last executing test programs: 17.381581851s ago: executing program 1 (id=1764): bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0), 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xc, 0x4, &(0x7f00000003c0)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$MEDIA_IOC_SETUP_LINK(0xffffffffffffffff, 0xc0347c03, &(0x7f0000000e80)={{}, {0x80000000, 0x0, 0x0, [0x3, 0x80]}}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x6, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x395, 0xffffffffffffffff, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0x2002c810) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000280)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4004}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000480)=ANY=[@ANYBLOB="94000000", @ANYRES16=r4, @ANYBLOB="010000000000000000000a000000800004801300010062726f6164636173742d6c696e6b00002400078008000300000000000800030007000000080001000000000008000300050000002c000780080002000100000008000400000100000800030004000000080001001500000008332101f89e4f0481000200030000006a00010073797a30000000000900010073797a3100000000"], 0x94}}, 0x0) socket$netlink(0x10, 0x3, 0x5) r5 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, @dev, @dev={0xfe, 0x80, '\x00', 0x37}, 0x10, 0x0, 0x0, 0x5}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'syztnl1\x00', 0x0, 0x29, 0x0, 0x0, 0x40, 0x0, @dev={0xfe, 0x80, '\x00', 0xfc}, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x0, 0x0, 0x0, 0x4007}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) 14.299636898s ago: executing program 1 (id=1786): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x54, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x54}, 0x1, 0x0, 0xf00}, 0x0) 11.257711798s ago: executing program 1 (id=1809): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000008000000000000000095"], &(0x7f0000000100)='syzkaller\x00'}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x0, 0x4}, {0x0, 0x2}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x58, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x7f, 0x9, 0x1, 0x6, 0x7}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x0) r7 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000004700)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000047c0)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="05042bbd7000fedbdf250100000008000100", @ANYRES32=r8, @ANYBLOB="4400028040000100240001"], 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000001140)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000001180)={'vxcan0\x00', 0x0}) r11 = socket$nl_route(0x10, 0x3, 0x0) r12 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000100)={'bridge0\x00', 0x0}) sendmsg$nl_route(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c000100000000000000000007000000", @ANYRES32=r13, @ANYBLOB="4000aa000a0002"], 0x28}, 0x1, 0x0, 0x0, 0x44800}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000011c0)={'team0\x00', 0x0}) getpeername$packet(0xffffffffffffffff, &(0x7f0000001200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000001240)=0x14) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000001280)={@dev, @dev, 0x0}, &(0x7f00000012c0)=0xc) r17 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) keyctl$read(0xb, r17, &(0x7f0000001300)=""/4080, 0xff0) r18 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_SIOCETHTOOL(r18, 0x8946, &(0x7f0000000440)={'wlan0\x00', &(0x7f00000001c0)=@ethtool_pauseparam={0x13, 0x82, 0x809, 0xc}}) sendmsg$TEAM_CMD_PORT_LIST_GET(r1, &(0x7f0000001340)={&(0x7f0000001000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001300)={&(0x7f0000001480)=ANY=[@ANYBLOB="9c020000", @ANYRES16=r7, @ANYBLOB="000227bd7000ffdbdf250300000008000100", @ANYRES32=r9, @ANYBLOB="8401028040000100240001007072696f72697479000000000000000000000000000000000000000000000000050003000e000000080004000900000008000600", @ANYRES32=r10, @ANYBLOB="4c000100240001006270665f686173685f66756e6300000000000000000000000000400000000000050003000b0000001c000400c0050e800700000004000e026602000002006b0b000200003800010024000100616374697665706f727400000000000000000000000000000000000000000000050003000300000008000400", @ANYRES32=r13, @ANYBLOB="38000100240001006c625f73746174735f726566726573685f696e74657276616c000000000000000500030003000000080004000d05000038000100240001006d636173745f72656a6f696e5f636f756e740000000000000000000000000000050003000300000008000400000000804c000100240001006c625f74785f6d6574686f640000000000000000000000000000000000000000050003000500000019000400686173685f746f5f706f72745f6d617070696e670000000008000100", @ANYRES32=r14, @ANYBLOB="f40002803c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=r15, @ANYBLOB="40000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b0000000800040000040000080007000000000038000100240001006d636173745f72656a6f696e5f636f756e740000000000000000000000000000050003000300000008000400050000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=r16, @ANYBLOB], 0x29c}, 0x1, 0x0, 0x0, 0x80}, 0x20000000) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000005c0)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x3, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) syz_open_dev$tty1(0xc, 0x4, 0x1) 8.217121393s ago: executing program 1 (id=1820): r0 = syz_open_dev$media(0x0, 0x2, 0x0) ioctl$MEDIA_IOC_G_TOPOLOGY(r0, 0xc0487c04, &(0x7f00000001c0)={0x0, 0x2, 0x0, &(0x7f00000004c0)=[{0x80000000}, {}], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$MEDIA_IOC_SETUP_LINK(r0, 0xc0347c03, &(0x7f0000000e80)={{r1}, {0x80000000, 0x0, 0x0, [0x3, 0x80]}}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) socket$netlink(0x10, 0x3, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x6, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x395, 0xffffffffffffffff, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0xffffffff, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x2002c810) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x707cb000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2000000000002) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/msg\x00', 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_trie\x00') preadv(r6, &(0x7f0000000600)=[{&(0x7f0000000380)=""/116, 0x74}], 0x1, 0x82000001, 0xff) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000280)=[0xffffffffffffffff, r6], 0x2) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00') preadv(r7, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000180)=""/214, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r2, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) shutdown(r2, 0x1) recvfrom(r2, &(0x7f0000000480)=""/110, 0x168f6f3d, 0x734, 0x0, 0xfffffffffffffecb) 5.181268935s ago: executing program 1 (id=1844): syz_emit_ethernet(0x46, 0x0, 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_usbip_server_init(0x6) setgroups(0x0, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000980)={{0x1, 0xffffffffffffffff}, &(0x7f0000000380), &(0x7f0000000940)=r4}, 0x1c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYRES16=r0], &(0x7f0000000280)='syzkaller\x00', 0x6, 0x1e, &(0x7f0000000300)=""/30, 0x41000, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000bc0)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000c00)={0x4, 0xb, 0x902c}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000cc0)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r5, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x7}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) socket$inet6(0xa, 0xde3124075144940a, 0x5) syz_clone3(&(0x7f000000c340)={0xa802100, 0x0, 0x0, 0x0, {0x2e}, 0x0, 0x0, 0x0, &(0x7f0000000340)=[0x0], 0x1}, 0x58) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) r8 = dup(r7) write$uinput_user_dev(r8, &(0x7f00000004c0)={'syz0\x00', {0x87, 0x3, 0x1, 0x9}, 0x7, [0x4, 0x6, 0x802, 0xe9a2, 0x1, 0x0, 0xa9ba, 0xc1f, 0x1, 0x7f5b, 0x3, 0x6, 0x5, 0x10004, 0x2, 0x3, 0x0, 0x3, 0xe, 0x3, 0x0, 0x2, 0xd9, 0x2, 0x6, 0x0, 0x3, 0x9, 0xfff, 0x8a0, 0x6, 0x8001, 0x33b5, 0x1, 0xfffffffc, 0x0, 0x9, 0xb, 0xcc, 0x4, 0x80, 0x401, 0x5, 0x5, 0xfffffffd, 0x8, 0xb, 0x3, 0xffff8001, 0x6, 0x3, 0x80000000, 0x1, 0xa, 0x7, 0x8, 0x5, 0xfff, 0x1, 0x7fe, 0x7fff, 0x10000, 0x2, 0x8], [0x2, 0x1, 0x10000, 0x7, 0x9, 0x6, 0x5, 0x4, 0x9, 0x7, 0x5, 0xdd5a, 0x6, 0x5, 0x7, 0x8, 0x5, 0xcc, 0xbc1, 0x80000, 0x0, 0x5e81339d, 0xffffc256, 0xb, 0x80000001, 0x0, 0x0, 0x4, 0x4, 0x7, 0x8, 0x10d, 0x1, 0x5, 0x5, 0xfffffb66, 0xfb5, 0x2, 0x4, 0x7, 0x2, 0x8000, 0x7fff, 0x1, 0x9425, 0x4, 0x6f, 0x80b, 0x1, 0x1, 0x525ba681, 0x4f74, 0x7, 0x1, 0x1, 0xfffffffd, 0x100, 0x6, 0x10000, 0x1306, 0x8b, 0x10000, 0xfe4, 0x3ff], [0x2, 0x40, 0x200, 0xfffffff9, 0x7aa, 0x10, 0x80, 0x8001, 0x5, 0x0, 0x9, 0x8, 0x7fffffff, 0x1, 0x1, 0x4, 0x8, 0xfffffffa, 0x7, 0x49, 0x6, 0x4, 0x5, 0xa3, 0x40003, 0x2, 0x0, 0x3, 0x4c, 0x3, 0x5, 0x4, 0xd21e, 0x9, 0x12, 0x0, 0x2, 0xfff, 0x926, 0x800100, 0x7c83, 0xd, 0x1, 0x4, 0xf, 0x81, 0x47, 0x7, 0x0, 0x11, 0x2, 0xffd, 0x7, 0x7, 0x7ffd, 0x7ff, 0x10, 0x2, 0x10001, 0x8000001, 0x10001, 0x6, 0x71c], [0x81, 0x3, 0x10, 0x4e26, 0x3, 0x7, 0xfffffff3, 0x497, 0x4, 0x1, 0x3, 0x5, 0x56, 0xc28, 0x9, 0x5, 0x5, 0xa, 0x79a, 0x4, 0x9, 0x6, 0xc41f, 0x5, 0x8b6, 0xffffffff, 0x0, 0x0, 0x6a, 0x9, 0x0, 0x0, 0x1000, 0x10, 0xd, 0x6, 0x8000, 0x53, 0x78d, 0x4, 0x1, 0xffffb027, 0xfffffff8, 0x9, 0x7, 0x7, 0x101, 0x7, 0x7, 0x4, 0x0, 0xb, 0x400400, 0x8, 0x0, 0x8, 0x7, 0x9, 0x8, 0x0, 0x1, 0x8001, 0xfffffff7, 0x5]}, 0x45c) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="380000000314230c2dbd7000ffdbdf250900020073797a32000f00000800410072786500140033007767320000000000000000000000000066129cbdaaf92ea305126427a766b1c085924cd6ad57b03cfe9655f622d77d2aeea86454e08d702ca2d6392ca31ef21b722d78da5d90886bb0db32b0e33c89a5e901bb4e0379f25665d395238e6730ad37288567b268fe7f1586d588e526e7d727ec73b81279a75e879dd960e5107507609756ec582a8032a0ae41beb16ed972c66cc59029b79ace6666660cde28316ee23ff7ea64e39ae6d39b5f45f5ccf2adaffee80cc44776710ba5c2a2e806dcb0a1fd133d11902dea4f"], 0x38}, 0x1, 0x0, 0x0, 0x400c080}, 0x20004004) pipe(&(0x7f0000000080)) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) 3.782898547s ago: executing program 2 (id=1853): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r2 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_DEL_MIF(r2, 0x29, 0xc8, 0x0, 0xc000000) write$tun(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa000000000086dd6d0000000008110000000000000000010000800100000000ffea"], 0x42) 3.654484644s ago: executing program 2 (id=1854): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0x18, 0xb, &(0x7f0000005300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) socket$inet6_udplite(0xa, 0x2, 0x88) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x18) r1 = syz_io_uring_setup(0x5ce, &(0x7f0000000240)={0x0, 0x7730, 0x80, 0x0, 0x34d}, &(0x7f0000000480)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0xb2752a96f73d6e14, 0x0, 0x0, 0x0, 0x23456}) io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0xff00) 3.613293679s ago: executing program 2 (id=1855): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0003001c00000003000000010000000000000e0200000000000000000000000000000604000000002e"], 0x0, 0x37}, 0x20) 3.549575383s ago: executing program 2 (id=1856): r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}, 0x1}) bpf$MAP_CREATE(0x0, 0x0, 0xb285f305e6b16ca5) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/5, 0x1c000, 0x800, 0x8, 0x2}, 0x1c) setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f00000000c0)=0x100, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) bind$xdp(r1, &(0x7f00000001c0)={0x2c, 0x0, r3}, 0x10) gettid() bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x1, r3, 0x8000000, r1}, 0x10) socket$tipc(0x1e, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'team0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2004d808}, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r4, &(0x7f0000000980), 0xe) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x100000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000005}, 0x0, 0x0) 3.549426003s ago: executing program 2 (id=1857): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYBLOB="70000000120003020000000000000000000000000000000800"/56, @ANYRES32=0x0, @ANYBLOB="814b00000000000000000000000000002100010008"], 0x70}}, 0x0) 3.474339094s ago: executing program 2 (id=1858): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000580), 0x2000000, &(0x7f0000000300)=ANY=[@ANYBLOB="6d706f6c3d696e7465726c656176652c686173682c0039a7baa5f95d75736d950b65e5bfacfb1d9d4de1937a364ea85d6a1054306fd93d1f8cd2c5266272bab203d79e0f6ba12a611ab36dae30d5ae7e9165425b6d14f547f20cd0bba0b19e461f9a46bd4ce17fd1345d2dc0330184a59646826c05e01847cc59d8d2a96bb465c5195808d88967ded5235e04658e9104678415980538e1edef7fe06e8eb3231e214bd9df6e72baa1bd7342dc33eb64d0ea4a0bd2a5d7a72e956ee17ffaa22de9ffb46bf4eddacf0e76ae2b1792e85cc4469409e82600227bf2bb696e75c463e80d136cddca3ea7eca01864b37978b99ae1936f569cbbc28d6aea2cf13d96a35a1b469ef509d4de220944a11b5d245cf3d802c752372120c5ac74ba3cafd42f81aed26d8510af0f37680d3f0620dcfb510de984c88bd27869ffd60a"]) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26}) openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/keys\x00', 0x0, 0x0) keyctl$set_timeout(0xf, 0x0, 0x1000) 3.03044026s ago: executing program 0 (id=1863): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/config', 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SWAP(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x28, 0x6, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x8}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x20004004}, 0x4048400) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r5, 0x8910, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) ioctl$DRM_IOCTL_ADD_BUFS(0xffffffffffffffff, 0xc0186416, 0x0) writev(r6, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r7 = getpid() sched_setscheduler(r7, 0x1, &(0x7f0000000200)=0xfffffff8) syz_open_procfs(r7, &(0x7f0000000140)='net/bnep\x00') mount(0x0, 0x0, 0x0, 0x75809, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'bridge0\x00'}) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000040)={'syztnl2\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f0000000000)={0x0, 0x300, &(0x7f0000000680)={&(0x7f0000000e80)={0x44, r2, 0x801, 0x48e, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x14, 0x1, "4abee33957edf8aaae14574df4"}, @NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac04}]}]}, 0x44}}, 0x0) mkdirat(r0, 0x0, 0x42) 2.481218453s ago: executing program 0 (id=1867): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\v\x00\x00\x00\a\x00\x00\x00\b\x00\x00\x00\b\x00\x00'], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x7, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0, 0x0, 0x4}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x9b}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, @fallback=0x5}, 0x94) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) r2 = socket(0xa, 0x3, 0x3a) sendmsg$can_j1939(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)="78727a499e525f119c7664661dcc908dc4efcd5a5884bb80bc47db27231899bb30fad5ca37f19eb400eac60ac37904631cec513036c335f78b6c420f1965f569f9f9c2df61a07e411900c15d9e2f8404d1c3e32f23264e7c7196b941863eb46d59ed078666531b58da97eada981db7cb6c6d23c1bf68f59496152dcafe15720775a22eefe7e2430452ff18e9eca526fc83a03273bf2a20b74778fe3d5f099254f8e93a62235e409416682e7f1d37fb8394f80cad2b5eb8f07c012265b718267ffd1a94e2431dc2", 0xc7}, 0x1, 0x0, 0x0, 0x20000800}, 0x4000000) getsockopt$MRT6(r2, 0x29, 0x24, 0x0, &(0x7f0000000000)) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e00000027f0000010000000003"], 0x1c) r3 = socket$netlink(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000280)="390000001300034700bb65e1c3e4ffff01000000010000005600000625000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) 2.354070137s ago: executing program 0 (id=1868): set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0x7) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) set_mempolicy(0x4000, &(0x7f00000001c0)=0x5, 0x5) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0) write$sndseq(r2, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0x0, @tick, {0x5, 0xfd}, {}, @addr}, {0x10, 0x1, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {0x14}, @control={0x0, 0x0, 0x4}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue={0x3, {0x0, 0x5}}}], 0x70) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') preadv(r3, &(0x7f0000000100)=[{&(0x7f0000000140)=""/193, 0xc1}], 0x1, 0x36, 0xf5) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000905000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000300)="66b80500000066b9125300000f01d9660f990c66b94c0a000066b86f2b000066ba000000000f300f38cbf9b8cf000f00d0660f73d4090f01350fc7b60018dada2e660ff7fd", 0x45}], 0x1, 0x4, &(0x7f0000000180), 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20040844) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000400)={'#! ', '', [{0x20, 'r@A\xe3\xda\x9aC\xb7\xbd\x19\xbb\x06*K\x99iq\xd6\xa9C\rWu$\x17v\x87\x03\xe7\x86\xbbK\xb5\x95\x1eQ\xb6\x7f\x95B\xeb\xfb\x93\xfa;\xd7\xa9.\xce~\t\x94_?\x92\n\xf0\xdb\xedZY \xa5.|\xa6o\xd5\nO\xff)\b\x16'}, {0x20, '\xce\xbb\xc3\a\xdd'}, {}, {0x20, '\xf3q\f/\xf8\x10\xf6\x1e[\xecKh;\f\xb9\xc6\xcfQ\v\xb7`\xe0\n\x86\xac:/\xc1\xf6H\xcf\f\xdd\xa4g\x93h\x10/\xaf\xd4x\xfc\xfd\x964s\xe2\xbd\x9d\xc9\x1b\x19wF>k5f\xd2\x1b\xbf\xa7\x03\x1fnR\x00\x80\xa3\xf8O\x16MP<\n%\x03*\xcdc\xe0\x1b\x80\xed\v\x8e\xc0\x12\xf2`\v\xaf\xdb\x88\x87\x96=\xac)\xe2S\xec\x86\x8fKw\x81\xb4\xdc\x1b\x17\xc0\xdbw\xf9\xd6\xa3t\x19\xa6[\x81\x0e-\x9b!0k\x0f\xbf\xe6Q\xd0(\x12\xe1\xf4\x04\xc6\xaa\xcd\xce\xf4\xe6\x9b\xac8\xa5~&9\xf4\x91\xe6\xbc\x90\xfd\xfcAbx'}, {0x20, '&(\'.