last executing test programs: 1m28.91070849s ago: executing program 0 (id=13): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b70500000800000085000000a50000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000340)=[{0x0, 0x1, 0xa, 0xb}, {0x2, 0x2, 0xf, 0x7}, {0x4, 0x2, 0x13, 0x2}, {0x0, 0x5, 0x5, 0x9}], 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) syz_clone(0x800c000, &(0x7f0000001480), 0x0, 0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000006c0), r1) sendmsg$NLBL_CIPSOV4_C_LIST(r1, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000700)={0x14, r2, 0x1}, 0x14}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000079e02200850000006d00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) socket$inet_tcp(0x2, 0x1, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r5, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8) timer_create(0x2, &(0x7f0000000140)={0x0, 0x17, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000540)=0x0) timer_settime(r6, 0x1, &(0x7f0000000580)={{}, {0x0, 0x989680}}, &(0x7f00000005c0)) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x2, 0x13, 0x0, 0x0, 0x2}, 0x10}}, 0x0) setsockopt$sock_int(r7, 0x1, 0x8, &(0x7f00000001c0), 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r9 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x164f42) ioctl$LOOP_CONFIGURE(r9, 0x4c0a, &(0x7f0000001ac0)={r8, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78b39843d601010000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323695c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200"}}) 1m28.042033328s ago: executing program 0 (id=14): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="020d00001000000000000000000000000800120002000200000000000000000010002b63d9f50000000000000000000010006c00000000000000000000000000fc020000000000000000000000000000030005000000000002000000ac1414aa0000000000000000030006000000000002"], 0x80}}, 0x0) syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) ioperm(0x0, 0x9, 0x7) r1 = memfd_create(&(0x7f0000000000)='\t^\x1ax1\xc7\xbe\xa1\xc6F\xfa\x9cq\xb1w&\xdfP\xba\xdf\xf9F\xc1\xd4x\xaa\x92~srQ\xeaS\x88\xad\xd1Js\\\xb2\xc5\xed\xe8\x7f\xdc(\x01\xcey\xc7\x15?\n\xad\xe7R\x9e\xe1K\xfd\xc95f@O}\\\xdd\xca!;\xf38\'D9\xcb\xda\xa1\xc1p\xd4)\x18x\x17\xab7\x06\x9f\xe3X\v\xf2\xcc\x05\xb4( m\xde\x0f\xf3\xf8\x1b\vW\x00\x90\x01\xfe\x1e<\xabL-3\xe6\x81V\x8d3\x1b$\x0e\x00\x00\x00\x00\x00\x00\x94&\xac\x88\x95\xff\xda\x14d\xcbx\bx\x95\xab\xcb@\x8d\xa0\xe4I\xff\x87\x90\xd9\x89O\x98\x90\x86\xff\xcc\xc1\xf5\r\xea\x19c\xba\xa9\"d$\x01h\x0f&/B\xa5\x18%\xc7\x00\x17\x00\x00sH\xc7ex#\xb0\xe4\x1b\xce\x0f\xear,-\n\xe6gB#\x8ch=:F$\xe6\x87\xf0AF\xd5\x84c\xd5\xd5(\xb3\xac\x9b\x80\x81y\xf1\a\x0f \xbb\xfa\xd3\x88\xad=5J\x13>u\x8c\x00\x00\x00\x00\xff\xff\xff\xff\xb8~\xaa-\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\xdf\xcf\b\x9f\xb6\xf2\x84\xbag\xe5.\xe4\x1f\xb3\xf4\xc6\xad\x06\x1btb\"\x87\x0f\xd7\xf9\x10~\xdc7\xe7\xdc\x11\xd8?\x040\xc5%%\x1c\x8d\xe0\xb99\x10\x11\x84\xbb\xa9\x9em\x1d\xfd\xd4\xcf\x8cH\xa6\x980\xadg\x9b\x8b$\x0e\x04\xd8\xaa\x17\xac\xf4\xda\xd0z\x87H\x03Du\x91\x839\xec\xd7\xde\xf2P\xf6dj-b\x84\x18\xe9\fy`\xca\x86Za7\xe4P\x95B\xeefTdk\x83\xcc\xa4\xa5\b\x1e\x998\x042\xb2\xdd\x8a\xea\xefQ\xf3-Z\a\xd3\xbb\xd5\x80\xb7\v\xa9\xae*\xca\xd90\xc8\xf4_\xe9N7*K:\xe1\xa4\xf7G\a\xd4Q\f7\xdeK,&\xf8\xe7\xffj\xd1\xae\xa1\x04\xf9\xd5\xc5\\\xcc:\xb1\xa70\x84\xf72 \xd1\xcb}Ky\xa5\x9bx&\xad\xf0U\x1aK\x8bN\xcd\xf50\xa3\xc7\xee\x7f\x1a#\xc9\xb3^\xdd/\x13\xb6\xe9%\xed\x04\xf4o}\x17U\x16C\xb2\xea7C\xb6fH$\xd6\xeb\x03\xd2\xa9\xa0\x9a\x93\xed-S\xe5p\xa28*\x98C\xa9\xf5\xf1*\xaa3\xb9\x88\xb3E\x03\x06\xf7\xa7', 0xa) fchmod(r1, 0x184) mkdir(0x0, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = syz_io_uring_setup(0xa05, &(0x7f0000000740)={0x0, 0xa004, 0x200, 0x3, 0x28a, 0x0, r3}, &(0x7f00000007c0)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL) io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="00000000000000000000000041e395ea00000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x10, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000006100bffa00000000bf91000000000000b70200000000000085000000000000009f0000000000000095", @ANYRESOCT=r7, @ANYRES16=r7, @ANYRESHEX=r7, @ANYRES64=r7, @ANYRESDEC=r4, @ANYRESOCT=r1], &(0x7f00000006c0)='GPL\x00', 0x9, 0xf3, &(0x7f0000000140)=""/243, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xa9, @void, @value}, 0x94) r8 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000180)={'vcan0\x00'}) sendmmsg$unix(r8, &(0x7f000000ca80)=[{{&(0x7f00000000c0)=@file={0x1d, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0xc0}}], 0x1, 0x2040080) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x65c, 0xcc, 0x0, 0x1ac, 0x0, 0x1ac, 0x594, 0x594, 0x594, 0x594, 0x594, 0x6, 0x0, {[{{@uncond, 0x0, 0xa4, 0xcc}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x5}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x6, 0x0, 0x0, 0x44}, 0x0, 0xa4, 0xe0}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xf4, 0x138, 0x0, {}, [@common=@unspec=@connmark={{0x2c}}, @common=@inet=@socket1={{0x24}}]}, @SNPT={0x44, 'SNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00', @ipv4=@private}}}, {{@uncond, 0x0, 0x11c, 0x140, 0x0, {}, [@common=@frag={{0x30}}, @common=@hbh={{0x48}}]}, @inet=@DSCP={0x24}}, {{@uncond, 0x0, 0x134, 0x170, 0x0, {}, [@common=@dst={{0x48}}, @common=@dst={{0x48}}]}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x6b8) openat$nullb(0xffffff9c, &(0x7f0000000100), 0x0, 0x0) r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000089500000000000000d3395c874c7332217fdf7d3779aee10bf90ae95367e56b84bcbc9f6b6cf0890bd75c8c09e0a62de77555f72b1d68c703b1eb5e6bce380b3a9fed711123ef9c24090dfa21463f2d98fdab894837c908b113b926101fb7381354fd0fadc1d6cca95de1b596b38b14f7bef232a2db07f21fc74635b806bdd1e556d2dc9ce47192f39eeca128999eca24ba6b48a9330066d5dfb5"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r10}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_rdma(0x10, 0x3, 0x14) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x800000001, 0x0, 0x106, 0xa}}, 0x20) 1m27.784781303s ago: executing program 0 (id=16): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f00000006c0)={0x0, 0xa33f, 0x2, 0x3, 0x0, 0x0, r1}, &(0x7f0000000300)=0x0, &(0x7f0000000340)=0x0) r5 = openat$fb1(0xffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r5, 0x4601, &(0x7f0000000380)={0x3c0, 0x78, 0x3e, 0x3e, 0x1, 0x3e, 0x3e, 0x8000, {0x0, 0x9}, {0x0, 0xfffffffc}, {0x8000, 0xfffffffe}, {}, 0x0, 0x5f26cac45b5bcb9c, 0x0, 0x0, 0x0, 0x2000, 0x8000, 0x30000000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x3}) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r2, 0x2def, 0x4000, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) ioctl$DRM_IOCTL_GET_CLIENT(r1, 0xc0186405, &(0x7f0000000140)={0x1, 0x83, {0x0}, {0x0}, 0x8, 0x800}) ptrace$pokeuser(0x6, r6, 0x4, 0xf) r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r8, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) r9 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r9, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)=[{0x0}, {&(0x7f0000000440)="faaf0ad9398461628608c2645ffc4138ca58e5f42e6f2569b30535cb45fdace9e52576976cecef4cfb82f171715e068068f00a04ccb43a41d439bd54f7091a5d2d4214055a0aa6e69f0c4c6851db90baf33b2839bd5c02bdd422b95029d1a99c4fb82cc6a31160a6b3224b9d51cf0c66275b9e01b9c630e21d472fff59e7f39234d1549a17c4dd4c07fea64d718778ab7cfa1b1fa2e698991573a363806de5894c375039c9e1d44c8e12014cbb2bd582568ad9d4e18dd3906d4f9da8733bbca307935f4aa4487c53a9575f0eb3983ed9f956bb24bff74e8d813533c1415d12bb6e4502331999eaa5e54fb7707c", 0xed}, {&(0x7f0000000100)="403f2f56ca573f1b87404e7755b497979d82fdced723f77b20885464e9da4d8b362087a65fd372f31ed922343e3b43919ce6f4a7eae5b64d", 0x38}, {&(0x7f0000000540)="26808e11b2c45ce8d4daafcae472e839874379d1e4db9d3b47c6415b707b2483cdf1c9387b85219c3fdb776dd68c5512799bb29f5467c6ef3452a7328406b5d5fe2ebe9381752ea2897e4cacab2354ffe0d6e0", 0x53}], 0x4}, 0x200080d4) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYRES32=r7]) read$FUSE(0xffffffffffffffff, 0x0, 0x0) timerfd_create(0x1, 0x0) timerfd_settime(r1, 0x3, &(0x7f0000000280)={{}, {0x0, 0x3938700}}, 0x0) r10 = openat(r1, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x43, &(0x7f0000000000)=0x84, 0x4) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000000640), 0x0) io_uring_register$IORING_REGISTER_CLONE_BUFFERS(0xffffffffffffffff, 0x1e, &(0x7f0000009c40), 0x1) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="440000000001984a198a2a886524000002000000300002802c00018014000300fc02a417a8a7cfdb199e00000000000114000400ff010000000000000000000000000001"], 0x44}}, 0x0) openat$zero(0xffffff9c, &(0x7f0000000680), 0x513e00, 0x0) geteuid() finit_module(r10, &(0x7f0000000080)='-,\xea-\x00', 0x2) 1m27.305276678s ago: executing program 0 (id=17): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, &(0x7f0000000080)='-(\x00') fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000180)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x1101088, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x8, 0xb4, &(0x7f0000000140)=""/180, 0x41100, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r3 = socket$inet6(0xa, 0x1, 0x0) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x70bd2a, 0x25dfdbfe, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bond0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) sendto$inet6(r3, 0x0, 0x0, 0x20000002, &(0x7f00000001c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) getsockopt$inet6_buf(r3, 0x29, 0x6, 0x0, &(0x7f0000000080)) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) pivot_root(&(0x7f0000000000)='./file0\x00', &(0x7f0000000240)='./file0/../file0/../file0/../file0\x00') r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) 1m25.881126114s ago: executing program 0 (id=20): symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000c80)=[{0x7, 0xfc, 0x0, 0xfffff00c}]}, 0x8) fcntl$dupfd(r0, 0x0, r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) cachestat(r2, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) syz_open_dev$usbfs(&(0x7f0000000100), 0x10, 0x121b01) socket(0x10, 0x3, 0x0) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) ioctl$KVM_IRQ_LINE_STATUS(r5, 0xc008ae67, &(0x7f0000000040)={0x1}) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) openat2(r4, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)={0x80, 0x154, 0x4}, 0x18) sendmsg$nl_xfrm(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=@newae={0x5c, 0x1e, 0x468bbc8229e18b43, 0x0, 0x0, {{@in=@rand_addr=0x64010101, 0x3}, @in=@local}, [@replay_esn_val={0x1c}]}, 0x5c}}, 0x4008004) r8 = syz_pidfd_open(0x0, 0x0) close_range(r8, 0xffffffffffffffff, 0x0) syz_usb_connect(0x0, 0xb, &(0x7f00000010c0)=ANY=[], 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r11, 0x4008ae90, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000000000000100000000000000000000000000000000000000000000004bd9f3"]) ioctl$KVM_SET_MSRS(r11, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x600}]}) 1m25.656240262s ago: executing program 0 (id=21): sched_setscheduler(0x0, 0x2, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) socket$kcm(0x11, 0x3, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix={0x9, 0x1, 0xd7861687b8cfee55, 0x4, 0x7f, 0x2, 0xa, 0x1779, 0x1, 0x0, 0x1, 0x5}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) close(0xffffffffffffffff) openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x8081, 0x0) write$binfmt_elf64(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x1e6) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x6) r3 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000006c0)=ANY=[@ANYBLOB="380000000314010000000000000008000900020073797a310000000008004100736977001400330073797a6b616c6c657230"], 0x38}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x8) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x1b, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, &(0x7f0000000400)={0xd, @win={{}, 0x0, 0x0, 0x0, 0x0, 0x0}}) syz_usb_connect(0x0, 0x34, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000092fb7180b7055152e7b201020301090222094a00000000090400000103e90000090f000000000000000100d77b5d2898"], 0x0) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000980), 0x0, 0x0) ioctl$FBIOBLANK(r4, 0x4611, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) syz_clone(0x68885200, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) 1m25.637103962s ago: executing program 32 (id=21): sched_setscheduler(0x0, 0x2, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) socket$kcm(0x11, 0x3, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix={0x9, 0x1, 0xd7861687b8cfee55, 0x4, 0x7f, 0x2, 0xa, 0x1779, 0x1, 0x0, 0x1, 0x5}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) close(0xffffffffffffffff) openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x8081, 0x0) write$binfmt_elf64(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x1e6) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x6) r3 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000006c0)=ANY=[@ANYBLOB="380000000314010000000000000008000900020073797a310000000008004100736977001400330073797a6b616c6c657230"], 0x38}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x8) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x1b, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, &(0x7f0000000400)={0xd, @win={{}, 0x0, 0x0, 0x0, 0x0, 0x0}}) syz_usb_connect(0x0, 0x34, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000092fb7180b7055152e7b201020301090222094a00000000090400000103e90000090f000000000000000100d77b5d2898"], 0x0) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000980), 0x0, 0x0) ioctl$FBIOBLANK(r4, 0x4611, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) syz_clone(0x68885200, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) 46.569789634s ago: executing program 4 (id=251): r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000280)="5db60719de2896f61f28f02b02f415950dc1a65f366796614839e01494c8bf067c718f6cbb7f8a7284070630888a8a28d06534408875a792f96aab42547b56d0960048097760c589b8c85dcf059609b8698d5667e8261b5d0b627dfa985b36240b0fdc02fc538607388153cef63e5483b8ba496215ebeab9ce12d331d7a7fddb51e2db4acab059ab7ca8fec7df8df0a3766a7c9d13e03247734447cceebf411f8d73d839b3b66c312c3c133fb7b5d0cb67d7f0b8cd90fabc783155e4103c34973f7b0dcaf168ce010d2d2c45cf72455a1d4f8af5bae5d59052548c631972d954a0414dbf", 0xe4, 0x4048080, &(0x7f0000000000)={0x2, 0x4e23, @private=0xa010101}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x5, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000000c0)={@map=r1, 0x5, 0x0, 0xffffff8f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r2 = syz_io_uring_setup(0x4172, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0xfffffffffffffff9, 0x0, 0xffffffffffffff72, 0xc}) io_uring_enter(r2, 0x567, 0x0, 0x0, 0x0, 0x0) syz_io_uring_complete(0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e079c081408"], 0xa) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r5) sendmsg$NL80211_CMD_NEW_INTERFACE(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x3c, r7, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x91}, 0x24044884) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) 46.510420523s ago: executing program 4 (id=252): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@allocspi={0xf4, 0x16, 0x1, 0x0, 0x0, {{{@in6=@mcast1, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0xa0}, {@in6=@ipv4={'\x00', '\xff\xff', @loopback}, 0x0, 0x33}, @in6=@dev={0xfe, 0x80, '\x00', 0x1f}, {0x0, 0x0, 0x0, 0x42, 0x0, 0xfffffffffffffff1, 0x3}, {0x0, 0x0, 0x0, 0x5b}}, 0x4, 0x1a0b1}}, 0xf4}}, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="20010000120013070000000000000000e000000100000000f000000000000000fc00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000072c42572f64a264410b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbc18c8582fc7800000000000000000000000050019000000000028001a"], 0x120}}, 0x0) 46.510248711s ago: executing program 4 (id=253): syz_emit_ethernet(0x7e, &(0x7f0000000200)={@link_local, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0xac1414aa, @rand_addr, {[@lsrr={0x83, 0x3}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@private=0xa010600}, {@private}, {@broadcast}, {@dev}, {@private}, {@dev={0xac, 0x14, 0x14, 0x38}}, {@private=0xb00}]}]}}}}}}}, 0x0) 46.430788242s ago: executing program 4 (id=254): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') socketpair(0x18, 0x0, 0x3, &(0x7f0000000000)={0xffffffffffffffff}) r2 = userfaultfd(0x1) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x488}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r1, &(0x7f0000000580)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0x24, 0x0, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5, 0x5, 0x6}, @ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0xef}]}, 0x24}, 0x1, 0x0, 0x0, 0x2804}, 0x4000000) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r3) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000200)={&(0x7f0000000340)={0xb4, r6, 0x300, 0x70bd27, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x9}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x21f}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1644}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x157}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x20}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xfffffffd}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xa}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x3}], @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x9}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x125}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x23}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xb}], @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x41fe}], @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}]}, 0xb4}, 0x1, 0x0, 0x0, 0x4}, 0x4000) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'hsr0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)=@delchain={0x24, 0x11, 0x1, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {0xffe0, 0x9}, {0x0, 0xc}, {0x4, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x8044}, 0x800) r8 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) pipe2$watch_queue(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r10 = add_key$keyring(&(0x7f0000000300), &(0x7f00000002c0)={'syz', 0x2}, 0x0, 0x0, r8) keyctl$KEYCTL_WATCH_KEY(0x20, r10, r9, 0x45) keyctl$chown(0x4, r10, 0x0, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0x4) syz_clone(0x62000000, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCL_GETKMSGREDIRECT(0xffffffffffffffff, 0x4b66, 0x0) 46.241545278s ago: executing program 4 (id=257): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x59}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x5}) ioctl$USBDEVFS_BULK(0xffffffffffffffff, 0xc0185502, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) close(r0) writev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000440)}], 0x1) syz_io_uring_setup(0x6165, &(0x7f0000000300)={0x0, 0xa00402, 0x10100, 0x0, 0x3}, &(0x7f0000000100), &(0x7f0000000140)) 45.830765881s ago: executing program 4 (id=260): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x59}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x5}) ioctl$USBDEVFS_BULK(0xffffffffffffffff, 0xc0185502, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) close(r0) writev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000440)}], 0x1) syz_io_uring_setup(0x6165, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x0, 0x3}, &(0x7f0000000100), &(0x7f0000000140)) (fail_nth: 21) 45.77760822s ago: executing program 33 (id=260): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x59}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x5}) ioctl$USBDEVFS_BULK(0xffffffffffffffff, 0xc0185502, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) close(r0) writev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000440)}], 0x1) syz_io_uring_setup(0x6165, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x0, 0x3}, &(0x7f0000000100), &(0x7f0000000140)) (fail_nth: 21) 4.220874167s ago: executing program 3 (id=555): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[], 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0) ioctl$I2C_SMBUS(r4, 0x720, &(0x7f0000000000)={0x0, 0x0, 0x3, &(0x7f00000000c0)={0x19, "90f50180e64f61909103f1fbbc2b81c9f144d76e44c70010001fe52829e7cb8393"}}) ioctl$TIOCSETD(r3, 0x5423, 0x0) ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a2, &(0x7f0000000000)='bridge0\x00') syz_emit_ethernet(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 3.290553312s ago: executing program 3 (id=569): socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c00000041fd4b5c5b6b658f0b000000050000000800020001"], 0x1c}}, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) syz_open_dev$hidraw(&(0x7f0000000940), 0x0, 0x0) ioctl$HIDIOCGFEATURE(0xffffffffffffffff, 0x4004480c, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x690a, 0x0, 0x0, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) sendto$inet6(r3, 0x0, 0x0, 0x4c004, &(0x7f0000002880)={0xa, 0x4e22, 0x0, @mcast2}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) getdents(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r6 = socket$tipc(0x1e, 0x5, 0x0) getsockopt$TIPC_DEST_DROPPABLE(r6, 0x10f, 0x81, 0xffffffffffffffff, &(0x7f0000000700)=0x12) sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="e9070000000000000000010000001c0002800c00018008000100030000000c0001800800010001ffff"], 0x30}}, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) mkdir(&(0x7f0000000300)='./file0\x00', 0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000180)={0x0, @in6={{0xa, 