last executing test programs: 20.9610023s ago: executing program 0 (id=942): mlockall(0x2) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000080)=0x3, 0x4) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) listen(r2, 0x5) accept4(r2, 0x0, 0x0, 0x80800) setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000140)='wg0\x00', 0x4) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}}, 0x1c) socket(0x40000000015, 0x5, 0x0) r4 = socket(0x40000000015, 0x5, 0x0) bind$inet(r4, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) 19.286501349s ago: executing program 0 (id=949): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) syz_open_dev$usbmon(&(0x7f0000000c80), 0x0, 0x800) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x48) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x893, 0x0, 0x0, &(0x7f00000001c0)) r4 = timerfd_create(0x8, 0x80000) timerfd_settime(r4, 0x0, &(0x7f0000007000)={{0x0, 0x4}, {0x0, 0x989680}}, 0x0) readv(r4, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/52, 0x34}], 0x1) ioctl$TUNSETIFF(r2, 0x400454ca, 0x0) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) sendmsg$nl_route_sched(r5, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r7, {0xf000, 0xffff}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_CLASSID={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000700000000000850000000700000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b708000000bc7a007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) 17.921139573s ago: executing program 0 (id=955): r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x8, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) (async) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r5, {0x10, 0xffe0}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5}]}]}]}}]}, 0x44}}, 0x40040) (async) r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="04f614b25c9a2c00e9975636b92137f8c6d02e425828e4a19e0e9de850cea4937e1646b3e10c846d2218a7f29732c970ea1a73772ee374d5b02ed6c65ca3bf40c2548c25f57a53b6d6e2a4222ddc86dcff38ea9453f6489220a6d87edcab45aace287824865c0adc779026216629059a20aea62925a96ec15bf1a493228c8d0b73c504ffff68af2400a6958ea45cfb53ab4e4d183009c37b17fba9c33b0eb8601f1c05a8c9d41c0d0f2ef89b34e97df02cac3f636230ba060000000000000000000084e6acb49c311c3e9bf1b4d8cbe2b9675b0c3dc4d9141617b3054d02fa53b52e701f54dd75eec7f62bd3304947fe9d03653534976c2f96e7e47f695248b7cbfb6479171abb4c6907ca0416524e9a4c8300fb26bba0eb8cb15d34376b91e6c2d6bd9a56f9df064fd56133a6fce2a8b35ee465d0e74c4a1925f632835952d00dbf79eda3bebbc94c01d0b48030af1cde7e40b1"]) 17.578969375s ago: executing program 0 (id=956): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="f4000000160001002bbd7000fedbdf25ac1e0101000000000000000000000000fe8800000000000000000000000001014e2303004e2400000a0080201d000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe80000000000000000000000a0000aa000004d533000000ac1414100000000000000000000000000800000000000000b507000000000000000000000000000006000000000000000900000000000000faffffffffffffffffffffff000000000300000000000000020000000000000003000000000000000100000000000000faffffffffffffff0000000001000100f9ffffff2abd7000000000000000020601000000080000004f"], 0xf4}, 0x1, 0x0, 0x0, 0x10}, 0x400c8c0) 17.518946045s ago: executing program 0 (id=957): r0 = syz_open_dev$swradio(&(0x7f00000046c0), 0x1, 0x2) preadv(r0, &(0x7f0000000c00)=[{&(0x7f0000000740)=""/121, 0x79}], 0x1, 0x80000000, 0x4) read$FUSE(0xffffffffffffffff, &(0x7f0000000e00)={0x2020, 0x0, 0x0, 0x0}, 0x2020) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000000000)={0x8, 0xaf, {0x0}, {r1}, 0x800, 0x8}) r3 = syz_open_procfs(r2, &(0x7f0000000100)='net/rpc\x00') bpf$TOKEN_CREATE(0x24, &(0x7f0000000140)={0x0, r0}, 0x8) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x7) r4 = open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r3) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000104000002000000000000000200", @ANYRES32=0x0, @ANYBLOB="0380000000000000140012800b0001006970766c616e00000400028008000500", @ANYRES32=r6, @ANYBLOB='\b\x00', @ANYRES16=r5], 0x44}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054) r7 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r4, &(0x7f0000000000)={0x10000000}) open(&(0x7f0000000200)='./file0\x00', 0x2, 0x0) r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) shutdown(r8, 0x0) r9 = openat$tun(0xffffff9c, &(0x7f00000001c0), 0xfe58866d46c83ea3, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x8924, &(0x7f0000000240)={'veth1_to_bond\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x11}}) recvmmsg(r8, &(0x7f0000000d80)=[{{&(0x7f00000003c0)=@nfc_llcp, 0x80, &(0x7f0000000f00)}, 0x7}, {{&(0x7f0000000600)=@pptp={0x18, 0x2, {0x0, @remote}}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000780)=""/12, 0xc}], 0x1, &(0x7f0000000800)=""/178, 0xb2}, 0x9}, {{&(0x7f00000004c0)=@ethernet={0x0, @remote}, 0x80, &(0x7f00000008c0)}, 0x5b12}, {{&(0x7f0000000a80)=@alg, 0x80, &(0x7f0000000980)=[{&(0x7f0000000c00)=""/128, 0x83}, {&(0x7f0000000540)=""/162, 0xfffffffffffffd80}], 0x2}, 0x80000001}], 0x4, 0x0, 0x0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r10 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x1a0) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x8, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r10, 0x40049366, 0x0) read(r8, &(0x7f0000000680)=""/191, 0xbf) syz_open_dev$midi(&(0x7f00000001c0), 0x2, 0x0) 17.470625849s ago: executing program 0 (id=958): openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000300)={0x8, {{0xa, 0x4e20, 0x6, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x6a3c}}, {{0xa, 0x4e22, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, 0x5}}}, 0x104) syz_open_dev$swradio(0x0, 0x0, 0x2) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000e, 0x50032, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(0x0, 0x2, 0x141121) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0) sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x20, 0x19, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x4010010) r1 = socket(0x10, 0x803, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='virtio_transport_alloc_pkt\x00'}, 0x10) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="480000001000"], 0x48}, 0x1, 0x0, 0x2000}, 0x0) 4.277021355s ago: executing program 2 (id=1051): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = shmat(0xffffffffffffffff, &(0x7f0000933000/0x3000)=nil, 0x5000) shmdt(r0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_io_uring_setup(0xef4, &(0x7f0000000300)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_setup(0x100231, &(0x7f0000000080)={0x0, 0x800, 0x10100}, &(0x7f0000000000), &(0x7f0000000240)) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000040)=@ipv4_delrule={0x24, 0x21, 0x1, 0x0, 0x0, {}, [@FRA_GENERIC_POLICY=@FRA_SUPPRESS_IFGROUP={0x8}]}, 0x24}}, 0x0) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001300)=@newtfilter={0x48, 0x2c, 0xd27, 0x70bd27, 0x8000, {0x0, 0x0, 0x0, r7, {0x8, 0x7}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_matchall={{0xd}, {0x14, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0x1, 0x10}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x22044028}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbee7, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 3.165651596s ago: executing program 3 (id=1059): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="5800000010000104000000000000000000060000", @ANYRES32=0x0, @ANYBLOB="2b03000000000000300012800b00010067656e6576650000200002800800010001000000140007000000000000000005000000000000000108000a00", @ANYRES32], 0x58}}, 0x0) 2.98147498s ago: executing program 3 (id=1061): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x1b}}, @printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}}]}, &(0x7f0000000780)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r2}, 0x18) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r3, 0x29, 0x2, 0x0, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x11, &(0x7f00000001c0)=0x1, 0x4) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r4) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000001040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000400)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010025bd7000ffdbdf253b00000008000300", @ANYRES32=r6, @ANYBLOB="24003300d0980700ffffffffffff080211000001505050505050020004000ec108"], 0x40}, 0x1, 0x0, 0x0, 0x4}, 0x48051) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c) io_setup(0x6, &(0x7f0000000680)) syz_open_dev$usbmon(&(0x7f0000001980), 0x1, 0x10280) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) r7 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xc2354000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r8, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r9, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r7, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) 2.597968197s ago: executing program 2 (id=1062): mkdir(0x0, 0x0) r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x1, 0x40002) writev(r0, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb011a52f436dd2a", 0x2a}], 0x1) ioctl$SG_GET_REQUEST_TABLE(r0, 0x2286, &(0x7f0000000440)) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) r1 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='1', 0xffffffffffffff55) r4 = syz_io_uring_setup(0x238, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r3}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) clock_getres(0xeef77201c7a121ec, 0x0) rseq(&(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2, 0x1, 0xed, 0x7}}, 0x20, 0x0, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r4, 0x2ded, 0x4000, 0x0, 0x0, 0x0) ioctl$BLKROGET(r1, 0x125e, &(0x7f0000000300)) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x18, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22}, 0x21) setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r7, 0x0, r8, 0x0, 0xaf4, 0x0) read$midi(r8, &(0x7f0000000200)=""/226, 0xe2) 2.258906193s ago: executing program 32 (id=958): openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000300)={0x8, {{0xa, 0x4e20, 0x6, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x6a3c}}, {{0xa, 0x4e22, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, 0x5}}}, 0x104) syz_open_dev$swradio(0x0, 0x0, 0x2) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000e, 0x50032, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(0x0, 0x2, 0x141121) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0) sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x20, 0x19, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x4010010) r1 = socket(0x10, 0x803, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='virtio_transport_alloc_pkt\x00'}, 0x10) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="480000001000"], 0x48}, 0x1, 0x0, 0x2000}, 0x0) 2.226315638s ago: executing program 2 (id=1064): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@fallback=0xffffffffffffffff, 0x8, 0x0, 0x6, &(0x7f00000001c0)=[0x0, 0x0], 0x2, 0x0, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0], &(0x7f0000000340), 0x0}, 0x40) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000003c0)={@fallback=r2, r2, 0x20, 0x2004, 0x0, @value, @void, @void, @void, r4}, 0x20) r5 = openat$vcs(0xffffff9c, &(0x7f0000000340), 0x401, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000300)={@fallback=r5, r1, 0x35, 0x2, 0x0, @void, @value=r1, @void, @void, r4}, 0x20) r6 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000800)={&(0x7f0000000400)='kmem_cache_free\x00', r3, 0x0, 0x4}, 0x18) write$nbd(r6, &(0x7f0000000240)={0x1000000, 0x0, 0x2, 0xffff, 0x3, "82b0cfc4337965941538be02000000000000000000007400a391793ba7f40000000000fdf700"/48}, 0x40) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_DAEMON(r6, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="000428bd6c00ffdbdf25090000001c00028805000d004e21000005000d00000000000800060005000000"], 0x38}, 0x1, 0x0, 0x0, 0x30}, 0x40841) r8 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="f800000016008502000000000000000020010000000000000000000000000002a600000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032"], 0xf8}}, 0x0) sendmsg$nl_xfrm(r9, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0x134}}, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r8, 0xc06864a1, &(0x7f0000000240)={0x0, 0x0, r10, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r8, 0xc06864ce, &(0x7f0000000300)={r11, 0x0, 0x9, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r8, 0xc00c642d, &(0x7f0000000080)={r12, 0x0, 0xffffffffffffffff}) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000004, 0x13, r13, 0x0) r14 = socket$igmp(0x2, 0x3, 0x2) setsockopt$IPT_SO_SET_REPLACE(r14, 0x0, 0x40, &(0x7f0000000500)=@filter={'filter\x00', 0x42, 0x4, 0x26c, 0xffffffff, 0x0, 0x98, 0x0, 0xffffffff, 0xffffffff, 0x270, 0x270, 0x270, 0xffffffff, 0x5, 0x0, {[{{@uncond, 0x74000002, 0x70, 0x94, 0x1ba, {0x46010000, 0x2c000000000000}}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x7}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0xff0000ff, 0xff000000, 'ip6gretap0\x00', 'ip6tnl0\x00'}, 0x287, 0x70, 0x94}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x8}}}, {{@ip={@broadcast, @loopback, 0xffffff00, 0xffffffff, 'ipvlan1\x00', 'veth0_to_bond\x00', {0xff}, {0xff}, 0x1d, 0x0, 0x20}, 0x0, 0x70, 0xb0}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "81d0042c436dbdac8bebde18b54dd11bf035c1d8b6b0e88ef5aee0eccad7"}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x2c8) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={0xffffffffffffffff, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 2.058704273s ago: executing program 2 (id=1065): syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r3, 0x0, 0x0) connect$pptp(r3, &(0x7f0000000040)={0x18, 0x2, {0xfffc, @initdev={0xac, 0x1e, 0x5, 0x0}}}, 0x1e) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00e5000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r4}, 0x18) socket$inet6(0xa, 0x80002, 0x0) r8 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x200, 0x2f5380, 0x41414770, 0x58595556, 0x425, 0x10001, 0xa, 0x9e0, 0x1, 0x3, 0x0, 0x7}}) quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0) 1.925540694s ago: executing program 3 (id=1066): r0 = socket$netlink(0x10, 0x3, 0xb) tkill(0x0, 0x7) socket$l2tp(0x2, 0x2, 0x73) writev(r0, 0x0, 0x0) r1 = socket(0x10, 0x803, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="920000fd2dde6428"], 0x0, 0xf, 0x0, 0x0, 0x0, 0x11}, 0x94) r2 = socket(0x2c, 0x80000, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="340000001400b59500000000000000000a400000", @ANYRES32=r3, @ANYBLOB="1400020020000000000000000000ffff000000000800080000010000"], 0x34}}, 0x0) socket(0x10, 0x803, 0x0) r4 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_NET_GET(r5, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040004) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r6, &(0x7f0000000600)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000140)=ANY=[], 0x14}}, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000240), r4) syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r4) mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x3, 0x2}) r7 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x103201, 0x0) ioctl$SNDCTL_TMR_SOURCE(r7, 0xc0045406) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r8, 0xc0605345, &(0x7f0000000040)={0x0, 0x0, {0x2}, 0xb}) openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) r9 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_ABS_SETUP(r9, 0x401c5504, &(0x7f0000000340)={0x400000100002f, {0x0, 0x0, 0x0, 0xffffffff, 0xfffffff6}}) write$uinput_user_dev(r9, &(0x7f0000000380)={'syz0\x00', {0xff, 0x6, 0x7fff, 0x8d5}, 0x24, [0x10000, 0xeba, 0x7, 0xe6a, 0x8, 0x1, 0x5, 0x7ff, 0x54, 0x7fffdfff, 0x2, 0xc, 0x8, 0x9, 0x9, 0xfffffff7, 0x7, 0x40000, 0xa, 0x23, 0x1, 0x0, 0x3fc, 0xfffffff4, 0x1, 0xda6, 0x3, 0xa7, 0xeb36, 0x2, 0x9, 0x76c9, 0x200, 0x1, 0x1, 0x1, 0x5, 0x9, 0xf, 0xb, 0x10, 0x80000000, 0x9, 0xb50, 0x0, 0x7, 0x3, 0x103, 0x7, 0xfffffffe, 0x5, 0x8, 0x24, 0x7fff, 0x8, 0xfffffffd, 0x200, 0x0, 0x0, 0x7f, 0x964e, 0x2d5, 0x6, 0x1], [0x66ac, 0xfffffff9, 0x4, 0x3, 0x6, 0x7, 0x13e, 0x9, 0x4, 0x2, 0x0, 0x7, 0x6, 0x8001, 0x9, 0x8, 0x2, 0x5, 0x40, 0x7ff, 