last executing test programs: 57.719776538s ago: executing program 1 (id=1946): ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x4c, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x42}, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x99}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x175}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8}]]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000004}, 0x0) 49.821246012s ago: executing program 1 (id=1946): ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x4c, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x42}, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x99}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x175}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8}]]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000004}, 0x0) 41.284061666s ago: executing program 1 (id=1946): ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x4c, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x42}, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x99}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x175}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8}]]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000004}, 0x0) 29.460998431s ago: executing program 1 (id=1946): ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x4c, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x42}, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x99}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x175}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8}]]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000004}, 0x0) 19.617886276s ago: executing program 1 (id=1946): ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x4c, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x42}, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x99}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x175}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8}]]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000004}, 0x0) 8.325201541s ago: executing program 1 (id=1946): ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x4c, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x42}, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x99}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x175}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8}]]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000004}, 0x0) 6.161126762s ago: executing program 0 (id=2249): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) socket$tipc(0x1e, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x244, 0x138, 0x11, 0x148, 0x0, 0x10, 0x360, 0x2a8, 0x2a8, 0x360, 0x2a8, 0x7fffffe, 0x0, {[{{@uncond, 0x10, 0x98, 0xe0, 0x1c, {}, [@common=@unspec=@addrtype1={{0x28}, {0x210, 0x8, 0x4}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x1ff, 0x0, 0x2, 'snmp\x00', {0xff}}}}, {{@ip={@multicast1, @rand_addr=0x64010102, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_batadv\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x3, [0x1, 0x3, 0x2, 0x0, 0xab999e0ca1280eee, 0x1]}, {0x1, [0x3, 0x2, 0x1, 0x0, 0x3, 0x5], 0x4}}}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x2a0) io_uring_enter(0xffffffffffffffff, 0x2ded, 0x4000, 0x0, 0x0, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r4, &(0x7f0000000640)={0x2, 0x40, @multicast1}, 0x10) mkdir(0x0, 0x26) mount(0x0, 0x0, 0x0, 0x0, 0x0) lchown(0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0xf000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) 6.071254504s ago: executing program 3 (id=2250): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) syz_init_net_socket$x25(0x9, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440) r5 = accept4(r4, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x7bff, &(0x7f0000000180)={&(0x7f0000000140)=@delqdisc={0xfffffffffffffc9b}, 0x49d32d254ae22f79}}, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000500)) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000022c0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ef5070000000000000480000000820000095000000000000002ba7e1d30c04aa8b3382022ce2a1d97411a0f6b599e83f24a3aa81d36bb7019c13bd23212fb56f040026fbfefc4a056bdc17487902317142fac7e7be168c1869d0d4d94f2f4eb45c652fbc1626cca2a28d67893547db51ee988e6e06c8cedf7ceb9fc40400ae5e4aa74c92c6a51cbf9b0a4def23d410f6accd3641130bfc4e90a6341865c3f5ab3e89cf6c662ed4148d3b3e22278d00031e5388ee5c867de2c6211d6ececb0c18ce7400dae15cb7947c491b8bea3fd2f73902ebcfcf4982277d9800011b405bbf7b02433a9bcd715f5888b2007f000000001c000000010000000000000600000000309329170ee5b567e70f000006a10f58fa64533500000000000000000000000031000000000000001208e75a89faffbfb11b7dc6ea31001e846c12423a169f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617de7a6520655a80d0900f4d433623c850af895abba14f6fbd7fbad1f98e26ad4deaf1a4f294b2a431ab9142f3a06d54740a4bc5e3abd378af7c9676a08e774c48785f895b4ec8d1141d5e8744d7f09ab4df6027bf48cabecead649f96ea24d32872c494160cb7f33ce680eeb80157eb23f9902519ac655fa73103170cbc496d7122034b85e7e87a2db762cbb253fbd76b9117c1a11d18aa2040c5f0c289906000000000000005ffe94ff799a29459aff1374df5c49ca11d9b219c00c369a12bf8685b862d0dbdd956cbda1bae489bcef5ae59136aaadc59609f4d42617c0e6066938b521a0f2e2467a6c435ad5b800262a5da053ced5e95394e500000072737638ac44fb61310e2df511c60b3c88113996a81fb64bce5eb95ce91738640ff7ae6ed6b62086e699955926934389cdf9bcffff3ffd86fe9ce05268bf8a3958f2206cdc7095682c14f10be1075832956762b2dcc6251e7b74cb1da627e332765511c58215bf84d263e8778e6e8ffe4ea50b076446f35efffc006b340658342d2d9e06008c6ef3e98407d2fcefb34a0000000000000000895ddbb76122b1222e4da37177fe833e4fcaa67997e9dffd8918de33aed5bb09cb2a206ebd085bd9f90008d3fdd528efe6c1dca17f45ba5e8bd311a40030f9ffce75ffff996a80153a0077bb43f8a63dd390d18f0239b41da1a52383a4c6768ca1bb66b8fb3c5000f6f246fd20356a60769b461b6cdf133de073b1df08ae09268b0073bb97d88d741a5546e76caf4b6b1387ff37ec13d262dae0260be74cdf7bb6d3107597430ef5bbd476bb9d69b2aef9f3cb644b4bf01ccf16d40720939daf422b7473c24b93085c51e02af469bdfb361b9c015dd026fd0fffe3c66f5c343afb78a7cfd852f3e05c089887d7df2ff4f9982030019421af6b78ff9c444a17091875cfe4eab0e7f50eb69c860b1613a6b4f5af04f9c635d8d646c89f8b85f820ce7464c731deba39f9ff7b815f7b0acba754c01ed8bf1bba0010a8c6a2b966d861f9dd547abf2e9b23e5607f00bb02000000000000c84799aa792cdaeb607ba513250e13ae696cd6ed7d318190a93b9ee07927efca6b8d1f5980994690bbe002db5146439d906a0d4aef065214b15666cdca81091b69acee127ce0821fc19e0891f0b53469f935c5ac420100010000000000fb53faf4420638489e6a1c696d8c414a87b60000000000080000b6be1557951854c01dbc2d061827ae6349a045b780893771524a424335b9fc34616ee9f09141057262530b7c2f7c9b969938779736ece7b470078ac0b1b4b528000000009866e9994ca9096672ec9f3800c2fc35ba6516e542624c47bdba76a816c3a3dd6c3fa87a3ec91df199a9af91a7babf2b8d0e7b77e6dfb4bbc9817847b705000000a1000000000000ab8353f3800f045b90b0eaab6d731199c9447eabbc8c740183aff5389742e47de5000000826a570d14310700cf2ae3366ebdb7f1000000000000333c00e6addbf4c71ffad6bfb5babb49109f92a5a52042c435c98ce7616355493d280f2d0be99e18fd0900c769e7eb4edc1c03a33676590bd2047229e0237c1e34641848531712ff09e89fb062a3e66f4fceea0691f0b4e0b33194404e643243c3841e1e7fe301f7f47a7f89512d92e83624e3de705bdfbfe089e381398e9d5428a00cc8a6d097d97e6ac8bd09b1a5577920a650114a522c1e2dcdc4f606fcbcee91770a9fada34d38cd7976a9228a0a0dd8661be8162e966aac26bea4c11458cd6ce22ddf7054cdd0a60ef3ec000000000000000000425cb75dc7ec92e9a5d29f9c99697d2a98ae0a9f35e4196c3faeb7a60a0290bf897846f6f0f1c163d6075119169d55d10da9ad0e4b2c636d200000009baaf94e2b2c48e70d8453f832eecfb1de2a3f38a5c986de9e37737dac74db251d5e9ea2b8ed39e91a7a17d01b49f7aaff7c4c73c3484bdcab362838ed940035b239a3646ef55b9f070ae14466b3acef9f8b28fb938a237e2e068ae4a6bce4407b54cc14614c2cdf877f000000000000000000000000bdcf23144e6c16b9235552aed83b6428f34d88c258a9ad16386bba51b60838fb11bc193a206b5a25b7233b222e4e68e0d1e88f26b9a45b6c29469530a37ea92aaf421cf594ecfaff9a79b56f8b38038002d29b3193cea9cd0a0ef4f5bce1cdaa99705a8fa48f61071f548d411353965615c24c1860790dfae0f4cdf8c8f8645a289a79f9b919b674f0325d81eacaa8399324a304885da01733bb7917ec5e52718eb05f9c1ffd69f834150e9100c215968e8fb31c83526e6f66897569e28d01ca6135a2acca398c1415e0f9b58b63ee9dc33608ba7e5c4bdf3f37d8e4f4f424be263d9c2a5204f41e9b0ee01ad4cc0519395b69c310c98d3c8edc7d07b30617f3535634257f5472d9f3263a6f04778a920c12000721bb82f9884780ac294b8bb07ebf6e3f16584e95607e319b2ea9776f89c19fb775514246159bbfa9dc0fdf711d3efa316a3323c915a40e6d7c8f8d7daf98824fd0bc955dc9731cc8c7a600d94b8049af764688c7ffdd26a741b03b065ba9c586914d8beb94c8a265ace34172ed003357ddd400557230b2caba26bb91d7b1b98f11fb7a77b03206c151b00015305af815f7da19872085b503a21cbe722842c26ad8dd6b83018300000000000000000000f4ffffffffffffff000000000000000000000000000000000000798d011c62dbfdbad9e58e07d371e3a2399f2369631138ad4fb3aeb3f51233922b4c700fb163efbc55c912276685a774f2dce9bb9c54fd1f505eccf06323fad86c37adafb5e80b96ba9f925a6fd57de5fedf691e8b41c9835a840d12a224ed233c93ed92603401e5a61298294e9cab078c231121d4e32fb8286478fb12f5804d13c7bcff5dcffccd1d520dc04910239efc397b7736682e1c0ef0d001c17ec1441026ed4b1395b8e88a58d667a65cec1ddee1b30bcc96652a238c990a2701e2ee0915335fa4b8c33372bd00021f17c012451519ad56594c9469f164bb915edb1fd4ce76fb37bb9512632e9c9e7dcc772128c280c6e6cc0e859bd65c666e8b7732a2c2d517af56f4cde502f364922f3c2bbf9f4ced5c6f3d33428775b7399e6c6cf52bc8d5b48079700db251c7cdad3836c1e137b11917cff00e0ecc5e93fd7e8bdd83313a27197651c92f2f9be4a6f83662fa948c46632a979e8c66d22777a06601c5f5d3ab28b9f9e39543d2bb9de6ce57a6c1c3a635a0515c87abd11988cae405b9495f54b8d89503a8c9e96bdf08eb563e4cffe00e27272ca6e392ffca16b172ce8b6ee542ec9135e969b7b029beaeba12836110fcb686d82c066d0fc67fee8a00acda99a302a7aac9e920e34174323e7c6aeefd0a092545274fb164f21ac2f46849a6d0b51ad5a230a5ffab7a66e7dde5a335aeaa9736678319f344a32c99ac748bf200368963de24c237873ff5a01f14335de9a6d06c8b49ff27ddf0f13d5fe0901355765c397ce52791339d666eec141f0d33ca51f7b8aa6e9937631269b064d9c7323df8b7154f76708b912e"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x57, 0x10, &(0x7f0000000000), 0xffffffffffffffc9, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 5.756930325s ago: executing program 2 (id=2251): r0 = socket$alg(0x26, 0x5, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = mq_open(&(0x7f00000004c0)='\r\x00elinu\xef\xe3elinux\x00\x96\xf6\x92\n#*\xac\x05\xce\xf8D\\\x9a\xe6[]L+\xf6\v\xe8\xf2\xd3\b\x15\n\xb8F!Q9o\x1f#\xbdt\r\xfb\"\x18%\xfdM\xaf_t\xd2\xdcJ\x10\a\xbab\x1a\xdf\xb1\xbdU\xd7Lo\xe7\xac\x81\x10k\xce-\xf5@\xbb\x9d;\xe8\xf6\xffQ\x04\xaai\x92k\x1b;\xddM\xa2\xe1-\x0e\xd8\xde\x00\xff\x18\xdd\bL\xfb\xa2.\xb6{\xb5\x85#\x88\xdc\xf0\x0f\x05\xf1\xc4 \xdeV\x80q\xf7\x04\xf5\x85T\x1f\xc2S]*\xc9lw\xd3J\xc5\xe8\x02\xcb\xbbAHxr\xac\xb77F\xdf\x1c\xcb\xd4\xce\x88L\xf1\xf9[\x98\xd4+pTx\x95\xb5\x1b]x\x1a\x95\xe1c6\xe7`83\xb7n#\xe0\xc1_\xec\xba\xde\a\x8b\xc5\x86woo\xbc\x1c\xa3r\x82\xf3enq-\x90/\xed\xff\xad+\x03\x10\t\xda\xfd\xa2\xd0\xef4\n%\xf1\xd8', 0x2, 0x88, 0x0) mq_timedreceive(r2, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000002c00090027bd7000000000000600200008000a00", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x84) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'wp384-generic\x00'}, 0x58) r3 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000280)=ANY=[@ANYRES16, @ANYRES64=r2], 0xfebe}}, 0x200040d1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000100)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7b, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r5, &(0x7f0000000240)={0x11, 0x10, 0xfa00, {0x0}}, 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, &(0x7f0000000140)={&(0x7f0000001000)={[{0x0, 0x5, 0x3, 0x700}]}, 0x1, 0x1}, 0x1) r8 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r8, 0x118, 0x1, 0x0, 0x0) pipe(&(0x7f0000000580)={0xffffffffffffffff}) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r9, 0x8040942d, &(0x7f0000000040)) 5.224075688s ago: executing program 0 (id=2252): socket$l2tp6(0xa, 0x2, 0x73) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='bbr\x00', 0x4) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x4, @loopback}, 0x1c) 5.151252289s ago: executing program 0 (id=2253): sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000280)="f53a203d594ec59e821bdb50c6ac4b338505f54874dae5239c5ca826dd388a0bb8b7", 0x22}], 0x1}}], 0x1, 0x4000c000) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x7, @pix_mp={0x4, 0x9, 0x41495043, 0x9, 0x5, [{0x1, 0xb}, {0x3, 0x9}, {0x3, 0xbff}, {0x5}, {0x0, 0x4}, {0xffff, 0xffff8000}, {0x7, 0x4}, {0x4, 0x10000}], 0xa, 0x7f, 0x4, 0x0, 0x1}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x3}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x4, 0x6, @broadcast}, 0x14) r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r4, 0x0, 0x2b, &(0x7f0000000340)={0x400, {{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x25}}}, {{0x2, 0x0, @broadcast}}}, 0x108) getsockopt$inet_buf(r4, 0x0, 0x2f, 0x0, &(0x7f0000000300)) r5 = socket$nl_generic(0x10, 0x3, 0x10) ftruncate(r3, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r7, &(0x7f0000002100)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x1000}], 0x1}}, {{&(0x7f0000001c80)=@ax25={{}, [@default, @default, @rose, @default, @null, @rose, @rose, @netrom]}, 0x80, &(0x7f0000002180)=[{&(0x7f0000001d00)=""/172, 0xac}, {&(0x7f0000001dc0)=""/18, 0x12}, {0x0}, {&(0x7f0000001ec0)=""/204, 0xcc}], 0x4, &(0x7f0000002000)=""/233, 0xe9}}], 0x2, 0x603, 0x0) sendfile(r6, r3, 0x0, 0x578410eb) syz_emit_vhci(&(0x7f0000000480)=ANY=[@ANYRES64=r5, @ANYRES16=r0, @ANYRESOCT=r0, @ANYRESDEC, @ANYRES16, @ANYRES16=r3, @ANYRES32=r2, @ANYRES32=r0, @ANYRES32=r6], 0x7) r8 = io_uring_setup(0x310f, &(0x7f0000000240)={0x0, 0x5f98, 0x80, 0xffffffff, 0x2000}) socket$kcm(0x21, 0x2, 0x2) close_range(r8, 0xffffffffffffffff, 0x0) 4.421033239s ago: executing program 2 (id=2254): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'virt_wifi0\x00', 0x0}) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f00000001c0)={0x1, 0x8, 0x9, 0x8, @vifc_lcl_ifindex=r1, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10) io_setup(0x2, &(0x7f0000000040)=0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r4, 0x0) io_submit(r3, 0x1, &(0x7f00000000c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5, 0x0, r4, 0x0}]) sendto$inet6(r4, 0x0, 0x0, 0x2004c8a0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, @void, @value}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='io_uring_create\x00', r6}, 0x18) io_uring_setup(0x1de0, &(0x7f00000000c0)={0x0, 0x45d6, 0x0, 0x0, 0x0, 0x0, r6}) ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000000)=0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='afs_call_done\x00', r5, 0x0, 0x4}, 0x18) move_pages(r7, 0x0, &(0x7f0000000100), &(0x7f0000000140)=[0x1, 0xff, 0xd, 0xfffffc01, 0x7c3], &(0x7f0000000180)=[0x0, 0x0, 0x0], 0x6) 3.732505912s ago: executing program 0 (id=2255): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x2003}, 0x4) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000080)={0xf0f071, 0x19}) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/ipv6_route\x00') preadv(r2, &(0x7f0000000380)=[{&(0x7f00000001c0)=""/7, 0x7}], 0x1, 0xffffffbf, 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) recvfrom$unix(r2, &(0x7f00000009c0)=""/4096, 0x1000, 0x100, &(0x7f0000000200)=@file={0x1, './file0/../file0/file0\x00'}, 0x6e) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) syz_emit_vhci(0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8943, 0x0) r3 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r3, &(0x7f0000000000)={0xa0000001}) write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) dup(r6) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) socket$inet6_sctp(0xa, 0x5, 0x84) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) 3.636540095s ago: executing program 3 (id=2256): syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = openat$cdrom(0xffffff9c, &(0x7f0000000000), 0xc000, 0x0) ioctl$CDROM_LAST_WRITTEN(r6, 0x5395, &(0x7f0000000380)) socket$inet6(0xa, 0x80002, 0x0) ioctl$SIOCGETLINKNAME(r3, 0x89e0, &(0x7f0000000300)={0x0, 0x1}) r7 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_FMT(r7, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x200, 0x7c2, 0x41414770, 0x58595556, 0x425, 0x10001, 0x6, 0x2, 0x1, 0x3, 0x0, 0x6}}) add_key(0x0, &(0x7f0000000400)={'syz', 0x3}, &(0x7f0000000080)="000001020200", 0x6, 0xfffffffffffffffb) io_destroy(0x0) 3.533871966s ago: executing program 2 (id=2257): syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, 0x0) r7 = openat$cdrom(0xffffff9c, &(0x7f0000000000), 0xc000, 0x0) ioctl$CDROM_LAST_WRITTEN(r7, 0x5395, &(0x7f0000000380)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) socket$inet6(0xa, 0x80002, 0x0) ioctl$SIOCGETLINKNAME(r4, 0x89e0, &(0x7f0000000300)={0x0, 0x1}) r8 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x200, 0x7c2, 0x41414770, 0x58595556, 0x425, 0x10001, 0x6, 0x2, 0x1, 0x3, 0x0, 0x6}}) add_key(0x0, &(0x7f0000000400)={'syz', 0x3}, &(0x7f0000000080)="000001020200", 0x6, 0xfffffffffffffffb) io_destroy(0x0) 2.659908282s ago: executing program 0 (id=2258): sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000280)="f53a203d594ec59e821bdb50c6ac4b338505f54874dae5239c5ca826dd388a0bb8b7", 0x22}], 0x1}}], 0x1, 0x4000c000) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x7, @pix_mp={0x4, 0x9, 0x41495043, 0x9, 0x5, [{0x1, 0xb}, {0x3, 0x9}, {0x3, 0xbff}, {0x5}, {0x0, 0x4}, {0xffff, 0xffff8000}, {0x7, 0x4}, {0x4, 0x10000}], 0xa, 0x7f, 0x4, 0x0, 0x1}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x3}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) r3 = openat$tun(0xffffff9c, 0x0, 0x2401, 0x0) set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x4, 0x6, @broadcast}, 0x14) r4 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r5, 0x0, 0x2b, &(0x7f0000000340)={0x400, {{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x25}}}, {{0x2, 0x0, @broadcast}}}, 0x108) getsockopt$inet_buf(r5, 0x0, 0x2f, &(0x7f0000000580)=""/245, &(0x7f0000000300)=0xf5) r6 = socket$nl_generic(0x10, 0x3, 0x10) ftruncate(r4, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r8, &(0x7f0000002100)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x1000}], 0x1}}, {{&(0x7f0000000500)=@qipcrtr, 0x80, &(0x7f0000001c00)=[{&(0x7f0000000680)=""/221, 0xdd}, {&(0x7f0000000780)=""/217, 0xd9}, {&(0x7f00000021c0)=""/194, 0xc2}, {&(0x7f0000000940)=""/104, 0x68}, {&(0x7f00000009c0)=""/158, 0x9e}, {&(0x7f00000000c0)=""/61, 0x3d}, {&(0x7f0000000a80)=""/178, 0xb2}, {&(0x7f0000001b80)=""/122, 0x7a}, {&(0x7f0000000b40)=""/52, 0x34}], 0x9}, 0x5943}, {{&(0x7f0000001c80)=@ax25={{}, [@default, @default, @rose, @default, @null, @rose, @rose, @netrom]}, 0x80, &(0x7f0000002180)=[{&(0x7f0000001d00)=""/172, 0xac}, {&(0x7f0000001dc0)=""/18, 0x12}, {&(0x7f0000001e00)=""/55, 0x37}, {0x0}, {&(0x7f0000001ec0)=""/204, 0xcc}], 0x5}}], 0x3, 0x603, 0x0) sendfile(r7, r4, 0x0, 0x578410eb) syz_emit_vhci(&(0x7f0000000480)=ANY=[@ANYRES64=r6, @ANYRES16=r0, @ANYRESOCT=r0, @ANYRESDEC=r3, @ANYRES16, @ANYRES16=r4, @ANYRES32=r2, @ANYRES32=r0, @ANYRES32=r7], 0x7) r9 = io_uring_setup(0x310f, &(0x7f0000000240)={0x0, 0x5f98, 0x80, 0xffffffff, 0x2000}) r10 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r10, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private}}, 0x80, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="100000001001000001874300"], 0x10}, 0x8000) close_range(r9, 0xffffffffffffffff, 0x0) 1.781173086s ago: executing program 0 (id=2259): pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) r2 = syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d370f0100000000000000000006241a0000000c241b4800f3ff00050080050905810300020000000904010000020d00000904010102020d0000090582020004000000090503020002"], 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, &(0x7f0000000bc0)={0x44, 0x0, 0x0, 0x0, &(0x7f00000009c0)={0x20, 0x80, 0x1c, {0x3, 0x9, 0xe4c, 0x2, 0x3, 0x3865, 0x8, 0x9, 0x1, 0x5, 0x4, 0x81}}, 0x0, 0x0, 0x0, 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x68}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$NFT_MSG_GETRULE(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x2c, 0x7, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x2c}}, 0x0) fchdir(0xffffffffffffffff) bind$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) r4 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80000) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, 0x0, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x720, 0x0, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)=@l2={0x1f, 0x0, @none}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000c00)=""/4096, 0x1000}, {0xfffffffffffffffe}], 0x2, &(0x7f00000001c0)=""/61, 0x3d}, 0x7}], 0x1, 0x40004000, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24000880, 0x0, 0x0) 1.700196238s ago: executing program 2 (id=2260): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0xfffffffffffffdd0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f00000006c0)=0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x2, &(0x7f0000000700)) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0x7fff}, 0x18) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x8000) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r7 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4) setsockopt$inet_tcp_TCP_REPAIR(r7, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) ioctl$int_in(r7, 0x5421, &(0x7f0000000100)=0x9) connect$inet(r7, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10) close(r7) r8 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r2, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000000c0)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, &(0x7f0000000140)=[0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0], 0x0, 0xd8, &(0x7f0000000240)=[{}], 0x8, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0xad, 0x8, 0x8, &(0x7f0000000340)}}, 0x10) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r5, 0x89f8, &(0x7f0000000680)={'erspan0\x00', &(0x7f0000000600)={'gre0\x00', r9, 0x700, 0x780, 0xa, 0xaaa, {{0x9, 0x4, 0x2, 0x6, 0x24, 0x68, 0x0, 0x9, 0x4, 0x0, @private=0xa010102, @loopback, {[@rr={0x7, 0xb, 0x6e, [@rand_addr=0x64010100, @multicast1]}, @ra={0x94, 0x4}, @noop]}}}}}) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)={0x2c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0xa5}]}, 0x2c}}, 0x0) 1.649309528s ago: executing program 2 (id=2261): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='bbr\x00', 0x4) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x4, @loopback}, 0x1c) 1.641013844s ago: executing program 3 (id=2269): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x300, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x7, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x4008040) readv(r1, &(0x7f0000003a00)=[{&(0x7f0000000040)=""/13, 0xd}], 0x1) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) r2 = gettid() ioprio_get$pid(0x2, r2) futex(&(0x7f000000cffc), 0x3, 0x801, 0x0, &(0x7f0000000040), 0xfffffffc) mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) capget(&(0x7f0000000ac0)={0x20071026}, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) mlock2(&(0x7f0000495000/0x2000)=nil, 0x2000, 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x4, &(0x7f00000002c0)={'trans=virtio,', {[{@posixacl}, {@fscache}], [{@smackfsroot={'smackfsroot', 0x3d, ']-/^$##'}}]}}) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 740.539845ms ago: executing program 2 (id=2262): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x10c}}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) syz_init_net_socket$x25(0x9, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440) r5 = accept4(r4, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x7bff, &(0x7f0000000180)={&(0x7f0000000140)=@delqdisc={0xfffffffffffffc9b}, 0x49d32d254ae22f79}}, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000500)) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000022c0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ef5070000000000000480000000820000095000000000000002ba7e1d30c04aa8b3382022ce2a1d97411a0f6b599e83f24a3aa81d36bb7019c13bd23212fb56f040026fbfefc4a056bdc17487902317142fac7e7be168c1869d0d4d94f2f4eb45c652fbc1626cca2a28d67893547db51ee988e6e06c8cedf7ceb9fc40400ae5e4aa74c92c6a51cbf9b0a4def23d410f6accd3641130bfc4e90a6341865c3f5ab3e89cf6c662ed4148d3b3e22278d00031e5388ee5c867de2c6211d6ececb0c18ce7400dae15cb7947c491b8bea3fd2f73902ebcfcf4982277d9800011b405bbf7b02433a9bcd715f5888b2007f000000001c000000010000000000000600000000309329170ee5b567e70f000006a10f58fa64533500000000000000000000000031000000000000001208e75a89faffbfb11b7dc6ea31001e846c12423a169f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617de7a6520655a80d0900f4d433623c850af895abba14f6fbd7fbad1f98e26ad4deaf1a4f294b2a431ab9142f3a06d54740a4bc5e3abd378af7c9676a08e774c48785f895b4ec8d1141d5e8744d7f09ab4df6027bf48cabecead649f96ea24d32872c494160cb7f33ce680eeb80157eb23f9902519ac655fa73103170cbc496d7122034b85e7e87a2db762cbb253fbd76b9117c1a11d18aa2040c5f0c289906000000000000005ffe94ff799a29459aff1374df5c49ca11d9b219c00c369a12bf8685b862d0dbdd956cbda1bae489bcef5ae59136aaadc59609f4d42617c0e6066938b521a0f2e2467a6c435ad5b800262a5da053ced5e95394e500000072737638ac44fb61310e2df511c60b3c88113996a81fb64bce5eb95ce91738640ff7ae6ed6b62086e699955926934389cdf9bcffff3ffd86fe9ce05268bf8a3958f2206cdc7095682c14f10be1075832956762b2dcc6251e7b74cb1da627e332765511c58215bf84d263e8778e6e8ffe4ea50b076446f35efffc006b340658342d2d9e06008c6ef3e98407d2fcefb34a0000000000000000895ddbb76122b1222e4da37177fe833e4fcaa67997e9dffd8918de33aed5bb09cb2a206ebd085bd9f90008d3fdd528efe6c1dca17f45ba5e8bd311a40030f9ffce75ffff996a80153a0077bb43f8a63dd390d18f0239b41da1a52383a4c6768ca1bb66b8fb3c5000f6f246fd20356a60769b461b6cdf133de073b1df08ae09268b0073bb97d88d741a5546e76caf4b6b1387ff37ec13d262dae0260be74cdf7bb6d3107597430ef5bbd476bb9d69b2aef9f3cb644b4bf01ccf16d40720939daf422b7473c24b93085c51e02af469bdfb361b9c015dd026fd0fffe3c66f5c343afb78a7cfd852f3e05c089887d7df2ff4f9982030019421af6b78ff9c444a17091875cfe4eab0e7f50eb69c860b1613a6b4f5af04f9c635d8d646c89f8b85f820ce7464c731deba39f9ff7b815f7b0acba754c01ed8bf1bba0010a8c6a2b966d861f9dd547abf2e9b23e5607f00bb02000000000000c84799aa792cdaeb607ba513250e13ae696cd6ed7d318190a93b9ee07927efca6b8d1f5980994690bbe002db5146439d906a0d4aef065214b15666cdca81091b69acee127ce0821fc19e0891f0b53469f935c5ac420100010000000000fb53faf4420638489e6a1c696d8c414a87b60000000000080000b6be1557951854c01dbc2d061827ae6349a045b780893771524a424335b9fc34616ee9f09141057262530b7c2f7c9b969938779736ece7b470078ac0b1b4b528000000009866e9994ca9096672ec9f3800c2fc35ba6516e542624c47bdba76a816c3a3dd6c3fa87a3ec91df199a9af91a7babf2b8d0e7b77e6dfb4bbc9817847b705000000a1000000000000ab8353f3800f045b90b0eaab6d731199c9447eabbc8c740183aff5389742e47de5000000826a570d14310700cf2ae3366ebdb7f1000000000000333c00e6addbf4c71ffad6bfb5babb49109f92a5a52042c435c98ce7616355493d280f2d0be99e18fd0900c769e7eb4edc1c03a33676590bd2047229e0237c1e34641848531712ff09e89fb062a3e66f4fceea0691f0b4e0b33194404e643243c3841e1e7fe301f7f47a7f89512d92e83624e3de705bdfbfe089e381398e9d5428a00cc8a6d097d97e6ac8bd09b1a5577920a650114a522c1e2dcdc4f606fcbcee91770a9fada34d38cd7976a9228a0a0dd8661be8162e966aac26bea4c11458cd6ce22ddf7054cdd0a60ef3ec000000000000000000425cb75dc7ec92e9a5d29f9c99697d2a98ae0a9f35e4196c3faeb7a60a0290bf897846f6f0f1c163d6075119169d55d10da9ad0e4b2c636d200000009baaf94e2b2c48e70d8453f832eecfb1de2a3f38a5c986de9e37737dac74db251d5e9ea2b8ed39e91a7a17d01b49f7aaff7c4c73c3484bdcab362838ed940035b239a3646ef55b9f070ae14466b3acef9f8b28fb938a237e2e068ae4a6bce4407b54cc14614c2cdf877f000000000000000000000000bdcf23144e6c16b9235552aed83b6428f34d88c258a9ad16386bba51b60838fb11bc193a206b5a25b7233b222e4e68e0d1e88f26b9a45b6c29469530a37ea92aaf421cf594ecfaff9a79b56f8b38038002d29b3193cea9cd0a0ef4f5bce1cdaa99705a8fa48f61071f548d411353965615c24c1860790dfae0f4cdf8c8f8645a289a79f9b919b674f0325d81eacaa8399324a304885da01733bb7917ec5e52718eb05f9c1ffd69f834150e9100c215968e8fb31c83526e6f66897569e28d01ca6135a2acca398c1415e0f9b58b63ee9dc33608ba7e5c4bdf3f37d8e4f4f424be263d9c2a5204f41e9b0ee01ad4cc0519395b69c310c98d3c8edc7d07b30617f3535634257f5472d9f3263a6f04778a920c12000721bb82f9884780ac294b8bb07ebf6e3f16584e95607e319b2ea9776f89c19fb775514246159bbfa9dc0fdf711d3efa316a3323c915a40e6d7c8f8d7daf98824fd0bc955dc9731cc8c7a600d94b8049af764688c7ffdd26a741b03b065ba9c586914d8beb94c8a265ace34172ed003357ddd400557230b2caba26bb91d7b1b98f11fb7a77b03206c151b00015305af815f7da19872085b503a21cbe722842c26ad8dd6b83018300000000000000000000f4ffffffffffffff000000000000000000000000000000000000798d011c62dbfdbad9e58e07d371e3a2399f2369631138ad4fb3aeb3f51233922b4c700fb163efbc55c912276685a774f2dce9bb9c54fd1f505eccf06323fad86c37adafb5e80b96ba9f925a6fd57de5fedf691e8b41c9835a840d12a224ed233c93ed92603401e5a61298294e9cab078c231121d4e32fb8286478fb12f5804d13c7bcff5dcffccd1d520dc04910239efc397b7736682e1c0ef0d001c17ec1441026ed4b1395b8e88a58d667a65cec1ddee1b30bcc96652a238c990a2701e2ee0915335fa4b8c33372bd00021f17c012451519ad56594c9469f164bb915edb1fd4ce76fb37bb9512632e9c9e7dcc772128c280c6e6cc0e859bd65c666e8b7732a2c2d517af56f4cde502f364922f3c2bbf9f4ced5c6f3d33428775b7399e6c6cf52bc8d5b48079700db251c7cdad3836c1e137b11917cff00e0ecc5e93fd7e8bdd83313a27197651c92f2f9be4a6f83662fa948c46632a979e8c66d22777a06601c5f5d3ab28b9f9e39543d2bb9de6ce57a6c1c3a635a0515c87abd11988cae405b9495f54b8d89503a8c9e96bdf08eb563e4cffe00e27272ca6e392ffca16b172ce8b6ee542ec9135e969b7b029beaeba12836110fcb686d82c066d0fc67fee8a00acda99a302a7aac9e920e34174323e7c6aeefd0a092545274fb164f21ac2f46849a6d0b51ad5a230a5ffab7a66e7dde5a335aeaa9736678319f344a32c99ac748bf200368963de24c237873ff5a01f14335de9a6d06c8b49ff27ddf0f13d5fe0901355765c397ce52791339d666eec141f0d33ca51f7b8aa6e9937631269b064d9c7323df8b7154f76708b912e"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x57, 0x10, &(0x7f0000000000), 0xffffffffffffffc9, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 494.375992ms ago: executing program 3 (id=2263): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8) mkdir(&(0x7f0000000140)='./control\x00', 0x5) close(r1) r2 = inotify_init1(0x800) fcntl$setstatus(r1, 0x4, 0x2c00) r3 = gettid() fcntl$setown(r1, 0x8, r3) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000000040)={[0xffffffffffff7ff8]}, 0x0, 0x0, 0x8) inotify_add_watch(r2, &(0x7f0000000180)='./control\x00', 0xa4000960) rmdir(&(0x7f0000000100)='./control\x00') openat$cgroup_ro(r1, &(0x7f0000000080)='blkio.bfq.avg_queue_size\x00', 0x0, 0x0) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000240), 0xd, 0x101301) ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r5, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect) close(r5) bind$inet6(r4, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xffffffff}, 0x1c) listen(r4, 0x0) syz_extract_tcp_res(&(0x7f00000000c0)={0x41424344, 0x41424344}, 0x5, 0x1) syz_emit_ethernet(0x4e, &(0x7f0000000380)=ANY=[@ANYBLOB="aaaaaaaaaaaa0000000000008100220086dd600000000014060020010000000000000000000000000001fe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=r6, @ANYBLOB="0090000088000000ad29ecc9093615819aa381a39b53646139171917d7ff276565db890928627f80ad35927efeae8cca1341852354ef47d1172c99c8cb22ec4874b053e1cf39164fd7daacccc2db368b1feca1ce7c46c66ceda471bb1e7c032484b264da862ce8c27bfc16e5d35180"], 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000240)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "e5ff04", 0x18, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x1, 0x0, 0x200, {[@window={0x3, 0x3}]}}}}}}}}, 0x0) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x600, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8c0}, 0x0) 69.256714ms ago: executing program 3 (id=2264): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)={0x24, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}]]}, 0x24}}, 0x0) (fail_nth: 3) 0s ago: executing program 3 (id=2265): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r3 = syz_open_dev$swradio(&(0x7f0000000300), 0x1, 0x2) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x11, 0x80a, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r6, 0x0, 0x2}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0x40004}, @IFLA_BOND_USE_CARRIER={0x5}]}}}]}, 0x44}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40000) ioctl$VIDIOC_CREATE_BUFS(r3, 0xc0f8565c, &(0x7f0000000040)={0xfffffffc, 0xd, 0x2, {0xb, @pix={0x9625, 0x9ac1, 0x32314752, 0x6, 0x3, 0x101, 0x2, 0xe2, 0x0, 0x0, 0x1, 0x1}}, 0x1}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)={0x24, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}]]}, 0x24}}, 0x0) kernel console output (not intermixed with test programs): lready used [ 573.332034][T13790] vhci_hcd: connection closed [ 573.333014][T13792] vhci_hcd: connection closed [ 573.333113][T13788] vhci_hcd: connection closed [ 573.335071][T13786] vhci_hcd: connection closed [ 573.337106][T13784] vhci_hcd: connection closed [ 573.342328][ T1146] vhci_hcd: stop threads [ 573.346660][ T1146] vhci_hcd: release socket [ 573.348161][ T1146] vhci_hcd: disconnect device [ 573.353232][ T1146] vhci_hcd: stop threads [ 573.359089][ T1146] vhci_hcd: release socket [ 573.360494][ T1146] vhci_hcd: disconnect device [ 573.363295][ T1146] vhci_hcd: stop threads [ 573.364610][ T1146] vhci_hcd: release socket [ 573.372345][ T1146] vhci_hcd: disconnect device [ 573.380246][ T1146] vhci_hcd: stop threads [ 573.381672][ T1146] vhci_hcd: release socket [ 573.383236][ T1146] vhci_hcd: disconnect device [ 573.384790][ T1146] vhci_hcd: stop threads [ 573.386045][ T1146] vhci_hcd: release socket [ 573.387420][ T1146] vhci_hcd: disconnect device [ 573.402765][ T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 573.409946][ T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 573.415500][ T46] bond0 (unregistering): Released all slaves [ 573.432478][ T29] usb 43-1: new low-speed USB device number 14 using vhci_hcd [ 573.435278][ T29] usb 43-1: enqueue for inactive port 0 [ 573.448023][T13752] bridge0: port 1(bridge_slave_0) entered blocking state [ 573.451007][T13752] bridge0: port 1(bridge_slave_0) entered disabled state [ 573.455803][T13752] bridge_slave_0: entered allmulticast mode [ 573.459500][T13752] bridge_slave_0: entered promiscuous mode [ 573.468686][T13752] bridge0: port 2(bridge_slave_1) entered blocking state [ 573.471582][T13752] bridge0: port 2(bridge_slave_1) entered disabled state [ 573.476187][T13752] bridge_slave_1: entered allmulticast mode [ 573.480228][T13752] bridge_slave_1: entered promiscuous mode [ 573.512427][ T29] vhci_hcd: vhci_device speed not set [ 573.542657][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 573.547198][T13752] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 573.553910][T13752] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 573.627431][T13752] team0: Port device team_slave_0 added [ 573.634615][T13752] team0: Port device team_slave_1 added [ 573.681124][T13752] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 573.684156][T13752] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 573.694636][T13752] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 573.703846][T13752] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 573.706900][T13752] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 573.716682][T13752] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 573.838013][T13752] hsr_slave_0: entered promiscuous mode [ 573.840343][T13752] hsr_slave_1: entered promiscuous mode [ 573.843212][T13752] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 573.845495][T13752] Cannot create hsr debugfs directory [ 573.904186][T13807] fuse: Bad value for 'fd' [ 574.140407][ T46] hsr_slave_0: left promiscuous mode [ 574.152454][ T46] hsr_slave_1: left promiscuous mode [ 574.160328][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 574.162970][ T46] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 574.167068][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 574.169834][ T46] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 574.216716][ T46] veth1_macvtap: left promiscuous mode [ 574.223079][ T46] veth0_macvtap: left promiscuous mode [ 574.226534][ T46] veth1_vlan: left promiscuous mode [ 574.228302][ T46] veth0_vlan: left promiscuous mode [ 574.582359][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 574.664688][ T5954] Bluetooth: hci3: command tx timeout [ 574.870475][T13826] input: syz1 as /devices/virtual/input/input41 [ 574.876859][T13826] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1958'. [ 575.011872][T13828] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 575.107956][ T46] team0 (unregistering): Port device team_slave_1 removed [ 575.175583][ T46] team0 (unregistering): Port device team_slave_0 removed [ 575.632417][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 576.297790][T13850] futex_wake_op: syz.3.1961 tries to shift op by -1; fix this program [ 576.662368][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 576.680878][T13752] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 576.697829][T13752] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 576.704325][T13752] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 576.708757][T13752] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 576.752367][ T5954] Bluetooth: hci3: command tx timeout [ 576.775933][T13752] 8021q: adding VLAN 0 to HW filter on device bond0 [ 576.789959][T13752] 8021q: adding VLAN 0 to HW filter on device team0 [ 576.798037][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state [ 576.800341][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 576.816710][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state [ 576.819178][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 576.937263][T13752] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 576.961341][T13752] veth0_vlan: entered promiscuous mode [ 576.969842][T13752] veth1_vlan: entered promiscuous mode [ 576.990408][T13752] veth0_macvtap: entered promiscuous mode [ 576.995219][T13752] veth1_macvtap: entered promiscuous mode [ 577.007486][T13752] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 577.017267][T13752] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 577.024383][T13752] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 577.027241][T13752] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 577.030004][T13752] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 577.033003][T13752] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 577.069243][ T1142] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 577.071778][ T1142] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 577.101575][ T1140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 577.104785][ T1140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 577.513512][T13900] mac80211_hwsim hwsim8 wlan1: entered allmulticast mode [ 577.704446][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 578.752788][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 