0x3, 0x0, @empty}}, 0xfffffffc, 0x3, 0x989, 0x0, 0x84, 0x8000}, 0x9c) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, 0xffffffffffffffff, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) 3.140229563s ago: executing program 2 (id=571): bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000040), 0x8) syz_open_dev$hidraw(&(0x7f0000000280), 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58) socket$inet_tcp(0x2, 0x1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$GIO_SCRNMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000400)=""/220) ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(0xffffffffffffffff, 0xc1004110, &(0x7f0000000300)={0xff, [0x7, 0x5, 0xcd600000], [{0xb8f6, 0x0, 0x0, 0x0, 0x1, 0x1}, {0x8001, 0x4a8817c2, 0x0, 0x0, 0x1, 0x1}, {0x3, 0xa, 0x1, 0x0, 0x0, 0x1}, {0x3ff, 0x3, 0x0, 0x0, 0x0, 0x1}, {0x3ff, 0xb49, 0x0, 0x0, 0x1}, {0x80000000, 0x89, 0x0, 0x1, 0x1}, {0x1, 0x1, 0x1, 0x1, 0x1}, {0x2, 0x9, 0x0, 0x0, 0x1, 0x1}, {0x0, 0xffff7fff, 0x1, 0x0, 0x0, 0x1}, {0x10, 0x401, 0x1, 0x1}, {0x200, 0x8, 0x0, 0x0, 0x0, 0x1}, {0x6, 0x2, 0x1, 0x1}], 0x6}) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7e8dc34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bb44b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334583239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bf4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc508afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd360000000000000000ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0x10, 0x0, &(0x7f00000011c0)="a8478d3d42ab01d3d427e0866cf20770", 0x0, 0xfe, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x4c) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x12, 0x7, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b7020000f53f6314bfa300000000000024020000fffeff7f7a0300fef0ffffff79a400fe00000000b7060000ffffffff2e64050000000000750afaff07cd02020404000000247d60b7030000030a00006a0a00fe0020000c850000003d000000b70000000000002995000000000000001da5ad3548ebb63d18c5071c7e821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdbb126eb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b782ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a6211e52bb3598e9b5d4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75b0100000042127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367c5a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c436432b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c98442406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45576c205c70631e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37deee7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3f7c65c902499227c087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e77a0de32e356521df06f995cb57f97052fc4158250ccecfb67ea8faf509593fadc7eafb613327b052397af1ede94d87590ce90a0a7579766f0e5eb09d38ac46e99e7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c691df736368dde47e6672e93a314c5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c430985749901b09e4902a6f5addc0103756b894418e4591c624a9b206abbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6e0b4212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b7718384eebd5fc19928cea713ff09e179c308fbe9bd64374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1030a79517a88de7596429a20793e12616aa32b3e720c6521fbe93963e9536d16f3db211fca7dd99c0a0125ff8ef534b93dcb34e1da2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c9568471667f82f5e250b979b9f2bd0d1b6bc03d11811ac6eec9a3ecd9e3c3299ee5eb3c6cac8fbd06514b7ee743ece79c04566d02a08fd5fcabbab3d129c0cced3ce11dafa380700000000000000c114d0b423e64c6157fac5e4e2168f33541daeff9983d0e488a78bef538f870b84798272b2101e0abf1cd64500b79e01e11d727389653bd80a39d5bbe2e23d2f5ff10047423429981bd9b4ce680e174c266391e3e7689452654e5cd5ada6e025327a1942b5a068f15fa58eaa267d4e0881783dddbdd777f8be0824ffdf6d06c621880dbbe9534f15e8c2e364d3ec67deb6ab9f2a0f03212972dbd38500000008173553a67be48633103809eee0be51d67d7ce230b389607b4c3b18da1c48f3180f2e0d79e54565fdd9a099b5b5ba2761905b88b7cbfc39c35dd153609da3da263438f12769602c2195245ff83e249119d4f6cabfbdef84ada19ef4a67ed66d7043036515d0be5a231f99e71aba5d5ae04676eff3e85f0844c41bbcfde7a931d1ec55c01f703bfd1b97756bfe55a91f6b379f34a018906339771157c66dbd7471d1beec7f029ef552cf5e92a1a0db21b59355763967ce26a577bc514b6d22a09c385c5ba6caf524e1688fc0f29f8bb35ae7bc8eb5ba51aebdf7d972c3267cedbe77ed70d9c539bc455a6f88b39196c8a224b0acf4d796fea59a07baa34cc270fb096ef330fbebdf872d7d0bc4f9a963355c554abc5cdb91464faabcd09cd9a53f5d1b2ea7e96f428f7cd6735c19c61dc9942d30bf29ef85ed01c2fcd6060aa40eeff971477b4fde48507b7bad95a496540adff7e4a72fd1f94d7c703ab1525c946c54e0da3d7ebfcc8cea2e84c3b310aaea5a1627df898c00a9aaf2d88a36afa4c5b1816384310600001c33125ad7f7970beeb256aec06e39fc6c66544e1d1dc5fea4b68a82e3568ca30aea9a1d097f06f11dc362f4bae5ef57c67686a15855cd351bf26f40fb1348cfce79897682228e6d9643530c81bab27bf7b1c4a76a5be180bb830cf06827c3f38a9c9c580c732c30aaceda78b0297de35a922b1375b129655beb31899e26052cc216f832fdb0a0015f93c9cff77f59cda1ec5f3e358848756cebb074266a47e39ae26e80e8c65aaf73c24925458520a9ca98760d1005c9f81846459ae6d5baa4f02807939ddc29c3520f7c58ed9bc5a569c7a1bc33cf4f330a18276ffb4550b9166c3939e8041094bec034aa0ec6638b74fe34f0f1ec6903a1135808d5d8d26c9203c3f87e66c407b7c5c0888d4558dd657cc0213efad68e76fdd7b23e68064fd4b271ed79c50abacdd2871b0c1f8c971df59a5a1901ddf804bed43e391f882d2a45c51cdbba86b2a1b7c0c4923642a731ea4dcbad2b6ebbebe787a8e28e781d75beee924b3b1e390750f316648133922c021f98fd2d5d71a7a3679397ef6cf432837b7e264831ec01c4c3146ba0caac3b13d55945ec00e978a1c1712cd51187936200606c9cd6877b2f72125295c54721f8e15df2ae282a8becb99a726fd92acc92141e1f574b4b0b3c992a61af3372d0d9217776b1a42cd2cee816a70bf1ddd69b590d53e28ba356e74b38e23e50d898e95cdc7cc809e462c884b53f672aab1411ecfd4c91e7a9782fc6763f0efd4bcbaf1fc3a00000000000000000000000000000000500000000000000000000000048e510340087caf22439d5304bd704a6a78a512269a9b1cbd13bea78c807bbc73853ae187cbb768673e9d1bf74a3b0a6c234accd8506adf314f4c5e08174540b69d3c0da660052b43b86baf49e7ac64d9c21598b1e01dc1e1b5a53626b090496dbf7af441e397016c3c094d5c91ffe0a7ceacfd225ed9a6c905f79ad7052747dd6cceef4c310e0e935311118bc6bf0e5ca6c7cca7d5c03be570308da8a40578b4db14961fbccf6e2f2d56e9509c434126515b56d032e20c12e830d1bc64826fc9b318da5911e466878dbb81edeff69363fb75af5cd80536f14d2eaa7764db23acdbd394bbbbccfd8b129258bb0a93cee1d44f8665172c06933d20f184b78b435462c52a85149451ffd564c56a7cbf11a1127c77242915e43b2bc"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x200000, 0x10, &(0x7f0000000000), 0x143, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 2.950116556s ago: executing program 5 (id=572): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4) socket$nl_netfilter(0x10, 0x3, 0xc) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@local, @in=@multicast2, 0x4e20}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x33}, @in=@broadcast, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000}, {}, {0x0, 0x100000, 0x1}, 0x0, 0x0, 0xa, 0x0, 0x0, 0xb6}}}, 0xf8}, 0x1, 0x0, 0x0, 0x14}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@mcast1, @in6=@mcast1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x33}, @in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x29}}, {0x5, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x5}, {0x4, 0x0, 0x2}, {}, 0x0, 0x0, 0xa, 0x0, 0x0, 0x7ee643bd1282d893}}}, 0xf8}}, 0x0) listen(r0, 0x9) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmmsg(r2, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)={0x28, r4, 0x9, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1d}]}]}, 0x28}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r6, @ANYBLOB="010000000000fbdbdf250100000008000200000000000500050000000000080003000100000048000180050002002000000006000100020000000800060003000000080003"], 0x84}}, 0x20000000) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)={0x14, r6, 0x1, 0x70bd2c, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x800) socket$inet_udp(0x2, 0x2, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r7, 0x0) 2.861002915s ago: executing program 5 (id=573): bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x19, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000061121c000000000095"], &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000040)={0x2}) r1 = syz_io_uring_setup(0x3430, &(0x7f0000000100)={0x0, 0x4291, 0x10100, 0x0, 0x4002014d}, &(0x7f0000001240)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x567, 0x0, 0x0, 0x0, 0x0) 2.740288979s ago: executing program 5 (id=574): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x6, [@union={0xb, 0x3, 0x0, 0x5, 0x0, 0x68, [{0x4, 0x2, 0x2}, {0xf, 0x5, 0x8}, {0x7, 0x3}]}]}, {0x0, [0x2e, 0x61, 0x30, 0x2e]}}, &(0x7f0000000400)=""/199, 0x4e, 0xc7, 0x0, 0x1000, 0x0, @void, @value}, 0x28) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000002780)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32=r4, @ANYBLOB="00000000042800000c002b80080002"], 0x34}, 0x1, 0x0, 0x0, 0xc080}, 0x0) ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000140)={"9fcaa0504b38d5004b9277c079417ff857dc9b7ac770169aed764b4d2ada8bde"}) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x80202, 0x0) write$binfmt_aout(r7, &(0x7f0000000340)=ANY=[], 0xff2e) ioctl$TCXONC(r7, 0x540a, 0x0) ioctl$TCXONC(r7, 0x540a, 0x2) ioctl$TCXONC(r7, 0x540a, 0x3) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000100)) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x1, 0x9, 0x100, 0x400c0, 0xffffffffffffffff, 0x5, '\x00', r1, r2, 0x0, 0x4, 0x3, 0x8, @void, @value, @void, @value}, 0x50) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r8, 0x4008ae6a, &(0x7f0000000540)=ANY=[@ANYBLOB="0100000000000000050000000200a3dc010000000000000059f700001d00000000000000000000000700000000000000010000007f000000"]) r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r10 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r10, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x1c) r11 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, r10, &(0x7f00000000c0)={0x60000005}) sendto$inet6(r10, &(0x7f00000002c0)="9e", 0x1a000, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r12 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r12, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e80000006c00010029bd7000fcdbdf2500000000", @ANYRES32, @ANYBLOB="001000008000000008000f002000000014003500726f7365300000000000000000000000a40034801400350070696d367265673000000020000000001400350076657468305f6d614176746170000000140035006d61637674617030020000000000000014003500677265300000000000000000000000001400350076657468305f746f5f626174616476001400350001657468315f6d6163767461700000001400350067726530000000000000000000000000140035006261746164765f736c6176655f31000008000f"], 0xe8}}, 0x0) r13 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000900)={0x0, 0x0, 0x1, r13, 0x1}) socket(0x40000000015, 0x5, 0x0) 2.637846952s ago: executing program 3 (id=575): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000040)={0x80, 0xa0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x10, 0x8, 0x20}, {}, {}, {}, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x80030000, 0x0, 0x0, 0x0, 0x2}) 2.637432189s ago: executing program 3 (id=576): madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x17) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x18}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0xffffff14, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000010008105e9c51c000000000000000000", @ANYRES32=r3, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c0002000c0000000d00000008000500", @ANYRES64=r1], 0x50}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="2c0000001000030400"/20, @ANYRES32=r3, @ANYBLOB="a5fdad88000000000a000100"], 0x2c}}, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000180)={0xaa, 0x7ac}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffb000/0x3000)=nil, 0x3000}, 0x3}) ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, &(0x7f0000000040)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x15) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r4, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) 2.568633869s ago: executing program 3 (id=577): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000200)={0xffff, 0x0, 0x0, 0x800a, 0x0, "5f7300fbffffff00"}) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f00000006c0)=0x16) openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) (async, rerun: 32) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x10, &(0x7f0000000ac0)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) (rerun: 32) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3, 0x8b}, 0x0) (async, rerun: 32) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) (async, rerun: 32) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) (async) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) open(&(0x7f0000000300)='./file0\x00', 0x600000, 0x2) (async) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x76) (async) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) (async) syz_emit_ethernet(0xdb, &(0x7f0000000680)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa8000000000000000f53a0400a13a00fe8000000000000000000002000000000000000000000000000102009078000005006050835900000000fc010000000000000000000000000000ff0000000000000000000000000000003a010000000000000708000000000000000000000000000077efe604d60ae419ba09bd362155e4bd0dabd73a98b2b72d51fc035fcb30abc6a0d7983a6cff4de785b33036d38010237e727f2954d9a558388898288478b2b5adc9393550c2ba59d321f1fa8caff0fe67ad26eff5d035c919"], 0x0) (async) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs2/binder1\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0xb, 0x3}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008000400699b000008001b"], 0x30}}, 0x0) (async, rerun: 32) mount(0x0, &(0x7f0000004580)='./file0\x00', &(0x7f0000000240)='ramfs\x00', 0x10c000, 0x0) (async, rerun: 32) chdir(&(0x7f0000000280)='./file0\x00') 2.320514343s ago: executing program 1 (id=579): r0 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x20) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001900)=@bridge_delneigh={0x1c, 0x1e, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x62}}, 0x1c}}, 0x0) connect$l2tp6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3b}}}, 0x20) connect$l2tp6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x20) mq_open(&(0x7f0000000000)='\\,\x00', 0x4a1483037702dbc5, 0x0, 0x0) 2.319490511s ago: executing program 1 (id=580): mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) munlockall() r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000038c0), 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x42, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11641e7a, 0x20000000, 0x2, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x20, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x647b}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_generic(0x11, 0x3, 0x10) syz_io_uring_setup(0x117, 0x0, &(0x7f0000000000), 0x0) setuid(0x0) socket$alg(0x26, 0x5, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r4 = inotify_init1(0x0) inotify_add_watch(r4, &(0x7f0000000200)='./bus\x00', 0x6000000b) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}]}) r5 = syz_io_uring_setup(0x3678, &(0x7f0000000080)={0x0, 0x1ffffd, 0x10100, 0x40000000, 0x1d3}, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r5, 0xa3d, 0x0, 0x0, 0x0, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0xaf02, 0x0) openat$mice(0xffffff9c, &(0x7f0000000000), 0x10000) 2.294031545s ago: executing program 5 (id=581): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @sliced={0x0, [0x2, 0x80, 0x0, 0x7ff, 0x1951, 0x51d5, 0x7ff, 0x60f4, 0x100, 0x7, 0x8, 0x404, 0x1006, 0x5, 0xfffa, 0x0, 0x1, 0x7, 0x4, 0x71, 0x6, 0x9, 0x7, 0x7fff, 0xfffa, 0x5, 0x5, 0x8000, 0x40, 0xfd7d, 0x80, 0x3b, 0x401, 0xe, 0x7, 0xa, 0xfb, 0x5, 0x7, 0x0, 0x1, 0x9, 0x6, 0x7, 0x10, 0x0, 0x1, 0x5], 0x80000000}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0x400004) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x14}, 0x14}}, 0x0) getsockname$packet(r5, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600000000000007ff00000000", @ANYRES32=r6, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x3c}}, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x1, 0x803, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001900)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0xffe}]}}}, @IFLA_LINK={0x8, 0x5, r9}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x4c}}, 0x8000) userfaultfd(0x80001) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000002c0)={0x0, 0x1, 0x0, &(0x7f0000000600)=""/42, 0x0, 0xffff1000}) 2.236756527s ago: executing program 3 (id=582): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@getchain={0x64, 0x66, 0x100, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffec, 0x7}, {0xffff, 0xb}}, [{0x8, 0xb, 0xfffffff8}, {0x8, 0xb, 0x3}, {0x8, 0xb, 0x3}, {0x8, 0xb, 0xffff1eca}, {0x8, 0xb, 0x41}, {0x13, 0xb, 0xff}, {0x8, 0xb, 0xffff33f2}, {0x8, 0xb, 0x40000005}]}, 0x64}}, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) splice(r0, &(0x7f0000000240)=0x315, r0, &(0x7f0000000300)=0x7, 0xf, 0x4) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x0, &(0x7f0000000200)=0x80007) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) clock_gettime(0xfffffffffffffff1, &(0x7f0000000000)) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x1b, &(0x7f0000000280)=0x1e51, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r3}, 0x10) r4 = userfaultfd(0x0) syz_usb_connect(0x3, 0x2d, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000124d5240e316e9f958000000000109021b00010000000009047800018fa68d0009058a", @ANYRES32=r4], 0x0) syz_open_dev$evdev(&(0x7f0000000000), 0x40, 0x1e7780) r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) prctl$PR_GET_SPECULATION_CTRL(0x35, 0x0, 0x10) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00') preadv(r6, &(0x7f0000000340)=[{&(0x7f0000000080)=""/122, 0x7a}], 0x1, 0x0, 0x0) clock_adjtime(0x0, &(0x7f0000000000)={0x2, 0x200000000, 0x3, 0x4, 0x7ff, 0x9f, 0x4000000, 0x0, 0x5, 0x4, 0xfffffffffffffffe, 0x248a, 0x1, 0x2, 0x0, 0x0, 0x7fff, 0x503, 0x800000000000004, 0x0, 0x3, 0x9, 0x9, 0x8}) ioctl$USBDEVFS_REAPURB(r5, 0x4004550c, &(0x7f0000002680)) chdir(&(0x7f0000000700)='./file1\x00') openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) 1.320511506s ago: executing program 2 (id=583): syz_emit_ethernet(0x1f1, &(0x7f0000000000)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @dccp_packet={0x7, 0x6, "e563b1", 0x1bb, 0x21, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast2, {[@srh={0x29, 0x2, 0x4, 0x1, 0x2, 0x20, 0xffff, [@remote]}, @fragment={0x2e, 0x0, 0xa, 0x0, 0x0, 0x2, 0x67}, @srh={0x32, 0x6, 0x4, 0x3, 0x8, 0x40, 0x81, [@initdev={0xfe, 0x88, '\x00', 0x9, 0x0}, @dev={0xfe, 0x80, '\x00', 0xb}, @loopback]}, @routing={0x9b, 0x4, 0x0, 0x5, 0x0, [@dev={0xfe, 0x80, '\x00', 0x40}, @private1]}, @routing={0x3c, 0xa, 0x0, 0x2, 0x0, [@private1, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private1, @mcast1]}, @srh={0x0, 0xe, 0x4, 0x7, 0x6, 0x10, 0x6, [@local, @private1, @private2={0xfc, 0x2, '\x00', 0x1}, @loopback, @mcast1, @dev={0xfe, 0x80, '\x00', 0x32}, @private0={0xfc, 0x0, '\x00', 0x1}]}], {{0x4e21, 0x4e21, 0x4, 0x1, 0x2, 0x0, 0x0, 0xa, 0x1, "77d714", 0x1, "d480a8"}, "4b249a11555af8070b07ae04018a218f7c3f86191b75b746ab5b8bde8b986e844a4eee23e2ee55957e10309fa3f53d91aa2bc4e3e220230766dc132bcc65b4b38667289aa65af616dbc4aa440280382cce599274986e2f6ee91886"}}}}}}, 0x0) 1.320128154s ago: executing program 1 (id=584): io_setup(0x8, &(0x7f0000000600)=0x0) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f00000002c0)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r3, 0x301, 0x0, 0x0, {0x2b}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x1c}}, 0x0) io_submit(r0, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x4, 0x0, 0x1, 0x0, r1, &(0x7f00000000c0)="01", 0x24}]) 1.089579654s ago: executing program 1 (id=585): syz_emit_ethernet(0xfdef, &(0x7f0000000880)={@link_local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "010448", 0x20, 0x3a, 0xff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, {[], @ndisc_na={0x88, 0x0, 0x0, 0x0, '\x00', @remote, [{0x2, 0x1, "36dad83aea8d"}]}}}}}}, 0x0) (fail_nth: 19) 1.087864768s ago: executing program 2 (id=586): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x4, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x9, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x759}}}]}, {0x4}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) sched_setscheduler(r1, 0x0, &(0x7f0000000200)=0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000bc00000018010000696c090000000000000020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000010700000000000000f9000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xfed7) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000002000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r6}, 0x10) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r7}, 0x10) quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0) llistxattr(0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[], 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0) 1.02017539s ago: executing program 1 (id=587): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x3, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) syz_emit_vhci(&(0x7f0000000200)=ANY=[@ANYBLOB="043e0b06c900"], 0xe) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0) socket(0x200000000000011, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000140), 0x2, 0x141101) r2 = dup(r1) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x0, 0x2, 0x1}) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r4 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r4, 