#{'}]}, 0x101) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r4, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r5 = fsopen(&(0x7f0000000040)='tracefs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0xa) fchdir(r6) r7 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r7, &(0x7f0000000140)=""/46, 0x2e) creat(&(0x7f0000000000)='./bus\x00', 0x0) cachestat(r5, &(0x7f0000000040)={0x7, 0xfffffffffffffffd}, &(0x7f0000000240), 0x0) mmap$qrtrtun(&(0x7f000074c000/0x4000)=nil, 0x4000, 0x2000004, 0x2010, r4, 0x7) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYRES8=r2, @ANYRES8, @ANYBLOB="040000000000000000000000000000000000000093e6e6a3e9c56d699121b3d829000b1356c131b2099b3e664e952ff31805c36af867adf23eb1f562bce4", @ANYRES32=r3, @ANYRES32], 0x50) 2.093581557s ago: executing program 1 (id=1869): socketpair$unix(0x1, 0x2, 0x0, 0x0) set_mempolicy(0x6, &(0x7f00000003c0)=0x8000000000000001, 0xe0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff95, 0x4}, 0x94) 1.763602423s ago: executing program 3 (id=1870): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="310428bd7000ffffffff1600000018000180140002006e657464657673696d3000000000600005000200000000000500040001000000"], 0x44}}, 0x0) 1.713220265s ago: executing program 3 (id=1871): ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x4, 0x0, 0x0, 0x0, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d00009520a1a93c5240f45f819e01177d3d458dd4992861ac00", "5cbc0007008019000000000000000000000000af1e4ccfb7b3cad80004010400", [0x0, 0x2000000000003]}}) r0 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x7e, 0x43, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001600), 0x1, r1}, 0x38) bpf$BPF_GET_PROG_INFO(0x4, &(0x7f0000000340)={r1, 0xe0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x6f) bpf$PROG_LOAD(0x5, &(0x7f0000000e40)={0x19, 0x8, &(0x7f0000000200)=@raw=[@printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}}], &(0x7f0000000240)='syzkaller\x00', 0xfffffc00, 0xcc, &(0x7f0000000b80)=""/204, 0x41100, 0x40, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000d40)={0x1, 0x4, 0x8, 0xd}, 0x10, 0x0, 0xffffffffffffffff, 0x6, &(0x7f0000000d80)=[0x1, r0, r1], &(0x7f0000000dc0)=[{0x2, 0x1, 0xf, 0xb}, {0x2, 0x3}, {0x2, 0x5, 0xe, 0xc}, {0x0, 0x2, 0xf, 0x2}, {0x0, 0x3, 0x7, 0xb}, {0x5, 0x1, 0xb, 0x3}], 0x10, 0xb8}, 0x94) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f00000000c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x7fffffff}}, './file0\x00'}) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x16, &(0x7f0000000100)=ANY=[@ANYBLOB="851000d50f5cd6ec38ba9f00", @ANYRES32=r2, @ANYBLOB="0000000000000000b70200000000000085000000860000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000005000000850000000600000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000f00000085000000060000008510000007000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r4, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x200, 0x80, 0x20000, 0x0, 0x0, 0x8}, 0x1c) mremap(&(0x7f0000000000/0x9000)=nil, 0xa00000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) mmap(&(0x7f0000568000/0x2000)=nil, 0x1000000, 0x0, 0x11, r4, 0x0) r5 = openat$ocfs2_control(0xffffff9c, &(0x7f00000001c0), 0x8000, 0x0) close(r5) r6 = socket$rds(0x15, 0x5, 0x0) setsockopt$RDS_FREE_MR(r6, 0x114, 0x3, &(0x7f0000000040)={{}, 0x6e}, 0x10) r7 = openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, 0x0) socket$kcm(0x29, 0x7, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r6, 0xc400941d, &(0x7f0000000380)={0x0, 0x6000000, 0x1, 0x1}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r4, 0xc400941d, &(0x7f0000000780)={r8, 0xe, 0x1c, 0x1}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x240488d0) syz_io_uring_setup(0x231, 0x0, 0x0, 0x0) close(0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) 1.623311139s ago: executing program 3 (id=1872): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58) r1 = socket(0x28, 0x5, 0x0) ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, 0x0) munlock(&(0x7f00002de000/0x8000)=nil, 0x8000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x5, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x5, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r2 = getpid() setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000280)=[@mss={0x2, 0x1}, @timestamp, @timestamp, @timestamp, @mss={0x2, 0x8}, @sack_perm, @sack_perm, @timestamp], 0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x6) socket$netlink(0x10, 0x3, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) getpid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18) r6 = socket$phonet_pipe(0x23, 0x5, 0x2) bind$phonet(r6, &(0x7f0000006f80)={0x23, 0x0, 0x8}, 0x10) shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[@ANYBLOB="300000002000010000000000000000000200000000000000000000001400110076657468305f6d6163767461700000009b0bc89274c0b206ee2370d3366f6dbd1721e2a28b4ef7f14306fd7930691580142b18edbe3f5d78c85c027362fc7cf5d8861fed860539bc5baaac1c0b3daa152f3891f190cd7695c9201ce7cc8be77e555879a6c694aba6050fd166928e93bba39b432552922651ba66d0d8614b44dd165dab3f02718fe5e532cc3d846a7370d4943d6997ed151935b38458acfefbe9e8d6ff0473344004b174346eb548dfe929c96aac2e85de99cc794bdd7430c56038c3ccfa686036576fae7630a58a1be7c0a7db5054891f65efebdcc0e6bb4d544b3bc3f19c6d9b0faf"], 0x30}}, 0x48850) r8 = openat$cdrom(0xffffff9c, &(0x7f00000013c0), 0x4, 0x0) ioctl$CDROMREADTOCENTRY(r8, 0x5306, &(0x7f0000001400)={0xe, 0x7, 0x9, 0x1, @lba=0xfe3, 0xc}) 1.403459664s ago: executing program 0 (id=1873): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001580)=ANY=[@ANYBLOB="600000000206030000000000b8791fa8fffffff014000780080012400000000005001500010000000500010006000000050005000200000005000400000000000900020073797a310000000012000300686173683a6e65742c706f7274"], 0x60}}, 0x0) 1.300669264s ago: executing program 0 (id=1874): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), r0) r2 = syz_open_dev$cec(0x0, 0x0, 0x101441) ioctl$CEC_S_MODE(r2, 0x40046109, &(0x7f0000000100)=0x22) ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f0000000340)={"8171f879", 0x7, 0x1, 0x0, 0x7f, 0x5, "00800000000000f51000", "00598b00", "bf513d1d", "b94000", ["dc0000000800", '\x00\x00\x00\x00\x00\x00\x00\x00\x00Z\x00', "4a218322000000215c384d00", "790000a5a16706008c00edbf"]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000120040000000008108000008000300", @ANYRES32=r3, @ANYBLOB="0a0006000802110000010000060066008e8800001c"], 0x50}, 0x1, 0x0, 0x0, 0x4008040}, 0x0) sendmsg$NL80211_CMD_SET_COALESCE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000080)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="00042cbd7000fcdbdf250200000008000300", @ANYRES32=r3, @ANYBLOB="00000000000000000000007a79e310014138fc00"], 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000) 692.472561ms ago: executing program 0 (id=1875): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) r4 = syz_io_uring_setup(0xcc8, &(0x7f0000000300)={0x0, 0x6c7, 0x10, 0x1, 0x310}, &(0x7f00000001c0)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f0000000180)=@IORING_OP_POLL_ADD={0x6, 0xc, 0x0, @fd=r3, 0x0, 0x0, 0x0, {0x440f}}) io_uring_enter(r4, 0xdb4, 0xd44a, 0x5, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0xf0ff, 0x0, 0x0, 0xfff0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 121.510931ms ago: executing program 3 (id=1876): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x3a, 0xd2, 0x0, 0x0) r1 = signalfd(0xffffffffffffffff, &(0x7f00000003c0), 0x8) mkdir(&(0x7f0000000140)='./control\x00', 0x5) close(r1) r2 = inotify_init1(0x800) fcntl$setstatus(r1, 0x4, 0x2c00) r3 = gettid() fcntl$setown(r1, 0x8, r3) fcntl$setsig(r2, 0xa, 0xe) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000000040)={[0xffffffffffff7ff8]}, 0x0, 0x0, 0x8) inotify_add_watch(r2, &(0x7f0000000180)='./control\x00', 0xa4000960) rmdir(&(0x7f0000000100)='./control\x00') 244.43µs ago: executing program 3 (id=1877): pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4) setsockopt$inet_tcp_int(r1, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4) (async) setsockopt$inet_tcp_int(r1, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r1, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10) ioctl$int_in(r1, 0x5421, &(0x7f0000000240)=0x1) sendto$inet(r1, &(0x7f0000000100)="e1", 0x1, 0x0, 0x0, 0x0) (async) sendto$inet(r1, &(0x7f0000000100)="e1", 0x1, 0x0, 0x0, 0x0) splice(r1, 0x0, r0, 0x0, 0xfea8, 0xa) (async) splice(r1, 0x0, r0, 0x0, 0xfea8, 0xa) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x35, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x88}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80) 0s ago: executing program 3 (id=1878): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="310428bd7000ffffffff1600000018000180140002006e657464657673696d3000000000600005000200000000000500040001000000"], 0x44}}, 0x0) kernel console output (not intermixed with test programs): 2.1008'. [ 249.026681][ T5303] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 249.397952][ T6206] kernel read not supported for file /dsp (pid: 6206 comm: kworker/1:7) [ 249.436777][ T9554] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1015'. [ 249.447759][ T9554] binder: 9553:9554 ioctl 80047c05 800006c0 returned -22 [ 249.451093][ T9554] binder: 9553:9554 ioctl c04c560f 80000700 returned -22 [ 249.497764][ T9557] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1016'. [ 249.500765][ T9557] FAULT_INJECTION: forcing a failure. [ 249.500765][ T9557] name failslab, interval 1, probability 0, space 0, times 0 [ 249.504985][ T9557] CPU: 2 UID: 0 PID: 9557 Comm: syz.2.1016 Tainted: G L syzkaller #0 PREEMPT(full) [ 249.505004][ T9557] Tainted: [L]=SOFTLOCKUP [ 249.505008][ T9557] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 249.505015][ T9557] Call Trace: [ 249.505020][ T9557] [ 249.505025][ T9557] dump_stack_lvl+0x116/0x1f0 [ 249.505046][ T9557] should_fail_ex+0x512/0x640 [ 249.505061][ T9557] should_failslab+0xc2/0x120 [ 249.505078][ T9557] kmem_cache_alloc_noprof+0x83/0x770 [ 249.505092][ T9557] ? ieee80211_store_ack_skb+0x171/0x1d0 [ 249.505107][ T9557] ? ieee80211_build_hdr+0x2771/0x2e00 [ 249.505124][ T9557] ? radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 249.505140][ T9557] ? radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 249.505153][ T9557] ? __do_fast_syscall_32+0xe8/0x680 [ 249.505171][ T9557] radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 249.505187][ T9557] idr_get_free+0x528/0xa30 [ 249.505207][ T9557] idr_alloc_u32+0x190/0x2f0 [ 249.505223][ T9557] ? __pfx_idr_alloc_u32+0x10/0x10 [ 249.505243][ T9557] idr_alloc+0xc0/0x130 [ 249.505258][ T9557] ? __pfx_idr_alloc+0x10/0x10 [ 249.505276][ T9557] ieee80211_store_ack_skb+0xa0/0x1d0 [ 249.505299][ T9557] ieee80211_build_hdr+0x2771/0x2e00 [ 249.505321][ T9557] ? __pfx_ieee80211_build_hdr+0x10/0x10 [ 249.505338][ T9557] ? psi_memstall_enter+0x278/0x310 [ 249.505356][ T9557] ? ieee80211_downgrade_queue+0x32c/0x4b0 [ 249.505377][ T9557] __ieee80211_subif_start_xmit+0x7d3/0x1390 [ 249.505393][ T9557] ? __pfx___ieee80211_subif_start_xmit+0x10/0x10 [ 249.505406][ T9557] ? find_held_lock+0x2b/0x80 [ 249.505421][ T9557] ? ieee80211_tx_control_port+0x89d/0xd50 [ 249.505435][ T9557] ieee80211_tx_control_port+0x62d/0xd50 [ 249.505450][ T9557] ? __pfx_ieee80211_tx_control_port+0x10/0x10 [ 249.505462][ T9557] ? netdev_run_todo+0x850/0x12a0 [ 249.505482][ T9557] nl80211_tx_control_port+0x568/0xa30 [ 249.505501][ T9557] ? __pfx_nl80211_tx_control_port+0x10/0x10 [ 249.505517][ T9557] ? nl80211_pre_doit+0x1b0/0xb10 [ 249.505533][ T9557] genl_family_rcv_msg_doit+0x209/0x2f0 [ 249.505553][ T9557] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 249.505571][ T9557] ? genl_get_cmd+0x194/0x580 [ 249.505590][ T9557] ? bpf_lsm_capable+0x9/0x10 [ 249.505605][ T9557] ? security_capable+0x7e/0x260 [ 249.505623][ T9557] ? ns_capable+0xd7/0x110 [ 249.505638][ T9557] genl_rcv_msg+0x55c/0x800 [ 249.505650][ T9557] ? __pfx_genl_rcv_msg+0x10/0x10 [ 249.505660][ T9557] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 249.505673][ T9557] ? __pfx_nl80211_tx_control_port+0x10/0x10 [ 249.505686][ T9557] ? __pfx_nl80211_post_doit+0x10/0x10 [ 249.505705][ T9557] netlink_rcv_skb+0x158/0x420 [ 249.505721][ T9557] ? __pfx_genl_rcv_msg+0x10/0x10 [ 249.505732][ T9557] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 249.505753][ T9557] ? netlink_deliver_tap+0x1ae/0xd30 [ 249.505770][ T9557] genl_rcv+0x28/0x40 [ 249.505785][ T9557] netlink_unicast+0x5aa/0x870 [ 249.505803][ T9557] ? __pfx_netlink_unicast+0x10/0x10 [ 249.505818][ T9557] ? __pfx___might_resched+0x10/0x10 [ 249.505838][ T9557] netlink_sendmsg+0x8c8/0xdd0 [ 249.505856][ T9557] ? __pfx_netlink_sendmsg+0x10/0x10 [ 249.505874][ T9557] ? aa_sock_msg_perm.constprop.0+0x100/0x1b0 [ 249.505894][ T9557] ____sys_sendmsg+0xa5d/0xc30 [ 249.505914][ T9557] ? __pfx_____sys_sendmsg+0x10/0x10 [ 249.505930][ T9557] ? get_compat_msghdr+0x11a/0x170 [ 249.505950][ T9557] ___sys_sendmsg+0x134/0x1d0 [ 249.505964][ T9557] ? __pfx____sys_sendmsg+0x10/0x10 [ 249.506002][ T9557] ? find_held_lock+0x2b/0x80 [ 249.506024][ T9557] __sys_sendmsg+0x16d/0x220 [ 249.506038][ T9557] ? __pfx___sys_sendmsg+0x10/0x10 [ 249.506058][ T9557] ? fput+0x70/0xf0 [ 249.506071][ T9557] __do_fast_syscall_32+0xe8/0x680 [ 249.506090][ T9557] do_fast_syscall_32+0x32/0x80 [ 249.506100][ T9557] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 249.506114][ T9557] RIP: 0023:0xf7fa6579 [ 249.506123][ T9557] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 249.506134][ T9557] RSP: 002b:00000000f549655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 249.506145][ T9557] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080003700 [ 249.506152][ T9557] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 249.506158][ T9557] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 249.506164][ T9557] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 249.506170][ T9557] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 249.506183][ T9557] [ 249.666715][ T9559] validate_nla: 55 callbacks suppressed [ 249.666729][ T9559] netlink: 'syz.3.1017': attribute type 4 has an invalid length. [ 249.893321][ T40] kauditd_printk_skb: 47 callbacks suppressed [ 249.893334][ T40] audit: type=1326 audit(1766646237.988:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9567 comm="syz.3.1021" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 249.902927][ T40] audit: type=1326 audit(1766646237.988:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9567 comm="syz.3.1021" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 249.910109][ T40] audit: type=1326 audit(1766646237.988:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9567 comm="syz.3.1021" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 249.917223][ T40] audit: type=1326 audit(1766646237.988:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9567 comm="syz.3.1021" exe="/syz-executor" sig=0 arch=40000003 syscall=245 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 249.924294][ T40] audit: type=1326 audit(1766646237.988:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9567 comm="syz.3.1021" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 249.931392][ T40] audit: type=1326 audit(1766646237.988:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9567 comm="syz.3.1021" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 249.939033][ T40] audit: type=1326 audit(1766646237.988:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9567 comm="syz.3.1021" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 249.946072][ T40] audit: type=1326 audit(1766646237.988:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9567 comm="syz.3.1021" exe="/syz-executor" sig=0 arch=40000003 syscall=245 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 249.953111][ T40] audit: type=1326 audit(1766646237.988:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9567 comm="syz.3.1021" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 249.960262][ T40] audit: type=1326 audit(1766646237.988:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9567 comm="syz.3.1021" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 250.603970][ T9584] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1027'. [ 250.617728][ T9584] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1027'. [ 250.693156][ T9586] FAULT_INJECTION: forcing a failure. [ 250.693156][ T9586] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 250.699570][ T9586] CPU: 1 UID: 0 PID: 9586 Comm: syz.2.1028 Tainted: G L syzkaller #0 PREEMPT(full) [ 250.699601][ T9586] Tainted: [L]=SOFTLOCKUP [ 250.699607][ T9586] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 250.699619][ T9586] Call Trace: [ 250.699625][ T9586] [ 250.699633][ T9586] dump_stack_lvl+0x16c/0x1f0 [ 250.699667][ T9586] should_fail_ex+0x512/0x640 [ 250.699693][ T9586] should_fail_alloc_page+0xe7/0x130 [ 250.699722][ T9586] prepare_alloc_pages+0x401/0x670 [ 250.699749][ T9586] ? rcu_is_watching+0x12/0xc0 [ 250.699770][ T9586] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 250.699787][ T9586] ? __lock_acquire+0x436/0x2890 [ 250.699799][ T9586] ? __lock_acquire+0x436/0x2890 [ 250.699811][ T9586] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 250.699825][ T9586] ? __lock_acquire+0x436/0x2890 [ 250.699838][ T9586] ? __lock_acquire+0x436/0x2890 [ 250.699850][ T9586] ? __lock_acquire+0x436/0x2890 [ 250.699859][ T9586] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 250.699877][ T9586] ? policy_nodemask+0xea/0x4e0 [ 250.699895][ T9586] alloc_pages_mpol+0x1fb/0x550 [ 250.699913][ T9586] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 250.699933][ T9586] folio_alloc_mpol_noprof+0x36/0x2f0 [ 250.699946][ T9586] vma_alloc_folio_noprof+0xed/0x1e0 [ 250.699957][ T9586] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 250.699969][ T9586] ? rcu_read_unlock+0x2d/0xb0 [ 250.699986][ T9586] do_wp_page+0x202f/0x5010 [ 250.700007][ T9586] ? __pfx_do_wp_page+0x10/0x10 [ 250.700025][ T9586] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 250.700041][ T9586] __handle_mm_fault+0x1bd2/0x2bb0 [ 250.700057][ T9586] ? __pfx___handle_mm_fault+0x10/0x10 [ 250.700069][ T9586] ? __pte_offset_map_lock+0x174/0x310 [ 250.700084][ T9586] ? vm_normal_page+0x1c4/0x320 [ 250.700099][ T9586] ? find_held_lock+0x2b/0x80 [ 250.700117][ T9586] ? follow_page_pte+0x5cf/0x1390 [ 250.700137][ T9586] handle_mm_fault+0x3fe/0xad0 [ 250.700151][ T9586] __get_user_pages+0x54e/0x3590 [ 250.700173][ T9586] ? __pfx___get_user_pages+0x10/0x10 [ 250.700194][ T9586] __gup_longterm_locked+0xa92/0x17e0 [ 250.700211][ T9586] ? __lock_acquire+0x436/0x2890 [ 250.700228][ T9586] ? __pfx___gup_longterm_locked+0x10/0x10 [ 250.700252][ T9586] pin_user_pages_remote+0xed/0x140 [ 250.700270][ T9586] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 250.700286][ T9586] ? mm_access+0x22d/0x2e0 [ 250.700307][ T9586] process_vm_rw_core.constprop.0+0x41b/0x970 [ 250.700328][ T9586] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 250.700344][ T9586] ? import_ubuf+0x1b6/0x220 [ 250.700361][ T9586] ? iovec_from_user+0xbb/0x140 [ 250.700375][ T9586] process_vm_rw+0x216/0x2c0 [ 250.700390][ T9586] ? __pfx_process_vm_rw+0x10/0x10 [ 250.700408][ T9586] ? ksys_write+0x190/0x250 [ 250.700428][ T9586] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 250.700452][ T9586] ? fput+0x70/0xf0 [ 250.700463][ T9586] ? ksys_write+0x1ac/0x250 [ 250.700480][ T9586] __ia32_sys_process_vm_writev+0xdf/0x1b0 [ 250.700496][ T9586] ? __do_fast_syscall_32+0x9a/0x680 [ 250.700513][ T9586] ? lockdep_hardirqs_on+0x7c/0x110 [ 250.700529][ T9586] __do_fast_syscall_32+0xe8/0x680 [ 250.700547][ T9586] do_fast_syscall_32+0x32/0x80 [ 250.700557][ T9586] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 250.700572][ T9586] RIP: 0023:0xf7fa6579 [ 250.700581][ T9586] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 250.700592][ T9586] RSP: 002b:00000000f549655c EFLAGS: 00000296 ORIG_RAX: 000000000000015c [ 250.700603][ T9586] RAX: ffffffffffffffda RBX: 00000000000003ff RCX: 0000000080001c80 [ 250.700610][ T9586] RDX: 0000000000000001 RSI: 