578.912864][T13923] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1972'. [ 578.922596][T13923] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1972'. [ 578.932737][T13923] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1972'. [ 578.935914][T13923] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1972'. [ 579.204813][ T1140] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 579.782926][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 580.822465][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 580.929999][ T1140] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 581.027134][ T1140] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 581.113498][ T1140] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 581.152305][T13923] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 581.218532][ T1140] bridge_slave_1: left allmulticast mode [ 581.220360][ T1140] bridge_slave_1: left promiscuous mode [ 581.223022][ T1140] bridge0: port 2(bridge_slave_1) entered disabled state [ 581.229368][ T1140] bridge_slave_0: left allmulticast mode [ 581.231268][ T1140] bridge_slave_0: left promiscuous mode [ 581.233397][ T1140] bridge0: port 1(bridge_slave_0) entered disabled state [ 581.484032][ T1140] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 581.490924][ T1140] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 581.496750][ T1140] bond0 (unregistering): Released all slaves [ 581.862316][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 581.872101][T13923] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 581.904149][T12889] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 581.908513][T12889] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 581.911662][T12889] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 581.914145][ T1140] hsr_slave_0: left promiscuous mode [ 581.917269][ T1140] hsr_slave_1: left promiscuous mode [ 581.917520][T12889] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 581.919233][ T1140] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 581.924096][ T1140] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 581.926016][T12889] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 581.931310][ T1140] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 581.936443][ T1140] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 581.988604][ T1140] veth1_macvtap: left promiscuous mode [ 581.990341][ T1140] veth0_macvtap: left promiscuous mode [ 581.992593][ T1140] veth1_vlan: left promiscuous mode [ 581.994347][ T1140] veth0_vlan: left promiscuous mode [ 582.070691][T13969] 9pnet: Unknown protocol version 9p2000.uþ/6EGËoµH1Òp½Ü&•5Ÿhbï0'ˆE [ 582.912320][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 582.918846][ T1140] team0 (unregistering): Port device team_slave_1 removed [ 583.010936][ T1140] team0 (unregistering): Port device team_slave_0 removed [ 583.234984][ T5954] Bluetooth: hci2: command 0x0406 tx timeout [ 583.705814][T13929] lo speed is unknown, defaulting to 1000 [ 583.935564][T13929] chnl_net:caif_netlink_parms(): no params data found [ 583.942350][ T5954] Bluetooth: hci3: command tx timeout [ 583.942369][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 584.031760][T13929] bridge0: port 1(bridge_slave_0) entered blocking state [ 584.034389][T13929] bridge0: port 1(bridge_slave_0) entered disabled state [ 584.036669][T13929] bridge_slave_0: entered allmulticast mode [ 584.039897][T13929] bridge_slave_0: entered promiscuous mode [ 584.044986][T13929] bridge0: port 2(bridge_slave_1) entered blocking state [ 584.047598][T13929] bridge0: port 2(bridge_slave_1) entered disabled state [ 584.050633][T13929] bridge_slave_1: entered allmulticast mode [ 584.054918][T13929] bridge_slave_1: entered promiscuous mode [ 584.106787][T13929] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 584.113438][T13929] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 584.174636][T13929] team0: Port device team_slave_0 added [ 584.180294][T13929] team0: Port device team_slave_1 added [ 584.232421][T13996] futex_wake_op: syz.0.1977 tries to shift op by -1; fix this program [ 584.405740][T13929] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 584.408038][T13929] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 584.415904][T13929] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 584.420555][T13929] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 584.423734][T13929] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 584.434283][T13929] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 584.452417][ T40] audit: type=1326 audit(2000000505.289:1011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13998 comm="syz.3.1981" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 584.463306][ T40] audit: type=1326 audit(2000000505.289:1012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13998 comm="syz.3.1981" exe="/syz-executor" sig=0 arch=40000003 syscall=258 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 584.470185][ T40] audit: type=1326 audit(2000000505.289:1013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13998 comm="syz.3.1981" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 584.483082][ T40] audit: type=1326 audit(2000000505.289:1014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13998 comm="syz.3.1981" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 584.493569][ T40] audit: type=1326 audit(2000000505.299:1015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13998 comm="syz.3.1981" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 584.500448][ T40] audit: type=1326 audit(2000000505.309:1016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13998 comm="syz.3.1981" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 584.510024][ T40] audit: type=1326 audit(2000000505.329:1017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13998 comm="syz.3.1981" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 584.514984][T13929] hsr_slave_0: entered promiscuous mode [ 584.518024][ T40] audit: type=1326 audit(2000000505.329:1018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13998 comm="syz.3.1981" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 584.521386][T13929] hsr_slave_1: entered promiscuous mode [ 584.527849][ T40] audit: type=1326 audit(2000000505.329:1019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13998 comm="syz.3.1981" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 584.527874][ T40] audit: type=1326 audit(2000000505.329:1020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13998 comm="syz.3.1981" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 584.638828][ T1142] Bluetooth: hci4: Frame reassembly failed (-84) [ 584.824867][T14014] 8021q: VLANs not supported on sit0 [ 584.886742][T14019] ubi: mtd0 is already attached to ubi31 [ 584.992345][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 585.462654][ T29] usb 8-1: new high-speed USB device number 15 using dummy_hcd [ 585.642700][ T29] usb 8-1: Using ep0 maxpacket: 8 [ 585.662996][ T29] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 585.676441][ T29] usb 8-1: config 0 has no interface number 0 [ 585.687282][ T29] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 585.706308][ T29] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 585.721657][ T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 585.756844][ T29] usb 8-1: config 0 descriptor?? [ 585.794691][ T29] iowarrior 8-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 585.950362][T13929] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 585.972711][T13929] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 585.984351][T13929] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 585.997668][T13929] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 586.022408][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 586.022479][T12889] Bluetooth: hci3: command tx timeout [ 586.295350][T13929] 8021q: adding VLAN 0 to HW filter on device bond0 [ 586.336484][T13929] 8021q: adding VLAN 0 to HW filter on device team0 [ 586.351174][ T6493] bridge0: port 1(bridge_slave_0) entered blocking state [ 586.354244][ T6493] bridge0: port 1(bridge_slave_0) entered forwarding state [ 586.370415][ T6493] bridge0: port 2(bridge_slave_1) entered blocking state [ 586.372831][ T6493] bridge0: port 2(bridge_slave_1) entered forwarding state [ 586.406272][T13929] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 586.663507][T12889] Bluetooth: hci4: command 0x1003 tx timeout [ 586.675400][ T5954] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 586.771665][T13929] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 586.880878][T13929] veth0_vlan: entered promiscuous mode [ 586.896015][T13929] veth1_vlan: entered promiscuous mode [ 586.948654][T13929] veth0_macvtap: entered promiscuous mode [ 586.955452][T13929] veth1_macvtap: entered promiscuous mode [ 586.998513][T13929] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 587.021334][T13929] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 587.029124][T13929] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.037041][T13929] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.040840][T13929] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.045596][T13929] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.062370][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 587.139481][ T1140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 587.152452][ T1140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 587.174533][ T1142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 587.177535][ T1142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 587.469349][T14063] xt_hashlimit: invalid rate [ 587.476388][T14063] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1991'. [ 587.503111][T14066] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1992'. [ 588.001309][ T34] usb 8-1: USB disconnect, device number 15 [ 588.102496][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 588.640579][ T1142] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 588.791783][T14101] evm: overlay not supported [ 588.953267][T12889] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 588.958403][T12889] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 588.963267][T12889] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 588.968063][T12889] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 588.974526][T12889] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 589.020695][T14111] lo speed is unknown, defaulting to 1000 [ 589.142695][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 589.313614][T14111] chnl_net:caif_netlink_parms(): no params data found [ 589.387074][T14111] bridge0: port 1(bridge_slave_0) entered blocking state [ 589.389461][T14111] bridge0: port 1(bridge_slave_0) entered disabled state [ 589.391798][T14111] bridge_slave_0: entered allmulticast mode [ 589.394946][T14111] bridge_slave_0: entered promiscuous mode [ 589.399750][T14111] bridge0: port 2(bridge_slave_1) entered blocking state [ 589.402132][T14111] bridge0: port 2(bridge_slave_1) entered disabled state [ 589.405660][T14111] bridge_slave_1: entered allmulticast mode [ 589.408311][T14111] bridge_slave_1: entered promiscuous mode [ 589.453006][T14111] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 589.459815][T14111] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 589.568831][T14111] team0: Port device team_slave_0 added [ 589.573805][T14111] team0: Port device team_slave_1 added [ 589.617634][T14111] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 589.619842][T14111] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 589.637374][T14111] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 589.643950][T14111] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 589.646177][T14111] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 589.682424][T14111] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 589.791012][T14111] hsr_slave_0: entered promiscuous mode [ 589.794275][T14111] hsr_slave_1: entered promiscuous mode [ 589.797104][T14111] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 589.801622][T14111] Cannot create hsr debugfs directory [ 590.182418][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 590.475831][ T1142] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.555464][ T1142] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.634377][ T1142] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.817013][ T1142] bridge_slave_1: left allmulticast mode [ 590.819206][ T1142] bridge_slave_1: left promiscuous mode [ 590.821631][ T1142] bridge0: port 2(bridge_slave_1) entered disabled state [ 590.851353][ T1142] bridge_slave_0: left allmulticast mode [ 590.854585][ T1142] bridge_slave_0: left promiscuous mode [ 590.857232][ T1142] bridge0: port 1(bridge_slave_0) entered disabled state [ 591.063504][T12889] Bluetooth: hci3: command tx timeout [ 591.222473][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 591.486504][ T1142] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 591.492641][ T1142] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 591.497640][ T1142] bond0 (unregistering): Released all slaves [ 592.096151][T14111] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 592.134571][T14111] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 592.141346][ T1142] hsr_slave_0: left promiscuous mode [ 592.149735][ T1142] hsr_slave_1: left promiscuous mode [ 592.151783][ T1142] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 592.154330][ T1142] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 592.157082][ T1142] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 592.159546][ T1142] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 592.195017][ T1142] veth1_macvtap: left promiscuous mode [ 592.197400][ T1142] veth0_macvtap: left promiscuous mode [ 592.199863][ T1142] veth1_vlan: left promiscuous mode [ 592.201766][ T1142] veth0_vlan: left promiscuous mode [ 592.262373][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 592.432151][T14194] netlink: 'syz.0.2012': attribute type 1 has an invalid length. [ 592.435735][T14194] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2012'. [ 593.090372][ T1142] team0 (unregistering): Port device team_slave_1 removed [ 593.142380][T12889] Bluetooth: hci3: command tx timeout [ 593.157744][ T1142] team0 (unregistering): Port device team_slave_0 removed [ 593.302352][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 593.692514][T14111] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 593.696754][T14111] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 593.705463][T14201] pim6reg: entered allmulticast mode [ 593.707453][T14201] pim6reg: left allmulticast mode [ 593.746130][T14205] netlink: 'syz.2.2016': attribute type 1 has an invalid length. [ 593.748667][T14205] netlink: 244 bytes leftover after parsing attributes in process `syz.2.2016'. [ 593.755010][T14205] x_tables: ip_tables: DNAT target: used from hooks INPUT, but only usable from PREROUTING/OUTPUT [ 593.796267][T14111] 8021q: adding VLAN 0 to HW filter on device bond0 [ 593.806018][T14111] 8021q: adding VLAN 0 to HW filter on device team0 [ 593.811701][ T6493] bridge0: port 1(bridge_slave_0) entered blocking state [ 593.814165][ T6493] bridge0: port 1(bridge_slave_0) entered forwarding state [ 593.820411][ T6493] bridge0: port 2(bridge_slave_1) entered blocking state [ 593.823491][ T6493] bridge0: port 2(bridge_slave_1) entered forwarding state [ 593.936903][T14111] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 593.983316][T14111] veth0_vlan: entered promiscuous mode [ 593.989672][T14111] veth1_vlan: entered promiscuous mode [ 594.016121][T14111] veth0_macvtap: entered promiscuous mode [ 594.020253][T14111] veth1_macvtap: entered promiscuous mode [ 594.031293][T14111] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 594.039284][T14111] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 594.051437][T14111] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 594.059727][T14111] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 594.064421][T14111] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 594.067450][T14111] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 594.121556][ T1049] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 594.130710][ T1049] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 594.144968][ T1049] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 594.148532][ T1049] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 594.342378][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 595.382384][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 595.891544][T14256] FAULT_INJECTION: forcing a failure. [ 595.891544][T14256] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 595.895869][T14256] CPU: 2 UID: 0 PID: 14256 Comm: syz.2.2030 Not tainted 6.15.0-syzkaller-08486-gf66bc387efbe #0 PREEMPT(full) [ 595.895886][T14256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 595.895893][T14256] Call Trace: [ 595.895897][T14256] [ 595.895901][T14256] dump_stack_lvl+0x16c/0x1f0 [ 595.895918][T14256] should_fail_ex+0x512/0x640 [ 595.895935][T14256] should_fail_alloc_page+0xe7/0x130 [ 595.895956][T14256] prepare_alloc_pages+0x3c2/0x610 [ 595.895974][T14256] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 595.895989][T14256] ? find_held_lock+0x2b/0x80 [ 595.896004][T14256] ? is_bpf_text_address+0x8a/0x1a0 [ 595.896016][T14256] ? bpf_ksym_find+0x124/0x1c0 [ 595.896031][T14256] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 595.896043][T14256] ? is_bpf_text_address+0x94/0x1a0 [ 595.896054][T14256] ? __kernel_text_address+0xd/0x40 [ 595.896067][T14256] ? unwind_get_return_address+0x59/0xa0 [ 595.896086][T14256] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 595.896099][T14256] ? policy_nodemask+0xea/0x4e0 [ 595.896113][T14256] alloc_pages_mpol+0x1fb/0x550 [ 595.896127][T14256] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 595.896138][T14256] ? kasan_save_stack+0x33/0x60 [ 595.896149][T14256] ? __kasan_kmalloc+0xaa/0xb0 [ 595.896158][T14256] ? __get_vm_area_node+0x101/0x330 [ 595.896177][T14256] alloc_pages_noprof+0x131/0x390 [ 595.896189][T14256] get_free_pages_noprof+0x10/0xb0 [ 595.896203][T14256] kasan_populate_vmalloc+0x89/0x1f0 [ 595.896216][T14256] alloc_vmap_area+0x963/0x28f0 [ 595.896236][T14256] ? __pfx_alloc_vmap_area+0x10/0x10 [ 595.896254][T14256] __get_vm_area_node+0x1ca/0x330 [ 595.896271][T14256] __vmalloc_node_range_noprof+0x277/0x1520 [ 595.896282][T14256] ? bpf_check+0x1e4/0xb4f0 [ 595.896293][T14256] ? rcu_read_unlock+0x17/0x60 [ 595.896307][T14256] ? bpf_check+0x1e4/0xb4f0 [ 595.896317][T14256] ? rcu_is_watching+0x12/0xc0 [ 595.896330][T14256] ? ___kmalloc_large_node+0x183/0x1e0 [ 595.896345][T14256] ? lockdep_hardirqs_on+0x7c/0x110 [ 595.896357][T14256] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 595.896367][T14256] ? rcu_is_watching+0x12/0xc0 [ 595.896381][T14256] ? rcu_is_watching+0x12/0xc0 [ 595.896396][T14256] ? bpf_check+0x1e4/0xb4f0 [ 595.896404][T14256] __vmalloc_node_noprof+0xad/0xf0 [ 595.896414][T14256] ? bpf_check+0x1e4/0xb4f0 [ 595.896424][T14256] bpf_check+0x1e4/0xb4f0 [ 595.896433][T14256] ? __mutex_trylock_common+0xe9/0x250 [ 595.896446][T14256] ? __mutex_trylock_common+0xe9/0x250 [ 595.896461][T14256] ? __pfx_bpf_check+0x10/0x10 [ 