0x2ced, 0x4000, 0x8, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mknodat$null(0xffffffffffffff9c, 0x0, 0x0, 0x103) mkdir(&(0x7f0000000180)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000001180)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') open$dir(&(0x7f0000000000)='./file1\x00', 0x5c1, 0x0) lchown(&(0x7f0000000080)='./file1\x00', 0xee01, 0xffffffffffffffff) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x2000, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_GUEST_MEMFD(r9, 0xc040aed4, &(0x7f0000000000)={0xfffffffffffffff3, 0x1}) quotactl_fd$Q_SETQUOTA(r7, 0xffffffff80000900, 0xee01, 0x0) name_to_handle_at(0xffffffffffffff9c, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1400000052000000000000000000000000000000000000000000000075b0e87843c04c7689f4d120d3b61cb83720bf8ff1dee5460e77e8d47a7524fe3907cf1155cd846806e5895447a57a92919b02e726bdffc5ce552798217cdbc26efa669aacc784076d04e300aa9f9a900024c74820b68d034697a2e4cc8fc7540defe7b12d22ce6afdb41efc02d7ec13c4"], &(0x7f0000002300), 0x0) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2}}, 0x2e) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) 735.189161ms ago: executing program 5 (id=588): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) dup(0xffffffffffffffff) syz_io_uring_submit(0x0, 0x0, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) ioperm(0x0, 0x40, 0x80) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x2) syz_clone(0x0, 0x0, 0x700, 0x0, 0x0, 0x0) 610.562708ms ago: executing program 1 (id=589): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4) socket$netlink(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000480)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x7, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000340)=[{0x0, 0x3, 0x6, 0x5}, {0x5, 0x5, 0x3, 0x9}], 0x10, 0x36, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) ioctl$LOOP_SET_CAPACITY(0xffffffffffffffff, 0x4c07) syz_init_net_socket$rose(0xb, 0x5, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) r7 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r6, @ANYBLOB="00000000f00000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2c00000010004b0400000000000000007a000000", @ANYRES32=r6, @ANYBLOB="00000000000000000a000100aaaaaaaaaa000000e2f24b9d8bad991709"], 0x2c}}, 0x0) 148.345406ms ago: executing program 2 (id=590): r0 = socket$inet6(0xa, 0x3, 0x1) getsockopt$inet6_int(r0, 0x29, 0x4b, 0x0, &(0x7f0000000040)) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="280000005bc00362606e35576e0be16b3258280b", @ANYRES32=0x0, @ANYBLOB="cdffaa880000000008000d0003000000"], 0x28}}, 0x0) 96.672593ms ago: executing program 2 (id=591): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4) socket$nl_netfilter(0x10, 0x3, 0xc) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@local, @in=@multicast2, 0x4e20}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x33}, @in=@broadcast, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000}, {}, {0x0, 0x100000, 0x1}, 0x0, 0x0, 0xa, 0x0, 0x0, 0xb6}}}, 0xf8}, 0x1, 0x0, 0x0, 0x14}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@mcast1, @in6=@mcast1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x33}, @in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x29}}, {0x5, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x5}, {0x4, 0x0, 0x2}, {}, 0x0, 0x0, 0xa, 0x0, 0x0, 0x7ee643bd1282d893}}}, 0xf8}}, 0x0) listen(r0, 0x9) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmmsg(r2, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)={0x28, r4, 0x9, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1d}]}]}, 0x28}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r6, @ANYBLOB="010000000000fbdbdf250100000008000200000000000500050000000000080003000100000048000180050002002000000006000100020000000800060003000000080003"], 0x84}}, 0x20000000) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)={0x14, r6, 0x1, 0x70bd2c, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x800) socket$inet_udp(0x2, 0x2, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r7, 0x0) 94.34155ms ago: executing program 5 (id=592): syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @sliced={0x9, [0xd2, 0x7, 0xe7, 0xe, 0x3, 0x8, 0x1, 0x8, 0x9, 0x2, 0xfff5, 0x3, 0x1000, 0x8, 0xd, 0x0, 0x8186, 0x3, 0x403, 0xfff, 0x2, 0x3, 0x1, 0x8bb8, 0x1, 0xfff, 0x8, 0x1, 0x8cc4, 0x7fff, 0x208, 0x6, 0x5, 0x51, 0x3, 0x4, 0x4, 0x9, 0x401, 0x5, 0x5, 0x3, 0x5, 0x2, 0xfff8, 0x9, 0x2, 0x1]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) mount(0x0, 0x0, 0x0, 0x1000, 0x0) io_uring_enter(0xffffffffffffffff, 0x8aa, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x6, {0x1, 0x8000000000000001}, 0x54}, 0x1) kexec_load(0x0, 0x1, &(0x7f00000012c0)=[{0x0, 0x0, 0x80000000, 0x1000000}], 0x160000) mq_open(&(0x7f00005a1ffb)='e\xeeQ\x92o', 0x42, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d40)=@newtaction={0x228, 0x30, 0x1, 0x0, 0x0, {}, [{0x140, 0x1, [@m_ctinfo={0xf4, 0xc, 0x0, 0x0, {{0xb}, {0x54, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18, 0x3, {0x368d, 0x6, 0x2, 0x5, 0x1}}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x8}, @TCA_CTINFO_ZONE={0x6, 0x4, 0xc}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0xe}, @TCA_CTINFO_ACT={0x18, 0x3, {0x8, 0x100, 0x4, 0x5, 0x6}}, @TCA_CTINFO_ZONE={0x6, 0x4, 0xe}]}, {0x78, 0x6, "9e30a6e1422b2570699cd5bc15dd954971a3d2093eccb743e58dfecdc5904a22339a1f4cdec6fc413701cf80b30118b8708d097ad112d01fffacbb266a3eeb39fdcfd35632b6ea4130432e666cc1d968f4bbc9dad49339b3966aa0dfacfb3275af84fc60f5e6b492ac123f0d49f25989be54a904"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}, {0xd4, 0x1, [@m_nat={0xd0, 0x18, 0x0, 0x0, {{0x8}, {0x7c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x1, 0xdfc, 0x20000002, 0x1, 0x101}, @rand_addr=0x64010100, @multicast1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xc94, 0xb, 0x1, 0x401, 0x1000}, @multicast2, @multicast2}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x3, 0x3, 0x7, 0x1}, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, 0xffff00}}]}, {0x30, 0x6, "2d13d8e5a081a23b76718c18bd233c05c33623db1eda82076c041fae5f1729a3d01a36ac73fb474dca80f172"}, {0xc}, {0xc, 0x8, {0x3, 0x2}}}}]}]}, 0x228}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_emit_ethernet(0x7f, &(0x7f0000000300)=ANY=[@ANYBLOB="ffffffffffff00230000000086dd60f2a40000492f00fe880000000000000000310000000001fe8000000000000000000000000000aa342088be0005000054812cbd3b00000800000086dd430588be00000000100000000100000000000000080022eb00000000200000000200000000000000000000000800655800"], 0x0) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) 0s ago: executing program 2 (id=593): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x89a1, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe0000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000001c0)="66b8f9008ed80f20e035000002000f22e00f068e8e800000c00f32350020000064650fc79b1cbc00000fc77724f34c0f2c4ac7440fc7740081b90c0b0000f6ba0d00004040000000000f300f01f8", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000808000000000000000000850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000002c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_stats}) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) read$FUSE(r5, &(0x7f0000003980)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_ATTR(r5, &(0x7f0000000240)={0x78, 0x0, r6, {0x2000000007, 0x0, 0x0, {0x0, 0x0, 0x55, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xa000}}}, 0x78) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'macvlan1\x00'}) r7 = getpid() prctl$PR_SCHED_CORE(0x3e, 0x1, r7, 0x0, 0x0) r8 = dup(0xffffffffffffffff) write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c) bind$inet(0xffffffffffffffff, 0x0, 0x0) getpid() r9 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r9, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r10 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r10, 0x112, 0xa, &(0x7f0000000cc0)=0x3, 0x4) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r9, 0x0) r11 = socket(0x40000000015, 0x5, 0x0) setsockopt$sock_int(r11, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) kernel console output (not intermixed with test programs): ridge_slave_0: entered allmulticast mode [ 36.421871][ T5945] bridge_slave_0: entered promiscuous mode [ 36.425873][ T5945] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.427771][ T5945] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.430274][ T5945] bridge_slave_1: entered allmulticast mode [ 36.433109][ T5945] bridge_slave_1: entered promiscuous mode [ 36.470938][ T5945] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.476113][ T5934] chnl_net:caif_netlink_parms(): no params data found [ 36.485343][ T5945] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.510260][ T5933] chnl_net:caif_netlink_parms(): no params data found [ 36.561503][ T5945] team0: Port device team_slave_0 added [ 36.595787][ T5945] team0: Port device team_slave_1 added [ 36.597555][ T5935] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.599877][ T5935] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.602356][ T5935] bridge_slave_0: entered allmulticast mode [ 36.604455][ T5935] bridge_slave_0: entered promiscuous mode [ 36.613725][ T5934] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.615600][ T5934] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.618006][ T5934] bridge_slave_0: entered allmulticast mode [ 36.620447][ T5934] bridge_slave_0: entered promiscuous mode [ 36.654005][ T5935] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.656221][ T5935] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.658154][ T5935] bridge_slave_1: entered allmulticast mode [ 36.660286][ T5935] bridge_slave_1: entered promiscuous mode [ 36.669375][ T5934] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.671218][ T5934] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.673080][ T5934] bridge_slave_1: entered allmulticast mode [ 36.675035][ T5934] bridge_slave_1: entered promiscuous mode [ 36.693225][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.695517][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.704198][ T5945] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.709451][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.711269][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.718441][ T5945] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.729769][ T5935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.748442][ T5933] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.750313][ T5933] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.752167][ T5933] bridge_slave_0: entered allmulticast mode [ 36.754409][ T5933] bridge_slave_0: entered promiscuous mode [ 36.756900][ T5933] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.758776][ T5933] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.760691][ T5933] bridge_slave_1: entered allmulticast mode [ 36.762627][ T5933] bridge_slave_1: entered promiscuous mode [ 36.767505][ T5935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.770738][ T5934] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.784366][ T5934] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.832574][ T5935] team0: Port device team_slave_0 added [ 36.835432][ T5933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.856829][ T5935] team0: Port device team_slave_1 added [ 36.859827][ T5933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.864777][ T5945] hsr_slave_0: entered promiscuous mode [ 36.867279][ T5945] hsr_slave_1: entered promiscuous mode [ 36.870905][ T5934] team0: Port device team_slave_0 added [ 36.896790][ T5934] team0: Port device team_slave_1 added [ 36.906360][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.908781][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.917169][ T5935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.923481][ T5933] team0: Port device team_slave_0 added [ 36.932397][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.934218][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.941430][ T5935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.956731][ T5933] team0: Port device team_slave_1 added [ 36.971736][ T5934] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.974070][ T5934] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.981003][ T5934] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.006269][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.008689][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.017408][ T5933] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.022276][ T5934] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.024090][ T5934] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.031309][ T5934] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.045040][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.047093][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.055522][ T5933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.128587][ T5935] hsr_slave_0: entered promiscuous mode [ 37.130482][ T5935] hsr_slave_1: entered promiscuous mode [ 37.132299][ T5935] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 37.134345][ T5935] Cannot create hsr debugfs directory [ 37.139312][ T5934] hsr_slave_0: entered promiscuous mode [ 37.141758][ T5934] hsr_slave_1: entered promiscuous mode [ 37.143501][ T5934] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 37.145354][ T5934] Cannot create hsr debugfs directory [ 37.149753][ T5933] hsr_slave_0: entered promiscuous mode [ 37.152229][ T5933] hsr_slave_1: entered promiscuous mode [ 37.154620][ T5933] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 37.158120][ T5933] Cannot create hsr debugfs directory [ 37.285730][ T5945] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 37.311243][ T5945] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 37.338456][ T5945] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 37.382511][ T5945] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 37.411876][ T5933] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 37.419349][ T5933] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 37.423731][ T5933] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 37.436458][ T5933] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 37.458166][ T5934] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 37.466680][ T5934] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 37.470915][ T5934] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 37.479929][ T5934] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 37.506938][ T5935] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 37.510174][ T5935] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 37.517332][ T5935] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 37.522076][ T5935] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 37.543836][ T5945] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.566951][ T5933] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.577507][ T5933] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.582091][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.584036][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.588558][ T5945] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.597612][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.599462][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.603860][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.605704][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.609727][ T72] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.611560][ T72] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.637881][ T5934] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.655759][ T5934] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.668339][ T72] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.670228][ T72] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.673065][ T72] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.674905][ T72] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.680656][ T5935] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.691982][ T5935] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.698979][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.700824][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.713836][ T5945] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.717593][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.720141][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.746574][ T5945] veth0_vlan: entered promiscuous mode [ 37.751040][ T5945] veth1_vlan: entered promiscuous mode [ 37.762938][ T5945] veth0_macvtap: entered promiscuous mode [ 37.769412][ T5933] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.774972][ T5945] veth1_macvtap: entered promiscuous mode [ 37.791153][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 37.797809][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 37.800931][ T5934] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.804780][ T5945] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.807772][ T5945] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.810078][ T5945] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.812292][ T5945] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.820594][ T5935] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.832038][ T5933] veth0_vlan: entered promiscuous mode [ 37.846621][ T5933] veth1_vlan: entered promiscuous mode [ 37.871226][ T220] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.872143][ T5935] veth0_vlan: entered promiscuous mode [ 37.873230][ T220] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.879964][ T5934] veth0_vlan: entered promiscuous mode [ 37.892848][ T1145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.894692][ T5933] veth0_macvtap: entered promiscuous mode [ 37.894860][ T1145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.899691][ T5935] veth1_vlan: entered promiscuous mode [ 37.902205][ T5933] veth1_macvtap: entered promiscuous mode [ 37.906307][ T5934] veth1_vlan: entered promiscuous mode [ 37.914656][ T5933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 37.918730][ T5933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.921976][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 37.925990][ T5933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 37.928596][ T5933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.931605][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 37.933279][ T5945] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 37.939496][ T5933] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.941736][ T5933] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.943887][ T5933] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.946077][ T5933] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.952441][ T5934] veth0_macvtap: entered promiscuous mode [ 37.960633][ T5935] veth0_macvtap: entered promiscuous mode [ 37.969129][ T5934] veth1_macvtap: entered promiscuous mode [ 37.972227][ T5935] veth1_macvtap: entered promiscuous mode [ 37.982625][ T5934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 37.985350][ T5934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.988114][ T5934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 37.990794][ T5934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.993860][ T5934] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.021836][ T5934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.024900][ T5934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.028554][ T5934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.031387][ T5934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.034637][ T5934] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.037986][ T5935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.041637][ T5935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.045053][ T5935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.048150][ T5935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.050767][ T5935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.053581][ T5935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.056810][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.070335][ T5934] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.076058][ T5934] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.076088][ T5934] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.076102][ T5934] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.078084][ T5935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.078113][ T5935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.078122][ T5935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.078134][ T5935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.078143][ T5935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.078155][ T5935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.078856][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.090989][ T5935] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.091020][ T5935] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.091045][ T5935] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.091070][ T5935] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.099054][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.099064][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.119471][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.119487][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.167256][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 38.186789][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 38.220232][ T5949] Bluetooth: hci2: command tx timeout [ 38.220248][ T64] Bluetooth: hci1: command tx timeout [ 38.226462][ T64] Bluetooth: hci3: command tx timeout [ 38.296175][ T64] Bluetooth: hci0: command tx timeout [ 38.612506][ T6044] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 38.746195][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 40.376109][ T64] Bluetooth: hci0: command tx timeout [ 40.586100][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 40.706935][ T1145] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.771922][ T5949] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 40.772094][ T6070] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10'. [ 40.775162][ T5949] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 40.779231][ T6070] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 40.780159][ T5949] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 40.784228][ T5949] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 40.786717][ T5949] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 40.789046][ T5949] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 40.856096][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 40.887072][ T5949] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 40.890432][ T5949] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 40.894725][ T5949] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 40.898048][ T5949] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 40.900218][ T5949] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 40.902205][ T5949] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 40.926070][ T6073] chnl_net:caif_netlink_parms(): no params data found [ 40.966066][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 41.043571][ T6073] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.045614][ T6073] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.048053][ T6073] bridge_slave_0: entered allmulticast mode [ 41.049999][ T6073] bridge_slave_0: entered promiscuous mode [ 41.053092][ T6073] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.054966][ T6073] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.058234][ T6073] bridge_slave_1: entered allmulticast mode [ 41.061268][ T6073] bridge_slave_1: entered promiscuous mode [ 41.085782][ T6073] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 41.090472][ T6073] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 41.127039][ T6073] team0: Port device team_slave_0 added [ 41.131950][ T6073] team0: Port device team_slave_1 added [ 41.179276][ T6073] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 41.181297][ T6073] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 41.186798][ T64] Bluetooth: hci3: command tx timeout [ 41.188379][ T6073] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 41.194085][ T6073] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 41.196101][ T6073] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 41.199513][ T6093] Bluetooth: MGMT ver 1.23 [ 41.202663][ T6073] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 41.223327][ T6081] chnl_net:caif_netlink_parms(): no params data found [ 41.281548][ T6073] hsr_slave_0: entered promiscuous mode [ 41.285173][ T6073] hsr_slave_1: entered promiscuous mode [ 41.289879][ T6073] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 41.292659][ T6073] Cannot create hsr debugfs directory [ 41.338890][ T6081] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.340823][ T6081] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.342736][ T6081] bridge_slave_0: entered allmulticast mode [ 41.344677][ T6081] bridge_slave_0: entered promiscuous mode [ 41.354724][ T6081] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.357004][ T6081] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.358943][ T6081] bridge_slave_1: entered allmulticast mode [ 41.360967][ T6081] bridge_slave_1: entered promiscuous mode [ 41.393191][ T6081] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 41.397747][ T6081] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 41.432649][ T6081] team0: Port device team_slave_0 added [ 41.440534][ T6081] team0: Port device team_slave_1 added [ 41.524246][ T6081] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 41.526155][ T6081] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 41.534347][ T6081] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 41.538921][ T6081] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 41.540752][ T6081] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 41.547564][ T6081] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 41.570609][ T6081] hsr_slave_0: entered promiscuous mode [ 41.573382][ T6081] hsr_slave_1: entered promiscuous mode [ 41.575184][ T6081] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 41.578286][ T6081] Cannot create hsr debugfs directory [ 41.758076][ T6103] loop6: detected capacity change from 0 to 524287999 [ 41.769638][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 41.772613][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 41.776550][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 41.778970][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 41.781547][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 41.783987][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 41.787260][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 41.789634][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 41.792798][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 41.795270][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 41.797664][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 41.800088][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 41.802491][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 41.804634][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 41.807059][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 41.809396][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 41.811506][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 41.814002][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 41.816130][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 41.816129][ T6103] ldm_validate_partition_table(): Disk read failed. [ 41.822174][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 41.825338][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 41.828756][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 41.832048][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 41.836691][ T6103] Dev loop6: unable to read RDB block 0 [ 41.839212][ T6103] loop6: unable to read partition table [ 41.840966][ T6103] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 42.456172][ T64] Bluetooth: hci0: command tx timeout [ 42.476065][ T6106] xt_TPROXY: Can be used only with -p tcp or -p udp [ 42.504374][ T1145] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.559560][ T1145] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.654487][ T1145] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.766175][ T1145] bridge_slave_1: left allmulticast mode [ 42.768048][ T1145] bridge_slave_1: left promiscuous mode [ 42.770663][ T1145] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.782139][ T1145] bridge_slave_0: left allmulticast mode [ 42.783636][ T1145] bridge_slave_0: left promiscuous mode [ 42.785268][ T1145] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.841317][ T6115] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 42.866019][ T64] Bluetooth: hci1: command tx timeout [ 42.881377][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 42.946035][ T64] Bluetooth: hci2: command tx timeout [ 43.064910][ T1145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 43.069680][ T1145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 43.077547][ T1145] bond0 (unregistering): Released all slaves [ 43.268253][ T64] Bluetooth: hci3: command tx timeout [ 43.396793][ T1145] hsr_slave_0: left promiscuous mode [ 43.398851][ T1145] hsr_slave_1: left promiscuous mode [ 43.400683][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 43.402826][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 43.405334][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 43.408566][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 43.427212][ T1145] veth1_macvtap: left promiscuous mode [ 43.428808][ T1145] veth0_macvtap: left promiscuous mode [ 43.430316][ T1145] veth1_vlan: left promiscuous mode [ 43.431799][ T1145] veth0_vlan: left promiscuous mode [ 43.566758][ T6142] netlink: 24 bytes leftover after parsing attributes in process `syz.3.18'. [ 43.864748][ T1145] team0 (unregistering): Port device team_slave_1 removed [ 43.909966][ T1145] team0 (unregistering): Port device team_slave_0 removed [ 44.224905][ T6137] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 44.233806][ T6137] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 44.281714][ T6073] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 44.412039][ T6073] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 44.417735][ T6073] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 44.445874][ T6081] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.450680][ T6073] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 44.498242][ T6073] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.518733][ T6073] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.524952][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.527093][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.536105][ T64] Bluetooth: hci0: command tx timeout [ 44.536206][ T72] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.539413][ T72] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.565289][ T6081] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.634853][ T6073] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 44.650148][ T6073] veth0_vlan: entered promiscuous mode [ 44.653839][ T6073] veth1_vlan: entered promiscuous mode [ 44.663854][ T6073] veth0_macvtap: entered promiscuous mode [ 44.667048][ T6073] veth1_macvtap: entered promiscuous mode [ 44.673082][ T6073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 44.675732][ T6073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.678968][ T6073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 44.681648][ T6073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.684144][ T6073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 44.687060][ T6073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.690604][ T6073] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 44.694326][ T6073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 44.697843][ T6073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.700349][ T6073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 44.703003][ T6073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.705565][ T6073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 44.708326][ T6073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.711276][ T6073] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 44.714868][ T6073] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.717170][ T6073] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.719398][ T6073] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.721619][ T6073] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.758946][ T6081] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.769869][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.771916][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.780641][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.783151][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.885031][ T5949] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 44.889282][ T5949] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 44.894825][ T5949] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 44.897639][ T6081] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.901933][ T5949] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 44.904122][ T5949] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 44.906607][ T5949] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 44.935998][ T64] Bluetooth: hci1: command tx timeout [ 44.962001][ T1145] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.002231][ T6165] chnl_net:caif_netlink_parms(): no params data found [ 45.016022][ T64] Bluetooth: hci2: command tx timeout [ 45.074044][ T1145] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.085813][ T6165] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.087888][ T6165] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.089735][ T6165] bridge_slave_0: entered allmulticast mode [ 45.091666][ T6165] bridge_slave_0: entered promiscuous mode [ 45.093731][ T6081] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 45.098021][ T6081] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 45.106831][ T6081] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 45.115033][ T6165] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.116963][ T6165] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.119083][ T6165] bridge_slave_1: entered allmulticast mode [ 45.121045][ T6165] bridge_slave_1: entered promiscuous mode [ 45.141933][ T6081] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 45.161010][ T1145] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.167977][ T6165] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.175019][ T6165] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.209772][ T6174] netlink: 'syz.3.24': attribute type 1 has an invalid length. [ 45.231343][ T6165] team0: Port device team_slave_0 added [ 45.240842][ T1145] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.252906][ T6165] team0: Port device team_slave_1 added [ 45.271670][ T6165] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.273516][ T6165] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.280375][ T6165] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.284235][ T6165] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.286150][ T6165] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.292707][ T6165] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.318372][ T6165] hsr_slave_0: entered promiscuous mode [ 45.320427][ T6165] hsr_slave_1: entered promiscuous mode [ 45.322298][ T6165] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 45.324275][ T6165] Cannot create hsr debugfs directory [ 45.402916][ T6081] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.431713][ T6081] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.473105][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.474989][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.488701][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.490571][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.497597][ T1145] bridge_slave_1: left allmulticast mode [ 45.499087][ T1145] bridge_slave_1: left promiscuous mode [ 45.500614][ T1145] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.506394][ T1145] bridge_slave_0: left allmulticast mode [ 45.507900][ T1145] bridge_slave_0: left promiscuous mode [ 45.509420][ T1145] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.515405][ T1145] bridge_slave_1: left allmulticast mode [ 45.518125][ T1145] bridge_slave_1: left promiscuous mode [ 45.519662][ T1145] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.522303][ T1145] bridge_slave_0: left allmulticast mode [ 45.523791][ T1145] bridge_slave_0: left promiscuous mode [ 45.525299][ T1145] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.825596][ T1145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 45.832617][ T1145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 45.842355][ T1145] bond0 (unregistering): Released all slaves [ 45.905054][ T1145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 45.910048][ T1145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 45.914096][ T1145] bond0 (unregistering): Released all slaves [ 45.920231][ T6081] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 45.942914][ T6165] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 45.959912][ T6165] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 45.964963][ T6165] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 45.969641][ T6165] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 46.003247][ T6081] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.013554][ T6165] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.032422][ T6165] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.052814][ T6081] veth0_vlan: entered promiscuous mode [ 46.057569][ T6081] veth1_vlan: entered promiscuous mode [ 46.065825][ T6081] veth0_macvtap: entered promiscuous mode [ 46.069507][ T6081] veth1_macvtap: entered promiscuous mode [ 46.127359][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.129960][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.138464][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.141078][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.149407][ T6081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.152181][ T6081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.154747][ T6081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.157901][ T6081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.160581][ T6081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.163568][ T6081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.166635][ T6081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.169751][ T6081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.173352][ T6081] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.177484][ T6081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.180231][ T6081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.182754][ T6081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.185376][ T6081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.188180][ T6081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.191050][ T6081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.193808][ T6081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.206113][ T6081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.215904][ T6081] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.261214][ T6081] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.263518][ T6081] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.265770][ T6081] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.268218][ T6081] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.304805][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.312154][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.327928][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.330012][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.463688][ T6212] netlink: 12 bytes leftover after parsing attributes in process `syz.1.26'. [ 46.682499][ T6165] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.705593][ T1145] hsr_slave_0: left promiscuous mode [ 46.707979][ T1145] hsr_slave_1: left promiscuous mode [ 46.710463][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 46.713086][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 46.717103][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 46.719753][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 46.725182][ T1145] hsr_slave_0: left promiscuous mode [ 46.732151][ T1145] hsr_slave_1: left promiscuous mode [ 46.738724][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 46.740690][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 46.746810][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 46.748772][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 46.818115][ T1145] veth1_macvtap: left promiscuous mode [ 46.819571][ T1145] veth0_macvtap: left promiscuous mode [ 46.820995][ T1145] veth1_vlan: left promiscuous mode [ 46.822352][ T1145] veth0_vlan: left promiscuous mode [ 46.825581][ T1145] veth1_macvtap: left promiscuous mode [ 46.828268][ T1145] veth0_macvtap: left promiscuous mode [ 46.829738][ T1145] veth1_vlan: left promiscuous mode [ 46.831116][ T1145] veth0_vlan: left promiscuous mode [ 46.946117][ T64] Bluetooth: hci3: command tx timeout [ 47.107279][ T64] Bluetooth: hci2: command tx timeout [ 47.496027][ T64] Bluetooth: hci1: command tx timeout [ 47.517537][ T1145] team0 (unregistering): Port device team_slave_1 removed [ 47.589356][ T1145] team0 (unregistering): Port device team_slave_0 removed [ 48.429862][ T6242] syz.1.31: attempt to access beyond end of device [ 48.429862][ T6242] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 48.433425][ T6242] efs: cannot read volume header [ 48.675837][ T1145] team0 (unregistering): Port device team_slave_1 removed [ 48.728242][ T1145] team0 (unregistering): Port device team_slave_0 removed [ 49.025982][ T64] Bluetooth: hci3: command tx timeout [ 49.177637][ T64] Bluetooth: hci2: command tx timeout [ 49.281564][ T6165] veth0_vlan: entered promiscuous mode [ 49.285093][ T6165] veth1_vlan: entered promiscuous mode [ 49.294617][ T6165] veth0_macvtap: entered promiscuous mode [ 49.350822][ T6165] veth1_macvtap: entered promiscuous mode [ 49.355644][ T6165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.358588][ T6165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.361408][ T6165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.364110][ T6165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.371326][ T6165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.374064][ T6165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.378217][ T6165] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.389184][ T6165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.391951][ T6165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.394479][ T6165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.398820][ T6165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.401487][ T6165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.403909][ T6165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.407399][ T6165] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.416877][ T6165] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.427442][ T6165] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.430326][ T6165] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.433427][ T6165] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.561187][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.563248][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.565367][ T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.567827][ T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.460655][ T6305] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 50.462490][ T6305] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 50.466556][ T6305] vhci_hcd vhci_hcd.0: Device attached [ 50.666607][ T25] vhci_hcd: vhci_device speed not set [ 50.726054][ T25] usb 41-1: new full-speed USB device number 2 using vhci_hcd [ 50.753496][ T6313] netlink: 'syz.1.36': attribute type 1 has an invalid length. [ 51.096122][ T64] Bluetooth: hci3: command tx timeout [ 52.160989][ T6341] netlink: 'syz.3.40': attribute type 4 has an invalid length. [ 52.178197][ T6307] vhci_hcd: connection reset by peer [ 52.199252][ T95] vhci_hcd: stop threads [ 52.200716][ T95] vhci_hcd: release socket [ 52.241611][ T95] vhci_hcd: disconnect device [ 52.252829][ T6347] netlink: 4 bytes leftover after parsing attributes in process `syz.2.43'. [ 52.259683][ T6347] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.294469][ T6341] netlink: 'syz.3.40': attribute type 4 has an invalid length. [ 52.299120][ T6347] bridge_slave_1 (unregistering): left allmulticast mode [ 52.301703][ T6347] bridge_slave_1 (unregistering): left promiscuous mode [ 52.322014][ T6347] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.866952][ T5998] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 52.939863][ T6345] Trying to write to read-only block-device nullb0 [ 53.016856][ T5998] usb 6-1: Using ep0 maxpacket: 8 [ 53.059110][ T5998] usb 6-1: device descriptor read/all, error -71 [ 53.176534][ T64] Bluetooth: hci3: command tx timeout [ 55.204556][ T6397] tipc: Started in network mode [ 55.206535][ T6397] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 55.208982][ T6397] tipc: Enabled bearer , priority 0 [ 55.250554][ T6397] syz.2.54 uses obsolete (PF_INET,SOCK_PACKET) [ 55.262521][ T6397] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 55.743949][ T6430] Zero length message leads to an empty skb [ 55.806019][ T25] vhci_hcd: vhci_device speed not set [ 55.969653][ T6442] netlink: 4 bytes leftover after parsing attributes in process `syz.4.59'. [ 56.208633][ T6463] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 56.210393][ T6463] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 56.213607][ T6463] vhci_hcd vhci_hcd.0: Device attached [ 56.329225][ T6009] tipc: Node number set to 11578026 [ 56.426293][ T5976] vhci_hcd: vhci_device speed not set [ 56.505762][ T5976] usb 43-1: new full-speed USB device number 2 using vhci_hcd [ 57.193020][ T6485] netlink: 4 bytes leftover after parsing attributes in process `syz.2.63'. [ 57.420537][ T6467] vhci_hcd: connection reset by peer [ 57.422150][ T1141] vhci_hcd: stop threads [ 57.423301][ T1141] vhci_hcd: release socket [ 57.424502][ T1141] vhci_hcd: disconnect device [ 57.831268][ T6482] syz.4.62 (6482): drop_caches: 2 [ 58.276620][ T6507] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 58.279834][ T6507] overlayfs: missing 'lowerdir' [ 58.829284][ T6515] netlink: 'syz.4.70': attribute type 1 has an invalid length. [ 60.209976][ T6541] netlink: 4 bytes leftover after parsing attributes in process `syz.3.75'. [ 60.244638][ T6535] netlink: 'syz.2.74': attribute type 10 has an invalid length. [ 60.292180][ T6542] netlink: 'syz.2.74': attribute type 10 has an invalid length. [ 60.298122][ T6542] netlink: 2 bytes leftover after parsing attributes in process `syz.2.74'. [ 60.305867][ T6542] team0: entered promiscuous mode [ 60.311320][ T6542] team_slave_0: entered promiscuous mode [ 60.318128][ T6542] team_slave_1: entered promiscuous mode [ 60.323933][ T6542] bridge0: port 2(team0) entered blocking state [ 60.330131][ T6542] bridge0: port 2(team0) entered disabled state [ 60.332391][ T6542] team0: entered allmulticast mode [ 60.334905][ T6542] team_slave_0: entered allmulticast mode [ 60.338086][ T6542] team_slave_1: entered allmulticast mode [ 60.365700][ T6542] bridge0: port 2(team0) entered blocking state [ 60.368586][ T6542] bridge0: port 2(team0) entered forwarding state [ 60.384941][ T6535] tipc: Resetting bearer [ 60.462527][ T6535] bridge0: port 2(team0) entered disabled state [ 60.616430][ T6535] team0: left allmulticast mode [ 60.617804][ T6535] team_slave_0: left allmulticast mode [ 60.619313][ T6535] team_slave_1: left allmulticast mode [ 60.620899][ T6535] team0: left promiscuous mode [ 60.622736][ T6535] team_slave_0: left promiscuous mode [ 60.626345][ T6535] team_slave_1: left promiscuous mode [ 60.628359][ T6535] bridge0: port 2(team0) entered disabled state [ 60.633543][ T6535] batman_adv: batadv0: Adding interface: team0 [ 60.635464][ T6535] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.644186][ T6535] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 61.181281][ T39] audit: type=1400 audit(1734928361.699:2): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=6572 comm="syz.1.79" [ 61.186796][ T6573] netlink: 'syz.1.79': attribute type 10 has an invalid length. [ 61.198802][ T6573] team0: Port device geneve1 added [ 61.207576][ T6573] netlink: 32 bytes leftover after parsing attributes in process `syz.1.79'. [ 61.295780][ T6573] veth0_to_team: entered promiscuous mode [ 61.334842][ T6573] veth0_to_team: entered allmulticast mode [ 61.835591][ T6600] netlink: 28 bytes leftover after parsing attributes in process `syz.1.84'. [ 61.903301][ T6603] fuse: Unknown parameter 'ûd¡' [ 62.173154][ T5976] vhci_hcd: vhci_device speed not set [ 62.609906][ T6604] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 62.615392][ T6604] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 62.632361][ T6604] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 62.642667][ T6604] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 62.648466][ T6604] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 62.660791][ T6604] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 62.670549][ T6604] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 62.673424][ T6604] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 62.681780][ T6604] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 62.688057][ T6604] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 62.690809][ T6604] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 62.696709][ T6604] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 62.767688][ T6594] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 62.774814][ T6624] qnx6: unable to read the first superblock [ 63.011223][ T64] Bluetooth: hci1: unexpected event for opcode 0x1408 [ 63.039906][ T6626] 9pnet_fd: Insufficient options for proto=fd [ 64.056054][ T64] Bluetooth: hci0: command 0x0c1a tx timeout [ 64.229997][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies. [ 64.696058][ T64] Bluetooth: hci3: command 0x0c1a tx timeout [ 64.697592][ T64] Bluetooth: hci2: command 0x0c1a tx timeout [ 65.478310][ T6668] netlink: 4 bytes leftover after parsing attributes in process `syz.2.97'. [ 65.737495][ T6674] netlink: 88 bytes leftover after parsing attributes in process `syz.4.99'. [ 65.739965][ T6674] netlink: 48 bytes leftover after parsing attributes in process `syz.4.99'. [ 65.976614][ T6688] netlink: 8 bytes leftover after parsing attributes in process `syz.3.103'. [ 65.982542][ T6688] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 65.984241][ T6688] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 65.988576][ T6688] vhci_hcd vhci_hcd.0: Device attached [ 66.146063][ T5949] Bluetooth: hci0: command 0x0c1a tx timeout [ 66.176582][ T5977] vhci_hcd: vhci_device speed not set [ 66.241006][ T6701] netlink: 'syz.2.105': attribute type 10 has an invalid length. [ 66.243149][ T6701] netlink: 55 bytes leftover after parsing attributes in process `syz.2.105'. [ 66.247501][ T5977] usb 43-1: new full-speed USB device number 3 using vhci_hcd [ 66.295855][ T6704] sp0: Synchronizing with TNC [ 66.304325][ T6704] [U] è [ 66.776034][ T5949] Bluetooth: hci2: command 0x0c1a tx timeout [ 66.781664][ T64] Bluetooth: hci3: command 0x0c1a tx timeout [ 67.663113][ T6690] vhci_hcd: connection reset by peer [ 67.666055][ T45] vhci_hcd: stop threads [ 67.667298][ T45] vhci_hcd: release socket [ 67.668516][ T45] vhci_hcd: disconnect device [ 67.728030][ T25] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 67.827069][ T6730] netlink: 4 bytes leftover after parsing attributes in process `syz.2.113'. [ 67.896027][ T25] usb 6-1: Using ep0 maxpacket: 8 [ 67.900099][ T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 67.902852][ T25] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 67.905174][ T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.916746][ T25] usb 6-1: config 0 descriptor?? [ 68.179142][ T25] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 68.193883][ T25] usb 6-1: USB disconnect, device number 4 [ 68.216699][ T5949] Bluetooth: hci0: command 0x0c1a tx timeout [ 68.250806][ T39] audit: type=1804 audit(1734928368.769:3): pid=6745 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.118" name="/newroot/29/file0/file0" dev="9p" ino=38928651 res=1 errno=0 [ 68.358044][ T39] audit: type=1804 audit(1734928368.879:4): pid=6746 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.118" name="/newroot/29/file0/file0" dev="9p" ino=38928651 res=1 errno=0 [ 68.534225][ T6749] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491 [ 68.538160][ T6749] capability: warning: `syz.2.120' uses 32-bit capabilities (legacy support in use) [ 68.856045][ T5949] Bluetooth: hci3: command 0x0c1a tx timeout [ 68.857667][ T5949] Bluetooth: hci2: command 0x0c1a tx timeout [ 68.934561][ T39] audit: type=1326 audit(1734928369.449:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6759 comm="syz.3.123" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 68.940417][ T39] audit: type=1326 audit(1734928369.449:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6759 comm="syz.3.123" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 68.948226][ T39] audit: type=1326 audit(1734928369.459:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6759 comm="syz.3.123" exe="/syz-executor" sig=0 arch=40000003 syscall=76 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 68.954640][ T39] audit: type=1326 audit(1734928369.459:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6759 comm="syz.3.123" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 68.961473][ T39] audit: type=1326 audit(1734928369.459:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6759 comm="syz.3.123" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 68.968466][ T39] audit: type=1326 audit(1734928369.459:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6759 comm="syz.3.123" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 68.975142][ T39] audit: type=1326 audit(1734928369.459:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6759 comm="syz.3.123" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 68.981895][ T39] audit: type=1326 audit(1734928369.459:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6759 comm="syz.3.123" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 69.084485][ T6756] mkiss: ax0: crc mode is auto. [ 69.318483][ T6764] netlink: 8 bytes leftover after parsing attributes in process `syz.2.125'. [ 69.374665][ T64] Bluetooth: hci2: unexpected event for opcode 0x1408 [ 69.388290][ T6770] 9pnet_fd: Insufficient options for proto=fd [ 69.709503][ T6784] netlink: 'syz.2.131': attribute type 10 has an invalid length. [ 69.711798][ T6784] netlink: 55 bytes leftover after parsing attributes in process `syz.2.131'. [ 70.086106][ T64] Bluetooth: hci0: unexpected event for opcode 0x1001 [ 70.479310][ T6795] infiniband syz1: set down [ 70.480783][ T6795] infiniband syz1: added syzkaller0 [ 70.529118][ T6800] netlink: 4 bytes leftover after parsing attributes in process `syz.2.137'. [ 70.539210][ T6795] RDS/IB: syz1: added [ 70.541366][ T6795] smc: adding ib device syz1 with port count 1 [ 70.544390][ T6795] smc: ib device syz1 port 1 has pnetid [ 70.716961][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.736116][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 70.858365][ T6806] netlink: 'syz.2.140': attribute type 1 has an invalid length. [ 70.953930][ T45] smc: removing ib device syz1 [ 71.124351][ T6814] geneve2: entered promiscuous mode [ 71.336321][ T5977] vhci_hcd: vhci_device speed not set [ 72.204532][ T6835] netlink: 12 bytes leftover after parsing attributes in process `syz.2.148'. [ 72.695964][ T64] Bluetooth: hci3: unexpected event for opcode 0x1408 [ 72.714467][ T6841] 9pnet_fd: Insufficient options for proto=fd [ 73.182454][ T6857] netlink: 'syz.3.155': attribute type 4 has an invalid length. [ 73.187070][ T6855] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 73.189417][ T6855] overlayfs: missing 'lowerdir' [ 73.204571][ T6857] netlink: 'syz.3.155': attribute type 4 has an invalid length. [ 73.230811][ T6859] IPVS: set_ctl: invalid protocol: 115 172.20.20.43:20001 [ 73.308037][ T6862] netlink: 12 bytes leftover after parsing attributes in process `syz.1.150'. [ 74.191883][ T6876] netlink: 88 bytes leftover after parsing attributes in process `syz.2.159'. [ 74.194832][ T6876] netlink: 48 bytes leftover after parsing attributes in process `syz.2.159'. [ 74.368208][ T6881] netlink: 'syz.2.161': attribute type 3 has an invalid length. [ 74.371241][ T6881] netlink: 'syz.2.161': attribute type 3 has an invalid length. [ 74.798099][ T64] Bluetooth: hci0: unexpected event for opcode 0x1408 [ 74.804880][ T6889] 9pnet_fd: Insufficient options for proto=fd [ 74.956878][ T6894] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 74.959176][ T6894] overlayfs: missing 'lowerdir' [ 75.735304][ T6914] loop9: detected capacity change from 0 to 509 [ 75.742606][ T64] Bluetooth: hci1: unexpected event for opcode 0x1408 [ 75.872839][ T8] cfg80211: failed to load regulatory.db [ 75.966589][ T6931] netlink: 'syz.1.175': attribute type 4 has an invalid length. [ 75.980295][ T6930] netlink: 4 bytes leftover after parsing attributes in process `syz.2.177'. [ 75.994004][ T6931] netlink: 'syz.1.175': attribute type 4 has an invalid length. [ 76.143066][ T6941] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 76.145464][ T6941] overlayfs: missing 'lowerdir' [ 76.155443][ T6940] syzkaller0: entered promiscuous mode [ 76.158165][ T6940] syzkaller0: entered allmulticast mode [ 76.742514][ T64] Bluetooth: hci0: unexpected event for opcode 0x1408 [ 77.113231][ T6959] netlink: 4 bytes leftover after parsing attributes in process `syz.1.186'. [ 77.969966][ T64] Bluetooth: hci2: unexpected event for opcode 0x2062 [ 78.223865][ T6984] netlink: 212 bytes leftover after parsing attributes in process `syz.1.193'. [ 78.338764][ T64] Bluetooth: hci2: unexpected event for opcode 0x1408 [ 78.605434][ T64] Bluetooth: hci2: unexpected event for opcode 0x1001 [ 78.857874][ T7004] netlink: 4 bytes leftover after parsing attributes in process `syz.1.200'. [ 78.887747][ T7004] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.974344][ T7004] bridge_slave_1 (unregistering): left allmulticast mode [ 78.976166][ T7004] bridge_slave_1 (unregistering): left promiscuous mode [ 78.978751][ T7004] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.159709][ T7014] FAULT_INJECTION: forcing a failure. [ 79.159709][ T7014] name failslab, interval 1, probability 0, space 0, times 1 [ 79.162963][ T7014] CPU: 0 UID: 0 PID: 7014 Comm: syz.1.205 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 79.165677][ T7014] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 79.168486][ T7014] Call Trace: [ 79.169376][ T7014] [ 79.170156][ T7014] dump_stack_lvl+0x16c/0x1f0 [ 79.171394][ T7014] should_fail_ex+0x497/0x5b0 [ 79.172633][ T7014] ? fs_reclaim_acquire+0xae/0x150 [ 79.173984][ T7014] should_failslab+0xc2/0x120 [ 79.175219][ T7014] __kmalloc_noprof+0xce/0x4f0 [ 79.176493][ T7014] ? capable+0xd4/0x110 [ 79.177647][ T7014] ? ovl_fill_super+0x3ea/0x6970 [ 79.179116][ T7014] ? prepare_creds+0x490/0x750 [ 79.180460][ T7014] ovl_fill_super+0x3ea/0x6970 [ 79.181727][ T7014] ? shrinker_register+0x154/0x260 [ 79.183066][ T7014] ? __pfx_lock_release+0x10/0x10 [ 79.184376][ T7014] ? rcu_is_watching+0x12/0xc0 [ 79.185637][ T7014] ? __mutex_lock+0x1cc/0xa60 [ 79.187168][ T7014] ? xas_nomem+0x189/0x2c0 [ 79.188343][ T7014] ? find_held_lock+0x2d/0x110 [ 79.189631][ T7014] ? __pfx_ovl_fill_super+0x10/0x10 [ 79.190984][ T7014] ? lockdep_init_map_type+0x16d/0x7d0 [ 79.192403][ T7014] ? lockdep_init_map_type+0x16d/0x7d0 [ 79.193824][ T7014] ? __init_swait_queue_head+0xca/0x150 [ 79.195261][ T7014] ? shrinker_register+0x1a8/0x260 [ 79.196641][ T7014] ? sget_fc+0x488/0xb90 [ 79.197774][ T7014] ? __pfx_ovl_fill_super+0x10/0x10 [ 79.199136][ T7014] ? get_tree_nodev+0xda/0x190 [ 79.200391][ T7014] get_tree_nodev+0xda/0x190 [ 79.201605][ T7014] vfs_get_tree+0x8f/0x380 [ 79.202777][ T7014] path_mount+0x6e1/0x1f10 [ 79.203950][ T7014] ? kmem_cache_free+0x152/0x4c0 [ 79.205258][ T7014] ? __pfx_path_mount+0x10/0x10 [ 79.206511][ T7014] ? putname+0x13c/0x180 [ 79.207639][ T7014] __ia32_sys_mount+0x292/0x310 [ 79.208915][ T7014] ? __pfx___ia32_sys_mount+0x10/0x10 [ 79.210313][ T7014] __do_fast_syscall_32+0x73/0x120 [ 79.211650][ T7014] do_fast_syscall_32+0x32/0x80 [ 79.212928][ T7014] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 79.214573][ T7014] RIP: 0023:0xf70ae579 [ 79.215639][ T7014] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 79.220660][ T7014] RSP: 002b:00000000f50a055c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 79.222844][ T7014] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000200000c0 [ 79.224870][ T7014] RDX: 0000000020000380 RSI: 0000000000000000 RDI: 0000000020000400 [ 79.226832][ T7014] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 79.228885][ T7014] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 79.230932][ T7014] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 79.233011][ T7014] [ 79.560753][ T7030] netlink: 'syz.2.207': attribute type 4 has an invalid length. [ 79.619288][ T7031] netlink: 'syz.2.207': attribute type 4 has an invalid length. [ 79.780233][ T7034] netlink: 4 bytes leftover after parsing attributes in process `syz.3.210'. [ 80.393837][ T7039] netlink: 8 bytes leftover after parsing attributes in process `syz.2.212'. [ 80.751432][ T7055] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 80.753203][ T7055] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 80.756505][ T7055] vhci_hcd vhci_hcd.0: Device attached [ 80.882677][ T64] Bluetooth: hci2: unexpected event for opcode 0x1001 [ 81.197382][ T7060] netlink: 'syz.3.219': attribute type 1 has an invalid length. [ 81.296237][ T5976] vhci_hcd: vhci_device speed not set [ 81.386054][ T5976] usb 39-1: new full-speed USB device number 2 using vhci_hcd [ 81.440267][ T7060] 8021q: adding VLAN 0 to HW filter on device bond1 [ 81.449650][ T7068] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 81.452248][ T7068] bond1: (slave batadv1): making interface the new active one [ 81.454684][ T7068] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 81.710012][ T7086] netlink: 4 bytes leftover after parsing attributes in process `syz.4.223'. [ 81.718302][ T7088] netlink: 4 bytes leftover after parsing attributes in process `syz.3.225'. [ 81.722173][ T7088] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.757754][ T7088] bridge_slave_1 (unregistering): left allmulticast mode [ 81.760133][ T7088] bridge_slave_1 (unregistering): left promiscuous mode [ 81.762495][ T7088] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.860895][ T7092] netlink: 'syz.2.226': attribute type 10 has an invalid length. [ 81.862945][ T7092] netlink: 55 bytes leftover after parsing attributes in process `syz.2.226'. [ 82.012344][ T7058] vhci_hcd: connection reset by peer [ 82.014819][ T1141] vhci_hcd: stop threads [ 82.018004][ T1141] vhci_hcd: release socket [ 82.019577][ T1141] vhci_hcd: disconnect device [ 82.235296][ T7114] FAULT_INJECTION: forcing a failure. [ 82.235296][ T7114] name failslab, interval 1, probability 0, space 0, times 0 [ 82.239303][ T7117] netlink: 15064 bytes leftover after parsing attributes in process `syz.4.233'. [ 82.240769][ T7114] CPU: 0 UID: 0 PID: 7114 Comm: syz.1.231 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 82.244478][ T7114] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 82.247291][ T7114] Call Trace: [ 82.248160][ T7114] [ 82.248957][ T7114] dump_stack_lvl+0x16c/0x1f0 [ 82.250210][ T7114] should_fail_ex+0x497/0x5b0 [ 82.251451][ T7114] ? fs_reclaim_acquire+0xae/0x150 [ 82.252805][ T7114] should_failslab+0xc2/0x120 [ 82.254346][ T7114] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 82.256253][ T7114] ? security_file_alloc+0x34/0x2b0 [ 82.257755][ T7114] security_file_alloc+0x34/0x2b0 [ 82.259094][ T7114] init_file+0x93/0x480 [ 82.260191][ T7114] alloc_empty_file+0x91/0x1e0 [ 82.261454][ T7114] alloc_file_pseudo+0x13d/0x200 [ 82.262747][ T7114] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 