0000000080001d80 RDI: 0000000000000001 [ 250.700616][ T9586] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 250.700622][ T9586] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 250.700629][ T9586] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 250.700642][ T9586] [ 251.365743][ T9603] lo speed is unknown, defaulting to 1000 [ 251.371149][ T9603] lo speed is unknown, defaulting to 1000 [ 251.789524][ T9614] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1035'. [ 251.839566][ T9615] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 251.841786][ T9615] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 251.845485][ T9615] vhci_hcd vhci_hcd.0: Device attached [ 251.861441][ T9617] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1036'. [ 251.864553][ T9617] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1036'. [ 252.109190][ T6041] usb 44-1: SetAddress Request (63) to port 0 [ 252.111464][ T6041] usb 44-1: new SuperSpeed USB device number 63 using vhci_hcd [ 252.434769][ T9618] vhci_hcd: connection reset by peer [ 252.438333][ T4234] vhci_hcd vhci_hcd.3: stop threads [ 252.440902][ T4234] vhci_hcd vhci_hcd.3: release socket [ 252.443347][ T4234] vhci_hcd vhci_hcd.3: disconnect device [ 253.213993][ T9645] xt_bpf: check failed: parse error [ 253.329356][ T9645] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 253.438580][ T9648] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 253.440744][ T9648] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 253.443914][ T9648] vhci_hcd vhci_hcd.0: Device attached [ 253.729921][ T73] usb 38-1: SetAddress Request (62) to port 0 [ 253.732008][ T73] usb 38-1: new SuperSpeed USB device number 62 using vhci_hcd [ 253.796510][ T9657] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 253.798706][ T9657] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 253.863248][ T9657] vhci_hcd vhci_hcd.0: Device attached [ 254.129248][ T9649] vhci_hcd: connection reset by peer [ 254.131966][ T6187] usb 42-1: SetAddress Request (51) to port 0 [ 254.134884][ T61] vhci_hcd vhci_hcd.0: stop threads [ 254.134932][ T6187] usb 42-1: new SuperSpeed USB device number 51 using vhci_hcd [ 254.136877][ T61] vhci_hcd vhci_hcd.0: release socket [ 254.142336][ T61] vhci_hcd vhci_hcd.0: disconnect device [ 254.231033][ T9663] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 254.233241][ T9663] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 254.236250][ T9663] vhci_hcd vhci_hcd.0: Device attached [ 254.251580][ T9663] 9p: Bad value for 'rfdno' [ 254.266963][ T9663] netlink: 'syz.3.1047': attribute type 1 has an invalid length. [ 254.716033][ T9658] vhci_hcd: connection reset by peer [ 254.718918][ T61] vhci_hcd vhci_hcd.2: stop threads [ 254.721368][ T61] vhci_hcd vhci_hcd.2: release socket [ 254.723291][ T61] vhci_hcd vhci_hcd.2: disconnect device [ 254.853902][ T9664] vhci_hcd: connection closed [ 254.854177][ T61] vhci_hcd vhci_hcd.3: stop threads [ 254.857648][ T61] vhci_hcd vhci_hcd.3: release socket [ 254.860011][ T61] vhci_hcd vhci_hcd.3: disconnect device [ 255.341014][ T9680] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 255.343390][ T9680] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 255.351074][ T9680] vhci_hcd vhci_hcd.0: Device attached [ 256.591849][ T6206] usb 7-1: new low-speed USB device number 4 using dummy_hcd [ 256.673463][ T9681] vhci_hcd: connection closed [ 256.673710][ T4234] vhci_hcd vhci_hcd.0: stop threads [ 256.677387][ T4234] vhci_hcd vhci_hcd.0: release socket [ 256.679312][ T4234] vhci_hcd vhci_hcd.0: disconnect device [ 256.823761][ T6206] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 256.826744][ T6206] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 256.830425][ T6206] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 256.834300][ T6206] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 256.837936][ T6206] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 256.843043][ T6206] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 256.845464][ T6206] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 256.848980][ T6206] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 256.853070][ T6206] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 256.856623][ T6206] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 256.861066][ T6206] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 256.864356][ T6206] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 256.867993][ T6206] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 256.871792][ T6206] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 256.875543][ T6206] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 256.888835][ T6206] usb 7-1: string descriptor 0 read error: -22 [ 256.892180][ T6206] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 256.897248][ T6206] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.952136][ T6206] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 257.192253][ T6041] usb 44-1: device descriptor read/8, error -110 [ 257.583307][ T6041] usb usb44-port1: attempt power cycle [ 257.631311][ T9704] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 258.143338][ T6041] usb usb44-port1: unable to enumerate USB device [ 258.146489][ T9711] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 258.149093][ T9711] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 258.165447][ T9711] vhci_hcd vhci_hcd.0: Device attached [ 258.190458][ T9715] netlink: 212328 bytes leftover after parsing attributes in process `syz.0.1061'. [ 258.193752][ T9715] netlink: Conntrack attr has 4 unknown bytes [ 258.268222][ T9717] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1062'. [ 258.271831][ T9717] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1062'. [ 258.433268][ T6206] usb 44-1: SetAddress Request (67) to port 0 [ 258.436370][ T6206] usb 44-1: new SuperSpeed USB device number 67 using vhci_hcd [ 258.471109][ T9726] input: syz0 as /devices/virtual/input/input9 [ 258.766560][ T9712] vhci_hcd: connection reset by peer [ 258.768742][ T4234] vhci_hcd vhci_hcd.3: stop threads [ 258.771155][ T4234] vhci_hcd vhci_hcd.3: release socket [ 258.773738][ T4234] vhci_hcd vhci_hcd.3: disconnect device [ 258.793451][ T73] usb 38-1: device descriptor read/8, error -110 [ 259.186003][ T73] usb usb38-port1: attempt power cycle [ 259.203361][ T6187] usb 42-1: device descriptor read/8, error -110 [ 259.602474][ T6187] usb usb42-port1: attempt power cycle [ 259.655074][ T9739] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 259.657840][ T9739] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 259.814089][ T73] usb 38-1: SetAddress Request (65) to port 0 [ 259.816959][ T73] usb 38-1: new SuperSpeed USB device number 65 using vhci_hcd [ 259.894836][ T9739] vhci_hcd vhci_hcd.0: Device attached [ 260.185753][ T6187] usb usb42-port1: unable to enumerate USB device [ 260.285514][ T9740] vhci_hcd: connection reset by peer [ 260.287572][ T1169] vhci_hcd vhci_hcd.0: stop threads [ 260.289697][ T1169] vhci_hcd vhci_hcd.0: release socket [ 260.292225][ T1169] vhci_hcd vhci_hcd.0: disconnect device [ 260.478552][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.481334][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.408521][ T6187] usb 7-1: USB disconnect, device number 4 [ 262.207957][ T9753] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9) [ 262.210782][ T9753] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 262.215400][ T9753] vhci_hcd vhci_hcd.0: Device attached [ 262.235054][ T9752] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1071'. [ 262.237349][ T9753] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 262.238380][ T9752] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1071'. [ 262.815788][ T9754] vhci_hcd: connection closed [ 262.816167][ T4234] vhci_hcd vhci_hcd.3: stop threads [ 262.816183][ T4234] vhci_hcd vhci_hcd.3: release socket [ 262.816439][ T4234] vhci_hcd vhci_hcd.3: disconnect device [ 263.545377][ T6206] usb 44-1: device descriptor read/8, error -110 [ 264.029832][ T6206] usb usb44-port1: attempt power cycle [ 264.425966][ T9787] netlink: 'syz.2.1078': attribute type 10 has an invalid length. [ 264.435926][ T9787] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 264.443257][ T9787] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 264.447993][ T9787] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 264.599906][ T6206] usb usb44-port1: unable to enumerate USB device [ 264.680101][ T9795] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1080'. [ 264.878386][ T73] usb 38-1: device descriptor read/8, error -110 [ 264.998472][ T73] usb usb38-port1: unable to enumerate USB device [ 265.572012][ T9815] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 265.574156][ T9815] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 265.592961][ T9815] vhci_hcd vhci_hcd.0: Device attached [ 266.009133][ T6187] usb 44-1: SetAddress Request (71) to port 0 [ 266.011295][ T6187] usb 44-1: new SuperSpeed USB device number 71 using vhci_hcd [ 266.279176][ T9816] vhci_hcd: connection reset by peer [ 266.281404][ T61] vhci_hcd vhci_hcd.3: stop threads [ 266.283214][ T61] vhci_hcd vhci_hcd.3: release socket [ 266.288670][ T61] vhci_hcd vhci_hcd.3: disconnect device [ 266.829723][ T9844] comedi comedi0: Minor 3 could not be opened [ 270.038560][ T10] IPVS: starting estimator thread 0... [ 270.131079][ T9904] IPVS: using max 44 ests per chain, 105600 per kthread [ 270.267011][ T5951] Bluetooth: hci3: connection err: -111 [ 271.044163][ T6187] usb 44-1: device descriptor read/8, error -110 [ 271.432830][ T6187] usb usb44-port1: attempt power cycle [ 272.002328][ T6187] usb usb44-port1: unable to enumerate USB device [ 272.196085][ T9929] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1122'. [ 272.199830][ T9929] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1122'. [ 272.405517][ T9939] netlink: 116 bytes leftover after parsing attributes in process `syz.3.1124'. [ 272.618505][ T9942] FAULT_INJECTION: forcing a failure. [ 272.618505][ T9942] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 272.623087][ T9942] CPU: 2 UID: 0 PID: 9942 Comm: syz.0.1125 Tainted: G L syzkaller #0 PREEMPT(full) [ 272.623116][ T9942] Tainted: [L]=SOFTLOCKUP [ 272.623123][ T9942] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 272.623134][ T9942] Call Trace: [ 272.623141][ T9942] [ 272.623149][ T9942] dump_stack_lvl+0x16c/0x1f0 [ 272.623180][ T9942] should_fail_ex+0x512/0x640 [ 272.623205][ T9942] should_fail_alloc_page+0xe7/0x130 [ 272.623234][ T9942] prepare_alloc_pages+0x401/0x670 [ 272.623262][ T9942] ? rcu_is_watching+0x12/0xc0 [ 272.623288][ T9942] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 272.623313][ T9942] ? smp_call_function_many_cond+0x457/0x15e0 [ 272.623344][ T9942] ? __pfx_should_flush_tlb+0x10/0x10 [ 272.623371][ T9942] ? __pfx_flush_tlb_func+0x10/0x10 [ 272.623394][ T9942] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 272.623425][ T9942] ? __lock_acquire+0x436/0x2890 [ 272.623445][ T9942] ? __lock_acquire+0x436/0x2890 [ 272.623464][ T9942] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 272.623491][ T9942] ? policy_nodemask+0xea/0x4e0 [ 272.623520][ T9942] alloc_pages_mpol+0x1fb/0x550 [ 272.623547][ T9942] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 272.623579][ T9942] folio_alloc_mpol_noprof+0x36/0x2f0 [ 272.623598][ T9942] vma_alloc_folio_noprof+0xed/0x1e0 [ 272.623616][ T9942] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 272.623635][ T9942] ? rcu_read_unlock+0x2d/0xb0 [ 272.623660][ T9942] do_wp_page+0x202f/0x5010 [ 272.623695][ T9942] ? __pfx_do_wp_page+0x10/0x10 [ 272.623724][ T9942] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 272.623751][ T9942] __handle_mm_fault+0x1bd2/0x2bb0 [ 272.623793][ T9942] ? __pfx___handle_mm_fault+0x10/0x10 [ 272.623819][ T9942] ? __pte_offset_map_lock+0x174/0x310 [ 272.623841][ T9942] ? vm_normal_page+0x1c4/0x320 [ 272.623864][ T9942] ? find_held_lock+0x2b/0x80 [ 272.623894][ T9942] ? follow_page_pte+0x5cf/0x1390 [ 272.623925][ T9942] handle_mm_fault+0x3fe/0xad0 [ 272.623948][ T9942] __get_user_pages+0x54e/0x3590 [ 272.623983][ T9942] ? __pfx___get_user_pages+0x10/0x10 [ 272.624014][ T9942] __gup_longterm_locked+0xa92/0x17e0 [ 272.624041][ T9942] ? __lock_acquire+0x436/0x2890 [ 272.624060][ T9942] ? __pfx___gup_longterm_locked+0x10/0x10 [ 272.624098][ T9942] pin_user_pages_remote+0xed/0x140 [ 272.624126][ T9942] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 272.624151][ T9942] ? mm_access+0x22d/0x2e0 [ 272.624180][ T9942] process_vm_rw_core.constprop.0+0x41b/0x970 [ 272.624209][ T9942] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 272.624230][ T9942] ? import_ubuf+0x1b6/0x220 [ 272.624253][ T9942] ? iovec_from_user+0xbb/0x140 [ 272.624270][ T9942] process_vm_rw+0x216/0x2c0 [ 272.624289][ T9942] ? __pfx_process_vm_rw+0x10/0x10 [ 272.624313][ T9942] ? ksys_write+0x190/0x250 [ 272.624340][ T9942] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 272.624371][ T9942] ? fput+0x70/0xf0 [ 272.624385][ T9942] ? ksys_write+0x1ac/0x250 [ 272.624407][ T9942] __ia32_sys_process_vm_writev+0xdf/0x1b0 [ 272.624427][ T9942] ? __do_fast_syscall_32+0x9a/0x680 [ 272.624449][ T9942] ? lockdep_hardirqs_on+0x7c/0x110 [ 272.624470][ T9942] __do_fast_syscall_32+0xe8/0x680 [ 272.624494][ T9942] do_fast_syscall_32+0x32/0x80 [ 272.624507][ T9942] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 272.624525][ T9942] RIP: 0023:0xf705d579 [ 272.624537][ T9942] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 272.624552][ T9942] RSP: 002b:00000000f544d55c EFLAGS: 00000296 ORIG_RAX: 000000000000015c [ 272.624566][ T9942] RAX: ffffffffffffffda RBX: 000000000000044a RCX: 0000000080001c80 [ 272.624575][ T9942] RDX: 0000000000000001 RSI: 0000000080001d80 RDI: 0000000000000001 [ 272.624584][ T9942] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 272.624592][ T9942] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 272.624600][ T9942] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 272.624618][ T9942] [ 273.161473][ T9952] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1128'. [ 274.165817][ T9971] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 274.168245][ T9971] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 274.193798][ T9971] vhci_hcd vhci_hcd.0: Device attached [ 274.404638][ T9972] vhci_hcd: connection closed [ 274.416222][ T13] vhci_hcd vhci_hcd.2: stop threads [ 274.420639][ T13] vhci_hcd vhci_hcd.2: release socket [ 274.435224][ T13] vhci_hcd vhci_hcd.2: disconnect device [ 274.484088][ T6012] usb 42-1: enqueue for inactive port 0 [ 274.788682][ T9980] lo speed is unknown, defaulting to 1000 [ 274.793490][ T9980] lo speed is unknown, defaulting to 1000 [ 274.994718][ T6012] usb usb42-port1: attempt power cycle [ 275.186454][ T9987] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1139'. [ 275.189649][ T9987] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1139'. [ 275.463950][ T9999] tmpfs: Unknown parameter 'fLhuge' [ 275.595485][ T6012] usb usb42-port1: unable to enumerate USB device [ 276.600658][T10019] overlayfs: failed to resolve './bus': -2 [ 277.055201][T10026] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1152'. [ 277.685275][T10040] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 278.835622][T10071] fuse: Bad value for 'fd' [ 279.644449][T10066] tmpfs: Bad value for 'huge' [ 280.568162][T10055] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 280.658192][ T5951] Bluetooth: hci0: command 0x0406 tx timeout [ 280.662580][T10055] Bluetooth: hci0: Opcode 0x0406 failed: -110 [ 280.950630][T10055] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 280.953240][T10055] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 280.958584][T10055] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 280.961637][T10055] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 280.964494][T10055] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 280.966942][T10055] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 280.972012][T10056] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 281.022692][T10080] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1170'. [ 281.246410][T10085] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 281.249309][T10085] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 281.253963][T10085] vhci_hcd vhci_hcd.0: Device attached [ 281.261386][T10093] vhci_hcd: connection closed [ 281.264059][T10083] ALSA: mixer_oss: invalid OSS volume '' [ 281.268421][ T13] vhci_hcd vhci_hcd.0: stop threads [ 281.270276][ T13] vhci_hcd vhci_hcd.0: release socket [ 281.272178][ T13] vhci_hcd vhci_hcd.0: disconnect device [ 281.376474][T10095] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 281.379244][T10095] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 281.405897][T10095] vhci_hcd vhci_hcd.0: Device attached [ 281.668740][ T6041] usb 44-1: SetAddress Request (75) to port 0 [ 281.671405][ T6041] usb 44-1: new SuperSpeed USB device number 75 using vhci_hcd [ 281.846165][T10112] dummy0: entered allmulticast mode [ 282.636053][T10096] vhci_hcd: connection reset by peer [ 282.687360][ T61] vhci_hcd vhci_hcd.3: stop threads [ 282.690023][ T61] vhci_hcd vhci_hcd.3: release socket [ 282.691978][ T61] vhci_hcd vhci_hcd.3: disconnect device [ 282.735849][ T5951] Bluetooth: hci1: command 0x0406 tx timeout [ 282.739531][ T5303] Bluetooth: hci0: command 0x0406 tx timeout [ 282.962819][T10111] dummy0: left allmulticast mode [ 282.969849][ T5951] Bluetooth: hci3: command 0x0406 tx timeout [ 282.969948][ T5303] Bluetooth: hci2: command 0x0401 tx timeout [ 283.289769][ T6012] usb 5-1: new low-speed USB device number 5 using dummy_hcd [ 283.352973][T10125] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1181'. [ 283.472054][ T6012] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 283.475370][ T6012] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 283.481877][ T6012] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 283.488252][ T6012] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 283.492332][T10130] sock: sock_timestamping_bind_phc: sock not bind to device [ 283.493398][ T6012] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 283.502830][ T6012] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 283.506071][ T6012] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 283.512662][ T6012] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 283.518060][ T6012] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 283.523026][ T6012] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 283.528800][ T6012] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 283.532331][ T6012] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 283.537016][ T6012] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 283.541906][ T6012] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 