0x7ff, 0x5, 0x9, 0xc00, 0x89, 0x7ff, 0x0, 0x1, 0xfffffff7, 0x9, 0x9, 0x4d26, 0x10000, 0x8, 0x1, 0x7, 0x0, 0x4, 0x4c, 0x9, 0x8, 0x5, 0xe66, 0x8, 0x2, 0x8, 0x4b, 0x583c, 0x6, 0xb, 0x4, 0x9, 0x2, 0x8d1, 0x8fd, 0xfffffffa, 0xe0, 0x8e, 0x10001, 0x4, 0x401, 0xadd, 0x7f, 0x9], [0x8396, 0x7, 0xffff6a0b, 0x9, 0x8000, 0x1, 0x3, 0xe88, 0x8, 0x6, 0x0, 0x400, 0x1000, 0x9, 0x905, 0x8000, 0x7, 0x3, 0x6, 0x5, 0x3, 0xc9, 0x2, 0x3, 0x0, 0x2, 0x2, 0xc, 0x5, 0xb0f, 0x1e, 0x3, 0x800, 0x8, 0x9, 0x6, 0x4, 0xf4, 0x4, 0xe, 0x464b, 0x6, 0x2e7, 0x7ff, 0x1ff, 0x6, 0x87ff, 0x2, 0x7fffffff, 0xffffffff, 0x4, 0xffff, 0xd5d, 0xa0d787d, 0xffffff4e, 0x9, 0x4, 0x7, 0x3, 0x0, 0x1fc1, 0x9, 0x1, 0x3], [0x10000010, 0x7, 0x9, 0x2, 0xa5e, 0xfe, 0xff, 0x3, 0x80000000, 0x0, 0xe, 0x2, 0x4, 0x7, 0x7, 0x0, 0xfffffffd, 0xfffffff8, 0xdaa, 0x4, 0x7, 0x103, 0x6, 0xcc, 0x6, 0x4000400, 0x1fffe0, 0xfffffffb, 0x40, 0x80000002, 0x4, 0x6, 0xfff, 0x40, 0x9, 0x0, 0x9, 0x1, 0x0, 0x7, 0x8ac1, 0x3, 0x1, 0x80000002, 0x80000002, 0xff, 0x6, 0x3, 0xfffff801, 0xffffffff, 0x7, 0xfffffff8, 0xd, 0x7, 0xd, 0x9, 0x6eaf, 0x0, 0x401, 0x5e02, 0x2, 0x3, 0x5, 0x400]}, 0x45c) ioctl$UI_SET_EVBIT(r9, 0x40045564, 0x3) 1.916791717s ago: executing program 3 (id=1067): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x38, 0x3, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xac}, 0x1, 0x1f, 0x0, 0x8040}, 0x0) 1.808866858s ago: executing program 3 (id=1068): syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r3, 0x0, 0x0) connect$pptp(r3, &(0x7f0000000040)={0x18, 0x2, {0xfffc, @initdev={0xac, 0x1e, 0x5, 0x0}}}, 0x1e) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00f0000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r4}, 0x18) socket$inet6(0xa, 0x80002, 0x0) r8 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x200, 0x2f5380, 0x41414770, 0x58595556, 0x425, 0x10001, 0xa, 0x9e0, 0x1, 0x3, 0x0, 0x7}}) quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0) 1.167232423s ago: executing program 1 (id=1072): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000280)={@fd={0x70742a85, 0x0, r2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x29}, @fda={0x66646185, 0x5, 0x1, 0x32}}, &(0x7f0000000240)={0x38, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) 1.088681085s ago: executing program 1 (id=1073): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@fallback=0xffffffffffffffff, 0x8, 0x0, 0x6, &(0x7f00000001c0)=[0x0, 0x0], 0x2, 0x0, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0], &(0x7f0000000340), 0x0}, 0x40) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000003c0)={@fallback=r2, r2, 0x20, 0x2004, 0x0, @value, @void, @void, @void, r4}, 0x20) r5 = openat$vcs(0xffffff9c, &(0x7f0000000340), 0x401, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000300)={@fallback=r5, r1, 0x35, 0x2, 0x0, @void, @value=r1, @void, @void, r4}, 0x20) r6 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000800)={&(0x7f0000000400)='kmem_cache_free\x00', r3, 0x0, 0x4}, 0x18) write$nbd(r6, &(0x7f0000000240)={0x1000000, 0x0, 0x2, 0xffff, 0x3, "82b0cfc4337965941538be02000000000000000000007400a391793ba7f40000000000fdf700"/48}, 0x40) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_DAEMON(r6, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="000428bd6c00ffdbdf25090000001c00028805000d004e21000005000d00000000000800060005000000"], 0x38}, 0x1, 0x0, 0x0, 0x30}, 0x40841) r8 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="f800000016008502000000000000000020010000000000000000000000000002a600000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032"], 0xf8}}, 0x0) sendmsg$nl_xfrm(r9, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0x134}}, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r8, 0xc06864a1, &(0x7f0000000240)={0x0, 0x0, r10, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r8, 0xc06864ce, &(0x7f0000000300)={r11, 0x0, 0x9, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r8, 0xc00c642d, &(0x7f0000000080)={r12, 0x0, 0xffffffffffffffff}) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000004, 0x13, r13, 0x0) r14 = socket$igmp(0x2, 0x3, 0x2) setsockopt$IPT_SO_SET_REPLACE(r14, 0x0, 0x40, &(0x7f0000000500)=@filter={'filter\x00', 0x42, 0x4, 0x26c, 0xffffffff, 0x0, 0x98, 0x0, 0xffffffff, 0xffffffff, 0x270, 0x270, 0x270, 0xffffffff, 0x5, 0x0, {[{{@uncond, 0x74000002, 0x70, 0x94, 0x1ba, {0x46010000, 0x2c000000000000}}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x7}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0xff0000ff, 0xff000000, 'ip6gretap0\x00', 'ip6tnl0\x00'}, 0x287, 0x70, 0x94}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x8}}}, {{@ip={@broadcast, @loopback, 0xffffff00, 0xffffffff, 'ipvlan1\x00', 'veth0_to_bond\x00', {0xff}, {0xff}, 0x1d, 0x0, 0x20}, 0x0, 0x70, 0xb0}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "81d0042c436dbdac8bebde18b54dd11bf035c1d8b6b0e88ef5aee0eccad7"}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x2c8) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={0xffffffffffffffff, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 1.070477055s ago: executing program 1 (id=1074): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000940)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x18) socket$packet(0x11, 0x2, 0x300) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) r6 = syz_open_dev$dri(&(0x7f0000000300), 0x40100001, 0x189002) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r5, 0xc02064b6, &(0x7f00000002c0)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r5, 0xc06864a2, &(0x7f0000000580)={&(0x7f0000000040)=[0x0], 0x1, r8, r9, 0x3, 0x0, 0xffffffff, 0x804, {0xac7a, 0x1, 0x3, 0x67, 0xf4b, 0x1, 0x2, 0x5, 0x412f, 0xe154, 0x1000, 0x7f, 0x6, 0xffffffff, "fe1d00003413000000000020b42717e47f0000000000000000000000002000"}}) r10 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0) mq_timedsend(r10, 0x0, 0x0, 0x0, 0x0) mq_timedreceive(r10, &(0x7f0000004600)=""/102381, 0xfffffceb, 0x0, 0x0) r11 = syz_io_uring_setup(0x7392, &(0x7f0000000740)={0x0, 0xbe47, 0x10100, 0x0, 0xfffffffc, 0x0, r4}, &(0x7f0000000300)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r12, r13, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r3, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r11, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r14 = socket$tipc(0x1e, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r15 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r15, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x40, 0x1, 0xfffffffd}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r14, 0x10f, 0x87, &(0x7f0000000100)={0x42, 0x2, 0x2}, 0x10) sendmsg$tipc(r14, &(0x7f0000000140)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x0, 0x2}, 0x3}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x20000050}, 0x0) 587.204469ms ago: executing program 3 (id=1075): r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/vlan/vlan1\x00') preadv(r0, &(0x7f0000000340)=[{0x0}, {&(0x7f00000003c0)=""/106, 0x6a}], 0x2, 0x5a, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB2(r3, 0xc06864b8, 0x0) syz_io_uring_setup(0x5e2, &(0x7f00000003c0), &(0x7f0000000040)=0x0, &(0x7f0000000180)) socket$inet_sctp(0x2, 0x5, 0x84) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0601, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000003c0)=0x14) r6 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) r7 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r6) pipe2$watch_queue(&(0x7f00000003c0)={0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r6, r8, 0x1e) r9 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f0000000280)={'fscrypt:', @auto=[0x66, 0x0, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64, 0x35, 0x0, 0xd, 0x65]}, &(0x7f0000000180)={0x0, "de8d0d27ca969fa15f8b3b7bae39c1b3327d4332f8c149d2d65a347d67f6db7eb90dfdad3cdebaaf421412f812305c9da91699b5a02c1295596f0fd9ec78f2fd", 0x2d}, 0x48, r6) keyctl$KEYCTL_MOVE(0x1e, r9, r6, r7, 0x0) capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) io_uring_enter(0xffffffffffffffff, 0xa3d, 0x0, 0x0, 0x0, 0x0) r10 = mq_open(&(0x7f000084dff0)='!sali\x1cqxte&\xac\xe87x\x00', 0x6e93ebbbcc0884f2, 0x12e, &(0x7f0000000300)={0x0, 0x1, 0x7}) madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x14) mq_timedsend(r10, 0x0, 0x0, 0x0, 0x0) mq_timedsend(r10, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getrlimit(0xc, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) 563.123712ms ago: executing program 2 (id=1076): openat$hpet(0xffffff9c, &(0x7f00000000c0), 0x220800, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rfc1337\x00', 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) sendmsg$rds(r2, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r2, 0x114, 0x1, &(0x7f0000000100), 0x10) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r3 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0xfffffffffffffffe, 0x9, 0x9, 0x1, 0x89, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x2d}}}, 0xa0) socket$kcm(0x11, 0xa, 0x300) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r4, 0x5, 0xe, 0x0, &(0x7f0000000000)="255161fc12e31d068d10d1c2bd39", 0x0, 0x1f, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) syz_open_pts(0xffffffffffffffff, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./bus\x00', 0x189a7c, 0x113) ioctl$AUTOFS_IOC_EXPIRE_MULTI(r0, 0x40049366, &(0x7f0000000240)=0x1) r6 = open(&(0x7f0000000040)='./bus\x00', 0x4e142, 0x0) pwritev2(r6, &(0x7f0000000680)=[{&(0x7f0000000200)="05", 0x6a000}], 0x1, 0x6000000, 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x37fffee, 0x4002011, r5, 0x40000000) 529.677267ms ago: executing program 1 (id=1077): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000280)={@fd={0x70742a85, 0x0, r2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x29}, @fda={0x66646185, 0x5, 0x1, 0x32}}, &(0x7f0000000240)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x100000000000000, 0x0}) 503.387937ms ago: executing program 1 (id=1078): mkdir(0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='1', 0xffffffffffffff55) r3 = syz_io_uring_setup(0x238, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) ioctl$BTRFS_IOC_DEFRAG_RANGE(r0, 0x40309410, &(0x7f00000000c0)={0x8, 0x2, 0x1, 0xc1, 0x2, [0x8000, 0x9f, 0x7, 0x7]}) clock_getres(0xeef77201c7a121ec, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r6, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r6, &(0x7f0000000080)={0xa, 0x4e22}, 0x21) setsockopt$inet6_tcp_TCP_ULP(r6, 0x6, 0x1f, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r6, 0x0, r7, 0x0, 0xaf4, 0x0) 53.449164ms ago: executing program 1 (id=1079): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x0, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000400)={0x1d}) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) creat(&(0x7f00000002c0)='./file0\x00', 0x0) truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x1], 0x0, 0x0, 0x20000000000000b2, 0x1}}, 0x40) close_range(r3, 0xffffffffffffffff, 0x0) r5 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$sock_linger(r2, 0x1, 0xd, 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000001a40)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x12}}, @in={0x2, 0x0, @local}], 0x20) r6 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) r7 = fsmount(r6, 0x0, 0x0) fchdir(r7) mkdir(&(0x7f0000000000)='./file0\x00', 0x26) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) 0s ago: executing program 2 (id=1080): r0 = socket$inet6(0xa, 0x3, 0x88) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000280)={{{@in=@rand_addr=0x64010101, @in6=@mcast2, 0x0, 0x0, 0x0, 0x4, 0xa, 0x0, 0x0, 0x2b}, {0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x40000000000000}, 0x1, 0x0, 0x0, 0x0, 0x2, 0x1}, {{@in6=@mcast1, 0x0, 0x6c}, 0x2, @in=@multicast1, 0x0, 0x4, 0x0, 0x0, 0x40000000, 0x3}}, 0xe8) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97000288c19e9ace00000000000000002100000002ff02000097ffffff0000000000000001"], 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:18082' (ED25519) to the list of known hosts. [ 40.749296][ T5885] cgroup: Unknown subsys name 'net' [ 40.910132][ T5885] cgroup: Unknown subsys name 'cpuset' [ 40.914040][ T5885] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 41.761910][ T5885] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 44.966255][ T5951] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 44.969606][ T5951] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 44.972329][ T5951] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 44.974966][ T5951] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 44.975127][ T5954] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 44.977321][ T5955] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 44.977787][ T5951] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 44.980383][ T5954] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 44.985144][ T63] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 44.987173][ T5954] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 44.987459][ T5957] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 44.988155][ T5957] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 44.988493][ T5957] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 44.988866][ T5957] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 44.989146][ T63] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 44.989554][ T63] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 44.989804][ T63] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 44.991623][ T5954] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 44.993656][ T5957] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 44.995897][ T5954] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 45.174230][ T5942] chnl_net:caif_netlink_parms(): no params data found [ 45.264166][ T5939] chnl_net:caif_netlink_parms(): no params data found [ 45.372546][ T5942] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.374897][ T5942] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.377852][ T5942] bridge_slave_0: entered allmulticast mode [ 45.380549][ T5942] bridge_slave_0: entered promiscuous mode [ 45.383966][ T5940] chnl_net:caif_netlink_parms(): no params data found [ 45.410683][ T5942] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.412988][ T5942] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.415624][ T5942] bridge_slave_1: entered allmulticast mode [ 45.418417][ T5942] bridge_slave_1: entered promiscuous mode [ 45.464338][ T5941] chnl_net:caif_netlink_parms(): no params data found [ 45.521904][ T5939] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.524992][ T5939] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.528753][ T5939] bridge_slave_0: entered allmulticast mode [ 45.532365][ T5939] bridge_slave_0: entered promiscuous mode [ 45.537125][ T5939] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.539292][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.541557][ T5939] bridge_slave_1: entered allmulticast mode [ 45.544150][ T5939] bridge_slave_1: entered promiscuous mode [ 45.548522][ T5942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.599859][ T5942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.652723][ T5940] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.655656][ T5940] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.660262][ T5940] bridge_slave_0: entered allmulticast mode [ 45.665331][ T5940] bridge_slave_0: entered promiscuous mode [ 45.684263][ T5939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.709201][ T5940] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.712249][ T5940] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.715152][ T5940] bridge_slave_1: entered allmulticast mode [ 45.719284][ T5940] bridge_slave_1: entered promiscuous mode [ 45.743309][ T5939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.832368][ T5940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.851189][ T5942] team0: Port device team_slave_0 added [ 45.853428][ T5941] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.855614][ T5941] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.858008][ T5941] bridge_slave_0: entered allmulticast mode [ 45.860560][ T5941] bridge_slave_0: entered promiscuous mode [ 45.864367][ T5940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.869079][ T5939] team0: Port device team_slave_0 added [ 45.872621][ T5942] team0: Port device team_slave_1 added [ 45.874724][ T5941] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.877112][ T5941] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.879372][ T5941] bridge_slave_1: entered allmulticast mode [ 45.881947][ T5941] bridge_slave_1: entered promiscuous mode [ 45.897509][ T5939] team0: Port device team_slave_1 added [ 45.996219][ T5940] team0: Port device team_slave_0 added [ 45.998837][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.001024][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.010882][ T5939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.015191][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.018537][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.026411][ T5942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.032740][ T5941] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.036842][ T5940] team0: Port device team_slave_1 added [ 46.039170][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.041352][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.049269][ T5939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.053069][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.055239][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.063253][ T5942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.068067][ T5941] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.099407][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.101596][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.109466][ T5940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.116283][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.118542][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.126419][ T5940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.160168][ T5941] team0: Port device team_slave_0 added [ 46.166222][ T5941] team0: Port device team_slave_1 added [ 46.271403][ T5942] hsr_slave_0: entered promiscuous mode [ 46.273725][ T5942] hsr_slave_1: entered promiscuous mode [ 46.287845][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.290135][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.298652][ T5941] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.305322][ T5939] hsr_slave_0: entered promiscuous mode [ 46.308126][ T5939] hsr_slave_1: entered promiscuous mode [ 46.310245][ T5939] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.312762][ T5939] Cannot create hsr debugfs directory [ 46.338883][ T5940] hsr_slave_0: entered promiscuous mode [ 46.341271][ T5940] hsr_slave_1: entered promiscuous mode [ 46.343880][ T5940] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.346258][ T5940] Cannot create hsr debugfs directory [ 46.348497][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.350792][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.360860][ T5941] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.504977][ T5941] hsr_slave_0: entered promiscuous mode [ 46.508532][ T5941] hsr_slave_1: entered promiscuous mode [ 46.510574][ T5941] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.512935][ T5941] Cannot create hsr debugfs directory [ 46.711891][ T5942] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 46.722958][ T5942] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 46.731557][ T5942] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 46.735804][ T5942] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 46.779463][ T5940] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 46.783899][ T5940] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 46.787966][ T5940] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 46.792018][ T5940] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 46.837905][ T5939] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 46.845829][ T5939] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 46.858785][ T5939] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 46.872697][ T5939] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 46.897499][ T5941] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 46.901630][ T5941] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 46.906051][ T5941] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 46.910591][ T5941] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 46.939114][ T5942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.963274][ T5942] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.969326][ T5940] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.976506][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.978907][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.998207][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.000471][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.006645][ T5940] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.020985][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.023310][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.027303][ T5304] Bluetooth: hci3: command tx timeout [ 47.030450][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.032703][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.037303][ T5304] Bluetooth: hci2: command tx timeout [ 47.037327][ T5954] Bluetooth: hci0: command tx timeout [ 47.037335][ T5957] Bluetooth: hci1: command tx timeout [ 47.073732][ T5939] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.087383][ T5941] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.101874][ T5939] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.112121][ T71] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.114679][ T71] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.121737][ T5941] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.128231][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.130500][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.138163][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.140445][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.147379][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.149618][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.178459][ T5942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.215912][ T5940] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.226023][ T5942] veth0_vlan: entered promiscuous mode [ 47.240219][ T5942] veth1_vlan: entered promiscuous mode [ 47.250509][ T5940] veth0_vlan: entered promiscuous mode [ 47.259692][ T5940] veth1_vlan: entered promiscuous mode [ 47.268701][ T5942] veth0_macvtap: entered promiscuous mode [ 47.281576][ T5942] veth1_macvtap: entered promiscuous mode [ 47.297423][ T5940] veth0_macvtap: entered promiscuous mode [ 47.304385][ T5940] veth1_macvtap: entered promiscuous mode [ 47.308364][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.312323][ T5939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.319598][ T5941] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.325618][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.332173][ T5942] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.334960][ T5942] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.338107][ T5942] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.340834][ T5942] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.356529][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.368170][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.373341][ T5940] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.376065][ T5940] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.378914][ T5940] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.381614][ T5940] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.404873][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.408365][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.437981][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.444462][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.451139][ T5939] veth0_vlan: entered promiscuous mode [ 47.454944][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.457252][ T5939] veth1_vlan: entered promiscuous mode [ 47.457744][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.460086][ T5941] veth0_vlan: entered promiscuous mode [ 47.480530][ T1163] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.480754][ T5941] veth1_vlan: entered promiscuous mode [ 47.483143][ T1163] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.491300][ T5942] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 47.498490][ T5939] veth0_macvtap: entered promiscuous mode [ 47.510286][ T5939] veth1_macvtap: entered promiscuous mode [ 47.514753][ T5941] veth0_macvtap: entered promiscuous mode [ 47.527688][ T5941] veth1_macvtap: entered promiscuous mode [ 47.539065][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.543414][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.553228][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.559746][ T5939] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.562583][ T5939] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.567763][ T5939] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.570535][ T5939] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.578300][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.583353][ T5941] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.586099][ T5941] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.589190][ T5941] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.591999][ T5941] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.639330][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.641815][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.673040][ T1163] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.675500][ T1163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.720527][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.722590][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.723006][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.728679][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.747093][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 47.767010][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 47.769681][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 48.627957][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 48.630534][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 48.687616][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 48.697070][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 48.878363][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 48.881507][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 48.884117][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.107301][ T5954] Bluetooth: hci1: command tx timeout [ 49.109094][ T5954] Bluetooth: hci0: command tx timeout [ 49.110849][ T5954] Bluetooth: hci2: command tx timeout [ 49.112554][ T5954] Bluetooth: hci3: command tx timeout [ 50.538618][ T6073] netlink: 'syz.0.12': attribute type 21 has an invalid length. [ 50.541078][ T6073] netlink: 'syz.0.12': attribute type 1 has an invalid length. [ 50.543487][ T6073] netlink: 144 bytes leftover after parsing attributes in process `syz.0.12'. [ 50.597020][ T6077] netlink: 4 bytes leftover after parsing attributes in process `syz.3.14'. [ 50.661421][ T6077] 8021q: adding VLAN 0 to HW filter on device team1 [ 51.187702][ T5957] Bluetooth: hci0: command tx timeout [ 51.187717][ T5949] Bluetooth: hci1: command tx timeout [ 51.188906][ T5304] Bluetooth: hci3: command tx timeout [ 51.188974][ T5954] Bluetooth: hci2: command tx timeout [ 52.460305][ T6113] binder: 6112:6113 ioctl c0306201 80000180 returned -14 [ 52.829473][ T6140] Driver unsupported XDP return value 0 on prog (id 9) dev N/A, expect packet loss! [ 52.862398][ T6142] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 53.267453][ T5949] Bluetooth: hci2: command tx timeout [ 53.267479][ T5957] Bluetooth: hci3: command tx timeout [ 53.276985][ T5957] Bluetooth: hci1: command tx timeout [ 53.277042][ T5949] Bluetooth: hci0: command tx timeout [ 53.577984][ T40] audit: type=1326 audit(1751209419.172:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6155 comm="syz.1.39" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x0 [ 53.690930][ T6164] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 53.696536][ T6164] xt_hashlimit: Unknown mode mask A802, kernel too old? [ 53.917943][ T6176] netlink: 216 bytes leftover after parsing attributes in process `syz.0.45'. [ 53.921324][ T6176] netlink: 24 bytes leftover after parsing attributes in process `syz.0.45'. [ 54.187537][ T53] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 54.291579][ T6200] 9pnet_virtio: no channels available for device syz [ 54.326861][ T53] usb 7-1: device descriptor read/64, error -71 [ 54.374806][ T6203] netlink: 8 bytes leftover after parsing attributes in process `syz.1.52'. [ 54.617208][ T53] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 54.831193][ T6211] netlink: 'syz.1.54': attribute type 1 has an invalid length. [ 54.886852][ T53] usb 7-1: device descriptor read/64, error -71 [ 54.997175][ T53] usb usb7-port1: attempt power cycle [ 55.180406][ T6218] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.183448][ T6218] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.236317][ T6218] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 55.243103][ T6218] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 55.305076][ T6218] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.308964][ T6218] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.311719][ T6218] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.314565][ T6218] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.347127][ T53] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 55.369205][ T53] usb 7-1: device descriptor read/8, error -71 [ 55.426561][ T6226] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.432153][ T6226] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.435203][ T6226] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.438422][ T6226] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.442154][ T6226] geneve2: entered promiscuous mode [ 55.443793][ T6226] geneve2: entered allmulticast mode [ 55.447297][ T6226] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.450078][ T6226] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.452818][ T6226] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.455786][ T6226] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.606842][ T53] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 55.628857][ T53] usb 7-1: device descriptor read/8, error -71 [ 55.738329][ T53] usb usb7-port1: unable to enumerate USB device [ 56.431682][ T6239] Zero length message leads to an empty skb [ 57.979008][ T6283] netlink: 48 bytes leftover after parsing attributes in process `syz.2.75'. [ 57.979620][ T6281] bridge_slave_0: left allmulticast mode [ 57.984298][ T6281] bridge_slave_0: left promiscuous mode [ 57.986268][ T6281] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.993429][ T6281] bridge_slave_1: left allmulticast mode [ 57.995247][ T6281] bridge_slave_1: left promiscuous mode [ 57.997245][ T6281] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.011811][ T6281] bond0: (slave bond_slave_0): Releasing backup interface [ 58.020918][ T6281] bond0: (slave bond_slave_1): Releasing backup interface [ 58.042039][ T6281] team0: Port device team_slave_0 removed [ 58.061726][ T6281] team0: Port device team_slave_1 removed [ 58.065139][ T6281] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 58.069116][ T6281] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 58.076040][ T6281] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 58.079617][ T6281] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 58.097934][ T6288] team0: Mode changed to "roundrobin" [ 58.127582][ T6281] vlan0: entered promiscuous mode [ 58.134380][ T6281] tipc: Started in network mode [ 58.136321][ T6281] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 58.138880][ T6281] tipc: Enabled bearer , priority 0 [ 58.153522][ T6293] netlink: 4768 bytes leftover after parsing attributes in process `syz.1.76'. [ 58.335537][ T60] IPVS: starting estimator thread 0... [ 58.437133][ T6310] IPVS: using max 43 ests per chain, 103200 per kthread [ 58.935605][ T6335] syzkaller0: entered promiscuous mode [ 58.938271][ T6335] syzkaller0: entered allmulticast mode [ 59.137834][ T4703] tipc: Node number set to 11578026 [ 59.377395][ T6319] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 59.381922][ T6319] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 59.393281][ T6319] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 59.395207][ T6319] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 59.433999][ T6319] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 59.436160][ T6319] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 59.465096][ T6319] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 59.467660][ T6319] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 60.594425][ T6413] netlink: 80 bytes leftover after parsing attributes in process `syz.2.105'. [ 60.676617][ T40] audit: type=1326 audit(1751209426.262:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6391 comm="syz.1.100" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x0 [ 60.813449][ T6419] xt_hashlimit: Unknown mode mask FF0F, kernel too old? [ 61.191246][ T6422] netlink: 'syz.3.106': attribute type 16 has an invalid length. [ 61.193799][ T6422] netlink: 'syz.3.106': attribute type 17 has an invalid length. [ 61.377848][ T6426] netlink: 'syz.3.107': attribute type 1 has an invalid length. [ 63.589582][ T6474] netlink: 'syz.0.120': attribute type 4 has an invalid length. [ 63.932844][ T53] IPVS: starting estimator thread 0... [ 64.038968][ T6484] IPVS: using max 44 ests per chain, 105600 per kthread [ 65.430709][ T6519] sctp: failed to load transform for md5: -2 [ 65.524573][ T6527] bridge_slave_0: left allmulticast mode [ 65.526445][ T6527] bridge_slave_0: left promiscuous mode [ 65.530440][ T6527] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.544393][ T6527] bridge_slave_1: left allmulticast mode [ 65.546157][ T6527] bridge_slave_1: left promiscuous mode [ 65.556940][ T6527] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.604172][ T6527] bond0: (slave bond_slave_0): Releasing backup interface [ 65.650878][ T6527] bond0: (slave bond_slave_1): Releasing backup interface [ 65.672628][ T6527] team0: Port device team_slave_0 removed [ 65.686221][ T6527] team0: Port device team_slave_1 removed [ 65.688476][ T6527] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 65.690798][ T6527] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 65.693867][ T6527] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 65.696233][ T6527] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 65.770281][ T6543] vlan0: entered promiscuous mode [ 65.857312][ T6536] team0: Mode changed to "roundrobin" [ 65.863697][ T6543] tipc: Started in network mode [ 65.865333][ T6543] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 65.868568][ T6543] tipc: Enabled bearer , priority 0 [ 66.228325][ T6556] netlink: 4 bytes leftover after parsing attributes in process `syz.1.138'. [ 66.232399][ T6556] netlink: 28 bytes leftover after parsing attributes in process `syz.1.138'. [ 66.485915][ T6561] netlink: 32 bytes leftover after parsing attributes in process `syz.1.139'. [ 66.488843][ T6561] netlink: 32 bytes leftover after parsing attributes in process `syz.1.139'. [ 66.534391][ T6561] netlink: 32 bytes leftover after parsing attributes in process `syz.1.139'. [ 66.537520][ T6561] netlink: 32 bytes leftover after parsing attributes in process `syz.1.139'. [ 66.717659][ T6561] netlink: 32 bytes leftover after parsing attributes in process `syz.1.139'. [ 66.720470][ T6561] netlink: 32 bytes leftover after parsing attributes in process `syz.1.139'. [ 66.877669][ T53] tipc: Node number set to 11578026 [ 66.886518][ T6583] binder: 6582:6583 unknown command 0 [ 66.888330][ T6580] nbd: must specify an index to disconnect [ 66.892348][ T6583] binder: 6582:6583 ioctl c0306201 80000180 returned -22 [ 67.041532][ T6592] netlink: 'syz.2.144': attribute type 1 has an invalid length. [ 67.065667][ T6592] bond1: entered promiscuous mode [ 67.067784][ T6592] 8021q: adding VLAN 0 to HW filter on device bond1 [ 67.133488][ T6565] Process accounting resumed [ 67.328329][ T6617] ======================================================= [ 67.328329][ T6617] WARNING: The mand mount option has been deprecated and [ 67.328329][ T6617] and is ignored by this kernel. Remove the mand [ 67.328329][ T6617] option from the mount to silence this warning. [ 67.328329][ T6617] ======================================================= [ 67.335753][ T6592] bond1: (slave veth3): making interface the new active one [ 67.342147][ T6592] veth3: entered promiscuous mode [ 67.353657][ T6592] bond1: (slave veth3): Enslaving as an active interface with an up link [ 67.594897][ T6631] loop2: detected capacity change from 0 to 7 [ 67.602903][ T6631] Dev loop2: unable to read RDB block 7 [ 67.604772][ T6631] loop2: unable to read partition table [ 67.606687][ T6631] loop2: partition table beyond EOD, truncated [ 67.608706][ T6631] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 67.614184][ T6631] netlink: 8 bytes leftover after parsing attributes in process `syz.2.153'. [ 67.617061][ T6631] netlink: 12 bytes leftover after parsing attributes in process `syz.2.153'. [ 67.665024][ T40] audit: type=1800 audit(1751209433.252:4): pid=6631 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.2.153" name="/newroot/36/file0" dev="tmpfs" ino=217 res=0 errno=0 [ 67.747605][ T6639] can0: slcan on ptm0. [ 67.871673][ T6650] netlink: 'syz.2.158': attribute type 1 has an invalid length. [ 67.911274][ T6650] bond2: entered promiscuous mode [ 67.913973][ T6650] 8021q: adding VLAN 0 to HW filter on device bond2 [ 67.976526][ T6650] bond2: (slave veth5): making interface the new active one [ 67.978955][ T6650] veth5: entered promiscuous mode [ 67.982303][ T6650] bond2: (slave veth5): Enslaving as an active interface with an up link [ 69.248260][ T6638] can0 (unregistered): slcan off ptm0. [ 69.326058][ T40] audit: type=1326 audit(1751209434.912:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6674 comm="syz.2.167" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7ff1579 code=0x0 [ 69.453920][ T6695] xt_hashlimit: Unknown mode mask FF80, kernel too old? [ 70.383220][ T6707] 9pnet_virtio: no channels available for device syz [ 70.392888][ T6708] Cannot find del_set index 3 as target [ 70.783204][ T6720] 9pnet_virtio: no channels available for device syz [ 70.791299][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.793523][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.309392][ T6727] __nla_validate_parse: 4 callbacks suppressed [ 71.309404][ T6727] netlink: 8 bytes leftover after parsing attributes in process `syz.1.181'. [ 71.314380][ T6727] netlink: 36 bytes leftover after parsing attributes in process `syz.1.181'. [ 71.592640][ T6740] bridge_slave_0: left allmulticast mode [ 71.594535][ T6740] bridge_slave_0: left promiscuous mode [ 71.596401][ T6740] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.600886][ T6740] bridge_slave_1: left allmulticast mode [ 71.602733][ T6740] bridge_slave_1: left promiscuous mode [ 71.604590][ T6740] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.610479][ T6740] bond0: (slave bond_slave_0): Releasing backup interface [ 71.615071][ T6740] bond0: (slave bond_slave_1): Releasing backup interface [ 71.629856][ T6740] team0: Port device team_slave_0 removed [ 71.634162][ T6740] team0: Port device team_slave_1 removed [ 71.636334][ T6740] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 71.640242][ T6740] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 71.643405][ T6740] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 71.645745][ T6740] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 71.686687][ T6740] team0: Mode changed to "roundrobin" [ 71.690501][ T6740] vlan0: entered promiscuous mode [ 71.694751][ T6740] tipc: Started in network mode [ 71.696412][ T6740] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 71.699592][ T6740] tipc: Enabled bearer , priority 0 [ 71.732803][ T6748] syz.3.186 (6748) used greatest stack depth: 20680 bytes left [ 71.789697][ T6753] netlink: 4 bytes leftover after parsing attributes in process `syz.3.187'. [ 72.696932][ T6187] tipc: Node number set to 11578026 [ 73.614995][ T6778] netlink: 596 bytes leftover after parsing attributes in process `syz.1.185'. [ 73.895963][ T6780] process 'syz.2.195' launched './file0' with NULL argv: empty string added [ 74.093491][ T6790] netlink: 'syz.1.201': attribute type 1 has an invalid length. [ 74.400108][ T6809] netlink: 44 bytes leftover after parsing attributes in process `syz.2.204'. [ 75.365233][ T6826] tipc: Enabled bearer , priority 10 [ 76.587263][ T6848] capability: warning: `syz.1.218' uses deprecated v2 capabilities in a way that may be insecure [ 76.589285][ T6856] overlay: Unknown parameter 'audit' [ 76.871763][ T6866] netlink: 'syz.3.223': attribute type 1 has an invalid length. [ 76.874394][ T6866] netlink: 224 bytes leftover after parsing attributes in process `syz.3.223'. [ 76.925497][ T6871] netlink: 8 bytes leftover after parsing attributes in process `syz.3.224'. [ 76.929907][ T6871] netlink: 36 bytes leftover after parsing attributes in process `syz.3.224'. [ 77.021587][ T6875] vlan2: entered allmulticast mode [ 77.023294][ T6875] bond0: entered allmulticast mode [ 77.107463][ T6878] tipc: Resetting bearer [ 77.165988][ T6878] team0: Unable to change to the same mode the team is in [ 77.170278][ T6878] tipc: Enabling of bearer rejected, already enabled [ 77.444291][ T6896] netlink: 'syz.3.234': attribute type 2 has an invalid length. [ 77.446698][ T6896] netlink: 88 bytes leftover after parsing attributes in process `syz.3.234'. [ 77.449597][ T6896] netlink: 'syz.3.234': attribute type 1 has an invalid length. [ 77.452024][ T6896] netlink: 'syz.3.234': attribute type 2 has an invalid length. [ 77.495775][ T6896] syz.3.234 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 77.791392][ T6914] netlink: 8 bytes leftover after parsing attributes in process `syz.3.240'. [ 79.000854][ T6951] netlink: 44 bytes leftover after parsing attributes in process `syz.1.253'. [ 79.012409][ T6951] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 80.626990][ T6968] syzkaller1: entered promiscuous mode [ 80.628809][ T6968] syzkaller1: entered allmulticast mode [ 80.631942][ T6968] program syz.1.257 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 80.636212][ T6968] nfs: Unknown parameter 'ntext' [ 81.037818][ T10] cfg80211: failed to load regulatory.db [ 81.211815][ T6996] netlink: 36 bytes leftover after parsing attributes in process `syz.1.266'. [ 81.653978][ T7029] syz.2.277 uses obsolete (PF_INET,SOCK_PACKET) [ 85.677803][ T7130] netlink: 80 bytes leftover after parsing attributes in process `syz.0.307'. [ 85.900186][ T7136] netlink: 'syz.1.310': attribute type 5 has an invalid length. [ 85.905820][ T7136] ip6erspan0: entered promiscuous mode [ 87.120711][ T40] audit: type=1326 audit(1751209452.712:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7160 comm="syz.1.318" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x0 [ 87.245977][ T7167] xt_hashlimit: Unknown mode mask 1000000, kernel too old? [ 87.530391][ T7169] binder_alloc: 7168: binder_alloc_buf, no vma [ 87.625967][ T7171] netlink: 28 bytes leftover after parsing attributes in process `syz.0.322'. [ 87.839670][ T7185] netlink: 216 bytes leftover after parsing attributes in process `syz.1.326'. [ 87.842621][ T7185] netlink: 24 bytes leftover after parsing attributes in process `syz.1.326'. [ 87.889709][ T7192] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.328'. [ 88.001030][ T40] audit: type=1804 audit(1751209453.592:7): pid=7202 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.329" name="/newroot/94/bus/bus" dev="overlay" ino=539 res=1 errno=0 [ 88.159772][ T6187] IPVS: starting estimator thread 0... [ 88.256849][ T7217] IPVS: using max 44 ests per chain, 105600 per kthread [ 88.492195][ T7227] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.339'. [ 88.889697][ T6010] kernel write not supported for file /media3 (pid: 6010 comm: kworker/2:3) [ 89.046908][ T10] usb 7-1: new full-speed USB device number 6 using dummy_hcd [ 89.199749][ T10] usb 7-1: not running at top speed; connect to a high speed hub [ 89.203318][ T10] usb 7-1: config 9 has an invalid interface number: 249 but max is 3 [ 89.205985][ T10] usb 7-1: config 9 has an invalid interface number: 64 but max is 3 [ 89.208757][ T10] usb 7-1: config 9 has an invalid interface number: 107 but max is 3 [ 89.211762][ T10] usb 7-1: config 9 has an invalid interface number: 20 but max is 3 [ 89.214264][ T10] usb 7-1: config 9 has an invalid interface number: 226 but max is 3 [ 89.217052][ T10] usb 7-1: config 9 contains an unexpected descriptor of type 0x1, skipping [ 89.219935][ T10] usb 7-1: config 9 has 5 interfaces, different from the descriptor's value: 4 [ 89.222709][ T10] usb 7-1: config 9 has no interface number 0 [ 89.224652][ T10] usb 7-1: config 9 has no interface number 1 [ 89.226570][ T10] usb 7-1: config 9 has no interface number 2 [ 89.228998][ T10] usb 7-1: config 9 has no interface number 3 [ 89.231038][ T10] usb 7-1: config 9 has no interface number 4 [ 89.232998][ T10] usb 7-1: config 9 interface 107 altsetting 9 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 89.236336][ T10] usb 7-1: config 9 interface 107 altsetting 9 endpoint 0x5 has invalid maxpacket 1023, setting to 64 [ 89.239957][ T10] usb 7-1: config 9 interface 107 altsetting 9 has 5 endpoint descriptors, different from the interface descriptor's value: 7 [ 89.244086][ T10] usb 7-1: too many endpoints for config 9 interface 20 altsetting 89: 184, using maximum allowed: 30 [ 89.247929][ T10] usb 7-1: config 9 interface 20 altsetting 89 has a duplicate endpoint with address 0x5, skipping [ 89.251368][ T10] usb 7-1: config 9 interface 20 altsetting 89 has 2 endpoint descriptors, different from the interface descriptor's value: 184 [ 89.255398][ T10] usb 7-1: config 9 interface 226 altsetting 2 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 89.259016][ T10] usb 7-1: config 9 interface 226 altsetting 2 has a duplicate endpoint with address 0x3, skipping [ 89.262382][ T10] usb 7-1: config 9 interface 226 altsetting 2 has a duplicate endpoint with address 0x2, skipping [ 89.265696][ T10] usb 7-1: config 9 interface 226 altsetting 2 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 89.270172][ T10] usb 7-1: config 9 interface 226 altsetting 2 has a duplicate endpoint with address 0x9, skipping [ 89.275361][ T10] usb 7-1: config 9 interface 226 altsetting 2 endpoint 0x1 has invalid maxpacket 1023, setting to 64 [ 89.279489][ T10] usb 7-1: config 9 interface 226 altsetting 2 has a duplicate endpoint with address 0xD, skipping [ 89.282870][ T10] usb 7-1: config 9 interface 249 has no altsetting 0 [ 89.285008][ T10] usb 7-1: config 9 interface 64 has no altsetting 0 [ 89.287397][ T10] usb 7-1: config 9 interface 107 has no altsetting 0 [ 89.289789][ T10] usb 7-1: config 9 interface 20 has no altsetting 0 [ 89.291932][ T10] usb 7-1: config 9 interface 226 has no altsetting 0 [ 89.296098][ T10] usb 7-1: Dual-Role OTG device on HNP port [ 89.298587][ T10] usb 7-1: New USB device found, idVendor=0413, idProduct=6026, bcdDevice=1f.aa [ 89.301452][ T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.303937][ T10] usb 7-1: Product: זּ濝鎖珩팛뫷Ⳇ荁Ǟ怎탧쥫㑭⽕奌牪꣟罨愊쒺窉ꔓ矠횼翁殮郛⟠ [ 89.307668][ T10] usb 7-1: Manufacturer: ␊ [ 89.309095][ T10] usb 7-1: SerialNumber: 鵽鍞坨㬮䱳詽쨜枟⽇炍仫飠탰㷃菑疈躾襪啷䏽呁酀⺃ᣯ䶃友뗭晴Ꚍꖮ拖嶱ⶼᏽ₂䝍觍⠼㛫涽빦뱊푟뗟館㝖籴鈒駗搽褝濁嗨㐚썸쀲痑紱埫뢀ᾮ嚁兾⺃䢾偲᛽챔픸栜熼ᇥ次㑱ꭸ茺뾘쵎痓乾ꮬ䒀項㯺뢾拣羑꾭欿짠땿춥꬏宄掫ᑲ絵䑅ꄞ픪 [ 89.321065][ T10] usb 7-1: rejected 1 configuration due to insufficient available bus power [ 89.324057][ T10] usb 7-1: no configuration chosen from 1 choice [ 89.717551][ T7258] geneve2: entered promiscuous mode [ 89.719772][ T7258] geneve2: entered allmulticast mode [ 89.836116][ T7264] netlink: 4 bytes leftover after parsing attributes in process `syz.0.352'. [ 89.891544][ T7264] netlink: 4 bytes leftover after parsing attributes in process `syz.0.352'. [ 90.035301][ T7272] tipc: Enabled bearer , priority 10 [ 90.150581][ T7279] netlink: 68 bytes leftover