Warning: Permanently added '[localhost]:59282' (ECDSA) to the list of known hosts. 2020/12/27 18:02:00 fuzzer started 2020/12/27 18:02:00 dialing manager at 10.0.2.10:35483 2020/12/27 18:02:00 syscalls: 3454 2020/12/27 18:02:00 code coverage: enabled 2020/12/27 18:02:00 comparison tracing: enabled 2020/12/27 18:02:00 extra coverage: enabled 2020/12/27 18:02:00 setuid sandbox: enabled 2020/12/27 18:02:00 namespace sandbox: enabled 2020/12/27 18:02:00 Android sandbox: /sys/fs/selinux/policy does not exist 2020/12/27 18:02:00 fault injection: enabled 2020/12/27 18:02:00 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/12/27 18:02:00 net packet injection: enabled 2020/12/27 18:02:00 net device setup: enabled 2020/12/27 18:02:00 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/12/27 18:02:00 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/12/27 18:02:00 USB emulation: enabled 2020/12/27 18:02:00 hci packet injection: enabled 2020/12/27 18:02:00 wifi device emulation: enabled 18:03:21 executing program 0: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000001c00)='/dev/zero\x00', 0x0, 0x0) readv(r2, &(0x7f0000000ac0)=[{0x0}, {0x0}, {&(0x7f0000000380)=""/74, 0x200003ca}], 0x3) socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$AUDIT_SIGNAL_INFO(0xffffffffffffffff, 0x0, 0x40004) 18:03:21 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@newtaction={0x64, 0x30, 0x1, 0x0, 0x0, {}, [{0x50, 0x1, [@m_mpls={0x4c, 0x1, 0x0, 0x0, {{0x9, 0x1, 'mpls\x00'}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0) 18:03:21 executing program 2: prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x5a6, 0x9, 0xfd, 0x4}, {0x8001, 0x0, 0x2, 0x7f}]}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000000c0)={0x2, &(0x7f0000000080)=[{0x3f, 0x6, 0x7f, 0xf6f3}, {0x8, 0xff, 0x8f, 0xe5bb}]}) pselect6(0x40, &(0x7f0000000280)={0x4, 0x7fffffff, 0xc7, 0xfffffffeffffffff, 0x7, 0x0, 0x7, 0x9}, &(0x7f00000002c0)={0xfffffffffffffffd, 0x5, 0xfffffffffffeffff, 0x8, 0x1, 0x7, 0x1, 0x3}, &(0x7f0000000300)={0x9, 0x401, 0x3, 0x101, 0x100, 0x5, 0x1, 0xffffffffffffbb9c}, &(0x7f0000000340)={0x0, 0x3938700}, &(0x7f00000003c0)={&(0x7f0000000380), 0x8}) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, 0x0, 0x0) r1 = gettid() ptrace$peek(0xffffffffffffffff, r1, 0x0) getpid() r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140)='ethtool\x00') ioprio_set$pid(0x3, r1, 0x2004) syz_read_part_table(0x10000, 0x0, &(0x7f0000000400)) sendmsg$ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r2, 0x100, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x10) 18:03:22 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x54, r3, 0x1bb48d39ad5e2997, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_REKEY_DATA={0x38, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="bcd6c6264fd2bf3d92147b5451a6878d"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="d467b6ee4e4371d1c85ed282813f56e5"}, @NL80211_REKEY_DATA_REPLAY_CTR={0x8, 0x3, "72063b2880bb4814"}]}]}, 0x54}}, 0x0) syzkaller login: [ 191.089590][ T9246] IPVS: ftp: loaded support on port[0] = 21 [ 191.216250][ T9246] chnl_net:caif_netlink_parms(): no params data found [ 191.276426][ T9247] IPVS: ftp: loaded support on port[0] = 21 [ 191.302050][ T9246] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.341038][ T9246] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.365307][ T9246] device bridge_slave_0 entered promiscuous mode [ 191.394986][ T9246] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.404529][ T9246] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.415011][ T9246] device bridge_slave_1 entered promiscuous mode [ 191.449041][ T9246] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 191.467551][ T9246] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 191.499593][ T9246] team0: Port device team_slave_0 added [ 191.516428][ T9246] team0: Port device team_slave_1 added [ 191.549095][ T9246] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 191.559033][ T9246] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.594084][ T9246] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 191.610897][ T9246] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 191.620491][ T9246] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.662369][ T9246] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 191.704514][ T9250] IPVS: ftp: loaded support on port[0] = 21 [ 191.737429][ T9246] device hsr_slave_0 entered promiscuous mode [ 191.748799][ T9246] device hsr_slave_1 entered promiscuous mode [ 191.768690][ T9247] chnl_net:caif_netlink_parms(): no params data found [ 191.897696][ T9247] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.909574][ T9247] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.921693][ T9247] device bridge_slave_0 entered promiscuous mode [ 191.935191][ T9247] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.947595][ T9247] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.959486][ T9247] device bridge_slave_1 entered promiscuous mode [ 192.007710][ T9247] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 192.041998][ T9247] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 192.086381][ T9247] team0: Port device team_slave_0 added [ 192.112924][ T9247] team0: Port device