283.546624][ T6012] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 283.554346][ T6012] usb 5-1: string descriptor 0 read error: -22 [ 283.557242][ T6012] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 283.561902][ T6012] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.572430][ T6012] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 284.068881][T10138] ptrace attach of ""[10139] was attempted by "/syz-executor exec"[10138] [ 284.810649][ T5951] Bluetooth: hci1: command 0x0406 tx timeout [ 285.050850][ T5951] Bluetooth: hci3: command 0x0406 tx timeout [ 285.053594][ T5303] Bluetooth: hci2: command 0x0401 tx timeout [ 285.931754][T10157] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 285.934732][T10157] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 285.940510][T10157] vhci_hcd vhci_hcd.0: Device attached [ 286.107151][ T34] usb 5-1: USB disconnect, device number 5 [ 286.522530][T10158] vhci_hcd: connection closed [ 286.522776][ T13] vhci_hcd vhci_hcd.3: stop threads [ 286.526083][ T13] vhci_hcd vhci_hcd.3: release socket [ 286.527928][ T13] vhci_hcd vhci_hcd.3: disconnect device [ 286.752745][ T6041] usb 44-1: device descriptor read/8, error -110 [ 287.150505][ T6041] usb usb44-port1: attempt power cycle [ 287.714625][ T6041] usb usb44-port1: unable to enumerate USB device [ 287.996044][T10180] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1196'. [ 288.102799][T10181] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1196'. [ 288.241705][T10178] vim2m vim2m.0: vidioc_s_fmt queue busy [ 290.282724][T10226] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 290.284963][T10226] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 290.288283][T10226] vhci_hcd vhci_hcd.0: Device attached [ 290.894503][ T10] usb 42-1: SetAddress Request (59) to port 0 [ 290.896920][ T10] usb 42-1: new SuperSpeed USB device number 59 using vhci_hcd [ 290.914009][T10227] vhci_hcd: connection closed [ 290.914227][ T13] vhci_hcd vhci_hcd.2: stop threads [ 290.918892][ T13] vhci_hcd vhci_hcd.2: release socket [ 290.921381][ T13] vhci_hcd vhci_hcd.2: disconnect device [ 291.167014][T10246] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1218'. [ 291.173341][T10246] gtp0: entered promiscuous mode [ 291.175314][T10246] gtp0: entered allmulticast mode [ 291.189213][T10246] netlink: 'syz.3.1218': attribute type 1 has an invalid length. [ 291.353899][T10252] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 292.088039][T10266] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 292.090372][T10266] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 292.093504][T10266] vhci_hcd vhci_hcd.0: Device attached [ 292.376044][ T34] usb 44-1: SetAddress Request (79) to port 0 [ 292.379484][ T34] usb 44-1: new SuperSpeed USB device number 79 using vhci_hcd [ 292.673020][T10267] vhci_hcd: connection reset by peer [ 292.675927][ T1140] vhci_hcd vhci_hcd.3: stop threads [ 292.678636][ T1140] vhci_hcd vhci_hcd.3: release socket [ 292.681001][ T1140] vhci_hcd vhci_hcd.3: disconnect device [ 292.959877][T10279] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1226'. [ 293.178738][T10282] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 293.181606][T10282] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 293.185270][T10282] vhci_hcd vhci_hcd.0: Device attached [ 293.466188][ T8406] usb 38-1: SetAddress Request (66) to port 0 [ 293.468354][ T8406] usb 38-1: new SuperSpeed USB device number 66 using vhci_hcd [ 293.961362][T10294] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1231'. [ 293.977627][T10283] vhci_hcd: connection reset by peer [ 293.979955][ T13] vhci_hcd vhci_hcd.0: stop threads [ 293.982581][ T13] vhci_hcd vhci_hcd.0: release socket [ 293.985233][ T13] vhci_hcd vhci_hcd.0: disconnect device [ 295.507931][T10309] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1236'. [ 295.542002][T10315] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1237'. [ 295.720781][T10321] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1239'. [ 295.947771][ T10] usb 42-1: device descriptor read/8, error -110 [ 296.351954][ T10] usb usb42-port1: attempt power cycle [ 296.932689][ T10] usb usb42-port1: unable to enumerate USB device [ 297.089284][ T3696] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.091114][ T6041] lo speed is unknown, defaulting to 1000 [ 297.095245][ T6041] syz: Port: 1 Link DOWN [ 297.149344][ T3696] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.153977][ T3696] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.157590][ T3696] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.458799][ T34] usb 44-1: device descriptor read/8, error -110 [ 297.849909][ T34] usb usb44-port1: attempt power cycle [ 298.410248][ T34] usb usb44-port1: unable to enumerate USB device [ 298.579717][ T8406] usb 38-1: device descriptor read/8, error -110 [ 299.246065][ T8406] usb usb38-port1: attempt power cycle [ 299.885236][T10367] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1251'. [ 300.118360][ T8406] usb usb38-port1: unable to enumerate USB device [ 302.146151][T10420] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 302.148440][T10420] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 302.151448][T10420] vhci_hcd vhci_hcd.0: Device attached [ 302.225088][T10421] vhci_hcd: connection closed [ 302.225320][ T12] vhci_hcd vhci_hcd.0: stop threads [ 302.228816][ T12] vhci_hcd vhci_hcd.0: release socket [ 302.230632][ T12] vhci_hcd vhci_hcd.0: disconnect device [ 302.468853][T10430] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1271'. [ 303.735909][T10444] netlink: 'syz.3.1276': attribute type 4 has an invalid length. [ 303.836602][T10447] ip6_vti0 speed is unknown, defaulting to 1000 [ 303.839972][T10447] ip6_vti0 speed is unknown, defaulting to 1000 [ 303.844788][T10447] ip6_vti0 speed is unknown, defaulting to 1000 [ 303.962002][T10447] infiniband syz2: set down [ 303.965280][ T60] ip6_vti0 speed is unknown, defaulting to 1000 [ 303.968161][T10447] infiniband syz2: added ip6_vti0 [ 303.996132][T10447] RDS/IB: syz2: added [ 303.998594][T10447] smc: adding ib device syz2 with port count 1 [ 304.001406][T10447] smc: ib device syz2 port 1 has no pnetid [ 304.015210][ T60] ip6_vti0 speed is unknown, defaulting to 1000 [ 304.018545][T10447] ip6_vti0 speed is unknown, defaulting to 1000 [ 304.103779][T10447] ip6_vti0 speed is unknown, defaulting to 1000 [ 304.187953][T10447] ip6_vti0 speed is unknown, defaulting to 1000 [ 304.271459][T10447] ip6_vti0 speed is unknown, defaulting to 1000 [ 304.392645][T10451] netlink: 212328 bytes leftover after parsing attributes in process `syz.3.1278'. [ 304.396065][T10451] netlink: Conntrack attr has 4 unknown bytes [ 304.647529][T10453] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 304.649730][T10453] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 304.652442][T10453] vhci_hcd vhci_hcd.0: Device attached [ 304.705358][T10455] vhci_hcd: connection closed [ 304.705694][ T1169] vhci_hcd vhci_hcd.3: stop threads [ 304.709956][ T1169] vhci_hcd vhci_hcd.3: release socket [ 304.711661][ T1169] vhci_hcd vhci_hcd.3: disconnect device [ 305.316155][T10458] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1280'. [ 305.319336][T10458] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1280'. [ 305.693899][T10467] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1282'. [ 306.057579][T10474] netlink: 'syz.0.1285': attribute type 4 has an invalid length. [ 306.456610][T10481] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 306.459139][T10481] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 306.462065][T10481] vhci_hcd vhci_hcd.0: Device attached [ 306.483192][T10481] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 306.715124][T10485] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 306.717354][T10485] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 306.720075][T10485] vhci_hcd vhci_hcd.0: Device attached [ 306.744561][ T6041] usb 38-1: SetAddress Request (70) to port 0 [ 306.746872][ T6041] usb 38-1: new SuperSpeed USB device number 70 using vhci_hcd [ 306.787031][T10487] vhci_hcd: connection closed [ 306.787281][ T13] vhci_hcd vhci_hcd.2: stop threads [ 306.790595][ T13] vhci_hcd vhci_hcd.2: release socket [ 306.792431][ T13] vhci_hcd vhci_hcd.2: disconnect device [ 306.975368][T10482] vhci_hcd: connection reset by peer [ 306.977520][ T13] vhci_hcd vhci_hcd.0: stop threads [ 306.979303][ T13] vhci_hcd vhci_hcd.0: release socket [ 306.981237][ T13] vhci_hcd vhci_hcd.0: disconnect device [ 307.370349][T10490] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1290'. [ 307.373492][T10490] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1290'. [ 307.628652][T10497] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1293'. [ 307.632606][T10497] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1293'. [ 307.859657][T10513] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10) [ 307.861934][T10513] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 307.864956][T10513] vhci_hcd vhci_hcd.0: Device attached [ 307.871269][ T40] kauditd_printk_skb: 63 callbacks suppressed [ 307.871711][ T40] audit: type=1326 audit(1766646295.930:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10503 comm="syz.2.1294" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fa6579 code=0x0 [ 308.117802][T10518] siw: device registration error -23 [ 308.295532][ T6012] usb 42-1: SetAddress Request (63) to port 0 [ 308.297961][ T6012] usb 42-1: new SuperSpeed USB device number 63 using vhci_hcd [ 308.504081][T10515] vhci_hcd: connection reset by peer [ 308.516935][ T76] vhci_hcd vhci_hcd.2: stop threads [ 308.519233][ T76] vhci_hcd vhci_hcd.2: release socket [ 308.521297][ T76] vhci_hcd vhci_hcd.2: disconnect device [ 308.980305][T10524] hfs: unable to load iocharset "io#harset" [ 309.578537][ T5951] Bluetooth: hci3: ACL packet too small [ 309.580467][ T5951] Bluetooth: hci3: ACL packet too small [ 309.619483][T10546] loop2: detected capacity change from 0 to 7 [ 309.627498][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 309.631270][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 309.639051][ C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 309.643153][ C3] Buffer I/O error on dev loop2, logical block 0, async page read [ 309.655236][ C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 309.659600][ C3] Buffer I/O error on dev loop2, logical block 0, async page read [ 309.666637][ C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 309.670834][ C3] Buffer I/O error on dev loop2, logical block 0, async page read [ 309.685503][ C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 309.689734][ C3] Buffer I/O error on dev loop2, logical block 0, async page read [ 309.696324][ C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 309.700240][ C3] Buffer I/O error on dev loop2, logical block 0, async page read [ 309.706333][ C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 309.710419][ C3] Buffer I/O error on dev loop2, logical block 0, async page read [ 309.713303][T10546] ldm_validate_partition_table(): Disk read failed. [ 309.716490][ C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 309.719925][ C3] Buffer I/O error on dev loop2, logical block 0, async page read [ 309.722764][ C2] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 309.726673][ C2] Buffer I/O error on dev loop2, logical block 0, async page read [ 309.730228][ C2] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 309.734341][ C2] Buffer I/O error on dev loop2, logical block 0, async page read [ 309.737982][T10546] Dev loop2: unable to read RDB block 0 [ 309.741123][T10546] loop2: unable to read partition table [ 309.743491][T10546] loop2: partition table beyond EOD, truncated [ 309.745768][T10546] loop_reread_partitions: partition scan of loop2 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 310.860136][T10563] netlink: 'syz.3.1312': attribute type 4 has an invalid length. [ 310.891605][T10565] netlink: 'syz.3.1313': attribute type 2 has an invalid length. [ 311.006761][T10569] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1314'. [ 311.010635][T10569] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1314'. [ 311.797692][ T6041] usb 38-1: device descriptor read/8, error -110 [ 312.255910][T10583] FAULT_INJECTION: forcing a failure. [ 312.255910][T10583] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 312.260527][T10583] CPU: 3 UID: 0 PID: 10583 Comm: syz.0.1318 Tainted: G L syzkaller #0 PREEMPT(full) [ 312.260546][T10583] Tainted: [L]=SOFTLOCKUP [ 312.260549][T10583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 312.260556][T10583] Call Trace: [ 312.260560][T10583] [ 312.260565][T10583] dump_stack_lvl+0x16c/0x1f0 [ 312.260586][T10583] should_fail_ex+0x512/0x640 [ 312.260601][T10583] should_fail_alloc_page+0xe7/0x130 [ 312.260621][T10583] prepare_alloc_pages+0x401/0x670 [ 312.260638][T10583] ? rcu_is_watching+0x12/0xc0 [ 312.260660][T10583] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 312.260676][T10583] ? smp_call_function_many_cond+0x457/0x15e0 [ 312.260696][T10583] ? __pfx_should_flush_tlb+0x10/0x10 [ 312.260713][T10583] ? __pfx_flush_tlb_func+0x10/0x10 [ 312.260726][T10583] ? rcu_is_watching+0x12/0xc0 [ 312.260741][T10583] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 312.260755][T10583] ? __mod_zone_page_state+0xcc/0x1a0 [ 312.260768][T10583] ? lru_gen_add_folio+0x1a4/0xef0 [ 312.260782][T10583] ? __lock_acquire+0x436/0x2890 [ 312.260795][T10583] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 312.260813][T10583] ? policy_nodemask+0xea/0x4e0 [ 312.260831][T10583] alloc_pages_mpol+0x1fb/0x550 [ 312.260848][T10583] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 312.260869][T10583] folio_alloc_mpol_noprof+0x36/0x2f0 [ 312.260881][T10583] vma_alloc_folio_noprof+0xed/0x1e0 [ 312.260892][T10583] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 312.260904][T10583] ? rcu_read_unlock+0x2d/0xb0 [ 312.260919][T10583] do_wp_page+0x202f/0x5010 [ 312.260940][T10583] ? __pfx_do_wp_page+0x10/0x10 [ 312.260957][T10583] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 312.260974][T10583] __handle_mm_fault+0x1bd2/0x2bb0 [ 312.260989][T10583] ? __pfx___handle_mm_fault+0x10/0x10 [ 312.261001][T10583] ? __pte_offset_map_lock+0x174/0x310 [ 312.261016][T10583] ? vm_normal_page+0x1c4/0x320 [ 312.261031][T10583] ? find_held_lock+0x2b/0x80 [ 312.261049][T10583] ? follow_page_pte+0x5cf/0x1390 [ 312.261068][T10583] handle_mm_fault+0x3fe/0xad0 [ 312.261082][T10583] __get_user_pages+0x54e/0x3590 [ 312.261104][T10583] ? __pfx___get_user_pages+0x10/0x10 [ 312.261124][T10583] __gup_longterm_locked+0xa92/0x17e0 [ 312.261141][T10583] ? __lock_acquire+0x436/0x2890 [ 312.261153][T10583] ? __pfx___gup_longterm_locked+0x10/0x10 [ 312.261176][T10583] pin_user_pages_remote+0xed/0x140 [ 312.261194][T10583] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 312.261210][T10583] ? mm_access+0x22d/0x2e0 [ 312.261230][T10583] process_vm_rw_core.constprop.0+0x41b/0x970 [ 312.261251][T10583] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 312.261267][T10583] ? import_ubuf+0x1b6/0x220 [ 312.261284][T10583] ? iovec_from_user+0xbb/0x140 [ 312.261297][T10583] process_vm_rw+0x216/0x2c0 [ 312.261312][T10583] ? __pfx_process_vm_rw+0x10/0x10 [ 312.261330][T10583] ? ksys_write+0x190/0x250 [ 312.261351][T10583] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 312.261376][T10583] ? fput+0x70/0xf0 [ 312.261386][T10583] ? ksys_write+0x1ac/0x250 [ 312.261426][T10583] __ia32_sys_process_vm_writev+0xdf/0x1b0 [ 312.261442][T10583] ? __do_fast_syscall_32+0x9a/0x680 [ 312.261460][T10583] ? lockdep_hardirqs_on+0x7c/0x110 [ 312.261476][T10583] __do_fast_syscall_32+0xe8/0x680 [ 312.261495][T10583] do_fast_syscall_32+0x32/0x80 [ 312.261505][T10583] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 312.261519][T10583] RIP: 0023:0xf705d579 [ 312.261527][T10583] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 312.261538][T10583] RSP: 002b:00000000f544d55c EFLAGS: 00000296 ORIG_RAX: 000000000000015c [ 312.261550][T10583] RAX: ffffffffffffffda RBX: 0000000000000500 RCX: 0000000080001c80 [ 312.261556][T10583] RDX: 0000000000000001 RSI: 0000000080001d80 RDI: 0000000000000001 [ 312.261563][T10583] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 312.261569][T10583] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 312.261575][T10583] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 312.261588][T10583] [ 312.502988][T10592] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1321'. [ 312.541726][ T6041] usb usb38-port1: attempt power cycle [ 312.570979][T10601] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1324'. [ 313.261140][T10620] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1329'. [ 313.639203][ T6041] usb usb38-port1: unable to enumerate USB device [ 313.690051][ T6012] usb 42-1: device descriptor read/8, error -110 [ 313.818919][T10623] vlan2: entered promiscuous mode [ 313.820647][T10623] bridge0: entered promiscuous mode [ 314.134847][T10636] binder_alloc: 10635: binder_alloc_buf size 16624 failed, no address space [ 314.140661][ T6012] usb usb42-port1: attempt power cycle [ 314.143173][T10636] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 16384 (num: 1 largest: 16384) [ 314.308779][T10642] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 314.699911][ T6012] usb usb42-port1: unable to enumerate USB device [ 314.732994][T10638] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 314.735831][T10638] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 314.738939][T10638] vhci_hcd vhci_hcd.0: Device attached [ 314.792475][T10645] vhci_hcd: connection closed [ 314.792715][ T3696] vhci_hcd vhci_hcd.3: stop threads [ 314.796137][T10650] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1338'. [ 314.797300][ T3696] vhci_hcd vhci_hcd.3: release socket [ 314.802246][ T3696] vhci_hcd vhci_hcd.3: disconnect device [ 315.753969][T10668] netlink: 212328 bytes leftover after parsing attributes in process `syz.0.1345'. [ 315.758332][T10668] netlink: Conntrack attr has 4 unknown bytes [ 316.489182][T10681] 9pnet_fd: Insufficient options for proto=fd [ 316.593783][T10686] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 316.596061][T10686] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 316.598921][T10686] vhci_hcd vhci_hcd.0: Device attached [ 316.664145][T10687] vhci_hcd: connection closed [ 316.667705][ T1169] vhci_hcd vhci_hcd.3: stop threads [ 316.671497][ T1169] vhci_hcd vhci_hcd.3: release socket [ 316.673417][ T1169] vhci_hcd vhci_hcd.3: disconnect device [ 317.072998][T10692] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 317.075364][T10692] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 317.078463][T10692] vhci_hcd vhci_hcd.0: Device attached [ 317.134862][T10700] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1356'. [ 