last executing test programs: 5.759995879s ago: executing program 0 (id=526): syz_emit_ethernet(0x4c, &(0x7f0000000140)={@link_local, @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0x0, @remote, @local, {[], {0x3, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "ffb00afe4e70"}}}}}}}, 0x0) 5.70041349s ago: executing program 0 (id=529): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000740)=@bpf_ext={0x1c, 0x5, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2800000, 0x0, 0x0, 0x0, 0x1}, [@map_idx={0x18, 0x0, 0x5, 0x0, 0x8}]}, 0x0, 0x2, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x7606, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000040)=0x8, 0x4) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 4.840569882s ago: executing program 0 (id=539): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r0) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01400000000000000000067400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a733000080002000000e6ff05000700263a3a0914000600626f6e64300000400000000000000000080003"], 0x78}, 0x1, 0xffffffff00000003}, 0x0) 4.839724744s ago: executing program 0 (id=540): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xb4, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@empty, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0xfffffffffffffffc}, {0x0, 0xacb0, 0x400000000}, 0x400}}, 0xb4}}, 0x4c050) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)=ANY=[@ANYBLOB="fc00000019000100000000000000000020010000000000000000000000000000fc02000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000001"], 0xfc}}, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd010000000000140000006000000003082f00fe88a43de1a400000000000000007d01ff020000000000000000000000000001"], 0xfdef) 4.680610214s ago: executing program 0 (id=546): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41"], 0x270}, 0x1, 0x0, 0x0, 0x8015}, 0x4) sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, 0x0, 0x20000080) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180)) 3.80917779s ago: executing program 0 (id=552): ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000100)={'syztnl2\x00', &(0x7f0000000300)={'ip6tnl0\x00', 0x0, 0x29, 0x6, 0x7, 0x3, 0x2, @dev={0xfe, 0x80, '\x00', 0x44}, @mcast2, 0x80, 0x7, 0x7, 0x3}}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000280)=ANY=[@ANYRES64=r0, @ANYRESDEC=r0], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x23, '\x00', r0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x13, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0xc}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0xf}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = openat$fb1(0xffffff9c, &(0x7f0000000280), 0x88200, 0x0) ioctl$FBIOGETCMAP(r1, 0x4604, &(0x7f0000000580)={0x0, 0x1, &(0x7f00000002c0)=[0x0], &(0x7f00000004c0), &(0x7f0000000500), 0x0}) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000080)={'veth1_to_bond\x00', &(0x7f0000000040)=@ethtool_cmd={0x24, 0x5, 0x200, 0x5, 0x7f, 0x1, 0xa, 0x1, 0x7f, 0x8, 0x9, 0x6, 0x4, 0x5, 0x2, 0x8000, [0x100000]}}) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) io_uring_setup(0x3eb1, &(0x7f0000000080)={0x0, 0x3fde, 0xc00, 0x10, 0x147}) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8b05, &(0x7f0000000040)={'wlan0\x00'}) r7 = socket$alg(0x26, 0x5, 0x0) r8 = syz_open_dev$video(&(0x7f0000000040), 0x8, 0x0) ioctl$VIDIOC_S_SELECTION(r8, 0xc040565f, &(0x7f0000000940)={0xa, 0x100, 0x1, {0x3, 0xffffffff, 0x403}}) bind$alg(r7, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000040)="0000006aac", 0x5) r9 = accept4(r7, 0x0, 0x0, 0x0) sendmmsg$alg(r9, &(0x7f0000002f40)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000001b00)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x2400c044}], 0x1, 0x8800) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r9) sendmsg$nl_route_sched_retired(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002f80)=@delchain={0xc58, 0x65, 0x200, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x4, 0xfff2}, {0x5, 0xa}, {0x4, 0xf}}, [@f_tcindex={{0xc}, {0x810, 0x2, [@TCA_TCINDEX_POLICE={0x80c, 0x6, [@TCA_POLICE_RATE={0x404, 0x2, [0x4, 0x5f, 0x7, 0x1ff, 0xa, 0x493f, 0x6, 0xd, 0x8, 0x5, 0x2, 0x6, 0x4d, 0x5, 0x2, 0x0, 0x1, 0x5, 0x8, 0x40, 0x3, 0xfffffffb, 0xb750, 0x9, 0x7, 0x4, 0x217, 0x5, 0x6, 0x1000004, 0x9, 0x4, 0x10000, 0x3ff, 0x0, 0x9, 0x7fffffff, 0x4, 0x6, 0x6, 0x1000, 0xffffffff, 0x9, 0xc5f, 0x80, 0xb, 0x5, 0x2, 0x2, 0x5, 0x1, 0x7fffffff, 0xf5, 0x7, 0x6, 0x10000, 0x401, 0x9, 0x73, 0x80000001, 0x8, 0x9, 0x7, 0x200, 0x6, 0x3, 0x6, 0x9d, 0xc, 0x1, 0x1, 0x5, 0x2, 0x1, 0x3, 0x4, 0x10001, 0x0, 0x5369483b, 0x0, 0xe, 0x0, 0x0, 0x2, 0x0, 0x2599, 0x7, 0x0, 0xd, 0x10000, 0xc, 0x6c8, 0x6, 0x8001, 0x1ff, 0x1, 0x5, 0x4, 0xd, 0x40, 0x9, 0x8, 0x1, 0x6, 0x91, 0x2, 0x3, 0x80000001, 0x8f, 0x817, 0x10001, 0x3, 0x2, 0x80, 0x8, 0x5, 0x9262, 0x3, 0x7, 0xabc, 0x7fff, 0x10001, 0xfffffffe, 0x5, 0x4, 0xf, 0xfff, 0x3, 0x8, 0x1, 0x0, 0x9, 0x2, 0x9, 0x7, 0xe, 0xb50, 0x6, 0xeeed, 0x7, 0x4, 0xfffffff7, 0xc, 0x5, 0x19f, 0x7, 0x7f, 0x3, 0x647, 0xff, 0x8, 0x3, 0x5, 0x5, 0x2a9, 0xd, 0x8, 0x80000000, 0x8, 0x0, 0x1, 0x7fff, 0x2, 0x8, 0x3, 0x6, 0x4, 0x2800, 0x0, 0x55e, 0xf, 0x7, 0x100, 0x4, 0x8, 0x200, 0x8da, 0x2, 0x7, 0x1, 0x5, 0x8, 0x1, 0xaeca, 0x1, 0x4, 0x7, 0x8, 0x0, 0x9, 0x1, 0x3, 0x9, 0x30000000, 0x0, 0x5, 0x6, 0x81, 0x1, 0x9, 0x8, 0x7, 0xed9, 0x8001, 0x30d, 0x10000, 0x41, 0x5, 0x2, 0xe886, 0x0, 0x1, 0x937, 0x9, 0x81, 0x4, 0x1, 0x3, 0x2, 0x8, 0x0, 0x9, 0x6f73, 0x2, 0x4, 0x0, 0x5ae, 0x9, 0x8, 0x623, 0x0, 0xffff, 0x2, 0x931, 0x1, 0xb, 0x1, 0xf572, 0x80, 0x0, 0x6, 0x4, 0x40, 0x6, 0x6, 0x1, 0x200, 0x6, 0x9, 0x2, 0x6, 0x7, 0x5, 0xf15, 0xee1, 0x5]}, @TCA_POLICE_RATE={0x404, 0x2, [0x101, 0x3, 0x5, 0x9, 0xfff, 0x7f, 0x400, 0x6, 0x40, 0xfffffff9, 0xf, 0x4, 0x7, 0xa706, 0x5, 0x800, 0xaf89, 0x400100, 0x200, 0x2, 0x81, 0x100, 0x1, 0x716, 0x7fff, 0x9, 0x0, 0x6, 0x6, 0x5, 0x3, 0x4, 0x4, 0xc, 0x0, 0x7, 0x7f, 0xffffffff, 0x0, 0x9, 0x7, 0xdf4a, 0x2, 0x4, 0x7, 0x4, 0x6939, 0x5, 0x0, 0x9, 0x10, 0x0, 0x9, 0x8, 0xffffffff, 0x6, 0x4, 0x4, 0x500, 0x7, 0x5, 0xff, 0x9, 0x81, 0x2, 0x3ff, 0x6, 0x3ff, 0x9, 0x7fff, 0x400, 0xfffffffa, 0x6, 0x9, 0x7, 0x10000, 0x6, 0x7, 0x81, 0x7ff, 0x2, 0x7, 0xf9d, 0x0, 0x0, 0x7ff, 0x8001, 0x3, 0xff, 0x2, 0xfff7fffc, 0xfffffffb, 0x0, 0x704, 0x9, 0x81, 0xe, 0xe, 0x7, 0x3, 0x1ff, 0x4, 0x8, 0x4, 0xd325, 0x7, 0x784, 0x6, 0x740, 0x6, 0xfffffff9, 0x2, 0x3ff, 0xf, 0x0, 0x7, 0xf4, 0x3, 0x6, 0x5, 0x835, 0x5, 0x5, 0x6, 0xc, 0x3, 0x83, 0x4, 0x40, 0x40, 0x2, 0xb, 0x38, 0x8001, 0x6, 0x6, 0xff, 0x38, 0x9, 0x6, 0x9fc, 0x40, 0xffff0001, 0x7ff, 0x7, 0x7, 0x1800, 0xfff, 0x71ca, 0xfffffff7, 0xf, 0xc690, 0x6, 0x9, 0x3892, 0x0, 0x0, 0x6, 0x4, 0x5, 0x5, 0x7, 0x77, 0x7, 0x800, 0x0, 0x101, 0x0, 0xc646, 0x200, 0x4, 0x4, 0x7fffffff, 0x3, 0xfffffffd, 0x17f6, 0x4, 0x6, 0x8, 0x6, 0x85c2, 0x8, 0x5, 0x9, 0xfffffffb, 0x4, 0x127, 0x16db, 0x8, 0x0, 0xfffffff9, 0x5, 0x6, 0x4, 0x9, 0x0, 0x4, 0x6, 0x5e79, 0xb0c9, 0xff, 0x6, 0x4c8, 0x6, 0x269c, 0x2c8, 0x1, 0xc, 0x6, 0x9, 0x1ff, 0x4, 0x5848, 0x3, 0xce, 0x4, 0x1, 0x9, 0x1, 0x358a, 0x0, 0x7fffffff, 0x7, 0x1, 0x9, 0xfff, 0x4, 0x0, 0x6, 0xfffffffd, 0x3, 0xfffffff7, 0x7, 0x7, 0xfffffff7, 0x8, 0x40, 0x8000, 0x3, 0x9, 0x4, 0x101, 0xc, 0x3, 0x5, 0x4, 0xb6, 0x2, 0x401, 0x8, 0x8, 0xffffff44, 0x2743, 0x6b8cc28e, 0x5, 0x8e0]}]}]}}, @f_tcindex={{0xc}, {0x40c, 0x2, [@TCA_TCINDEX_POLICE={0x408, 0x6, [@TCA_POLICE_RATE={0x404, 0x2, [0x6, 0x8, 0x4d8, 0xffffffff, 0x8d1, 0x8, 0x9, 0x9, 0x0, 0xfffffff7, 0x4, 0x3, 0x81, 0x8, 0x6, 0x6, 0xd62, 0x6, 0x7, 0x29, 0x5, 0x5, 0x9, 0x2, 0x1000, 0x2, 0x793, 0x4, 0x101, 0xffffdc7a, 0x5, 0x7fff, 0x1, 0x5, 0x4b37, 0x2, 0x4, 0xd9a, 0x1, 0x4e, 0x3, 0x800, 0x9, 0x1, 0x9, 0x1, 0x0, 0x9, 0x8, 0x4e, 0x0, 0x80, 0x10000, 0x80, 0x10000, 0x8, 0x4, 0x1, 0x7, 0x9, 0x2, 0x7fffffff, 0xfcf, 0x7, 0x2, 0x2, 0x4, 0x1000, 0xea, 0x1, 0x9, 0x5, 0x200, 0xfec0, 0xffffe49a, 0x2, 0x4, 0x58e, 0xffffffff, 0x5, 0x6, 0x7f, 0x400, 0x8, 0x80, 0x7, 0x3, 0x6, 0xd, 0x3, 0xce, 0xd, 0x7fffffff, 0x1, 0x6, 0x4, 0x6, 0x3, 0x7f, 0x8001, 0xed4b, 0x68, 0x9, 0xc, 0xffff, 0x9, 0x7, 0x4, 0xf97, 0x5, 0x4, 0x80000001, 0x6, 0x7, 0x6, 0x5, 0xfff, 0x3, 0x46, 0x3ff, 0x7e4d, 0x5, 0x0, 0x6, 0x9, 0xf1, 0x4, 0x3, 0x3, 0xb, 0x8, 0x7, 0xa, 0x6, 0x9, 0x2, 0x0, 0x4, 0x5d6e5b73, 0x8, 0x3, 0x1, 0x4a0b, 0x9a0, 0x400, 0x3, 0x0, 0x3, 0x9, 0x401, 0x9e, 0x8000, 0xf8, 0x5, 0x2, 0xffffffff, 0x3, 0x7fffffff, 0x0, 0x2, 0x6, 0x8, 0x7, 0x80000000, 0x74, 0x1, 0x7, 0xa94, 0x3, 0x4, 0x44, 0x0, 0x1, 0x13, 0x5, 0x0, 0x7f, 0x4, 0x818, 0x1, 0x560, 0x6, 0x9, 0x3, 0x4, 0x1ff, 0x4, 0x8001, 0x44, 0x2, 0x9, 0x8, 0x3, 0x8000, 0x100, 0x1, 0x1b35709e, 0x9629, 0x1, 0x5, 0x400, 0x0, 0x0, 0xba9, 0x2, 0x7, 0xe1, 0x4, 0x7, 0x5, 0x2, 0x21, 0xfffffeff, 0x0, 0x2d5b, 0xd, 0x1, 0x1000, 0x9, 0x2a, 0x8, 0x4, 0x9, 0x7, 0x8, 0x5, 0x1, 0x6, 0x6, 0x1, 0x1, 0x80, 0x1, 0x5, 0x0, 0x7fffffff, 0x3ff, 0x2, 0x5, 0x9, 0x8001, 0x8ee, 0x8, 0x4, 0x2, 0x9, 0x8, 0xd, 0x8, 0x7, 0x1, 0x440, 0x1, 0xaa20, 0x5, 0x4]}]}]}}]}, 0xc58}}, 0x4080000) 1.090677804s ago: executing program 1 (id=585): bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000023"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r0}, 0x10) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x1d, &(0x7f00000001c0), 0x4) 1.090448264s ago: executing program 1 (id=586): syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bind$rds(0xffffffffffffffff, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$rds(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x2, 0x922000000001, 0x106) socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d083911000000000000a1180015000600142603600e120900210000000401a80016000400144006000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@getchain={0x24, 0x11, 0x1, 0x70bd27, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xa}, {0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0xc000) 1.090027648s ago: executing program 1 (id=587): ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000100)={'syztnl2\x00', &(0x7f0000000300)={'ip6tnl0\x00', 0x0, 0x29, 0x6, 0x7, 0x3, 0x2, @dev={0xfe, 0x80, '\x00', 0x44}, @mcast2, 0x80, 0x7, 0x7, 0x3}}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000280)=ANY=[@ANYRESOCT=r0, @ANYRES64=r0, @ANYRESDEC=r0], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x23, '\x00', r0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x13, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0xc}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0xf}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = openat$fb1(0xffffff9c, &(0x7f0000000280), 0x88200, 0x0) ioctl$FBIOGETCMAP(r1, 0x4604, &(0x7f0000000580)={0x0, 0x1, &(0x7f00000002c0)=[0x0], &(0x7f00000004c0), &(0x7f0000000500), 0x0}) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000080)={'veth1_to_bond\x00', &(0x7f0000000040)=@ethtool_cmd={0x24, 0x5, 0x200, 0x5, 0x7f, 0x1, 0xa, 0x1, 0x7f, 0x8, 0x9, 0x6, 0x4, 0x5, 0x2, 0x8000, [0x100000]}}) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) io_uring_setup(0x3eb1, &(0x7f0000000080)={0x0, 0x3fde, 0xc00, 0x10, 0x147}) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8b05, &(0x7f0000000040)={'wlan0\x00'}) r7 = socket$alg(0x26, 0x5, 0x0) r8 = syz_open_dev$video(&(0x7f0000000040), 0x8, 0x0) ioctl$VIDIOC_S_SELECTION(r8, 0xc040565f, &(0x7f0000000940)={0xa, 0x100, 0x1, {0x3, 0xffffffff, 0x403}}) bind$alg(r7, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000040)="0000006aac", 0x5) r9 = accept4(r7, 0x0, 0x0, 0x0) sendmmsg$alg(r9, &(0x7f0000002f40)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000001b00)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x2400c044}], 0x1, 0x8800) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r9) sendmsg$nl_route_sched_retired(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002f80)=@delchain={0xc58, 0x65, 0x200, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x4, 0xfff2}, {0x5, 0xa}, {0x4, 0xf}}, [@f_tcindex={{0xc}, {0x810, 0x2, [@TCA_TCINDEX_POLICE={0x80c, 0x6, [@TCA_POLICE_RATE={0x404, 0x2, [0x4, 0x5f, 0x7, 0x1ff, 0xa, 0x493f, 0x6, 0xd, 0x8, 0x5, 0x2, 0x6, 0x4d, 0x5, 0x2, 0x0, 0x1, 0x5, 0x8, 0x40, 0x3, 0xfffffffb, 0xb750, 0x9, 0x7, 0x4, 0x217, 0x5, 0x6, 0x1000004, 0x9, 0x4, 0x10000, 0x3ff, 0x0, 0x9, 0x7fffffff, 0x4, 0x6, 0x6, 0x1000, 0xffffffff, 0x9, 0xc5f, 0x80, 0xb, 0x5, 0x2, 0x2, 0x5, 0x1, 0x7fffffff, 0xf5, 0x7, 0x6, 0x10000, 0x401, 0x9, 0x73, 0x80000001, 0x8, 0x9, 0x7, 0x200, 0x6, 0x3, 0x6, 0x9d, 0xc, 0x1, 0x1, 0x5, 0x2, 0x1, 0x3, 0x4, 0x10001, 0x0, 0x5369483b, 0x0, 0xe, 0x0, 0x0, 0x2, 0x0, 0x2599, 0x7, 0x0, 0xd, 0x10000, 0xc, 0x6c8, 0x6, 0x8001, 0x1ff, 0x1, 0x5, 0x4, 0xd, 0x40, 0x9, 0x8, 0x1, 0x6, 0x91, 0x2, 0x3, 0x80000001, 0x8f, 0x817, 0x10001, 0x3, 0x2, 0x80, 0x8, 0x5, 0x9262, 0x3, 0x7, 0xabc, 0x7fff, 0x10001, 0xfffffffe, 0x5, 0x4, 0xf, 0xfff, 0x3, 0x8, 0x1, 0x0, 0x9, 0x2, 0x9, 0x7, 0xe, 0xb50, 0x6, 0xeeed, 0x7, 0x4, 0xfffffff7, 0xc, 0x5, 0x19f, 0x7, 0x7f, 0x3, 0x647, 0xff, 0x8, 0x3, 0x5, 0x5, 0x2a9, 0xd, 0x8, 0x80000000, 0x8, 0x0, 0x1, 0x7fff, 0x2, 0x8, 0x3, 0x6, 0x4, 0x2800, 0x0, 0x55e, 0xf, 0x7, 0x100, 0x4, 0x8, 0x200, 0x8da, 0x2, 0x7, 0x1, 0x5, 0x8, 0x1, 0xaeca, 0x1, 0x4, 0x7, 0x8, 0x0, 0x9, 0x1, 0x3, 0x9, 0x30000000, 0x0, 0x5, 0x6, 0x81, 0x1, 0x9, 0x8, 0x7, 0xed9, 0x8001, 0x30d, 0x10000, 0x41, 0x5, 0x2, 0xe886, 0x0, 0x1, 0x937, 0x9, 0x81, 0x4, 0x1, 0x3, 0x2, 0x8, 0x0, 0x9, 0x6f73, 0x2, 0x4, 0x0, 0x5ae, 0x9, 0x8, 0x623, 0x0, 0xffff, 0x2, 0x931, 0x1, 0xb, 0x1, 0xf572, 0x80, 0x0, 0x6, 0x4, 0x40, 0x6, 0x6, 0x1, 0x200, 0x6, 0x9, 0x2, 0x6, 0x7, 0x5, 0xf15, 0xee1, 0x5]}, @TCA_POLICE_RATE={0x404, 0x2, [0x101, 0x3, 0x5, 0x9, 0xfff, 0x7f, 0x400, 0x6, 0x40, 0xfffffff9, 0xf, 0x4, 0x7, 0xa706, 0x5, 0x800, 0xaf89, 0x400100, 0x200, 0x2, 0x81, 0x100, 0x1, 0x716, 0x7fff, 0x9, 0x0, 0x6, 0x6, 0x5, 0x3, 0x4, 0x4, 0xc, 0x0, 0x7, 0x7f, 0xffffffff, 0x0, 0x9, 0x7, 0xdf4a, 0x2, 0x4, 0x7, 0x4, 0x6939, 0x5, 0x0, 0x9, 0x10, 0x0, 0x9, 0x8, 0xffffffff, 0x6, 0x4, 0x4, 0x500, 0x7, 0x5, 0xff, 0x9, 0x81, 0x2, 0x3ff, 0x6, 0x3ff, 0x9, 0x7fff, 0x400, 0xfffffffa, 0x6, 0x9, 0x7, 0x10000, 0x6, 0x7, 0x81, 0x7ff, 0x2, 