team_slave_1 added [ 192.116373][ T9251] IPVS: ftp: loaded support on port[0] = 21 [ 192.138211][ T9247] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 192.150475][ T9247] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.184586][ T9247] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 192.199936][ T9247] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 192.208626][ T9247] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.245055][ T9247] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 192.310379][ T9250] chnl_net:caif_netlink_parms(): no params data found [ 192.367332][ T9247] device hsr_slave_0 entered promiscuous mode [ 192.377040][ T9247] device hsr_slave_1 entered promiscuous mode [ 192.386407][ T9247] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 192.396869][ T9247] Cannot create hsr debugfs directory [ 192.495447][ T9246] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 192.513802][ T9246] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 192.527847][ T9250] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.541652][ T9250] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.555030][ T9250] device bridge_slave_0 entered promiscuous mode [ 192.573608][ T9250] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.593569][ T9250] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.607298][ T9250] device bridge_slave_1 entered promiscuous mode [ 192.639571][ T9246] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 192.663206][ T9250] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 192.683969][ T9246] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 192.698496][ T9250] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 192.711331][ T9251] chnl_net:caif_netlink_parms(): no params data found [ 192.754498][ T9250] team0: Port device team_slave_0 added [ 192.767969][ T9250] team0: Port device team_slave_1 added [ 192.795993][ T9250] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 192.809201][ T9250] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.848568][ T9250] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 192.868417][ T9250] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 192.912587][ T9250] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.955940][ T9250] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 193.022594][ T9250] device hsr_slave_0 entered promiscuous mode [ 193.032215][ T9250] device hsr_slave_1 entered promiscuous mode [ 193.041753][ T9250] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 193.051877][ T9250] Cannot create hsr debugfs directory [ 193.081228][ T1727] Bluetooth: hci0: command 0x0409 tx timeout [ 193.111187][ T9251] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.111359][ T9251] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.134088][ T9251] device bridge_slave_0 entered promiscuous mode [ 193.164892][ T9251] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.178482][ T9251] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.193624][ T9251] device bridge_slave_1 entered promiscuous mode [ 193.226506][ T9251] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 193.247354][ T9251] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 193.277299][ T9251] team0: Port device team_slave_0 added [ 193.288714][ T9251] team0: Port device team_slave_1 added [ 193.312688][ T9247] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 193.328956][ T3827] Bluetooth: hci1: command 0x0409 tx timeout [ 193.342828][ T9247] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 193.356350][ T9247] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 193.392717][ T9247] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 193.413611][ T9251] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 193.426744][ T9251] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 193.472422][ T9251] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 193.501726][ T9251] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 193.514171][ T9251] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 193.552359][ T9251] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 193.614391][ T9251] device hsr_slave_0 entered promiscuous mode [ 193.630666][ T9251] device hsr_slave_1 entered promiscuous mode [ 193.648441][ T9251] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 193.664480][ T9251] Cannot create hsr debugfs directory [ 193.721112][ T3084] Bluetooth: hci2: command 0x0409 tx timeout [ 193.794783][ T9250] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 193.812193][ T9250] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 193.825371][ T9250] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 193.847055][ T9250] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 193.872391][ T9246] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.924050][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.938266][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.967980][ T9246] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.984601][ T9251] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 194.004921][ T9251] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 194.015963][ T9251] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 194.028624][ T9251] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 