317.138002][T10700] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1356'. [ 317.173735][T10702] afs: Unknown parameter 'measure' [ 317.362109][ T34] usb 42-1: SetAddress Request (67) to port 0 [ 317.368611][ T34] usb 42-1: new SuperSpeed USB device number 67 using vhci_hcd [ 317.542081][T10710] netlink: 'syz.3.1359': attribute type 4 has an invalid length. [ 317.628233][T10695] vhci_hcd: connection reset by peer [ 317.635582][ T4113] vhci_hcd vhci_hcd.2: stop threads [ 317.637918][ T4113] vhci_hcd vhci_hcd.2: release socket [ 317.640179][ T4113] vhci_hcd vhci_hcd.2: disconnect device [ 318.448147][T10721] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1362'. [ 318.453534][T10721] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1362'. [ 318.532003][T10726] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1364'. [ 318.670794][T10730] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 318.672973][T10730] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 318.676139][T10730] vhci_hcd vhci_hcd.0: Device attached [ 318.736283][T10731] vhci_hcd: connection closed [ 318.736519][ T13] vhci_hcd vhci_hcd.3: stop threads [ 318.741655][ T13] vhci_hcd vhci_hcd.3: release socket [ 318.744089][ T13] vhci_hcd vhci_hcd.3: disconnect device [ 318.810107][T10736] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1368'. [ 318.814707][T10736] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1368'. [ 318.818402][T10736] FAULT_INJECTION: forcing a failure. [ 318.818402][T10736] name failslab, interval 1, probability 0, space 0, times 0 [ 318.822722][T10736] CPU: 3 UID: 0 PID: 10736 Comm: syz.2.1368 Tainted: G L syzkaller #0 PREEMPT(full) [ 318.822740][T10736] Tainted: [L]=SOFTLOCKUP [ 318.822744][T10736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 318.822751][T10736] Call Trace: [ 318.822755][T10736] [ 318.822759][T10736] dump_stack_lvl+0x16c/0x1f0 [ 318.822779][T10736] should_fail_ex+0x512/0x640 [ 318.822792][T10736] ? kmem_cache_alloc_node_noprof+0x65/0x800 [ 318.822808][T10736] should_failslab+0xc2/0x120 [ 318.822829][T10736] kmem_cache_alloc_node_noprof+0x86/0x800 [ 318.822843][T10736] ? __alloc_skb+0x156/0x410 [ 318.822858][T10736] ? __alloc_skb+0x156/0x410 [ 318.822868][T10736] __alloc_skb+0x156/0x410 [ 318.822879][T10736] ? __alloc_skb+0x35d/0x410 [ 318.822894][T10736] ? __pfx___alloc_skb+0x10/0x10 [ 318.822905][T10736] ? nf_conntrack_find_get+0x137/0x350 [ 318.822919][T10736] ? nf_conntrack_find_get+0x141/0x350 [ 318.822931][T10736] ctnetlink_get_conntrack+0x320/0x7d0 [ 318.822943][T10736] ? __pfx_ctnetlink_get_conntrack+0x10/0x10 [ 318.822959][T10736] ? find_held_lock+0x2b/0x80 [ 318.822977][T10736] nfnetlink_rcv_msg+0x9fc/0x1200 [ 318.822994][T10736] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 318.823008][T10736] ? stack_trace_save+0x8e/0xc0 [ 318.823038][T10736] ? __lock_acquire+0x436/0x2890 [ 318.823051][T10736] netlink_rcv_skb+0x158/0x420 [ 318.823067][T10736] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 318.823080][T10736] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 318.823102][T10736] ? ns_capable+0xd7/0x110 [ 318.823118][T10736] nfnetlink_rcv+0x1b3/0x430 [ 318.823130][T10736] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 318.823142][T10736] ? netlink_deliver_tap+0x1ae/0xd30 [ 318.823159][T10736] netlink_unicast+0x5aa/0x870 [ 318.823177][T10736] ? __pfx_netlink_unicast+0x10/0x10 [ 318.823197][T10736] netlink_sendmsg+0x8c8/0xdd0 [ 318.823216][T10736] ? __pfx_netlink_sendmsg+0x10/0x10 [ 318.823233][T10736] ? aa_sock_msg_perm.constprop.0+0x100/0x1b0 [ 318.823254][T10736] ____sys_sendmsg+0xa5d/0xc30 [ 318.823273][T10736] ? __pfx_____sys_sendmsg+0x10/0x10 [ 318.823289][T10736] ? get_compat_msghdr+0x11a/0x170 [ 318.823313][T10736] ___sys_sendmsg+0x134/0x1d0 [ 318.823338][T10736] ? __pfx____sys_sendmsg+0x10/0x10 [ 318.823371][T10736] ? find_held_lock+0x2b/0x80 [ 318.823408][T10736] __sys_sendmsg+0x16d/0x220 [ 318.823431][T10736] ? __pfx___sys_sendmsg+0x10/0x10 [ 318.823467][T10736] __do_fast_syscall_32+0xe8/0x680 [ 318.823496][T10736] do_fast_syscall_32+0x32/0x80 [ 318.823514][T10736] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 318.823533][T10736] RIP: 0023:0xf7fa6579 [ 318.823546][T10736] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 318.823562][T10736] RSP: 002b:00000000f549655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 318.823580][T10736] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080000000 [ 318.823592][T10736] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 318.823603][T10736] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 318.823613][T10736] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 318.823622][T10736] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 318.823645][T10736] [ 319.552143][T10756] binder_alloc: 10755: binder_alloc_buf size 32768 failed, no address space [ 319.556614][T10756] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 16384 (num: 1 largest: 16384) [ 319.767466][T10759] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 319.770394][T10759] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 319.774156][T10759] vhci_hcd vhci_hcd.0: Device attached [ 320.049513][ T6206] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 320.072836][ T60] usb 44-1: SetAddress Request (83) to port 0 [ 320.075697][ T60] usb 44-1: new SuperSpeed USB device number 83 using vhci_hcd [ 320.222801][ T6206] usb 8-1: Using ep0 maxpacket: 8 [ 320.230389][ T6206] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 320.246572][ T6206] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 320.249875][ T6206] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.257793][ T6206] usb 8-1: config 0 descriptor?? [ 320.475181][ T6206] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 321.958647][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 321.958698][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.215671][T10782] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 322.218255][T10782] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 322.220977][T10782] vhci_hcd vhci_hcd.0: Device attached [ 322.288309][T10783] vhci_hcd: connection closed [ 322.288610][ T4113] vhci_hcd vhci_hcd.0: stop threads [ 322.292247][ T4113] vhci_hcd vhci_hcd.0: release socket [ 322.294258][ T4113] vhci_hcd vhci_hcd.0: disconnect device [ 322.434400][ T34] usb 42-1: device descriptor read/8, error -110 [ 322.618073][ T6206] usb 8-1: USB disconnect, device number 8 [ 322.622288][T10760] vhci_hcd: connection reset by peer [ 322.624789][ T1169] vhci_hcd vhci_hcd.3: stop threads [ 322.627391][ T1169] vhci_hcd vhci_hcd.3: release socket [ 322.629279][ T1169] vhci_hcd vhci_hcd.3: disconnect device [ 322.820356][T10792] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1382'. [ 322.825699][ T34] usb usb42-port1: attempt power cycle [ 323.845983][ T34] usb usb42-port1: unable to enumerate USB device [ 324.587136][T10826] comedi comedi0: Minor 3 could not be opened [ 324.609879][T10826] netlink: 'syz.2.1391': attribute type 13 has an invalid length. [ 324.787375][T10826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 324.792930][T10826] 8021q: adding VLAN 0 to HW filter on device team0 [ 324.821579][T10826] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 324.828897][ T6012] lo speed is unknown, defaulting to 1000 [ 324.831579][ T6012] syz: Port: 1 Link ACTIVE [ 324.972351][T10828] binder_alloc: 10827: binder_alloc_buf size 78080 failed, no address space [ 324.975536][T10828] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 16384 (num: 1 largest: 16384) [ 325.088406][T10834] ptrace attach of "/syz-executor exec"[10835] was attempted by "/syz-executor exec"[10834] [ 325.156853][ T60] usb 44-1: device descriptor read/8, error -110 [ 325.376393][T10849] vlan2: entered promiscuous mode [ 325.547936][ T60] usb usb44-port1: attempt power cycle [ 325.561887][T10854] syzkaller0: entered promiscuous mode [ 325.563720][T10854] syzkaller0: entered allmulticast mode [ 325.694057][T10856] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1404'. [ 325.697332][T10856] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1404'. [ 326.149201][ T60] usb usb44-port1: unable to enumerate USB device [ 327.896854][ T5951] Bluetooth: hci3: connection err: -111 [ 329.001390][T10898] lo speed is unknown, defaulting to 1000 [ 329.004083][T10898] lo speed is unknown, defaulting to 1000 [ 329.007036][T10898] ip6_vti0 speed is unknown, defaulting to 1000 [ 329.585960][ T3696] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 329.589021][ T3696] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 330.310342][T10919] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1424'. [ 330.314016][T10919] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1424'. [ 330.446629][T10928] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 330.492946][T10936] netlink: 'syz.0.1427': attribute type 4 has an invalid length. [ 331.644437][T10948] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 331.647200][T10948] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 331.651914][T10948] vhci_hcd vhci_hcd.0: Device attached [ 331.781678][ T40] audit: type=1800 audit(1766646319.825:166): pid=10948 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1430" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 331.870890][ T76] Bluetooth: hci4: Frame reassembly failed (-84) [ 331.939961][ T5957] usb 44-1: SetAddress Request (87) to port 0 [ 331.943470][ T5957] usb 44-1: new SuperSpeed USB device number 87 using vhci_hcd [ 333.293033][T10964] ALSA: mixer_oss: invalid OSS volume '' [ 333.881124][ T5303] Bluetooth: hci4: command 0x1003 tx timeout [ 333.881230][ T5951] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 334.001760][T10949] vhci_hcd: connection reset by peer [ 334.005696][ T1169] vhci_hcd vhci_hcd.3: stop threads [ 334.010916][ T1169] vhci_hcd vhci_hcd.3: release socket [ 334.021595][ T1169] vhci_hcd vhci_hcd.3: disconnect device [ 334.793187][T10982] ubi31: attaching mtd0 [ 334.796709][T10982] ubi31: scanning is finished [ 334.798386][T10982] ubi31: empty MTD device detected [ 334.810893][T10984] netlink: 212328 bytes leftover after parsing attributes in process `syz.0.1442'. [ 334.821585][T10984] netlink: Conntrack attr has 4 unknown bytes [ 334.872981][T10985] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1441'. [ 334.979475][T10982] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 334.989483][T10982] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 335.099353][T10982] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 335.104642][T10982] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 335.107833][T10982] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 335.116513][T10982] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 335.119803][T10982] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2298488283 [ 335.129851][T10982] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 335.137125][T10988] ubi31: background thread "ubi_bgt31d" started, PID 10988 [ 335.256850][T10994] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1445'. [ 335.267749][T10994] vlan3: entered promiscuous mode [ 335.315617][T10995] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 335.317926][T10995] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 335.321074][T10995] vhci_hcd vhci_hcd.0: Device attached [ 335.592108][ T6041] usb 38-1: SetAddress Request (74) to port 0 [ 335.594944][ T6041] usb 38-1: new SuperSpeed USB device number 74 using vhci_hcd [ 335.869708][T10996] vhci_hcd: connection reset by peer [ 335.884820][ T3696] vhci_hcd vhci_hcd.0: stop threads [ 335.887301][ T3696] vhci_hcd vhci_hcd.0: release socket [ 335.890014][ T3696] vhci_hcd vhci_hcd.0: disconnect device [ 336.622210][T11012] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 337.012737][ T5957] usb 44-1: device descriptor read/8, error -110 [ 337.633108][T11023] netlink: 'syz.0.1455': attribute type 4 has an invalid length. [ 337.698821][T11024] ubi31: detaching mtd0 [ 337.706896][T11024] ubi31: mtd0 is detached [ 338.417943][ T5957] usb usb44-port1: attempt power cycle [ 338.985084][ T5957] usb usb44-port1: unable to enumerate USB device [ 339.249646][T11041] genirq: Flags mismatch irq 4. 00200000 (pcl816) vs. 00200080 (ttyS0) [ 340.566327][T11059] netlink: 212328 bytes leftover after parsing attributes in process `syz.2.1468'. [ 340.569800][T11059] netlink: Conntrack attr has 4 unknown bytes [ 340.692924][T11064] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1470'. [ 340.694938][ T6041] usb 38-1: device descriptor read/8, error -110 [ 340.696566][T11064] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1470'. [ 341.091646][ T6041] usb usb38-port1: attempt power cycle [ 341.564804][T11077] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 341.664891][ T6041] usb usb38-port1: unable to enumerate USB device [ 341.711492][T11077] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 341.802724][T11077] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 341.908549][T11077] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.022307][T11085] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1478'. [ 342.111581][ T13] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.132890][ T13] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.222355][ T1169] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.239190][ T1169] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.332162][T11093] FAULT_INJECTION: forcing a failure. [ 342.332162][T11093] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 342.337529][T11093] CPU: 3 UID: 0 PID: 11093 Comm: syz.3.1481 Tainted: G L syzkaller #0 PREEMPT(full) [ 342.337557][T11093] Tainted: [L]=SOFTLOCKUP [ 342.337563][T11093] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 342.337574][T11093] Call Trace: [ 342.337580][T11093] [ 342.337587][T11093] dump_stack_lvl+0x16c/0x1f0 [ 342.337619][T11093] should_fail_ex+0x512/0x640 [ 342.337643][T11093] should_fail_alloc_page+0xe7/0x130 [ 342.337672][T11093] prepare_alloc_pages+0x401/0x670 [ 342.337699][T11093] ? rcu_is_watching+0x12/0xc0 [ 342.337726][T11093] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 342.337751][T11093] ? smp_call_function_many_cond+0x457/0x15e0 [ 342.337782][T11093] ? __pfx_should_flush_tlb+0x10/0x10 [ 342.337807][T11093] ? __pfx_flush_tlb_func+0x10/0x10 [ 342.337828][T11093] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 342.337854][T11093] ? lru_gen_add_folio+0x1a4/0xef0 [ 342.337878][T11093] ? __lock_acquire+0x436/0x2890 [ 342.337898][T11093] ? __lock_acquire+0x436/0x2890 [ 342.337914][T11093] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 342.337941][T11093] ? policy_nodemask+0xea/0x4e0 [ 342.337970][T11093] alloc_pages_mpol+0x1fb/0x550 [ 342.337998][T11093] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 342.338031][T11093] folio_alloc_mpol_noprof+0x36/0x2f0 [ 342.338051][T11093] vma_alloc_folio_noprof+0xed/0x1e0 [ 342.338069][T11093] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 342.338089][T11093] ? rcu_read_unlock+0x2d/0xb0 [ 342.338114][T11093] do_wp_page+0x202f/0x5010 [ 342.338147][T11093] ? __pfx_do_wp_page+0x10/0x10 [ 342.338183][T11093] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 342.338212][T11093] __handle_mm_fault+0x1bd2/0x2bb0 [ 342.338238][T11093] ? __pfx___handle_mm_fault+0x10/0x10 [ 342.338259][T11093] ? __pte_offset_map_lock+0x174/0x310 [ 342.338283][T11093] ? vm_normal_page+0x1c4/0x320 [ 342.338307][T11093] ? find_held_lock+0x2b/0x80 [ 342.338338][T11093] ? follow_page_pte+0x5cf/0x1390 [ 342.338369][T11093] handle_mm_fault+0x3fe/0xad0 [ 342.338394][T11093] __get_user_pages+0x54e/0x3590 [ 342.338429][T11093] ? __pfx___get_user_pages+0x10/0x10 [ 342.338463][T11093] __gup_longterm_locked+0xa92/0x17e0 [ 342.338490][T11093] ? __lock_acquire+0x436/0x2890 [ 342.338511][T11093] ? __pfx___gup_longterm_locked+0x10/0x10 [ 342.338551][T11093] pin_user_pages_remote+0xed/0x140 [ 342.338580][T11093] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 342.338605][T11093] ? mm_access+0x22d/0x2e0 [ 342.338639][T11093] process_vm_rw_core.constprop.0+0x41b/0x970 [ 342.338674][T11093] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 342.338700][T11093] ? import_ubuf+0x1b6/0x220 [ 342.338730][T11093] ? iovec_from_user+0xbb/0x140 [ 342.338752][T11093] process_vm_rw+0x216/0x2c0 [ 342.338778][T11093] ? __pfx_process_vm_rw+0x10/0x10 [ 342.338808][T11093] ? ksys_write+0x190/0x250 [ 342.338842][T11093] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 342.338881][T11093] ? fput+0x70/0xf0 [ 342.338898][T11093] ? ksys_write+0x1ac/0x250 [ 342.338927][T11093] __ia32_sys_process_vm_writev+0xdf/0x1b0 [ 342.338951][T11093] ? __do_fast_syscall_32+0x9a/0x680 [ 342.338978][T11093] ? lockdep_hardirqs_on+0x7c/0x110 [ 342.339003][T11093] __do_fast_syscall_32+0xe8/0x680 [ 342.339033][T11093] do_fast_syscall_32+0x32/0x80 [ 342.339050][T11093] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 342.339071][T11093] RIP: 0023:0xf7f21579 [ 342.339086][T11093] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 342.339103][T11093] RSP: 002b:00000000f541655c EFLAGS: 00000296 ORIG_RAX: 000000000000015c [ 342.339121][T11093] RAX: ffffffffffffffda RBX: 0000000000000593 RCX: 0000000080001c80 [ 342.339133][T11093] RDX: 0000000000000001 RSI: 0000000080001d80 RDI: 0000000000000001 [ 342.339143][T11093] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 342.339154][T11093] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 342.339164][T11093] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 342.339196][T11093] [ 342.845488][T11103] tmpfs: Unknown parameter 'hash' [ 342.888818][ T40] audit: type=1326 audit(1766646330.919:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11099 comm="syz.3.1483" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f21579 code=0x0 [ 343.067869][T11101] lo speed is unknown, defaulting to 1000 [ 343.070584][T11101] lo speed is unknown, defaulting to 1000 [ 343.073236][T11101] ip6_vti0 speed is unknown, defaulting to 1000 [ 343.346603][T11097] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1482'. [ 343.584917][T11115] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1485'. [ 343.713091][T11118] vlan2: entered allmulticast mode [ 343.714981][T11118] bridge_slave_0: entered allmulticast mode [ 346.147666][T11156] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 346.149883][T11156] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 346.153554][T11156] vhci_hcd vhci_hcd.0: Device attached [ 346.168783][T11156] random: crng reseeded on system resumption [ 346.205301][ T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 346.209352][ T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 346.234506][T11156] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 346.438174][ T145] usb 44-1: SetAddress Request (91) to port 0 [ 