595.896474][T14256] ? css_rstat_updated+0x9d/0xd30 [ 595.896489][T14256] ? __lock_acquire+0xb8a/0x1c90 [ 595.896506][T14256] ? find_held_lock+0x2b/0x80 [ 595.896520][T14256] ? rcu_is_watching+0x12/0xc0 [ 595.896532][T14256] ? ktime_get_with_offset+0x26e/0x3b0 [ 595.896548][T14256] ? __asan_memset+0x23/0x50 [ 595.896557][T14256] ? bpf_obj_name_cpy+0x14a/0x1a0 [ 595.896571][T14256] bpf_prog_load+0xe41/0x2490 [ 595.896586][T14256] ? __pfx_bpf_prog_load+0x10/0x10 [ 595.896611][T14256] __sys_bpf+0x433c/0x4d80 [ 595.896626][T14256] ? __pfx___sys_bpf+0x10/0x10 [ 595.896639][T14256] ? ksys_write+0x190/0x250 [ 595.896651][T14256] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 595.896672][T14256] ? fput+0x70/0xf0 [ 595.896684][T14256] ? ksys_write+0x1ac/0x250 [ 595.896694][T14256] ? __pfx_ksys_write+0x10/0x10 [ 595.896706][T14256] __ia32_sys_bpf+0x76/0xe0 [ 595.896720][T14256] __do_fast_syscall_32+0x7c/0x3a0 [ 595.896734][T14256] do_fast_syscall_32+0x32/0x80 [ 595.896746][T14256] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 595.896759][T14256] RIP: 0023:0xf70fe579 [ 595.896767][T14256] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 595.896778][T14256] RSP: 002b:00000000f50ee55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 595.896788][T14256] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000240 [ 595.896794][T14256] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 595.896800][T14256] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 595.896805][T14256] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 595.896811][T14256] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 595.896824][T14256] [ 595.896839][T14256] syz.2.2030: vmalloc error: size 240, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 596.047783][T14256] CPU: 3 UID: 0 PID: 14256 Comm: syz.2.2030 Not tainted 6.15.0-syzkaller-08486-gf66bc387efbe #0 PREEMPT(full) [ 596.047807][T14256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 596.047817][T14256] Call Trace: [ 596.047824][T14256] [ 596.047830][T14256] dump_stack_lvl+0x16c/0x1f0 [ 596.047855][T14256] warn_alloc+0x248/0x3a0 [ 596.047874][T14256] ? __pfx_warn_alloc+0x10/0x10 [ 596.047896][T14256] ? kfree+0x2b4/0x4d0 [ 596.047916][T14256] ? __get_vm_area_node+0x208/0x330 [ 596.047945][T14256] __vmalloc_node_range_noprof+0xd32/0x1520 [ 596.047966][T14256] ? rcu_read_unlock+0x17/0x60 [ 596.047990][T14256] ? bpf_check+0x1e4/0xb4f0 [ 596.048007][T14256] ? rcu_is_watching+0x12/0xc0 [ 596.048028][T14256] ? ___kmalloc_large_node+0x183/0x1e0 [ 596.048052][T14256] ? lockdep_hardirqs_on+0x7c/0x110 [ 596.048070][T14256] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 596.048088][T14256] ? rcu_is_watching+0x12/0xc0 [ 596.048111][T14256] ? rcu_is_watching+0x12/0xc0 [ 596.048133][T14256] ? bpf_check+0x1e4/0xb4f0 [ 596.048149][T14256] __vmalloc_node_noprof+0xad/0xf0 [ 596.048163][T14256] ? bpf_check+0x1e4/0xb4f0 [ 596.048181][T14256] bpf_check+0x1e4/0xb4f0 [ 596.048195][T14256] ? __mutex_trylock_common+0xe9/0x250 [ 596.048217][T14256] ? __mutex_trylock_common+0xe9/0x250 [ 596.048243][T14256] ? __pfx_bpf_check+0x10/0x10 [ 596.048263][T14256] ? css_rstat_updated+0x9d/0xd30 [ 596.048292][T14256] ? __lock_acquire+0xb8a/0x1c90 [ 596.048320][T14256] ? find_held_lock+0x2b/0x80 [ 596.048343][T14256] ? rcu_is_watching+0x12/0xc0 [ 596.048364][T14256] ? ktime_get_with_offset+0x26e/0x3b0 [ 596.048388][T14256] ? __asan_memset+0x23/0x50 [ 596.048405][T14256] ? bpf_obj_name_cpy+0x14a/0x1a0 [ 596.048427][T14256] bpf_prog_load+0xe41/0x2490 [ 596.048452][T14256] ? __pfx_bpf_prog_load+0x10/0x10 [ 596.048495][T14256] __sys_bpf+0x433c/0x4d80 [ 596.048518][T14256] ? __pfx___sys_bpf+0x10/0x10 [ 596.048540][T14256] ? ksys_write+0x190/0x250 [ 596.048561][T14256] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 596.048595][T14256] ? fput+0x70/0xf0 [ 596.048614][T14256] ? ksys_write+0x1ac/0x250 [ 596.048631][T14256] ? __pfx_ksys_write+0x10/0x10 [ 596.048652][T14256] __ia32_sys_bpf+0x76/0xe0 [ 596.048674][T14256] __do_fast_syscall_32+0x7c/0x3a0 [ 596.048697][T14256] do_fast_syscall_32+0x32/0x80 [ 596.048717][T14256] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 596.048736][T14256] RIP: 0023:0xf70fe579 [ 596.048750][T14256] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 596.048770][T14256] RSP: 002b:00000000f50ee55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 596.048786][T14256] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000240 [ 596.048796][T14256] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 596.048806][T14256] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 596.048816][T14256] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 596.048824][T14256] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 596.048846][T14256] [ 596.048852][T14256] Mem-Info: [ 596.163981][T14256] active_anon:9210 inactive_anon:112 isolated_anon:0 [ 596.163981][T14256] active_file:8698 inactive_file:42926 isolated_file:0 [ 596.163981][T14256] unevictable:1768 dirty:289 writeback:0 [ 596.163981][T14256] slab_reclaimable:8371 slab_unreclaimable:58300 [ 596.163981][T14256] mapped:22081 shmem:5201 pagetables:816 [ 596.163981][T14256] sec_pagetables:349 bounce:0 [ 596.163981][T14256] kernel_misc_reclaimable:0 [ 596.163981][T14256] free:42249 free_pcp:15465 free_cma:0 [ 596.177791][T14256] Node 0 active_anon:1156kB inactive_anon:152kB active_file:372kB inactive_file:40kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:172kB dirty:8kB writeback:0kB shmem:4892kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:7796kB pagetables:840kB sec_pagetables:1224kB all_unreclaimable? yes Balloon:0kB [ 596.189737][T14256] Node 1 active_anon:35684kB inactive_anon:296kB active_file:34420kB inactive_file:171664kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:88152kB dirty:1148kB writeback:0kB shmem:15912kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:4344kB pagetables:2424kB sec_pagetables:172kB all_unreclaimable? no Balloon:0kB [ 596.200333][T14256] Node 0 DMA free:1924kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:480kB local_pcp:212kB free_cma:0kB [ 596.208737][T14256] lowmem_reserve[]: 0 290 290 290 290 [ 596.210864][T14256] Node 0 DMA32 free:17412kB boost:0kB min:13332kB low:16664kB high:19996kB reserved_highatomic:4096KB active_anon:1140kB inactive_anon:152kB active_file:372kB inactive_file:40kB unevictable:3536kB writepending:8kB present:1032196kB managed:296964kB mlocked:0kB bounce:0kB free_pcp:4376kB local_pcp:544kB free_cma:0kB [ 596.220113][T14256] lowmem_reserve[]: 0 0 0 0 0 [ 596.221684][T14256] Node 1 DMA32 free:149560kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB active_anon:35604kB inactive_anon:296kB active_file:34420kB inactive_file:171664kB unevictable:3536kB writepending:1092kB present:1048432kB managed:948276kB mlocked:0kB bounce:0kB free_pcp:57308kB local_pcp:16112kB free_cma:0kB [ 596.242063][T14256] lowmem_reserve[]: 0 0 0 0 0 [ 596.244157][T14256] Node 0 DMA: 3*4kB (M) 7*8kB (UM) 6*16kB (UM) 5*32kB (UM) 3*64kB (U) 1*128kB (M) 1*256kB (M) 0*512kB 1*1024kB (M) 0*2048kB 0*4096kB = 1924kB [ 596.248929][T14256] Node 0 DMA32: 153*4kB (UEH) 114*8kB (UMEH) 39*16kB (UEH) 78*32kB (UMEH) 46*64kB (UMEH) 15*128kB (UME) 5*256kB (UMH) 5*512kB (UME) 0*1024kB 2*2048kB (UM) 0*4096kB = 17444kB [ 596.256413][T14256] Node 1 DMA32: 445*4kB (UE) 197*8kB (UE) 134*16kB (UME) 401*32kB (UME) 472*64kB (UME) 122*128kB (UME) 32*256kB (UME) 26*512kB (UME) 12*1024kB (UM) 7*2048kB (UME) 9*4096kB (UM) = 149148kB [ 596.263184][T14256] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 596.264551][ T1049] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 596.272466][T14256] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 596.278697][T14256] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 596.282437][T14256] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 596.287072][T14256] 57244 total pagecache pages [ 596.292467][T14256] 403 pages in swap cache [ 596.293861][T14256] Free swap = 121968kB [ 596.302461][T14256] Total swap = 124996kB [ 596.304234][T14256] 524155 pages RAM [ 596.305458][T14256] 0 pages HighMem/MovableOnly [ 596.307114][T14256] 209005 pages reserved [ 596.308441][T14256] 0 pages cma reserved [ 596.422650][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 596.578130][T14267] FAULT_INJECTION: forcing a failure. [ 596.578130][T14267] name failslab, interval 1, probability 0, space 0, times 0 [ 596.582553][T14267] CPU: 2 UID: 0 PID: 14267 Comm: syz.3.2033 Not tainted 6.15.0-syzkaller-08486-gf66bc387efbe #0 PREEMPT(full) [ 596.582568][T14267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 596.582575][T14267] Call Trace: [ 596.582579][T14267] [ 596.582583][T14267] dump_stack_lvl+0x16c/0x1f0 [ 596.582600][T14267] should_fail_ex+0x512/0x640 [ 596.582615][T14267] ? fs_reclaim_acquire+0xae/0x150 [ 596.582632][T14267] should_failslab+0xc2/0x120 [ 596.582645][T14267] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 596.582658][T14267] ? security_inode_alloc+0x3b/0x2b0 [ 596.582671][T14267] security_inode_alloc+0x3b/0x2b0 [ 596.582682][T14267] inode_init_always_gfp+0xce4/0x1030 [ 596.582695][T14267] ? __pfx_afs_iget5_pseudo_set+0x10/0x10 [ 596.582708][T14267] alloc_inode+0x86/0x240 [ 596.582721][T14267] iget5_locked+0x338/0x3d0 [ 596.582734][T14267] ? afs_lookup_cell+0x243/0x1680 [ 596.582753][T14267] ? __pfx_afs_iget5_pseudo_test+0x10/0x10 [ 596.582766][T14267] ? __pfx_afs_iget5_pseudo_set+0x10/0x10 [ 596.582780][T14267] ? __pfx_iget5_locked+0x10/0x10 [ 596.582794][T14267] ? find_held_lock+0x2b/0x80 [ 596.582808][T14267] ? net_generic+0xea/0x2a0 [ 596.582824][T14267] afs_dynroot_lookup+0x391/0xa90 [ 596.582836][T14267] ? find_held_lock+0x56/0x80 [ 596.582849][T14267] ? __pfx_afs_dynroot_lookup+0x10/0x10 [ 596.582861][T14267] ? d_alloc+0x176/0x1e0 [ 596.582873][T14267] ? do_raw_spin_unlock+0x172/0x230 [ 596.582885][T14267] ? _raw_spin_unlock+0x28/0x50 [ 596.582898][T14267] lookup_one_qstr_excl_raw.part.0+0xec/0x160 [ 596.582913][T14267] ? lookup_dcache+0x66/0x170 [ 596.582927][T14267] lookup_one_qstr_excl+0x3e/0x120 [ 596.582942][T14267] do_renameat2+0x56d/0xc90 [ 596.582958][T14267] ? __pfx_do_renameat2+0x10/0x10 [ 596.582971][T14267] ? find_held_lock+0x2b/0x80 [ 596.582983][T14267] ? __might_fault+0xe3/0x190 [ 596.582995][T14267] ? __might_fault+0x13b/0x190 [ 596.583012][T14267] ? getname_flags.part.0+0x1c5/0x550 [ 596.583029][T14267] __ia32_sys_renameat2+0xe7/0x130 [ 596.583042][T14267] __do_fast_syscall_32+0x7c/0x3a0 [ 596.583057][T14267] do_fast_syscall_32+0x32/0x80 [ 596.583070][T14267] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 596.583083][T14267] RIP: 0023:0xf7f03579 [ 596.583092][T14267] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 596.583101][T14267] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000161 [ 596.583112][T14267] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000140 [ 596.583118][T14267] RDX: 00000000ffffff9c RSI: 0000000080000600 RDI: 0000000000000002 [ 596.583124][T14267] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 596.583130][T14267] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 596.583135][T14267] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 596.583148][T14267] [ 596.886355][T14273] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2035'. [ 596.965982][ T5954] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 596.970684][ T5954] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 597.075461][ T5954] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 597.080676][ T5954] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 597.083956][ T5954] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 597.204405][T14274] lo speed is unknown, defaulting to 1000 [ 597.462370][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 597.508381][T14283] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2037'. [ 597.511428][T14283] FAULT_INJECTION: forcing a failure. [ 597.511428][T14283] name failslab, interval 1, probability 0, space 0, times 0 [ 597.516597][T14283] CPU: 0 UID: 0 PID: 14283 Comm: syz.2.2037 Not tainted 6.15.0-syzkaller-08486-gf66bc387efbe #0 PREEMPT(full) [ 597.516622][T14283] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 597.516631][T14283] Call Trace: [ 597.516637][T14283] [ 597.516644][T14283] dump_stack_lvl+0x16c/0x1f0 [ 597.516670][T14283] should_fail_ex+0x512/0x640 [ 597.516692][T14283] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 597.516714][T14283] should_failslab+0xc2/0x120 [ 597.516733][T14283] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 597.516753][T14283] ? __alloc_skb+0x2b2/0x380 [ 597.516776][T14283] __alloc_skb+0x2b2/0x380 [ 597.516795][T14283] ? __pfx___alloc_skb+0x10/0x10 [ 597.516811][T14283] ? __pfx_rtnl_newlink+0x10/0x10 [ 597.516842][T14283] netlink_ack+0x15d/0xb80 [ 597.516874][T14283] netlink_rcv_skb+0x332/0x420 [ 597.516898][T14283] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 597.516922][T14283] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 597.516955][T14283] ? netlink_deliver_tap+0x1ae/0xd30 [ 597.516990][T14283] netlink_unicast+0x53a/0x7f0 [ 597.517018][T14283] ? __pfx_netlink_unicast+0x10/0x10 [ 597.517049][T14283] netlink_sendmsg+0x8d1/0xdd0 [ 597.517078][T14283] ? __pfx_netlink_sendmsg+0x10/0x10 [ 597.517104][T14283] ? __import_iovec+0x1dd/0x650 [ 597.517133][T14283] ____sys_sendmsg+0xa98/0xc70 [ 597.517155][T14283] ? __pfx_____sys_sendmsg+0x10/0x10 [ 597.517179][T14283] ? get_compat_msghdr+0x11a/0x170 [ 597.517204][T14283] ? __pfx__kstrtoull+0x10/0x10 [ 597.517228][T14283] ___sys_sendmsg+0x134/0x1d0 [ 597.517251][T14283] ? __pfx____sys_sendmsg+0x10/0x10 [ 597.517269][T14283] ? __lock_acquire+0x622/0x1c90 [ 597.517316][T14283] __sys_sendmmsg+0x2f9/0x420 [ 597.517340][T14283] ? __pfx___sys_sendmmsg+0x10/0x10 [ 597.517369][T14283] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 597.517396][T14283] ? fput+0x70/0xf0 [ 597.517413][T14283] ? ksys_write+0x1ac/0x250 [ 597.517430][T14283] ? __pfx_ksys_write+0x10/0x10 [ 597.517451][T14283] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 597.517474][T14283] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 597.517497][T14283] __do_fast_syscall_32+0x7c/0x3a0 [ 597.517538][T14283] do_fast_syscall_32+0x32/0x80 [ 597.517559][T14283] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 597.517579][T14283] RIP: 0023:0xf70fe579 [ 597.517592][T14283] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 597.517607][T14283] RSP: 002b:00000000f50ee55c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 597.517623][T14283] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000800002c0 [ 597.517634][T14283] RDX: 000000000000009f RSI: 0000000000000000 RDI: 0000000000000000 [ 597.517643][T14283] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 597.517651][T14283] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 597.517659][T14283] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 597.517675][T14283] [ 597.527170][T14274] chnl_net:caif_netlink_parms(): no params data found [ 597.729273][T14274] bridge0: port 1(bridge_slave_0) entered blocking state [ 597.731731][T14274] bridge0: port 1(bridge_slave_0) entered disabled state [ 597.734304][T14274] bridge_slave_0: entered allmulticast mode [ 597.736934][T14274] bridge_slave_0: entered promiscuous mode [ 597.740421][T14274] bridge0: port 2(bridge_slave_1) entered blocking state [ 597.742779][T14274] bridge0: port 2(bridge_slave_1) entered disabled state [ 597.745027][T14274] bridge_slave_1: entered allmulticast mode [ 597.747629][T14274] bridge_slave_1: entered promiscuous mode [ 597.782545][T14274] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 597.787673][T14274] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 597.838385][ T1049] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.848491][T14274] team0: Port device team_slave_0 added [ 597.852038][T14274] team0: Port device team_slave_1 added [ 597.883894][T14274] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 597.886095][T14274] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 597.895984][T14274] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 597.900241][T14274] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 597.904788][T14274] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 597.914049][T14274] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 597.931679][ T1049] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.970981][T14274] hsr_slave_0: entered promiscuous mode [ 597.973363][T14274] hsr_slave_1: entered promiscuous mode [ 598.007492][ T1049] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 598.149358][ T1049] bridge_slave_1: left allmulticast mode [ 598.151693][ T1049] bridge_slave_1: left promiscuous mode [ 598.154028][ T1049] bridge0: port 2(bridge_slave_1) entered disabled state [ 598.157941][ T1049] bridge_slave_0: left allmulticast mode [ 598.159812][ T1049] bridge_slave_0: left promiscuous mode [ 598.161718][ T1049] bridge0: port 1(bridge_slave_0) entered disabled state [ 598.387490][T14309] 9pnet_fd: Insufficient options for proto=fd [ 598.444258][ T1049] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 598.450086][ T1049] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 598.455455][ T1049] bond0 (unregistering): Released all slaves [ 598.502324][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 598.606046][T14309] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 598.622634][T14310] FAULT_INJECTION: forcing a failure. [ 598.622634][T14310] name failslab, interval 1, probability 0, space 0, times 0 [ 598.626607][T14310] CPU: 2 UID: 0 PID: 14310 Comm: syz.3.2041 Not tainted 6.15.0-syzkaller-08486-gf66bc387efbe #0 PREEMPT(full) [ 598.626622][T14310] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 598.626628][T14310] Call Trace: [ 598.626632][T14310] [ 598.626637][T14310] dump_stack_lvl+0x16c/0x1f0 [ 598.626653][T14310] should_fail_ex+0x512/0x640 [ 598.626668][T14310] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 598.626682][T14310] should_failslab+0xc2/0x120 [ 598.626695][T14310] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 598.626706][T14310] ? __lock_acquire+0x622/0x1c90 [ 598.626717][T14310] ? __kernfs_new_node+0xd2/0x8e0 [ 598.626738][T14310] __kernfs_new_node+0xd2/0x8e0 [ 598.626750][T14310] ? __pfx___kernfs_new_node+0x10/0x10 [ 598.626764][T14310] ? find_held_lock+0x2b/0x80 [ 598.626778][T14310] ? kernfs_root+0xee/0x2a0 [ 598.626791][T14310] kernfs_new_node+0x13c/0x1e0 [ 598.626803][T14310] ? __pfx_map_id_range_down+0x10/0x10 [ 598.626817][T14310] __kernfs_create_file+0x53/0x350 [ 598.626833][T14310] sysfs_add_file_mode_ns+0x207/0x3c0 [ 598.626847][T14310] internal_create_group+0x578/0xf30 [ 598.626861][T14310] ? kobject_init_and_add+0x123/0x190 [ 598.626875][T14310] ? __pfx_internal_create_group+0x10/0x10 [ 598.626885][T14310] ? __pfx_kobject_init_and_add+0x10/0x10 [ 598.626899][T14310] ? __do_fast_syscall_32+0x7c/0x3a0 [ 598.626917][T14310] internal_create_groups+0x9d/0x150 [ 598.626929][T14310] netdev_queue_update_kobjects+0x115/0x720 [ 598.626949][T14310] netif_set_real_num_tx_queues+0x170/0x8e0 [ 598.626968][T14310] tun_attach.isra.0+0x6af/0x17e0 [ 598.626987][T14310] ? find_held_lock+0x2b/0x80 [ 598.627005][T14310] __tun_chr_ioctl+0x1533/0x47a0 [ 598.627022][T14310] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 598.627039][T14310] ? hook_file_ioctl_common+0x145/0x410 [ 598.627053][T14310] ? __fget_files+0x20e/0x3c0 [ 598.627062][T14310] ? __fput_deferred+0x350/0x370 [ 598.627079][T14310] ? __pfx_tun_chr_compat_ioctl+0x10/0x10 [ 598.627093][T14310] __ia32_compat_sys_ioctl+0x23f/0x370 [ 598.627110][T14310] __do_fast_syscall_32+0x7c/0x3a0 [ 598.627124][T14310] do_fast_syscall_32+0x32/0x80 [ 598.627137][T14310] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 598.627149][T14310] RIP: 0023:0xf7f03579 [ 598.627158][T14310] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 598.627168][T14310] RSP: 002b:00000000f4fe455c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 598.627178][T14310] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000400454ca [ 598.627184][T14310] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 598.627190][T14310] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 598.627196][T14310] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 598.627202][T14310] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 598.627215][T14310] [ 598.852727][ T5984] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 598.947043][T14328] lo speed is unknown, defaulting to 1000 [ 599.004296][ T5984] usb 7-1: Using ep0 maxpacket: 8 [ 599.008660][ T5984] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 599.011456][ T5984] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 599.014929][T14274] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 599.016469][ T5984] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 599.020151][ T5984] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 599.023753][T14274] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 599.024656][ T5984] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 599.030133][ T5984] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 599.033169][ T5984] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 599.047504][T14274] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 599.053788][T14274] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 599.140362][T14274] 8021q: adding VLAN 0 to HW filter on device bond0 [ 599.152325][ T5954] Bluetooth: hci3: command tx timeout [ 599.158599][T14274] 8021q: adding VLAN 0 to HW filter on device team0 [ 599.180286][ T1049] hsr_slave_0: left promiscuous mode [ 599.196129][ T1049] hsr_slave_1: left promiscuous mode [ 599.208476][ T1049] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 599.212477][ T1049] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 599.216895][ T1049] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 599.219705][ T1049] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 599.245966][ T5984] usb 7-1: usb_control_msg returned -32 [ 599.247766][ T5984] usbtmc 7-1:16.0: can't read capabilities [ 599.266209][ T5984] usb 7-1: USB disconnect, device number 20 [ 599.294405][ T1049] veth1_macvtap: left promiscuous mode [ 599.296341][ T1049] veth0_macvtap: left promiscuous mode [ 599.298326][ T1049] veth1_vlan: left promiscuous mode [ 599.300425][ T1049] veth0_vlan: left promiscuous mode [ 599.544156][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 600.523417][ T1049] team0 (unregistering): Port device team_slave_1 removed [ 600.582344][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 600.600179][ T1049] team0 (unregistering): Port device team_slave_0 removed [ 601.185569][T14350] ubi: mtd0 is already attached to ubi31 [ 601.222983][ T5954] Bluetooth: hci3: command tx timeout [ 601.357798][ T1177] bridge0: port 1(bridge_slave_0) entered blocking state [ 601.360095][ T1177] bridge0: port 1(bridge_slave_0) entered forwarding state [ 601.385043][ T1177] bridge0: port 2(bridge_slave_1) entered blocking state [ 601.387312][ T1177] bridge0: port 2(bridge_slave_1) entered forwarding state [ 601.569819][T14274] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 601.622383][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 601.677137][T14274] veth0_vlan: entered promiscuous mode [ 601.684280][T14274] veth1_vlan: entered promiscuous mode [ 601.697663][T14274] veth0_macvtap: entered promiscuous mode [ 601.701858][T14274] veth1_macvtap: entered promiscuous mode [ 601.710737][T14274] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 601.717740][T14274] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 601.724293][T14274] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 601.727035][T14274] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 601.729734][T14274] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 601.732636][T14274] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 601.829441][ T1177] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 601.831952][ T1177] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 601.850749][ T1146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 601.853218][ T1146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 602.672330][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 603.098041][ T1049] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 603.649992][T14396] netlink: 'syz.3.2061': attribute type 1 has an invalid length. [ 603.665703][T14396] 8021q: adding VLAN 0 to HW filter on device bond2 [ 603.681409][T14396] bond2: (slave gretap1): making interface the new active one [ 603.684839][T14396] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 603.702359][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 603.803871][T12889] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 603.805626][ T1049] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 603.820875][T12889] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 603.825775][T12889] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 603.832077][T12889] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 603.833320][T14411] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2065'. [ 603.838434][T12889] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 603.861029][T14408] lo speed is unknown, defaulting to 1000 [ 603.903943][T14417] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2067'. [ 603.920663][T14417] 8021q: adding VLAN 0 to HW filter on device bond3 [ 603.925453][T14417] bond3: entered promiscuous mode [ 603.927171][T14417] bond3: entered allmulticast mode [ 603.930332][T14417] bond0: (slave bond3): Enslaving as an active interface with an up link [ 604.021888][T14408] chnl_net:caif_netlink_parms(): no params data found [ 604.093099][T14408] bridge0: port 1(bridge_slave_0) entered blocking state [ 604.095401][T14408] bridge0: port 1(bridge_slave_0) entered disabled state [ 604.097648][T14408] bridge_slave_0: entered allmulticast mode [ 604.100327][T14408] bridge_slave_0: entered promiscuous mode [ 604.103904][T14408] bridge0: port 2(bridge_slave_1) entered blocking state [ 604.106243][T14408] bridge0: port 2(bridge_slave_1) entered disabled state [ 604.108522][T14408] bridge_slave_1: entered allmulticast mode [ 604.111154][T14408] bridge_slave_1: entered promiscuous mode [ 604.143162][T14408] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 604.147830][T14408] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 604.187904][T14408] team0: Port device team_slave_0 added [ 604.191273][T14408] team0: Port device team_slave_1 added [ 604.221671][T14408] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 604.225569][T14408] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 604.233542][T14408] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 604.237691][T14408] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 604.239867][T14408] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 604.248568][T14408] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 604.288471][T14408] hsr_slave_0: entered promiscuous mode [ 604.291464][T14408] hsr_slave_1: entered promiscuous mode [ 604.294866][T14408] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 604.297214][T14408] Cannot create hsr debugfs directory [ 604.507060][T14397] ALSA: mixer_oss: invalid OSS volume 'I–®ßü.CÈKT¶' [ 604.509311][T14397] ALSA: mixer_oss: invalid OSS volume 'À–¬â>ïÉÔ$mÑJû÷š"ƒ »~#_=ñ&ìÂ@' [ 604.752386][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 605.157184][ T1049] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 605.169225][ T40] kauditd_printk_skb: 48 callbacks suppressed [ 605.169237][ T40] audit: type=1326 audit(2000000525.999:1069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14443 comm="syz.2.2071" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70fe579 code=0x0 [ 605.214234][ T1049] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 605.303586][T14451] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2082'. [ 605.309677][T14451] netlink: 'syz.0.2082': attribute type 2 has an invalid length. [ 605.363545][ T1049] bridge_slave_1: left allmulticast mode [ 605.365336][ T1049] bridge_slave_1: left promiscuous mode [ 605.367183][ T1049] bridge0: port 2(bridge_slave_1) entered disabled state [ 605.371824][ T1049] bridge_slave_0: left allmulticast mode [ 605.373916][ T1049] bridge_slave_0: left promiscuous mode [ 605.375899][ T1049] bridge0: port 1(bridge_slave_0) entered disabled state [ 605.400304][T14461] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2084'. [ 605.441070][T14465] overlayfs: failed to clone upperpath [ 605.572602][T14474] syz.3.2074: attempt to access beyond end of device [ 605.572602][T14474] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0 [ 605.576997][T14474] syz.3.2074: attempt to access beyond end of device [ 605.576997][T14474] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0 [ 605.581069][T14474] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 605.585589][T14474] syz.3.2074: attempt to access beyond end of device [ 605.585589][T14474] nbd3: rw=0, sector=512, nr_sectors = 1 limit=0 [ 605.589679][T14474] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 605.606017][T14474] syz.3.2074: attempt to access beyond end of device [ 605.606017][T14474] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0 [ 605.615820][T14474] syz.3.2074: attempt to access beyond end of device [ 605.615820][T14474] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0 [ 605.619877][T14474] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 605.623135][T14474] syz.3.2074: attempt to access beyond end of device [ 605.623135][T14474] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 605.627238][T14474] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 605.635691][T14474] syz.3.2074: attempt to access beyond end of device [ 605.635691][T14474] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0 [ 605.640240][T14474] syz.3.2074: attempt to access beyond end of device [ 605.640240][T14474] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 605.644539][T14474] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 605.647767][T14474] syz.3.2074: attempt to access beyond end of device [ 605.647767][T14474] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 605.652008][T14474] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 605.655639][T14474] syz.3.2074: attempt to access beyond end of device [ 605.655639][T14474] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 605.659951][T14474] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 605.663416][T14474] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 605.666526][T14474] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1) [ 605.704393][ T1049] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 605.708530][ T1049] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 605.712160][ T1049] bond0 (unregistering): Released all slaves [ 605.752033][T14455] lo speed is unknown, defaulting to 1000 [ 605.782800][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 605.862378][T12889] Bluetooth: hci3: command tx timeout [ 606.145095][ T1049] hsr_slave_0: left promiscuous mode [ 606.147324][ T1049] hsr_slave_1: left promiscuous mode [ 606.149319][ T1049] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 606.151735][ T1049] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 606.154819][ T1049] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 606.157135][ T1049] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 606.208218][ T1049] veth1_macvtap: left promiscuous mode [ 606.210033][ T1049] veth0_macvtap: left promiscuous mode [ 606.211970][ T1049] veth1_vlan: left promiscuous mode [ 606.213824][ T1049] veth0_vlan: left promiscuous mode [ 606.832357][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 607.154911][ T1049] team0 (unregistering): Port device team_slave_1 removed [ 607.253165][ T1049] team0 (unregistering): Port device team_slave_0 removed [ 607.865485][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 607.943332][T12889] Bluetooth: hci3: command tx timeout [ 608.127236][T14503] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 608.132414][T14503] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 608.136031][T14503] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 608.150841][T14408] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 608.155363][T14408] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 608.159598][T14408] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 608.164196][T14408] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 608.234637][T14408] 8021q: adding VLAN 0 to HW filter on device bond0 [ 608.252351][T14408] 8021q: adding VLAN 0 to HW filter on device team0 [ 608.257870][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state [ 608.260917][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 608.314123][ T6493] bridge0: port 2(bridge_slave_1) entered blocking state [ 608.316422][ T6493] bridge0: port 2(bridge_slave_1) entered forwarding state [ 608.434293][T14536] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2092'. [ 608.437188][T14536] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2092'. [ 608.443036][T14536] ip6gretap0: entered promiscuous mode [ 608.448909][T14536] batadv_slave_1: entered promiscuous mode [ 608.462635][T14536] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2092'. [ 608.465543][T14536] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2092'. [ 608.484373][T14408] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 608.509525][T14408] veth0_vlan: entered promiscuous mode [ 608.516817][T14408] veth1_vlan: entered promiscuous mode [ 608.516866][T14548] FAULT_INJECTION: forcing a failure. [ 608.516866][T14548] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 608.522887][T14548] CPU: 2 UID: 0 PID: 14548 Comm: syz.3.2095 Not tainted 6.15.0-syzkaller-08486-gf66bc387efbe #0 PREEMPT(full) [ 608.522903][T14548] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 608.522910][T14548] Call Trace: [ 608.522914][T14548] [ 608.522918][T14548] dump_stack_lvl+0x16c/0x1f0 [ 608.522947][T14548] should_fail_ex+0x512/0x640 [ 608.522964][T14548] _copy_from_user+0x2e/0xd0 [ 608.522980][T14548] get_compat_msghdr+0xa7/0x170 [ 608.522995][T14548] ? __pfx_get_compat_msghdr+0x10/0x10 [ 608.523009][T14548] ? __lock_acquire+0x622/0x1c90 [ 608.523023][T14548] ___sys_recvmsg+0x191/0x1a0 [ 608.523036][T14548] ? __pfx____sys_recvmsg+0x10/0x10 [ 608.523050][T14548] ? find_held_lock+0x2b/0x80 [ 608.523068][T14548] ? __pfx___might_resched+0x10/0x10 [ 608.523086][T14548] do_recvmmsg+0x55d/0x750 [ 608.523100][T14548] ? __pfx_do_recvmmsg+0x10/0x10 [ 608.523122][T14548] ? __fget_files+0x20e/0x3c0 [ 608.523134][T14548] __sys_recvmmsg+0x21c/0x280 [ 608.523147][T14548] ? __pfx___sys_recvmmsg+0x10/0x10 [ 608.523161][T14548] ? __pfx_ksys_write+0x10/0x10 [ 608.523174][T14548] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 608.523188][T14548] ? lockdep_hardirqs_on+0x7c/0x110 [ 608.523200][T14548] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 608.523213][T14548] __do_fast_syscall_32+0x7c/0x3a0 [ 608.523226][T14548] do_fast_syscall_32+0x32/0x80 [ 608.523239][T14548] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 608.523252][T14548] RIP: 0023:0xf7f03579 [ 608.523261][T14548] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 608.523271][T14548] RSP: 002b:00000000f500555c EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 608.523281][T14548] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080002940 [ 608.523288][T14548] RDX: 000000000000f000 RSI: 0000000000010002 RDI: 0000000000000000 [ 608.523294][T14548] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 608.523300][T14548] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 608.523306][T14548] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 608.523319][T14548] [ 608.532282][T14408] veth0_macvtap: entered promiscuous mode [ 608.609388][T14408] veth1_macvtap: entered promiscuous mode [ 608.617572][T14408] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 608.621697][T14408] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 608.629564][T14408] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 608.633647][T14408] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 608.637180][T14408] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 608.640662][T14408] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 608.679974][ T6493] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 608.685116][ T6493] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 608.700812][ T6493] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 608.704157][ T6493] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 608.902802][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 608.929154][T14555] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2097'. [ 608.933497][T14555] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0 [ 609.952405][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 610.061248][T14578] 9pnet_fd: Insufficient options for proto=fd [ 610.211548][ T40] audit: type=1800 audit(2000000531.039:1070): pid=14582 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2102" name="bus" dev="overlay" ino=2909 res=0 errno=0 [ 610.431542][T14589] netlink: 196 bytes leftover after parsing attributes in process `syz.3.2108'. [ 610.436185][T14589] netlink: 196 bytes leftover after parsing attributes in process `syz.3.2108'. [ 610.934454][ T1140] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 610.983269][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 611.659439][T14607] ubi: mtd0 is already attached to ubi31 [ 611.665590][T14607] 9pnet_fd: Insufficient options for proto=fd [ 611.765509][T14615] openvswitch: netlink: Missing valid actions attribute. [ 611.767809][T14615] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 611.775930][T14615] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 611.780654][T14615] batman_adv: batadv0: Adding interface: gretap1 [ 611.787667][T14615] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 611.787910][ T5954] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 611.801471][ T5954] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 611.803200][T14615] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active [ 611.807916][ T5954] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 611.812094][ T5954] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 611.815367][ T5954] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 611.842534][T14617] lo speed is unknown, defaulting to 1000 [ 611.958264][T14622] FAULT_INJECTION: forcing a failure. [ 611.958264][T14622] name failslab, interval 1, probability 0, space 0, times 