0x7, 0xf9d, 0x0, 0x0, 0x7ff, 0x8001, 0x3, 0xff, 0x2, 0xfff7fffc, 0xfffffffb, 0x0, 0x704, 0x9, 0x81, 0xe, 0xe, 0x7, 0x3, 0x1ff, 0x4, 0x8, 0x4, 0xd325, 0x7, 0x784, 0x6, 0x740, 0x6, 0xfffffff9, 0x2, 0x3ff, 0xf, 0x0, 0x7, 0xf4, 0x3, 0x6, 0x5, 0x835, 0x5, 0x5, 0x6, 0xc, 0x3, 0x83, 0x4, 0x40, 0x40, 0x2, 0xb, 0x38, 0x8001, 0x6, 0x6, 0xff, 0x38, 0x9, 0x6, 0x9fc, 0x40, 0xffff0001, 0x7ff, 0x7, 0x7, 0x1800, 0xfff, 0x71ca, 0xfffffff7, 0xf, 0xc690, 0x6, 0x9, 0x3892, 0x0, 0x0, 0x6, 0x4, 0x5, 0x5, 0x7, 0x77, 0x7, 0x800, 0x0, 0x101, 0x0, 0xc646, 0x200, 0x4, 0x4, 0x7fffffff, 0x3, 0xfffffffd, 0x17f6, 0x4, 0x6, 0x8, 0x6, 0x85c2, 0x8, 0x5, 0x9, 0xfffffffb, 0x4, 0x127, 0x16db, 0x8, 0x0, 0xfffffff9, 0x5, 0x6, 0x4, 0x9, 0x0, 0x4, 0x6, 0x5e79, 0xb0c9, 0xff, 0x6, 0x4c8, 0x6, 0x269c, 0x2c8, 0x1, 0xc, 0x6, 0x9, 0x1ff, 0x4, 0x5848, 0x3, 0xce, 0x4, 0x1, 0x9, 0x1, 0x358a, 0x0, 0x7fffffff, 0x7, 0x1, 0x9, 0xfff, 0x4, 0x0, 0x6, 0xfffffffd, 0x3, 0xfffffff7, 0x7, 0x7, 0xfffffff7, 0x8, 0x40, 0x8000, 0x3, 0x9, 0x4, 0x101, 0xc, 0x3, 0x5, 0x4, 0xb6, 0x2, 0x401, 0x8, 0x8, 0xffffff44, 0x2743, 0x6b8cc28e, 0x5, 0x8e0]}]}]}}, @f_tcindex={{0xc}, {0x40c, 0x2, [@TCA_TCINDEX_POLICE={0x408, 0x6, [@TCA_POLICE_RATE={0x404, 0x2, [0x6, 0x8, 0x4d8, 0xffffffff, 0x8d1, 0x8, 0x9, 0x9, 0x0, 0xfffffff7, 0x4, 0x3, 0x81, 0x8, 0x6, 0x6, 0xd62, 0x6, 0x7, 0x29, 0x5, 0x5, 0x9, 0x2, 0x1000, 0x2, 0x793, 0x4, 0x101, 0xffffdc7a, 0x5, 0x7fff, 0x1, 0x5, 0x4b37, 0x2, 0x4, 0xd9a, 0x1, 0x4e, 0x3, 0x800, 0x9, 0x1, 0x9, 0x1, 0x0, 0x9, 0x8, 0x4e, 0x0, 0x80, 0x10000, 0x80, 0x10000, 0x8, 0x4, 0x1, 0x7, 0x9, 0x2, 0x7fffffff, 0xfcf, 0x7, 0x2, 0x2, 0x4, 0x1000, 0xea, 0x1, 0x9, 0x5, 0x200, 0xfec0, 0xffffe49a, 0x2, 0x4, 0x58e, 0xffffffff, 0x5, 0x6, 0x7f, 0x400, 0x8, 0x80, 0x7, 0x3, 0x6, 0xd, 0x3, 0xce, 0xd, 0x7fffffff, 0x1, 0x6, 0x4, 0x6, 0x3, 0x7f, 0x8001, 0xed4b, 0x68, 0x9, 0xc, 0xffff, 0x9, 0x7, 0x4, 0xf97, 0x5, 0x4, 0x80000001, 0x6, 0x7, 0x6, 0x5, 0xfff, 0x3, 0x46, 0x3ff, 0x7e4d, 0x5, 0x0, 0x6, 0x9, 0xf1, 0x4, 0x3, 0x3, 0xb, 0x8, 0x7, 0xa, 0x6, 0x9, 0x2, 0x0, 0x4, 0x5d6e5b73, 0x8, 0x3, 0x1, 0x4a0b, 0x9a0, 0x400, 0x3, 0x0, 0x3, 0x9, 0x401, 0x9e, 0x8000, 0xf8, 0x5, 0x2, 0xffffffff, 0x3, 0x7fffffff, 0x0, 0x2, 0x6, 0x8, 0x7, 0x80000000, 0x74, 0x1, 0x7, 0xa94, 0x3, 0x4, 0x44, 0x0, 0x1, 0x13, 0x5, 0x0, 0x7f, 0x4, 0x818, 0x1, 0x560, 0x6, 0x9, 0x3, 0x4, 0x1ff, 0x4, 0x8001, 0x44, 0x2, 0x9, 0x8, 0x3, 0x8000, 0x100, 0x1, 0x1b35709e, 0x9629, 0x1, 0x5, 0x400, 0x0, 0x0, 0xba9, 0x2, 0x7, 0xe1, 0x4, 0x7, 0x5, 0x2, 0x21, 0xfffffeff, 0x0, 0x2d5b, 0xd, 0x1, 0x1000, 0x9, 0x2a, 0x8, 0x4, 0x9, 0x7, 0x8, 0x5, 0x1, 0x6, 0x6, 0x1, 0x1, 0x80, 0x1, 0x5, 0x0, 0x7fffffff, 0x3ff, 0x2, 0x5, 0x9, 0x8001, 0x8ee, 0x8, 0x4, 0x2, 0x9, 0x8, 0xd, 0x8, 0x7, 0x1, 0x440, 0x1, 0xaa20, 0x5, 0x4]}]}]}}]}, 0xc58}}, 0x4080000) 1.020468534s ago: executing program 2 (id=589): prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04130501c9000c"], 0x8) 888.845125ms ago: executing program 3 (id=590): pipe2(&(0x7f0000000840)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) vmsplice(r0, &(0x7f0000000780)=[{0x0}], 0x1, 0xa) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 770.248791ms ago: executing program 3 (id=591): r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x1802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000340)={0x400000100002f}) write$uinput_user_dev(r1, &(0x7f0000000380)={'syz0\x00', {0xff, 0x6, 0x7fff, 0x8d5}, 0x24, [0x10000, 0xeba, 0x7, 0xe6a, 0x8, 0x1, 0x5, 0x7ff, 0x54, 0x7fffdfff, 0x2, 0xc, 0x8, 0x9, 0x9, 0x3, 0x7, 0x40000, 0xa, 0x26, 0x2, 0x0, 0x3ff, 0xfffffff4, 0x1, 0xda6, 0x3, 0xa7, 0xeb36, 0x2, 0x9, 0x76c9, 0x200, 0x1, 0x1, 0x1, 0x7, 0x9, 0xf, 0xb, 0x9, 0x80000000, 0x9, 0xb50, 0x0, 0x800, 0x3, 0x0, 0x7, 0xfffffffe, 0x5, 0x8, 0x24, 0x7fff, 0x8, 0x1, 0x200, 0x0, 0x0, 0x7f, 0x964e, 0x2d5, 0x149, 0x200001], [0x66ac, 0xfffffff9, 0x4, 0x3, 0x8e, 0x7, 0x80000001, 0x9, 0x4, 0x2, 0x0, 0x7, 0x6, 0x8001, 0x9, 0x8, 0x2, 0x5, 0xb, 0x7ff, 0x7ff, 0x5, 0x9, 0xc00, 0x89, 0x7ff, 0x0, 0x1, 0x10000, 0x9, 0x9, 0xe8e00000, 0x10000, 0x8, 0x1, 0x7, 0x0, 0x4, 0x4c, 0x9, 0x8, 0x5, 0xe66, 0x8, 0x2, 0x81, 0x48, 0x7d, 0x6, 0xb, 0x4, 0x9, 0x1, 0x8d1, 0x100008fd, 0xfffffffa, 0xe0, 0x8e, 0x10001, 0x4, 0x401, 0xade, 0x7f, 0x9], [0x8396, 0x7, 0x10000, 0x9, 0x8000, 0x1, 0x9, 0xe, 0x8, 0x6, 0x0, 0x400, 0x1000, 0x9, 0x71, 0x8001, 0x7, 0x3, 0x6, 0x5, 0x3, 0xc9, 0x2, 0x3, 0x0, 0x2, 0x8001, 0xc, 0x5, 0xb0f, 0x1e, 0x3, 0x800, 0x80008, 0x9, 0x3, 0x200, 0xfffffff7, 0x4, 0xe, 0x464b, 0x6, 0x2e7, 0x7ff, 0x1ff, 0x6, 0x87ff, 0x2, 0x7fffffff, 0xffffffff, 0x4, 0xffff, 0xd5d, 0xa0c7880, 0xffffff4e, 0x9, 0x4, 0x40, 0x3, 0x0, 0x1fc1, 0x9, 0x1, 0x6], [0x10000010, 0x7, 0x9, 0x2, 0xa5e, 0xfe, 0xff, 0x3, 0x80000000, 0x0, 0xe, 0x2, 0x4, 0x7, 0x7, 0x0, 0xfffffffd, 0xfffffff8, 0xdaa, 0x4, 0x3, 0x103, 0x6, 0xcc, 0x6, 0x4000400, 0xffffffff, 0xfffffffb, 0x40, 0x80000000, 0x4, 0x7, 0xfff, 0x40, 0x9, 0x0, 0x9, 0x1, 0x0, 0x7, 0x8ac1, 0x3, 0xfffffffa, 0x80000002, 0x80000002, 0xff, 0x6, 0x3, 0xfffff801, 0xffefffff, 0x37d, 0xfffffff8, 0xd, 0x7, 0xd, 0x8, 0x6eaf, 0x0, 0x8, 0x5e02, 0x2, 0x3, 0x5, 0x400]}, 0x45c) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r1, 0x5501) close_range(r0, 0xffffffffffffffff, 0x0) 770.02715ms ago: executing program 3 (id=592): r0 = open(&(0x7f00000000c0)='./file1\x00', 0x14927e, 0x6) fallocate(r0, 0x0, 0x0, 0x1001f0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x7}, 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0), 0x8001, 0x0) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045009, &(0x7f0000000040)) r3 = syz_open_dev$video4linux(0x0, 0x0, 0x0) ioctl$VIDIOC_QUERY_EXT_CTRL(r3, 0xc0445624, &(0x7f00000000c0)={0x100980001, 0x102, "bf5dff0f251ed700f61765c214525a2572ce1ced49e8981e103268fadc1433ae"}) r4 = add_key(0x0, &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$chown(0x4, r4, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff56}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='hrtimer_init\x00', r6}, 0x18) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r7) sendmsg$IPVS_CMD_GET_DAEMON(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r8, 0x301, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x24000010}, 0x8000) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r9 = open(&(0x7f0000000080)='./file1\x00', 0xe4802, 0x86) pwritev2(r9, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x80000}], 0x14, 0x7800, 0x0, 0x3) 669.53904ms ago: executing program 2 (id=593): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'geneve0\x00'}) sendto$packet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 669.374868ms ago: executing program 2 (id=594): syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e44050c10e6"], 0x47) 669.264666ms ago: executing program 2 (id=595): syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bind$rds(0xffffffffffffffff, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$rds(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x2, 0x922000000001, 0x106) socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d083911000000000000a1180015000600142603600e120900210000000401a80016000400144006000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@getchain={0x24, 0x11, 0x1, 0x70bd27, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xa}, {0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0xc000) 620.265486ms ago: executing program 2 (id=596): bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000023"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r0}, 0x10) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x1d, &(0x7f00000001c0), 0x4) 620.034292ms ago: executing program 3 (id=597): r0 = socket(0x10, 0x803, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, @dev, @dev={0xfe, 0x80, '\x00', 0x4}, 0x80, 0x0, 0x1, 0x1}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'ip6tnl0\x00', r1, 0x0, 0xff, 0x0, 0x7, 0x0, @dev, @private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x1, 0xfffffffe}}) 619.770331ms ago: executing program 2 (id=598): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000040)=0x8, 0x4) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 619.634824ms ago: executing program 3 (id=599): pipe2(&(0x7f0000000840)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) vmsplice(r0, &(0x7f0000000780)=[{&(0x7f0000000180)}], 0x1, 0xa) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 530.450448ms ago: executing program 3 (id=600): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x8}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000640)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4) r4 = accept4(r3, 0x0, 0x0, 0x80800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb09587", 0x4b}, {&(0x7f00000003c0)="e8700e444d", 0x5}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000440)=""/71, 0x1f}, {&(0x7f00000004c0)=""/71, 0x47}], 0x2}, 0x40002141) 194.620928ms ago: executing program 1 (id=601): prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04130501c9000c"], 0x8) 369.143µs ago: executing program 1 (id=602): r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x1802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000340)={0x400000100002f}) write$uinput_user_dev(r1, &(0x7f0000000380)={'syz0\x00', {0xff, 0x6, 0x7fff, 0x8d5}, 0x24, [0x10000, 0xeba, 0x7, 0xe6a, 0x8, 0x1, 0x5, 0x7ff, 0x54, 0x7fffdfff, 0x2, 0xc, 0x8, 0x9, 0x9, 0x3, 0x7, 0x40000, 0xa, 0x26, 0x2, 0x0, 0x3ff, 0xfffffff4, 0x1, 0xda6, 0x3, 0xa7, 0xeb36, 0x2, 0x9, 0x76c9, 0x200, 0x1, 0x1, 0x1, 0x7, 0x9, 0xf, 0xb, 0x9, 0x80000000, 0x9, 0xb50, 0x0, 0x800, 0x3, 0x0, 0x7, 0xfffffffe, 0x5, 0x8, 0x24, 0x7fff, 0x8, 0x1, 0x200, 0x0, 0x0, 0x7f, 0x964e, 0x2d5, 0x149, 0x200001], [0x66ac, 0xfffffff9, 0x4, 0x3, 0x8e, 0x7, 0x80000001, 0x9, 0x4, 0x2, 0x0, 0x7, 0x6, 0x8001, 0x9, 0x8, 0x2, 0x5, 0xb, 0x7ff, 0x7ff, 0x5, 0x9, 0xc00, 0x89, 0x7ff, 0x0, 0x1, 0x10000, 0x9, 0x9, 0xe8e00000, 0x10000, 0x8, 0x1, 0x7, 0x0, 0x4, 0x4c, 0x9, 0x8, 0x5, 0xe66, 0x8, 0x2, 0x81, 0x48, 0x7d, 0x6, 0xb, 0x4, 0x9, 0x1, 0x8d1, 0x100008fd, 0xfffffffa, 0xe0, 0x8e, 0x10001, 0x4, 0x401, 0xade, 0x7f, 0x9], [0x8396, 0x7, 0x10000, 0x9, 0x8000, 0x1, 0x9, 0xe, 0x8, 0x6, 0x0, 0x400, 0x1000, 0x9, 0x71, 0x8001, 0x7, 0x3, 0x6, 0x5, 0x3, 0xc9, 0x2, 0x3, 0x0, 0x2, 0x8001, 0xc, 0x5, 0xb0f, 0x1e, 0x3, 0x800, 0x80008, 0x9, 0x3, 0x200, 0xfffffff7, 0x4, 0xe, 0x464b, 0x6, 0x2e7, 0x7ff, 0x1ff, 0x6, 0x87ff, 0x2, 0x7fffffff, 0xffffffff, 0x4, 0xffff, 0xd5d, 0xa0c7880, 0xffffff4e, 0x9, 0x4, 0x40, 0x3, 0x0, 0x1fc1, 0x9, 0x1, 0x6], [0x10000010, 0x7, 0x9, 0x2, 0xa5e, 0xfe, 0xff, 0x3, 0x80000000, 0x0, 0xe, 0x2, 0x4, 0x7, 0x7, 0x0, 0xfffffffd, 0xfffffff8, 0xdaa, 0x4, 0x3, 0x103, 0x6, 0xcc, 0x6, 0x4000400, 0xffffffff, 0xfffffffb, 0x40, 0x80000000, 0x4, 0x7, 0xfff, 0x40, 0x9, 0x0, 0x9, 0x1, 0x0, 0x7, 0x8ac1, 0x3, 0xfffffffa, 0x80000002, 0x80000002, 0xff, 0x6, 0x3, 0xfffff801, 0xffefffff, 0x37d, 0xfffffff8, 0xd, 0x7, 0xd, 0x8, 0x6eaf, 0x0, 0x8, 0x5e02, 0x2, 0x3, 0x5, 0x400]}, 0x45c) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r1, 0x5501) close_range(r0, 0xffffffffffffffff, 0x0) 0s ago: executing program 1 (id=603): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) syz_open_dev$dri(&(0x7f0000000240), 0xd21, 0x4000) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e00000000000000fffe07000800020000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000ef834ca2a721b3180000000000"], 0x50) sendmsg(0xffffffffffffffff, &(0x7f0000001500)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)}, 0x4000042) r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f00000000c0)=0x2) r5 = openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_GETOSPACE(r5, 0x8010500c, &(0x7f0000000040)) ioctl$SNDRV_PCM_IOCTL_HW_FREE(0xffffffffffffffff, 0x4112, 0x0) ioctl$SNDCTL_DSP_POST(r5, 0x5008, 0x0) r6 = socket$key(0xf, 0x3, 0x2) syz_80211_inject_frame(&(0x7f00000000c0)=@device_b, &(0x7f0000000300)=ANY=[@ANYBLOB="800000000803110000010802110000000802110000000000000000000d0000000400010000060202020216eb000003010e250301642b72068125030303e20203"], 0x3e) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x1, 0x1}, &(0x7f00000003c0)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendto(r6, &(0x7f0000000400)="190b0be51ec7e314eeca4d5d64d9158a600ee95cb697fed65dd719dc03", 0x1d, 0x4000000, &(0x7f0000000440)=@pptp={0x18, 0x2, {0x3, @loopback}}, 0x80) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r7, &(0x7f0000000000)='2\x00', 0x2) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:52583' (ED25519) to the list of known hosts. [ 40.699594][ T5961] cgroup: Unknown subsys name 'net' [ 40.876529][ T5961] cgroup: Unknown subsys name 'cpuset' [ 40.880705][ T5961] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 41.632595][ T5961] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 44.622553][ T63] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 44.625709][ T63] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 44.628227][ T63] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 44.630987][ T63] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 44.633693][ T63] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 44.639564][ T5981] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 44.642209][ T63] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 44.644818][ T63] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 44.647464][ T63] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 44.649948][ T63] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 44.655673][ T5977] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 44.659014][ T5977] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 44.661176][ T5339] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 44.662171][ T5977] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 44.664535][ T5339] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 44.668093][ T5977] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 44.669956][ T5339] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 44.672929][ T5977] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 44.677202][ T5339] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 44.680414][ T5339] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 44.719999][ T5974] chnl_net:caif_netlink_parms(): no params data found [ 44.792899][ T5979] chnl_net:caif_netlink_parms(): no params data found [ 44.807676][ T5974] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.810087][ T5974] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.812365][ T5974] bridge_slave_0: entered allmulticast mode [ 44.814864][ T5974] bridge_slave_0: entered promiscuous mode [ 44.818466][ T5974] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.820793][ T5974] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.823827][ T5974] bridge_slave_1: entered allmulticast mode [ 44.827296][ T5974] bridge_slave_1: entered promiscuous mode [ 44.868331][ T5974] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 44.876925][ T5974] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 44.916483][ T5974] team0: Port device team_slave_0 added [ 44.937750][ T5983] chnl_net:caif_netlink_parms(): no params data found [ 44.947659][ T5974] team0: Port device team_slave_1 added [ 44.949530][ T5979] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.951632][ T5979] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.953938][ T5979] bridge_slave_0: entered allmulticast mode [ 44.956610][ T5979] bridge_slave_0: entered promiscuous mode [ 44.961219][ T5979] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.963500][ T5979] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.966129][ T5979] bridge_slave_1: entered allmulticast mode [ 44.968430][ T5979] bridge_slave_1: entered promiscuous mode [ 45.012234][ T5979] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.016682][ T5974] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.018976][ T5974] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.027229][ T5974] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.039588][ T5984] chnl_net:caif_netlink_parms(): no params data found [ 45.043887][ T5979] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.054501][ T5974] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.057364][ T5974] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.066348][ T5974] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.099124][ T5979] team0: Port device team_slave_0 added [ 45.104308][ T5979] team0: Port device team_slave_1 added [ 45.172425][ T5979] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.175644][ T5979] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.185241][ T5979] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.214432][ T5983] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.217369][ T5983] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.219902][ T5983] bridge_slave_0: entered allmulticast mode [ 45.222332][ T5983] bridge_slave_0: entered promiscuous mode [ 45.230446][ T5979] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.233177][ T5979] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.241386][ T5979] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.246903][ T5974] hsr_slave_0: entered promiscuous mode [ 45.249049][ T5974] hsr_slave_1: entered promiscuous mode [ 45.252222][ T5983] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.255469][ T5983] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.257920][ T5983] bridge_slave_1: entered allmulticast mode [ 45.260271][ T5983] bridge_slave_1: entered promiscuous mode [ 45.295522][ T5984] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.297660][ T5984] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.299940][ T5984] bridge_slave_0: entered allmulticast mode [ 45.302186][ T5984] bridge_slave_0: entered promiscuous mode [ 45.305995][ T5984] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.308401][ T5984] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.311387][ T5984] bridge_slave_1: entered allmulticast mode [ 45.314549][ T5984] bridge_slave_1: entered promiscuous mode [ 45.343012][ T5983] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.373008][ T5984] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.379235][ T5984] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.383869][ T5983] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.392135][ T5979] hsr_slave_0: entered promiscuous mode [ 45.395117][ T5979] hsr_slave_1: entered promiscuous mode [ 45.397678][ T5979] debugfs: 'hsr0' already exists in 'hsr' [ 45.399567][ T5979] Cannot create hsr debugfs directory [ 45.437933][ T5983] team0: Port device team_slave_0 added [ 45.450597][ T5984] team0: Port device team_slave_0 added [ 45.453153][ T5983] team0: Port device team_slave_1 added [ 45.455921][ T5984] team0: Port device team_slave_1 added [ 45.499682][ T5983] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.501828][ T5983] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.510730][ T5983] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.525208][ T5984] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.528011][ T5984] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.538485][ T5984] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.543955][ T5983] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.546309][ T5983] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.556597][ T5983] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.570356][ T5984] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.572780][ T5984] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.581105][ T5984] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.634060][ T5983] hsr_slave_0: entered promiscuous mode [ 45.636362][ T5983] hsr_slave_1: entered promiscuous mode [ 45.638303][ T5983] debugfs: 'hsr0' already exists in 'hsr' [ 45.640186][ T5983] Cannot create hsr debugfs directory [ 45.643866][ T5984] hsr_slave_0: entered promiscuous mode [ 45.647516][ T5984] hsr_slave_1: entered promiscuous mode [ 45.649501][ T5984] debugfs: 'hsr0' already exists in 'hsr' [ 45.651416][ T5984] Cannot create hsr debugfs directory [ 45.739329][ T5974] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 45.745622][ T5974] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 45.750245][ T5974] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 45.753576][ T5974] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 45.808513][ T5979] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 45.812767][ T5979] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 45.817330][ T5979] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 45.821684][ T5979] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 45.850853][ T5984] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 45.857331][ T5984] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 45.861232][ T5984] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 45.866014][ T5984] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 45.894746][ T5983] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 45.898192][ T5983] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 45.901629][ T5983] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 45.905428][ T5983] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 45.915077][ T5974] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.934800][ T5974] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.940095][ T5979] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.945896][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.948327][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.954932][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.957844][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.977319][ T5979] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.983512][ T92] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.986543][ T92] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.001859][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.004131][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.015458][ T5984] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.032742][ T5984] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.040581][ T5979] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 46.044074][ T5979] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 46.050507][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.053008][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.058574][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.061611][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.072521][ T5983] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.090802][ T5983] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.102213][ T1186] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.105355][ T1186] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.115120][ T1186] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.117552][ T1186] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.138576][ T5983] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 46.142981][ T5983] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 46.150228][ T5974] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.170182][ T5979] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.179649][ T5974] veth0_vlan: entered promiscuous mode [ 46.187408][ T5974] veth1_vlan: entered promiscuous mode [ 46.200710][ T5984] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.210307][ T5979] veth0_vlan: entered promiscuous mode [ 46.213163][ T5974] veth0_macvtap: entered promiscuous mode [ 46.217665][ T5974] veth1_macvtap: entered promiscuous mode [ 46.225713][ T5974] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.230833][ T5974] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.235388][ T5979] veth1_vlan: entered promiscuous mode [ 46.242876][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.251455][ T5983] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.254825][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.257384][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.265199][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.272941][ T5984] veth0_vlan: entered promiscuous mode [ 46.286442][ T5984] veth1_vlan: entered promiscuous mode [ 46.290549][ T5979] veth0_macvtap: entered promiscuous mode [ 46.295816][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.298757][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.303332][ T5979] veth1_macvtap: entered promiscuous mode [ 46.316743][ T74] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.320015][ T74] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.321443][ T5979] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.326902][ T5979] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.338594][ T5984] veth0_macvtap: entered promiscuous mode [ 46.341760][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.345857][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.350699][ T5974] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 46.355684][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.363668][ T5984] veth1_macvtap: entered promiscuous mode [ 46.366880][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.369738][ T5983] veth0_vlan: entered promiscuous mode [ 46.379845][ T5983] veth1_vlan: entered promiscuous mode [ 46.383858][ T6057] FAULT_INJECTION: forcing a failure. [ 46.383858][ T6057] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 46.388894][ T5984] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.388962][ T6057] CPU: 3 UID: 0 PID: 6057 Comm: syz.3.4 Not tainted 6.17.0-rc2-syzkaller-00028-gbe48bcf004f9 #0 PREEMPT(full) [ 46.388983][ T6057] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 46.388992][ T6057] Call Trace: [ 46.388997][ T6057] [ 46.389002][ T6057] dump_stack_lvl+0x16c/0x1f0 [ 46.389021][ T6057] should_fail_ex+0x512/0x640 [ 46.389038][ T6057] _copy_from_user+0x2e/0xd0 [ 46.389055][ T6057] __sys_bpf+0x21d/0x4de0 [ 46.389071][ T6057] ? lock_release+0x201/0x2f0 [ 46.389085][ T6057] ? __pfx___sys_bpf+0x10/0x10 [ 46.389101][ T6057] ? ksys_write+0x190/0x250 [ 46.389113][ T6057] ? rcu_is_watching+0x12/0xc0 [ 46.389124][ T6057] ? lock_release+0x201/0x2f0 [ 46.389138][ T6057] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 46.389156][ T6057] ? fput+0x9b/0xd0 [ 46.389170][ T6057] ? ksys_write+0x1ac/0x250 [ 46.389183][ T6057] ? __pfx_ksys_write+0x10/0x10 [ 46.389196][ T6057] __ia32_sys_bpf+0x76/0xe0 [ 46.389213][ T6057] __do_fast_syscall_32+0x7c/0x3a0 [ 46.389228][ T6057] do_fast_syscall_32+0x32/0x80 [ 46.389242][ T6057] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 46.389256][ T6057] RIP: 0023:0xf70fe579 [ 46.389264][ T6057] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 46.389275][ T6057] RSP: 002b:00000000f54ee55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 46.389285][ T6057] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000600 [ 46.389292][ T6057] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 46.389298][ T6057] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 46.389304][ T6057] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 46.389310][ T6057] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 46.389319][ T6057] [ 46.455378][ T5984] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.462466][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.465137][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 46.465427][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 46.470688][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 46.470822][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.473937][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 46.477377][ T46] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.481646][ T46] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.492922][ T92] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.496965][ T92] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.498094][ T46] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.503752][ T1141] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.508520][ T5983] veth0_macvtap: entered promiscuous mode [ 46.515715][ T5983] veth1_macvtap: entered promiscuous mode [ 46.529754][ T6062] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.532268][ T6062] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.551156][ T6062] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 46.555403][ T6062] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 46.587181][ T1141] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.590906][ T6062] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6'. [ 46.591034][ T1141] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.597290][ T12] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.674458][ T5981] Bluetooth: hci1: command tx timeout [ 46.684525][ T5981] Bluetooth: hci0: command tx timeout [ 46.754441][ T5981] Bluetooth: hci2: command tx timeout [ 46.756680][ T5339] Bluetooth: hci3: command tx timeout [ 46.837467][ T12] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.848780][ T5983] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.853111][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.857162][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.876507][ T5983] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.882770][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.887391][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.888474][ T1141] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.894023][ T1141] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.898021][ T1141] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.905751][ T1141] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.942734][ T1141] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.946422][ T1141] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.962939][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.967407][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 46.967987][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.971162][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 46.976979][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 46.980200][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 46.983395][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 47.141529][ T6092] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'. [ 47.160428][ T6084] Zero length message leads to an empty skb [ 47.232442][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 48.094764][ T6103] netlink: 32 bytes leftover after parsing attributes in process `syz.0.12'. [ 48.099590][ T6103] netlink: 32 bytes leftover after parsing attributes in process `syz.0.12'. [ 48.195686][ T840] Process accounting resumed [ 48.220627][ T6103] netlink: 32 bytes leftover after parsing attributes in process `syz.0.12'. [ 48.223359][ T6103] netlink: 32 bytes leftover after parsing attributes in process `syz.0.12'. [ 48.249440][ T6108] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2147484288 (4294968576 ns) > initial count (34 ns). Using initial count to start timer. [ 48.250873][ T6103] netlink: 32 bytes leftover after parsing attributes in process `syz.0.12'. [ 48.258436][ T6103] netlink: 32 bytes leftover after parsing attributes in process `syz.0.12'. [ 48.754960][ T5339] Bluetooth: hci0: command tx timeout [ 48.764397][ T5339] Bluetooth: hci1: command tx timeout [ 48.834354][ T5339] Bluetooth: hci3: command tx timeout [ 48.844375][ T5339] Bluetooth: hci2: command tx timeout [ 49.379953][ T6116] fuseblk: Unknown parameter 'rootmode000000000120000' [ 49.921536][ T6150] netlink: 32 bytes leftover after parsing attributes in process `syz.1.20'. [ 49.924516][ T6150] netlink: 32 bytes leftover after parsing attributes in process `syz.1.20'. [ 49.981374][ T840] Process accounting resumed [ 50.204305][ T6037] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 50.374402][ T6037] usb 5-1: Using ep0 maxpacket: 8 [ 50.378543][ T6037] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 50.381592][ T6037] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 50.385501][ T6037] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 50.389858][ T6037] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 50.396412][ T6037] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 50.400385][ T6037] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 50.440893][ T6165] ======================================================= [ 50.440893][ T6165] WARNING: The mand mount option has been deprecated and [ 50.440893][ T6165] and is ignored by this kernel. Remove the mand [ 50.440893][ T6165] option from the mount to silence this warning. [ 50.440893][ T6165] ======================================================= [ 50.482414][ T6165] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 50.610937][ T6037] usb 5-1: GET_CAPABILITIES returned 0 [ 50.634906][ T6037] usbtmc 5-1:16.0: can't read capabilities [ 50.814353][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 50.817427][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 50.820382][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 50.823198][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 50.826022][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 50.828830][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 50.831629][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 50.834467][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 50.837272][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 50.840092][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 50.842924][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 50.845899][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 50.848777][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 50.851802][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 50.855148][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 50.859688][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -2 [ 50.864478][ T5339] Bluetooth: hci1: command tx timeout [ 50.864515][ T6037] usb 5-1: USB disconnect, device number 2 [ 50.864529][ T5981] Bluetooth: hci0: command tx timeout [ 50.914655][ T5339] Bluetooth: hci2: command tx timeout [ 50.914681][ T5981] Bluetooth: hci3: command tx timeout [ 51.062625][ T40] audit: type=1804 audit(1755571437.456:2): pid=6182 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.23" name="/newroot/6/file0" dev="tmpfs" ino=50 res=1 errno=0 [ 51.063447][ T6182] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -29824, delta: 1 [ 51.074545][ T6182] ref_ctr increment failed for inode: 0x32 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888023ed5600 [ 51.130514][ T6182] netlink: 'syz.1.23': attribute type 10 has an invalid length. [ 51.132987][ T6182] dummy0: entered promiscuous mode [ 51.135287][ T6182] dummy0: entered allmulticast mode [ 51.137881][ T6182] bridge0: port 3(dummy0) entered blocking state [ 51.140212][ T6182] bridge0: port 3(dummy0) entered disabled state [ 51.144095][ T6182] bridge0: port 3(dummy0) entered blocking state [ 51.146514][ T6182] bridge0: port 3(dummy0) entered forwarding state [ 51.394978][ T6175] delete_channel: no stack [ 51.570505][ T6204] fuseblk: Unknown parameter 'rootmode000000000120000' [ 52.226976][ T5981] Bluetooth: hci1: connection err: -111 [ 52.307145][ T6221] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -29824, delta: 1 [ 52.311009][ T6221] ref_ctr increment failed for inode: 0x31 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804b470ac0 [ 52.325505][ T40] audit: type=1804 audit(1755571438.706:3): pid=6221 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.30" name="/newroot/6/file0" dev="tmpfs" ino=49 res=1 errno=0 [ 52.348184][ T6221] netlink: 'syz.3.30': attribute type 10 has an invalid length. [ 52.350936][ T6221] __nla_validate_parse: 5 callbacks suppressed [ 52.351024][ T6221] netlink: 40 bytes leftover after parsing attributes in process `syz.3.30'. [ 52.360542][ T6221] dummy0: entered promiscuous mode [ 52.362215][ T6221] dummy0: entered allmulticast mode [ 52.376416][ T6221] bridge0: port 3(dummy0) entered blocking state [ 52.378722][ T6221] bridge0: port 3(dummy0) entered disabled state [ 52.704925][ T6233] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 52.941168][ T5981] Bluetooth: hci1: command tx timeout [ 52.941194][ T5339] Bluetooth: hci0: command tx timeout [ 52.994415][ T5339] Bluetooth: hci3: command tx timeout [ 53.004891][ T5339] Bluetooth: hci2: command tx timeout [ 53.131882][ T6238] warning: `syz.2.33' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 53.334871][ T6216] delete_channel: no stack [ 53.543256][ T6250] syz.1.35 uses obsolete (PF_INET,SOCK_PACKET) [ 53.634364][ T840] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 53.814391][ T840] usb 8-1: Using ep0 maxpacket: 8 [ 53.817717][ T840] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 53.820893][ T840] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 53.824356][ T840] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 53.827923][ T840] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 53.832407][ T840] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 53.836974][ T840] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 53.909623][ T40] audit: type=1804 audit(1755571440.306:4): pid=6274 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.37" name="/newroot/10/file0" dev="tmpfs" ino=70 res=1 errno=0 [ 53.917889][ T6274] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -29824, delta: 1 [ 53.920787][ T6274] ref_ctr increment failed for inode: 0x46 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88801b87e0c0 [ 53.935469][ T6274] netlink: 'syz.2.37': attribute type 10 has an invalid length. [ 53.938122][ T6274] netlink: 40 bytes leftover after parsing attributes in process `syz.2.37'. [ 53.941132][ T6274] dummy0: entered promiscuous mode [ 53.943265][ T6274] dummy0: entered allmulticast mode [ 53.947301][ T6274] bridge0: port 3(dummy0) entered blocking state [ 53.949932][ T6274] bridge0: port 3(dummy0) entered disabled state [ 53.954181][ T6274] bridge0: port 3(dummy0) entered blocking state [ 53.956417][ T6274] bridge0: port 3(dummy0) entered forwarding state [ 54.080312][ T840] usb 8-1: GET_CAPABILITIES returned 0 [ 54.089257][ T840] usbtmc 8-1:16.0: can't read capabilities [ 54.290906][ C0] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 54.294308][ C0] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 54.299494][ C0] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 54.302423][ C0] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 54.305463][ C0] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 54.308781][ C0] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 54.312205][ C0] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 54.315102][ C0] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 54.318088][ C0] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 54.321238][ C0] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 54.324125][ C0] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 54.327477][ C0] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 54.330916][ C0] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 54.333892][ C0] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 54.337847][ C0] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 54.338608][ T6269] delete_channel: no stack [ 54.341134][ C0] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -2 [ 54.342312][ T9] usb 8-1: USB disconnect, device number 2 [ 55.331800][ T6325] capability: warning: `syz.1.43' uses 32-bit capabilities (legacy support in use) [ 55.404411][ T6332] netlink: 4 bytes leftover after parsing attributes in process `syz.2.44'. [ 55.435242][ T40] audit: type=1800 audit(1755571441.836:5): pid=6331 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.41" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 56.000690][ T40] audit: type=1804 audit(1755571442.396:6): pid=6349 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.47" name="/newroot/10/file0" dev="tmpfs" ino=71 res=1 errno=0 [ 56.007779][ T6349] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -29824, delta: 1 [ 56.010615][ T6349] ref_ctr increment failed for inode: 0x47 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804fe660c0 [ 56.018645][ T6349] netlink: 'syz.0.47': attribute type 10 has an invalid length. [ 56.021336][ T6349] netlink: 40 bytes leftover after parsing attributes in process `syz.0.47'. [ 56.024564][ T6349] dummy0: entered promiscuous mode [ 56.026509][ T6349] dummy0: entered allmulticast mode [ 56.029155][ T6349] bridge0: port 3(dummy0) entered blocking state [ 56.031503][ T6349] bridge0: port 3(dummy0) entered disabled state [ 56.035509][ T6349] bridge0: port 3(dummy0) entered blocking state [ 56.037516][ T6349] bridge0: port 3(dummy0) entered forwarding state [ 56.408194][ T6355] netlink: 4 bytes leftover after parsing attributes in process `syz.2.50'. [ 56.917238][ T6347] delete_channel: no stack [ 58.005027][ T6374] fuseblk: Unknown parameter 'rootmode000000000120000' [ 58.230396][ T6379] fuseblk: Unknown parameter 'rootmode000000000120000' [ 58.247490][ T40] audit: type=1326 audit(1755571444.646:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6382 comm="syz.1.58" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7ffc0000 [ 58.255801][ T40] audit: type=1326 audit(1755571444.646:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6382 comm="syz.1.58" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf7fe6579 code=0x7ffc0000 [ 58.262288][ T40] audit: type=1326 audit(1755571444.656:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6382 comm="syz.1.58" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7ffc0000 [ 58.270051][ T40] audit: type=1326 audit(1755571444.656:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6382 comm="syz.1.58" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7ffc0000 [ 58.282045][ T40] audit: type=1326 audit(1755571444.656:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6382 