346.440375][ T145] usb 44-1: new SuperSpeed USB device number 91 using vhci_hcd [ 346.543695][T11160] capability: warning: `syz.0.1499' uses 32-bit capabilities (legacy support in use) [ 346.761443][T11166] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1501'. [ 346.765604][T11166] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1501'. [ 346.858004][T11170] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1501'. [ 347.336499][T11157] vhci_hcd: connection reset by peer [ 347.337428][ T13] vhci_hcd vhci_hcd.3: stop threads [ 347.393673][ T13] vhci_hcd vhci_hcd.3: release socket [ 347.394640][ T13] vhci_hcd vhci_hcd.3: disconnect device [ 348.335069][T11194] vlan2: entered promiscuous mode [ 348.483009][T11196] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1510'. [ 348.486157][T11196] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1510'. [ 349.088749][T11214] siw: device registration error -23 [ 350.649728][T11227] tmpfs: Unknown parameter '' [ 350.655214][T11227] netlink: 116 bytes leftover after parsing attributes in process `syz.0.1519'. [ 351.239037][T11234] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 351.241427][T11234] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 351.244931][T11234] vhci_hcd vhci_hcd.0: Device attached [ 351.491056][ T145] usb 44-1: device descriptor read/8, error -110 [ 351.521257][ T6012] usb 38-1: SetAddress Request (78) to port 0 [ 351.524025][ T6012] usb 38-1: new SuperSpeed USB device number 78 using vhci_hcd [ 351.579018][T11235] vhci_hcd: connection reset by peer [ 351.582027][ T4113] vhci_hcd vhci_hcd.0: stop threads [ 351.583819][ T4113] vhci_hcd vhci_hcd.0: release socket [ 351.585813][ T4113] vhci_hcd vhci_hcd.0: disconnect device [ 351.900335][T11245] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1523'. [ 351.912456][ T145] usb usb44-port1: attempt power cycle [ 352.484369][ T145] usb usb44-port1: unable to enumerate USB device [ 353.634873][T11268] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9) [ 353.637234][T11268] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 353.641240][T11268] vhci_hcd vhci_hcd.0: Device attached [ 353.704360][T11268] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check. [ 353.877318][T11274] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1531'. [ 353.881298][T11274] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1531'. [ 353.922512][ T53] usb 42-1: SetAddress Request (71) to port 0 [ 353.924634][ T53] usb 42-1: new SuperSpeed USB device number 71 using vhci_hcd [ 353.985439][T11269] vhci_hcd: connection reset by peer [ 353.989517][ T3696] vhci_hcd vhci_hcd.2: stop threads [ 353.991290][ T3696] vhci_hcd vhci_hcd.2: release socket [ 353.993421][ T3696] vhci_hcd vhci_hcd.2: disconnect device [ 354.172600][ T145] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 354.322679][ T145] usb 5-1: Using ep0 maxpacket: 16 [ 354.325643][ T145] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 354.329367][ T145] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 354.332531][ T145] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 354.336891][ T145] usb 5-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 354.339915][ T145] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.343945][ T145] usb 5-1: config 0 descriptor?? [ 354.763885][ T145] input: HID 05ac:8241 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/0003:05AC:8241.0004/input/input10 [ 354.864837][ T145] appleir 0003:05AC:8241.0004: input,hiddev0,hidraw1: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.0-1/input0 [ 355.021557][ T34] usb 5-1: USB disconnect, device number 6 [ 355.595279][T11312] vlan2: entered promiscuous mode [ 355.795174][T11322] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1548'. [ 355.798234][T11322] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1548'. [ 356.054403][T11330] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1551'. [ 356.420218][T11341] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9) [ 356.422431][T11341] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 356.443939][T11341] vhci_hcd vhci_hcd.0: Device attached [ 356.528590][T11341] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 356.614002][ T6012] usb 38-1: device descriptor read/8, error -110 [ 356.754383][ T145] usb 44-1: SetAddress Request (95) to port 0 [ 356.756515][ T145] usb 44-1: new SuperSpeed USB device number 95 using vhci_hcd [ 357.031951][ T6012] usb usb38-port1: attempt power cycle [ 357.039541][T11342] vhci_hcd: connection reset by peer [ 357.042187][ T76] vhci_hcd vhci_hcd.3: stop threads [ 357.043951][ T76] vhci_hcd vhci_hcd.3: release socket [ 357.045987][ T76] vhci_hcd vhci_hcd.3: disconnect device [ 357.595063][ T6012] usb usb38-port1: unable to enumerate USB device [ 357.976587][T11362] netlink: 212328 bytes leftover after parsing attributes in process `syz.3.1561'. [ 357.979804][T11362] netlink: Conntrack attr has 4 unknown bytes [ 358.288006][T11368] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 358.290340][T11368] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 358.297861][T11368] vhci_hcd vhci_hcd.0: Device attached [ 358.570732][T11367] vlan2: entered promiscuous mode [ 358.572671][T11367] vlan2: entered allmulticast mode [ 358.574465][T11367] hsr_slave_1: entered allmulticast mode [ 358.853656][T11369] vhci_hcd: connection closed [ 358.855195][ T1140] vhci_hcd vhci_hcd.3: stop threads [ 358.865354][ T1140] vhci_hcd vhci_hcd.3: release socket [ 358.869267][ T1140] vhci_hcd vhci_hcd.3: disconnect device [ 359.015371][ T53] usb 42-1: device descriptor read/8, error -110 [ 359.421060][ T53] usb usb42-port1: attempt power cycle [ 359.927953][T11380] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 359.930602][T11380] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 359.933925][T11380] vhci_hcd vhci_hcd.0: Device attached [ 360.098904][ T53] usb usb42-port1: unable to enumerate USB device [ 360.237761][T11390] /dev/nullb0: Can't open blockdev [ 360.533517][T11381] vhci_hcd: connection closed [ 360.533884][ T1142] vhci_hcd vhci_hcd.3: stop threads [ 360.538573][ T1142] vhci_hcd vhci_hcd.3: release socket [ 360.541350][ T1142] vhci_hcd vhci_hcd.3: disconnect device [ 361.303835][T11417] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1578'. [ 361.340697][T11419] netlink: 'syz.0.1579': attribute type 4 has an invalid length. [ 361.827164][ T145] usb 44-1: device descriptor read/8, error -110 [ 362.273030][ T145] usb usb44-port1: attempt power cycle [ 362.299546][T11434] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 362.302322][T11434] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 362.314428][T11434] vhci_hcd vhci_hcd.0: Device attached [ 362.397499][ T145] usb 44-1: SetAddress Request (97) to port 0 [ 362.402245][ T145] usb 44-1: new SuperSpeed USB device number 97 using vhci_hcd [ 362.946411][T11435] vhci_hcd: connection reset by peer [ 362.949318][ T1140] vhci_hcd vhci_hcd.3: stop threads [ 362.951129][ T1140] vhci_hcd vhci_hcd.3: release socket [ 362.953020][ T1140] vhci_hcd vhci_hcd.3: disconnect device [ 363.938249][T11453] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1590'. [ 364.028186][T11456] siw: device registration error -23 [ 365.020502][T11468] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 365.020530][T11468] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 365.020842][T11468] vhci_hcd vhci_hcd.0: Device attached [ 365.302991][ T34] usb 38-1: SetAddress Request (82) to port 0 [ 365.305692][ T34] usb 38-1: new SuperSpeed USB device number 82 using vhci_hcd [ 365.465765][T11483] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1599'. [ 365.650637][T11469] vhci_hcd: connection reset by peer [ 365.652634][ T1142] vhci_hcd vhci_hcd.0: stop threads [ 365.654375][ T1142] vhci_hcd vhci_hcd.0: release socket [ 365.657298][ T1142] vhci_hcd vhci_hcd.0: disconnect device [ 366.235145][T11495] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 366.235439][T11495] x_tables: ip6_tables: SNPT target: used from hooks FORWARD, but only usable from INPUT/POSTROUTING [ 366.488891][T11504] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1606'. [ 366.694574][T11507] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 366.694602][T11507] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 366.694833][T11507] vhci_hcd vhci_hcd.0: Device attached [ 366.740166][T11507] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 366.927120][T11515] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1610'. [ 366.932675][T11515] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1610'. [ 367.078194][T11527] netlink: 'syz.2.1614': attribute type 4 has an invalid length. [ 367.580074][ T145] usb 44-1: device descriptor read/8, error -110 [ 367.632794][T11508] vhci_hcd: connection closed [ 367.633082][ T4234] vhci_hcd vhci_hcd.0: stop threads [ 367.640137][ T4234] vhci_hcd vhci_hcd.0: release socket [ 367.644939][ T4234] vhci_hcd vhci_hcd.0: disconnect device [ 367.722794][ T4234] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.730658][ T60] lo speed is unknown, defaulting to 1000 [ 367.732938][ T60] syz: Port: 1 Link DOWN [ 367.734440][ T4234] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.745659][ T4234] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.758600][ T4234] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.845620][T11536] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1617'. [ 367.860059][T11536] macvlan2: entered promiscuous mode [ 367.863138][T11536] macvlan2: entered allmulticast mode [ 367.865583][T11536] bond4: (slave macvlan2): Opening slave failed [ 368.250519][ T145] usb usb44-port1: unable to enumerate USB device [ 368.411038][T11551] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 368.411056][T11551] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 368.416562][T11551] vhci_hcd vhci_hcd.0: Device attached [ 368.524286][T11553] vhci_hcd: connection closed [ 368.524603][ T1140] vhci_hcd vhci_hcd.3: stop threads [ 368.524626][ T1140] vhci_hcd vhci_hcd.3: release socket [ 368.524645][ T1140] vhci_hcd vhci_hcd.3: disconnect device [ 368.701156][T11566] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1626'. [ 368.704120][T11566] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1626'. [ 368.727916][T11568] vlan3: entered promiscuous mode [ 369.307307][T11586] sctp: [Deprecated]: syz.0.1633 (pid 11586) Use of int in maxseg socket option. [ 369.307307][T11586] Use struct sctp_assoc_value instead [ 369.558834][T11591] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1635'. [ 369.568182][T11591] vlan3: entered promiscuous mode [ 369.732124][T11594] netlink: 'syz.0.1637': attribute type 4 has an invalid length. [ 370.231210][T11606] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 370.233421][T11606] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 370.241787][T11606] vhci_hcd vhci_hcd.0: Device attached [ 370.423732][T11606] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 370.855739][T11607] vhci_hcd: connection reset by peer [ 370.857967][ T3696] vhci_hcd vhci_hcd.0: stop threads [ 370.860241][ T3696] vhci_hcd vhci_hcd.0: release socket [ 370.864174][ T3696] vhci_hcd vhci_hcd.0: disconnect device [ 370.864198][ T34] usb 38-1: device descriptor read/8, error -110 [ 372.213344][ T34] usb usb38-port1: attempt power cycle [ 372.234453][T11627] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 372.237447][T11627] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 372.241324][T11627] vhci_hcd vhci_hcd.0: Device attached [ 372.512974][ T5957] usb 44-1: SetAddress Request (99) to port 0 [ 372.515110][ T5957] usb 44-1: new SuperSpeed USB device number 99 using vhci_hcd [ 372.774450][ T34] usb usb38-port1: unable to enumerate USB device [ 372.868643][T11630] vhci_hcd: connection reset by peer [ 372.871523][ T1140] vhci_hcd vhci_hcd.3: stop threads [ 372.874650][ T1140] vhci_hcd vhci_hcd.3: release socket [ 372.877099][ T1140] vhci_hcd vhci_hcd.3: disconnect device [ 373.129887][T11637] FAULT_INJECTION: forcing a failure. [ 373.129887][T11637] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 373.135871][T11637] CPU: 1 UID: 0 PID: 11637 Comm: syz.0.1649 Tainted: G L syzkaller #0 PREEMPT(full) [ 373.135907][T11637] Tainted: [L]=SOFTLOCKUP [ 373.135914][T11637] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 373.135926][T11637] Call Trace: [ 373.135934][T11637] [ 373.135942][T11637] dump_stack_lvl+0x16c/0x1f0 [ 373.136065][T11637] should_fail_ex+0x512/0x640 [ 373.136116][T11637] should_fail_alloc_page+0xe7/0x130 [ 373.136146][T11637] prepare_alloc_pages+0x401/0x670 [ 373.136174][T11637] ? rcu_is_watching+0x12/0xc0 [ 373.136202][T11637] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 373.136228][T11637] ? smp_call_function_many_cond+0x457/0x15e0 [ 373.136260][T11637] ? __pfx_should_flush_tlb+0x10/0x10 [ 373.136288][T11637] ? __pfx_flush_tlb_func+0x10/0x10 [ 373.136312][T11637] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 373.136339][T11637] ? lock_acquire+0x179/0x330 [ 373.136360][T11637] ? __lock_acquire+0x436/0x2890 [ 373.136379][T11637] ? __lock_acquire+0x436/0x2890 [ 373.136395][T11637] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 373.136424][T11637] ? policy_nodemask+0xea/0x4e0 [ 373.136454][T11637] alloc_pages_mpol+0x1fb/0x550 [ 373.136482][T11637] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 373.136517][T11637] folio_alloc_mpol_noprof+0x36/0x2f0 [ 373.136537][T11637] vma_alloc_folio_noprof+0xed/0x1e0 [ 373.136555][T11637] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 373.136574][T11637] ? rcu_read_unlock+0x2d/0xb0 [ 373.136600][T11637] do_wp_page+0x202f/0x5010 [ 373.136634][T11637] ? __pfx_do_wp_page+0x10/0x10 [ 373.136664][T11637] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 373.136692][T11637] __handle_mm_fault+0x1bd2/0x2bb0 [ 373.136733][T11637] ? __pfx___handle_mm_fault+0x10/0x10 [ 373.136755][T11637] ? __pte_offset_map_lock+0x174/0x310 [ 373.136779][T11637] ? vm_normal_page+0x1c4/0x320 [ 373.136804][T11637] ? find_held_lock+0x2b/0x80 [ 373.136836][T11637] ? follow_page_pte+0x5cf/0x1390 [ 373.136895][T11637] handle_mm_fault+0x3fe/0xad0 [ 373.136936][T11637] __get_user_pages+0x54e/0x3590 [ 373.136974][T11637] ? __pfx___get_user_pages+0x10/0x10 [ 373.137008][T11637] __gup_longterm_locked+0xa92/0x17e0 [ 373.137035][T11637] ? __lock_acquire+0x436/0x2890 [ 373.137057][T11637] ? __pfx___gup_longterm_locked+0x10/0x10 [ 373.137097][T11637] pin_user_pages_remote+0xed/0x140 [ 373.137132][T11637] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 373.137157][T11637] ? mm_access+0x22d/0x2e0 [ 373.137196][T11637] process_vm_rw_core.constprop.0+0x41b/0x970 [ 373.137242][T11637] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 373.137269][T11637] ? import_ubuf+0x1b6/0x220 [ 373.137298][T11637] ? iovec_from_user+0xbb/0x140 [ 373.137321][T11637] process_vm_rw+0x216/0x2c0 [ 373.137346][T11637] ? __pfx_process_vm_rw+0x10/0x10 [ 373.137378][T11637] ? ksys_write+0x190/0x250 [ 373.137412][T11637] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 373.137452][T11637] ? fput+0x70/0xf0 [ 373.137470][T11637] ? ksys_write+0x1ac/0x250 [ 373.137499][T11637] __ia32_sys_process_vm_writev+0xdf/0x1b0 [ 373.137525][T11637] ? __do_fast_syscall_32+0x9a/0x680 [ 373.137553][T11637] ? lockdep_hardirqs_on+0x7c/0x110 [ 373.137580][T11637] __do_fast_syscall_32+0xe8/0x680 [ 373.137610][T11637] do_fast_syscall_32+0x32/0x80 [ 373.137630][T11637] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 373.137656][T11637] RIP: 0023:0xf705d579 [ 373.137671][T11637] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 373.137688][T11637] RSP: 002b:00000000f544d55c EFLAGS: 00000296 ORIG_RAX: 000000000000015c [ 373.137706][T11637] RAX: ffffffffffffffda RBX: 0000000000000649 RCX: 0000000080001c80 [ 373.137718][T11637] RDX: 0000000000000001 RSI: 0000000080001d80 RDI: 0000000000000001 [ 373.137729][T11637] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 373.137739][T11637] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 373.137749][T11637] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 373.137773][T11637] [ 374.327536][T11657] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 374.329714][T11657] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 374.332400][T11657] vhci_hcd vhci_hcd.0: Device attached [ 374.584700][T11658] vhci_hcd: connection closed [ 374.589107][T11459] vhci_hcd vhci_hcd.2: stop threads [ 374.593931][ T73] usb 42-1: SetAddress Request (75) to port 0 [ 374.596599][ T73] usb 42-1: new SuperSpeed USB device number 75 using vhci_hcd [ 374.596626][T11459] vhci_hcd vhci_hcd.2: release socket [ 374.660959][T11459] vhci_hcd vhci_hcd.2: disconnect device [ 375.374689][T11666] siw: device registration error -23 [ 375.437923][T11672] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 375.440144][T11672] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 375.443065][T11672] vhci_hcd vhci_hcd.0: Device attached [ 375.779991][T11678] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1663'. [ 375.789836][T11678] vlan3: entered promiscuous mode [ 376.015730][T11684] siw: device registration error -23 [ 376.190324][T11692] netlink: 'syz.2.1668': attribute type 10 has an invalid length. [ 376.544504][T11673] vhci_hcd: connection closed [ 376.544995][ T12] vhci_hcd vhci_hcd.3: stop threads [ 376.549451][ T12] vhci_hcd vhci_hcd.3: release socket [ 376.552150][ T12] vhci_hcd vhci_hcd.3: disconnect device [ 377.448779][T11722] netlink: 'syz.3.1675': attribute type 4 has an invalid length. [ 377.522011][T11724] FAULT_INJECTION: forcing a failure. [ 377.522011][T11724] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 377.526539][T11724] CPU: 3 UID: 0 PID: 11724 Comm: syz.0.1676 Tainted: G L syzkaller #0 PREEMPT(full) [ 377.526558][T11724] Tainted: [L]=SOFTLOCKUP [ 377.526562][T11724] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 377.526569][T11724] Call Trace: [ 377.526575][T11724] [ 377.526580][T11724] dump_stack_lvl+0x16c/0x1f0 [ 377.526601][T11724] should_fail_ex+0x512/0x640 [ 377.526616][T11724] should_fail_alloc_page+0xe7/0x130 [ 377.526634][T11724] prepare_alloc_pages+0x401/0x670 [ 377.526652][T11724] ? rcu_is_watching+0x12/0xc0 [ 377.526669][T11724] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 377.526685][T11724] ? smp_call_function_many_cond+0x457/0x15e0 [ 377.526704][T11724] ? __pfx_should_flush_tlb+0x10/0x10 [ 377.526721][T11724] ? __pfx_flush_tlb_func+0x10/0x10 [ 377.526735][T11724] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 377.526751][T11724] ? lock_acquire+0x179/0x330 [ 377.526763][T11724] ? __lock_acquire+0x436/0x2890 [ 377.526774][T11724] ? __lock_acquire+0x436/0x2890 [ 377.526783][T11724] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 377.526801][T11724] ? policy_nodemask+0xea/0x4e0 [ 377.526819][T11724] alloc_pages_mpol+0x1fb/0x550 [ 