82.264214][ T7114] __anon_inode_getfile+0x136/0x3c0 [ 82.265585][ T7114] ? __pfx___anon_inode_getfile+0x10/0x10 [ 82.267082][ T7114] io_uring_setup+0x189d/0x3230 [ 82.268343][ T7114] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 82.269902][ T7114] ? __pfx_io_uring_setup+0x10/0x10 [ 82.271252][ T7114] ? __fget_files+0x206/0x3a0 [ 82.272486][ T7114] ? ksys_write+0x1ba/0x250 [ 82.273682][ T7114] ? __pfx_ksys_write+0x10/0x10 [ 82.275403][ T7114] __ia32_sys_io_uring_setup+0x97/0x140 [ 82.277424][ T7114] __do_fast_syscall_32+0x73/0x120 [ 82.278768][ T7114] do_fast_syscall_32+0x32/0x80 [ 82.280039][ T7114] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 82.281704][ T7114] RIP: 0023:0xf70ae579 [ 82.282759][ T7114] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 82.287749][ T7114] RSP: 002b:00000000f507f50c EFLAGS: 00000206 ORIG_RAX: 00000000000001a9 [ 82.289890][ T7114] RAX: ffffffffffffffda RBX: 0000000000006165 RCX: 0000000020000300 [ 82.291916][ T7114] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 82.293949][ T7114] RBP: 0000000020000100 R08: 0000000000000000 R09: 0000000000000000 [ 82.296093][ T7114] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 82.298944][ T7114] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 82.300998][ T7114] [ 82.301845][ C0] vkms_vblank_simulate: vblank timer overrun [ 82.335981][ T7123] binder: BINDER_SET_CONTEXT_MGR already set [ 82.337689][ T7123] binder: 7121:7123 ioctl 4018620d 20000100 returned -16 [ 82.505331][ T64] Bluetooth: hci1: unexpected event for opcode 0x1408 [ 82.524890][ T7131] overlay: filesystem on ./bus not supported [ 82.832535][ T7153] netlink: 4 bytes leftover after parsing attributes in process `syz.1.238'. [ 82.898613][ T7155] netlink: 'syz.2.245': attribute type 2 has an invalid length. [ 82.928996][ T7155] : entered promiscuous mode [ 82.938412][ T7155] netlink: 'syz.2.245': attribute type 10 has an invalid length. [ 82.944948][ T7155] hsr0: entered promiscuous mode [ 82.953259][ T7155] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 82.959178][ T7155] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 82.973588][ T7155] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 83.121245][ T68] tipc: Subscription rejected, illegal request [ 83.347944][ T7166] netlink: 4 bytes leftover after parsing attributes in process `syz.2.246'. [ 83.860483][ T64] Bluetooth: hci3: unexpected event for opcode 0x1408 [ 83.906806][ T7177] netlink: 8 bytes leftover after parsing attributes in process `syz.4.252'. [ 84.013377][ T7182] hsr_slave_0: left promiscuous mode [ 84.016644][ T7182] hsr_slave_1: left promiscuous mode [ 84.139314][ T7192] ax25_connect(): syz.3.256 uses autobind, please contact jreuter@yaina.de [ 84.147987][ T7191] ax25_connect(): syz.3.256 uses autobind, please contact jreuter@yaina.de [ 84.592261][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.677434][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.755318][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.798141][ T5949] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 84.801624][ T5949] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 84.803967][ T5949] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 84.806679][ T5949] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 84.822195][ T5949] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 84.824251][ T5949] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 84.864645][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.893910][ T7204] netlink: 12 bytes leftover after parsing attributes in process `syz.3.259'. [ 84.937917][ T7213] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 85.014049][ T7228] netlink: 4 bytes leftover after parsing attributes in process `syz.1.265'. [ 85.015745][ T7203] chnl_net:caif_netlink_parms(): no params data found [ 85.075722][ T7235] tipc: Failed to remove unknown binding: 66,1,1/11578026:2292920074/2292920076 [ 85.090338][ T7233] evm: overlay not supported [ 85.107084][ T12] bridge_slave_1: left allmulticast mode [ 85.111873][ T12] bridge_slave_1: left promiscuous mode [ 85.115174][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.134999][ T12] bridge_slave_0: left allmulticast mode [ 85.136642][ T12] bridge_slave_0: left promiscuous mode [ 85.138533][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.232345][ T7246] netlink: 'syz.1.271': attribute type 4 has an invalid length. [ 85.284241][ T7249] netlink: 'syz.1.271': attribute type 4 has an invalid length. [ 85.508644][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 85.512244][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 85.515245][ T12] bond0 (unregistering): Released all slaves [ 85.549393][ T7256] netlink: 8 bytes leftover after parsing attributes in process `syz.2.273'. [ 85.581924][ T7258] FAULT_INJECTION: forcing a failure. [ 85.581924][ T7258] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 85.585533][ T7258] CPU: 1 UID: 0 PID: 7258 Comm: syz.1.274 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 85.588532][ T7258] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.592143][ T7258] Call Trace: [ 85.593002][ T7258] [ 85.593804][ T7258] dump_stack_lvl+0x16c/0x1f0 [ 85.595034][ T7258] should_fail_ex+0x497/0x5b0 [ 85.596262][ T7258] ? fs_reclaim_acquire+0xae/0x150 [ 85.597649][ T7258] should_fail_alloc_page+0xe7/0x130 [ 85.599022][ T7258] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 85.601024][ T7258] __alloc_pages_noprof+0x190/0x25b0 [ 85.602931][ T7258] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 85.604995][ T7258] ? rcu_is_watching+0x12/0xc0 [ 85.606743][ T7258] ? trace_kmalloc+0x2d/0xd0 [ 85.608426][ T7258] ? __kmalloc_node_track_caller_noprof+0x23b/0x520 [ 85.610818][ T7258] ? rcu_watching_snap_stopped_since+0xf1/0x110 [ 85.612771][ T7258] ? __alloc_skb+0x164/0x380 [ 85.614337][ T7258] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 85.616456][ T7258] ? policy_nodemask+0xea/0x4e0 [ 85.618010][ T7258] alloc_pages_mpol_noprof+0x2c9/0x610 [ 85.619988][ T7258] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 85.621935][ T7258] ? hlock_class+0x4e/0x130 [ 85.623117][ T7258] ? hlock_class+0x4e/0x130 [ 85.624722][ T7258] alloc_skb_with_frags+0x24b/0x850 [ 85.626117][ T7258] sock_alloc_send_pskb+0x7f1/0x980 [ 85.627485][ T7258] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 85.628976][ T7258] ? hlock_class+0x4e/0x130 [ 85.630167][ T7258] ? __lock_acquire+0xcc5/0x3c40 [ 85.631453][ T7258] tun_get_user+0xd3b/0x3e40 [ 85.632674][ T7258] ? find_held_lock+0x2d/0x110 [ 85.633925][ T7258] ? __pfx_tun_get_user+0x10/0x10 [ 85.635244][ T7258] ? find_held_lock+0x2d/0x110 [ 85.636497][ T7258] ? __pfx_lock_release+0x10/0x10 [ 85.637824][ T7258] tun_chr_write_iter+0xdc/0x210 [ 85.639127][ T7258] vfs_write+0x5ae/0x1150 [ 85.640264][ T7258] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 85.641717][ T7258] ? __pfx_vfs_write+0x10/0x10 [ 85.642972][ T7258] ? __fget_files+0x40/0x3a0 [ 85.644197][ T7258] ksys_write+0x12b/0x250 [ 85.645353][ T7258] ? __pfx_ksys_write+0x10/0x10 [ 85.646632][ T7258] __do_fast_syscall_32+0x73/0x120 [ 85.647977][ T7258] do_fast_syscall_32+0x32/0x80 [ 85.649261][ T7258] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 85.650904][ T7258] RIP: 0023:0xf70ae579 [ 85.651973][ T7258] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 85.656908][ T7258] RSP: 002b:00000000f50a0520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 85.659067][ T7258] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000020000880 [ 85.661114][ T7258] RDX: 000000000000fdef RSI: 00000000f73e3ff4 RDI: 0000000000000000 [ 85.663154][ T7258] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 85.665210][ T7258] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 85.667273][ T7258] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 85.669766][ T7258] [ 85.678802][ T7203] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.686064][ T7203] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.689327][ T7203] bridge_slave_0: entered allmulticast mode [ 85.694775][ T7203] bridge_slave_0: entered promiscuous mode [ 85.699625][ T7203] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.702166][ T7203] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.704738][ T7203] bridge_slave_1: entered allmulticast mode [ 85.707716][ T7203] bridge_slave_1: entered promiscuous mode [ 85.736364][ T73] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 85.771565][ T7203] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.775477][ T7203] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.809279][ T7203] team0: Port device team_slave_0 added [ 85.812435][ T7203] team0: Port device team_slave_1 added [ 85.854080][ T7203] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.855692][ T7203] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.865430][ T7203] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.868704][ T7203] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.870335][ T7203] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.876979][ T7203] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.912853][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 85.914608][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 85.919665][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 85.921610][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 85.924340][ T73] usb 8-1: New USB device found, idVendor=1943, idProduct=2250, bcdDevice= 0.01 [ 85.926565][ T73] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 85.928458][ T73] usb 8-1: Product: syz [ 85.929454][ T73] usb 8-1: Manufacturer: syz [ 85.930546][ T73] usb 8-1: SerialNumber: syz [ 85.933880][ T73] usb 8-1: config 0 descriptor?? [ 85.938624][ T73] go7007 8-1:0.0: Sensoray 2250 found [ 85.939985][ T73] go7007 8-1:0.0: probe with driver go7007 failed with error -12 [ 85.962556][ T12] veth1_macvtap: left promiscuous mode [ 85.963887][ T12] veth0_macvtap: left promiscuous mode [ 85.965212][ T12] veth1_vlan: left promiscuous mode [ 85.967347][ T12] veth0_vlan: left promiscuous mode [ 86.546273][ T5976] vhci_hcd: vhci_device speed not set [ 86.621025][ T12] team0 (unregistering): Port device team_slave_1 removed [ 86.677000][ T7279] Driver unsupported XDP return value 0 on prog (id 61) dev N/A, expect packet loss! [ 86.700111][ T12] team0 (unregistering): Port device team_slave_0 removed [ 86.802744][ T64] Bluetooth: hci2: unexpected event for opcode 0x1408 [ 86.858320][ T64] Bluetooth: hci3: command tx timeout [ 87.160573][ T7203] hsr_slave_0: entered promiscuous mode [ 87.164141][ T7203] hsr_slave_1: entered promiscuous mode [ 87.190602][ T7252] bond2 (unregistering): Released all slaves [ 87.292929][ T30] usb 8-1: USB disconnect, device number 2 [ 87.302538][ T7288] overlayfs: workdir and upperdir must be separate subtrees [ 87.410858][ T7203] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 87.419934][ T7294] __nla_validate_parse: 3 callbacks suppressed [ 87.419986][ T7294] netlink: 4 bytes leftover after parsing attributes in process `syz.1.280'. [ 87.435164][ T7203] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 87.443401][ T7203] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 87.452725][ T7203] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 87.520322][ T7203] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.528624][ T7203] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.547840][ T1141] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.549702][ T1141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.552108][ T1141] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.553906][ T1141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.695438][ T7203] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.820951][ T7203] veth0_vlan: entered promiscuous mode [ 87.831082][ T7203] veth1_vlan: entered promiscuous mode [ 87.844157][ T7203] veth0_macvtap: entered promiscuous mode [ 87.847560][ T7203] veth1_macvtap: entered promiscuous mode [ 87.852539][ T7203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.855071][ T7203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.858043][ T7203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.860637][ T7203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.863153][ T7203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.865857][ T7203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.869075][ T7203] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.873671][ T7203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.876979][ T7203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.879367][ T7203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.882005][ T7203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.884515][ T7203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.887341][ T7203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.890387][ T7203] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.899626][ T7203] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.902127][ T7203] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.904487][ T7203] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.907094][ T7203] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.910793][ T7320] netlink: 'syz.3.283': attribute type 1 has an invalid length. [ 87.922614][ T7320] 8021q: adding VLAN 0 to HW filter on device bond2 [ 87.932846][ T7320] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 87.938128][ T7320] bond2: (slave batadv2): making interface the new active one [ 87.941708][ T7320] bond2: (slave batadv2): Enslaving as an active interface with an up link [ 87.967938][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.970026][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.008724][ T95] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.013796][ T95] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.155054][ T7333] block device autoloading is deprecated and will be removed. [ 88.158281][ T7336] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 88.164351][ T7333] syz.5.261: attempt to access beyond end of device [ 88.164351][ T7333] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 88.295859][ T7357] netlink: 4 bytes leftover after parsing attributes in process `syz.2.290'. [ 88.363688][ T64] Bluetooth: hci1: unexpected event for opcode 0x1408 [ 88.490910][ T7380] netlink: 12 bytes leftover after parsing attributes in process `syz.2.292'. [ 88.578133][ T7387] batadv0: entered promiscuous mode [ 88.936125][ T64] Bluetooth: hci3: command tx timeout [ 89.199705][ T7411] capability: warning: `syz.3.298' uses deprecated v2 capabilities in a way that may be insecure [ 89.227861][ T7415] netlink: 8 bytes leftover after parsing attributes in process `syz.2.299'. [ 89.651558][ T64] Bluetooth: hci0: unexpected event for opcode 0x1408 [ 90.243029][ T7441] netlink: 8 bytes leftover after parsing attributes in process `syz.2.306'. [ 90.288543][ T7441] overlay: Unknown parameter 'permit_directio' [ 90.981779][ T7455] netlink: 1264 bytes leftover after parsing attributes in process `syz.3.309'. [ 91.016972][ T64] Bluetooth: hci3: command tx timeout [ 91.421771][ T64] Bluetooth: hci1: unexpected event for opcode 0x1001 [ 91.730037][ T7473] xt_CT: You must specify a L4 protocol and not use inversions on it [ 91.730395][ T7474] xt_CT: You must specify a L4 protocol and not use inversions on it [ 91.746459][ T39] kauditd_printk_skb: 15 callbacks suppressed [ 91.746472][ T39] audit: type=1326 audit(1734928392.269:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7472 comm="syz.3.314" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 91.757139][ T39] audit: type=1326 audit(1734928392.279:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7472 comm="syz.3.314" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 91.766204][ T39] audit: type=1326 audit(1734928392.289:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7472 comm="syz.3.314" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 91.781005][ T39] audit: type=1326 audit(1734928392.289:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7472 comm="syz.3.314" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 91.801687][ T39] audit: type=1326 audit(1734928392.289:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7472 comm="syz.3.314" exe="/syz-executor" sig=0 arch=40000003 syscall=8 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 91.808436][ T39] audit: type=1326 audit(1734928392.289:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7472 comm="syz.3.314" exe="/syz-executor" sig=0 arch=40000003 syscall=8 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 91.813890][ T39] audit: type=1326 audit(1734928392.289:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7472 comm="syz.3.314" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 91.820248][ T39] audit: type=1326 audit(1734928392.289:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7472 comm="syz.3.314" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 91.826160][ T39] audit: type=1326 audit(1734928392.289:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7472 comm="syz.3.314" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 91.831728][ T39] audit: type=1326 audit(1734928392.299:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7472 comm="syz.3.314" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 91.836321][ T7473] autofs4:pid:7473:validate_dev_ioctl: invalid path supplied for cmd(0xc018937e) [ 91.888535][ T64] Bluetooth: hci2: unexpected event for opcode 0x0001 [ 92.091661][ T7484] netlink: 12 bytes leftover after parsing attributes in process `syz.3.316'. [ 92.159601][ T7488] netlink: 'syz.2.319': attribute type 4 has an invalid length. [ 92.178504][ T7488] netlink: 'syz.2.319': attribute type 4 has an invalid length. [ 93.106019][ T64] Bluetooth: hci3: command tx timeout [ 94.000139][ T7538] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 94.118390][ T7549] netlink: 88 bytes leftover after parsing attributes in process `syz.2.336'. [ 94.120889][ T7549] netlink: 48 bytes leftover after parsing attributes in process `syz.2.336'. [ 94.170764][ T7555] netlink: 'syz.3.335': attribute type 1 has an invalid length. [ 94.278817][ T7555] 8021q: adding VLAN 0 to HW filter on device bond3 [ 94.285020][ T7563] 8021q: adding VLAN 0 to HW filter on device batadv3 [ 94.423449][ T64] Bluetooth: hci2: unexpected event for opcode 0x1001 [ 94.532304][ T7563] bond3: (slave batadv3): making interface the new active one [ 94.540613][ T7563] bond3: (slave batadv3): Enslaving as an active interface with an up link [ 94.763713][ T7574] netlink: 4 bytes leftover after parsing attributes in process `syz.1.339'. [ 95.248607][ T7603] netlink: 'syz.2.346': attribute type 1 has an invalid length. [ 95.273406][ T7603] 8021q: adding VLAN 0 to HW filter on device bond1 [ 95.298191][ T7603] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 95.301444][ T7603] bond1: (slave batadv1): making interface the new active one [ 95.305598][ T7603] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 95.679114][ T7611] netlink: 'syz.2.347': attribute type 10 has an invalid length. [ 95.681376][ T7611] netlink: 55 bytes leftover after parsing attributes in process `syz.2.347'. [ 95.839596][ T7618] netlink: 12 bytes leftover after parsing attributes in process `syz.1.350'. [ 95.847709][ T7618] 8021q: adding VLAN 0 to HW filter on device bond1 [ 95.874591][ T7618] 8021q: adding VLAN 0 to HW filter on device bond1 [ 95.882319][ T7618] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 95.885888][ T7618] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 96.208160][ T7631] netlink: 'syz.3.354': attribute type 1 has an invalid length. [ 96.584426][ T7639] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6) [ 96.586172][ T7639] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 96.589699][ T7639] vhci_hcd vhci_hcd.0: Device attached [ 96.776932][ T9] vhci_hcd: vhci_device speed not set [ 96.836135][ T9] usb 47-1: new full-speed USB device number 2 using vhci_hcd [ 97.178759][ T7651] [U] [ 97.179680][ T7651] [U] [ 97.180409][ T7651] [U] [ 97.181142][ T7651] [U] [ 97.181921][ T7651] [U] [ 97.182644][ T7651] [U] [ 97.183366][ T7651] [U] [ 97.184094][ T7651] [U] [ 97.184949][ T7651] [U] [ 97.185687][ T7651] [U] [ 97.186426][ T7651] [U] [ 97.187176][ T7651] [U] [ 97.187997][ T7651] [U] [ 97.188734][ T7651] [U] [ 97.189457][ T7651] [U] [ 97.190182][ T7651] [U] [ 97.190976][ T7651] [U] [ 97.191706][ T7651] [U] [ 97.192437][ T7651] [U] [ 97.193175][ T7651] [U] [ 97.193953][ T7651] [U] [ 97.194684][ T7651] [U] [ 97.195405][ T7651] [U] [ 97.196150][ T7651] [U] [ 97.197062][ T7651] [U] [ 97.197789][ T7651] [U] [ 97.198519][ T7651] [U] [ 97.199258][ T7651] [U] [ 97.200036][ T7651] [U] [ 97.200779][ T7651] [U] [ 97.201509][ T7651] [U] [ 97.202252][ T7651] [U] [ 97.203033][ T7651] [U] [ 97.203765][ T7651] [U] [ 97.204496][ T7651] [U] [ 97.205240][ T7651] [U] [ 97.206094][ T7651] [U] [ 97.206841][ T7651] [U] [ 97.207573][ T7651] [U] [ 97.208302][ T7651] [U] [ 97.209119][ T7651] [U] [ 97.209845][ T7651] [U] [ 97.210576][ T7651] [U] [ 97.211280][ T7651] [U] [ 97.212051][ T7651] [U] [ 97.212785][ T7651] [U] [ 97.213511][ T7651] [U] [ 97.214235][ T7651] [U] [ 97.215013][ T7651] [U] [ 97.215749][ T7651] [U] [ 97.216486][ T7651] [U] [ 97.217237][ T7651] [U] [ 97.218094][ T7651] [U] [ 97.218821][ T7651] [U] [ 97.219556][ T7651] [U] [ 97.220280][ T7651] [U] [ 97.221075][ T7651] [U] [ 97.221800][ T7651] [U] [ 97.222525][ T7651] [U] [ 97.223250][ T7651] [U] [ 97.224018][ T7651] [U] [ 97.224753][ T7651] [U] [ 97.225486][ T7651] [U] [ 97.226226][ T7651] [U] [ 97.227436][ T7651] [U] [ 