194.031144][ T68] Bluetooth: hci3: command 0x0409 tx timeout [ 194.061165][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 194.073540][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 194.086051][ T28] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.100628][ T28] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.128067][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.166906][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 194.193139][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 194.208507][ T3084] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.220179][ T3084] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.232454][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 194.262839][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 194.283482][ T9247] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.309076][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 194.323853][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 194.342649][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.354989][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.369613][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 194.431996][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 194.447452][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 194.466883][ T9247] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.494120][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 194.510176][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 194.523811][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 194.536789][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 194.549086][ T9277] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.560084][ T9277] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.571947][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.592496][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 194.602927][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 194.612875][ T3084] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.627402][ T3084] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.640177][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 194.654335][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 194.674768][ T9250] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.689686][ T9246] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 194.719414][ T5057] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 194.750355][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 194.771890][ T9250] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.789838][ T3365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.805901][ T3365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.833427][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 194.848647][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 194.864467][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.876004][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.889570][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 194.905393][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 194.918236][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 194.931414][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 194.947769][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 194.973329][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 194.998054][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.014741][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 195.034664][ T3365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 195.054326][ T3365] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 195.079680][ T9251] 8021q: adding VLAN 0 to HW filter on device bond0 [ 195.110746][ T9246] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 195.137025][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 195.155072][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 195.161232][ T68] Bluetooth: hci0: command 0x041b tx timeout [ 195.191824][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 195.208615][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 195.225096][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 195.244715][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 195.260675][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 195.274113][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 195.292632][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 195.323678][ T9250] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 195.339140][ T9250] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 195.355183][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 195.365918][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 195.378056][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 195.389213][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 195.403869][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 195.415967][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 195.426956][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 195.440632][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 195.456219][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 195.469157][ T68] Bluetooth: hci1: command 0x041b