0 [ 611.962735][T14622] CPU: 1 UID: 0 PID: 14622 Comm: syz.3.2116 Not tainted 6.15.0-syzkaller-08486-gf66bc387efbe #0 PREEMPT(full) [ 611.962762][T14622] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 611.962769][T14622] Call Trace: [ 611.962773][T14622] [ 611.962777][T14622] dump_stack_lvl+0x16c/0x1f0 [ 611.962794][T14622] should_fail_ex+0x512/0x640 [ 611.962808][T14622] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 611.962820][T14622] should_failslab+0xc2/0x120 [ 611.962838][T14622] __kmalloc_cache_noprof+0x6a/0x3e0 [ 611.962849][T14622] ? snd_virmidi_output_open+0xc4/0x670 [ 611.962867][T14622] snd_virmidi_output_open+0xc4/0x670 [ 611.962883][T14622] open_substream+0x47b/0x9b0 [ 611.962901][T14622] rawmidi_open_priv+0x543/0x6e0 [ 611.962914][T14622] snd_rawmidi_open+0x4cc/0xbf0 [ 611.962928][T14622] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 611.962939][T14622] ? __pfx_default_wake_function+0x10/0x10 [ 611.962955][T14622] ? kobject_get_unless_zero+0x156/0x1e0 [ 611.962970][T14622] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 611.962981][T14622] snd_open+0x1fe/0x450 [ 611.962995][T14622] ? __pfx_snd_open+0x10/0x10 [ 611.963008][T14622] chrdev_open+0x234/0x6a0 [ 611.963020][T14622] ? __pfx_apparmor_file_open+0x10/0x10 [ 611.963033][T14622] ? __pfx_chrdev_open+0x10/0x10 [ 611.963045][T14622] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 611.963064][T14622] do_dentry_open+0x741/0x1c10 [ 611.963076][T14622] ? __pfx_chrdev_open+0x10/0x10 [ 611.963090][T14622] vfs_open+0x82/0x3f0 [ 611.963105][T14622] path_openat+0x1de4/0x2cb0 [ 611.963120][T14622] ? __pfx_path_openat+0x10/0x10 [ 611.963134][T14622] do_filp_open+0x20b/0x470 [ 611.963145][T14622] ? __pfx_do_filp_open+0x10/0x10 [ 611.963166][T14622] ? _raw_spin_unlock+0x28/0x50 [ 611.963176][T14622] ? alloc_fd+0x471/0x7d0 [ 611.963190][T14622] do_sys_openat2+0x11b/0x1d0 [ 611.963204][T14622] ? __pfx_do_sys_openat2+0x10/0x10 [ 611.963218][T14622] ? __pfx___schedule+0x10/0x10 [ 611.963229][T14622] ? __fget_files+0x20e/0x3c0 [ 611.963241][T14622] __ia32_compat_sys_openat+0x16d/0x210 [ 611.963256][T14622] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 611.963271][T14622] ? ksys_write+0x1ac/0x250 [ 611.963283][T14622] ? rcu_is_watching+0x12/0xc0 [ 611.963299][T14622] __do_fast_syscall_32+0x7c/0x3a0 [ 611.963313][T14622] do_fast_syscall_32+0x32/0x80 [ 611.963325][T14622] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 611.963338][T14622] RIP: 0023:0xf7f03579 [ 611.963347][T14622] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 611.963357][T14622] RSP: 002b:00000000f4fe4100 EFLAGS: 00000293 ORIG_RAX: 0000000000000127 [ 611.963367][T14622] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f4fe4150 [ 611.963374][T14622] RDX: 0000000000141101 RSI: 0000000000000000 RDI: 00000000f7392ff4 [ 611.963380][T14622] RBP: 0000000000141101 R08: 0000000000000000 R09: 0000000000000000 [ 611.963394][T14622] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 611.963400][T14622] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 611.963413][T14622] [ 612.032342][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 612.110924][T14617] chnl_net:caif_netlink_parms(): no params data found [ 612.181010][T14617] bridge0: port 1(bridge_slave_0) entered blocking state [ 612.184525][T14617] bridge0: port 1(bridge_slave_0) entered disabled state [ 612.186842][T14617] bridge_slave_0: entered allmulticast mode [ 612.189508][T14617] bridge_slave_0: entered promiscuous mode [ 612.193147][T14617] bridge0: port 2(bridge_slave_1) entered blocking state [ 612.195524][T14617] bridge0: port 2(bridge_slave_1) entered disabled state [ 612.198375][T14617] bridge_slave_1: entered allmulticast mode [ 612.201595][T14617] bridge_slave_1: entered promiscuous mode [ 612.234987][T14617] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 612.240277][T14617] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 612.288961][T14617] team0: Port device team_slave_0 added [ 612.295161][T14617] team0: Port device team_slave_1 added [ 612.327586][T14617] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 612.329882][T14617] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 612.338771][T14617] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 612.343156][T14617] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 612.345339][T14617] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 612.353357][T14617] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 612.395631][T14617] hsr_slave_0: entered promiscuous mode [ 612.397847][T14617] hsr_slave_1: entered promiscuous mode [ 612.802441][ T61] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 612.982426][ T61] usb 7-1: Using ep0 maxpacket: 32 [ 612.985329][ T61] usb 7-1: config 0 has no interfaces? [ 612.987088][ T61] usb 7-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.c0 [ 612.989896][ T61] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 612.997139][ T61] usb 7-1: config 0 descriptor?? [ 613.022540][T14642] netlink: 3108 bytes leftover after parsing attributes in process `syz.0.2129'. [ 613.062487][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 613.094349][ T1140] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.153970][ T1140] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.246053][ T1140] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.267037][ T24] usb 7-1: USB disconnect, device number 21 [ 613.380898][ T1140] bridge_slave_1: left allmulticast mode [ 613.383248][ T1140] bridge_slave_1: left promiscuous mode [ 613.385128][ T1140] bridge0: port 2(bridge_slave_1) entered disabled state [ 613.390229][ T1140] bridge_slave_0: left allmulticast mode [ 613.392069][ T1140] bridge_slave_0: left promiscuous mode [ 613.394566][ T1140] bridge0: port 1(bridge_slave_0) entered disabled state [ 613.680535][ T1140] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 613.685740][ T1140] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 613.690579][ T1140] bond0 (unregistering): Released all slaves [ 613.865193][ T5954] Bluetooth: hci3: command tx timeout [ 613.868403][T14659] netlink: 'syz.2.2122': attribute type 1 has an invalid length. [ 613.943129][T14659] 8021q: adding VLAN 0 to HW filter on device bond1 [ 614.009096][T14664] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2123'. [ 614.017084][T14659] bond1: (slave gretap1): making interface the new active one [ 614.021590][T14659] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 614.102570][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 614.818270][ T1140] hsr_slave_0: left promiscuous mode [ 614.820906][ T1140] hsr_slave_1: left promiscuous mode [ 614.823965][ T1140] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 614.826520][ T1140] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 614.830357][ T1140] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 614.833522][ T1140] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 614.903257][ T1140] veth1_macvtap: left promiscuous mode [ 614.906970][ T1140] veth0_macvtap: left promiscuous mode [ 614.918709][ T1140] veth1_vlan: left promiscuous mode [ 614.921270][ T1140] veth0_vlan: left promiscuous mode [ 614.950733][ T1146] Bluetooth: hci4: Frame reassembly failed (-84) [ 615.026771][T14698] FAULT_INJECTION: forcing a failure. [ 615.026771][T14698] name failslab, interval 1, probability 0, space 0, times 0 [ 615.031558][T14698] CPU: 1 UID: 0 PID: 14698 Comm: syz.2.2130 Not tainted 6.15.0-syzkaller-08486-gf66bc387efbe #0 PREEMPT(full) [ 615.031574][T14698] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 615.031580][T14698] Call Trace: [ 615.031589][T14698] [ 615.031594][T14698] dump_stack_lvl+0x16c/0x1f0 [ 615.031611][T14698] should_fail_ex+0x512/0x640 [ 615.031628][T14698] should_failslab+0xc2/0x120 [ 615.031642][T14698] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 615.031655][T14698] ? skb_clone+0x190/0x3f0 [ 615.031670][T14698] skb_clone+0x190/0x3f0 [ 615.031684][T14698] netlink_deliver_tap+0xabd/0xd30 [ 615.031701][T14698] netlink_unicast+0x5df/0x7f0 [ 615.031717][T14698] ? __pfx_netlink_unicast+0x10/0x10 [ 615.031735][T14698] netlink_sendmsg+0x8d1/0xdd0 [ 615.031752][T14698] ? __pfx_netlink_sendmsg+0x10/0x10 [ 615.031772][T14698] sock_write_iter+0x4fc/0x5b0 [ 615.031788][T14698] ? __pfx_sock_write_iter+0x10/0x10 [ 615.031808][T14698] ? bpf_lsm_file_permission+0x9/0x10 [ 615.031823][T14698] ? security_file_permission+0x71/0x210 [ 615.031837][T14698] ? rw_verify_area+0xcf/0x680 [ 615.031854][T14698] vfs_write+0x6c7/0x1150 [ 615.031866][T14698] ? __pfx_sock_write_iter+0x10/0x10 [ 615.031882][T14698] ? __pfx_vfs_write+0x10/0x10 [ 615.031891][T14698] ? find_held_lock+0x2b/0x80 [ 615.031913][T14698] ksys_write+0x1f8/0x250 [ 615.031923][T14698] ? __pfx_ksys_write+0x10/0x10 [ 615.031934][T14698] ? rcu_is_watching+0x12/0xc0 [ 615.031950][T14698] __do_fast_syscall_32+0x7c/0x3a0 [ 615.031965][T14698] do_fast_syscall_32+0x32/0x80 [ 615.031977][T14698] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 615.031991][T14698] RIP: 0023:0xf70fe579 [ 615.032000][T14698] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 615.032010][T14698] RSP: 002b:00000000f50ee55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 615.032020][T14698] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 615.032026][T14698] RDX: 0000000000000024 RSI: 0000000000000000 RDI: 0000000000000000 [ 615.032032][T14698] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 615.032038][T14698] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 615.032043][T14698] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 615.032057][T14698] [ 615.117035][ C1] vkms_vblank_simulate: vblank timer overrun [ 615.142377][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 615.821325][ T1140] team0 (unregistering): Port device team_slave_1 removed [ 615.907554][ T1140] team0 (unregistering): Port device team_slave_0 removed [ 615.942394][T12889] Bluetooth: hci3: command tx timeout [ 616.182439][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 616.446510][T14698] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2130'. [ 616.450430][T14617] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 616.458269][T14617] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 616.465423][T14617] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 616.470053][T14617] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 616.519568][T14617] 8021q: adding VLAN 0 to HW filter on device bond0 [ 616.536281][T14617] 8021q: adding VLAN 0 to HW filter on device team0 [ 616.542976][ T1146] bridge0: port 1(bridge_slave_0) entered blocking state [ 616.545156][ T1146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 616.577014][ T1146] bridge0: port 2(bridge_slave_1) entered blocking state [ 616.579698][ T1146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 616.863968][T14617] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 616.908070][T14617] veth0_vlan: entered promiscuous mode [ 616.921926][T14617] veth1_vlan: entered promiscuous mode [ 616.938102][T14617] veth0_macvtap: entered promiscuous mode [ 616.941716][T14617] veth1_macvtap: entered promiscuous mode [ 616.950793][T14617] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 616.960086][T14617] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 616.964445][T14617] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 616.967077][T14617] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 616.969881][T14617] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 616.974156][T14617] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 616.982444][ T5954] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 616.984359][T12889] Bluetooth: hci4: command 0x1003 tx timeout [ 617.023585][T14695] sp0: Synchronizing with TNC [ 617.081939][ T1140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 617.086028][ T1140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 617.098856][ T1177] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 617.102003][ T1177] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 617.214178][T14752] 9pnet_fd: Insufficient options for proto=fd [ 617.222466][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 618.262505][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 618.830240][T14782] C: renamed from team_slave_0 (while UP) [ 618.840214][T14782] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2149'. [ 619.302333][ C2] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 619.577708][ T1177] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 619.915718][T12889] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 619.920213][T12889] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 619.927775][T12889] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 619.933387][T12889] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 619.936759][T12889] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 620.011067][T14803] lo speed is unknown, defaulting to 1000 [ 620.194451][T14803] chnl_net:caif_netlink_parms(): no params data found [ 620.280398][T14803] bridge0: port 1(bridge_slave_0) entered blocking state [ 620.283228][T14803] bridge0: port 1(bridge_slave_0) entered disabled state [ 620.286053][T14803] bridge_slave_0: entered allmulticast mode [ 620.291455][T14803] bridge_slave_0: entered promiscuous mode [ 620.297973][T14803] bridge0: port 2(bridge_slave_1) entered blocking state [ 620.300804][T14803] bridge0: port 2(bridge_slave_1) entered disabled state [ 620.306763][T14803] bridge_slave_1: entered allmulticast mode [ 620.310358][T14803] bridge_slave_1: entered promiscuous mode [ 620.347995][T14803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 620.354337][T14803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 620.398759][T14803] team0: Port device team_slave_0 added [ 620.402765][T14803] team0: Port device team_slave_1 added [ 620.441748][T14803] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 620.444029][T14803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 620.452714][T14803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 620.456859][T14803] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 620.459112][T14803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 620.468423][T14803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 620.521274][T14803] hsr_slave_0: entered promiscuous mode [ 620.523639][T14803] hsr_slave_1: entered promiscuous mode [ 620.525706][T14803] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 620.528073][T14803] Cannot create hsr debugfs directory [ 620.706732][T12889] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 620.712564][T12889] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 620.717209][T12889] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 620.720348][T14832] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 620.720422][T12889] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 620.727506][T12889] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 620.754582][T14830] lo speed is unknown, defaulting to 1000 [ 621.062192][T14830] chnl_net:caif_netlink_parms(): no params data found [ 621.276228][T14851] netlink: 'syz.2.2162': attribute type 33 has an invalid length. [ 621.278763][T14851] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2162'. [ 621.282588][T14852] netlink: 'syz.2.2162': attribute type 33 has an invalid length. [ 621.285033][T14852] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2162'. [ 621.285183][T14830] bridge0: port 1(bridge_slave_0) entered blocking state [ 621.290145][T14830] bridge0: port 1(bridge_slave_0) entered disabled state [ 621.293325][T14830] bridge_slave_0: entered allmulticast mode [ 621.296068][T14830] bridge_slave_0: entered promiscuous mode [ 621.299328][T14830] bridge0: port 2(bridge_slave_1) entered blocking state [ 621.301493][T14830] bridge0: port 2(bridge_slave_1) entered disabled state [ 621.304213][T14830] bridge_slave_1: entered allmulticast mode [ 621.307296][T14830] bridge_slave_1: entered promiscuous mode [ 621.351876][T14830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 621.355162][T14803] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 621.362692][T14830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 621.365620][T14803] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 621.369183][T14851] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2162'. [ 621.370531][T14803] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 621.427994][T14803] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 621.437492][T14830] team0: Port device team_slave_0 added [ 621.447856][T14830] team0: Port device team_slave_1 added [ 621.489930][ T1177] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 621.516094][T14830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 621.518482][T14830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 621.527568][T14830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 621.537791][T14830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 621.540145][T14830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 621.562360][T14830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 621.608309][ T1177] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 621.684737][ T1177] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 621.694734][T14830] hsr_slave_0: entered promiscuous mode [ 621.697118][T14830] hsr_slave_1: entered promiscuous mode [ 621.699241][T14830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 621.701637][T14830] Cannot create hsr debugfs directory [ 621.827584][T14803] 8021q: adding VLAN 0 to HW filter on device bond0 [ 621.859296][T14803] 8021q: adding VLAN 0 to HW filter on device team0 [ 621.861712][ T1177] bridge_slave_1: left allmulticast mode [ 621.864060][ T1177] bridge_slave_1: left promiscuous mode [ 621.873176][ T1177] bridge0: port 2(bridge_slave_1) entered disabled state [ 621.877745][ T1177] bridge_slave_0: left allmulticast mode [ 621.879840][ T1177] bridge_slave_0: left promiscuous mode [ 621.881715][ T1177] bridge0: port 1(bridge_slave_0) entered disabled state [ 622.022630][T12889] Bluetooth: hci3: command tx timeout [ 622.270097][ T1177] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 622.304847][ T1177] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 622.323976][ T1177] bond0 (unregistering): Released all slaves [ 622.377471][T12889] Bluetooth: hci0: unexpected event for opcode 0x2012 [ 622.555443][ T1049] bridge0: port 1(bridge_slave_0) entered blocking state [ 622.557699][ T1049] bridge0: port 1(bridge_slave_0) entered forwarding state [ 622.627139][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 622.629440][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 622.742408][T12889] Bluetooth: hci1: command tx timeout [ 622.911812][ T1177] hsr_slave_0: left promiscuous mode [ 622.925042][ T1177] hsr_slave_1: left promiscuous mode [ 622.930253][ T1177] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 622.936845][ T1177] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 622.944142][ T1177] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 622.950712][ T1177] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 623.014554][ T1177] veth1_macvtap: left promiscuous mode [ 623.016887][ T1177] veth0_macvtap: left promiscuous mode [ 623.019298][ T1177] veth1_vlan: left promiscuous mode [ 623.021564][ T1177] veth0_vlan: left promiscuous mode [ 623.799127][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 623.801128][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.102340][T12889] Bluetooth: hci3: command tx timeout [ 624.224664][ T1177] team0 (unregistering): Port device team_slave_1 removed [ 624.314820][ T1177] team0 (unregistering): Port device team_slave_0 removed [ 624.572390][T12889] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 624.832419][T12889] Bluetooth: hci1: command tx timeout [ 625.059497][T14803] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 625.145200][T14830] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 625.151303][T14830] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 625.169958][T14830] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 625.176388][T14830] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 625.246873][T14803] veth0_vlan: entered promiscuous mode [ 625.266022][T14803] veth1_vlan: entered promiscuous mode [ 625.315836][T14830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 625.371606][T14803] veth0_macvtap: entered promiscuous mode [ 625.384120][T14803] veth1_macvtap: entered promiscuous mode [ 625.389425][T14830] 8021q: adding VLAN 0 to HW filter on device team0 [ 625.402859][T14803] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 625.417473][ T79] bridge0: port 1(bridge_slave_0) entered blocking state [ 625.420150][ T79] bridge0: port 1(bridge_slave_0) entered forwarding state [ 625.451886][ T79] bridge0: port 2(bridge_slave_1) entered blocking state [ 625.454360][ T79] bridge0: port 2(bridge_slave_1) entered forwarding state [ 625.470170][T14803] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 625.477629][T14803] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 625.480872][T14803] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 625.502330][T14803] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 625.505153][T14803] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 625.562646][T14912] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2172'. [ 625.565455][T14912] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2172'. [ 625.861855][ T1177] batman_adv: batadv0: Removing interface: gretap1 [ 626.182769][T12889] Bluetooth: hci3: command tx timeout [ 626.389907][ T1177] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 626.413640][ T1177] bond0 (unregistering): Released all slaves [ 626.427528][T14862] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 626.430727][T14862] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 626.456247][ T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 626.462369][ T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 626.498788][ T1177] tipc: Disabling bearer [ 626.501959][ T1177] tipc: Left network mode [ 626.656539][T14830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 626.690125][T14830] veth0_vlan: entered promiscuous mode [ 626.713207][T14830] veth1_vlan: entered promiscuous mode [ 626.732462][T14930] Bluetooth: MGMT ver 1.23 [ 626.753739][T14830] veth0_macvtap: entered promiscuous mode [ 626.758133][T14830] veth1_macvtap: entered promiscuous mode [ 626.781412][T14830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 626.796975][T14830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 626.800938][T14830] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 626.806815][T14830] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 626.814287][T14830] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 626.818874][T14830] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 626.846437][ T1177] hsr_slave_0: left promiscuous mode [ 626.848705][ T1177] hsr_slave_1: left promiscuous mode [ 626.902392][T12889] Bluetooth: hci1: command tx timeout [ 627.738686][ T40] audit: type=1326 audit(2000000548.569:1071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14949 comm="syz.3.2178" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f03579 code=0x0 [ 628.276149][T12889] Bluetooth: hci3: command tx timeout [ 628.745472][ T1146] smc: removing ib device sz1 [ 628.749141][ T24] lo speed is unknown, defaulting to 1000 [ 628.751085][ T24] sz1: Port: 1 Link DOWN [ 628.982523][T12889] Bluetooth: hci1: command tx timeout [ 629.194961][T14862] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 629.198038][T14862] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 629.508626][T14862] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 629.515890][T14862] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 630.116644][T14974] ubi: mtd0 is already attached to ubi31 [ 630.316223][ T1177] IPVS: stop unused estimator thread 0... [ 631.063149][T14993] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 631.292944][ T1146] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.688969][ T1146] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.777436][ T1146] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.833935][ T1146] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.922732][ T1146] bridge_slave_1: left allmulticast mode [ 631.924756][ T1146] bridge_slave_1: left promiscuous mode [ 631.926545][ T1146] bridge0: port 2(bridge_slave_1) entered disabled state [ 631.933510][ T1146] bridge_slave_0: left allmulticast mode [ 631.935233][ T1146] bridge_slave_0: left promiscuous mode [ 631.937037][ T1146] bridge0: port 1(bridge_slave_0) entered disabled state [ 632.190542][ T1146] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 632.194782][ T1146] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 632.198287][ T1146] bond0 (unregistering): Released all slaves [ 632.259615][T15017] ubi: mtd0 is already attached to ubi31 [ 632.613568][ T5954] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 632.648226][ T5954] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 632.651193][ T5954] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 632.653869][ T5954] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 632.656841][ T5954] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 633.398320][ T1146] hsr_slave_0: left promiscuous mode [ 633.415340][ T1146] hsr_slave_1: left promiscuous mode [ 633.423991][ T1146] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 633.430426][ T1146] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 633.446445][ T1146] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 633.449260][ T1146] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 633.520153][ T1146] veth1_macvtap: left promiscuous mode [ 633.521995][ T1146] veth0_macvtap: left promiscuous mode [ 633.525614][ T1146] veth1_vlan: left promiscuous mode [ 633.528331][ T1146] veth0_vlan: left promiscuous mode [ 633.782990][ T1327] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 633.942387][ T1327] usb 5-1: device descriptor read/64, error -71 [ 634.462425][ T1327] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 634.549596][ T1146] team0 (unregistering): Port device team_slave_1 removed [ 634.593221][ T1327] usb 5-1: device descriptor read/64, error -71 [ 634.625357][ T1146] team0 (unregistering): Port device team_slave_0 removed [ 634.702501][ T1327] usb usb5-port1: attempt power cycle [ 634.746556][T12889] Bluetooth: hci1: command tx timeout [ 635.053089][ T1327] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 635.083072][ T1327] usb 5-1: device descriptor read/8, error -71 [ 635.166067][T15061] bio_check_eod: 2 callbacks suppressed [ 635.166078][T15061] syz.2.2199: attempt to access beyond end of device [ 635.166078][T15061] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 635.171840][T15061] FAT-fs (nbd2): unable to read boot sector [ 635.207259][T15029] chnl_net:caif_netlink_parms(): no params data found [ 635.302506][T15029] bridge0: port 1(bridge_slave_0) entered blocking state [ 635.304801][T15029] bridge0: port 1(bridge_slave_0) entered disabled state [ 635.307051][T15029] bridge_slave_0: entered allmulticast mode [ 635.312977][T15029] bridge_slave_0: entered promiscuous mode [ 635.316662][T15029] bridge0: port 2(bridge_slave_1) entered blocking state [ 635.319605][T15029] bridge0: port 2(bridge_slave_1) entered disabled state [ 635.322694][T15029] bridge_slave_1: entered allmulticast mode [ 635.325335][T15029] bridge_slave_1: entered promiscuous mode [ 635.332454][ T1327] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 635.366272][ T1327] usb 5-1: device descriptor read/8, error -71 [ 635.384570][T15029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 635.389361][T15029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 635.432560][T15029] team0: Port device team_slave_0 added [ 635.436200][T15029] team0: Port device team_slave_1 added [ 635.476625][T15029] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 635.476792][ T1327] usb usb5-port1: unable to enumerate USB device [ 635.478900][T15029] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 635.491573][T15029] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 635.502346][T15029] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 635.508406][T15029] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 635.518783][T15029] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 635.704440][T15075] team0 (unregistering): Port device C removed [ 635.710954][T15075] team0 (unregistering): Port device team_slave_1 removed [ 635.726503][T15029] hsr_slave_0: entered promiscuous mode [ 635.728741][T15029] hsr_slave_1: entered promiscuous mode [ 635.969192][T15090] ubi: mtd0 is already attached to ubi31 [ 636.833139][T12889] Bluetooth: hci1: command tx timeout [ 637.402807][T15029] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 637.444378][T15029] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 637.461263][T15029] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 637.468171][T15029] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 637.520548][T15029] 8021q: adding VLAN 0 to HW filter on device bond0 [ 637.531657][T15029] 8021q: adding VLAN 0 to HW filter on device team0 [ 637.558340][ T79] bridge0: port 1(bridge_slave_0) entered blocking state [ 637.560627][ T79] bridge0: port 1(bridge_slave_0) entered forwarding state [ 637.587882][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state [ 637.590160][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 638.022944][T15029] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 638.100616][T15029] veth0_vlan: entered promiscuous mode [ 638.183301][T15029] veth1_vlan: entered promiscuous mode [ 638.231886][T15029] veth0_macvtap: entered promiscuous mode [ 638.239432][T15029] veth1_macvtap: entered promiscuous mode [ 638.249416][T15029] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 638.277146][T15029] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 638.291613][T15029] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.303863][T15029] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.307555][T15029] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.310422][T15029] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.468530][ T79] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 638.471905][ T79] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 638.482436][ T1146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 638.502790][ T1146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 639.283305][T15180] ubi: mtd0 is already attached to ubi31 [ 640.342375][ T34] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 640.472303][ T34] usb 5-1: device descriptor read/64, error -71 [ 640.712354][ T34] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 640.852388][ T34] usb 5-1: device descriptor read/64, error -71 [ 640.964445][ T34] usb usb5-port1: attempt power cycle [ 641.160951][ T79] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 641.313293][ T34] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 641.334287][ T34] usb 5-1: device descriptor read/8, error -71 [ 641.572976][ T34] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 641.602822][ T34] usb 5-1: device descriptor read/8, error -71 [ 641.712580][ T34] usb usb5-port1: unable to enumerate USB device [ 642.362774][ T5954] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 642.367191][ T5954] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 642.371672][ T5954] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 642.378236][ T5954] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 642.381025][ T5954] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 642.648049][T15212] chnl_net:caif_netlink_parms(): no params data found [ 642.958704][T15212] bridge0: port 1(bridge_slave_0) entered blocking state [ 642.962384][T15212] bridge0: port 1(bridge_slave_0) entered disabled state [ 642.971248][T15212] bridge_slave_0: entered allmulticast mode [ 642.974153][T15212] bridge_slave_0: entered promiscuous mode [ 642.982922][T15212] bridge0: port 2(bridge_slave_1) entered blocking state [ 642.992336][T15212] bridge0: port 2(bridge_slave_1) entered disabled state [ 642.994669][T15212] bridge_slave_1: entered allmulticast mode [ 642.997673][T15212] bridge_slave_1: entered promiscuous mode [ 643.027854][ T79] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 643.077586][T15212] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 643.083501][T15212] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 643.120648][T15212] team0: Port device team_slave_0 added [ 643.124377][T15212] team0: Port device team_slave_1 added [ 643.309306][T15212] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 643.311514][T15212] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 643.332515][T15212] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 643.336549][T15212] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 643.338717][T15212] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 643.362385][T15212] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 643.441066][T15212] hsr_slave_0: entered promiscuous mode [ 643.452824][T15212] hsr_slave_1: entered promiscuous mode [ 643.454955][T15212] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 643.457308][T15212] Cannot create hsr debugfs directory [ 643.557235][ T79] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 643.784354][ T79] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 644.385018][ T79] bridge_slave_1: left allmulticast mode [ 644.386909][ T79] bridge_slave_1: left promiscuous mode [ 644.388966][ T79] bridge0: port 2(bridge_slave_1) entered disabled state [ 644.398322][ T79] bridge_slave_0: left allmulticast mode [ 644.400640][ T79] bridge_slave_0: left promiscuous mode [ 644.403492][ T79] bridge0: port 1(bridge_slave_0) entered disabled state [ 644.434007][ T5954] Bluetooth: hci1: command tx timeout [ 645.140436][ T79] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 645.148010][ T79] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 645.153108][ T79] bond0 (unregistering): Released all slaves [ 646.172423][ T79] hsr_slave_0: left promiscuous mode [ 646.216790][ T79] hsr_slave_1: left promiscuous mode [ 646.218899][ T79] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 646.239791][ T79] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 646.245045][ T79] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 646.247404][ T79] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 646.320292][ T79] veth1_macvtap: left promiscuous mode [ 646.321289][T15279] trusted_key: encrypted_key: insufficient parameters specified [ 646.322140][ T79] veth0_macvtap: left promiscuous mode [ 646.328592][ T79] veth1_vlan: left promiscuous mode [ 646.330332][ T79] veth0_vlan: left promiscuous mode [ 646.503965][ T5954] Bluetooth: hci1: command tx timeout [ 646.795734][T15293] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2240'. [ 647.610073][ T79] team0 (unregistering): Port device team_slave_1 removed [ 647.689836][ T79] team0 (unregistering): Port device team_slave_0 removed [ 648.587683][ T5954] Bluetooth: hci1: command tx timeout [ 648.877723][T15212] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 648.953698][T15212] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 649.002534][T15212] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 649.043749][T15212] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 649.221774][T15212] 8021q: adding VLAN 0 to HW filter on device bond0 [ 649.245849][T15212] 8021q: adding VLAN 0 to HW filter on device team0 [ 649.250676][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 649.252922][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 649.267455][ T1049] bridge0: port 2(bridge_slave_1) entered blocking state [ 649.269688][ T1049] bridge0: port 2(bridge_slave_1) entered forwarding state [ 649.406407][T15212] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 649.429288][T15212] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 649.776973][T15212] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 649.804020][T15212] veth0_vlan: entered promiscuous mode [ 649.809482][T15212] veth1_vlan: entered promiscuous mode [ 649.829291][T15212] veth0_macvtap: entered promiscuous mode [ 649.833412][T15212] veth1_macvtap: entered promiscuous mode [ 649.846617][T15212] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 649.856608][T15212] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 649.862856][T15212] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 649.865585][T15212] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 649.868762][T15212] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 649.871739][T15212] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 650.161814][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 650.177074][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 650.215270][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 650.217752][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 652.662936][ T1049] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 652.939770][ T1049] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 653.332020][ T1049] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 653.388901][ T1049] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 653.522147][ T1049] bridge_slave_1: left allmulticast mode [ 653.524000][ T1049] bridge_slave_1: left promiscuous mode [ 653.525834][ T1049] bridge0: port 2(bridge_slave_1) entered disabled state [ 653.529478][ T1049] bridge_slave_0: left allmulticast mode [ 653.531825][ T1049] bridge_slave_0: left promiscuous mode [ 653.534587][ T1049] bridge0: port 1(bridge_slave_0) entered disabled state [ 653.744958][T12889] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 653.749608][T12889] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 653.756676][T12889] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 653.760924][T12889] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 653.764656][T12889] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 653.830165][T15367] FAULT_INJECTION: forcing a failure. [ 653.830165][T15367] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 653.835204][T15367] CPU: 1 UID: 0 PID: 15367 Comm: syz.0.2248 Not tainted 6.15.0-syzkaller-08486-gf66bc387efbe #0 PREEMPT(full) [ 653.835231][T15367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 653.835238][T15367] Call Trace: [ 653.835242][T15367] [ 653.835247][T15367] dump_stack_lvl+0x16c/0x1f0 [ 653.835264][T15367] should_fail_ex+0x512/0x640 [ 