget_files+0x20e/0x3c0 [ 986.218085][T17523] ? __pfx_vt_compat_ioctl+0x10/0x10 [ 986.218096][T17523] tty_compat_ioctl+0x2ee/0x4d0 [ 986.218111][T17523] ? __pfx_tty_compat_ioctl+0x10/0x10 [ 986.218125][T17523] __ia32_compat_sys_ioctl+0x242/0x370 [ 986.218143][T17523] __do_fast_syscall_32+0x7c/0x3a0 [ 986.218159][T17523] do_fast_syscall_32+0x32/0x80 [ 986.218173][T17523] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 986.218186][T17523] RIP: 0023:0xf7f38579 [ 986.218196][T17523] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 986.218206][T17523] RSP: 002b:00000000f545655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 986.218216][T17523] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000004b67 [ 986.218223][T17523] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 986.218229][T17523] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 986.218235][T17523] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 986.218242][T17523] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 986.218255][T17523] [ 986.402353][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 986.819041][T17527] netlink: 'syz.1.2550': attribute type 10 has an invalid length. [ 987.389824][T17535] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2551'. [ 987.442344][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 987.784473][T17549] Bluetooth: MGMT ver 1.23 [ 988.094645][T17477] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 988.172950][ T5984] Bluetooth: hci2: command tx timeout [ 988.244874][T17477] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 988.255126][T17477] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 988.277186][ T9693] IPVS: stop unused estimator thread 0... [ 988.279505][T17477] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 988.299650][T17565] netlink: 'syz.0.2554': attribute type 10 has an invalid length. [ 988.423801][T17477] 8021q: adding VLAN 0 to HW filter on device bond0 [ 988.438664][T17477] 8021q: adding VLAN 0 to HW filter on device team0 [ 988.447074][ T1172] bridge0: port 1(bridge_slave_0) entered blocking state [ 988.449471][ T1172] bridge0: port 1(bridge_slave_0) entered forwarding state [ 988.482389][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 988.487039][ T1172] bridge0: port 2(bridge_slave_1) entered blocking state [ 988.489342][ T1172] bridge0: port 2(bridge_slave_1) entered forwarding state [ 988.688693][T17477] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 988.711483][T17477] veth0_vlan: entered promiscuous mode [ 988.719745][T17477] veth1_vlan: entered promiscuous mode [ 988.739300][T17477] veth0_macvtap: entered promiscuous mode [ 988.743807][T17477] veth1_macvtap: entered promiscuous mode [ 988.760013][T17477] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 988.766877][T17477] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 988.776480][ T46] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 988.788158][ T46] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 988.794626][ T46] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 988.797937][ T46] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 988.921702][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 988.926275][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 989.021299][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 989.025041][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 989.152152][T17594] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2539'. [ 989.157019][T17596] tmpfs: Unknown parameter 'O´3ËÛJäŸd' [ 989.522449][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 990.268395][ T5984] Bluetooth: hci2: command tx timeout [ 990.563350][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 990.842781][T17629] FAULT_INJECTION: forcing a failure. [ 990.842781][T17629] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 990.847626][T17629] CPU: 1 UID: 0 PID: 17629 Comm: syz.3.2572 Not tainted syzkaller #0 PREEMPT(full) [ 990.847643][T17629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 990.847649][T17629] Call Trace: [ 990.847656][T17629] [ 990.847663][T17629] dump_stack_lvl+0x16c/0x1f0 [ 990.847702][T17629] should_fail_ex+0x512/0x640 [ 990.847727][T17629] _copy_from_user+0x2e/0xd0 [ 990.847751][T17629] drm_ioctl+0x4fb/0xc30 [ 990.847770][T17629] ? __pfx_drm_mode_mmap_dumb_ioctl+0x10/0x10 [ 990.847782][T17629] ? __pfx_drm_ioctl+0x10/0x10 [ 990.847807][T17629] drm_compat_ioctl+0x327/0x460 [ 990.847821][T17629] ? __pfx_drm_compat_ioctl+0x10/0x10 [ 990.847833][T17629] __ia32_compat_sys_ioctl+0x242/0x370 [ 990.847852][T17629] __do_fast_syscall_32+0x7c/0x3a0 [ 990.847869][T17629] do_fast_syscall_32+0x32/0x80 [ 990.847883][T17629] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 990.847897][T17629] RIP: 0023:0xf709e579 [ 990.847906][T17629] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 990.847916][T17629] RSP: 002b:00000000f548e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 990.847926][T17629] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c01064b3 [ 990.847933][T17629] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 990.847939][T17629] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 990.847945][T17629] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 990.847951][T17629] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 