after parsing attributes in process `syz.3.357'. [ 90.235877][ T7286] tipc: Enabling of bearer rejected, failed to enable media [ 90.408503][ T7295] netlink: 8 bytes leftover after parsing attributes in process `syz.3.362'. [ 90.625421][ T7316] XFS (nullb0): Invalid superblock magic number [ 90.926148][ T7332] FAT-fs (nullb0): bogus number of reserved sectors [ 90.928356][ T7332] FAT-fs (nullb0): Can't find a valid FAT filesystem [ 91.112049][ T7336] __nla_validate_parse: 1 callbacks suppressed [ 91.112094][ T7336] netlink: 80 bytes leftover after parsing attributes in process `syz.3.375'. [ 91.367752][ T10] usb 7-1: USB disconnect, device number 6 [ 91.425974][ T7341] netlink: 8 bytes leftover after parsing attributes in process `syz.0.377'. [ 91.874374][ T7363] netlink: 8 bytes leftover after parsing attributes in process `syz.3.383'. [ 92.186334][ T7377] binder: 7376:7377 ioctl c0306201 80000080 returned -14 [ 92.609490][ T7401] netlink: 'syz.1.398': attribute type 1 has an invalid length. [ 92.871116][ T7413] veth0_to_hsr: entered promiscuous mode [ 92.873318][ T7413] netlink: 4 bytes leftover after parsing attributes in process `syz.2.401'. [ 92.905707][ T7413] veth0_to_hsr (unregistering): left promiscuous mode [ 92.936560][ T7413] hsr_slave_0 (unregistering): left promiscuous mode [ 94.003204][ T7427] netlink: 16 bytes leftover after parsing attributes in process `syz.1.405'. [ 94.448810][ T7436] cgroup: fork rejected by pids controller in /syz2 [ 95.001393][ T7550] tipc: Started in network mode [ 95.003384][ T7550] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711 [ 95.007750][ T7550] tipc: Enabling of bearer rejected, failed to enable media [ 95.047836][ T5954] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 95.051871][ T5954] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 95.057285][ T5954] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 95.060565][ T5954] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 95.063089][ T5954] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 95.070168][ T5949] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 95.077815][ T5949] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 95.081364][ T5949] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 95.085024][ T5949] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 95.088618][ T5949] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 95.170430][ T7562] netlink: 'syz.3.416': attribute type 1 has an invalid length. [ 95.230733][ T7562] bond2: entered promiscuous mode [ 95.233383][ T7562] 8021q: adding VLAN 0 to HW filter on device bond2 [ 95.457814][ T7552] chnl_net:caif_netlink_parms(): no params data found [ 95.475636][ T7571] netlink: 44 bytes leftover after parsing attributes in process `syz.0.418'. [ 95.478867][ T7571] netlink: 43 bytes leftover after parsing attributes in process `syz.0.418'. [ 95.481601][ T7571] netlink: 'syz.0.418': attribute type 6 has an invalid length. [ 95.483966][ T7571] netlink: 'syz.0.418': attribute type 5 has an invalid length. [ 95.486501][ T7571] netlink: 43 bytes leftover after parsing attributes in process `syz.0.418'. [ 95.668204][ T7552] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.671419][ T7552] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.673926][ T7552] bridge_slave_0: entered allmulticast mode [ 95.680730][ T7552] bridge_slave_0: entered promiscuous mode [ 95.685583][ T7552] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.689272][ T7552] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.692321][ T7552] bridge_slave_1: entered allmulticast mode [ 95.696284][ T7552] bridge_slave_1: entered promiscuous mode [ 95.770759][ T7552] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.775628][ T7552] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.822931][ T7552] team0: Port device team_slave_0 added [ 95.839463][ T7552] team0: Port device team_slave_1 added [ 95.894352][ T7552] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.896499][ T7552] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.914163][ T7552] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.930755][ T7552] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.946904][ T7552] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.958344][ T7552] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.098406][ T7593] netlink: 8 bytes leftover after parsing attributes in process `syz.1.425'. [ 96.147042][ T7552] hsr_slave_0: entered promiscuous mode [ 96.151403][ T7552] hsr_slave_1: entered promiscuous mode [ 96.155728][ T7552] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 96.160021][ T7552] Cannot create hsr debugfs directory [ 96.297509][ T7552] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.364484][ T7552] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.406200][ T7552] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.482187][ T7552] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.577562][ T7552] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 96.587334][ T7552] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 96.592243][ T7552] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 96.598539][ T7552] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 96.625353][ T6187] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 96.638683][ T7552] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.650761][ T7552] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.655551][ T71] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.657792][ T71] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.664985][ T7619] netlink: 4 bytes leftover after parsing attributes in process `syz.0.440'. [ 96.669827][ T7619] netlink: 4 bytes leftover after parsing attributes in process `syz.0.440'. [ 96.673863][ T7619] netlink: 4 bytes leftover after parsing attributes in process `syz.0.440'. [ 96.680270][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.682463][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.794551][ T7635] netlink: 80 bytes leftover after parsing attributes in process `syz.0.432'. [ 96.794584][ T6187] usb 6-1: device descriptor read/64, error -71 [ 96.930021][ T7552] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.107890][ T5949] Bluetooth: hci3: command tx timeout [ 97.263961][ T7552] veth0_vlan: entered promiscuous mode [ 97.282195][ T7552] veth1_vlan: entered promiscuous mode [ 97.365195][ T7552] veth0_macvtap: entered promiscuous mode [ 97.371090][ T7552] veth1_macvtap: entered promiscuous mode [ 97.381766][ T7552] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.387683][ T7552] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.392101][ T7552] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.394824][ T7552] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.398376][ T7552] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.401228][ T7552] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.444003][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.446467][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.464125][ T1163] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.466873][ T1163] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.561127][ T7642] netlink: 24 bytes leftover after parsing attributes in process `syz.3.433'. [ 97.563973][ T7642] netlink: 24 bytes leftover after parsing attributes in process `syz.3.433'. [ 97.569370][ T7644] netlink: 8 bytes leftover after parsing attributes in process `syz.2.434'. [ 97.806903][ T6187] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 97.946888][ T6187] usb 6-1: device descriptor read/64, error -71 [ 98.057137][ T6187] usb usb6-port1: attempt power cycle [ 98.385139][ T7662] tipc: Resetting bearer [ 98.417250][ T6187] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 98.444509][ T6187] usb 6-1: device descriptor read/8, error -71 [ 98.447541][ T7662] team0: Unable to change to the same mode the team is in [ 98.450676][ T7662] tipc: Enabling of bearer rejected, already enabled [ 98.481204][ T7666] netlink: 'syz.3.443': attribute type 1 has an invalid length. [ 98.514283][ T7666] 8021q: adding VLAN 0 to HW filter on device bond3 [ 98.536075][ T7666] bond3: (slave veth0_to_bond): Enslaving as an active interface with a down link [ 98.654261][ T7673] netlink: 'syz.0.445': attribute type 1 has an invalid length. [ 98.687011][ T6187] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 98.708357][ T6187] usb 6-1: device descriptor read/8, error -71 [ 98.724931][ T7677] netlink: 216 bytes leftover after parsing attributes in process `syz.0.447'. [ 98.729606][ T7677] netlink: 24 bytes leftover after parsing attributes in process `syz.0.447'. [ 98.827611][ T6187] usb usb6-port1: unable to enumerate USB device [ 99.187280][ T5949] Bluetooth: hci3: command tx timeout [ 99.508242][ T7693] netlink: 4 bytes leftover after parsing attributes in process `syz.0.452'. [ 100.714565][ T7728] tipc: Enabled bearer , priority 10 [ 100.878167][ T40] audit: type=1326 audit(1751209466.462:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7721 comm="syz.1.458" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x0 [ 101.088416][ T7746] xt_hashlimit: Unknown mode mask 3000000, kernel too old? [ 101.267416][ T5949] Bluetooth: hci3: command tx timeout [ 102.404083][ T7772] __nla_validate_parse: 1 callbacks suppressed [ 102.404093][ T7772] netlink: 8 bytes leftover after parsing attributes in process `syz.1.470'. [ 103.346875][ T5949] Bluetooth: hci3: command tx timeout [ 104.242737][ T7807] netlink: 'syz.2.480': attribute type 21 has an invalid length. [ 104.245223][ T7807] netlink: 'syz.2.480': attribute type 1 has an invalid length. [ 104.248481][ T7807] netlink: 144 bytes leftover after parsing attributes in process `syz.2.480'. [ 105.709186][ T7835] 9pnet_virtio: no channels available for device ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 106.626997][ T5954] Bluetooth: hci3: command 0x0405 tx timeout [ 106.630185][ T7815] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 106.632632][ T7815] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 106.640307][ T7815] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 106.800962][ T7845] netlink: 4 bytes leftover after parsing attributes in process `syz.1.492'. [ 106.811447][ T7845] 8021q: adding VLAN 0 to HW filter on device team1 [ 106.995904][ T7855] overlayfs: missing 'lowerdir' [ 107.165682][ T7855] netlink: 4 bytes leftover after parsing attributes in process `syz.1.495'. [ 107.171354][ T7855] netlink: 4 bytes leftover after parsing attributes in process `syz.1.495'. [ 108.568842][ T7876] kAFS: No cell specified [ 108.706924][ T5949] Bluetooth: hci3: command 0x0405 tx timeout [ 109.160562][ T7889] netlink: 'syz.1.504': attribute type 1 has an invalid length. [ 109.174231][ T7889] 8021q: adding VLAN 0 to HW filter on device bond1 [ 109.209077][ T7889] 8021q: adding VLAN 0 to HW filter on device bond1 [ 109.211416][ T7889] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 109.215312][ T7889] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 110.401128][ T7917] netlink: 8 bytes leftover after parsing attributes in process `syz.0.512'. [ 110.733826][ T7933] netlink: 'syz.0.519': attribute type 4 has an invalid length. [ 110.736367][ T7933] netlink: 152 bytes leftover after parsing attributes in process `syz.0.519'. [ 110.742590][ T7933] : renamed from bond0 (while UP) [ 110.799803][ T5949] Bluetooth: hci3: command 0x0405 tx timeout [ 111.880666][ T7994] tipc: Resetting bearer [ 111.885912][ T7994] bond3: (slave veth0_to_bond): Releasing active interface [ 111.956365][ T8001] team0: Unable to change to the same mode the team is in [ 111.960220][ T8001] tipc: Enabling of bearer rejected, already enabled [ 112.043195][ T8004] netlink: 84 bytes leftover after parsing attributes in process `syz.3.535'. [ 112.177725][ T40] audit: type=1326 audit(1751209477.772:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7998 comm="syz.1.534" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x0 [ 112.291722][ T8012] xt_hashlimit: Unknown mode mask 4000000, kernel too old? [ 112.867524][ T5949] Bluetooth: hci3: command 0x0405 tx timeout [ 113.679382][ T40] audit: type=1326 audit(1751209479.272:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8025 comm="syz.0.543" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x0 [ 113.789019][ T8034] xt_hashlimit: Unknown mode mask A802, kernel too old? [ 114.074512][ T8043] tipc: Enabling of bearer rejected, already enabled [ 114.228352][ T8055] netlink: 'syz.2.552': attribute type 1 has an invalid length. [ 114.316943][ T8055] bond1: entered promiscuous mode [ 114.319748][ T8055] 8021q: adding VLAN 0 to HW filter on device bond1 [ 114.361191][ T8059] bond1: (slave veth3): making interface the new active one [ 114.364558][ T8059] veth3: entered promiscuous mode [ 114.369761][ T8059] bond1: (slave veth3): Enslaving as an active interface with an up link [ 116.008349][ T8099] syz_tun: entered allmulticast mode [ 116.085935][ T40] audit: type=1326 audit(1751209481.672:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8081 comm="syz.2.563" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x0 [ 116.260928][ T8107] xt_hashlimit: Unknown mode mask A802, kernel too old? [ 116.513850][ T8113] all: renamed from lo [ 116.573282][ T8115] loop6: detected capacity change from 0 to 524287999 [ 116.640611][ T6078] Buffer I/O error on dev loop6, logical block 65535998, async page read [ 117.822616][ T8165] netlink: 'syz.2.590': attribute type 1 has an invalid length. [ 118.167277][ T8184] netlink: 12 bytes leftover after parsing attributes in process `syz.2.597'. [ 119.074386][ T8211] netlink: 216 bytes leftover after parsing attributes in process `syz.1.604'. [ 119.079162][ T8211] netlink: 24 bytes leftover after parsing attributes in process `syz.1.604'. [ 119.644360][ T8234] geneve2: entered promiscuous mode [ 119.646227][ T8234] geneve2: entered allmulticast mode [ 119.770136][ T8203] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 119.777302][ T8203] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 120.204805][ T8248] binder: 8247:8248 ioctl 7a7 80000000 returned -22 [ 120.827759][ T8263] netlink: 'syz.1.619': attribute type 4 has an invalid length. [ 121.378856][ T8277] netlink: 80 bytes leftover after parsing attributes in process `syz.3.623'. [ 122.485397][ T8290] netlink: 80 bytes leftover after parsing attributes in process `syz.1.628'. [ 123.448700][ T8308] binder: 8304:8308 ioctl 7a7 80000000 returned -22 [ 123.500793][ T8314] netlink: 80 bytes leftover after parsing attributes in process `syz.1.632'. [ 123.994898][ T8311] netlink: 'syz.3.634': attribute type 1 has an invalid length. [ 124.051140][ T8311] bond4: entered promiscuous mode [ 124.067182][ T8311] 8021q: adding VLAN 0 to HW filter on device bond4 [ 124.166185][ T8318] bond4: (slave veth5): making interface the new active one [ 124.181312][ T8318] veth5: entered promiscuous mode [ 124.214072][ T8318] bond4: (slave veth5): Enslaving as an active interface with an up link [ 124.546572][ T8325] infiniband syz1: set active [ 124.548809][ T8325] infiniband syz1: added syz_tun [ 124.592318][ T8325] RDS/IB: syz1: added [ 124.593907][ T8325] smc: adding ib device syz1 with port count 1 [ 124.597883][ T8325] smc: ib device syz1 port 1 has pnetid [ 125.635730][ T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 125.849942][ T10] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 125.853108][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.870043][ T10] usb 5-1: config 0 descriptor?? [ 126.337077][ T8387] netlink: 8 bytes leftover after parsing attributes in process `syz.1.655'. [ 126.461658][ T8391] loop9: detected capacity change from 0 to 7 [ 126.464904][ T6078] Buffer I/O error on dev loop9, logical block 0, async page read [ 126.467990][ T6078] Buffer I/O error on dev loop9, logical block 0, async page read [ 126.470961][ T6078] Buffer I/O error on dev loop9, logical block 0, async page read [ 126.474181][ T6078] Buffer I/O error on dev loop9, logical block 0, async page read [ 126.477635][ T6078] Buffer I/O error on dev loop9, logical block 0, async page read [ 126.480139][ T6078] Buffer I/O error on dev loop9, logical block 0, async page read [ 