comm="syz.1.58" exe="/syz-executor" sig=0 arch=40000003 syscall=57 compat=1 ip=0xf7fe6579 code=0x7ffc0000 [ 58.289919][ T40] audit: type=1326 audit(1755571444.656:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6382 comm="syz.1.58" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7ffc0000 [ 58.299171][ T40] audit: type=1326 audit(1755571444.656:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6382 comm="syz.1.58" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fe6579 code=0x7ffc0000 [ 58.308898][ T40] audit: type=1326 audit(1755571444.656:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6382 comm="syz.1.58" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7ffc0000 [ 58.472800][ T6389] netlink: 32 bytes leftover after parsing attributes in process `syz.3.57'. [ 58.475881][ T6389] netlink: 32 bytes leftover after parsing attributes in process `syz.3.57'. [ 58.534724][ T840] Process accounting resumed [ 58.571770][ T6389] netlink: 32 bytes leftover after parsing attributes in process `syz.3.57'. [ 58.574617][ T6389] netlink: 32 bytes leftover after parsing attributes in process `syz.3.57'. [ 58.767785][ T6389] netlink: 32 bytes leftover after parsing attributes in process `syz.3.57'. [ 58.771153][ T6389] netlink: 32 bytes leftover after parsing attributes in process `syz.3.57'. [ 59.204366][ T6395] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -29824, delta: 1 [ 59.207048][ T6395] ref_ctr increment failed for inode: 0x6a offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804f7aeb80 [ 59.218253][ T40] audit: type=1804 audit(1755571445.596:15): pid=6395 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.60" name="/newroot/17/file0" dev="tmpfs" ino=106 res=1 errno=0 [ 59.226561][ T6395] netlink: 'syz.2.60': attribute type 10 has an invalid length. [ 59.229065][ T6395] netlink: 40 bytes leftover after parsing attributes in process `syz.2.60'. [ 59.324816][ T6394] delete_channel: no stack [ 59.385830][ T6406] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 59.567221][ T6409] fuseblk: Unknown parameter 'rootmode000000000120000' [ 59.876804][ T6419] fuseblk: Unknown parameter 'rootmode000000000120000' [ 59.994298][ T6421] syzkaller0: entered promiscuous mode [ 59.995852][ T6421] syzkaller0: entered allmulticast mode [ 60.227943][ T40] audit: type=1804 audit(1755571446.626:16): pid=6426 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.68" name="/newroot/12/file0" dev="tmpfs" ino=82 res=1 errno=0 [ 60.228658][ T6426] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -29824, delta: 1 [ 60.237635][ T6426] ref_ctr increment failed for inode: 0x52 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804c4b35c0 [ 60.267958][ T6426] netlink: 'syz.3.68': attribute type 10 has an invalid length. [ 60.271335][ T6426] netlink: 40 bytes leftover after parsing attributes in process `syz.3.68'. [ 61.161730][ T6424] delete_channel: no stack [ 62.106298][ T6446] fuseblk: Unknown parameter 'rootmode000000000120000' [ 62.109429][ T6450] kvm: user requested TSC rate below hardware speed [ 62.115367][ T6450] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer. [ 62.220867][ T6460] FAULT_INJECTION: forcing a failure. [ 62.220867][ T6460] name failslab, interval 1, probability 0, space 0, times 1 [ 62.228160][ T6460] CPU: 3 UID: 0 PID: 6460 Comm: syz.1.77 Not tainted 6.17.0-rc2-syzkaller-00028-gbe48bcf004f9 #0 PREEMPT(full) [ 62.228178][ T6460] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 62.228185][ T6460] Call Trace: [ 62.228189][ T6460] [ 62.228193][ T6460] dump_stack_lvl+0x16c/0x1f0 [ 62.228212][ T6460] should_fail_ex+0x512/0x640 [ 62.228228][ T6460] should_failslab+0xc2/0x120 [ 62.228243][ T6460] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 62.228258][ T6460] ? __alloc_skb+0x2b2/0x380 [ 62.228272][ T6460] __alloc_skb+0x2b2/0x380 [ 62.228284][ T6460] ? __pfx___alloc_skb+0x10/0x10 [ 62.228296][ T6460] ? do_raw_spin_lock+0x12c/0x2b0 [ 62.228317][ T6460] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 62.228333][ T6460] ? stack_depot_save_flags+0x3de/0x9c0 [ 62.228350][ T6460] alloc_skb_with_frags+0xe0/0x860 [ 62.228365][ T6460] ? rcu_is_watching+0x12/0xc0 [ 62.228377][ T6460] ? rcu_is_watching+0x12/0xc0 [ 62.228388][ T6460] sock_alloc_send_pskb+0x7fb/0x990 [ 62.228402][ T6460] ? ref_tracker_alloc+0x305/0x5b0 [ 62.228418][ T6460] ? dst_init+0xda/0x580 [ 62.228430][ T6460] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 62.228443][ T6460] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 62.228458][ T6460] ? do_sendfile+0xb06/0xe50 [ 62.228470][ T6460] ? __do_fast_syscall_32+0x7c/0x3a0 [ 62.228485][ T6460] ? rt_set_nexthop.constprop.0+0x673/0x12e0 [ 62.228496][ T6460] ? rcu_is_watching+0x12/0xc0 [ 62.228506][ T6460] ? rt_set_nexthop.constprop.0+0x673/0x12e0 [ 62.228517][ T6460] ? rcu_is_watching+0x12/0xc0 [ 62.228528][ T6460] __ip_append_data+0x2149/0x41c0 [ 62.228545][ T6460] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 62.228559][ T6460] ? rcu_is_watching+0x12/0xc0 [ 62.228570][ T6460] ? ip_dst_mtu_maybe_forward.constprop.0+0x314/0x6e0 [ 62.228589][ T6460] ? __pfx___ip_append_data+0x10/0x10 [ 62.228605][ T6460] ip_append_data+0x10f/0x1a0 [ 62.228620][ T6460] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 62.228635][ T6460] udp_sendmsg+0x1267/0x2870 [ 62.228651][ T6460] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 62.228666][ T6460] ? __pfx_udp_sendmsg+0x10/0x10 [ 62.228681][ T6460] ? rcu_is_watching+0x12/0xc0 [ 62.228692][ T6460] ? lock_release+0x201/0x2f0 [ 62.228705][ T6460] ? bpf_ksym_find+0x124/0x1c0 [ 62.228716][ T6460] ? kernel_text_address+0x8d/0x100 [ 62.228727][ T6460] ? aa_sk_perm+0x2f4/0xb10 [ 62.228744][ T6460] ? __pfx_udp_sendmsg+0x10/0x10 [ 62.228759][ T6460] inet_sendmsg+0x105/0x140 [ 62.228769][ T6460] sock_sendmsg+0x37f/0x470 [ 62.228778][ T6460] ? kasan_save_track+0x14/0x30 [ 62.228791][ T6460] ? __pfx_sock_sendmsg+0x10/0x10 [ 62.228799][ T6460] ? copy_splice_read+0x897/0xc20 [ 62.228814][ T6460] splice_to_socket+0xaf6/0x1110 [ 62.228828][ T6460] ? __pfx_splice_to_socket+0x10/0x10 [ 62.228839][ T6460] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 62.228883][ T6460] ? lockdep_init_map_type+0x5c/0x280 [ 62.228898][ T6460] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 62.228911][ T6460] ? __pfx_splice_to_socket+0x10/0x10 [ 62.228923][ T6460] direct_splice_actor+0x18f/0x6c0 [ 62.228934][ T6460] splice_direct_to_actor+0x345/0xa30 [ 62.228945][ T6460] ? __pfx_direct_splice_actor+0x10/0x10 [ 62.228958][ T6460] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 62.228970][ T6460] do_splice_direct+0x174/0x240 [ 62.228981][ T6460] ? __pfx_do_splice_direct+0x10/0x10 [ 62.228991][ T6460] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 62.229007][ T6460] ? bpf_lsm_file_permission+0x9/0x10 [ 62.229023][ T6460] ? security_file_permission+0x71/0x210 [ 62.229039][ T6460] ? rw_verify_area+0xcf/0x6c0 [ 62.229050][ T6460] do_sendfile+0xb06/0xe50 [ 62.229062][ T6460] ? __pfx_do_sendfile+0x10/0x10 [ 62.229073][ T6460] ? __fget_files+0x20e/0x3c0 [ 62.229087][ T6460] __ia32_compat_sys_sendfile+0x1e5/0x220 [ 62.229102][ T6460] ? ksys_write+0x1ac/0x250 [ 62.229114][ T6460] ? __pfx___ia32_compat_sys_sendfile+0x10/0x10 [ 62.229130][ T6460] ? rcu_is_watching+0x12/0xc0 [ 62.229141][ T6460] __do_fast_syscall_32+0x7c/0x3a0 [ 62.229156][ T6460] do_fast_syscall_32+0x32/0x80 [ 62.229170][ T6460] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 62.229184][ T6460] RIP: 0023:0xf7fe6579 [ 62.229193][ T6460] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 62.229203][ T6460] RSP: 002b:00000000f550655c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb [ 62.229214][ T6460] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000003 [ 62.229220][ T6460] RDX: 0000000000000000 RSI: 0000000000023893 RDI: 0000000000000000 [ 62.229226][ T6460] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 62.229233][ T6460] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 62.229239][ T6460] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 62.229247][ T6460] [ 62.354577][ T6038] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 62.565301][ T6038] usb 8-1: Using ep0 maxpacket: 8 [ 62.571918][ T6038] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 62.575662][ T6038] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 62.578692][ T6038] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 62.581917][ T6038] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 62.587475][ T6038] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 62.590808][ T6038] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.799499][ T6038] usb 8-1: GET_CAPABILITIES returned 0 [ 62.801351][ T6038] usbtmc 8-1:16.0: can't read capabilities [ 63.012555][ C2] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 63.015461][ C2] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 63.018231][ C2] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 63.021014][ C2] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 63.023776][ C2] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 63.026568][ C2] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 63.029357][ C2] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 63.033110][ C2] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 63.035944][ C2] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 63.038722][ C2] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 63.041507][ C2] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 63.044307][ C2] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 63.047312][ C2] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 63.050114][ C2] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 63.053057][ C2] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 63.055853][ C2] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -2 [ 63.060822][ T59] usb 8-1: USB disconnect, device number 3 [ 63.764476][ T6542] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -29824, delta: 1 [ 63.768975][ T6542] ref_ctr increment failed for inode: 0x63 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804971ab00 [ 63.777488][ T40] audit: type=1804 audit(1755571450.156:17): pid=6542 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.87" name="/newroot/15/file0" dev="tmpfs" ino=99 res=1 errno=0 [ 63.796087][ T6542] netlink: 'syz.3.87': attribute type 10 has an invalid length. [ 63.798455][ T6542] netlink: 40 bytes leftover after parsing attributes in process `syz.3.87'. [ 64.152085][ T6553] program syz.0.91 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 65.053634][ T6559] fuseblk: Unknown parameter 'rootmode000000000120000' [ 65.341136][ T6531] delete_channel: no stack [ 65.955843][ T6580] JFS: discard option not supported on device [ 65.958973][ T6580] Mount JFS Failure: -22 [ 65.960904][ T6580] jfs_mount failed w/return code = -22 [ 66.084419][ T6038] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 66.244403][ T6038] usb 7-1: Using ep0 maxpacket: 8 [ 66.312732][ T6038] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 66.317047][ T6038] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 66.321227][ T6038] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 66.325096][ T6038] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 66.334357][ T6038] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 66.337104][ T6038] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.548528][ T6038] usb 7-1: usb_control_msg returned -32 [ 66.550346][ T6038] usbtmc 7-1:16.0: can't read capabilities [ 66.606213][ T6553] Set syz1 is full, maxelem 65536 reached [ 66.863152][ T6635] netlink: 8 bytes leftover after parsing attributes in process `syz.3.122'. [ 66.942166][ T6651] tipc: Started in network mode [ 66.943742][ T6651] tipc: Node identity f60cb7e9796, cluster identity 4711 [ 66.946957][ T6651] tipc: Enabled bearer , priority 0 [ 66.960845][ T6651] syzkaller0: entered promiscuous mode [ 66.963025][ T6651] syzkaller0: entered allmulticast mode [ 66.966215][ T6651] tipc: Resetting bearer [ 66.975120][ T6650] tipc: Resetting bearer [ 67.076292][ T6650] tipc: Disabling bearer [ 67.130886][ T6665] tipc: Started in network mode [ 67.132520][ T6665] tipc: Node identity ac14140f, cluster identity 4711 [ 67.135008][ T6665] tipc: New replicast peer: 255.255.255.255 [ 67.137066][ T6665] tipc: Enabled bearer , priority 10 [ 67.158399][ T6671] netlink: 12 bytes leftover after parsing attributes in process `syz.3.140'. [ 67.274703][ T6675] nbd0: detected capacity change from 0 to 127 [ 67.279188][ T5339] block nbd0: Receive control failed (result -104) [ 67.302599][ T6685] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 67.345586][ T6693] netlink: 12 bytes leftover after parsing attributes in process `syz.3.151'. [ 67.347160][ T6695] netlink: 28 bytes leftover after parsing attributes in process `syz.0.152'. [ 67.351278][ T6695] netlink: 28 bytes leftover after parsing attributes in process `syz.0.152'. [ 67.357447][ T6695] gretap0: entered promiscuous mode [ 67.359571][ T6695] batadv_slave_1: entered promiscuous mode [ 67.372834][ T6697] tipc: Enabled bearer , priority 0 [ 67.376483][ T6697] syzkaller0: entered promiscuous mode [ 67.378744][ T6697] syzkaller0: entered allmulticast mode [ 67.384706][ T6697] tipc: Resetting bearer [ 67.387238][ T6696] tipc: Resetting bearer [ 67.389768][ T6696] tipc: Disabling bearer [ 67.392678][ T6699] netlink: 8 bytes leftover after parsing attributes in process `syz.0.154'. [ 67.428891][ T6703] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 67.433655][ T6703] netlink: 'syz.0.156': attribute type 33 has an invalid length. [ 67.436503][ T6703] netlink: 152 bytes leftover after parsing attributes in process `syz.0.156'. [ 67.442605][ T6703] netlink: 4 bytes leftover after parsing attributes in process `syz.0.156'. [ 67.447345][ T6703] bridge0: port 3(dummy0) entered disabled state [ 67.450983][ T6703] bridge0: port 3(dummy0) entered