990.847965][T17629] [ 990.904607][ C1] vkms_vblank_simulate: vblank timer overrun [ 990.950086][T17631] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2573'. [ 990.958990][T17631] batadv0: entered promiscuous mode [ 990.960899][T17631] macsec1: entered promiscuous mode [ 990.962732][T17631] macsec1: entered allmulticast mode [ 990.964755][T17631] batadv0: entered allmulticast mode [ 991.602398][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 992.323247][ T5984] Bluetooth: hci2: command tx timeout [ 992.486738][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 992.489310][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 992.618625][T17676] 9pnet_fd: Insufficient options for proto=fd [ 992.635236][ T24] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 992.642373][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 992.649830][T17677] 9pnet_fd: Insufficient options for proto=fd [ 992.722970][T17678] tipc: Started in network mode [ 992.724713][T17678] tipc: Node identity , cluster identity 4711 [ 992.726774][T17678] tipc: Failed to obtain node identity [ 992.728600][T17678] tipc: Enabling of bearer rejected, failed to enable media [ 993.156597][ T24] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 993.160519][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 993.164019][ T24] usb 5-1: Product: syz [ 993.165383][ T24] usb 5-1: Manufacturer: syz [ 993.166841][ T24] usb 5-1: SerialNumber: syz [ 993.173056][ T24] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 993.192123][ T9836] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 993.196510][T17684] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 993.199540][T17684] UDF-fs: Scanning with blocksize 2048 failed [ 993.205057][T17684] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 993.208240][T17684] UDF-fs: Scanning with blocksize 4096 failed [ 993.215142][T17683] FAULT_INJECTION: forcing a failure. [ 993.215142][T17683] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 993.220191][T17683] CPU: 3 UID: 0 PID: 17683 Comm: syz.1.2589 Not tainted syzkaller #0 PREEMPT(full) [ 993.220212][T17683] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 993.220222][T17683] Call Trace: [ 993.220227][T17683] [ 993.220232][T17683] dump_stack_lvl+0x16c/0x1f0 [ 993.220259][T17683] should_fail_ex+0x512/0x640 [ 993.220284][T17683] _copy_from_user+0x2e/0xd0 [ 993.220310][T17683] get_compat_msghdr+0xa7/0x170 [ 993.220326][T17683] ? __pfx_get_compat_msghdr+0x10/0x10 [ 993.220348][T17683] ? __lock_acquire+0x62e/0x1ce0 [ 993.220373][T17683] ___sys_recvmsg+0x191/0x1a0 [ 993.220396][T17683] ? __pfx____sys_recvmsg+0x10/0x10 [ 993.220416][T17683] ? find_held_lock+0x2b/0x80 [ 993.220438][T17683] ? __pfx___might_resched+0x10/0x10 [ 993.220463][T17683] do_recvmmsg+0x55d/0x750 [ 993.220486][T17683] ? __pfx_do_recvmmsg+0x10/0x10 [ 993.220527][T17683] ? __fget_files+0x20e/0x3c0 [ 993.220539][T17683] ? handle_mm_fault+0x1f0/0xd10 [ 993.220559][T17683] __sys_recvmmsg+0x21c/0x280 [ 993.220581][T17683] ? __pfx___sys_recvmmsg+0x10/0x10 [ 993.220603][T17683] ? __pfx_ksys_write+0x10/0x10 [ 993.220625][T17683] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 993.220646][T17683] ? lockdep_hardirqs_on+0x7c/0x110 [ 993.220662][T17683] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 993.220684][T17683] __do_fast_syscall_32+0x7c/0x3a0 [ 993.220707][T17683] do_fast_syscall_32+0x32/0x80 [ 993.220732][T17683] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 993.220746][T17683] RIP: 0023:0xf7f38579 [ 993.220760][T17683] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 993.220775][T17683] RSP: 002b:00000000f545655c EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 993.220791][T17683] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000840 [ 993.220801][T17683] RDX: 0000000000000414 RSI: 0000000000000000 RDI: 0000000000000000 [ 993.220811][T17683] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 993.220820][T17683] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 993.220828][T17683] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 993.220845][T17683] [ 993.506929][T17693] FAULT_INJECTION: forcing a failure. [ 993.506929][T17693] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 993.513067][T17693] CPU: 3 UID: 0 PID: 17693 Comm: syz.3.2591 Not tainted syzkaller #0 PREEMPT(full) [ 993.513092][T17693] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 993.513103][T17693] Call Trace: [ 993.513110][T17693] [ 993.513118][T17693] dump_stack_lvl+0x16c/0x1f0 [ 993.513145][T17693] should_fail_ex+0x512/0x640 [ 993.513174][T17693] _copy_to_iter+0x29f/0x1710 [ 993.513193][T17693] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 993.513218][T17693] ? seq_write+0xd6/0x150 [ 993.513263][T17693] ? __pfx__copy_to_iter+0x10/0x10 [ 993.513281][T17693] ? kernfs_seq_stop+0xcd/0x120 [ 993.513302][T17693] ? kernfs_put_active+0x86/0xe0 [ 993.513329][T17693] seq_read_iter+0xcf8/0x12c0 [ 993.513361][T17693] kernfs_fop_read_iter+0x40f/0x5a0 [ 993.513384][T17693] do_iter_readv_writev+0x743/0x9e0 [ 993.513406][T17693] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 993.513435][T17693] ? rw_verify_area+0xcf/0x6c0 [ 993.513456][T17693] vfs_readv+0x4cb/0x8b0 [ 993.513473][T17693] ? proc_fail_nth_write+0x9f/0x220 [ 993.513499][T17693] ? __pfx_vfs_readv+0x10/0x10 [ 993.513520][T17693] ? vfs_write+0x15d/0x11d0 [ 993.513568][T17693] ? do_readv+0x132/0x340 [ 993.513590][T17693] do_readv+0x132/0x340 [ 993.513609][T17693] ? __pfx_do_readv+0x10/0x10 [ 993.513631][T17693] ? rcu_is_watching+0x12/0xc0 [ 993.513654][T17693] __do_fast_syscall_32+0x7c/0x3a0 [ 993.513681][T17693] do_fast_syscall_32+0x32/0x80 [ 993.513705][T17693] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 993.513726][T17693] RIP: 0023:0xf709e579 [ 993.513741][T17693] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 993.513758][T17693] RSP: 002b:00000000f548e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000091 [ 993.513776][T17693] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800012c0 [ 993.513787][T17693] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 993.513797][T17693] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 993.513807][T17693] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 993.513818][T17693] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 993.513842][T17693] [ 993.682440][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 993.776790][T17699] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 993.781750][T17699] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 994.242579][ T9836] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 994.245179][ T9836] ath9k_htc: Failed to initialize the device [ 994.268960][ T9836] usb 5-1: ath9k_htc: USB layer deinitialized [ 994.684325][T17049] usb 5-1: USB disconnect, device number 33 [ 994.722407][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 994.765150][T17714] 9pnet_fd: Insufficient options for proto=fd [ 994.887853][T17716] bridge_slave_0: left allmulticast mode [ 994.890523][T17716] bridge_slave_0: left promiscuous mode [ 994.893330][T17716] bridge0: port 1(bridge_slave_0) entered disabled state [ 995.772454][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 996.420993][T17757] netlink: 'syz.1.2604': attribute type 10 has an invalid length. [ 996.802390][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 997.275139][T17763] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2612'. [ 997.618145][T17781] 9pnet_fd: Insufficient options for proto=fd [ 997.800296][T17774] random: crng reseeded on system resumption [ 997.842374][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 997.888938][T17782] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2617'. [ 997.891789][T17782] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2617'. [ 997.903432][T17782] netlink: 'syz.0.2617': attribute type 14 has an invalid length. [ 998.419532][T17799] batadv_slave_1: entered promiscuous mode [ 998.882540][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 998.993770][ T40] audit: type=1804 audit(1756001463.319:924): pid=17805 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.2623" name="/newroot/587/bus/bus" dev="overlay" ino=3096 res=1 errno=0 [ 999.020265][ T40] audit: type=1804 audit(1756001463.339:925): pid=17805 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2623" name="/newroot/587/bus/bus" dev="overlay" ino=3096 res=1 errno=0 [ 999.123458][T17815] /dev/sr0: Can't open blockdev [ 999.245988][T17817] /dev/sr0: Can't open blockdev [ 999.454517][T17798] batadv_slave_1: left promiscuous mode [ 999.922340][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 1000.045459][T17853] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2628'. [ 1000.052534][T17853] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2628'. [ 1000.882589][T17856] netlink: 'syz.4.2630': attribute type 13 has an invalid length. [ 1000.907373][T17856] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 1000.962412][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 1001.391141][T17874] netlink: 'syz.3.2633': attribute type 10 has an invalid length. [ 1001.430751][T17874] batman_adv: batadv0: Adding interface: team0 [ 1001.664491][T17874] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1001.691813][T17874] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 1001.710870][T17875] IPVS: set_ctl: invalid protocol: 50 172.20.20.67:20001 [ 1002.002367][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 1002.284279][T17878] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2636'. [ 1002.302720][T17886] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 1002.367461][T17890] sp0: Synchronizing with TNC [ 1002.555625][T17895] [ 1002.556751][T17895] ===================================================== [ 1002.559736][T17895] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 1002.563040][T17895] syzkaller #0 Not tainted [ 1002.565370][T17895] ----------------------------------------------------- [ 1002.570574][T17895] syz.4.2641/17895 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1002.574067][T17895] ffffffff8e20c098 (tasklist_lock){.+.+}-{3:3}, at: send_sigio+0xb8/0x3e0 [ 1002.577936][T17895] [ 1002.577936][T17895] and this task is already holding: [ 1002.581094][T17895] ffff88806e092320 (&f_owner->lock){....}-{3:3}, at: send_sigio+0x31/0x3e0 [ 1002.584808][T17895] which would create a new lock dependency: [ 1002.587339][T17895] (&f_owner->lock){....}-{3:3} -> (tasklist_lock){.+.