tx timeout [ 195.478100][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 195.496621][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 195.511230][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 195.526258][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 195.544967][ T9251] 8021q: adding VLAN 0 to HW filter on device team0 [ 195.565745][ T9247] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 195.596676][ T3365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 195.607315][ T3365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 195.619138][ T3365] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.629804][ T3365] bridge0: port 1(bridge_slave_0) entered forwarding state [ 195.642245][ T3365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 195.659743][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 195.679169][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 195.706017][ T9277] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.726953][ T9277] bridge0: port 2(bridge_slave_1) entered forwarding state [ 195.741918][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 195.764524][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 195.787105][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 195.791255][ T5] Bluetooth: hci2: command 0x041b tx timeout [ 195.815248][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 195.853448][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 195.873657][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 195.897723][ T9250] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 195.929027][ T9246] device veth0_vlan entered promiscuous mode [ 195.955818][ T5057] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 195.970177][ T5057] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 195.987856][ T5057] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 196.011181][ T9278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 196.043689][ T9247] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 196.068542][ T9246] device veth1_vlan entered promiscuous mode [ 196.085537][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 196.102694][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 196.111779][ T9278] Bluetooth: hci3: command 0x041b tx timeout [ 196.127552][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 196.157313][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 196.171846][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 196.187672][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 196.202728][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 196.229144][ T9250] device veth0_vlan entered promiscuous mode [ 196.249529][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 196.264734][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 196.281155][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 196.296616][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 196.312687][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 196.333040][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 196.347450][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 196.369143][ T9251] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 196.385946][ T9251] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 196.401818][ T5057] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 196.416749][ T5057] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 196.428613][ T5057] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 196.448992][ T9250] device veth1_vlan entered promiscuous mode [ 196.464754][ T5057] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 196.504527][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 196.518846][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 196.531590][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 196.544264][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 196.569021][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 196.580378][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 196.603446][ T9251] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 196.618268][ T5057] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 196.629337][ T5057] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 196.639206][ T5057] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 196.651752][ T5057] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 196.683779][ T9247] device veth0_vlan entered promiscuous mode [ 196.712998][ T9246] device veth0_macvtap entered promiscuous mode [ 196.725328][ T9247] device veth1_vlan entered promiscuous mode [ 196.737135][ T9278] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 196.755050][ T9278] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 196.776021][ T9278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 196.790311][ T9278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 196.805718][ T9246] device veth1_macvtap entered promiscuous mode [ 196.822229][ T9250] device veth0_macvtap entered promiscuous mode [ 196.850195][ T9250] device veth1_macvtap entered promiscuous mode [ 196.877806][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 196.889383][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 196.899491][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 