97.228174][ T7651] [U] [ 97.228924][ T7651] [U] [ 97.229646][ T7651] [U] [ 97.230941][ T7651] [U] [ 97.230996][ T7653] netlink: 'syz.1.360': attribute type 27 has an invalid length. [ 97.231683][ T7651] [U] [ 97.234452][ T7651] [U] [ 97.235183][ T7651] [U] [ 97.237229][ T7651] [U] [ 97.237973][ T7651] [U] [ 97.238696][ T7651] [U] [ 97.239430][ T7651] [U] [ 97.240212][ T7651] [U] [ 97.240945][ T7651] [U] [ 97.241671][ T7651] [U] [ 97.242402][ T7651] [U] [ 97.243202][ T7651] [U] [ 97.243928][ T7651] [U] [ 97.244788][ T7651] [U] [ 97.245640][ T7651] [U] [ 97.247120][ T7651] [U] [ 97.247860][ T7651] [U] [ 97.248600][ T7651] [U] [ 97.249330][ T7651] [U] [ 97.250176][ T7651] [U] [ 97.250906][ T7651] [U] [ 97.251630][ T7651] [U] [ 97.252352][ T7651] [U] [ 97.253123][ T7651] [U] [ 97.253849][ T7651] [U] [ 97.254573][ T7651] [U] [ 97.255300][ T7651] [U] [ 97.256143][ T7651] [U] [ 97.256883][ T7651] [U] [ 97.257606][ T7651] [U] [ 97.258328][ T7651] [U] [ 97.259122][ T7651] [U] [ 97.259845][ T7651] [U] [ 97.260576][ T7651] [U] [ 97.261298][ T7651] [U] [ 97.262358][ T7651] [U] [ 97.263137][ T7651] [U] [ 97.263877][ T7651] [U] [ 97.264633][ T7651] [U] [ 97.290002][ T7651] [U] [ 97.290777][ T7651] [U] [ 97.291508][ T7651] [U] [ 97.292230][ T7651] [U] [ 97.293790][ T7651] [U] [ 97.294536][ T7651] [U] [ 97.295256][ T7651] [U] [ 97.295995][ T7651] [U] [ 97.298033][ T7651] [U] [ 97.298783][ T7651] [U] [ 97.299526][ T7651] [U] [ 97.300263][ T7651] [U] [ 97.301181][ T7651] [U] [ 97.301893][ T7651] [U] [ 97.302616][ T7651] [U] [ 97.303341][ T7651] [U] [ 97.304133][ T7651] [U] [ 97.304872][ T7651] [U] [ 97.305598][ T7651] [U] [ 97.310818][ T7653] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.357194][ T7653] batadv0: left promiscuous mode [ 97.411623][ T7653] veth0_to_team: left promiscuous mode [ 97.415417][ T7653] veth0_to_team: left allmulticast mode [ 97.426696][ T7653] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 97.437833][ T7653] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 97.534964][ T7653] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.543305][ T7653] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.545828][ T7653] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.549878][ T7656] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 97.550818][ T7653] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.552232][ T7656] overlayfs: missing 'lowerdir' [ 97.600543][ T7655] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.604849][ T7655] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 97.771222][ T7664] netlink: 4 bytes leftover after parsing attributes in process `syz.2.363'. [ 97.803543][ T7666] netlink: 8 bytes leftover after parsing attributes in process `syz.2.364'. [ 97.937390][ T7649] [U] [ 98.023207][ T7678] FAULT_INJECTION: forcing a failure. [ 98.023207][ T7678] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 98.027012][ T7678] CPU: 0 UID: 0 PID: 7678 Comm: syz.3.368 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 98.029734][ T7678] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 98.032489][ T7678] Call Trace: [ 98.033382][ T7678] [ 98.034164][ T7678] dump_stack_lvl+0x16c/0x1f0 [ 98.035397][ T7678] should_fail_ex+0x497/0x5b0 [ 98.036639][ T7678] _copy_from_iter+0x29b/0x1400 [ 98.037917][ T7678] ? irqentry_exit+0x3b/0x90 [ 98.039133][ T7678] ? lockdep_hardirqs_on+0x7c/0x110 [ 98.040477][ T7678] ? __pfx__copy_from_iter+0x10/0x10 [ 98.041868][ T7678] copy_page_from_iter+0xa5/0x120 [ 98.043181][ T7678] skb_copy_datagram_from_iter+0x29b/0x710 [ 98.044671][ T7678] tun_get_user+0x197f/0x3e40 [ 98.045908][ T7678] ? find_held_lock+0x2d/0x110 [ 98.047169][ T7678] ? __pfx_tun_get_user+0x10/0x10 [ 98.048480][ T7678] ? find_held_lock+0x2d/0x110 [ 98.049750][ T7678] ? __pfx_lock_release+0x10/0x10 [ 98.051064][ T7678] tun_chr_write_iter+0xdc/0x210 [ 98.052356][ T7678] vfs_write+0x5ae/0x1150 [ 98.053491][ T7678] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 98.054944][ T7678] ? __pfx_vfs_write+0x10/0x10 [ 98.056190][ T7678] ? __fget_files+0x40/0x3a0 [ 98.057747][ T7678] ksys_write+0x12b/0x250 [ 98.058892][ T7678] ? __pfx_ksys_write+0x10/0x10 [ 98.060177][ T7678] __do_fast_syscall_32+0x73/0x120 [ 98.061535][ T7678] do_fast_syscall_32+0x32/0x80 [ 98.062806][ T7678] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 98.064480][ T7678] RIP: 0023:0xf7fc6579 [ 98.065570][ T7678] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 98.070501][ T7678] RSP: 002b:00000000f5116520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 98.072654][ T7678] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000020000880 [ 98.074701][ T7678] RDX: 000000000000fdef RSI: 00000000f7453ff4 RDI: 0000000000000000 [ 98.076888][ T7678] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 98.078927][ T7678] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 98.080973][ T7678] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 98.083015][ T7678] [ 98.170210][ T7679] hub 2-0:1.0: USB hub found [ 98.172521][ T7679] hub 2-0:1.0: 2 ports detected [ 98.408718][ T7640] vhci_hcd: connection reset by peer [ 98.417631][ T45] vhci_hcd: stop threads [ 98.419670][ T45] vhci_hcd: release socket [ 98.421703][ T45] vhci_hcd: disconnect device [ 98.476480][ T7695] netlink: 12 bytes leftover after parsing attributes in process `syz.3.369'. [ 98.581149][ T7701] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 98.588648][ T7701] CIFS mount error: No usable UNC path provided in device string! [ 98.588648][ T7701] [ 98.591523][ T7701] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 98.595063][ T7703] CIFS mount error: No usable UNC path provided in device string! [ 98.595063][ T7703] [ 98.598558][ T7703] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 99.031893][ T7701] xt_CT: No such helper "snmp_trap" [ 100.442136][ T7758] netlink: 12 bytes leftover after parsing attributes in process `syz.3.381'. [ 101.063570][ T7766] netlink: 4 bytes leftover after parsing attributes in process `syz.5.386'. [ 101.371984][ T7796] netlink: 'syz.2.389': attribute type 4 has an invalid length. [ 101.378315][ T7798] FAULT_INJECTION: forcing a failure. [ 101.378315][ T7798] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 101.387945][ T7796] netlink: 'syz.2.389': attribute type 4 has an invalid length. [ 101.396329][ T7798] CPU: 2 UID: 0 PID: 7798 Comm: syz.3.390 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 101.399286][ T7798] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 101.402648][ T7798] Call Trace: [ 101.403833][ T7798] [ 101.405237][ T7798] dump_stack_lvl+0x16c/0x1f0 [ 101.407131][ T7798] should_fail_ex+0x497/0x5b0 [ 101.408875][ T7798] _copy_from_iter+0x29b/0x1400 [ 101.410669][ T7798] ? _copy_from_iter+0x159/0x1400 [ 101.412484][ T7798] ? __pfx__copy_from_iter+0x10/0x10 [ 101.414434][ T7798] ? __pfx__copy_from_iter+0x10/0x10 [ 101.416166][ T7798] ? __virt_addr_valid+0x1a4/0x590 [ 101.417820][ T7798] copy_page_from_iter+0xa5/0x120 [ 101.419384][ T7798] skb_copy_datagram_from_iter+0x29b/0x710 [ 101.421042][ T7798] tun_get_user+0x197f/0x3e40 [ 101.422372][ T7798] ? find_held_lock+0x2d/0x110 [ 101.423657][ T7798] ? __pfx_tun_get_user+0x10/0x10 [ 101.424979][ T7798] ? find_held_lock+0x2d/0x110 [ 101.426237][ T7798] ? __pfx_lock_release+0x10/0x10 [ 101.427705][ T7798] tun_chr_write_iter+0xdc/0x210 [ 101.429366][ T7798] vfs_write+0x5ae/0x1150 [ 101.430808][ T7798] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 101.432655][ T7798] ? __pfx_vfs_write+0x10/0x10 [ 101.434244][ T7798] ? __fget_files+0x40/0x3a0 [ 101.435814][ T7798] ksys_write+0x12b/0x250 [ 101.437283][ T7798] ? __pfx_ksys_write+0x10/0x10 [ 101.438935][ T7798] __do_fast_syscall_32+0x73/0x120 [ 101.440654][ T7798] do_fast_syscall_32+0x32/0x80 [ 101.442315][ T7798] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 101.444493][ T7798] RIP: 0023:0xf7fc6579 [ 101.445859][ T7798] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 101.452188][ T7798] RSP: 002b:00000000f5116520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 101.454927][ T7798] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000020000880 [ 101.457532][ T7798] RDX: 000000000000fdef RSI: 00000000f7453ff4 RDI: 0000000000000000 [ 101.459887][ T7798] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 101.462180][ T7798] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 101.464410][ T7798] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 101.466489][ T7798] [ 101.557681][ T7812] netlink: 'syz.5.392': attribute type 1 has an invalid length. [ 101.566851][ T7812] 8021q: adding VLAN 0 to HW filter on device bond1 [ 101.588929][ T64] Bluetooth: hci0: unexpected event for opcode 0x1001 [ 101.591589][ T7812] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 101.595583][ T7812] bond1: (slave batadv1): making interface the new active one [ 101.598037][ T7812] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 101.966146][ T9] vhci_hcd: vhci_device speed not set [ 102.494392][ T7836] fuse: Bad value for 'user_id' [ 102.496683][ T7836] fuse: Bad value for 'user_id' [ 102.505052][ T39] kauditd_printk_skb: 65 callbacks suppressed [ 102.505062][ T39] audit: type=1326 audit(1734928403.019:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7835 comm="syz.1.399" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 102.516918][ T39] audit: type=1326 audit(1734928403.029:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7835 comm="syz.1.399" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 102.522452][ T39] audit: type=1326 audit(1734928403.029:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7835 comm="syz.1.399" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 102.536132][ T39] audit: type=1326 audit(1734928403.029:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7835 comm="syz.1.399" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 102.550608][ T39] audit: type=1326 audit(1734928403.029:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7835 comm="syz.1.399" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 102.560929][ T39] audit: type=1326 audit(1734928403.029:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7835 comm="syz.1.399" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 102.567989][ T39] audit: type=1326 audit(1734928403.029:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7835 comm="syz.1.399" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 102.586943][ T39] audit: type=1326 audit(1734928403.029:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7835 comm="syz.1.399" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 102.592867][ T39] audit: type=1326 audit(1734928403.029:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7835 comm="syz.1.399" exe="/syz-executor" sig=0 arch=40000003 syscall=41 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 102.599110][ T39] audit: type=1326 audit(1734928403.029:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7835 comm="syz.1.399" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 102.642256][ T7839] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 102.644628][ T7839] overlayfs: missing 'lowerdir' [ 103.831066][ T7857] netlink: 88 bytes leftover after parsing attributes in process `syz.1.404'. [ 103.833451][ T7857] netlink: 48 bytes leftover after parsing attributes in process `syz.1.404'. [ 104.392383][ T7868] netlink: 1264 bytes leftover after parsing attributes in process `syz.1.408'. [ 104.415715][ T7871] netlink: 8 bytes leftover after parsing attributes in process `syz.2.410'. [ 104.419001][ T7871] netlink: 8 bytes leftover after parsing attributes in process `syz.2.410'. [ 104.456497][ T7871] veth0_macvtap: left promiscuous mode [ 104.576696][ T7876] netlink: 'syz.5.409': attribute type 1 has an invalid length. [ 104.594131][ T7876] 8021q: adding VLAN 0 to HW filter on device bond2 [ 104.630601][ T7876] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 104.633961][ T7876] bond2: (slave batadv2): making interface the new active one [ 104.637676][ T7876] bond2: (slave batadv2): Enslaving as an active interface with an up link [ 105.501690][ T64] Bluetooth: hci0: unexpected event for opcode 0x1408 [ 105.630360][ T7916] netlink: 4 bytes leftover after parsing attributes in process `syz.1.422'. [ 106.039106][ T7923] 9pnet_fd: Insufficient options for proto=fd [ 106.044399][ T7923] 9pnet_fd: Insufficient options for proto=fd [ 106.252064][ T7912] netlink: 12 bytes leftover after parsing attributes in process `syz.2.420'. [ 106.342921][ T7932] No control pipe specified [ 106.414998][ T7933] netlink: 256 bytes leftover after parsing attributes in process `syz.2.427'. [ 107.074024][ T7951] netlink: 'syz.2.430': attribute type 4 has an invalid length. [ 107.114264][ T7935] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 107.116652][ T7935] overlayfs: missing 'lowerdir' [ 107.134583][ T7953] netlink: 'syz.2.430': attribute type 4 has an invalid length. [ 108.812191][ T7990] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 108.814441][ T7990] overlayfs: missing 'lowerdir' [ 108.819751][ T7992] netlink: 72 bytes leftover after parsing attributes in process `syz.1.442'. [ 109.026004][ T7992] netlink: 'syz.1.442': attribute type 1 has an invalid length. [ 109.028893][ T7992] netlink: 'syz.1.442': attribute type 1 has an invalid length. [ 109.963824][ T8012] netlink: 12 bytes leftover after parsing attributes in process `syz.3.446'. [ 111.245846][ T8026] netlink: 12 bytes leftover after parsing attributes in process `syz.3.451'. [ 111.941843][ T8034] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 111.944781][ T8034] overlayfs: missing 'lowerdir' [ 112.911289][ T8068] netlink: 4 bytes leftover after parsing attributes in process `syz.2.460'. [ 113.081083][ T8073] mmap: syz.5.463 (8073) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 113.182598][ T8073] kvm: pic: non byte read [ 113.185132][ T8073] kvm: pic: non byte read [ 113.191614][ T8073] kvm: pic: single mode not supported [ 113.228854][ T8073] kvm: pic: non byte read [ 113.232884][ T8073] kvm: pic: level sensitive irq not supported [ 113.237199][ T8073] kvm: pic: non byte read [ 113.241987][ T8077] netlink: 12 bytes leftover after parsing attributes in process `syz.1.462'. [ 113.257071][ T8073] kvm: pic: single mode not supported [ 113.257088][ T8073] kvm: pic: level sensitive irq not supported [ 113.439727][ T8073] kvm: pic: non byte read [ 113.557900][ T8073] kvm: pic: non byte read [ 113.646930][ T8073] kvm: pic: non byte read [ 113.648767][ T8073] kvm: pic: level sensitive irq not supported [ 113.648963][ T8073] kvm: pic: non byte read [ 113.652547][ T8073] kvm: pic: non byte read [ 113.654558][ T8073] kvm: pic: non byte read [ 113.656595][ T8073] kvm: pic: level sensitive irq not supported [ 113.658713][ T8073] kvm: pic: level sensitive irq not supported [ 113.662743][ T8073] kvm: pic: level sensitive irq not supported [ 113.669658][ T8073] kvm: pic: level sensitive irq not supported [ 113.674789][ T8073] kvm: pic: level sensitive irq not supported [ 113.680219][ T8073] kvm: pic: level sensitive irq not supported [ 113.687847][ T8073] kvm: pic: level sensitive irq not supported [ 113.840954][ T8086] netlink: 'syz.2.465': attribute type 4 has an invalid length. [ 113.868261][ T8086] netlink: 'syz.2.465': attribute type 4 has an invalid length. [ 114.066402][ T8093] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 114.068872][ T8093] overlayfs: missing 'lowerdir' [ 115.259606][ T8122] netlink: 4 bytes leftover after parsing attributes in process `syz.3.476'. [ 115.816481][ T8137] netlink: 8 bytes leftover after parsing attributes in process `syz.3.482'. [ 115.819754][ T8137] macvlan0: entered promiscuous mode [ 115.846249][ T8138] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 115.848605][ T8138] overlayfs: missing 'lowerdir' [ 116.656623][ T8157] input: syz0 as /devices/virtual/input/input5 [ 116.767085][ T8157] netlink: 500 bytes leftover after parsing attributes in process `syz.5.489'. [ 116.772736][ T8157] netlink: 500 bytes leftover after parsing attributes in process `syz.5.489'. [ 117.285622][ T64] Bluetooth: hci1: unexpected event for opcode 0x1408 [ 117.396168][ T30] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 117.548537][ T30] usb 7-1: Using ep0 maxpacket: 16 [ 117.575335][ T30] usb 7-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 117.578427][ T30] usb 7-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 117.593396][ T30] usb 7-1: Product: syz [ 117.594567][ T30] usb 7-1: Manufacturer: syz [ 117.608875][ T30] usb 7-1: SerialNumber: syz [ 117.641588][ T30] usb 7-1: config 0 descriptor?? [ 117.883219][ T64] Bluetooth: hci0: unexpected event for opcode 0x040e [ 117.990938][ T5981] usb 7-1: USB disconnect, device number 2 [ 118.132683][ T8184] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 118.135011][ T8184] overlayfs: missing 'lowerdir' [ 118.434515][ T8199] netlink: 4 bytes leftover after parsing attributes in process `syz.5.501'. [ 118.610813][ T64] Bluetooth: hci1: unexpected event for opcode 0x1408 [ 118.677786][ T8207] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 119.859379][ T8225] netlink: 4 bytes leftover after parsing attributes in process `syz.2.508'. [ 120.301240][ T8233] FAULT_INJECTION: forcing a failure. [ 120.301240][ T8233] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 120.304782][ T8233] CPU: 0 UID: 0 PID: 8233 Comm: syz.5.512 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 120.307558][ T8233] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 120.310333][ T8233] Call Trace: [ 120.311486][ T8233] [ 120.312272][ T8233] dump_stack_lvl+0x16c/0x1f0 [ 120.313523][ T8233] should_fail_ex+0x497/0x5b0 [ 120.314756][ T8233] _copy_from_iter+0x29b/0x1400 [ 120.316040][ T8233] ? _copy_from_iter+0x159/0x1400 [ 120.317384][ T8233] ? __pfx__copy_from_iter+0x10/0x10 [ 120.318775][ T8233] ? __pfx__copy_from_iter+0x10/0x10 [ 120.320153][ T8233] ? __virt_addr_valid+0x1a4/0x590 [ 120.321505][ T8233] copy_page_from_iter+0xa5/0x120 [ 120.322828][ T8233] skb_copy_datagram_from_iter+0x29b/0x710 [ 120.324360][ T8233] tun_get_user+0x197f/0x3e40 [ 120.325601][ T8233] ? find_held_lock+0x2d/0x110 [ 120.326887][ T8233] ? __pfx_tun_get_user+0x10/0x10 [ 120.328198][ T8233] ? find_held_lock+0x2d/0x110 [ 120.329468][ T8233] ? __pfx_lock_release+0x10/0x10 [ 120.330788][ T8233] tun_chr_write_iter+0xdc/0x210 [ 120.332375][ T8233] vfs_write+0x5ae/0x1150 [ 120.333512][ T8233] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 120.334961][ T8233] ? __pfx_vfs_write+0x10/0x10 [ 120.336219][ T8233] ksys_write+0x12b/0x250 [ 120.337394][ T8233] ? __pfx_ksys_write+0x10/0x10 [ 120.338672][ T8233] __do_fast_syscall_32+0x73/0x120 [ 120.340051][ T8233] do_fast_syscall_32+0x32/0x80 [ 120.341336][ T8233] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 120.343004][ T8233] RIP: 0023:0xf7f84579 [ 120.344090][ T8233] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 120.349045][ T8233] RSP: 002b:00000000f50d6520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 120.351242][ T8233] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000020000880 [ 120.353321][ T8233] RDX: 000000000000fdef RSI: 00000000f7413ff4 RDI: 0000000000000000 [ 120.355689][ T8233] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 120.357786][ T8233] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 120.359875][ T8233] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 120.361950][ T8233] [ 120.700479][ T64] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 120.757976][ T8238] netlink: 8 bytes leftover after parsing attributes in process `syz.3.514'. [ 120.933862][ T8244] netlink: 88 bytes leftover after parsing attributes in process `syz.3.517'. [ 120.937452][ T8244] netlink: 48 bytes leftover after parsing attributes in process `syz.3.517'. [ 120.970256][ T8242] syzkaller0: entered promiscuous mode [ 120.998299][ T8242] syzkaller0: entered allmulticast mode [ 121.012713][ T8242] netlink: 'syz.1.516': attribute type 29 has an invalid length. [ 121.014987][ T8242] netlink: 4 bytes leftover after parsing attributes in process `syz.1.516'. [ 122.336533][ T8255] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 122.338906][ T8255] overlayfs: missing 'lowerdir' [ 122.732109][ T8264] netlink: 44 bytes leftover after parsing attributes in process `syz.5.523'. [ 122.783514][ T39] kauditd_printk_skb: 37 callbacks suppressed [ 122.783579][ T39] audit: type=1326 audit(1734928423.299:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8263 comm="syz.5.523" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f84579 code=0x0 [ 122.893715][ T8272] netlink: 76 bytes leftover after parsing attributes in process `syz.5.523'. [ 122.901696][ T8274] netlink: 8 bytes leftover after parsing attributes in process `syz.1.525'. [ 123.290018][ T64] Bluetooth: hci0: unexpected event for opcode 0x1408 [ 123.343630][ T8286] netlink: 8 bytes leftover after parsing attributes in process `syz.3.530'. [ 123.346702][ T8286] macvlan0: left promiscuous mode [ 123.348874][ T8286] macvlan0: entered allmulticast mode [ 123.350376][ T8286] veth1_vlan: entered allmulticast mode [ 123.476254][ T8293] netlink: 28 bytes leftover after parsing attributes in process `syz.3.532'. [ 123.480604][ T8293] netlink: 12 bytes leftover after parsing attributes in process `syz.3.532'. [ 123.487772][ T8293] netlink: 728 bytes leftover after parsing attributes in process `syz.3.532'. [ 123.490143][ T8293] netlink: 16 bytes leftover after parsing attributes in process `syz.3.532'. [ 123.675544][ T8301] netlink: 12 bytes leftover after parsing attributes in process `syz.3.535'. [ 123.981389][ T8306] netlink: 'syz.5.536': attribute type 4 has an