+}-{3:3} [ 1002.590558][T17895] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1002.590558][T17895] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 1002.594521][T17895] (&dev->event_lock#2){..-.}-{3:3} [ 1002.594554][T17895] [ 1002.594554][T17895] ... which became SOFTIRQ-irq-safe at: [ 1002.599809][T17895] lock_acquire+0x179/0x350 [ 1002.601736][T17895] _raw_spin_lock_irqsave+0x3a/0x60 [ 1002.603746][T17895] input_inject_event+0x9f/0x3b0 [ 1002.605752][T17895] led_set_brightness+0x217/0x290 [ 1002.607965][T17895] led_trigger_event+0xda/0x270 [ 1002.610054][T17895] kbd_bh+0x21b/0x300 [ 1002.611885][T17895] tasklet_action_common+0x284/0x400 [ 1002.614189][T17895] handle_softirqs+0x219/0x8e0 [ 1002.616282][T17895] __irq_exit_rcu+0x109/0x170 [ 1002.618371][T17895] irq_exit_rcu+0x9/0x30 [ 1002.620232][T17895] sysvec_call_function+0xa4/0xc0 [ 1002.622444][T17895] asm_sysvec_call_function+0x1a/0x20 [ 1002.624918][T17895] _raw_spin_unlock_irqrestore+0x31/0x80 [ 1002.627598][T17895] do_con_write+0x430e/0x8280 [ 1002.629789][T17895] con_write+0x23/0xb0 [ 1002.631597][T17895] n_tty_write+0x41f/0x11e0 [ 1002.633611][T17895] file_tty_write.constprop.0+0x504/0x9b0 [ 1002.636126][T17895] vfs_write+0x7d3/0x11d0 [ 1002.637562][T17895] ksys_write+0x12a/0x250 [ 1002.639008][T17895] __do_fast_syscall_32+0x7c/0x3a0 [ 1002.640667][T17895] do_fast_syscall_32+0x32/0x80 [ 1002.642276][T17895] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1002.644347][T17895] [ 1002.644347][T17895] to a SOFTIRQ-irq-unsafe lock: [ 1002.646523][T17895] (tasklist_lock){.+.+}-{3:3} [ 1002.646540][T17895] [ 1002.646540][T17895] ... which became SOFTIRQ-irq-unsafe at: [ 1002.650618][T17895] ... [ 1002.650623][T17895] lock_acquire+0x179/0x350 [ 1002.652948][T17895] _raw_read_lock+0x5f/0x70 [ 1002.654450][T17895] __do_wait+0x105/0x890 [ 1002.655819][T17895] do_wait+0x21e/0x5a0 [ 1002.657168][T17895] kernel_wait+0x9f/0x160 [ 1002.658644][T17895] call_usermodehelper_exec_work+0xf1/0x170 [ 1002.660672][T17895] process_one_work+0x9cf/0x1b70 [ 1002.662597][T17895] worker_thread+0x6c8/0xf10 [ 1002.664310][T17895] kthread+0x3c5/0x780 [ 1002.665648][T17895] ret_from_fork+0x5d4/0x6f0 [ 1002.667134][T17895] ret_from_fork_asm+0x1a/0x30 [ 1002.668721][T17895] [ 1002.668721][T17895] other info that might help us debug this: [ 1002.668721][T17895] [ 1002.671787][T17895] Chain exists of: [ 1002.671787][T17895] &dev->event_lock#2 --> &f_owner->lock --> tasklist_lock [ 1002.671787][T17895] [ 1002.675991][T17895] Possible interrupt unsafe locking scenario: [ 1002.675991][T17895] [ 1002.678781][T17895] CPU0 CPU1 [ 1002.680806][T17895] ---- ---- [ 1002.682677][T17895] lock(tasklist_lock); [ 1002.684079][T17895] local_irq_disable(); [ 1002.686261][T17895] lock(&dev->event_lock#2); [ 1002.689354][T17895] lock(&f_owner->lock); [ 1002.692111][T17895] [ 1002.693552][T17895] lock(&dev->event_lock#2); [ 1002.695485][T17895] [ 1002.695485][T17895] *** DEADLOCK *** [ 1002.695485][T17895] [ 1002.698620][T17895] 5 locks held by syz.4.2641/17895: [ 1002.700291][T17895] #0: ffff8880708b6428 (sb_writers#5){.+.+}-{0:0}, at: path_openat+0x1f0f/0x2cb0 [ 1002.703339][T17895] #1: ffff888061964418 (&type->i_mutex_dir_key#5){++++}-{4:4}, at: path_openat+0x1534/0x2cb0 [ 1002.706794][T17895] #2: ffffffff9ae881b0 (&fsnotify_mark_srcu){.+.?}-{0:0}, at: fsnotify+0x5ed/0x1dc0 [ 1002.709768][T17895] #3: ffff8880534bd100 (&mark->lock){+.+.}-{3:3}, at: dnotify_handle_event+0x4b/0x2b0 [ 1002.712717][T17895] #4: ffff88806e092320 (&f_owner->lock){....}-{3:3}, at: send_sigio+0x31/0x3e0 [ 1002.715470][T17895] [ 1002.715470][T17895] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 1002.718682][T17895] -> (&dev->event_lock#2){..-.}-{3:3} { [ 1002.720507][T17895] IN-SOFTIRQ-W at: [ 1002.721848][T17895] lock_acquire+0x179/0x350 [ 1002.723882][T17895] _raw_spin_lock_irqsave+0x3a/0x60 [ 1002.726107][T17895] input_inject_event+0x9f/0x3b0 [ 1002.728781][T17895] led_set_brightness+0x217/0x290 [ 1002.731016][T17895] led_trigger_event+0xda/0x270 [ 1002.733145][T17895] kbd_bh+0x21b/0x300 [ 1002.735031][T17895] tasklet_action_common+0x284/0x400 [ 1002.737372][T17895] handle_softirqs+0x219/0x8e0 [ 1002.739534][T17895] __irq_exit_rcu+0x109/0x170 [ 1002.741634][T17895] irq_exit_rcu+0x9/0x30 [ 1002.743588][T17895] sysvec_call_function+0xa4/0xc0 [ 1002.745829][T17895] asm_sysvec_call_function+0x1a/0x20 [ 1002.748315][T17895] _raw_spin_unlock_irqrestore+0x31/0x80 [ 1002.750682][T17895] do_con_write+0x430e/0x8280 [ 1002.752777][T17895] con_write+0x23/0xb0 [ 1002.754738][T17895] n_tty_write+0x41f/0x11e0 [ 1002.756802][T17895] file_tty_write.constprop.0+0x504/0x9b0 [ 1002.759235][T17895] vfs_write+0x7d3/0x11d0 [ 1002.761840][T17895] ksys_write+0x12a/0x250 [ 1002.763946][T17895] __do_fast_syscall_32+0x7c/0x3a0 [ 1002.766306][T17895] do_fast_syscall_32+0x32/0x80 [ 1002.768646][T17895] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1002.771407][T17895] INITIAL USE at: [ 1002.772810][T17895] lock_acquire+0x179/0x350 [ 1002.774940][T17895] _raw_spin_lock_irqsave+0x3a/0x60 [ 1002.777346][T17895] input_inject_event+0x9f/0x3b0 [ 1002.779678][T17895] led_set_brightness+0x217/0x290 [ 1002.782075][T17895] kbd_led_trigger_activate+0xcb/0x110 [ 1002.784557][T17895] led_trigger_set+0x59a/0xc50 [ 1002.786879][T17895] led_trigger_set_default+0x1e0/0x2e0 [ 1002.789843][T17895] led_classdev_register_ext+0x7b8/0xa10 [ 1002.792496][T17895] input_leds_connect+0x552/0x8e0 [ 1002.795119][T17895] input_attach_handler.isra.0+0x173/0x250 [ 1002.798186][T17895] input_register_device+0xab9/0x1180 [ 1002.800670][T17895] atkbd_connect+0x5f8/0xa40 [ 1002.802995][T17895] serio_driver_probe+0x7f/0xd0 [ 1002.805286][T17895] really_probe+0x241/0xa90 [ 1002.807586][T17895] __driver_probe_device+0x1de/0x440 [ 1002.810455][T17895] driver_probe_device+0x4c/0x1b0 [ 1002.812878][T17895] __driver_attach+0x283/0x580 [ 1002.815136][T17895] bus_for_each_dev+0x13e/0x1d0 [ 1002.817496][T17895] serio_handle_event+0x335/0xc30 [ 1002.819918][T17895] process_one_work+0x9cf/0x1b70 [ 1002.822300][T17895] worker_thread+0x6c8/0xf10 [ 1002.824540][T17895] kthread+0x3c5/0x780 [ 1002.826528][T17895] ret_from_fork+0x5d4/0x6f0 [ 1002.829238][T17895] ret_from_fork_asm+0x1a/0x30 [ 1002.831517][T17895] } [ 1002.832456][T17895] ... key at: [] __key.7+0x0/0x40 [ 1002.834849][T17895] -> (&client->buffer_lock){....}-{3:3} { [ 1002.836841][T17895] INITIAL USE at: [ 1002.838280][T17895] lock_acquire+0x179/0x350 [ 1002.840484][T17895] _raw_spin_lock+0x2e/0x40 [ 1002.842690][T17895] evdev_handle_get_val+0x66/0x600 [ 1002.845048][T17895] evdev_do_ioctl+0x1059/0x1b30 [ 1002.847449][T17895] evdev_ioctl_compat+0x16f/0x1a0 [ 1002.850107][T17895] __ia32_compat_sys_ioctl+0x242/0x370 [ 1002.852554][T17895] __do_fast_syscall_32+0x7c/0x3a0 [ 1002.854709][T17895] do_fast_syscall_32+0x32/0x80 [ 1002.856809][T17895] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1002.859444][T17895] } [ 1002.860359][T17895] ... key at: [] __key.1+0x0/0x40 [ 1002.862792][T17895] ... acquired at: [ 1002.864093][T17895] _raw_spin_lock+0x2e/0x40 [ 1002.865624][T17895] evdev_handle_get_val+0x66/0x600 [ 1002.867421][T17895] evdev_do_ioctl+0x1059/0x1b30 [ 1002.869175][T17895] evdev_ioctl_compat+0x16f/0x1a0 [ 1002.871194][T17895] __ia32_compat_sys_ioctl+0x242/0x370 [ 1002.873462][T17895] __do_fast_syscall_32+0x7c/0x3a0 [ 1002.875688][T17895] do_fast_syscall_32+0x32/0x80 [ 1002.877569][T17895] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1002.879990][T17895] [ 1002.880911][T17895] -> (&new->fa_lock){....}-{3:3} { [ 1002.882951][T17895] INITIAL USE at: [ 1002.884291][T17895] lock_acquire+0x179/0x350 [ 1002.886428][T17895] _raw_write_lock_irq+0x36/0x50 [ 1002.888722][T17895] fasync_remove_entry+0xb2/0x1e0 [ 1002.890979][T17895] fasync_helper+0xaf/0xd0 [ 1002.893073][T17895] sock_fasync+0x92/0x140 [ 1002.895063][T17895] __fput+0x96b/0xb70 [ 1002.897069][T17895] task_work_run+0x14d/0x240 [ 1002.899347][T17895] exit_to_user_mode_loop+0xeb/0x110 [ 1002.901690][T17895] __do_fast_syscall_32+0x2ac/0x3a0 [ 1002.903989][T17895] do_fast_syscall_32+0x32/0x80 [ 1002.906143][T17895] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1002.909099][T17895] INITIAL READ USE at: [ 1002.910650][T17895] lock_acquire+0x179/0x350 [ 1002.912835][T17895] _raw_read_lock_irqsave+0x74/0x90 [ 1002.915202][T17895] kill_fasync+0x138/0x510 [ 1002.917644][T17895] sock_wake_async+0x132/0x160 [ 1002.919954][T17895] unix_release_sock+0xc0d/0x14f0 [ 1002.922333][T17895] unix_release+0x91/0xf0 [ 1002.924563][T17895] __sock_release+0xb0/0x270 [ 1002.926718][T17895] sock_close+0x1c/0x30 [ 1002.929126][T17895] __fput+0x402/0xb70 [ 1002.931137][T17895] task_work_run+0x14d/0x240 [ 1002.933433][T17895] get_signal+0x1d1/0x26d0 [ 1002.935607][T17895] arch_do_signal_or_restart+0x8f/0x790 [ 1002.938181][T17895] exit_to_user_mode_loop+0x84/0x110 [ 1002.940625][T17895] __do_fast_syscall_32+0x2ac/0x3a0 [ 1002.943194][T17895] do_fast_syscall_32+0x32/0x80 [ 1002.945513][T17895] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1002.948280][T17895] } [ 1002.949182][T17895] ... key at: [] __key.0+0x0/0x40 [ 1002.951556][T17895] ... acquired at: [ 1002.952889][T17895] _raw_read_lock_irqsave+0x74/0x90 [ 1002.954694][T17895] kill_fasync+0x138/0x510 [ 1002.956255][T17895] evdev_pass_values+0x619/0x9b0 [ 1002.958084][T17895] evdev_events+0x1bb/0x390 [ 1002.959622][T17895] input_pass_values+0x74b/0x880 [ 1002.961351][T17895] input_handle_event+0xf00/0x14d0 [ 1002.963143][T17895] input_inject_event+0x1e8/0x3b0 [ 1002.964931][T17895] evdev_write+0x2e1/0x440 [ 1002.966442][T17895] vfs_write+0x2a0/0x11d0 [ 1002.968077][T17895] ksys_write+0x1f8/0x250 [ 1002.969684][T17895] __do_fast_syscall_32+0x7c/0x3a0 [ 1002.971432][T17895] do_fast_syscall_32+0x32/0x80 [ 1002.973110][T17895] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1002.975230][T17895] [ 1002.975963][T17895] -> (&f_owner->lock){....