377.526836][T11724] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 377.526856][T11724] folio_alloc_mpol_noprof+0x36/0x2f0 [ 377.526868][T11724] vma_alloc_folio_noprof+0xed/0x1e0 [ 377.526880][T11724] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 377.526891][T11724] ? rcu_read_unlock+0x2d/0xb0 [ 377.526906][T11724] do_wp_page+0x202f/0x5010 [ 377.526927][T11724] ? __pfx_do_wp_page+0x10/0x10 [ 377.526944][T11724] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 377.526960][T11724] __handle_mm_fault+0x1bd2/0x2bb0 [ 377.526976][T11724] ? __pfx___handle_mm_fault+0x10/0x10 [ 377.526988][T11724] ? __pte_offset_map_lock+0x174/0x310 [ 377.527003][T11724] ? vm_normal_page+0x1c4/0x320 [ 377.527017][T11724] ? find_held_lock+0x2b/0x80 [ 377.527036][T11724] ? follow_page_pte+0x5cf/0x1390 [ 377.527055][T11724] handle_mm_fault+0x3fe/0xad0 [ 377.527069][T11724] __get_user_pages+0x54e/0x3590 [ 377.527090][T11724] ? __pfx___get_user_pages+0x10/0x10 [ 377.527110][T11724] __gup_longterm_locked+0xa92/0x17e0 [ 377.527132][T11724] ? __lock_acquire+0x436/0x2890 [ 377.527144][T11724] ? __pfx___gup_longterm_locked+0x10/0x10 [ 377.527168][T11724] pin_user_pages_remote+0xed/0x140 [ 377.527185][T11724] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 377.527202][T11724] ? mm_access+0x22d/0x2e0 [ 377.527222][T11724] process_vm_rw_core.constprop.0+0x41b/0x970 [ 377.527243][T11724] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 377.527259][T11724] ? import_ubuf+0x1b6/0x220 [ 377.527276][T11724] ? iovec_from_user+0xbb/0x140 [ 377.527289][T11724] process_vm_rw+0x216/0x2c0 [ 377.527304][T11724] ? __pfx_process_vm_rw+0x10/0x10 [ 377.527322][T11724] ? ksys_write+0x190/0x250 [ 377.527342][T11724] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 377.527365][T11724] ? fput+0x70/0xf0 [ 377.527376][T11724] ? ksys_write+0x1ac/0x250 [ 377.527393][T11724] __ia32_sys_process_vm_writev+0xdf/0x1b0 [ 377.527408][T11724] ? __do_fast_syscall_32+0x9a/0x680 [ 377.527426][T11724] ? lockdep_hardirqs_on+0x7c/0x110 [ 377.527441][T11724] __do_fast_syscall_32+0xe8/0x680 [ 377.527460][T11724] do_fast_syscall_32+0x32/0x80 [ 377.527470][T11724] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 377.527485][T11724] RIP: 0023:0xf705d579 [ 377.527493][T11724] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 377.527504][T11724] RSP: 002b:00000000f544d55c EFLAGS: 00000296 ORIG_RAX: 000000000000015c [ 377.527515][T11724] RAX: ffffffffffffffda RBX: 0000000000000663 RCX: 0000000080001c80 [ 377.527522][T11724] RDX: 0000000000000001 RSI: 0000000080001d80 RDI: 0000000000000001 [ 377.527528][T11724] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 377.527535][T11724] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 377.527541][T11724] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 377.527554][T11724] [ 377.665279][ T5957] usb 44-1: device descriptor read/8, error -110 [ 377.773968][T11734] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1679'. [ 377.915692][ T8406] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 378.063951][ T5957] usb usb44-port1: attempt power cycle [ 378.065739][ T8406] usb 8-1: Using ep0 maxpacket: 32 [ 378.070422][ T8406] usb 8-1: New USB device found, idVendor=04b4, idProduct=861f, bcdDevice=f9.d6 [ 378.074308][ T8406] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.079473][ T8406] usb 8-1: config 0 descriptor?? [ 378.084056][ T8406] usb 8-1: dvb_usb_v2: found a 'Anysee' in warm state [ 378.087455][ T8406] usb 8-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 378.090103][ T8406] dvb_usb_anysee 8-1:0.0: probe with driver dvb_usb_anysee failed with error -22 [ 378.680473][ T5957] usb usb44-port1: unable to enumerate USB device [ 379.092771][T11762] fuse: Bad value for 'fd' [ 379.666835][ T73] usb 42-1: device descriptor read/8, error -110 [ 380.077714][ T73] usb usb42-port1: attempt power cycle [ 380.387094][ T5951] Bluetooth: hci0: command 0x0406 tx timeout [ 380.389676][T11731] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 380.637907][ T73] usb usb42-port1: unable to enumerate USB device [ 380.676030][T11731] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 380.678655][T11731] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 380.680838][T11731] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 380.701909][ T5957] usb 8-1: USB disconnect, device number 9 [ 380.997756][T11774] ubi31: attaching mtd0 [ 381.006690][T11774] ubi31: scanning is finished [ 381.874380][T11774] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4 [ 381.927854][ T10] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 381.991693][ T40] audit: type=1326 audit(1766646370.007:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11779 comm="syz.0.1695" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 381.999097][ T40] audit: type=1326 audit(1766646370.007:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11779 comm="syz.0.1695" exe="/syz-executor" sig=0 arch=40000003 syscall=168 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 382.006157][ T40] audit: type=1326 audit(1766646370.017:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11779 comm="syz.0.1695" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 382.013493][ T40] audit: type=1326 audit(1766646370.017:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11779 comm="syz.0.1695" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 382.021184][ T40] audit: type=1326 audit(1766646370.017:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11779 comm="syz.0.1695" exe="/syz-executor" sig=0 arch=40000003 syscall=444 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 382.029042][ T40] audit: type=1326 audit(1766646370.017:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11779 comm="syz.0.1695" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 382.036085][ T40] audit: type=1326 audit(1766646370.017:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11779 comm="syz.0.1695" exe="/syz-executor" sig=0 arch=40000003 syscall=445 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 382.044170][ T40] audit: type=1326 audit(1766646370.017:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11779 comm="syz.0.1695" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 382.051433][ T40] audit: type=1326 audit(1766646370.017:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11779 comm="syz.0.1695" exe="/syz-executor" sig=0 arch=40000003 syscall=446 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 382.058927][ T40] audit: type=1326 audit(1766646370.017:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11779 comm="syz.0.1695" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 382.077894][ T10] usb 7-1: Using ep0 maxpacket: 32 [ 382.080752][ T10] usb 7-1: too many configurations: 175, using maximum allowed: 8 [ 382.087112][ T10] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 382.089784][ T10] usb 7-1: can't read configurations, error -61 [ 382.478099][ T5951] Bluetooth: hci1: command 0x0406 tx timeout [ 382.609368][ T10] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 382.680175][T11792] netlink: 116 bytes leftover after parsing attributes in process `syz.3.1698'. [ 382.706198][T11793] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 382.708431][T11793] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 382.711420][T11793] vhci_hcd vhci_hcd.0: Device attached [ 382.718317][ T5303] Bluetooth: hci3: command 0x0406 tx timeout [ 382.721155][ T5951] Bluetooth: hci2: command 0x0401 tx timeout [ 382.768271][ T10] usb 7-1: Using ep0 maxpacket: 32 [ 382.771535][ T10] usb 7-1: too many configurations: 175, using maximum allowed: 8 [ 382.776885][ T10] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 382.781003][ T10] usb 7-1: can't read configurations, error -61 [ 382.785944][ T10] usb usb7-port1: attempt power cycle [ 382.914086][T11794] vhci_hcd: connection closed [ 382.914409][ T4234] vhci_hcd vhci_hcd.0: stop threads [ 382.917776][ T4234] vhci_hcd vhci_hcd.0: release socket [ 382.920083][ T4234] vhci_hcd vhci_hcd.0: disconnect device [ 383.128471][ T10] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 383.149051][ T10] usb 7-1: Using ep0 maxpacket: 32 [ 383.151339][ T10] usb 7-1: too many configurations: 175, using maximum allowed: 8 [ 383.155165][ T10] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 383.157984][ T10] usb 7-1: can't read configurations, error -61 [ 383.288703][ T10] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 383.309253][ T10] usb 7-1: Using ep0 maxpacket: 32 [ 383.312091][ T10] usb 7-1: too many configurations: 175, using maximum allowed: 8 [ 383.317295][ T10] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 383.321236][ T10] usb 7-1: can't read configurations, error -61 [ 383.324376][ T10] usb usb7-port1: unable to enumerate USB device [ 383.440509][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.442613][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.089586][T11821] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1708'. [ 384.119309][T11821] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 384.126909][ T10] lo speed is unknown, defaulting to 1000 [ 384.129010][ T10] syz: Port: 1 Link ACTIVE [ 384.251910][T11826] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 384.254535][T11826] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 384.257599][T11826] vhci_hcd vhci_hcd.0: Device attached [ 384.529249][ T53] usb 44-1: SetAddress Request (103) to port 0 [ 384.535439][ T53] usb 44-1: new SuperSpeed USB device number 103 using vhci_hcd [ 384.688143][T11842] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1716'. [ 384.695714][T11842] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 384.854559][T11827] vhci_hcd: connection reset by peer [ 384.856816][T11710] vhci_hcd vhci_hcd.3: stop threads [ 384.858677][T11710] vhci_hcd vhci_hcd.3: release socket [ 384.860949][T11710] vhci_hcd vhci_hcd.3: disconnect device [ 385.466423][T11853] FAULT_INJECTION: forcing a failure. [ 385.466423][T11853] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 385.471691][T11853] CPU: 0 UID: 0 PID: 11853 Comm: syz.2.1720 Tainted: G L syzkaller #0 PREEMPT(full) [ 385.471722][T11853] Tainted: [L]=SOFTLOCKUP [ 385.471727][T11853] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 385.471737][T11853] Call Trace: [ 385.471745][T11853] [ 385.471754][T11853] dump_stack_lvl+0x16c/0x1f0 [ 385.471786][T11853] should_fail_ex+0x512/0x640 [ 385.471811][T11853] _copy_to_user+0x32/0xd0 [ 385.471834][T11853] simple_read_from_buffer+0xcb/0x170 [ 385.471860][T11853] proc_fail_nth_read+0x197/0x240 [ 385.471887][T11853] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 385.471918][T11853] ? rw_verify_area+0xcf/0x6c0 [ 385.471939][T11853] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 385.471965][T11853] vfs_read+0x1e4/0xcf0 [ 385.471995][T11853] ? __pfx___mutex_lock+0x10/0x10 [ 385.472019][T11853] ? __pfx_vfs_read+0x10/0x10 [ 385.472039][T11853] ? find_held_lock+0x2b/0x80 [ 385.472069][T11853] ? __fget_files+0x20e/0x3c0 [ 385.472099][T11853] ksys_read+0x12a/0x250 [ 385.472121][T11853] ? __pfx_ksys_read+0x10/0x10 [ 385.472150][T11853] __do_fast_syscall_32+0xe8/0x680 [ 385.472178][T11853] do_fast_syscall_32+0x32/0x80 [ 385.472192][T11853] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 385.472221][T11853] RIP: 0023:0xf7fa6579 [ 385.472231][T11853] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 385.472242][T11853] RSP: 002b:00000000f5496590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 385.472253][T11853] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5496620 [ 385.472260][T11853] RDX: 000000000000000f RSI: 00000000f7436ff4 RDI: 0000000000000000 [ 385.472266][T11853] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 385.472272][T11853] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 385.472281][T11853] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 385.472303][T11853] [ 385.786350][T11863] vlan2: entered promiscuous mode [ 385.900408][T11869] sp0: Synchronizing with TNC [ 385.980579][T11875] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1729'. [ 386.060559][ T8406] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 386.063752][ T8406] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 386.066933][ T8406] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 386.074761][ T8406] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 386.077612][ T8406] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 386.080113][ T8406] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 386.082582][ T8406] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 386.085488][ T8406] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 386.088385][ T8406] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 386.093751][ T8406] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 386.107025][ T8406] hid-generic 0000:0000:0000.0005: hidraw1: HID v0.03 Device [syz1] on syz1 [ 386.127596][T11882] sp0: Synchronizing with TNC [ 386.817217][T11887] veth0_to_bridge: entered promiscuous mode [ 386.823084][T11887] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1733'. [ 387.653850][T11886] veth0_to_bridge: left promiscuous mode [ 388.610328][T11917] netlink: 'syz.3.1740': attribute type 10 has an invalid length. [ 388.621159][T11917] batman_adv: batadv0: Adding interface: team0 [ 388.637287][T11917] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 388.666318][T11917] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 388.731463][T11922] QAT: failed to copy from user cfg_data. [ 389.297058][T11926] netlink: 'syz.3.1744': attribute type 4 has an invalid length. [ 389.321045][T11928] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1745'. [ 389.324233][T11928] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1745'. [ 389.532222][T11940] siw: device registration error -23 [ 389.592356][ T53] usb 44-1: device descriptor read/8, error -110 [ 390.162152][ T53] usb usb44-port1: attempt power cycle [ 390.393551][T11953] syzkaller1: entered promiscuous mode [ 390.395471][T11953] syzkaller1: entered allmulticast mode [ 390.514264][T11960] netlink: zone id is out of range [ 390.518488][T11957] FAULT_INJECTION: forcing a failure. [ 390.518488][T11957] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 390.523261][T11957] CPU: 3 UID: 0 PID: 11957 Comm: syz.2.1755 Tainted: G L syzkaller #0 PREEMPT(full) [ 390.523279][T11957] Tainted: [L]=SOFTLOCKUP [ 390.523283][T11957] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 390.523289][T11957] Call Trace: [ 390.523293][T11957] [ 390.523297][T11957] dump_stack_lvl+0x16c/0x1f0 [ 390.523318][T11957] should_fail_ex+0x512/0x640 [ 390.523333][T11957] should_fail_alloc_page+0xe7/0x130 [ 390.523352][T11957] prepare_alloc_pages+0x401/0x670 [ 390.523370][T11957] ? rcu_is_watching+0x12/0xc0 [ 390.523388][T11957] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 390.523404][T11957] ? __lock_acquire+0x436/0x2890 [ 390.523419][T11957] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 390.523433][T11957] ? __mod_zone_page_state+0xcc/0x1a0 [ 390.523445][T11957] ? lru_gen_add_folio+0x1a4/0xef0 [ 390.523460][T11957] ? __lock_acquire+0x436/0x2890 [ 390.523471][T11957] ? __lock_acquire+0x436/0x2890 [ 390.523481][T11957] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 390.523499][T11957] ? policy_nodemask+0xea/0x4e0 [ 390.523516][T11957] alloc_pages_mpol+0x1fb/0x550 [ 390.523536][T11957] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 390.523556][T11957] folio_alloc_mpol_noprof+0x36/0x2f0 [ 390.523568][T11957] vma_alloc_folio_noprof+0xed/0x1e0 [ 390.523580][T11957] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 390.523591][T11957] ? rcu_read_unlock+0x2d/0xb0 [ 390.523606][T11957] do_wp_page+0x202f/0x5010 [ 390.523626][T11957] ? __pfx_do_wp_page+0x10/0x10 [ 390.523644][T11957] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 390.523660][T11957] __handle_mm_fault+0x1bd2/0x2bb0 [ 390.523675][T11957] ? __pfx___handle_mm_fault+0x10/0x10 [ 390.523688][T11957] ? __pte_offset_map_lock+0x174/0x310 [ 390.523703][T11957] ? vm_normal_page+0x1c4/0x320 [ 390.523717][T11957] ? find_held_lock+0x2b/0x80 [ 390.523735][T11957] ? follow_page_pte+0x5cf/0x1390 [ 390.523755][T11957] handle_mm_fault+0x3fe/0xad0 [ 390.523774][T11957] __get_user_pages+0x54e/0x3590 [ 390.523796][T11957] ? __pfx___get_user_pages+0x10/0x10 [ 390.523816][T11957] __gup_longterm_locked+0xa92/0x17e0 [ 390.523832][T11957] ? __lock_acquire+0x436/0x2890 [ 390.523845][T11957] ? __pfx___gup_longterm_locked+0x10/0x10 [ 390.523868][T11957] pin_user_pages_remote+0xed/0x140 [ 390.523886][T11957] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 390.523902][T11957] ? mm_access+0x22d/0x2e0 [ 390.523922][T11957] process_vm_rw_core.constprop.0+0x41b/0x970 [ 390.523943][T11957] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 390.523959][T11957] ? import_ubuf+0x1b6/0x220 [ 390.523976][T11957] ? iovec_from_user+0xbb/0x140 [ 390.523990][T11957] process_vm_rw+0x216/0x2c0 [ 390.524005][T11957] ? __pfx_process_vm_rw+0x10/0x10 [ 390.524025][T11957] ? ksys_write+0x190/0x250 [ 390.524056][T11957] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 390.524094][T11957] ? fput+0x70/0xf0 [ 390.524113][T11957] ? ksys_write+0x1ac/0x250 [ 390.524142][T11957] __ia32_sys_process_vm_writev+0xdf/0x1b0 [ 390.524160][T11957] ? __do_fast_syscall_32+0x9a/0x680 [ 390.524178][T11957] ? lockdep_hardirqs_on+0x7c/0x110 [ 390.524193][T11957] __do_fast_syscall_32+0xe8/0x680 [ 390.524212][T11957] do_fast_syscall_32+0x32/0x80 [ 390.524222][T11957] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 390.524236][T11957] RIP: 0023:0xf7fa6579 [ 390.524245][T11957] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 390.524256][T11957] RSP: 002b:00000000f549655c EFLAGS: 00000296 ORIG_RAX: 000000000000015c [ 390.524267][T11957] RAX: ffffffffffffffda RBX: 00000000000006b6 RCX: 0000000080001c80 [ 390.524273][T11957] RDX: 0000000000000001 RSI: 0000000080001d80 RDI: 0000000000000001 [ 390.524280][T11957] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 390.524286][T11957] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 390.524292][T11957] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 390.524305][T11957] [ 390.670069][T11960] netlink: set zone limit has 4 unknown bytes [ 390.709555][T11966] netlink: 212328 bytes leftover after parsing attributes in process `syz.0.1758'. [ 390.715680][T11966] netlink: Conntrack attr has 4 unknown bytes [ 390.735044][ T53] usb usb44-port1: unable to enumerate USB device [ 391.625279][T11986] vlan3: entered promiscuous mode [ 391.691829][T11993] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1767'. [ 391.768156][T11997] geneve2: entered promiscuous mode [ 391.770909][T11997] geneve2: entered allmulticast mode [ 392.916859][T12018] lo speed is unknown, defaulting to 1000 [ 392.918449][T12021] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1777'. [ 