invalid length. [ 124.032390][ T8307] netlink: 'syz.5.536': attribute type 4 has an invalid length. [ 124.394834][ T8311] netlink: 12 bytes leftover after parsing attributes in process `syz.1.537'. [ 124.694979][ T8323] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6) [ 124.696901][ T8323] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 124.699751][ T8323] vhci_hcd vhci_hcd.0: Device attached [ 124.886005][ T5998] vhci_hcd: vhci_device speed not set [ 124.948715][ T5998] usb 47-1: new full-speed USB device number 3 using vhci_hcd [ 125.503302][ T8343] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 125.505700][ T8343] overlayfs: missing 'lowerdir' [ 126.000943][ T8327] vhci_hcd: connection reset by peer [ 126.005099][ T45] vhci_hcd: stop threads [ 126.006470][ T45] vhci_hcd: release socket [ 126.007802][ T45] vhci_hcd: disconnect device [ 126.131693][ T8358] netlink: 'syz.1.552': attribute type 1 has an invalid length. [ 126.171527][ T8362] binder: 8361:8362 ioctl 4140 0 returned -22 [ 126.173503][ T8363] binder: 8361:8363 ioctl 4140 0 returned -22 [ 126.246932][ T39] audit: type=1326 audit(1734928426.769:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8367 comm="syz.1.556" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 126.252540][ T39] audit: type=1326 audit(1734928426.769:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8367 comm="syz.1.556" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 126.259440][ T39] audit: type=1326 audit(1734928426.769:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8367 comm="syz.1.556" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 126.266545][ T39] audit: type=1326 audit(1734928426.769:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8367 comm="syz.1.556" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 126.273567][ T39] audit: type=1326 audit(1734928426.769:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8367 comm="syz.1.556" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 126.282615][ T39] audit: type=1326 audit(1734928426.799:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8367 comm="syz.1.556" exe="/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 126.289352][ T39] audit: type=1326 audit(1734928426.799:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8367 comm="syz.1.556" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 126.295860][ T39] audit: type=1326 audit(1734928426.799:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8367 comm="syz.1.556" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 126.303305][ T39] audit: type=1326 audit(1734928426.799:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8367 comm="syz.1.556" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 126.383762][ T8370] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6) [ 126.385518][ T8370] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 126.388891][ T8370] vhci_hcd vhci_hcd.0: Device attached [ 126.456572][ T8379] netlink: 'syz.1.559': attribute type 4 has an invalid length. [ 126.473593][ T8379] netlink: 'syz.1.559': attribute type 4 has an invalid length. [ 126.811898][ T8388] ======================================================= [ 126.811898][ T8388] WARNING: The mand mount option has been deprecated and [ 126.811898][ T8388] and is ignored by this kernel. Remove the mand [ 126.811898][ T8388] option from the mount to silence this warning. [ 126.811898][ T8388] ======================================================= [ 126.886504][ T8391] ieee802154 phy0 wpan0: encryption failed: -90 [ 126.930967][ T64] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 127.008653][ T8399] netlink: 'syz.2.566': attribute type 4 has an invalid length. [ 127.021749][ T8399] netlink: 'syz.2.566': attribute type 4 has an invalid length. [ 127.037287][ T8401] overlayfs: failed to resolve './file1': -2 [ 127.398158][ T8375] vhci_hcd: connection closed [ 127.399207][ T220] vhci_hcd: stop threads [ 127.402814][ T220] vhci_hcd: release socket [ 127.409289][ T220] vhci_hcd: disconnect device [ 127.676267][ T8426] netlink: 'syz.5.574': attribute type 2 has an invalid length. [ 128.238486][ T8453] netlink: 'syz.5.581': attribute type 1 has an invalid length. [ 128.250615][ T8453] 8021q: adding VLAN 0 to HW filter on device bond3 [ 128.257664][ T8453] 8021q: adding VLAN 0 to HW filter on device batadv3 [ 128.261147][ T8453] bond3: (slave batadv3): making interface the new active one [ 128.263416][ T8453] bond3: (slave batadv3): Enslaving as an active interface with an up link [ 128.716097][ T30] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 128.923302][ T30] usb 8-1: config 0 has an invalid interface number: 120 but max is 0 [ 128.925741][ T30] usb 8-1: config 0 has no interface number 0 [ 128.928726][ T30] usb 8-1: config 0 interface 120 altsetting 0 endpoint 0x8A has an invalid bInterval 255, changing to 11 [ 128.932883][ T30] usb 8-1: config 0 interface 120 altsetting 0 endpoint 0x8A has invalid maxpacket 59391, setting to 1024 [ 128.936067][ T30] usb 8-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 128.938683][ T30] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.964394][ T30] usb 8-1: config 0 descriptor?? [ 128.994003][ T8452] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 129.007516][ T30] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.120/input/input6 [ 129.279306][ T8462] FAULT_INJECTION: forcing a failure. [ 129.279306][ T8462] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 129.282709][ T8462] CPU: 3 UID: 0 PID: 8462 Comm: syz.1.585 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 129.285432][ T8462] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 129.288066][ T8462] Call Trace: [ 129.288954][ T8462] [ 129.289876][ T8462] dump_stack_lvl+0x16c/0x1f0 [ 129.291138][ T8462] should_fail_ex+0x497/0x5b0 [ 129.292414][ T8462] _copy_from_iter+0x29b/0x1400 [ 129.293688][ T8462] ? _copy_from_iter+0x159/0x1400 [ 129.295000][ T8462] ? __pfx__copy_from_iter+0x10/0x10 [ 129.296385][ T8462] ? __pfx__copy_from_iter+0x10/0x10 [ 129.297784][ T8462] ? __virt_addr_valid+0x1a4/0x590 [ 129.299140][ T8462] copy_page_from_iter+0xa5/0x120 [ 129.300505][ T8462] skb_copy_datagram_from_iter+0x29b/0x710 [ 129.302008][ T8462] tun_get_user+0x197f/0x3e40 [ 129.303241][ T8462] ? find_held_lock+0x2d/0x110 [ 129.304496][ T8462] ? __pfx_tun_get_user+0x10/0x10 [ 129.305811][ T8462] ? find_held_lock+0x2d/0x110 [ 129.307018][ T8462] ? __pfx_lock_release+0x10/0x10 [ 129.308357][ T8462] tun_chr_write_iter+0xdc/0x210 [ 129.309660][ T8462] vfs_write+0x5ae/0x1150 [ 129.310803][ T8462] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 129.312245][ T8462] ? __pfx_vfs_write+0x10/0x10 [ 129.313495][ T8462] ? __fget_files+0x40/0x3a0 [ 129.314708][ T8462] ksys_write+0x12b/0x250 [ 129.315838][ T8462] ? __pfx_ksys_write+0x10/0x10 [ 129.317121][ T8462] __do_fast_syscall_32+0x73/0x120 [ 129.318486][ T8462] do_fast_syscall_32+0x32/0x80 [ 129.319812][ T8462] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 129.321451][ T8462] RIP: 0023:0xf70ae579 [ 129.322494][ T8462] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 129.327400][ T8462] RSP: 002b:00000000f50a0520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 129.329567][ T8462] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000020000880 [ 129.331604][ T8462] RDX: 000000000000fdef RSI: 00000000f73e3ff4 RDI: 0000000000000000 [ 129.333653][ T8462] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 129.335699][ T8462] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 129.337777][ T8462] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 129.339880][ T8462] [ 129.384485][ T8466] binder: 8465:8466 ioctl c0306201 0 returned -14 [ 130.261848][ T5998] vhci_hcd: vhci_device speed not set [ 130.315830][ T8484] __nla_validate_parse: 9 callbacks suppressed [ 130.315840][ T8484] netlink: 4 bytes leftover after parsing attributes in process `syz.2.591'. [ 130.325489][ T8484] netlink: 4 bytes leftover after parsing attributes in process `syz.2.591'. [ 130.334902][ T8484] netlink: 36 bytes leftover after parsing attributes in process `syz.2.591'. [ 130.341479][ T8484] netlink: 16 bytes leftover after parsing attributes in process `syz.2.591'. [ 130.346129][ T8484] netlink: 36 bytes leftover after parsing attributes in process `syz.2.591'. [ 130.348613][ T8484] netlink: 36 bytes leftover after parsing attributes in process `syz.2.591'. [ 130.568684][ C0] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 130.571925][ C0] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 130.574897][ C0] CPU: 0 UID: 0 PID: 8489 Comm: syz.5.592 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 130.578976][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 130.582827][ C0] RIP: 0010:put_page+0x21/0x280 [ 130.584683][ C0] Code: 90 90 90 90 90 90 90 90 90 41 54 55 53 48 89 fb e8 e4 dd a2 f8 48 8d 7b 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 20 02 00 00 4c 8b 63 08 31 ff 4c 89 e5 83 e5 01 [ 130.591369][ C0] RSP: 0018:ffffc90000007428 EFLAGS: 00010202 [ 130.593583][ C0] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff88f7f918 [ 130.596509][ C0] RDX: 0000000000000001 RSI: ffffffff88f6716c RDI: 0000000000000008 [ 130.599364][ C0] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000 [ 130.602314][ C0] R10: 0000000000000000 R11: 0000000000000004 R12: ffff888025d0d180 [ 130.605145][ C0] R13: ffff88806133f140 R14: ffff88806133f170 R15: 0000000000000007 [ 130.607972][ C0] FS: 0000000000000000(0000) GS:ffff88802b400000(0063) knlGS:00000000f50b5b40 [ 130.611124][ C0] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 130.613324][ C0] CR2: 00000000200012c0 CR3: 0000000052fe4000 CR4: 0000000000352ef0 [ 130.615863][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 130.618280][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 130.620366][ C0] Call Trace: [ 130.621270][ C0] [ 130.622023][ C0] ? die_addr+0x3b/0xa0 [ 130.623143][ C0] ? exc_general_protection+0x155/0x230 [ 130.624598][ C0] ? asm_exc_general_protection+0x26/0x30 [ 130.626069][ C0] ? skb_release_data+0x4b8/0x730 [ 130.627547][ C0] ? put_page+0xc/0x280 [ 130.629068][ C0] ? put_page+0x21/0x280 [ 130.630616][ C0] ? put_page+0xc/0x280 [ 130.632122][ C0] skb_release_data+0x4d7/0x730 [ 130.633441][ C0] __kfree_skb+0x4f/0x70 [ 130.634551][ C0] tcp_ack+0x1eb7/0x5ba0 [ 130.635659][ C0] ? __pfx_tcp_ack+0x10/0x10 [ 130.636866][ C0] ? tcp_validate_incoming+0x662/0x1d00 [ 130.638258][ C0] ? read_tsc+0x9/0x20 [ 130.639344][ C0] tcp_rcv_state_process+0xdd4/0x4c40 [ 130.640739][ C0] ? __pfx_tcp_rcv_state_process+0x10/0x10 [ 130.642244][ C0] ? lock_acquire.part.0+0x155/0x380 [ 130.643609][ C0] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 130.645062][ C0] ? rcu_is_watching+0x12/0xc0 [ 130.646311][ C0] ? do_raw_spin_lock+0x12d/0x2c0 [ 130.647618][ C0] ? tcp_v4_do_rcv+0x1ad/0xa90 [ 130.648873][ C0] tcp_v4_do_rcv+0x1ad/0xa90 [ 130.650081][ C0] tcp_v4_rcv+0x33b4/0x43a0 [ 130.651265][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 130.652533][ C0] ? __pfx_raw_local_deliver+0x10/0x10 [ 130.653945][ C0] ? rcu_is_watching+0x12/0xc0 [ 130.655187][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 130.656471][ C0] ip_protocol_deliver_rcu+0xba/0x4c0 [ 130.657859][ C0] ip_local_deliver_finish+0x316/0x570 [ 130.659232][ C0] ip_local_deliver+0x18e/0x1f0 [ 130.660491][ C0] ? __pfx_ip_local_deliver+0x10/0x10 [ 130.661883][ C0] ip_rcv+0x2c3/0x5d0 [ 130.662920][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 130.664100][ C0] __netif_receive_skb_one_core+0x199/0x1e0 [ 130.665633][ C0] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 130.667286][ C0] ? rcu_is_watching+0x12/0xc0 [ 130.668542][ C0] ? process_backlog+0x3f1/0x15f0 [ 130.669816][ C0] ? process_backlog+0x3f1/0x15f0 [ 130.671088][ C0] __netif_receive_skb+0x1d/0x160 [ 130.672396][ C0] process_backlog+0x443/0x15f0 [ 130.673651][ C0] __napi_poll.constprop.0+0xb7/0x550 [ 130.675047][ C0] net_rx_action+0xa94/0x1010 [ 130.676280][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 130.677641][ C0] ? mark_held_locks+0x9f/0xe0 [ 130.678909][ C0] handle_softirqs+0x213/0x8f0 [ 130.680171][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 130.681549][ C0] __irq_exit_rcu+0x109/0x170 [ 130.682778][ C0] irq_exit_rcu+0x9/0x30 [ 130.683884][ C0] sysvec_call_function_single+0xa4/0xc0 [ 130.685348][ C0] [ 130.686124][ C0] [ 130.686923][ C0] asm_sysvec_call_function_single+0x1a/0x20 [ 130.688487][ C0] RIP: 0010:finish_task_switch.isra.0+0x220/0xcc0 [ 130.690124][ C0] Code: a9 0a 00 00 44 8b 0d 03 b3 b4 0e 45 85 c9 0f 85 c0 01 00 00 48 89 df e8 ae f8 ff ff e8 09 89 38 00 fb 65 48 8b 1d 50 75 9b 7e <48> 8d bb f8 15 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 [ 130.695073][ C0] RSP: 0018:ffffc900279af5a8 EFLAGS: 00000202 [ 130.696673][ C0] RAX: 00000000000052fd RBX: ffff8880254a4880 RCX: 1ffffffff2d37e77 [ 130.698720][ C0] RDX: 0000000000000000 RSI: ffffffff8b4cd180 RDI: ffffffff8bb16fc0 [ 130.700773][ C0] RBP: ffffc900279af5f0 R08: 0000000000000001 R09: fffffbfff2d36d9a [ 130.702771][ C0] R10: ffffffff969b6cd7 R11: 0000000000000001 R12: ffff88802b43fb20 [ 130.704844][ C0] R13: ffff8880224ac880 R14: 0000000000000000 R15: ffff88802b43ed00 [ 130.706893][ C0] ? finish_task_switch.isra.0+0x217/0xcc0 [ 130.708417][ C0] ? __switch_to+0x749/0x1190 [ 130.709649][ C0] __schedule+0xe60/0x5ad0 [ 130.710815][ C0] ? find_held_lock+0x2d/0x110 [ 130.712067][ C0] ? __pfx_mark_lock+0x10/0x10 [ 130.713348][ C0] ? __pfx___schedule+0x10/0x10 [ 130.714601][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 130.715915][ C0] preempt_schedule_irq+0x51/0x90 [ 130.717209][ C0] irqentry_exit+0x36/0x90 [ 130.718344][ C0] asm_sysvec_call_function_single+0x1a/0x20 [ 130.719888][ C0] RIP: 0010:lock_release+0x4dd/0x6f0 [ 130.721267][ C0] Code: 00 00 49 8b 7e 08 4c 89 e6 48 8b 54 24 08 e8 4a 5a fe ff 65 ff 0d 2b 8e 8d 7e 0f 85 a7 fb ff ff e8 48 95 95 ff e9 a4 fb ff ff fe ce 08 00 84 c0 0f 85 cd fb ff ff 80 3d 18 3b 8f 0e 00 0f 85 [ 130.726247][ C0] RSP: 0018:ffffc900279af878 EFLAGS: 00000247 [ 130.727849][ C0] RAX: 0000000000000001 RBX: 1ffff92004f35f11 RCX: ffffffff817647f9 [ 130.729922][ C0] RDX: fffffbfff2039c9b RSI: 0000000000000008 RDI: ffffffff901ce4d0 [ 130.731991][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff2039c9a [ 130.734067][ C0] R10: ffffffff901ce4d7 R11: 0000000000000001 R12: ffffffff8df4ef60 [ 130.736129][ C0] R13: ffffc900279afac4 R14: ffffc900279afab0 R15: 0000000000000000 [ 130.738202][ C0] ? lock_release+0xa9/0x6f0 [ 130.739426][ C0] ? lock_release+0xa9/0x6f0 [ 130.740648][ C0] ? prepare_alloc_pages.constprop.0+0x15c/0x560 [ 130.742272][ C0] ? __pfx_lock_release+0x10/0x10 [ 130.743573][ C0] ? fs_reclaim_acquire+0xae/0x150 [ 130.744912][ C0] ? lock_acquire+0x2f/0xb0 [ 130.746103][ C0] ? fs_reclaim_acquire+0xae/0x150 [ 130.747460][ C0] ? fs_reclaim_acquire+0xae/0x150 [ 130.748808][ C0] prepare_alloc_pages.constprop.0+0x15c/0x560 [ 130.750416][ C0] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 130.752137][ C0] __alloc_pages_noprof+0x190/0x25b0 [ 130.753532][ C0] ? sched_clock+0x38/0x60 [ 130.754702][ C0] ? __schedule+0x3d67/0x5ad0 [ 130.755929][ C0] ? __pfx_lock_release+0x10/0x10 [ 130.757263][ C0] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 130.758793][ C0] ? irqentry_exit+0x3b/0x90 [ 130.760003][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 130.761366][ C0] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 130.762835][ C0] ? policy_nodemask+0xea/0x4e0 [ 130.764047][ C0] alloc_pages_mpol_noprof+0x2c9/0x610 [ 130.765442][ C0] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 130.767006][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 130.768342][ C0] kimage_alloc_pages+0x75/0x300 [ 130.769606][ C0] kimage_alloc_page+0x132/0x890 [ 130.770865][ C0] kimage_load_segment+0x1fc/0x770 [ 130.772165][ C0] do_kexec_load+0x506/0x8c0 [ 130.773378][ C0] ? __might_fault+0xe3/0x190 [ 130.774572][ C0] ? __pfx_do_kexec_load+0x10/0x10 [ 130.775882][ C0] ? __might_fault+0xe3/0x190 [ 130.777090][ C0] __do_compat_sys_kexec_load+0x2cf/0x330 [ 130.778492][ C0] ? __pfx___do_compat_sys_kexec_load+0x10/0x10 [ 130.780082][ C0] __do_fast_syscall_32+0x73/0x120 [ 130.781423][ C0] do_fast_syscall_32+0x32/0x80 [ 130.782696][ C0] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 130.784345][ C0] RIP: 0023:0xf7f84579 [ 130.785407][ C0] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 130.790365][ C0] RSP: 002b:00000000f50b555c EFLAGS: 00000296 ORIG_RAX: 000000000000011b [ 130.792525][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000001 [ 130.794574][ C0] RDX: 00000000200012c0 RSI: 0000000000160000 RDI: 0000000000000000 [ 130.796635][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 130.798678][ C0] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 130.800727][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 130.802771][ C0] [ 130.803582][ C0] Modules linked in: [ 130.804840][ C0] ---[ end trace 0000000000000000 ]--- [ 130.823178][ C0] RIP: 0010:put_page+0x21/0x280 [ 130.855126][ C0] Code: 90 90 90 90 90 90 90 90 90 41 54 55 53 48 89 fb e8 e4 dd a2 f8 48 8d 7b 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 20 02 00 00 4c 8b 63 08 31 ff 4c 89 e5 83 e5 01 [ 130.886625][ C0] RSP: 0018:ffffc90000007428 EFLAGS: 00010202 [ 130.927650][ C0] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff88f7f918 [ 130.929735][ C0] RDX: 0000000000000001 RSI: ffffffff88f6716c RDI: 0000000000000008 [ 130.931794][ C0] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000 [ 130.933848][ C0] R10: 0000000000000000 R11: 0000000000000004 R12: ffff888025d0d180 [ 130.935879][ C0] R13: ffff88806133f140 R14: ffff88806133f170 R15: 0000000000000007 [ 130.937967][ C0] FS: 0000000000000000(0000) GS:ffff88802b400000(0063) knlGS:00000000f50b5b40 [ 130.940259][ C0] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 130.941972][ C0] CR2: 00000000200012c0 CR3: 0000000052fe4000 CR4: 0000000000352ef0 [ 130.944031][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 130.946133][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 130.948222][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 130.950660][ C0] Kernel Offset: disabled [ 130.951807][ C0] Rebooting in 86400 seconds.. VM DIAGNOSIS: 04:33:51 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85142e65 RDI=ffffffff9a6672c0 RBP=ffffffff9a667280 RSP=ffffc90000006e00 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=000000004153414b R12=0000000000000000 R13=0000000000000030 R14=ffffffff85142e00 R15=0000000000000000 RIP=ffffffff85142e8f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b400000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000200012c0 CR3=0000000052fe4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=00000000003ad36c RBX=0000000000000001 RCX=ffffffff8b1a3819 RDX=ffffed10056a6fee RSI=ffffffff8bb16f40 RDI=ffffffff81702e79 RBP=ffffed10039dc910 RSP=ffffc9000047fe08 R8 =0000000000000000 R9 =ffffed10056a6fed R10=ffff88802b537f6b R11=0000000000000001 R12=0000000000000001 R13=ffff88801cee4880 R14=ffffffff901ce4d0 R15=0000000000000000 RIP=ffffffff8b1a4bff RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b500000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020020000 CR3=000000007406c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000009800000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=ffffc90006f60000 RBX=ffff8880220e0000 RCX=ffffffff86563652 RDX=00000000ffffffff RSI=ffffffff8656365f RDI=0000000000000005 RBP=0000000000000000 RSP=ffffc90000548eb8 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=ffffc90000548ff8 R12=0000000000000000 R13=ffff8880220e1650 R14=ffff8880220e1268 R15=0000000000000000 RIP=ffffffff8656368c RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f180c348d00 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fffdc3d6f9c CR3=000000004d5dc000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=b0187687b0187687 b0187687b0187687 b0187687b0187687 b0187687b0187687 b0187687b0187687 b0187687b0187687 b0187687b0187687 b0187687b0187687 ZMM22=a6835bb5a6835bb5 a6835bb5a6835bb5 a6835bb5a6835bb5 a6835bb5a6835bb5 a6835bb5a6835bb5 a6835bb5a6835bb5 a6835bb5a6835bb5 a6835bb5a6835bb5 ZMM23=abd7f584abd7f584 abd7f584abd7f584 abd7f584abd7f584 abd7f584abd7f584 abd7f584abd7f584 abd7f584abd7f584 abd7f584abd7f584 abd7f584abd7f584 ZMM24=ff9b9cf0ff9b9cf0 ff9b9cf0ff9b9cf0 ff9b9cf0ff9b9cf0 ff9b9cf0ff9b9cf0 ff9b9cf0ff9b9cf0 ff9b9cf0ff9b9cf0 ff9b9cf0ff9b9cf0 ff9b9cf0ff9b9cf0 ZMM25=12b9a1f512b9a1f5 12b9a1f512b9a1f5 12b9a1f512b9a1f5 12b9a1f512b9a1f5 12b9a1f512b9a1f5 12b9a1f512b9a1f5 12b9a1f512b9a1f5 12b9a1f512b9a1f5 ZMM26=e06ef122e06ef122 e06ef122e06ef122 e06ef122e06ef122 e06ef122e06ef122 e06ef122e06ef122 e06ef122e06ef122 e06ef122e06ef122 e06ef122e06ef122 ZMM27=6fe350296fe35029 6fe350296fe35029 6fe350296fe35029 6fe350296fe35029 6fe350296fe35029 6fe350296fe35029 6fe350296fe35029 6fe350296fe35029 ZMM28=000000400000003f 0000003e0000003d 0000003c0000003b 0000003a00000039 0000003800000037 0000003600000035 0000003400000033 0000003200000031 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=c0050000c0050000 c0050000c0050000 c0050000c0050000 c0050000c0050000 c0050000c0050000 c0050000c0050000 c0050000c0050000 c0050000c0050000 info registers vcpu 3 CPU#3 RAX=0000000080010001 RBX=0000000000000001 RCX=ffffffff8145c22f RDX=ffff88801b76a440 RSI=ffffffff818d4328 RDI=0000000000000001 RBP=0000000000000001 RSP=ffffc900005f8f88 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=ffffc900005f8ff8 R12=0000000000000001 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81994f6e RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=0000000052fe4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000