653.835282][T15367] should_fail_alloc_page+0xe7/0x130 [ 653.835297][T15367] prepare_alloc_pages+0x3c2/0x610 [ 653.835315][T15367] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 653.835327][T15367] ? kasan_save_stack+0x33/0x60 [ 653.835338][T15367] ? __kasan_kmalloc+0xaa/0xb0 [ 653.835347][T15367] ? __kmalloc_noprof+0x223/0x510 [ 653.835358][T15367] ? sock_kmalloc+0x111/0x170 [ 653.835372][T15367] ? af_alg_sendmsg+0x1521/0x29d0 [ 653.835386][T15367] ? ____sys_sendmsg+0xa98/0xc70 [ 653.835401][T15367] ? ___sys_sendmsg+0x134/0x1d0 [ 653.835412][T15367] ? __sys_sendmsg+0x16d/0x220 [ 653.835422][T15367] ? __do_fast_syscall_32+0x7c/0x3a0 [ 653.835434][T15367] ? do_fast_syscall_32+0x32/0x80 [ 653.835446][T15367] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 653.835462][T15367] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 653.835484][T15367] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 653.835498][T15367] ? policy_nodemask+0xea/0x4e0 [ 653.835511][T15367] alloc_pages_mpol+0x1fb/0x550 [ 653.835525][T15367] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 653.835537][T15367] ? __kmalloc_noprof+0x242/0x510 [ 653.835552][T15367] alloc_pages_noprof+0x131/0x390 [ 653.835565][T15367] af_alg_sendmsg+0x1022/0x29d0 [ 653.835585][T15367] ? __pfx_af_alg_sendmsg+0x10/0x10 [ 653.835602][T15367] ? __pfx_aa_sk_perm+0x10/0x10 [ 653.835614][T15367] ? __import_iovec+0x1dd/0x650 [ 653.835633][T15367] ____sys_sendmsg+0xa98/0xc70 [ 653.835650][T15367] ? __pfx_____sys_sendmsg+0x10/0x10 [ 653.835665][T15367] ? get_compat_msghdr+0x11a/0x170 [ 653.835685][T15367] ___sys_sendmsg+0x134/0x1d0 [ 653.835698][T15367] ? __pfx____sys_sendmsg+0x10/0x10 [ 653.835717][T15367] ? find_held_lock+0x2b/0x80 [ 653.835740][T15367] __sys_sendmsg+0x16d/0x220 [ 653.835753][T15367] ? __pfx___sys_sendmsg+0x10/0x10 [ 653.835771][T15367] ? rcu_is_watching+0x12/0xc0 [ 653.835787][T15367] __do_fast_syscall_32+0x7c/0x3a0 [ 653.835801][T15367] do_fast_syscall_32+0x32/0x80 [ 653.835813][T15367] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 653.835825][T15367] RIP: 0023:0xf7f43579 [ 653.835834][T15367] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 653.835844][T15367] RSP: 002b:00000000f504555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 653.835854][T15367] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000200 [ 653.835860][T15367] RDX: 0000000020004050 RSI: 0000000000000000 RDI: 0000000000000000 [ 653.835866][T15367] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 653.835872][T15367] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 653.835877][T15367] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 653.835890][T15367] [ 653.937156][ C1] vkms_vblank_simulate: vblank timer overrun [ 654.074275][ T1049] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 654.079139][ T1049] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 654.084076][ T1049] bond0 (unregistering): Released all slaves [ 654.295233][T15363] chnl_net:caif_netlink_parms(): no params data found [ 654.612885][T15363] bridge0: port 1(bridge_slave_0) entered blocking state [ 654.615833][T15363] bridge0: port 1(bridge_slave_0) entered disabled state [ 654.618881][T15363] bridge_slave_0: entered allmulticast mode [ 654.632934][T15363] bridge_slave_0: entered promiscuous mode [ 654.649785][T15363] bridge0: port 2(bridge_slave_1) entered blocking state [ 654.661307][T15363] bridge0: port 2(bridge_slave_1) entered disabled state [ 654.670530][T15363] bridge_slave_1: entered allmulticast mode [ 654.674785][T15363] bridge_slave_1: entered promiscuous mode [ 654.835901][T15363] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 654.854010][ T1049] hsr_slave_0: left promiscuous mode [ 654.859785][ T1049] hsr_slave_1: left promiscuous mode [ 654.873215][ T1049] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 654.888805][ T1049] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 654.913672][ T1049] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 654.916857][ T1049] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 655.035479][ T1049] veth1_macvtap: left promiscuous mode [ 655.039543][ T1049] veth0_macvtap: left promiscuous mode [ 655.045925][ T1049] veth1_vlan: left promiscuous mode [ 655.050564][ T1049] veth0_vlan: left promiscuous mode [ 655.862344][ T5954] Bluetooth: hci1: command tx timeout [ 656.347253][ T1049] team0 (unregistering): Port device team_slave_1 removed [ 656.427391][ T1049] team0 (unregistering): Port device team_slave_0 removed [ 656.971650][T15363] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 656.990159][T15412] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 657.036294][T15363] team0: Port device team_slave_0 added [ 657.042427][T15363] team0: Port device team_slave_1 added [ 657.090981][T15363] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 657.093164][T15363] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 657.101214][T15363] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 657.112307][T15363] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 657.115412][T15363] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 657.128792][T15363] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 657.289473][T15363] hsr_slave_0: entered promiscuous mode [ 657.292896][T15363] hsr_slave_1: entered promiscuous mode [ 657.945549][ T5954] Bluetooth: hci1: command tx timeout [ 659.027564][T15363] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 659.033934][T15363] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 659.050670][T15363] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 659.065319][T15363] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 659.116857][T15363] 8021q: adding VLAN 0 to HW filter on device bond0 [ 659.127464][T15363] 8021q: adding VLAN 0 to HW filter on device team0 [ 659.134664][ T1049] bridge0: port 1(bridge_slave_0) entered blocking state [ 659.136983][ T1049] bridge0: port 1(bridge_slave_0) entered forwarding state [ 659.140610][ T1049] bridge0: port 2(bridge_slave_1) entered blocking state [ 659.143507][ T1049] bridge0: port 2(bridge_slave_1) entered forwarding state [ 659.192630][ T34] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 659.299412][T15363] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 659.340602][T15363] veth0_vlan: entered promiscuous mode [ 659.343962][ T34] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 659.347109][T15363] veth1_vlan: entered promiscuous mode [ 659.347457][ T34] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 659.354218][ T34] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 659.357124][ T34] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 659.360063][ T34] usb 5-1: Product: syz [ 659.360907][T15363] veth0_macvtap: entered promiscuous mode [ 659.361848][ T34] usb 5-1: Manufacturer: syz [ 659.367798][ T34] usb 5-1: SerialNumber: syz [ 659.369295][T15363] veth1_macvtap: entered promiscuous mode [ 659.378255][ T34] cdc_mbim 5-1:1.0: skipping garbage [ 659.387849][T15363] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 659.394972][T15363] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 659.400566][T15363] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 659.404389][T15363] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 659.407460][T15363] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 659.410735][T15363] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 659.462111][ T6549] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 659.465302][ T6549] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 659.485692][ T1177] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 659.488197][ T1177] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 659.578720][T15464] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 660.184924][T15464] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 660.189049][ T34] cdc_mbim 5-1:1.0: setting tx_max = 184 [ 660.198814][ T34] cdc_mbim 5-1:1.0: cdc-wdm0: USB WDM device [ 660.222009][ T34] wwan wwan0: port wwan0mbim0 attached [ 660.258495][ T34] cdc_mbim 5-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.0-1, CDC MBIM, 3a:8e:a0:84:81:79 [ 660.392097][ C3] cdc_mbim 5-1:1.0: nonzero urb status received: -71 [ 660.394890][T15502] netlink: 'syz.3.2263': attribute type 13 has an invalid length. [ 660.398274][ C3] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes [ 660.412042][ T34] usb 5-1: USB disconnect, device number 19 [ 660.423808][ T34] cdc_mbim 5-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.0-1, CDC MBIM [ 660.590496][T15502] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 660.678032][ T34] wwan wwan0: port wwan0mbim0 disconnected [ 660.782446][ T1142] ------------[ cut here ]------------ [ 660.784976][ T1142] RTNL: assertion failed at ./include/net/netdev_lock.h (72) [ 660.789783][ T1142] WARNING: CPU: 3 PID: 1142 at ./include/net/netdev_lock.h:72 __linkwatch_sync_dev+0x1ed/0x230 [ 660.794504][ T1142] Modules linked in: [ 660.796865][ T1142] CPU: 3 UID: 0 PID: 1142 Comm: kworker/u32:8 Not tainted 6.15.0-syzkaller-08486-gf66bc387efbe #0 PREEMPT(full) [ 660.803227][ T1142] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 660.806861][ T1142] Workqueue: bond0 bond_mii_monitor [ 660.808487][ T1142] RIP: 0010:__linkwatch_sync_dev+0x1ed/0x230 [ 660.810344][ T1142] Code: 05 ff ff ff e8 34 51 60 f8 c6 05 a9 e2 14 07 01 90 ba 48 00 00 00 48 c7 c6 00 6e c2 8c 48 c7 c7 a0 6d c2 8c e8 94 b1 1f f8 90 <0f> 0b 90 90 e9 d6 fe ff ff 48 c7 c7 24 a2 87 90 e8 ae e8 c5 f8 e9 [ 660.817445][ T1142] RSP: 0018:ffffc90006e279f0 EFLAGS: 00010286 [ 660.817476][ T1142] RAX: 0000000000000000 RBX: ffff88802872a000 RCX: ffffffff817aa868 [ 660.817486][ T1142] RDX: ffff888027110000 RSI: ffffffff817aa875 RDI: 0000000000000001 [ 660.817496][ T1142] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 660.817505][ T1142] R10: 0000000000000001 R11: 0000000000000001 R12: 1ffff92000dc4f48 [ 660.830197][ T1142] R13: ffff88802872acc5 R14: ffffffff8c380760 R15: ffffffff89942630 [ 660.833612][ T1142] FS: 0000000000000000(0000) GS:ffff888097a7f000(0000) knlGS:0000000000000000 [ 660.837286][ T1142] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 660.839524][ T1142] CR2: 00000000f7396048 CR3: 000000000e180000 CR4: 0000000000352ef0 [ 660.842023][ T1142] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 660.844553][ T1142] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 660.847010][ T1142] Call Trace: [ 660.848076][ T1142] [ 660.849015][ T1142] ethtool_op_get_link+0x1d/0x70 [ 660.850587][ T1142] bond_check_dev_link+0x3f9/0x710 [ 660.852298][ T1142] ? __pfx_bond_check_dev_link+0x10/0x10 [ 660.854060][ T1142] bond_mii_monitor+0x3c0/0x2dc0 [ 660.855617][ T1142] ? __pfx_bond_mii_monitor+0x10/0x10 [ 660.857301][ T1142] ? rcu_is_watching+0x12/0xc0 [ 660.858814][ T1142] process_one_work+0x9cc/0x1b70 [ 660.860373][ T1142] ? __pfx_process_one_work+0x10/0x10 [ 660.862090][ T1142] ? assign_work+0x1a0/0x250 [ 660.863697][ T1142] worker_thread+0x6c8/0xf10 [ 660.865161][ T1142] ? __pfx_worker_thread+0x10/0x10 [ 660.866782][ T1142] kthread+0x3c5/0x780 [ 660.868081][ T1142] ? __pfx_kthread+0x10/0x10 [ 660.869539][ T1142] ? rcu_is_watching+0x12/0xc0 [ 660.871084][ T1142] ? __pfx_kthread+0x10/0x10 [ 660.872582][ T1142] ret_from_fork+0x5d4/0x6f0 [ 660.874040][ T1142] ? __pfx_kthread+0x10/0x10 [ 660.875488][ T1142] ret_from_fork_asm+0x1a/0x30 [ 660.876988][ T1142] [ 660.877982][ T1142] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 660.880268][ T1142] CPU: 3 UID: 0 PID: 1142 Comm: kworker/u32:8 Not tainted 6.15.0-syzkaller-08486-gf66bc387efbe #0 PREEMPT(full) [ 660.883942][ T1142] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 660.887234][ T1142] Workqueue: bond0 bond_mii_monitor [ 660.888854][ T1142] Call Trace: [ 660.889915][ T1142] [ 660.890877][ T1142] dump_stack_lvl+0x3d/0x1f0 [ 660.892337][ T1142] panic+0x71c/0x800 [ 660.893569][ T1142] ? __pfx_panic+0x10/0x10 [ 660.894992][ T1142] ? show_trace_log_lvl+0x29b/0x3e0 [ 660.896635][ T1142] ? check_panic_on_warn+0x1f/0xb0 [ 660.898355][ T1142] ? __linkwatch_sync_dev+0x1ed/0x230 [ 660.900042][ T1142] check_panic_on_warn+0xab/0xb0 [ 660.901645][ T1142] __warn+0xf6/0x3c0 [ 660.902903][ T1142] ? preempt_schedule_notrace+0x62/0xe0 [ 660.904696][ T1142] ? __linkwatch_sync_dev+0x1ed/0x230 [ 660.906396][ T1142] report_bug+0x3c3/0x580 [ 660.907755][ T1142] ? __linkwatch_sync_dev+0x1ed/0x230 [ 660.909436][ T1142] handle_bug+0x184/0x210 [ 660.910835][ T1142] exc_invalid_op+0x17/0x50 [ 660.912279][ T1142] asm_exc_invalid_op+0x1a/0x20 [ 660.913801][ T1142] RIP: 0010:__linkwatch_sync_dev+0x1ed/0x230 [ 660.915665][ T1142] Code: 05 ff ff ff e8 34 51 60 f8 c6 05 a9 e2 14 07 01 90 ba 48 00 00 00 48 c7 c6 00 6e c2 8c 48 c7 c7 a0 6d c2 8c e8 94 b1 1f f8 90 <0f> 0b 90 90 e9 d6 fe ff ff 48 c7 c7 24 a2 87 90 e8 ae e8 c5 f8 e9 [ 660.921574][ T1142] RSP: 0018:ffffc90006e279f0 EFLAGS: 00010286 [ 660.923478][ T1142] RAX: 0000000000000000 RBX: ffff88802872a000 RCX: ffffffff817aa868 [ 660.925933][ T1142] RDX: ffff888027110000 RSI: ffffffff817aa875 RDI: 0000000000000001 [ 660.928382][ T1142] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 660.930886][ T1142] R10: 0000000000000001 R11: 0000000000000001 R12: 1ffff92000dc4f48 [ 660.933350][ T1142] R13: ffff88802872acc5 R14: ffffffff8c380760 R15: ffffffff89942630 [ 660.935802][ T1142] ? __pfx_ethtool_op_get_link+0x10/0x10 [ 660.937555][ T1142] ? __warn_printk+0x198/0x350 [ 660.939078][ T1142] ? __warn_printk+0x1a5/0x350 [ 660.940584][ T1142] ethtool_op_get_link+0x1d/0x70 [ 660.942165][ T1142] bond_check_dev_link+0x3f9/0x710 [ 660.943777][ T1142] ? __pfx_bond_check_dev_link+0x10/0x10 [ 660.945542][ T1142] bond_mii_monitor+0x3c0/0x2dc0 [ 660.947112][ T1142] ? __pfx_bond_mii_monitor+0x10/0x10 [ 660.948793][ T1142] ? rcu_is_watching+0x12/0xc0 [ 660.950348][ T1142] process_one_work+0x9cc/0x1b70 [ 660.951947][ T1142] ? __pfx_process_one_work+0x10/0x10 [ 660.953626][ T1142] ? assign_work+0x1a0/0x250 [ 660.955091][ T1142] worker_thread+0x6c8/0xf10 [ 660.956548][ T1142] ? __pfx_worker_thread+0x10/0x10 [ 660.958178][ T1142] kthread+0x3c5/0x780 [ 660.959477][ T1142] ? __pfx_kthread+0x10/0x10 [ 660.960952][ T1142] ? rcu_is_watching+0x12/0xc0 [ 660.962465][ T1142] ? __pfx_kthread+0x10/0x10 [ 660.963919][ T1142] ret_from_fork+0x5d4/0x6f0 [ 660.965371][ T1142] ? __pfx_kthread+0x10/0x10 [ 660.966828][ T1142] ret_from_fork_asm+0x1a/0x30 [ 660.968340][ T1142] [ 660.969980][ T1142] Kernel Offset: disabled [ 660.971364][ T1142] Rebooting in 86400 seconds.. VM DIAGNOSIS: 15:35:11 Registers: info registers vcpu 0 CPU#0 RAX=dffffc0000000000 RBX=0000000000000001 RCX=ffffffff9120581c RDX=0000000000000008 RSI=ffffc90006507990 RDI=ffffc90006507608 RBP=ffffc90006507990 RSP=ffffc90006507588 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=000000000000a1f4 R12=ffffc90006507658 R13=ffffc90006507608 R14=ffffc900065079c0 R15=ffffc9000650763c RIP=ffffffff816a618c RFL=00000287 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809777f000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055bd80123138 CR3=0000000078a0a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=dffffc0000000000 RBX=ffffc900006befc8 RCX=ffffc900006bef1c RDX=1ffff920000d7e02 RSI=ffffffff8dbdb701 RDI=ffffffff815ff5f4 RBP=ffffc900006bf010 RSP=ffffc900006befb0 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000008579 R12=ffffffff81a6cbe0 R13=ffffc900006bf088 R14=0000000000000000 R15=ffff88801d332440 RIP=ffffffff816a5e4e RFL=00000a02 [-O-----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809787f000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fd58c0d6e9c CR3=000000000e180000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000000000002 Opmask02=00000000fff7ffdf Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd58c4468f0 00007fd58c446310 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd58c407050 00007fd58c4060c0 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd58c407580 00007fd58c406b20 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd58c1090c0 00007fd58c407ab0 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd58c445da0 00007fd58c4065f0 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd58c1096b0 00007fd58c1090c0 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd58c407ab0 00007fd58c407580 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd58c406b20 00007fd58c407050 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6c6f7365722f6574 6174732d6b6f6f68 2f6463706368642f 6e75722f7261762f ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 666e6f635f666900 6b6e696c2e306e61 77772e666e6f632e 766c6f7365722f65 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=1ffff920000a70d8 RCX=ffffffff89dd6fd1 RDX=ffff888027c5c880 RSI=ffffffff89dd6f36 RDI=0000000000000005 RBP=ffffffff9affc780 RSP=ffffc900005386b8 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=ffffc900005387e8 R13=ffff888043d70000 R14=0000000000000001 R15=0000000000000000 RIP=ffffffff81bb4650 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f3f5b253300 ffffffff 00c00000 GS =0000 ffff88809797f000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f20c5b88 CR3=000000004e84a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 08da000000030000 0008000400080010 00080000000c0200 0000000000080008 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0014010000000000 000800080007000c 00080000000c0002 254c000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 08d6000000200000 0002000000100008 0000000000000004 000c001a00100000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 cccc000134c80000 19f4000152880001 63c4000169400001 6f64000000400001 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7ed4000180800001 9e0c00019fd00001 e1980001e8240001 f85c000207900000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0014000018300000 0001000000000000 024300000000315a 4700000000140000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00200000000e0014 000c000000080004 001c000e00000000 0000000000000000 ZMM24=89be609e89be609e 89be609e89be609e 89be609e89be609e 89be609e89be609e 89be609e89be609e 89be609e89be609e 89be609e89be609e 89be609e89be609e ZMM25=805d5035805d5035 805d5035805d5035 805d5035805d5035 805d5035805d5035 805d5035805d5035 805d5035805d5035 805d5035805d5035 805d5035805d5035 ZMM26=6bfd04c56bfd04c5 6bfd04c56bfd04c5 6bfd04c56bfd04c5 6bfd04c56bfd04c5 6bfd04c56bfd04c5 6bfd04c56bfd04c5 6bfd04c56bfd04c5 6bfd04c56bfd04c5 ZMM27=98eb940598eb9405 98eb940598eb9405 98eb940598eb9405 98eb940598eb9405 98eb940598eb9405 98eb940598eb9405 98eb940598eb9405 98eb940598eb9405 ZMM28=00000200000001ff 000001fe000001fd 000001fc000001fb 000001fa000001f9 000001f8000001f7 000001f6000001f5 000001f4000001f3 000001f2000001f1 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=9a1f00009a1f0000 9a1f00009a1f0000 9a1f00009a1f0000 9a1f00009a1f0000 9a1f00009a1f0000 9a1f00009a1f0000 9a1f00009a1f0000 9a1f00009a1f0000 info registers vcpu 3 CPU#3 RAX=0000000000000055 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8554ecc5 RDI=ffffffff9ae4fd80 RBP=ffffffff9ae4fd40 RSP=ffffc90006e27360 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=0000000000000055 R14=ffffffff9ae4fd40 R15=ffffffff8554ec60 RIP=ffffffff8554ecef RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097a7f000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7396048 CR3=000000000e180000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000