392.920170][T12018] lo speed is unknown, defaulting to 1000 [ 392.926252][T12018] ip6_vti0 speed is unknown, defaulting to 1000 [ 392.968213][T12025] befs: (nullb0): No write support. Marking filesystem read-only [ 392.969118][T12025] befs: (nullb0): invalid magic header [ 393.780446][T12035] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1781'. [ 394.917473][T12055] binder_alloc: 12054: binder_alloc_buf size 18014398509498368 failed, no address space [ 394.921180][T12055] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 16384 (num: 1 largest: 16384) [ 394.986961][T12057] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1790'. [ 395.856309][T12070] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 395.859182][T12070] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 395.863301][T12070] vhci_hcd vhci_hcd.0: Device attached [ 395.904950][T12074] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1795'. [ 396.135403][ T34] usb 42-1: SetAddress Request (79) to port 0 [ 396.138176][ T34] usb 42-1: new SuperSpeed USB device number 79 using vhci_hcd [ 396.370119][T12084] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1799'. [ 396.391369][T12085] siw: device registration error -23 [ 396.465984][T12087] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1800'. [ 396.474808][T12087] vlan2: entered promiscuous mode [ 396.710235][T12071] vhci_hcd: connection reset by peer [ 396.715231][T11715] vhci_hcd vhci_hcd.2: stop threads [ 396.718082][T11715] vhci_hcd vhci_hcd.2: release socket [ 396.721782][T11715] vhci_hcd vhci_hcd.2: disconnect device [ 396.820218][T12094] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1802'. [ 396.934492][T12100] netlink: 116 bytes leftover after parsing attributes in process `syz.3.1805'. [ 397.037532][T12106] bond5: Unable to set up delay as MII monitoring is disabled [ 397.042264][T12106] bond5 (unregistering): Released all slaves [ 398.770039][T12123] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1813'. [ 399.221990][T12129] tmpfs: Too few inodes for current use [ 399.224924][T12129] netlink: 'syz.0.1815': attribute type 20 has an invalid length. [ 399.227600][T12129] netlink: 'syz.0.1815': attribute type 4 has an invalid length. [ 399.230185][T12129] IPv6: NLM_F_CREATE should be specified when creating new route [ 399.946021][T12140] FAULT_INJECTION: forcing a failure. [ 399.946021][T12140] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 399.951947][T12140] CPU: 1 UID: 0 PID: 12140 Comm: syz.0.1816 Tainted: G L syzkaller #0 PREEMPT(full) [ 399.951991][T12140] Tainted: [L]=SOFTLOCKUP [ 399.951998][T12140] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 399.952009][T12140] Call Trace: [ 399.952017][T12140] [ 399.952024][T12140] dump_stack_lvl+0x16c/0x1f0 [ 399.952057][T12140] should_fail_ex+0x512/0x640 [ 399.952081][T12140] _copy_to_user+0x32/0xd0 [ 399.952103][T12140] simple_read_from_buffer+0xcb/0x170 [ 399.952131][T12140] proc_fail_nth_read+0x197/0x240 [ 399.952161][T12140] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 399.952193][T12140] ? rw_verify_area+0xcf/0x6c0 [ 399.952215][T12140] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 399.952245][T12140] vfs_read+0x1e4/0xcf0 [ 399.952271][T12140] ? __pfx___mutex_lock+0x10/0x10 [ 399.952303][T12140] ? __pfx_vfs_read+0x10/0x10 [ 399.952326][T12140] ? find_held_lock+0x2b/0x80 [ 399.952356][T12140] ? __fget_files+0x20e/0x3c0 [ 399.952388][T12140] ksys_read+0x12a/0x250 [ 399.952413][T12140] ? __pfx_ksys_read+0x10/0x10 [ 399.952445][T12140] __do_fast_syscall_32+0xe8/0x680 [ 399.952476][T12140] do_fast_syscall_32+0x32/0x80 [ 399.952493][T12140] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 399.952515][T12140] RIP: 0023:0xf705d579 [ 399.952531][T12140] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 399.952548][T12140] RSP: 002b:00000000f540b590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 399.952566][T12140] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f540b620 [ 399.952577][T12140] RDX: 000000000000000f RSI: 00000000f73f6ff4 RDI: 0000000000000000 [ 399.952588][T12140] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 399.952598][T12140] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 399.952631][T12140] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 399.952657][T12140] [ 400.248767][T12137] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 400.250866][T12137] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 400.253583][T12137] vhci_hcd vhci_hcd.0: Device attached [ 400.357501][T12145] vhci_hcd: connection closed [ 400.357776][ T4234] vhci_hcd vhci_hcd.3: stop threads [ 400.362287][ T4234] vhci_hcd vhci_hcd.3: release socket [ 400.364634][ T4234] vhci_hcd vhci_hcd.3: disconnect device [ 400.382488][T12149] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1821'. [ 401.198040][ T34] usb 42-1: device descriptor read/8, error -110 [ 401.598935][ T34] usb usb42-port1: attempt power cycle [ 401.940907][T12180] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1830'. [ 401.981183][T12181] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 401.983293][T12181] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 401.986736][T12181] vhci_hcd vhci_hcd.0: Device attached [ 402.169927][ T34] usb usb42-port1: unable to enumerate USB device [ 402.269282][ T73] usb 38-1: SetAddress Request (87) to port 0 [ 402.271959][ T73] usb 38-1: new SuperSpeed USB device number 87 using vhci_hcd [ 402.296995][T12197] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1837'. [ 402.604458][T12182] vhci_hcd: connection reset by peer [ 402.608325][T11701] vhci_hcd vhci_hcd.0: stop threads [ 402.610231][T11701] vhci_hcd vhci_hcd.0: release socket [ 402.612253][T11701] vhci_hcd vhci_hcd.0: disconnect device [ 403.160900][ T34] lo speed is unknown, defaulting to 1000 [ 403.163289][ T34] syz: Port: 1 Link DOWN [ 403.166743][T12207] netlink: 'syz.2.1840': attribute type 4 has an invalid length. [ 403.172788][ T34] lo speed is unknown, defaulting to 1000 [ 403.174702][ T34] syz: Port: 1 Link ACTIVE [ 403.212797][T12209] netlink: 212328 bytes leftover after parsing attributes in process `syz.0.1841'. [ 403.217002][T12209] netlink: Conntrack attr has 4 unknown bytes [ 403.407202][T12216] tmpfs: Unknown parameter 'noinode32' [ 403.611170][T12216] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1845'. [ 403.677482][T12220] tmpfs: Unknown parameter 'hash' [ 403.904698][T12222] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1846'. [ 404.375138][T12238] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 404.375166][T12238] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 404.375559][T12238] vhci_hcd vhci_hcd.0: Device attached [ 404.568149][T12244] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1851'. [ 404.669839][ T8406] usb 44-1: SetAddress Request (107) to port 0 [ 404.669901][ T8406] usb 44-1: new SuperSpeed USB device number 107 using vhci_hcd [ 405.142220][T12239] vhci_hcd: connection reset by peer [ 405.144863][ T4234] vhci_hcd vhci_hcd.3: stop threads [ 405.146875][ T4234] vhci_hcd vhci_hcd.3: release socket [ 405.149650][ T4234] vhci_hcd vhci_hcd.3: disconnect device [ 405.199627][T12263] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1860'. [ 405.248680][T12264] tmpfs: Unknown parameter 'hash' [ 406.033220][T12279] netlink: 'syz.0.1867': attribute type 4 has an invalid length. [ 406.100908][ T5951] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 406.110843][ T5951] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 406.116771][ T5951] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 406.124768][ T5951] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 406.150972][ T5951] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 406.182478][T12280] lo speed is unknown, defaulting to 1000 [ 406.185293][T12280] lo speed is unknown, defaulting to 1000 [ 406.190277][T12280] ip6_vti0 speed is unknown, defaulting to 1000 [ 406.505622][T12280] chnl_net:caif_netlink_parms(): no params data found [ 406.609780][T12280] bridge0: port 1(bridge_slave_0) entered blocking state [ 406.613010][T12280] bridge0: port 1(bridge_slave_0) entered disabled state [ 406.615698][T12280] bridge_slave_0: entered allmulticast mode [ 406.618867][T12280] bridge_slave_0: entered promiscuous mode [ 406.623808][T12280] bridge0: port 2(bridge_slave_1) entered blocking state [ 406.626568][T12280] bridge0: port 2(bridge_slave_1) entered disabled state [ 406.630084][T12280] bridge_slave_1: entered allmulticast mode [ 406.634742][T12280] bridge_slave_1: entered promiscuous mode [ 406.688173][T12280] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 406.693177][T12293] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1870'. [ 406.695806][T12280] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 406.744669][T12280] team0: Port device team_slave_0 added [ 406.748847][T12280] team0: Port device team_slave_1 added [ 406.765751][T12280] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 406.768207][T12280] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 406.779384][T12280] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 406.799979][T12280] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 406.802541][T12280] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 406.812238][T12280] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 406.855601][T12280] hsr_slave_0: entered promiscuous mode [ 406.859277][T12280] hsr_slave_1: entered promiscuous mode [ 407.105946][T12301] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 407.108870][T12301] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 407.112539][T12301] vhci_hcd vhci_hcd.0: Device attached [ 407.203581][T12305] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1874'. [ 407.300162][ T1142] ip6gretap0 (unregistering): left promiscuous mode [ 407.372722][ T73] usb 38-1: device descriptor read/8, error -110 [ 407.667797][T12302] vhci_hcd: connection closed [ 407.668188][T11710] vhci_hcd vhci_hcd.3: stop threads [ 407.672251][T11710] vhci_hcd vhci_hcd.3: release socket [ 407.674259][T11710] vhci_hcd vhci_hcd.3: disconnect device [ 407.716934][ T1142] bond0 (unregistering): Released all slaves [ 407.761917][ T73] usb usb38-port1: attempt power cycle [ 408.162234][ T5951] Bluetooth: hci4: command tx timeout [ 408.171028][T12280] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 408.197497][T12280] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 408.214807][T12280] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 408.219781][T12280] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 408.301095][T12280] 8021q: adding VLAN 0 to HW filter on device bond0 [ 408.317759][T12280] 8021q: adding VLAN 0 to HW filter on device team0 [ 408.322176][ T73] usb usb38-port1: unable to enumerate USB device [ 408.328437][T11701] bridge0: port 1(bridge_slave_0) entered blocking state [ 408.331582][T11701] bridge0: port 1(bridge_slave_0) entered forwarding state [ 408.338184][T11701] bridge0: port 2(bridge_slave_1) entered blocking state [ 408.340643][T11701] bridge0: port 2(bridge_slave_1) entered forwarding state [ 408.522009][T12356] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1878'. [ 408.547946][T12280] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 408.572597][ T1142] ------------[ cut here ]------------ [ 408.575299][ T1142] Have pending ack frames! [ 408.576916][ T1142] WARNING: net/mac80211/main.c:1712 at ieee80211_free_ack_frame+0x14/0x30, CPU#1: kworker/u32:8/1142 [ 408.580824][ T1142] Modules linked in: [ 408.582590][ T1142] CPU: 1 UID: 0 PID: 1142 Comm: kworker/u32:8 Tainted: G L syzkaller #0 PREEMPT(full) [ 408.586176][ T1142] Tainted: [L]=SOFTLOCKUP [ 408.587670][ T1142] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 408.591150][ T1142] Workqueue: netns cleanup_net [ 408.592867][ T1142] RIP: 0010:ieee80211_free_ack_frame+0x14/0x30 [ 408.594914][ T1142] Code: ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 53 48 89 f3 e8 13 4e de f6 48 8d 3d fc 8f b8 05 <67> 48 0f b9 3a ba 02 00 00 00 48 89 de 31 ff e8 f8 20 5e fe 31 c0 [ 408.601816][ T1142] RSP: 0018:ffffc90007117820 EFLAGS: 00010293 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 408.603837][ T1142] RAX: 0000000000000000 RBX: ffff888070c81cc0 RCX: ffffffff8b6aecd3 [ 408.604735][T12280] veth0_vlan: entered promiscuous mode [ 408.606609][ T1142] RDX: ffff888027ce4980 RSI: ffffffff8ae00a8d RDI: ffffffff90989a90 [ 408.606655][ T1142] RBP: ffff8880129a6130 R08: 0000000000000007 R09: 000000007fffffff [ 408.606663][ T1142] R10: 0000000000000001 R11: 0000000000002b91 R12: dffffc0000000000 [ 408.606671][ T1142] R13: ffffffff8ae00a80 R14: 0000000080000000 R15: 0000000000000000 [ 408.615872][T12280] veth1_vlan: entered promiscuous mode [ 408.619160][ T1142] FS: 0000000000000000(0000) GS:ffff8880977fc000(0000) knlGS:0000000000000000 [ 408.627198][ T1142] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 408.629440][ T1142] CR2: 000000005782e4c0 CR3: 000000004a279000 CR4: 0000000000352ef0 [ 408.632164][ T1142] DR0: 0000000000000007 DR1: 0000000000000003 DR2: 0000000000000002 [ 408.634807][ T1142] DR3: 000000000000006a DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 408.637471][ T1142] Call Trace: [ 408.638599][ T1142] [ 408.639628][ T1142] idr_for_each+0x143/0x270 [ 408.641184][ T1142] ? __pfx_idr_for_each+0x10/0x10 [ 408.642988][ T1142] ? kfree+0x2f8/0x6e0 [ 408.644371][ T1142] ieee80211_free_hw+0x59/0x1d0 [ 408.646094][ T1142] hwsim_exit_net+0x7d9/0x1590 [ 408.647718][ T1142] ? __pfx_hwsim_exit_net+0x10/0x10 [ 408.649542][ T1142] ? ip_vs_sync_net_cleanup+0x72/0xb0 [ 408.651762][ T1142] ? __ip_vs_dev_cleanup_batch+0xb1/0x290 [ 408.653921][ T1142] ? __pfx_hwsim_exit_net+0x10/0x10 [ 408.655687][ T1142] ops_undo_list+0x2ee/0xab0 [ 408.657288][ T1142] ? __pfx_ops_undo_list+0x10/0x10 [ 408.659004][ T1142] ? cleanup_net+0x347/0x830 [ 408.660551][ T1142] ? idr_destroy+0x62/0x2e0 [ 408.662521][ T1142] cleanup_net+0x41b/0x830 [ 408.664218][ T1142] ? __pfx_cleanup_net+0x10/0x10 [ 408.666001][ T1142] ? rcu_is_watching+0x12/0xc0 [ 408.667582][ T1142] process_one_work+0x9ba/0x1b20 [ 408.669214][ T1142] ? __pfx_process_one_work+0x10/0x10 [ 408.671167][ T1142] ? assign_work+0x1a0/0x250 [ 408.672833][ T1142] worker_thread+0x6c8/0xf10 [ 408.674486][ T1142] ? __kthread_parkme+0x19e/0x250 [ 408.676217][ T1142] ? __pfx_worker_thread+0x10/0x10 [ 408.677987][ T1142] kthread+0x3c5/0x780 [ 408.679428][ T1142] ? __pfx_kthread+0x10/0x10 [ 408.680992][ T1142] ? rcu_is_watching+0x12/0xc0 [ 408.682672][ T1142] ? __pfx_kthread+0x10/0x10 [ 408.684244][ T1142] ret_from_fork+0x983/0xb10 [ 408.685804][ T1142] ? __pfx_ret_from_fork+0x10/0x10 [ 408.687496][ T1142] ? __switch_to+0x7af/0x10d0 [ 408.689091][ T1142] ? __pfx_kthread+0x10/0x10 [ 408.690635][ T1142] ret_from_fork_asm+0x1a/0x30 [ 408.692366][ T1142] [ 408.693412][ T1142] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 408.695821][ T1142] CPU: 1 UID: 0 PID: 1142 Comm: kworker/u32:8 Tainted: G L syzkaller #0 PREEMPT(full) [ 408.699418][ T1142] Tainted: [L]=SOFTLOCKUP [ 408.700857][ T1142] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 408.704317][ T1142] Workqueue: netns cleanup_net [ 408.705944][ T1142] Call Trace: [ 408.707046][ T1142] [ 408.708031][ T1142] dump_stack_lvl+0x3d/0x1f0 [ 408.709753][ T1142] vpanic+0x640/0x6f0 [ 408.711108][ T1142] ? ieee80211_free_ack_frame+0x14/0x30 [ 408.712951][ T1142] panic+0xca/0xd0 [ 408.714197][ T1142] ? __pfx_panic+0x10/0x10 [ 408.715723][ T1142] ? check_panic_on_warn+0x1f/0xb0 [ 408.717442][ T1142] check_panic_on_warn+0xab/0xb0 [ 408.719085][ T1142] __warn+0x108/0x3c0 [ 408.720430][ T1142] __report_bug+0x2a0/0x520 [ 408.721963][ T1142] ? ieee80211_free_ack_frame+0x14/0x30 [ 408.723797][ T1142] ? __pfx___report_bug+0x10/0x10 [ 408.725510][ T1142] ? kfree+0x2f8/0x6e0 [ 408.726867][ T1142] ? kfree_const+0x55/0x60 [ 408.728331][ T1142] ? kobject_put+0x213/0x6f0 [ 408.729991][ T1142] ? ieee80211_free_ack_frame+0xd/0x30 [ 408.731818][ T1142] ? idr_for_each+0x113/0x270 [ 408.733430][ T1142] report_bug_entry+0xe1/0x290 [ 408.735065][ T1142] ? ieee80211_free_ack_frame+0x14/0x30 [ 408.736979][ T1142] handle_bug+0x18a/0x260 [ 408.738435][ T1142] exc_invalid_op+0x17/0x50 [ 408.739978][ T1142] asm_exc_invalid_op+0x1a/0x20 [ 408.741660][ T1142] RIP: 0010:ieee80211_free_ack_frame+0x14/0x30 [ 408.743694][ T1142] Code: ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 53 48 89 f3 e8 13 4e de f6 48 8d 3d fc 8f b8 05 <67> 48 0f b9 3a ba 02 00 00 00 48 89 de 31 ff e8 f8 20 5e fe 31 c0 [ 408.750009][ T1142] RSP: 0018:ffffc90007117820 EFLAGS: 00010293 [ 408.752038][ T1142] RAX: 0000000000000000 RBX: ffff888070c81cc0 RCX: ffffffff8b6aecd3 [ 408.754695][ T1142] RDX: ffff888027ce4980 RSI: ffffffff8ae00a8d RDI: ffffffff90989a90 [ 408.757371][ T1142] RBP: ffff8880129a6130 R08: 0000000000000007 R09: 000000007fffffff [ 408.760263][ T1142] R10: 0000000000000001 R11: 0000000000002b91 R12: dffffc0000000000 [ 408.762881][ T1142] R13: ffffffff8ae00a80 R14: 0000000080000000 R15: 0000000000000000 [ 408.765532][ T1142] ? __pfx_ieee80211_free_ack_frame+0x10/0x10 [ 408.767532][ T1142] ? idr_for_each+0x113/0x270 [ 408.769139][ T1142] ? ieee80211_free_ack_frame+0xd/0x30 [ 408.770950][ T1142] idr_for_each+0x143/0x270 [ 408.772468][ T1142] ? __pfx_idr_for_each+0x10/0x10 [ 408.774163][ T1142] ? kfree+0x2f8/0x6e0 [ 408.775494][ T1142] ieee80211_free_hw+0x59/0x1d0 [ 408.777270][ T1142] hwsim_exit_net+0x7d9/0x1590 [ 408.779213][ T1142] ? __pfx_hwsim_exit_net+0x10/0x10 [ 408.781413][ T1142] ? ip_vs_sync_net_cleanup+0x72/0xb0 [ 408.783489][ T1142] ? __ip_vs_dev_cleanup_batch+0xb1/0x290 [ 408.785463][ T1142] ? __pfx_hwsim_exit_net+0x10/0x10 [ 408.787498][ T1142] ops_undo_list+0x2ee/0xab0 [ 408.789335][ T1142] ? __pfx_ops_undo_list+0x10/0x10 [ 408.791390][ T1142] ? cleanup_net+0x347/0x830 [ 408.793050][ T1142] ? idr_destroy+0x62/0x2e0 [ 408.794702][ T1142] cleanup_net+0x41b/0x830 [ 408.796284][ T1142] ? __pfx_cleanup_net+0x10/0x10 [ 408.797953][ T1142] ? rcu_is_watching+0x12/0xc0 [ 408.799560][ T1142] process_one_work+0x9ba/0x1b20 [ 408.801241][ T1142] ? __pfx_process_one_work+0x10/0x10 [ 408.803026][ T1142] ? assign_work+0x1a0/0x250 [ 408.804579][ T1142] worker_thread+0x6c8/0xf10 [ 408.806156][ T1142] ? __kthread_parkme+0x19e/0x250 [ 408.807865][ T1142] ? __pfx_worker_thread+0x10/0x10 [ 408.809568][ T1142] kthread+0x3c5/0x780 [ 408.810933][ T1142] ? __pfx_kthread+0x10/0x10 [ 408.812488][ T1142] ? rcu_is_watching+0x12/0xc0 [ 408.814088][ T1142] ? __pfx_kthread+0x10/0x10 [ 408.815658][ T1142] ret_from_fork+0x983/0xb10 [ 408.817224][ T1142] ? __pfx_ret_from_fork+0x10/0x10 [ 408.818944][ T1142] ? __switch_to+0x7af/0x10d0 [ 408.820501][ T1142] ? __pfx_kthread+0x10/0x10 [ 408.822048][ T1142] ret_from_fork_asm+0x1a/0x30 [ 408.823673][ T1142] [ 408.825518][ T1142] Kernel Offset: disabled [ 408.826959][ T1142] Rebooting in 86400 seconds..