disabled state [ 67.480313][ T6707] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 67.541997][ T6713] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.544590][ T6713] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.546824][ T6713] bridge0: port 1(bridge_slave_0) entered forwarding state [ 67.588605][ T6719] netlink: 'syz.0.163': attribute type 1 has an invalid length. [ 67.591064][ T6719] netlink: 224 bytes leftover after parsing attributes in process `syz.0.163'. [ 67.657599][ T6723] batadv_slave_0: entered promiscuous mode [ 67.660011][ T6723] batadv_slave_0: left promiscuous mode [ 68.134343][ T6012] tipc: Node number set to 2886997007 [ 68.525654][ T40] audit: type=1804 audit(1755571454.926:18): pid=6743 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.171" name="/newroot/45/file0" dev="tmpfs" ino=254 res=1 errno=0 [ 68.525834][ T6743] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -29824, delta: 1 [ 68.535097][ T6743] ref_ctr increment failed for inode: 0xfe offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888013bfd600 [ 68.542370][ T6743] netlink: 'syz.1.171': attribute type 10 has an invalid length. [ 68.857899][ T72] usb 7-1: USB disconnect, device number 2 [ 69.556729][ T6763] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -29824, delta: 1 [ 69.559395][ T6763] ref_ctr increment failed for inode: 0x109 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888013bf8ac0 [ 69.569999][ T6763] netlink: 'syz.1.176': attribute type 10 has an invalid length. [ 69.572537][ T6763] __nla_validate_parse: 2 callbacks suppressed [ 69.572575][ T6763] netlink: 40 bytes leftover after parsing attributes in process `syz.1.176'. [ 69.587957][ T40] audit: type=1804 audit(1755571455.956:19): pid=6763 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.176" name="/newroot/47/file0" dev="tmpfs" ino=265 res=1 errno=0 [ 70.022792][ T6769] vlan2: entered promiscuous mode [ 70.024832][ T6769] bridge0: entered promiscuous mode [ 70.026875][ T6769] vlan2: entered allmulticast mode [ 70.028469][ T6769] bridge0: entered allmulticast mode [ 70.305262][ T6752] delete_channel: no stack [ 70.338784][ T6772] netlink: 4 bytes leftover after parsing attributes in process `syz.1.180'. [ 70.346477][ T6772] netlink: 72 bytes leftover after parsing attributes in process `syz.1.180'. [ 70.355249][ T6761] fuseblk: Unknown parameter 'rootmode000000000120000' [ 70.570323][ T40] audit: type=1804 audit(1755571456.966:20): pid=6779 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.182" name="/newroot/50/file0" dev="tmpfs" ino=281 res=1 errno=0 [ 70.570886][ T6779] netlink: 'syz.1.182': attribute type 10 has an invalid length. [ 70.579297][ T6779] netlink: 40 bytes leftover after parsing attributes in process `syz.1.182'. [ 70.916003][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.439092][ T6797] fuseblk: Unknown parameter 'rootmode000000000120000' [ 73.371655][ T40] audit: type=1804 audit(1755571459.766:21): pid=6822 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.197" name="/newroot/35/file0" dev="tmpfs" ino=198 res=1 errno=0 [ 73.379485][ T6822] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -29824, delta: 1 [ 73.382053][ T6822] ref_ctr increment failed for inode: 0xc6 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888028005600 [ 73.393319][ T6822] netlink: 'syz.2.197': attribute type 10 has an invalid length. [ 73.395914][ T6822] netlink: 40 bytes leftover after parsing attributes in process `syz.2.197'. [ 73.704547][ T6812] fuseblk: Unknown parameter 'rootmode000000000120000' [ 74.402748][ T6829] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 75.308384][ T6860] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 76.297085][ T40] audit: type=1804 audit(1755571462.696:22): pid=6868 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.210" name="/newroot/68/file0" dev="tmpfs" ino=369 res=1 errno=0 [ 76.309515][ T6868] netlink: 'syz.0.210': attribute type 10 has an invalid length. [ 76.312751][ T6868] netlink: 40 bytes leftover after parsing attributes in process `syz.0.210'. [ 76.786705][ T40] audit: type=1804 audit(1755571463.186:23): pid=6871 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.211" name="/newroot/60/file0" dev="tmpfs" ino=335 res=1 errno=0 [ 76.790173][ T6871] netlink: 'syz.1.211': attribute type 10 has an invalid length. [ 76.795602][ T6871] netlink: 40 bytes leftover after parsing attributes in process `syz.1.211'. [ 78.374350][ T72] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 78.584324][ T72] usb 8-1: Using ep0 maxpacket: 8 [ 78.605084][ T72] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 78.608377][ T72] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 78.611586][ T72] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 78.615100][ T72] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 78.619077][ T72] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 78.621946][ T72] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.834418][ T72] usb 8-1: GET_CAPABILITIES returned 0 [ 78.836206][ T72] usbtmc 8-1:16.0: can't read capabilities [ 79.037325][ C2] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 79.040581][ T72] usb 8-1: USB disconnect, device number 4 [ 79.288155][ T6937] fuseblk: Unknown parameter 'rootmode000000000120000' [ 79.846238][ T6981] fuseblk: Unknown parameter 'rootmode000000000120000' [ 80.137847][ T6999] netlink: 4 bytes leftover after parsing attributes in process `syz.0.232'. [ 80.141919][ T6999] netlink: 72 bytes leftover after parsing attributes in process `syz.0.232'. [ 80.525184][ T7014] netlink: 12 bytes leftover after parsing attributes in process `syz.1.236'. [ 80.788639][ T7020] netlink: 4 bytes leftover after parsing attributes in process `syz.2.239'. [ 80.804303][ T841] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 80.851629][ T40] audit: type=1326 audit(1755571467.246:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.2.242" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff3579 code=0x7ffc0000 [ 80.858253][ T40] audit: type=1326 audit(1755571467.246:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.2.242" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff3579 code=0x7ffc0000 [ 80.865759][ T40] audit: type=1326 audit(1755571467.246:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.2.242" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7ff3579 code=0x7ffc0000 [ 80.874672][ T40] audit: type=1326 audit(1755571467.246:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.2.242" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff3579 code=0x7ffc0000 [ 80.881059][ T40] audit: type=1326 audit(1755571467.246:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.2.242" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7ff3579 code=0x7ffc0000 [ 80.887994][ T40] audit: type=1326 audit(1755571467.246:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.2.242" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff3579 code=0x7ffc0000 [ 80.894890][ T40] audit: type=1326 audit(1755571467.246:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.2.242" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff3579 code=0x7ffc0000 [ 80.902131][ T40] audit: type=1326 audit(1755571467.246:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.2.242" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7ff3579 code=0x7ffc0000 [ 80.966053][ T841] usb 6-1: config 255 has an invalid interface number: 166 but max is 0 [ 80.968545][ T841] usb 6-1: config 255 has no interface number 0 [ 80.970414][ T841] usb 6-1: config 255 interface 166 has no altsetting 0 [ 80.973947][ T841] usb 6-1: New USB device found, idVendor=05ab, idProduct=0060, bcdDevice=11.0c [ 80.976834][ T841] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 80.979180][ T841] usb 6-1: Product: syz [ 80.980426][ T841] usb 6-1: Manufacturer: syz [ 80.981831][ T841] usb 6-1: SerialNumber: syz [ 81.164835][ T1329] cfg80211: failed to load regulatory.db [ 81.187715][ T841] usb-storage 6-1:255.166: USB Mass Storage device detected [ 81.191699][ T841] usb-storage 6-1:255.166: Quirks match for vid 05ab pid 0060: 2 [ 81.239514][ T841] usb 6-1: USB disconnect, device number 2 [ 81.940280][ T40] kauditd_printk_skb: 11 callbacks suppressed [ 81.940293][ T40] audit: type=1326 audit(1755571468.336:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7043 comm="syz.1.248" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7ffc0000 [ 81.948726][ T40] audit: type=1326 audit(1755571468.336:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7043 comm="syz.1.248" exe="/syz-executor" sig=0 arch=40000003 syscall=120 compat=1 ip=0xf7fe6579 code=0x7ffc0000 [ 81.956053][ T40] audit: type=1326 audit(1755571468.346:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7043 comm="syz.1.248" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7ffc0000 [ 81.963040][ T40] audit: type=1326 audit(1755571468.346:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7043 comm="syz.1.248" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7ffc0000 [ 81.970162][ T40] audit: type=1326 audit(1755571468.346:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7047 comm="syz.1.248" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf7fe6579 code=0x7ffc0000 [ 81.977383][ T40] audit: type=1326 audit(1755571468.346:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7043 comm="syz.1.248" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7fe6579 code=0x7ffc0000 [ 81.984434][ T40] audit: type=1326 audit(1755571468.346:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7043 comm="syz.1.248" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7ffc0000 [ 81.992065][ T40] audit: type=1326 audit(1755571468.346:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7043 comm="syz.1.248" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7ffc0000 [ 81.999513][ T40] audit: type=1326 audit(1755571468.346:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7043 comm="syz.1.248" exe="/syz-executor" sig=0 arch=40000003 syscall=349 compat=1 ip=0xf7fe6579 code=0x7ffc0000 [ 82.007903][ T40] audit: type=1326 audit(1755571468.346:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7043 comm="syz.1.248" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7ffc0000 [ 83.119646][ T7092] netlink: 4 bytes leftover after parsing attributes in process `syz.3.265'. [ 83.124989][ T7092] netlink: 72 bytes leftover after parsing attributes in process `syz.3.265'. [ 83.479631][ T7112] bridge: RTM_NEWNEIGH with invalid ether address [ 83.820314][ T7120] netlink: 4 bytes leftover after parsing attributes in process `syz.1.274'. [ 83.823838][ T7120] netlink: 72 bytes leftover after parsing attributes in process `syz.1.274'. [ 84.464602][ T34] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 84.558529][ T7143] netlink: 4 bytes leftover after parsing attributes in process `syz.2.283'. [ 84.562853][ T7143] netlink: 72 bytes leftover after parsing attributes in process `syz.2.283'. [ 84.625738][ T34] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 84.629101][ T34] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 84.631971][ T34] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 84.637205][ T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.640668][ T34] usb 5-1: config 0 descriptor?? [ 85.250449][ T34] usb 5-1: string descriptor 0 read error: -22 [ 85.452992][ T34] input: HID 256c:006d as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/0003:256C:006D.0002/input/input5 [ 85.525868][ T34] uclogic 0003:256C:006D.0002: input,hidraw1: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.0-1/input0 [ 85.652784][ T841] usb 5-1: USB disconnect, device number 3 [ 86.207490][ T7179] netlink: 4 bytes leftover after parsing attributes in process `syz.0.292'. [ 86.211709][ T7179] netlink: 72 bytes leftover after parsing attributes in process `syz.0.292'. [ 87.214368][ T59] usb 7-1: new full-speed USB device number 3 using dummy_hcd [ 87.365907][ T59] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 87.369977][ T59] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 87.374160][ T59] usb 7-1: New USB device found, idVendor=056a, idProduct=00b1, bcdDevice= 0.00 [ 87.380114][ T59] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.388213][ T59] usb 7-1: config 0 descriptor?? [ 87.493906][ T7211] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.518988][ T7213] netlink: 4 bytes leftover after parsing attributes in process `syz.1.302'. [ 87.798610][ T59] wacom 0003:056A:00B1.0003: unknown main item tag 0x0 [ 87.800994][ T59] wacom 0003:056A:00B1.0003: unknown main item tag 0x0 [ 87.803222][ T59] wacom 0003:056A:00B1.0003: unknown main item tag 0x0 [ 87.806394][ T59] wacom 0003:056A:00B1.0003: unknown main item tag 0x0 [ 87.808647][ T59] wacom 0003:056A:00B1.0003: unknown main item tag 0x0 [ 87.998306][ T59] usb 7-1: USB disconnect, device number 3 [ 88.076332][ T7223] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 90.480682][ T7310] trusted_key: encrypted_key: insufficient parameters specified [ 91.523940][ T7357] ipvlan2: entered promiscuous mode [ 91.526639][ T7357] bridge0: port 4(ipvlan2) entered blocking state [ 91.529030][ T7357] bridge0: port 4(ipvlan2) entered disabled state [ 91.531341][ T7357] ipvlan2: entered allmulticast mode [ 91.533320][ T7357] bridge0: entered allmulticast mode [ 91.536021][ T7357] ipvlan2: left allmulticast mode [ 91.538054][ T7357] bridge0: left allmulticast mode [ 91.812506][ T7363] netlink: 4 bytes leftover after parsing attributes in process `syz.1.341'. [ 92.724821][ T7384] loop6: detected capacity change from 0 to 524287999 [ 93.144655][ T7390] Bluetooth: MGMT ver 1.23 [ 93.164862][ T7390] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 93.167441][ T7390] batadv_slave_0: entered promiscuous mode [ 94.965368][ T7435] No control pipe specified [ 95.100528][ T7440] nbd: must specify at least one socket [ 95.173710][ T7446] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 