126.482702][ T6078] Buffer I/O error on dev loop9, logical block 0, async page read [ 126.485132][ T6078] ldm_validate_partition_table(): Disk read failed. [ 126.487643][ T6078] Buffer I/O error on dev loop9, logical block 0, async page read [ 126.490254][ T6078] Buffer I/O error on dev loop9, logical block 0, async page read [ 126.493476][ T6078] Buffer I/O error on dev loop9, logical block 0, async page read [ 126.496408][ T6078] Dev loop9: unable to read RDB block 0 [ 126.498365][ T6078] loop9: unable to read partition table [ 126.500629][ T6078] loop9: partition table beyond EOD, truncated [ 126.578254][ T8398] netlink: 12 bytes leftover after parsing attributes in process `syz.3.659'. [ 126.843150][ T10] ath6kl: Failed to submit usb control message: -71 [ 126.845249][ T10] ath6kl: unable to send the bmi data to the device: -71 [ 126.847532][ T10] ath6kl: Unable to send get target info: -71 [ 126.851465][ T10] ath6kl: Failed to init ath6kl core: -71 [ 126.855880][ T10] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 126.860886][ T10] usb 5-1: USB disconnect, device number 2 [ 126.873066][ T8391] ldm_validate_partition_table(): Disk read failed. [ 126.875397][ T8391] Dev loop9: unable to read RDB block 0 [ 126.878656][ T8391] loop9: unable to read partition table [ 126.881373][ T8391] loop9: partition table beyond EOD, truncated [ 126.883418][ T8391] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 126.883418][ T8391] ) failed (rc=-5) [ 127.218157][ T8425] netlink: 216 bytes leftover after parsing attributes in process `syz.2.669'. [ 127.221229][ T8425] netlink: 'syz.2.669': attribute type 10 has an invalid length. [ 127.223702][ T8425] netlink: 24 bytes leftover after parsing attributes in process `syz.2.669'. [ 127.229001][ T8425] netlink: 16 bytes leftover after parsing attributes in process `syz.2.669'. [ 127.337309][ T8429] [ 127.452530][ T8438] Bluetooth: MGMT ver 1.23 [ 127.455509][ T8438] Bluetooth: hci0: load_link_keys: too big key_count value 28530 [ 127.457255][ T8432] could not allocate digest TFM handle mcryptd(blake2s-256-arm) [ 128.167519][ T8454] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.170398][ T8454] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.173051][ T8454] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.175710][ T8454] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.179343][ T8454] geneve2: entered promiscuous mode [ 128.181056][ T8454] geneve2: entered allmulticast mode [ 128.183982][ T8454] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.186695][ T8454] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.189589][ T8454] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.192230][ T8454] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.376693][ T8461] netlink: 80 bytes leftover after parsing attributes in process `syz.1.678'. [ 128.466820][ T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 128.727698][ T9] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 128.731274][ T9] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 128.734182][ T9] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 128.758797][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.811615][ T8457] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 128.821518][ T9] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 129.188805][ T8471] netlink: 8 bytes leftover after parsing attributes in process `syz.2.681'. [ 129.191541][ T8471] netlink: 36 bytes leftover after parsing attributes in process `syz.2.681'. [ 129.295935][ T8458] netlink: 'syz.0.677': attribute type 18 has an invalid length. [ 129.298471][ T8458] netlink: 8 bytes leftover after parsing attributes in process `syz.0.677'. [ 129.301516][ T8468] netlink: 'syz.0.677': attribute type 18 has an invalid length. [ 129.304650][ T8468] netlink: 8 bytes leftover after parsing attributes in process `syz.0.677'. [ 129.526070][ T6032] usb 5-1: USB disconnect, device number 3 [ 129.682940][ T8493] tipc: Started in network mode [ 129.684894][ T8493] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711 [ 129.689180][ T8493] tipc: Enabled bearer , priority 10 [ 130.574471][ T8531] netlink: 'syz.3.700': attribute type 1 has an invalid length. [ 130.602558][ T8533] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 130.778469][ T8531] bond5: entered promiscuous mode [ 130.780318][ T8531] 8021q: adding VLAN 0 to HW filter on device bond5 [ 130.816877][ T53] tipc: Node number set to 4269801488 [ 130.844061][ T8535] bond5: (slave veth7): making interface the new active one [ 130.846570][ T8535] veth7: entered promiscuous mode [ 130.848764][ T8535] bond5: (slave veth7): Enslaving as an active interface with an up link [ 131.016467][ T8537] netlink: 4 bytes leftover after parsing attributes in process `syz.0.701'. [ 131.389344][ T8556] netlink: 'syz.2.705': attribute type 2 has an invalid length. [ 131.392715][ T8556] netlink: 88 bytes leftover after parsing attributes in process `syz.2.705'. [ 131.395441][ T8556] netlink: 'syz.2.705': attribute type 1 has an invalid length. [ 131.452431][ T8556] netlink: 'syz.2.705': attribute type 2 has an invalid length. [ 132.230750][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.232645][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.343748][ T8577] blktrace: Concurrent blktraces are not allowed on sg0 [ 132.442083][ T8584] 9pnet_virtio: no channels available for device syz [ 132.952097][ T8588] netlink: 8 bytes leftover after parsing attributes in process `syz.3.715'. [ 133.083395][ T8593] 9pnet_virtio: no channels available for device syz [ 134.054174][ T8620] ptrace attach of "/syz-executor exec"[8621] was attempted by "/syz-executor exec"[8620] [ 134.107543][ T40] audit: type=1800 audit(1751209728.701:12): pid=8623 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.726" name="bus" dev="overlay" ino=852 res=0 errno=0 [ 134.108667][ T8623] netlink: 28 bytes leftover after parsing attributes in process `syz.0.726'. [ 134.373000][ T8639] geneve2: entered promiscuous mode [ 134.375046][ T8639] geneve2: entered allmulticast mode [ 135.055730][ T8653] bridge_slave_0: left allmulticast mode [ 135.058947][ T8653] bridge_slave_0: left promiscuous mode [ 135.060783][ T8653] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.064927][ T8653] bridge_slave_1: left allmulticast mode [ 135.066687][ T8653] bridge_slave_1: left promiscuous mode [ 135.068826][ T8653] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.072932][ T8653] bond0: (slave bond_slave_0): Releasing backup interface [ 135.076213][ T8653] bond0: (slave bond_slave_1): Releasing backup interface [ 135.083913][ T8653] team0: Port device team_slave_0 removed [ 135.087010][ T8653] team0: Port device team_slave_1 removed [ 135.088934][ T8653] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 135.091538][ T8653] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 135.135628][ T8653] team0: Mode changed to "roundrobin" [ 135.149521][ T8653] vlan0: entered promiscuous mode [ 135.152803][ T8653] tipc: Enabled bearer , priority 0 [ 136.156904][ T9] tipc: Node number set to 4269801488 [ 136.203079][ T8684] fuse: Unknown parameter 'grYC$[#bl00000000000000000000' [ 136.479338][ T8697] tipc: Enabling of bearer rejected, failed to enable media [ 136.797057][ T4703] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 136.861692][ T40] audit: type=1326 audit(1751209731.451:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8710 comm="syz.2.753" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x0 [ 136.966883][ T4703] usb 6-1: Using ep0 maxpacket: 8 [ 136.979662][ T4703] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 136.989032][ T8714] xt_hashlimit: Unknown mode mask 1D000000, kernel too old? [ 136.993362][ T4703] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 136.996662][ T4703] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 137.000015][ T4703] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 137.005646][ T4703] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 137.011156][ T4703] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 137.014159][ T4703] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.238388][ T4703] usb 6-1: usb_control_msg returned -32 [ 137.241340][ T4703] usbtmc 6-1:16.0: can't read capabilities [ 137.591856][ T8736] usbtmc 6-1:16.0: usb_control_msg returned -32 [ 137.831941][ T8745] block device autoloading is deprecated and will be removed. [ 137.961110][ T8751] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 138.072692][ T8755] netlink: 'syz.0.766': attribute type 1 has an invalid length. [ 138.096129][ T8755] bond0: entered promiscuous mode [ 138.098227][ T8755] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.209034][ T8755] bond0: (slave veth3): making interface the new active one [ 138.211953][ T8755] veth3: entered promiscuous mode [ 138.214425][ T8755] bond0: (slave veth3): Enslaving as an active interface with an up link [ 139.512506][ T6010] usb 6-1: USB disconnect, device number 6 [ 140.118534][ T8823] binder: 8822:8823 ioctl c0306201 800001c0 returned -14 [ 140.172956][ T8826] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 140.194888][ T8827] netlink: 4 bytes leftover after parsing attributes in process `syz.3.782'. [ 140.395309][ T8837] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 140.534848][ T8840] tipc: Resetting bearer [ 140.544799][ T8840] bond0: (slave veth3): Releasing backup interface [ 140.547026][ T8840] veth3: left promiscuous mode [ 140.592102][ T8840] team0: Unable to change to the same mode the team is in [ 140.595222][ T8840] tipc: Enabling of bearer rejected, already enabled [ 140.605992][ T8850] tipc: Enabling of bearer rejected, already enabled [ 141.999417][ T24] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 142.058234][ T8904] x_tables: ip_tables: DNAT target: used from hooks INPUT, but only usable from PREROUTING/OUTPUT [ 142.065806][ T8904] netlink: 40 bytes leftover after parsing attributes in process `syz.3.812'. [ 142.071043][ T8904] netlink: 4 bytes leftover after parsing attributes in process `syz.3.812'. [ 142.150329][ T8908] netlink: 8 bytes leftover after parsing attributes in process `syz.1.814'. [ 142.153301][ T24] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 142.153340][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 520, setting to 64 [ 142.161991][ T24] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 142.165765][ T24] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 142.166717][ T40] audit: type=1326 audit(1751209736.761:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8895 comm="syz.2.810" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x0 [ 142.169005][ T8908] fuse: Bad value for 'fd' [ 142.169884][ T24] usb 5-1: Manufacturer: syz [ 142.181706][ T24] usb 5-1: config 0 descriptor?? [ 142.236812][ T24] rc_core: IR keymap rc-hauppauge not found [ 142.240423][ T24] Registered IR keymap rc-empty [ 142.243915][ T24] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0 [ 142.249297][ T24] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input14 [ 142.264456][ T8919] program syz.3.817 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 142.285520][ T8922] xt_hashlimit: Unknown mode mask 20000000, kernel too old? [ 142.402810][ T24] usb 5-1: USB disconnect, device number 4 [ 142.989815][ T8947] netlink: 8 bytes leftover after parsing attributes in process `syz.3.827'. [ 143.015109][ T8948] netlink: 'syz.0.824': attribute type 1 has an invalid length. [ 143.050201][ T8948] bond1: entered promiscuous mode [ 143.052252][ T8948] 8021q: adding VLAN 0 to HW filter on device bond1 [ 143.275856][ T8967] netlink: 12 bytes leftover after parsing attributes in process `syz.0.831'. [ 143.289862][ T8967] 8021q: adding VLAN 0 to HW filter on device bond2 [ 143.750040][ T8981] afs: Unknown parameter 'U.A+i' [ 144.221792][ T8997] binder: 8996:8997 ioctl c0306201 800001c0 returned -14 [ 144.556719][ T9008] skbuff: bad partial csum: csum=65506/2 headroom=178 headlen=65526 [ 144.556721][ T9007] skbuff: bad partial csum: csum=65506/2 headroom=178 headlen=65526 [ 146.700111][ T9059] netlink: 80 bytes leftover after parsing attributes in process `syz.3.858'. [ 147.079806][ T9068] overlayfs: missing 'lowerdir' [ 147.587512][ T9075] netlink: 'syz.3.863': attribute type 1 has an invalid length. [ 147.640172][ T9075] bond6: entered promiscuous mode [ 147.642976][ T9080] netlink: 4 bytes leftover after parsing attributes in process `syz.3.863'. [ 147.647365][ T9075] 8021q: adding VLAN 0 to HW filter on device bond6 [ 147.765256][ T9080] bond6: (slave veth9): making interface the new active one [ 147.768204][ T9080] veth9: entered promiscuous mode [ 147.779763][ T9080] bond6: (slave veth9): Enslaving as an active interface with an up link [ 148.081390][ T9068] kexec: Could not allocate control_code_buffer [ 148.097468][ T9068] Process accounting resumed [ 148.158684][ T9097] netlink: 8 bytes leftover after parsing attributes in process `syz.0.871'. [ 148.666592][ T9111] wireguard0: entered promiscuous mode [ 148.668592][ T9111] wireguard0: entered allmulticast mode [ 148.948441][ T60] kernel read not supported for file /dsp (pid: 60 comm: kworker/1:1) [ 149.050532][ T53] IPVS: starting estimator thread 0... [ 149.147627][ T9123] IPVS: using max 44 ests per chain, 105600 per kthread [ 149.160656][ T9127] Bluetooth: MGMT ver 1.23 [ 149.264706][ T9131] netlink: 'syz.0.880': attribute type 1 has an invalid length. [ 149.287323][ T9131] bond3: entered promiscuous mode [ 149.289287][ T9131] 8021q: adding VLAN 0 to HW filter on device bond3 [ 149.521472][ T9136] bond_slave_1: entered promiscuous mode [ 149.658991][ T9135] bond_slave_1: left promiscuous mode [ 149.791917][ T9157] geneve2: entered promiscuous mode [ 149.793609][ T9157] geneve2: entered allmulticast mode [ 150.127999][ T9180] netlink: 44 bytes leftover after parsing attributes in process `syz.3.894'. [ 150.291370][ T9182] lo speed is unknown, defaulting to 1000 [ 150.295678][ T9182] lo speed is unknown, defaulting to 1000 [ 150.304622][ T9182] lo speed is unknown, defaulting to 1000 [ 150.317230][ T9182] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 150.337173][ T9182] infiniband sy: RDMA CMA: cma_listen_on_dev, error -98 [ 150.379135][ T9182] lo speed is unknown, defaulting to 1000 [ 150.386080][ T9182] lo speed is unknown, defaulting to 1000 [ 150.391112][ T9182] lo speed is unknown, defaulting to 1000 [ 150.396311][ T9182] lo speed is unknown, defaulting to 1000 [ 150.399717][ T9182] lo speed is unknown, defaulting to 1000 [ 151.065078][ T9200] random: crng reseeded on system resumption [ 151.071453][ T9199] netlink: 12 bytes leftover after parsing attributes in process `syz.3.900'. [ 151.141015][ T9197] lo speed is unknown, defaulting to 1000 [ 151.287822][ T9208] binder: 9207:9208 ioctl c0306201 800001c0 returned -14 [ 151.409474][ T9209] netlink: 'syz.0.898': attribute type 46 has an invalid length. [ 151.417327][ T6010] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 151.957841][ T9252] tipc: Enabling of bearer rejected, already enabled [ 161.799419][ T9275] netlink: 8 bytes leftover after parsing attributes in process `syz.1.912'. [ 168.736405][ T9280] tipc: Resetting bearer [ 168.867023][ T9280] bond4: (slave veth5): Releasing backup interface [ 168.869417][ T9280] veth5: left promiscuous mode [ 169.299686][ T9280] bond5: (slave veth7): Releasing backup interface [ 169.301884][ T9280] veth7: left promiscuous mode [ 169.307125][ T9280] bond6: (slave veth9): Releasing backup interface [ 169.309813][ T9280] veth9: left promiscuous mode [ 169.318937][ T9295] team0: Unable to change to the same mode the team is in [ 169.342009][ T9303] tipc: Enabling of bearer rejected, already enabled [ 169.394203][ T9306] fuse: Bad value for 'user_id' [ 169.395970][ T9306] fuse: Bad value for 'user_id' [ 169.402994][ T9306] netlink: 4 bytes leftover after parsing attributes in process `syz.3.917'. [ 169.613493][ T9313] Bluetooth: MGMT ver 1.23 [ 169.961894][ T9330] netlink: 'syz.0.925': attribute type 1 has an invalid length. [ 170.032679][ T9330] bond4: entered promiscuous mode [ 170.036240][ T9330] 8021q: adding VLAN 0 to HW filter on device bond4 [ 170.116414][ T9332] bond4: (slave veth9): making