}-{3:3} { [ 1002.977513][T17895] INITIAL USE at: [ 1002.978688][T17895] lock_acquire+0x179/0x350 [ 1002.980512][T17895] _raw_write_lock_irq+0x36/0x50 [ 1002.982673][T17895] __f_setown+0x61/0x3c0 [ 1002.984621][T17895] f_setown+0x122/0x290 [ 1002.986484][T17895] do_fcntl+0xfa6/0x15a0 [ 1002.988757][T17895] do_compat_fcntl64+0x367/0x710 [ 1002.990970][T17895] __do_fast_syscall_32+0x7c/0x3a0 [ 1002.993120][T17895] do_fast_syscall_32+0x32/0x80 [ 1002.995210][T17895] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1002.997726][T17895] INITIAL READ USE at: [ 1002.999155][T17895] lock_acquire+0x179/0x350 [ 1003.001782][T17895] _raw_read_lock_irqsave+0x74/0x90 [ 1003.004135][T17895] send_sigio+0x31/0x3e0 [ 1003.006161][T17895] kill_fasync+0x214/0x510 [ 1003.008291][T17895] sock_wake_async+0x132/0x160 [ 1003.010401][T17895] unix_release_sock+0xc0d/0x14f0 [ 1003.012757][T17895] unix_release+0x91/0xf0 [ 1003.014793][T17895] __sock_release+0xb0/0x270 [ 1003.016818][T17895] sock_close+0x1c/0x30 [ 1003.018908][T17895] __fput+0x402/0xb70 [ 1003.020817][T17895] task_work_run+0x14d/0x240 [ 1003.023205][T17895] get_signal+0x1d1/0x26d0 [ 1003.025500][T17895] arch_do_signal_or_restart+0x8f/0x790 [ 1003.027938][T17895] exit_to_user_mode_loop+0x84/0x110 [ 1003.030364][T17895] __do_fast_syscall_32+0x2ac/0x3a0 [ 1003.033441][T17895] do_fast_syscall_32+0x32/0x80 [ 1003.036703][T17895] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1003.039863][T17895] } [ 1003.040840][T17895] ... key at: [] __key.1+0x0/0x40 [ 1003.043451][T17895] ... acquired at: [ 1003.044832][T17895] _raw_read_lock_irqsave+0x74/0x90 [ 1003.046568][T17895] send_sigio+0x31/0x3e0 [ 1003.048337][T17895] kill_fasync+0x214/0x510 [ 1003.050131][T17895] sock_wake_async+0x132/0x160 [ 1003.052318][T17895] unix_release_sock+0xc0d/0x14f0 [ 1003.054310][T17895] unix_release+0x91/0xf0 [ 1003.055752][T17895] __sock_release+0xb0/0x270 [ 1003.057223][T17895] sock_close+0x1c/0x30 [ 1003.058714][T17895] __fput+0x402/0xb70 [ 1003.060202][T17895] task_work_run+0x14d/0x240 [ 1003.062289][T17895] get_signal+0x1d1/0x26d0 [ 1003.064259][T17895] arch_do_signal_or_restart+0x8f/0x790 [ 1003.066352][T17895] exit_to_user_mode_loop+0x84/0x110 [ 1003.068328][T17895] __do_fast_syscall_32+0x2ac/0x3a0 [ 1003.070601][T17895] do_fast_syscall_32+0x32/0x80 [ 1003.072701][T17895] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1003.075336][T17895] [ 1003.076343][T17895] [ 1003.076343][T17895] the dependencies between the lock to be acquired [ 1003.076352][T17895] and SOFTIRQ-irq-unsafe lock: [ 1003.081773][T17895] -> (tasklist_lock){.+.+}-{3:3} { [ 1003.083922][T17895] HARDIRQ-ON-R at: [ 1003.085520][T17895] lock_acquire+0x179/0x350 [ 1003.088038][T17895] _raw_read_lock+0x5f/0x70 [ 1003.090487][T17895] __do_wait+0x105/0x890 [ 1003.093067][T17895] do_wait+0x21e/0x5a0 [ 1003.095424][T17895] kernel_wait+0x9f/0x160 [ 1003.097753][T17895] call_usermodehelper_exec_work+0xf1/0x170 [ 1003.100684][T17895] process_one_work+0x9cf/0x1b70 [ 1003.103484][T17895] worker_thread+0x6c8/0xf10 [ 1003.106002][T17895] kthread+0x3c5/0x780 [ 1003.108310][T17895] ret_from_fork+0x5d4/0x6f0 [ 1003.110834][T17895] ret_from_fork_asm+0x1a/0x30 [ 1003.113413][T17895] SOFTIRQ-ON-R at: [ 1003.115039][T17895] lock_acquire+0x179/0x350 [ 1003.117502][T17895] _raw_read_lock+0x5f/0x70 [ 1003.119912][T17895] __do_wait+0x105/0x890 [ 1003.122272][T17895] do_wait+0x21e/0x5a0 [ 1003.124715][T17895] kernel_wait+0x9f/0x160 [ 1003.127220][T17895] call_usermodehelper_exec_work+0xf1/0x170 [ 1003.130354][T17895] process_one_work+0x9cf/0x1b70 [ 1003.133183][T17895] worker_thread+0x6c8/0xf10 [ 1003.135519][T17895] kthread+0x3c5/0x780 [ 1003.137332][T17895] ret_from_fork+0x5d4/0x6f0 [ 1003.140185][T17895] ret_from_fork_asm+0x1a/0x30 [ 1003.142949][T17895] INITIAL USE at: [ 1003.144532][T17895] lock_acquire+0x179/0x350 [ 1003.146891][T17895] _raw_write_lock_irq+0x36/0x50 [ 1003.149150][T17895] copy_process+0x4caf/0x7690 [ 1003.151556][T17895] kernel_clone+0xfc/0x930 [ 1003.153445][T17895] user_mode_thread+0xc7/0x110 [ 1003.155309][T17895] rest_init+0x23/0x2b0 [ 1003.157062][T17895] start_kernel+0x3ee/0x4d0 [ 1003.159383][T17895] x86_64_start_reservations+0x18/0x30 [ 1003.161947][T17895] x86_64_start_kernel+0x130/0x190 [ 1003.164400][T17895] common_startup_64+0x13e/0x148 [ 1003.166814][T17895] INITIAL READ USE at: [ 1003.168366][T17895] lock_acquire+0x179/0x350 [ 1003.170284][T17895] _raw_read_lock+0x5f/0x70 [ 1003.172431][T17895] __do_wait+0x105/0x890 [ 1003.174391][T17895] do_wait+0x21e/0x5a0 [ 1003.176653][T17895] kernel_wait+0x9f/0x160 [ 1003.178899][T17895] call_usermodehelper_exec_work+0xf1/0x170 [ 1003.181807][T17895] process_one_work+0x9cf/0x1b70 [ 1003.184350][T17895] worker_thread+0x6c8/0xf10 [ 1003.186667][T17895] kthread+0x3c5/0x780 [ 1003.188942][T17895] ret_from_fork+0x5d4/0x6f0 [ 1003.191208][T17895] ret_from_fork_asm+0x1a/0x30 [ 1003.193781][T17895] } [ 1003.194784][T17895] ... key at: [] tasklist_lock+0x18/0x40 [ 1003.197836][T17895] ... acquired at: [ 1003.199292][T17895] lock_acquire+0x179/0x350 [ 1003.201053][T17895] _raw_read_lock+0x5f/0x70 [ 1003.202633][T17895] send_sigio+0xb8/0x3e0 [ 1003.204498][T17895] dnotify_handle_event+0x15e/0x2b0 [ 1003.206506][T17895] fsnotify_handle_inode_event.isra.0+0x1df/0x3f0 [ 1003.208850][T17895] fsnotify+0x13d6/0x1dc0 [ 1003.210379][T17895] path_openat+0x1b50/0x2cb0 [ 1003.211827][T17895] do_filp_open+0x20b/0x470 [ 1003.213694][T17895] do_sys_openat2+0x11b/0x1d0 [ 1003.215503][T17895] __ia32_compat_sys_openat+0x16d/0x210 [ 1003.217806][T17895] __do_fast_syscall_32+0x7c/0x3a0 [ 1003.219832][T17895] do_fast_syscall_32+0x32/0x80 [ 1003.221743][T17895] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1003.223784][T17895] [ 1003.224538][T17895] [ 1003.224538][T17895] stack backtrace: [ 1003.226342][T17895] CPU: 3 UID: 0 PID: 17895 Comm: syz.4.2641 Not tainted syzkaller #0 PREEMPT(full) [ 1003.226356][T17895] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1003.226363][T17895] Call Trace: [ 1003.226369][T17895] [ 