95.175965][ T7446] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 95.180527][ T7446] vhci_hcd vhci_hcd.0: Device attached [ 95.424306][ T6012] usb 41-1: new high-speed USB device number 2 using vhci_hcd [ 96.008389][ T7451] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 96.425063][ T7472] nbd: must specify at least one socket [ 96.445718][ T7448] vhci_hcd: connection reset by peer [ 96.449241][ T13] vhci_hcd: stop threads [ 96.450665][ T13] vhci_hcd: release socket [ 96.462290][ T13] vhci_hcd: disconnect device [ 96.503318][ T7483] input: syz0 as /devices/virtual/input/input6 [ 96.696988][ T7499] trusted_key: encrypted_key: insufficient parameters specified [ 97.297671][ T7502] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.360281][ T7502] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.421041][ T7504] nbd: must specify a size in bytes for the device [ 97.450373][ T7502] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.466366][ T7512] netlink: 72 bytes leftover after parsing attributes in process `syz.3.391'. [ 97.499885][ T7502] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.583692][ T74] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.588529][ T74] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.593476][ T74] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.598736][ T74] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.673729][ T7530] nbd: must specify a size in bytes for the device [ 97.779423][ T7545] random: crng reseeded on system resumption [ 97.836911][ T1166] block nbd0: Possible stuck request ffff888026160000: control (read@0,1024B). Runtime 30 seconds [ 97.840945][ T1166] block nbd0: Possible stuck request ffff8880261601c0: control (read@1024,1024B). Runtime 30 seconds [ 97.844393][ T1166] block nbd0: Possible stuck request ffff888026160380: control (read@2048,1024B). Runtime 30 seconds [ 97.847935][ T1166] block nbd0: Possible stuck request ffff888026160540: control (read@3072,1024B). Runtime 30 seconds [ 98.106241][ T7555] ubi31: attaching mtd0 [ 98.108230][ T7555] ubi31: scanning is finished [ 98.109741][ T7555] ubi31: empty MTD device detected [ 98.165455][ T7555] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 98.165472][ T7555] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 98.165481][ T7555] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 98.165491][ T7555] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 98.165499][ T7555] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 98.165508][ T7555] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 98.165517][ T7555] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2824179885 [ 98.165528][ T7555] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 98.165543][ T7556] ubi31: background thread "ubi_bgt31d" started, PID 7556 [ 98.547885][ T7562] nbd: must specify a size in bytes for the device [ 98.568272][ T7565] netlink: 72 bytes leftover after parsing attributes in process `syz.2.408'. [ 98.681635][ T7571] netlink: 20 bytes leftover after parsing attributes in process `syz.0.411'. [ 98.709782][ T7575] netlink: 72 bytes leftover after parsing attributes in process `syz.0.418'. [ 99.643298][ T7588] netlink: 8 bytes leftover after parsing attributes in process `syz.1.416'. [ 99.904364][ T61] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 100.011840][ T5339] Bluetooth: hci1: unexpected event 0x2f length: 509 > 260 [ 100.055613][ T61] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 100.061382][ T61] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 100.065260][ T61] usb 6-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 100.068727][ T61] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.074988][ T61] usb 6-1: config 0 descriptor?? [ 100.481683][ T61] hid-steam 0003:28DE:1142.0004: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.1-1/input0 [ 100.504378][ T6012] vhci_hcd: vhci_device speed not set [ 100.544361][ T61] hid-steam 0003:28DE:1142.0004: Steam wireless receiver connected [ 100.548791][ T61] hid-steam 0003:28DE:1142.0005: hidraw1: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.1-1/input0 [ 100.750912][ T61] usb 6-1: USB disconnect, device number 3 [ 100.757170][ T61] hid-steam 0003:28DE:1142.0004: Steam wireless receiver disconnected [ 100.766613][ T7622] No control pipe specified [ 100.877090][ T7623] netlink: 20 bytes leftover after parsing attributes in process `syz.3.427'. [ 101.270833][ T7629] bridge0: port 4(syz_tun) entered blocking state [ 101.272954][ T7629] bridge0: port 4(syz_tun) entered disabled state [ 101.275249][ T7629] syz_tun: entered allmulticast mode [ 101.277379][ T7629] syz_tun: entered promiscuous mode [ 101.279195][ T7629] bridge0: port 4(syz_tun) entered blocking state [ 101.281263][ T7629] bridge0: port 4(syz_tun) entered forwarding state [ 101.604761][ T7643] netlink: 28 bytes leftover after parsing attributes in process `syz.3.436'. [ 101.790342][ T7647] No control pipe specified [ 102.341826][ T7667] netlink: 72 bytes leftover after parsing attributes in process `syz.0.445'. [ 102.394713][ T59] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 102.443205][ T7676] input: syz0 as /devices/virtual/input/input7 [ 102.526958][ T7683] No control pipe specified [ 102.554372][ T59] usb 8-1: Using ep0 maxpacket: 16 [ 102.557787][ T59] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 102.561683][ T59] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 102.567194][ T59] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 102.570868][ T59] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.574126][ T59] usb 8-1: Product: syz [ 102.576486][ T59] usb 8-1: Manufacturer: syz [ 102.578343][ T59] usb 8-1: SerialNumber: syz [ 102.647947][ T7696] input: syz0 as /devices/virtual/input/input8 [ 102.727350][ T7704] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 102.813279][ T7706] process 'syz.0.462' launched './file1' with NULL argv: empty string added [ 102.986635][ T59] usb 8-1: cannot find UAC_HEADER [ 102.994123][ T59] snd-usb-audio 8-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 103.000551][ T59] usb 8-1: USB disconnect, device number 5 [ 103.007240][ T5978] udevd[5978]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 103.813648][ T7727] input: syz0 as /devices/virtual/input/input9 [ 103.868737][ T7735] netlink: 72 bytes leftover after parsing attributes in process `syz.0.474'. [ 104.491146][ T5339] Bluetooth: hci2: unexpected cc 0x100c length: 65 > 3 [ 104.755819][ T7760] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 105.316253][ C1] vcan0: j1939_tp_rxtimer: 0xffff888060188000: rx timeout, send abort [ 105.818883][ C1] vcan0: j1939_tp_rxtimer: 0xffff888060188000: abort rx timeout. Force session deactivation [ 106.950252][ T7798] netlink: 12 bytes leftover after parsing attributes in process `syz.0.495'. [ 107.048679][ T7805] input: syz0 as /devices/virtual/input/input11 [ 107.054179][ T7808] netlink: 12 bytes leftover after parsing attributes in process `syz.3.505'. [ 107.074196][ T7813] netlink: 'syz.3.502': attribute type 1 has an invalid length. [ 107.077423][ T7813] netlink: 224 bytes leftover after parsing attributes in process `syz.3.502'. [ 107.918614][ T7837] input: syz0 as /devices/virtual/input/input12 [ 108.003357][ T7845] netlink: 12 bytes leftover after parsing attributes in process `syz.0.515'. [ 108.032652][ T5339] Bluetooth: hci2: connection err: -111 [ 108.056348][ T7852] netlink: 72 bytes leftover after parsing attributes in process `syz.1.518'. [ 108.801453][ T7872] input: syz0 as /devices/virtual/input/input13 [ 108.827162][ T7874] netlink: 12 bytes leftover after parsing attributes in process `syz.2.525'. [ 108.844821][ T7878] netlink: 72 bytes leftover after parsing attributes in process `syz.3.527'. [ 108.971061][ T7890] netlink: 8 bytes leftover after parsing attributes in process `syz.3.533'. [ 109.065656][ T7896] IPVS: set_ctl: invalid protocol: 0 10.1.1.1:20001 [ 109.716051][ T7907] netlink: 12 bytes leftover after parsing attributes in process `syz.0.539'. [ 109.746134][ T7912] netlink: 72 bytes leftover after parsing attributes in process `syz.0.540'. [ 109.765088][ T7914] netlink: 8 bytes leftover after parsing attributes in process `syz.2.542'. [ 110.015347][ T7932] netlink: 12 bytes leftover after parsing attributes in process `syz.3.549'. [ 110.550265][ T7939] netlink: 12 bytes leftover after parsing attributes in process `syz.3.559'. [ 110.560277][ T40] kauditd_printk_skb: 43 callbacks suppressed [ 110.560289][ T40] audit: type=1804 audit(1755571496.956:96): pid=7940 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.551" name="/newroot/116/file0" dev="tmpfs" ino=612 res=1 errno=0 [ 110.561155][ T7940] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -29824, delta: 1 [ 110.572194][ T7940] ref_ctr increment failed for inode: 0x264 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88802427d600 [ 110.586587][ T7940] netlink: 'syz.2.551': attribute type 10 has an invalid length. [ 110.589191][ T7940] netlink: 40 bytes leftover after parsing attributes in process `syz.2.551'. [ 111.136334][ T7936] delete_channel: no stack [ 111.164946][ T7957] netlink: 12 bytes leftover after parsing attributes in process `syz.2.561'. [ 111.557467][ T7970] netlink: 4 bytes leftover after parsing attributes in process `syz.3.567'. [ 111.561660][ T7970] bridge0: port 3(dummy0) entered disabled state [ 112.151754][ T7981] netlink: 12 bytes leftover after parsing attributes in process `syz.2.570'. [ 112.729483][ T5339] Bluetooth: hci1: unexpected cc 0x100c length: 65 > 3 [ 112.780246][ T7994] netlink: 'syz.2.576': attribute type 33 has an invalid length. [ 112.783241][ T12] bridge0: port 3(dummy0) entered disabled state [ 112.895610][ T8003] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 113.421069][ T8009] input: syz0 as /devices/virtual/input/input14 [ 113.452560][ T5339] Bluetooth: hci2: unexpected cc 0x100c length: 65 > 3 [ 113.487175][ T8017] netlink: 'syz.1.586': attribute type 33 has an invalid length. [ 113.784708][ T74] bridge0: port 3(dummy0) entered disabled state [ 113.796791][ T8031] input: syz0 as /devices/virtual/input/input15 [ 113.901596][ T5339] Bluetooth: hci1: unexpected cc 0x100c length: 65 > 3 [ 113.918062][ T8039] netlink: 'syz.2.595': attribute type 33 has an invalid length. [ 114.557904][ T8057] input: syz0 as /devices/virtual/input/input16 [ 114.582270][ T74] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.585294][ T74] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.614614][ T72] ------------[ cut here ]------------ [ 114.616444][ T72] no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0x0 with flags 0x0 [ 114.620767][ T72] WARNING: CPU: 2 PID: 72 at net/mac80211/rate.c:398 __rate_control_send_low+0x661/0x780 [ 114.624795][ T72] Modules linked in: [ 114.626784][ T72] CPU: 2 UID: 0 PID: 72 Comm: kworker/2:2 Not tainted 6.17.0-rc2-syzkaller-00028-gbe48bcf004f9 #0 PREEMPT(full) [ 114.632689][ T72] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 114.637079][ T72] Workqueue: mld mld_ifc_work [ 114.639005][ T72] RIP: 0010:__rate_control_send_low+0x661/0x780 [ 114.641509][ T72] Code: a4 a0 d4 00 00 00 e8 8e f1 b4 f6 44 8b 44 24 24 45 89 e9 89 d9 48 8b 74 24 08 44 89 e2 48 c7 c7 80 e6 08 8d e8 20 e4 73 f6 90 <0f> 0b 90 90 e9 26 fd ff ff 48 8b 3c 24 e8 0d 4f 1a f7 e9 fb fc ff [ 114.648839][ T72] RSP: 0018:ffffc90000bdea70 EFLAGS: 00010282 [ 114.650811][ T72] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817a02c8 [ 114.653375][ T72] RDX: ffff8880213f0000 RSI: ffffffff817a02d5 RDI: 0000000000000001 [ 114.656002][ T72] RBP: ffff888051ac7e28 R08: 0000000000000001 R09: 0000000000000000 [ 114.658509][ T72] R10: 0000000000000000 R11: 6f70707573206f6e R12: 00000000ffffffff [ 114.661016][ T72] R13: 0000000000000000 R14: 000000000000000c R15: ffff888051ac7e30 [ 114.663526][ T72] FS: 0000000000000000(0000) GS:ffff8880976c4000(0000) knlGS:0000000000000000 [ 114.666440][ T72] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 114.668533][ T72] CR2: 00000000578434c0 CR3: 0000000065cdb000 CR4: 0000000000352ef0 [ 114.671065][ T72] Call Trace: [ 114.672163][ T72] [ 114.673126][ T72] rate_control_send_low+0x29a/0x820 [ 114.674926][ T72] ? rcu_is_watching+0x12/0xc0 [ 114.676464][ T72] rate_control_get_rate+0x1be/0x5e0 [ 114.678168][ T72] ieee80211_tx_h_rate_ctrl+0xad3/0x1a90 [ 114.679978][ T72] ? debug_object_activate+0x200/0x4c0 [ 114.681713][ T72] ? __pfx_ieee80211_tx_h_rate_ctrl+0x10/0x10 [ 114.683678][ T72] ? __pfx_debug_object_activate+0x10/0x10 [ 114.685631][ T72] invoke_tx_handlers_late+0x119a/0x27a0 [ 114.687466][ T72] ? ieee80211_tx_dequeue+0xcca/0x43e0 [ 114.689220][ T72] ? rcu_is_watching+0x12/0xc0 [ 114.690751][ T72] ? ieee80211_tx_dequeue+0x3d8/0x43e0 [ 114.692506][ T72] ? rcu_is_watching+0x12/0xc0 [ 114.694066][ T72] ? ieee80211_tx_h_select_key+0x2c9/0x1bc0 [ 114.696036][ T72] ieee80211_tx_dequeue+0x3082/0x43e0 [ 114.697745][ T72] ? __pfx___skb_flow_dissect+0x10/0x10 [ 114.699514][ T72] ? __pfx_ieee80211_tx_dequeue+0x10/0x10 [ 114.701332][ T72] ? do_raw_spin_lock+0x12c/0x2b0 [ 114.702959][ T72] ? ieee80211_next_txq+0xd8/0xa50 [ 114.704662][ T72] ieee80211_handle_wake_tx_queue+0x19c/0x260 [ 114.706592][ T72] ? __pfx_ieee80211_handle_wake_tx_queue+0x10/0x10 [ 114.708660][ T72] ? __pfx___ieee80211_schedule_txq+0x10/0x10 [ 114.710600][ T72] ? rcu_is_watching+0x12/0xc0 [ 114.712088][ T72] ? ieee80211_queue_skb+0xfd6/0x1fe0 [ 114.713875][ T72] ieee80211_queue_skb+0x12b2/0x1fe0 [ 114.715660][ T72] ieee80211_tx+0x2e4/0x420 [ 114.717137][ T72] ? __pfx_ieee80211_tx+0x10/0x10 [ 114.718762][ T72] ? ieee80211_skb_resize+0x22a/0x630 [ 114.720474][ T72] ? ieee80211_set_qos_hdr+0xba/0x3f0 [ 114.722178][ T72] ieee80211_xmit+0x30f/0x3e0 [ 114.723735][ T72] __ieee80211_subif_start_xmit+0x880/0x1390 [ 114.725705][ T72] ? neigh_resolve_output+0x53a/0x940 [ 114.727451][ T72] ? __pfx___ieee80211_subif_start_xmit+0x10/0x10 [ 114.729468][ T72] ? mld_sendpack+0x9ea/0x1270 [ 114.730981][ T72] ? process_one_work+0x9cc/0x1b70 [ 114.732620][ T72] ? worker_thread+0x6c8/0xf10 [ 114.734154][ T72] ? kthread+0x3c2/0x780 [ 114.735576][ T72] ? ret_from_fork+0x5d4/0x6f0 [ 114.737107][ T72] ? ret_from_fork_asm+0x1a/0x30 [ 114.738703][ T72] ieee80211_subif_start_xmit+0x11b/0x1970 [ 114.740563][ T72] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 114.742464][ T72] ? skb_network_protocol+0x126/0x6d0 [ 114.744192][ T72] ? __pfx_ieee80211_subif_start_xmit+0x10/0x10 [ 114.746226][ T72] ? __pfx_skb_network_protocol+0x10/0x10 [ 114.748034][ T72] ? validate_xmit_xfrm+0x432/0x1330 [ 114.749723][ T72] ? dev_hard_start_xmit+0x97/0x740 [ 114.751401][ T72] dev_hard_start_xmit+0x97/0x740 [ 114.753011][ T72] __dev_queue_xmit+0xa46/0x4490 [ 114.754669][ T72] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 114.756376][ T72] ? ref_tracker_alloc+0x2fe/0x5b0 [ 114.756637][ T8061] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 114.758010][ T72] ? rcu_is_watching+0x12/0xc0 [ 114.758028][ T72] ? rcu_is_watching+0x12/0xc0 [ 114.758038][ T72] ? __pfx___dev_queue_xmit+0x10/0x10 [ 114.758050][ T72] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 114.758064][ T72] ? rcu_is_watching+0x12/0xc0 [ 114.770111][ T72] ? in6_dev_get+0x133/0x310 [ 114.771613][ T72] ? rcu_is_watching+0x12/0xc0 [ 114.773124][ T72] ? do_raw_write_lock+0x11c/0x3a0 [ 114.774853][ T72] ? ___neigh_create+0x1945/0x28c0 [ 114.776470][ T72] ? rcu_is_watching+0x12/0xc0 [ 114.777997][ T72] ? ___neigh_create+0x1945/0x28c0 [ 114.779620][ T72] ? rcu_is_watching+0x12/0xc0 [ 114.781131][ T72] ? ___neigh_create+0x1945/0x28c0 [ 114.782745][ T72] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 114.784715][ T72] ? rcu_is_watching+0x12/0xc0 [ 114.786229][ T72] ? __asan_memcpy+0x3c/0x60 [ 114.787704][ T72] ? eth_header+0x11c/0x1f0 [ 114.789143][ T72] neigh_resolve_output+0x53a/0x940 [ 114.790793][ T72] ip6_finish_output2+0xaee/0x2020 [ 114.792411][ T72] ? lock_release+0x201/0x2f0 [ 114.793926][ T72] __ip6_finish_output+0x3cd/0x1010 [ 114.795627][ T72] ip6_output+0x1ca/0x3e0 [ 114.796996][ T72] mld_sendpack+0x9ea/0x1270 [ 114.798473][ T72] ? __pfx_mld_sendpack+0x10/0x10 [ 114.800078][ T72] ? __pfx_debug_object_deactivate+0x10/0x10 [ 114.801954][ T72] mld_ifc_work+0x740/0xbf0 [ 114.803397][ T72] process_one_work+0x9cc/0x1b70 [ 114.805166][ T72] ? __pfx_wireless_nlevent_process+0x10/0x10 [ 114.807081][ T72] ? __pfx_process_one_work+0x10/0x10 [ 114.808789][ T72] ? assign_work+0x1a0/0x250 [ 114.810254][ T72] worker_thread+0x6c8/0xf10 [ 114.811739][ T72] ? __kthread_parkme+0x19e/0x250 [ 114.813325][ T72] ? __pfx_worker_thread+0x10/0x10 [ 114.813541][ T8063] netlink: 'syz.2.604': attribute type 33 has an invalid length. [ 114.815116][ T72] kthread+0x3c2/0x780 [ 114.817555][ T8063] __nla_validate_parse: 7 callbacks suppressed [ 114.817564][ T8063] netlink: 152 bytes leftover after parsing attributes in process `syz.2.604'. [ 114.818834][ T72] ? __pfx_kthread+0x10/0x10 [ 114.818854][ T72] ? rcu_is_watching+0x12/0xc0 [ 114.824183][ T8063] netlink: 4 bytes leftover after parsing attributes in process `syz.2.604'. [ 114.825118][ T72] ? __pfx_kthread+0x10/0x10 [ 114.830871][ T72] ret_from_fork+0x5d4/0x6f0 [ 114.832369][ T72] ? __pfx_kthread+0x10/0x10 [ 114.833874][ T72] ret_from_fork_asm+0x1a/0x30 [ 114.835497][ T72] [ 114.836499][ T72] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 114.838784][ T72] CPU: 2 UID: 0 PID: 72 Comm: kworker/2:2 Not tainted 6.17.0-rc2-syzkaller-00028-gbe48bcf004f9 #0 PREEMPT(full) [ 114.842450][ T72] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 114.845828][ T72] Workqueue: mld mld_ifc_work [ 114.847333][ T72] Call Trace: [ 114.848418][ T72] [ 114.849380][ T72] dump_stack_lvl+0x3d/0x1f0 [ 114.850898][ T72] vpanic+0x6e8/0x7a0 [ 114.852208][ T72] ? __pfx_vpanic+0x10/0x10 [ 114.853731][ T72] ? __rate_control_send_low+0x661/0x780 [ 114.855597][ T72] panic+0xca/0xd0 [ 114.856867][ T72] ? __pfx_panic+0x10/0x10 [ 114.858322][ T72] ? check_panic_on_warn+0x1f/0xb0 [ 114.859981][ T72] check_panic_on_warn+0xab/0xb0 [ 114.861523][ T72] __warn+0xf6/0x3c0 [ 114.862737][ T72] ? __pfx_vprintk_emit+0x10/0x10 [ 114.864542][ T72] ? __rate_control_send_low+0x661/0x780 [ 114.866530][ T72] report_bug+0x3c3/0x580 [ 114.868094][ T72] ? __rate_control_send_low+0x661/0x780 [ 114.870060][ T72] handle_bug+0x184/0x210 [ 114.871465][ T72] exc_invalid_op+0x17/0x50 [ 114.872910][ T72] asm_exc_invalid_op+0x1a/0x20 [ 114.874586][ T72] RIP: 0010:__rate_control_send_low+0x661/0x780 [ 114.877067][ T72] Code: a4 a0 d4 00 00 00 e8 8e f1 b4 f6 44 8b 44 24 24 45 89 e9 89 d9 48 8b 74 24 08 44 89 e2 48 c7 c7 80 e6 08 8d e8 20 e4 73 f6 90 <0f> 0b 90 90 e9 26 fd ff ff 48 8b 3c 24 e8 0d 4f 1a f7 e9 fb fc ff [ 114.884946][ T72] RSP: 0018:ffffc90000bdea70 EFLAGS: 00010282 [ 114.887500][ T72] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817a02c8 [ 114.890841][ T72] RDX: ffff8880213f0000 RSI: ffffffff817a02d5 RDI: 0000000000000001 [ 114.894155][ T72] RBP: ffff888051ac7e28 R08: 0000000000000001 R09: 0000000000000000 [ 114.897446][ T72] R10: 0000000000000000 R11: 6f70707573206f6e R12: 00000000ffffffff [ 114.900734][ T72] R13: 0000000000000000 R14: 000000000000000c R15: ffff888051ac7e30 [ 114.904061][ T72] ? __warn_printk+0x198/0x350 [ 114.905842][ T72] ? __warn_printk+0x1a5/0x350 [ 114.907470][ T72] rate_control_send_low+0x29a/0x820 [ 114.909166][ T72] ? rcu_is_watching+0x12/0xc0 [ 114.911176][ T72] rate_control_get_rate+0x1be/0x5e0 [ 114.913396][ T72] ieee80211_tx_h_rate_ctrl+0xad3/0x1a90 [ 114.915754][ T72] ? debug_object_activate+0x200/0x4c0 [ 114.917985][ T72] ? __pfx_ieee80211_tx_h_rate_ctrl+0x10/0x10 [ 114.920502][ T72] ? __pfx_debug_object_activate+0x10/0x10 [ 114.922927][ T72] invoke_tx_handlers_late+0x119a/0x27a0 [ 114.925238][ T72] ? ieee80211_tx_dequeue+0xcca/0x43e0 [ 114.926977][ T72] ? rcu_is_watching+0x12/0xc0 [ 114.928497][ T72] ? ieee80211_tx_dequeue+0x3d8/0x43e0 [ 114.930243][ T72] ? rcu_is_watching+0x12/0xc0 [ 114.931799][ T72] ? ieee80211_tx_h_select_key+0x2c9/0x1bc0 [ 114.933729][ T72] ieee80211_tx_dequeue+0x3082/0x43e0 [ 114.935441][ T72] ? __pfx___skb_flow_dissect+0x10/0x10 [ 114.937193][ T72] ? __pfx_ieee80211_tx_dequeue+0x10/0x10 [ 114.939183][ T72] ? do_raw_spin_lock+0x12c/0x2b0 [ 114.941128][ T72] ? ieee80211_next_txq+0xd8/0xa50 [ 114.942906][ T72] ieee80211_handle_wake_tx_queue+0x19c/0x260 [ 114.944850][ T72] ? __pfx_ieee80211_handle_wake_tx_queue+0x10/0x10 [ 114.946929][ T72] ? __pfx___ieee80211_schedule_txq+0x10/0x10 [ 114.948903][ T72] ? rcu_is_watching+0x12/0xc0 [ 114.950522][ T72] ? ieee80211_queue_skb+0xfd6/0x1fe0 [ 114.952297][ T72] ieee80211_queue_skb+0x12b2/0x1fe0 [ 114.953997][ T72] ieee80211_tx+0x2e4/0x420 [ 114.955468][ T72] ? __pfx_ieee80211_tx+0x10/0x10 [ 114.957081][ T72] ? ieee80211_skb_resize+0x22a/0x630 [ 114.958831][ T72] ? ieee80211_set_qos_hdr+0xba/0x3f0 [ 114.960528][ T72] ieee80211_xmit+0x30f/0x3e0 [ 114.962035][ T72] __ieee80211_subif_start_xmit+0x880/0x1390 [ 114.964136][ T72] ? neigh_resolve_output+0x53a/0x940 [ 114.965870][ T72] ? __pfx___ieee80211_subif_start_xmit+0x10/0x10 [ 114.967928][ T72] ? mld_sendpack+0x9ea/0x1270 [ 114.969517][ T72] ? process_one_work+0x9cc/0x1b70 [ 114.971355][ T72] ? worker_thread+0x6c8/0xf10 [ 114.972898][ T72] ? kthread+0x3c2/0x780 [ 114.974355][ T72] ? ret_from_fork+0x5d4/0x6f0 [ 114.975907][ T72] ? ret_from_fork_asm+0x1a/0x30 [ 114.977520][ T72] ieee80211_subif_start_xmit+0x11b/0x1970 [ 114.979488][ T72] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 114.981391][ T72] ? skb_network_protocol+0x126/0x6d0 [ 114.983196][ T72] ? __pfx_ieee80211_subif_start_xmit+0x10/0x10 [ 114.985231][ T72] ? __pfx_skb_network_protocol+0x10/0x10 [ 114.987155][ T72] ? validate_xmit_xfrm+0x432/0x1330 [ 114.988932][ T72] ? dev_hard_start_xmit+0x97/0x740 [ 114.990868][ T72] dev_hard_start_xmit+0x97/0x740 [ 114.992536][ T72] __dev_queue_xmit+0xa46/0x4490 [ 114.994158][ T72] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 114.995972][ T72] ? ref_tracker_alloc+0x2fe/0x5b0 [ 114.997693][ T72] ? rcu_is_watching+0x12/0xc0 [ 114.999273][ T72] ? rcu_is_watching+0x12/0xc0 [ 115.000808][ T72] ? __pfx___dev_queue_xmit+0x10/0x10 [ 115.002527][ T72] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 115.004412][ T72] ? rcu_is_watching+0x12/0xc0 [ 115.005948][ T72] ? in6_dev_get+0x133/0x310 [ 115.007439][ T72] ? rcu_is_watching+0x12/0xc0 [ 115.009136][ T72] ? do_raw_write_lock+0x11c/0x3a0 [ 115.011129][ T72] ? ___neigh_create+0x1945/0x28c0 [ 115.012786][ T72] ? rcu_is_watching+0x12/0xc0 [ 115.014425][ T72] ? ___neigh_create+0x1945/0x28c0 [ 115.016060][ T72] ? rcu_is_watching+0x12/0xc0 [ 115.017607][ T72] ? ___neigh_create+0x1945/0x28c0 [ 115.019330][ T72] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 115.021253][ T72] ? rcu_is_watching+0x12/0xc0 [ 115.022934][ T72] ? __asan_memcpy+0x3c/0x60 [ 115.024913][ T72] ? eth_header+0x11c/0x1f0 [ 115.026502][ T72] neigh_resolve_output+0x53a/0x940 [ 115.028621][ T72] ip6_finish_output2+0xaee/0x2020 [ 115.030419][ T72] ? lock_release+0x201/0x2f0 [ 115.031987][ T72] __ip6_finish_output+0x3cd/0x1010 [ 115.033663][ T72] ip6_output+0x1ca/0x3e0 [ 115.035056][ T72] mld_sendpack+0x9ea/0x1270 [ 115.036524][ T72] ? __pfx_mld_sendpack+0x10/0x10 [ 115.038117][ T72] ? __pfx_debug_object_deactivate+0x10/0x10 [ 115.040480][ T72] mld_ifc_work+0x740/0xbf0 [ 115.042422][ T72] process_one_work+0x9cc/0x1b70 [ 115.044018][ T72] ? __pfx_wireless_nlevent_process+0x10/0x10 [ 115.045952][ T72] ? __pfx_process_one_work+0x10/0x10 [ 115.047659][ T72] ? assign_work+0x1a0/0x250 [ 115.049131][ T72] worker_thread+0x6c8/0xf10 [ 115.050600][ T72] ? __kthread_parkme+0x19e/0x250 [ 115.052201][ T72] ? __pfx_worker_thread+0x10/0x10 [ 115.053841][ T72] kthread+0x3c2/0x780 [ 115.055159][ T72] ? __pfx_kthread+0x10/0x10 [ 115.056632][ T72] ? rcu_is_watching+0x12/0xc0 [ 115.058153][ T72] ? __pfx_kthread+0x10/0x10 [ 115.059638][ T72] ret_from_fork+0x5d4/0x6f0 [ 115.061105][ T72] ? __pfx_kthread+0x10/0x10 [ 115.062582][ T72] ret_from_fork_asm+0x1a/0x30 [ 115.064131][ T72] [ 115.066008][ T72] Kernel Offset: disabled [ 115.067383][ T72] Rebooting in 86400 seconds.. VM DIAGNOSIS: 02:45:01 Registers: info registers vcpu 0 CPU#0 RAX=0000000000359a54 RBX=0000000000000000 RCX=ffffffff8b908bf9 RDX=ffffed1005646656 RSI=ffffffff8c162c80 RDI=ffffffff8190cd41 RBP=fffffbfff1c52ef8 RSP=ffffffff8e207e08 R8 =0000000000000000 R9 =ffffed1005646655 R10=ffff88802b2332ab R11=0000000000000001 R12=0000000000000000 R13=ffffffff8e2977c0 R14=ffffffff90ab7590 R15=0000000000000000 RIP=ffffffff8b90775f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880974c4000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000560cf9d5d720 CR3=000000004a89b000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 025a000000010000 0008000400080010 00080000000c0200 0000000000080008 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0014010000000000 000800080007000c 00080000000c0000 01bc000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 025a000000200000 0001000000100008 0000000000000004 000c001a00100000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 21aa000000110300 000000000008ffff ff22000003e60000 0008000400000008 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0008000000140000 00b4000000c80000 00dc000000f00000 0110000001300000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0007000000000000 0000000000000000 009e00000000016e 3600000000180000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00200000000e0014 000c000000080004 0020000e00000000 0000000000000000 ZMM24=dad871b0dad871b0 dad871b0dad871b0 dad871b0dad871b0 dad871b0dad871b0 dad871b0dad871b0 dad871b0dad871b0 dad871b0dad871b0 dad871b0dad871b0 ZMM25=7ad479af7ad479af 7ad479af7ad479af 7ad479af7ad479af 7ad479af7ad479af 7ad479af7ad479af 7ad479af7ad479af 7ad479af7ad479af 7ad479af7ad479af ZMM26=aeabea7caeabea7c aeabea7caeabea7c aeabea7caeabea7c aeabea7caeabea7c aeabea7caeabea7c aeabea7caeabea7c aeabea7caeabea7c aeabea7caeabea7c ZMM27=77ef597c77ef597c 77ef597c77ef597c 77ef597c77ef597c 77ef597c77ef597c 77ef597c77ef597c 77ef597c77ef597c 77ef597c77ef597c 77ef597c77ef597c ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=8108000081080000 8108000081080000 8108000081080000 8108000081080000 8108000081080000 8108000081080000 8108000081080000 8108000081080000 info registers vcpu 1 CPU#1 RAX=00000000003e825c RBX=0000000000000001 RCX=ffffffff8b908bf9 RDX=ffffed1005666656 RSI=ffffffff8c162c80 RDI=ffffffff8190cd41 RBP=ffffed1003bdb488 RSP=ffffc9000046fdf8 R8 =0000000000000000 R9 =ffffed1005666655 R10=ffff88802b3332ab R11=ffffffff9b005d78 R12=0000000000000001 R13=ffff88801deda440 R14=ffffffff90ab7590 R15=0000000000000000 RIP=ffffffff8b90775f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880975c4000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000008057f000 CR3=000000006ee0e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=000000000000003a RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85616c45 RDI=ffffffff9b0f8680 RBP=ffffffff9b0f8640 RSP=ffffc90000bde3e0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=552032203a555043 R12=0000000000000000 R13=000000000000003a R14=ffffffff9b0f8640 R15=ffffffff85616be0 RIP=ffffffff85616c6f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880976c4000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000578434c0 CR3=0000000065cdb000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000213084 RBX=0000000000000003 RCX=ffffffff8b908bf9 RDX=ffffed10056a6656 RSI=ffffffff8c162c80 RDI=ffffffff8190cd41 RBP=ffffed1003bde000 RSP=ffffc9000048fdf8 R8 =0000000000000000 R9 =ffffed10056a6655 R10=ffff88802b5332ab R11=0000000000000001 R12=0000000000000003 R13=ffff88801def0000 R14=ffffffff90ab7590 R15=0000000000000000 RIP=ffffffff8b90775f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977c4000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000800bd01c CR3=000000006cd62000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000