interface the new active one [ 170.120205][ T9332] veth9: entered promiscuous mode [ 170.127566][ T9332] bond4: (slave veth9): Enslaving as an active interface with an up link [ 170.283543][ T9336] netlink: 36 bytes leftover after parsing attributes in process `syz.2.927'. [ 170.437090][ T9342] netlink: 4 bytes leftover after parsing attributes in process `syz.0.929'. [ 170.751466][ T9357] netlink: 28 bytes leftover after parsing attributes in process `syz.0.930'. [ 170.754382][ T9357] netlink: 28 bytes leftover after parsing attributes in process `syz.0.930'. [ 172.844852][ T9403] netlink: 80 bytes leftover after parsing attributes in process `syz.1.944'. [ 173.712257][ T9409] ata1.00: invalid multi_count 1 ignored [ 173.877358][ T40] audit: type=1804 audit(1751209768.461:15): pid=9416 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.947" name="/newroot/246/bus" dev="tmpfs" ino=1326 res=1 errno=0 [ 175.335148][ T9429] team0: Unable to change to the same mode the team is in [ 175.338760][ T9429] tipc: Enabling of bearer rejected, already enabled [ 175.759921][ T9444] 9pnet_fd: Insufficient options for proto=fd [ 175.874305][ T9441] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 175.877809][ T9441] overlayfs: missing 'lowerdir' [ 176.420510][ T9461] netlink: 4 bytes leftover after parsing attributes in process `syz.1.960'. [ 176.423787][ T9461] netlink: 4 bytes leftover after parsing attributes in process `syz.1.960'. [ 176.429084][ T40] audit: type=1800 audit(1751209771.021:16): pid=9461 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.960" name="dmabuf" dev="dmabuf" ino=2 res=0 errno=0 [ 177.364477][ T9481] fuseblk: Bad value for 'rootmode' [ 177.481775][ T9485] netlink: 8 bytes leftover after parsing attributes in process `syz.1.967'. [ 178.089770][ T40] audit: type=1326 audit(1751209772.681:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9506 comm="syz.1.973" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x0 [ 178.262587][ T9518] xt_hashlimit: Unknown mode mask 88000000, kernel too old? [ 178.636124][ T59] bond0 (unregistering): Released all slaves [ 178.741613][ T59] bond1 (unregistering): (slave veth3): Releasing backup interface [ 178.744089][ T59] veth3: left promiscuous mode [ 178.746975][ T59] bond1 (unregistering): Released all slaves [ 178.813620][ T59] bond2 (unregistering): (slave veth5): Releasing backup interface [ 178.816176][ T59] veth5: left promiscuous mode [ 178.818814][ T59] bond2 (unregistering): Released all slaves [ 178.898200][ T59] tipc: Disabling bearer [ 178.900377][ T59] tipc: Disabling bearer [ 178.902073][ T59] tipc: Left network mode [ 178.924266][ T9528] trusted_key: encrypted_key: master key parameter 'defa:syz' is invalid [ 179.017791][ T9534] netlink: 8 bytes leftover after parsing attributes in process `syz.2.977'. [ 179.259254][ T59] hsr_slave_1: left promiscuous mode [ 179.320659][ T59] veth1_macvtap: left promiscuous mode [ 179.322612][ T59] veth0_macvtap: left promiscuous mode [ 179.324500][ T59] veth1_vlan: left promiscuous mode [ 180.116278][ T9548] netlink: 'syz.2.980': attribute type 1 has an invalid length. [ 180.425817][ T9548] bond2: entered promiscuous mode [ 180.428915][ T9548] 8021q: adding VLAN 0 to HW filter on device bond2 [ 180.492186][ T9549] bond2: (slave veth5): making interface the new active one [ 180.495553][ T9549] veth5: entered promiscuous mode [ 180.498074][ T9549] bond2: (slave veth5): Enslaving as an active interface with an up link [ 180.542819][ T9559] netlink: 16 bytes leftover after parsing attributes in process `syz.1.982'. [ 180.553245][ T9559] netlink: 4 bytes leftover after parsing attributes in process `syz.1.982'. [ 180.821032][ T9575] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.823861][ T9575] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.826611][ T9575] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.829562][ T9575] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.832439][ T9575] geneve2: entered promiscuous mode [ 180.834141][ T9575] geneve2: entered allmulticast mode [ 180.837097][ T9575] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.839895][ T9575] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.842703][ T9575] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.845554][ T9575] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.921849][ T9579] netlink: 60 bytes leftover after parsing attributes in process `syz.2.983'. [ 182.076960][ T40] audit: type=1326 audit(1751209776.651:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9620 comm="syz.2.990" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000 [ 182.085935][ T40] audit: type=1326 audit(1751209776.651:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9620 comm="syz.2.990" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000 [ 182.092694][ T40] audit: type=1326 audit(1751209776.651:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9620 comm="syz.2.990" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf708e579 code=0x7ffc0000 [ 182.100806][ T40] audit: type=1326 audit(1751209776.651:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9620 comm="syz.2.990" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000 [ 182.107512][ T40] audit: type=1326 audit(1751209776.651:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9620 comm="syz.2.990" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000 [ 182.114093][ T40] audit: type=1326 audit(1751209776.661:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9620 comm="syz.2.990" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf708e579 code=0x7ffc0000 [ 182.121913][ T40] audit: type=1326 audit(1751209776.661:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9620 comm="syz.2.990" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000 [ 182.128593][ T40] audit: type=1326 audit(1751209776.661:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9620 comm="syz.2.990" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000 [ 182.135068][ T40] audit: type=1326 audit(1751209776.661:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9620 comm="syz.2.990" exe="/syz-executor" sig=0 arch=40000003 syscall=120 compat=1 ip=0xf708e579 code=0x7ffc0000 [ 182.143189][ T40] audit: type=1326 audit(1751209776.691:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9620 comm="syz.2.990" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000 [ 182.781691][ T9633] tipc: Can't bind to reserved service type 1 [ 182.916486][ T9647] tipc: Enabling of bearer rejected, already enabled [ 182.985061][ T9653] tipc: Resetting bearer [ 183.039265][ T9653] team0: Unable to change to the same mode the team is in [ 183.042580][ T9653] tipc: Enabling of bearer rejected, already enabled [ 183.136833][ T9662] @: renamed from vlan0 [ 183.571037][ T9686] ip6_vti0 speed is unknown, defaulting to 1000 [ 183.574350][ T9686] ip6_vti0 speed is unknown, defaulting to 1000 [ 183.576723][ T9686] ip6_vti0 speed is unknown, defaulting to 1000 [ 183.639418][ T9695] trusted_key: encrypted_key: master key parameter 'defa:syz' is invalid [ 183.700641][ T9686] infiniband syz2: set down [ 183.702670][ T53] ip6_vti0 speed is unknown, defaulting to 1000 [ 183.705551][ T9686] infiniband syz2: added ip6_vti0 [ 183.708955][ T9686] syz2: rxe_create_cq: returned err = -12 [ 183.711162][ T9686] infiniband syz2: Couldn't create ib_mad CQ [ 183.713110][ T9686] infiniband syz2: Couldn't open port 1 [ 183.725976][ T9686] RDS/IB: syz2: added [ 183.727389][ T9686] smc: adding ib device syz2 with port count 1 [ 183.729318][ T9686] smc: ib device syz2 port 1 has pnetid [ 183.731201][ T53] ip6_vti0 speed is unknown, defaulting to 1000 [ 183.733713][ T9686] ip6_vti0 speed is unknown, defaulting to 1000 [ 183.823414][ T9686] ip6_vti0 speed is unknown, defaulting to 1000 [ 183.940632][ T9686] ip6_vti0 speed is unknown, defaulting to 1000 [ 184.036718][ T9686] ip6_vti0 speed is unknown, defaulting to 1000 [ 184.058142][ T9706] xt_hashlimit: Unknown mode mask 88040000, kernel too old? [ 184.820449][ T9723] netlink: 'syz.1.1014': attribute type 9 has an invalid length. [ 184.828406][ T9723] tmpfs: Unknown parameter 'usrquotahefiles' [ 185.159105][ T59] Bluetooth: hci4: Frame reassembly failed (-84) [ 185.161394][ T46] Bluetooth: hci4: Frame reassembly failed (-84) [ 185.179907][ T9753] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 185.547171][ T6010] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 185.697009][ T6010] usb 6-1: Using ep0 maxpacket: 8 [ 185.705362][ T6010] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 185.708077][ T6010] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 185.713955][ T6010] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 185.717339][ T6010] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 185.720388][ T6010] usb 6-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 185.726334][ T6010] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 185.730138][ T6010] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.789233][ T9761] lo speed is unknown, defaulting to 1000 [ 185.791920][ T9761] ip6_vti0 speed is unknown, defaulting to 1000 [ 185.817080][ T6010] usbtmc 6-1:16.0: bulk endpoints not found [ 186.071256][ T9765] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1023'. [ 186.127916][ T9767] input: syz0 as /devices/virtual/input/input17 [ 186.384584][ T9770] geneve2: entered promiscuous mode [ 186.386474][ T9770] geneve2: entered allmulticast mode [ 186.722234][ T9775] netlink: 'syz.3.1027': attribute type 1 has an invalid length. [ 186.761479][ T9775] bond7: entered promiscuous mode [ 186.764647][ T9775] 8021q: adding VLAN 0 to HW filter on device bond7 [ 186.794500][ T9775] bond7: (slave veth11): making interface the new active one [ 186.809264][ T9775] veth11: entered promiscuous mode [ 186.821256][ T9775] bond7: (slave veth11): Enslaving as an active interface with an up link [ 187.186889][ T5954] Bluetooth: hci4: command 0x1003 tx timeout [ 187.186930][ T5949] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 187.455721][ T9792] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1033'. [ 187.461530][ T9792] netlink: 'syz.2.1033': attribute type 1 has an invalid length. [ 187.464656][ T9792] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1033'. [ 188.055307][ T9795] xt_CT: You must specify a L4 protocol and not use inversions on it [ 188.230941][ T839] usb 6-1: USB disconnect, device number 7 [ 188.301196][ T9801] tipc: Enabling of bearer rejected, failed to enable media [ 188.396473][ T40] kauditd_printk_skb: 9 callbacks suppressed [ 188.396483][ T40] audit: type=1326 audit(1751209782.981:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9802 comm="syz.1.1036" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 188.420504][ T40] audit: type=1326 audit(1751209782.981:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9802 comm="syz.1.1036" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 188.436474][ T40] audit: type=1326 audit(1751209782.981:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9802 comm="syz.1.1036" exe="/syz-executor" sig=0 arch=40000003 syscall=275 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 188.448997][ T40] audit: type=1326 audit(1751209782.981:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9802 comm="syz.1.1036" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 188.458849][ T40] audit: type=1326 audit(1751209782.981:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9802 comm="syz.1.1036" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 188.465942][ T40] audit: type=1326 audit(1751209782.981:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9802 comm="syz.1.1036" exe="/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 188.475196][ T40] audit: type=1326 audit(1751209782.981:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9802 comm="syz.1.1036" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 188.483755][ T40] audit: type=1326 audit(1751209782.981:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9802 comm="syz.1.1036" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 188.496859][ T40] audit: type=1326 audit(1751209782.981:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9802 comm="syz.1.1036" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 188.506911][ T40] audit: type=1326 audit(1751209782.991:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9802 comm="syz.1.1036" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 188.813156][ T9819] binder: 9818:9819 unknown command 0 [ 188.819507][ T9819] binder: 9818:9819 ioctl c0306201 80000180 returned -22 [ 188.839619][ T9820] netlink: 'syz.1.1041': attribute type 1 has an invalid length. [ 188.862318][ T9820] bond2: entered promiscuous mode [ 188.864418][ T9820] 8021q: adding VLAN 0 to HW filter on device bond2 [ 188.995159][ T9820] bond2: (slave veth3): making interface the new active one [ 188.998691][ T9820] veth3: entered promiscuous mode [ 189.006967][ T9820] bond2: (slave veth3): Enslaving as an active interface with an up link [ 189.029281][ T9824] macvtap1: entered allmulticast mode [ 189.031069][ T9824] bridge0: entered allmulticast mode [ 189.297448][ T9840] netlink: 'syz.3.1047': attribute type 10 has an invalid length. [ 189.313587][ T9840] team0: Device veth0_vlan failed to register rx_handler [ 189.464460][ T9857] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1054'. [ 189.468091][ T9857] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1054'. [ 190.461744][ T9870] geneve2: entered promiscuous mode [ 190.463448][ T9870] geneve2: entered allmulticast mode [ 191.447709][ T9887] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1064'. [ 191.457443][ T9887] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1064'. [ 191.480298][ T24] syz1: Port: 1 Link DOWN [ 191.482709][ T12] smc: removing ib device syz1 [ 191.493723][ T5954] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 191.499401][ T5954] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 191.502392][ T5954] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 191.505127][ T5954] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 191.516971][ T5954] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 191.548306][ T5949] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 191.551027][ T5949] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 191.553753][ T5949] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 191.558209][ T5949] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 191.560733][ T5949] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 191.738227][ T9888] lo speed is unknown, defaulting to 1000 [ 191.741017][ T9888] ip6_vti0 speed is unknown, defaulting to 1000 [ 191.983343][ T9903] bond2: (slave veth3): Releasing backup interface [ 191.986110][ T9903] veth3: left promiscuous mode [ 192.206362][ T9910] team0: Unable to change to the same mode the team is in [ 192.235486][ T9903] tipc: Enabling of bearer rejected, already enabled [ 192.320755][ T9888] chnl_net:caif_netlink_parms(): no params data found [ 192.402797][ T9888] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.405190][ T9888] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.407727][ T9888] bridge_slave_0: entered allmulticast mode [ 192.410426][ T9888] bridge_slave_0: entered promiscuous mode [ 192.413560][ T9888] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.415792][ T9888] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.426147][ T9888] bridge_slave_1: entered allmulticast mode [ 192.430328][ T9888] bridge_slave_1: entered promiscuous mode [ 192.492614][ T9888] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 192.497395][ T9888] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 192.498849][ T9930] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1073'. [ 192.504418][ T9930] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1073'. [ 192.543906][ T9888] team0: Port device team_slave_0 added [ 192.549511][ T9888] team0: Port device team_slave_1 added [ 192.674921][ T9888] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 192.677614][ T9888] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.688215][ T9888] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 192.692837][ T9888] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 192.694961][ T9888] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.704883][ T9888] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 192.834323][ T9888] hsr_slave_0: entered promiscuous mode [ 192.839695][ T9888] hsr_slave_1: entered promiscuous mode [ 193.165753][ T9888] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 193.171912][ T9888] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 193.178920][ T9888] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 193.188509][ T9888] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 193.565620][ T9888] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.573807][ T9888] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.586972][ T5949] Bluetooth: hci4: command tx timeout [ 193.590393][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.592681][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.597929][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.600227][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.680245][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.682312][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 193.906936][ T1417] ================================================================== [ 193.909399][ T1417] BUG: KASAN: slab-use-after-free in handle_tx+0x5a5/0x630 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 193.911920][ T1417] Read of size 8 at addr ffff888071d40020 by task aoe_tx0/1417 [ 193.916145][ T1417] [ 193.916929][ T1417] CPU: 0 UID: 0 PID: 1417 Comm: aoe_tx0 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) [ 193.916943][ T1417] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 193.916950][ T1417] Call Trace: [ 193.916954][ T1417] [ 193.916959][ T1417] dump_stack_lvl+0x116/0x1f0 [ 193.916977][ T1417] print_report+0xcd/0x680 [ 193.916993][ T1417] ? __virt_addr_valid+0x81/0x610 [ 193.917004][ T1417] ? __phys_addr+0xe8/0x180 [ 193.917014][ T1417] ? handle_tx+0x5a5/0x630 [ 193.917023][ T1417] kasan_report+0xe0/0x110 [ 193.917032][ T1417] ? handle_tx+0x5a5/0x630 [ 193.917046][ T1417] handle_tx+0x5a5/0x630 [ 193.917056][ T1417] dev_hard_start_xmit+0x94/0x740 [ 193.917071][ T1417] __dev_queue_xmit+0x7eb/0x43e0 [ 193.917085][ T1417] ? lockdep_hardirqs_on+0x7c/0x110 [ 193.917099][ T1417] ? finish_task_switch.isra.0+0x221/0xc10 [ 193.917110][ T1417] ? rcu_is_watching+0x12/0xc0 [ 193.917120][ T1417] ? __pfx___dev_queue_xmit+0x10/0x10 [ 193.917134][ T1417] ? __lock_acquire+0xb8a/0x1c90 [ 193.917147][ T1417] ? __lock_acquire+0xb8a/0x1c90 [ 193.917161][ T1417] ? do_raw_spin_lock+0x12c/0x2b0 [ 193.917176][ T1417] ? find_held_lock+0x2b/0x80 [ 193.917185][ T1417] ? skb_dequeue+0x126/0x180 [ 193.917197][ T1417] ? find_held_lock+0x2b/0x80 [ 193.917206][ T1417] ? rcu_is_watching+0x12/0xc0 [ 193.917216][ T1417] tx+0xcc/0x190 [ 193.917226][ T1417] ? __pfx_tx+0x10/0x10 [ 193.917235][ T1417] kthread+0x1e1/0x3e0 [ 193.917250][ T1417] ? find_held_lock+0x2b/0x80 [ 193.917259][ T1417] ? __pfx_kthread+0x10/0x10 [ 193.917274][ T1417] ? __pfx_default_wake_function+0x10/0x10 [ 193.917285][ T1417] ? lockdep_hardirqs_on+0x7c/0x110 [ 193.917299][ T1417] ? __kthread_parkme+0x19e/0x250 [ 193.917311][ T1417] ? __pfx_kthread+0x10/0x10 [ 193.917325][ T1417] kthread+0x3c5/0x780 [ 193.917338][ T1417] ? __pfx_kthread+0x10/0x10 [ 193.917351][ T1417] ? rcu_is_watching+0x12/0xc0 [ 193.917361][ T1417] ? __pfx_kthread+0x10/0x10 [ 193.917374][ T1417] ret_from_fork+0x5d4/0x6f0 [ 193.917387][ T1417] ? __pfx_kthread+0x10/0x10 [ 193.917400][ T1417] ret_from_fork_asm+0x1a/0x30 [ 193.917414][ T1417] [ 193.917417][ T1417] [ 193.983325][ T1417] Allocated by task 9943: [ 193.984718][ T1417] kasan_save_stack+0x33/0x60 [ 193.986284][ T1417] kasan_save_track+0x14/0x30 [ 193.987935][ T1417] __kasan_kmalloc+0xaa/0xb0 [ 193.989345][ T1417] alloc_tty_struct+0x96/0x8c0 [ 193.990872][ T1417] tty_init_dev.part.0+0x1e/0x500 [ 193.992473][ T1417] tty_open+0xa50/0xf90 [ 193.993786][ T1417] chrdev_open+0x234/0x6a0 [ 193.995202][ T1417] do_dentry_open+0x741/0x1c10 [ 193.996699][ T1417] vfs_open+0x82/0x3f0 [ 193.997997][ T1417] path_openat+0x1de4/0x2cb0 [ 193.999461][ T1417] do_filp_open+0x20b/0x470 [ 194.000935][ T1417] do_sys_openat2+0x11b/0x1d0 [ 194.002424][ T1417] __ia32_compat_sys_openat+0x16d/0x210 [ 194.004177][ T1417] __do_fast_syscall_32+0x7c/0x3a0 [ 194.005797][ T1417] do_fast_syscall_32+0x32/0x80 [ 194.007344][ T1417] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 194.009497][ T1417] [ 194.010382][ T1417] Freed by task 839: [ 194.011786][ T1417] kasan_save_stack+0x33/0x60 [ 194.013399][ T1417] kasan_save_track+0x14/0x30 [ 194.015013][ T1417] kasan_save_free_info+0x3b/0x60 [ 194.016713][ T1417] __kasan_slab_free+0x51/0x70 [ 194.018483][ T1417] kfree+0x2b4/0x4d0 [ 194.019803][ T1417] process_one_work+0x9cc/0x1b70 [ 194.021571][ T1417] worker_thread+0x6c8/0xf10 [ 194.023119][ T1417] kthread+0x3c5/0x780 [ 194.024518][ T1417] ret_from_fork+0x5d4/0x6f0 [ 194.025886][ T1417] ret_from_fork_asm+0x1a/0x30 [ 194.027412][ T1417] [ 194.028214][ T1417] Last potentially related work creation: [ 194.030003][ T1417] kasan_save_stack+0x33/0x60 [ 194.031504][ T1417] kasan_record_aux_stack+0xa7/0xc0 [ 194.033156][ T1417] insert_work+0x36/0x230 [ 194.034536][ T1417] __queue_work+0x97e/0x10f0 [ 194.036015][ T1417] queue_work_on+0x1a4/0x1f0 [ 194.037482][ T1417] release_tty+0x4de/0x5d0 [ 194.038903][ T1417] tty_release_struct+0xb7/0xe0 [ 194.040478][ T1417] tty_release+0xe2d/0x1430 [ 194.041928][ T1417] __fput+0x3ff/0xb70 [ 194.043203][ T1417] task_work_run+0x14d/0x240 [ 194.044712][ T1417] exit_to_user_mode_loop+0xeb/0x110 [ 194.046391][ T1417] __do_fast_syscall_32+0x2ac/0x3a0 [ 194.048050][ T1417] do_fast_syscall_32+0x32/0x80 [ 194.049594][ T1417] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 194.051601][ T1417] [ 194.052374][ T1417] The buggy address belongs to the object at ffff888071d40000 [ 194.052374][ T1417] which belongs to the cache kmalloc-cg-2k of size 2048 [ 194.056750][ T1417] The buggy address is located 32 bytes inside of [ 194.056750][ T1417] freed 2048-byte region [ffff888071d40000, ffff888071d40800) [ 194.060972][ T1417] [ 194.061748][ T1417] The buggy address belongs to the physical page: [ 194.063757][ T1417] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x71d40 [ 194.066512][ T1417] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 194.069191][ T1417] memcg:ffff888069ccf901 [ 194.070534][ T1417] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 194.072917][ T1417] page_type: f5(slab) [ 194.074187][ T1417] raw: 04fff00000000040 ffff88801b84c140 dead000000000122 0000000000000000 [ 194.076876][ T1417] raw: 0000000000000000 0000000000080008 00000000f5000000 ffff888069ccf901 [ 194.079536][ T1417] head: 04fff00000000040 ffff88801b84c140 dead000000000122 0000000000000000 [ 194.082249][ T1417] head: 0000000000000000 0000000000080008 00000000f5000000 ffff888069ccf901 [ 194.084947][ T1417] head: 04fff00000000003 ffffea0001c75001 00000000ffffffff 00000000ffffffff [ 194.087649][ T1417] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 194.090349][ T1417] page dumped because: kasan: bad access detected [ 194.092365][ T1417] page_owner tracks the page as allocated [ 194.094187][ T1417] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9943, tgid 9936 (syz.3.1075), ts 193134958059, free_ts 192244243324 [ 194.100746][ T1417] post_alloc_hook+0x1c0/0x230 [ 194.102290][ T1417] get_page_from_freelist+0x1321/0x3890 [ 194.104051][ T1417] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 194.105924][ T1417] alloc_pages_mpol+0x1fb/0x550 [ 194.107607][ T1417] new_slab+0x23b/0x330 [ 194.108951][ T1417] ___slab_alloc+0xd9c/0x1940 [ 194.110554][ T1417] __slab_alloc.constprop.0+0x56/0xb0 [ 194.112311][ T1417] __kmalloc_cache_noprof+0xfb/0x3e0 [ 194.113979][ T1417] alloc_tty_struct+0x96/0x8c0 [ 194.115502][ T1417] tty_init_dev.part.0+0x1e/0x500 [ 194.117123][ T1417] tty_open+0xa50/0xf90 [ 194.118445][ T1417] chrdev_open+0x234/0x6a0 [ 194.119883][ T1417] do_dentry_open+0x741/0x1c10 [ 194.121418][ T1417] vfs_open+0x82/0x3f0 [ 194.122713][ T1417] path_openat+0x1de4/0x2cb0 [ 194.124194][ T1417] do_filp_open+0x20b/0x470 [ 194.125636][ T1417] page last free pid 9888 tgid 9888 stack trace: [ 194.127616][ T1417] __free_frozen_pages+0x7fe/0x1180 [ 194.129263][ T1417] __put_partials+0x16d/0x1c0 [ 194.130764][ T1417] qlist_free_all+0x4d/0x120 [ 194.132252][ T1417] kasan_quarantine_reduce+0x195/0x1e0 [ 194.133956][ T1417] __kasan_slab_alloc+0x69/0x90 [ 194.135448][ T1417] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 194.137186][ T1417] __kernfs_new_node+0xd2/0x8e0 [ 194.138727][ T1417] kernfs_new_node+0x13c/0x1e0 [ 194.140269][ T1417] __kernfs_create_file+0x53/0x350 [ 194.141893][ T1417] sysfs_add_file_mode_ns+0x207/0x3c0 [ 194.143611][ T1417] internal_create_group+0x578/0xf30 [ 194.145303][ T1417] internal_create_groups+0x9d/0x150 [ 194.146967][ T1417] device_add+0x77f/0x1a70 [ 194.148401][ T1417] netdev_register_kobject+0x182/0x3a0 [ 194.150125][ T1417] register_netdevice+0x13dc/0x2270 [ 194.151867][ T1417] br_dev_newlink+0x6a/0x170 [ 194.153404][ T1417] [ 194.154237][ T1417] Memory state around the buggy address: [ 194.156112][ T1417] ffff888071d3ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 194.158744][ T1417] ffff888071d3ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 194.161527][ T1417] >ffff888071d40000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 194.164221][ T1417] ^ [ 194.165670][ T1417] ffff888071d40080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 194.168331][ T1417] ffff888071d40100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 194.170824][ T1417] ================================================================== [ 194.173365][ C0] vkms_vblank_simulate: vblank timer overrun [ 194.175319][ T1417] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 194.177564][ T1417] CPU: 0 UID: 0 PID: 1417 Comm: aoe_tx0 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) [ 194.181159][ T1417] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 194.184372][ T1417] Call Trace: [ 194.185434][ T1417] [ 194.186369][ T1417] dump_stack_lvl+0x3d/0x1f0 [ 194.187829][ T1417] panic+0x71c/0x800 [ 194.189026][ T1417] ? __pfx_panic+0x10/0x10 [ 194.190416][ T1417] ? irqentry_exit+0x3b/0x90 [ 194.191858][ T1417] ? lockdep_hardirqs_on+0x7c/0x110 [ 194.193483][ T1417] ? handle_tx+0x5a5/0x630 [ 194.194882][ T1417] ? check_panic_on_warn+0x1f/0xb0 [ 194.196490][ T1417] ? handle_tx+0x5a5/0x630 [ 194.197891][ T1417] check_panic_on_warn+0xab/0xb0 [ 194.199434][ T1417] end_report+0x107/0x170 [ 194.200842][ T1417] kasan_report+0xee/0x110 [ 194.202245][ T1417] ? handle_tx+0x5a5/0x630 [ 194.203628][ T1417] handle_tx+0x5a5/0x630 [ 194.204958][ T1417] dev_hard_start_xmit+0x94/0x740 [ 194.206535][ T1417] __dev_queue_xmit+0x7eb/0x43e0 [ 194.208116][ T1417] ? lockdep_hardirqs_on+0x7c/0x110 [ 194.209736][ T1417] ? finish_task_switch.isra.0+0x221/0xc10 [ 194.211557][ T1417] ? rcu_is_watching+0x12/0xc0 [ 194.213068][ T1417] ? __pfx___dev_queue_xmit+0x10/0x10 [ 194.214743][ T1417] ? __lock_acquire+0xb8a/0x1c90 [ 194.216303][ T1417] ? __lock_acquire+0xb8a/0x1c90 [ 194.217854][ T1417] ? do_raw_spin_lock+0x12c/0x2b0 [ 194.219434][ T1417] ? find_held_lock+0x2b/0x80 [ 194.220946][ T1417] ? skb_dequeue+0x126/0x180 [ 194.222394][ T1417] ? find_held_lock+0x2b/0x80 [ 194.223876][ T1417] ? rcu_is_watching+0x12/0xc0 [ 194.225369][ T1417] tx+0xcc/0x190 [ 194.226499][ T1417] ? __pfx_tx+0x10/0x10 [ 194.227811][ T1417] kthread+0x1e1/0x3e0 [ 194.229095][ T1417] ? find_held_lock+0x2b/0x80 [ 194.230610][ T1417] ? __pfx_kthread+0x10/0x10 [ 194.232069][ T1417] ? __pfx_default_wake_function+0x10/0x10 [ 194.233876][ T1417] ? lockdep_hardirqs_on+0x7c/0x110 [ 194.235501][ T1417] ? __kthread_parkme+0x19e/0x250 [ 194.237090][ T1417] ? __pfx_kthread+0x10/0x10 [ 194.238538][ T1417] kthread+0x3c5/0x780 [ 194.239832][ T1417] ? __pfx_kthread+0x10/0x10 [ 194.241321][ T1417] ? rcu_is_watching+0x12/0xc0 [ 194.242791][ T1417] ? __pfx_kthread+0x10/0x10 [ 194.244249][ T1417] ret_from_fork+0x5d4/0x6f0 [ 194.245697][ T1417] ? __pfx_kthread+0x10/0x10 [ 194.247148][ T1417] ret_from_fork_asm+0x1a/0x30 [ 194.248661][ T1417] [ 194.250367][ T1417] Kernel Offset: disabled [ 194.251740][ T1417] Rebooting in 86400 seconds.. VM DIAGNOSIS: 15:05:59 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000072 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85587475 RDI=ffffffff9b06da00 RBP=ffffffff9b06d9c0 RSP=ffffc9000792f458 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=0000000000000072 R14=ffffffff9b06d9c0 R15=ffffffff85587410 RIP=ffffffff8558749f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809755f000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000033b1dff8 CR3=000000006ec3d000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000694365 RBX=0000000000000001 RCX=ffffffff8b7cfc29 RDX=0000000000000000 RSI=ffffffff8de13e03 RDI=ffffffff8c1566a0 RBP=ffffed1003bd8488 RSP=ffffc9000046fdf8 R8 =0000000000000001 R9 =ffffed1005666645 R10=ffff88802b33322b R11=0000000000000001 R12=0000000000000001 R13=ffff88801dec2440 R14=ffffffff90a82850 R15=0000000000000000 RIP=ffffffff8b7ce78f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809765f000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f17875a5e9c CR3=0000000025236000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=260e54621214b7d7 262f23bf72e4eb90 260e54621214b7d7 262f23bf72e4eb90 260e54621214b7d7 262f23bf72e4eb90 260e54621214b7d7 262f23bf72e4eb90 ZMM18=200d1a2bcdc222f9 d6b4edd8a7056195 200d1a2bcdc222f9 d6b4edd8a7056195 200d1a2bcdc222f9 d6b4edd8a7056195 200d1a2bcdc222f9 d6b4edd8a7056195 ZMM19=6b0c000000000000 0000000000000005 6b0c000000000000 0000000000000004 6b0c000000000000 0000000000000003 6b0c000000000000 0000000000000002 ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffd1080280 030380020881c388 9a08000100000008 0606010fe8001000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 03a0030880808080 8080841000039003 449608000388030e b691aa8a08000380 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 030004000008000e 800201c708000800 47e000307265646e 69622f7366726564 ZMM24=a7056195a7056195 a7056195a7056195 a7056195a7056195 a7056195a7056195 a7056195a7056195 a7056195a7056195 a7056195a7056195 a7056195a7056195 ZMM25=d6b4edd8d6b4edd8 d6b4edd8d6b4edd8 d6b4edd8d6b4edd8 d6b4edd8d6b4edd8 d6b4edd8d6b4edd8 d6b4edd8d6b4edd8 d6b4edd8d6b4edd8 d6b4edd8d6b4edd8 ZMM26=cdc222f9cdc222f9 cdc222f9cdc222f9 cdc222f9cdc222f9 cdc222f9cdc222f9 cdc222f9cdc222f9 cdc222f9cdc222f9 cdc222f9cdc222f9 cdc222f9cdc222f9 ZMM27=200d1a2b200d1a2b 200d1a2b200d1a2b 200d1a2b200d1a2b 200d1a2b200d1a2b 200d1a2b200d1a2b 200d1a2b200d1a2b 200d1a2b200d1a2b 200d1a2b200d1a2b ZMM28=000000f0000000ef 000000ee000000ed 000000ec000000eb 000000ea000000e9 000000e8000000e7 000000e6000000e5 000000e4000000e3 000000e2000000e1 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=690c0000690c0000 690c0000690c0000 690c0000690c0000 690c0000690c0000 690c0000690c0000 690c0000690c0000 690c0000690c0000 690c0000690c0000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffff88802b241f20 RCX=ffffffff81af76fd RDX=ffff888024458000 RSI=ffffffff81af76d9 RDI=0000000000000005 RBP=0000000000000001 RSP=ffffc90002dd74d0 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=dffffc0000000000 R13=0000000000000003 R14=ffffed10056483e5 R15=ffff88802b43b6c0 RIP=ffffffff81af76db RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809775f000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7f36e40 CR3=000000000e382000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f73d3ff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=0000000000000003 RCX=0000000000000002 RDX=ffff888020834880 RSI=ffffffff8169e2d1 RDI=ffffffff8c1566a0 RBP=ffff88802af39540 RSP=ffffc9000074f6a8 R8 =0000000000000001 R9 =0000000000000001 R10=ffffffff90a82857 R11=0000000000000001 R12=0000000000000003 R13=0000000000000003 R14=ffff88802b53b380 R15=ffffed10055e72a8 RIP=ffffffff8b7ce78f RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809785f000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002f1f2ff8 CR3=000000006855a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000e800000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000