1003.226374][T17895] dump_stack_lvl+0x116/0x1f0 [ 1003.226390][T17895] check_irq_usage+0x7dc/0x920 [ 1003.226404][T17895] ? lock_release+0x201/0x2f0 [ 1003.226418][T17895] ? check_path.constprop.0+0x24/0x50 [ 1003.226431][T17895] ? __lock_acquire+0x12bc/0x1ce0 [ 1003.226444][T17895] __lock_acquire+0x12bc/0x1ce0 [ 1003.226458][T17895] ? __lock_acquire+0x107f/0x1ce0 [ 1003.226471][T17895] lock_acquire+0x179/0x350 [ 1003.226543][T17895] ? send_sigio+0xb8/0x3e0 [ 1003.226561][T17895] _raw_read_lock+0x5f/0x70 [ 1003.226573][T17895] ? send_sigio+0xb8/0x3e0 [ 1003.226586][T17895] send_sigio+0xb8/0x3e0 [ 1003.226606][T17895] dnotify_handle_event+0x15e/0x2b0 [ 1003.226621][T17895] ? __pfx_dnotify_handle_event+0x10/0x10 [ 1003.226634][T17895] fsnotify_handle_inode_event.isra.0+0x1df/0x3f0 [ 1003.226647][T17895] fsnotify+0x13d6/0x1dc0 [ 1003.226663][T17895] ? __pfx_fsnotify+0x10/0x10 [ 1003.226674][T17895] ? __pfx_down_write+0x10/0x10 [ 1003.226689][T17895] ? mnt_get_write_access+0x20c/0x300 [ 1003.226704][T17895] path_openat+0x1b50/0x2cb0 [ 1003.226717][T17895] ? __pfx_path_openat+0x10/0x10 [ 1003.226729][T17895] ? __lock_acquire+0xb97/0x1ce0 [ 1003.226742][T17895] do_filp_open+0x20b/0x470 [ 1003.226754][T17895] ? __pfx_do_filp_open+0x10/0x10 [ 1003.226769][T17895] ? _raw_spin_unlock+0x28/0x50 [ 1003.226780][T17895] ? alloc_fd+0x471/0x7d0 [ 1003.226792][T17895] do_sys_openat2+0x11b/0x1d0 [ 1003.226808][T17895] ? __pfx_do_sys_openat2+0x10/0x10 [ 1003.226824][T17895] __ia32_compat_sys_openat+0x16d/0x210 [ 1003.226835][T17895] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 1003.226846][T17895] ? rcu_is_watching+0x12/0xc0 [ 1003.226857][T17895] __do_fast_syscall_32+0x7c/0x3a0 [ 1003.226872][T17895] do_fast_syscall_32+0x32/0x80 [ 1003.226885][T17895] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1003.226899][T17895] RIP: 0023:0xf7fd2579 [ 1003.226908][T17895] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1003.226918][T17895] RSP: 002b:00000000f54f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000127 [ 1003.226928][T17895] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000940 [ 1003.226935][T17895] RDX: 00000000000026e1 RSI: 0000000000000000 RDI: 0000000000000000 [ 1003.226941][T17895] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1003.226948][T17895] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1003.226954][T17895] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1003.226963][T17895] [ 1003.244548][T17885] [U] è`` [ 1003.246199][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 1003.460035][T17895] bond0: (slave syz_tun): Releasing backup interface [ 1003.616768][ T1137] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1003.755868][ T1137] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1003.826775][ T1137] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1003.875909][ T1137] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1003.952732][ T1137] bridge_slave_1: left allmulticast mode [ 1003.954665][ T1137] bridge_slave_1: left promiscuous mode [ 1003.956583][ T1137] bridge0: port 2(bridge_slave_1) entered disabled state [ 1004.060593][ T1137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1004.064858][ T1137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1004.069140][ T1137] bond0 (unregistering): Released all slaves [ 1004.074472][ T1137] bond1 (unregistering): Released all slaves [ 1004.078360][ T1137] bond2 (unregistering): Released all slaves [ 1004.145452][ T1137] bond3 (unregistering): (slave veth3): Releasing active interface [ 1004.148892][ T1137] bond3 (unregistering): (slave veth0_to_bond): Releasing active interface [ 1004.151896][ T1137] bond3 (unregistering): Released all slaves [ 1004.234295][ T1137] tipc: Disabling bearer [ 1004.236020][ T1137] tipc: Left network mode [ 1004.421427][ T1137] hsr_slave_0: left promiscuous mode [ 1004.424404][ T1137] hsr_slave_1: left promiscuous mode [ 1004.426303][ T1137] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1004.428722][ T1137] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1004.431352][ T1137] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1004.434080][ T1137] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1004.436622][ T1137] batman_adv: batadv0: Removing interface: team0 [ 1004.440506][ T1137] veth1_macvtap: left promiscuous mode [ 1004.442150][ T1137] veth0_macvtap: left promiscuous mode [ 1004.443848][ T1137] veth1_vlan: left promiscuous mode [ 1004.445483][ T1137] veth0_vlan: left promiscuous mode [ 1004.579304][ T1137] team0 (unregistering): Port device team_slave_1 removed [ 1004.622465][ T1137] team0 (unregistering): Port device team_slave_0 removed [ 1005.215891][ T1137] IPVS: stop unused estimator thread 0... [ 1005.327136][ T1137] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1005.405996][ T1137] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1005.496091][ T1137] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1005.546472][ T1137] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1005.609383][ T1137] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1005.656526][ T1137] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1005.728090][ T1137] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1005.799630][ T1137] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1005.877267][ T1137] bridge_slave_1: left allmulticast mode [ 1005.879458][ T1137] bridge_slave_1: left promiscuous mode [ 1005.881894][ T1137] bridge0: port 2(bridge_slave_1) entered disabled state [ 1005.886535][ T1137] bridge_slave_0: left allmulticast mode [ 1005.888888][ T1137] bridge_slave_0: left promiscuous mode [ 1005.891234][ T1137] bridge0: port 1(bridge_slave_0) entered disabled state [ 1005.896299][ T1137] bridge_slave_1: left allmulticast mode [ 1005.898635][ T1137] bridge_slave_1: left promiscuous mode [ 1005.900784][ T1137] bridge0: port 2(bridge_slave_1) entered disabled state [ 1005.905054][ T1137] bridge_slave_0: left allmulticast mode [ 1005.906820][ T1137] bridge_slave_0: left promiscuous mode [ 1005.908613][ T1137] bridge0: port 1(bridge_slave_0) entered disabled state [ 1006.042703][ T1137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1006.046053][ T1137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1006.049112][ T1137] bond0 (unregistering): Released all slaves [ 1006.132541][ T1137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1006.137133][ T1137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1006.141242][ T1137] bond0 (unregistering): Released all slaves [ 1006.599706][ T1137] hsr_slave_0: left promiscuous mode [ 1006.601965][ T1137] hsr_slave_1: left promiscuous mode [ 1006.604162][ T1137] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1006.606563][ T1137] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1006.609460][ T1137] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1006.612725][ T1137] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1006.615615][ T1137] batman_adv: batadv0: Removing interface: team0 [ 1006.620161][ T1137] hsr_slave_0: left promiscuous mode [ 1006.622705][ T1137] hsr_slave_1: left promiscuous mode [ 1006.624672][ T1137] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1006.626962][ T1137] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1006.629529][ T1137] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1006.631704][ T1137] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1006.636186][ T1137] batman_adv: batadv0: Removing interface: team0 [ 1006.641746][ T1137] veth1_macvtap: left promiscuous mode [ 1006.644081][ T1137] veth0_macvtap: left promiscuous mode [ 1006.646008][ T1137] veth1_vlan: left promiscuous mode [ 1006.647775][ T1137] veth0_vlan: left promiscuous mode [ 1006.649837][ T1137] batadv0: left allmulticast mode [ 1006.651533][ T1137] batadv0: left promiscuous mode [ 1006.653347][ T1137] veth1_macvtap: left promiscuous mode [ 1006.655033][ T1137] veth0_macvtap: left promiscuous mode [ 1006.656787][ T1137] veth1_vlan: left promiscuous mode [ 1006.658474][ T1137] veth0_vlan: left promiscuous mode [ 1006.775427][ T1137] team0 (unregistering): Port device team_slave_1 removed [ 1006.810549][ T1137] team0 (unregistering): Port device team_slave_0 removed [ 1007.213504][ T1137] team0 (unregistering): Port device team_slave_1 removed [ 1007.266320][ T1137] team0 (unregistering): Port device team_slave_0 removed VM DIAGNOSIS: 02:11:09 Registers: info registers vcpu 0 CPU#0 RAX=00000002000008fd RBX=ffff888023dc0000 RCX=0000000000000830 RDX=0000000000000002 RSI=00000000000000fd RDI=0000000000000002 RBP=0000000000000008 RSP=ffffc90003617598 R8 =0000000000000000 R9 =fffffbfff2157032 R10=ffffffff90ab8197 R11=0000000000000000 R12=1ffff920006c2eb4 R13=0000000000000003 R14=0000000000000001 R15=ffffc900036175c0 RIP=ffffffff81695748 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880974c3000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080000100 CR3=0000000064c96000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=dffffc0000000000 RBX=ffff8880234ac830 RCX=ffff88801b861848 RDX=1ffff11004695845 RSI=ffff88801b861848 RDI=ffff8880234ac228 RBP=ffff8880234ac848 RSP=ffffc90003287b80 R8 =0000000000000006 R9 =ffff8880234acd79 R10=ffff8880234ac830 R11=0000000000000000 R12=dffffc0000000000 R13=ffff8880234ac830 R14=ffff8880234ac218 R15=ffff8880200596f8 RIP=ffffffff8b8c3619 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880975c3000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000315caffc CR3=0000000064c96000 CR4=00352ef0 DR0=0000000000000680 DR1=0000000000000003 DR2=0000000000000007 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffff88802b541d40 RCX=ffffffff81af11d1 RDX=ffff8880260aa440 RSI=ffffffff81af11ab RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc90003b174b8 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=dffffc0000000000 R13=ffffed10056a83a9 R14=0000000000000001 R15=0000000000000003 RIP=ffffffff81af11b2 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880976c3000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7fd6e40 CR3=000000000e380000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f7474ff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85616e45 RDI=ffffffff9b0f9700 RBP=ffffffff9b0f96c0 RSP=ffffc90003967160 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=000000000000002d R14=ffffffff9b0f96c0 R15=ffffffff85616de0 RIP=ffffffff85616e6f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880977c3000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7496288 CR3=000000007771b000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000