196.909370][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 196.919482][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 196.931866][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 196.958203][ T9251] device veth0_vlan entered promiscuous mode [ 196.974381][ T9250] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 196.985312][ T9246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 197.000776][ T9246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.017015][ T9246] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 197.029156][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 197.042792][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 197.055215][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 197.065909][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 197.076403][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 197.085802][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 197.106815][ T9250] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 197.116225][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 197.125198][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 197.134704][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 197.145183][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 197.159323][ T9246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 197.183411][ T9246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.210678][ T9246] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 197.230247][ T9251] device veth1_vlan entered promiscuous mode [ 197.241426][ T68] Bluetooth: hci0: command 0x040f tx timeout [ 197.255412][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 197.270719][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 197.281306][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 197.294965][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 197.314889][ T9250] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.328471][ T9250] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.339454][ T9250] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.350047][ T9250] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.366962][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 197.381635][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 197.397418][ T9247] device veth0_macvtap entered promiscuous mode [ 197.408860][ T9246] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.421029][ T9246] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.432397][ T9246] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.445677][ T9246] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.487660][ T9247] device veth1_macvtap entered promiscuous mode [ 197.497623][ T5057] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 197.515917][ T5057] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 197.536570][ T5057] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 197.554737][ T5057] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 197.561523][ T9278] Bluetooth: hci1: command 0x040f tx timeout [ 197.570615][ T9251] device veth0_macvtap entered promiscuous mode [ 197.599820][ T9251] device veth1_macvtap entered promiscuous mode [ 197.659161][ T9251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 197.692528][ T9251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.719105][ T9251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 197.737576][ T9251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.756578][ T9251] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 197.779988][ T9247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 197.801197][ T9247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.822726][ T9247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 197.857376][ T9247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.878596][ T9247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 197.883160][ T9278] Bluetooth: hci2: command 0x040f tx timeout [ 197.905764][ T9247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.943712][ T9247] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 197.966997][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 197.983947][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 198.002147][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 198.020799][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 198.039841][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 198.060290][ T9251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 198.086970][ T9251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.106386][ T9251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 198.127373][ T9251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.151407][ T9251] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 198.185862][ T9247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 198.211595][ T9278] Bluetooth: hci3: command 0x040f tx timeout [ 198.226790][ T9247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.242882][ T9247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 198.256860][ T9247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.271886][ T9247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 198.290549][ T9247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.305879][ T9247] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 198.327929][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 198.347702][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 198.368438][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 198.386145][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 198.406286][ T9251] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.420065][ T9251] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.441798][ T9251] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.459981][ T9251] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.494138][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.499686][ T9247] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.516823][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.533298][ T9247] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.557458][ T9247] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.572576][ T9247] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.591042][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.616912][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.630308][ T5057] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 198.644321][ T5057] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 198.702228][ T9260] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.715741][ T9260] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.746913][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 198.779270][ T2987] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.791679][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.791714][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.796771][ T2987] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.822207][ T9278] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 198.855890][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 198.878264][ T2987] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.886964][ T9250] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 198.894274][ T2987] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.902500][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.902536][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.906551][ T3827] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 198.909378][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.909417][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.910794][ T3827] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 199.020821][ T9278] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 199.312007][ T9278] Bluetooth: hci0: command 0x0419 tx timeout [ 199.334830][ T9282] loop2: detected capacity change from 128 to 0 18:03:31 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000200)={'ip6_vti0\x00', &(0x7f0000000180)={'sit0\x00', 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, @loopback, @dev}}) 18:03:31 executing program 1: r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x0, 0x0) read$usbmon(r0, 0x0, 0x0) ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205) 18:03:31 executing program 3: capset(&(0x7f00000002c0)={0x20080522}, &(0x7f0000000300)) r0 = socket$unix(0x1, 0x104000000000001, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0xc) setresgid(0x0, 0x0, r1) [ 199.546666][ T9294] loop2: detected capacity change from 128 to 0 [ 199.632228][ T9278] Bluetooth: hci1: command 0x0419 tx timeout 18:03:31 executing program 2: prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x5a6, 0x9, 0xfd, 0x4}, {0x8001, 0x0, 0x2, 0x7f}]}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000000c0)={0x2, &(0x7f0000000080)=[{0x3f, 0x6, 0x7f, 0xf6f3}, {0x8, 0xff, 0x8f, 0xe5bb}]}) pselect6(0x40, &(0x7f0000000280)={0x4, 0x7fffffff, 0xc7, 0xfffffffeffffffff, 0x7, 0x0, 0x7, 0x9}, &(0x7f00000002c0)={0xfffffffffffffffd, 0x5, 0xfffffffffffeffff, 0x8, 0x1, 0x7, 0x1, 0x3}, &(0x7f0000000300)={0x9, 0x401, 0x3, 0x101, 0x100, 0x5, 0x1, 0xffffffffffffbb9c}, &(0x7f0000000340)={0x0, 0x3938700}, &(0x7f00000003c0)={&(0x7f0000000380), 0x8}) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, 0x0, 0x0) r1 = gettid() ptrace$peek(0xffffffffffffffff, r1, 0x0) getpid() r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140)='ethtool\x00') ioprio_set$pid(0x3, r1, 0x2004) syz_read_part_table(0x10000, 0x0, &(0x7f0000000400)) sendmsg$ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r2, 0x100, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x10) [ 199.731818][ T9311] loop2: detected capacity change from 128 to 0 [ 199.951250][ T23] Bluetooth: hci2: command 0x0419 tx timeout 18:03:31 executing program 3: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @local}, 0x10) sendto$inet(r0, &(0x7f0000000100)="f6", 0xffffffe7, 0xc000, 0x0, 0x0) r1 = socket$inet6_dccp(0xa, 0x6, 0x0) ppoll(&(0x7f0000000140)=[{r1}, {r0}], 0x2, 0x0, 0x0, 0x0) 18:03:31 executing program 0: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000001c00)='/dev/zero\x00', 0x0, 0x0) readv(r2, &(0x7f0000000ac0)=[{0x0}, {0x0}, {&(0x7f0000000380)=""/74, 0x200003ca}], 0x3) socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$AUDIT_SIGNAL_INFO(0xffffffffffffffff, 0x0, 0x40004) 18:03:31 executing program 2: prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x5a6, 0x9, 0xfd, 0x4}, {0x8001, 0x0, 0x2, 0x7f}]}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000000c0)={0x2, &(0x7f0000000080)=[{0x3f, 0x6, 0x7f, 0xf6f3}, {0x8, 0xff, 0x8f, 0xe5bb}]}) pselect6(0x40, &(0x7f0000000280)={0x4, 0x7fffffff, 0xc7, 0xfffffffeffffffff, 0x7, 0x0, 0x7, 0x9}, &(0x7f00000002c0)={0xfffffffffffffffd, 0x5, 0xfffffffffffeffff, 0x8, 0x1, 0x7, 0x1, 0x3}, &(0x7f0000000300)={0x9, 0x401, 0x3, 0x101, 0x100, 0x5, 0x1, 0xffffffffffffbb9c}, &(0x7f0000000340)={0x0, 0x3938700}, &(0x7f00000003c0)={&(0x7f0000000380), 0x8}) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, 0x0, 0x0) r1 = gettid() ptrace$peek(0xffffffffffffffff, r1, 0x0) getpid() r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140)='ethtool\x00') ioprio_set$pid(0x3, r1, 0x2004) syz_read_part_table(0x10000, 0x0, &(0x7f0000000400)) sendmsg$ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r2, 0x100, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x10) [ 200.177208][ T9323] loop2: detected capacity change from 128 to 0 [ 200.271790][ T23] Bluetooth: hci3: command 0x0419 tx timeout 18:03:31 executing program 2: prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x5a6, 0x9, 0xfd, 0x4}, {0x8001, 0x0, 0x2, 0x7f}]}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000000c0)={0x2, &(0x7f0000000080)=[{0x3f, 0x6, 0x7f, 0xf6f3}, {0x8, 0xff, 0x8f, 0xe5bb}]}) pselect6(0x40, &(0x7f0000000280)={0x4, 0x7fffffff, 0xc7, 0xfffffffeffffffff, 0x7, 0x0, 0x7, 0x9}, &(0x7f00000002c0)={0xfffffffffffffffd, 0x5, 0xfffffffffffeffff, 0x8, 0x1, 0x7, 0x1, 0x3}, &(0x7f0000000300)={0x9, 0x401, 0x3, 0x101, 0x100, 0x5, 0x1, 0xffffffffffffbb9c}, &(0x7f0000000340)={0x0, 0x3938700}, &(0x7f00000003c0)={&(0x7f0000000380), 0x8}) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, 0x0, 0x0) r1 = gettid() ptrace$peek(0xffffffffffffffff, r1, 0x0) getpid() r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140)='ethtool\x00') ioprio_set$pid(0x3, r1, 0x2004) syz_read_part_table(0x10000, 0x0, &(0x7f0000000400)) sendmsg$ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r2, 0x100, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x10) [ 200.368137][ T9338] loop2: detected capacity change from 128 to 0 [ 200.386617][ T9322] ------------[ cut here ]------------ [ 200.391834][ T9322] WARNING: CPU: 3 PID: 9322 at mm/page_counter.c:57 page_counter_cancel+0x56/0x70 18:03:31 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x6, 0x4, 0x4, 0x3}, 0x40) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000000c0)={'veth1\x00', &(0x7f0000000100)=ANY=[]}) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x284, 0x134, 0x17c, 0x17c, 0x134, 0x5, 0x218, 0x260, 0x260, 0x218, 0x260, 0x3, 0x0, {[{{@uncond=[0x7a, 0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x49, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0xa4, 0xd8, 0x52020000}, @common=@inet=@SET3={0x34, 'SET\x00'}}, {{@ipv6={@mcast2, @empty, [], [], 'ip6tnl0\x00', 'veth1_to_batadv\x00'}, 0x0, 0xa4, 0xe4}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x2e0) bpf$BPF_GET_MAP_INFO(0x2, &(0x7f00000000c0)={r0, 0x28, &(0x7f00000003c0)}, 0x30) [ 200.412321][ T9322] Modules linked in: [ 200.412321][ T9322] CPU: 3 PID: 9322 Comm: syz-executor.3 Not tainted 5.10.0-syzkaller #0 [ 200.412321][ T9322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 200.412321][ T9322] RIP: 0010:page_counter_cancel+0x56/0x70 [ 200.412321][ T9322] Code: 89 ef 48 89 c3 48 89 c6 e8 37 fd ff ff 31 ff 48 89 de e8 dd 8d b8 ff 48 85 db 78 09 5b 5d 41 5c e9 df 85 b8 ff e8 da 85 b8 ff <0f> 0b 5b 5d 41 5c e9 cf 85 b8 ff 0f 1f 44 00 00 66 2e 0f 1f 84 00 [ 200.412321][ T9322] RSP: 0018:ffffc90001fcf788 EFLAGS: 00010012 [ 200.412321][ T9322] RAX: 000000000001020f RBX: ffffffffffffff70 RCX: ffffc900bb10c000 [ 200.412321][ T9322] RDX: 0000000000040000 RSI: ffffffff81b9f666 RDI: 0000000000000003 [ 200.412321][ T9322] RBP: ffff888068412120 R08: 0000000000000000 R09: ffff88804020c17f [ 200.412321][ T9322] R10: ffffffff81b9f653 R11: 0000000000000000 R12: 0000000000000100 [ 200.412321][ T9322] R13: 0000000000000200 R14: ffff888068412000 R15: 0000000000000003 [ 200.412321][ T9322] FS: 0000000000000000(0000) GS:ffff88802cd00000(0063) knlGS:00000000f551eb40 [ 200.412321][ T9322] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 200.412321][ T9322] CR2: 0000000020200000 CR3: 000000002b4c0000 CR4: 0000000000350ee0 [ 200.412321][ T9322] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 200.412321][ T9322] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 200.412321][ T9322] Call Trace: [ 200.685228][ T9322] page_counter_uncharge+0x2e/0x60 [ 200.694662][ T9322] drain_stock+0xc9/0x2c0 [ 200.701332][ T9322] refill_stock+0x132/0x270 [ 200.712684][ T9322] __sk_mem_reduce_allocated+0x24d/0x550 [ 200.723079][ T9322] dfrag_clear+0x45e/0x540 [ 200.729851][ T9322] __mptcp_clean_una+0x146/0xc60 [ 200.737680][ T9322] ? mptcp_push_pending+0x1740/0x1740 [ 200.747536][ T9322] mptcp_release_cb+0x2d4/0x330 [ 200.759783][ T9322] ? mptcp_push_pending+0x1740/0x1740 [ 200.768952][ T9322] release_sock+0xb4/0x1b0 [ 200.776844][ T9322] sk_stream_wait_memory+0x608/0xed0 [ 200.784324][ T9322] ? sk_stream_wait_connect+0x6a0/0x6a0 [ 200.793762][ T9322] ? __init_waitqueue_head+0x110/0x110 [ 200.802246][ T9322] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 200.812012][ T9322] ? copy_page_from_iter+0x5f2/0x870 [ 200.821381][ T9322] mptcp_sendmsg+0xd87/0x27b0 [ 200.829539][ T9322] ? mptcp_release_cb+0x330/0x330 [ 200.838630][ T9322] ? aa_sk_perm+0x316/0xaa0 [ 200.845970][ T9322] ? aa_af_perm+0x230/0x230 [ 200.853399][ T9322] ? __fget_files+0x288/0x3d0 [ 200.863971][ T9322] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 200.875412][ T9322] inet_sendmsg+0x99/0xe0 [ 200.883267][ T9322] ? inet_send_prepare+0x4d0/0x4d0 [ 200.893319][ T9322] sock_sendmsg+0xcf/0x120 [ 200.901049][ T9322] __sys_sendto+0x21c/0x320 [ 200.912473][ T9322] ? __ia32_sys_getpeername+0xb0/0xb0 [ 200.925169][ T9322] ? _copy_to_user+0xdc/0x150 [ 200.935227][ T9322] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 200.946434][ T9322] ? put_old_timespec32+0x101/0x1f0 [ 200.954301][ T9322] ? get_old_timespec32+0x1f0/0x1f0 [ 200.962531][ T9322] ? __ia32_sys_futex_time32+0x32a/0x530 [ 200.975878][ T9322] __ia32_sys_sendto+0xdb/0x1b0 [ 200.989025][ T9322] ? lockdep_hardirqs_on+0x79/0x100 [ 201.001820][ T9322] __do_fast_syscall_32+0x56/0x80 [ 201.009832][ T9322] do_fast_syscall_32+0x2f/0x70 [ 201.023160][ T9322] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 201.025032][ T9330] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 201.035121][ T9322] RIP: 0023:0xf7f24549 [ 201.035121][ T9322] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 201.035121][ T9322] RSP: 002b:00000000f551e0bc EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 201.035121][ T9322] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000100 [ 201.035121][ T9322] RDX: 00000000ffffffe7 RSI: 000000000000c000 RDI: 0000000000000000 [ 201.035121][ T9322] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 201.035121][ T9322] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 201.035121][ T9322] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 201.035746][ T9322] Kernel panic - not syncing: panic_on_warn set ... [ 201.035746][ T9322] CPU: 3 PID: 9322 Comm: syz-executor.3 Not tainted 5.10.0-syzkaller #0 [ 201.058761][ T9322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 201.058761][ T9322] Call Trace: [ 201.058761][ T9322] dump_stack+0x107/0x163 [ 201.058761][ T9322] panic+0x306/0x73d [ 201.058761][ T9322] ? __warn_printk+0xf3/0xf3 [ 201.058761][ T9322] ? __warn.cold+0x1a/0x44 [ 201.058761][ T9322] ? page_counter_cancel+0x56/0x70 [ 201.058761][ T9322] __warn.cold+0x35/0x44 [ 201.058761][ T9322] ? page_counter_cancel+0x56/0x70 [ 201.058761][ T9322] report_bug+0x1bd/0x210 [ 201.058761][ T9322] handle_bug+0x3c/0x60 [ 201.058761][ T9322] exc_invalid_op+0x14/0x40 [ 201.058761][ T9322] asm_exc_invalid_op+0x12/0x20 [ 201.058761][ T9322] RIP: 0010:page_counter_cancel+0x56/0x70 [ 201.058761][ T9322] Code: 89 ef 48 89 c3 48 89 c6 e8 37 fd ff ff 31 ff 48 89 de e8 dd 8d b8 ff 48 85 db 78 09 5b 5d 41 5c e9 df 85 b8 ff e8 da 85 b8 ff <0f> 0b 5b 5d 41 5c e9 cf 85 b8 ff 0f 1f 44 00 00 66 2e 0f 1f 84 00 [ 201.058761][ T9322] RSP: 0018:ffffc90001fcf788 EFLAGS: 00010012 [ 201.058761][ T9322] RAX: 000000000001020f RBX: ffffffffffffff70 RCX: ffffc900bb10c000 [ 201.058761][ T9322] RDX: 0000000000040000 RSI: ffffffff81b9f666 RDI: 0000000000000003 [ 201.058761][ T9322] RBP: ffff888068412120 R08: 0000000000000000 R09: ffff88804020c17f [ 201.058761][ T9322] R10: ffffffff81b9f653 R11: 0000000000000000 R12: 0000000000000100 [ 201.058761][ T9322] R13: 0000000000000200 R14: ffff888068412000 R15: 0000000000000003 [ 201.058761][ T9322] ? page_counter_cancel+0x43/0x70 [ 201.058761][ T9322] ? page_counter_cancel+0x56/0x70 [ 201.058761][ T9322] ? page_counter_cancel+0x56/0x70 [ 201.058761][ T9322] page_counter_uncharge+0x2e/0x60 [ 201.058761][ T9322] drain_stock+0xc9/0x2c0 [ 201.058761][ T9322] refill_stock+0x132/0x270 [ 201.058761][ T9322] __sk_mem_reduce_allocated+0x24d/0x550 [ 201.058761][ T9322] dfrag_clear+0x45e/0x540 [ 201.058761][ T9322] __mptcp_clean_una+0x146/0xc60 [ 201.058761][ T9322] ? mptcp_push_pending+0x1740/0x1740 [ 201.058761][ T9322] mptcp_release_cb+0x2d4/0x330 [ 201.058761][ T9322] ? mptcp_push_pending+0x1740/0x1740 [ 201.058761][ T9322] release_sock+0xb4/0x1b0 [ 201.058761][ T9322] sk_stream_wait_memory+0x608/0xed0 [ 201.058761][ T9322] ? sk_stream_wait_connect+0x6a0/0x6a0 [ 201.058761][ T9322] ? __init_waitqueue_head+0x110/0x110 [ 201.058761][ T9322] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 201.058761][ T9322] ? copy_page_from_iter+0x5f2/0x870 [ 201.058761][ T9322] mptcp_sendmsg+0xd87/0x27b0 [ 201.058761][ T9322] ? mptcp_release_cb+0x330/0x330 [ 201.058761][ T9322] ? aa_sk_perm+0x316/0xaa0 [ 201.058761][ T9322] ? aa_af_perm+0x230/0x230 [ 201.058761][ T9322] ? __fget_files+0x288/0x3d0 [ 201.058761][ T9322] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 201.058761][ T9322] inet_sendmsg+0x99/0xe0 [ 201.058761][ T9322] ? inet_send_prepare+0x4d0/0x4d0 [ 201.058761][ T9322] sock_sendmsg+0xcf/0x120 [ 201.058761][ T9322] __sys_sendto+0x21c/0x320 [ 201.058761][ T9322] ? __ia32_sys_getpeername+0xb0/0xb0 [ 201.058761][ T9322] ? _copy_to_user+0xdc/0x150 [ 201.058761][ T9322] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 201.058761][ T9322] ? put_old_timespec32+0x101/0x1f0 [ 201.058761][ T9322] ? get_old_timespec32+0x1f0/0x1f0 [ 201.058761][ T9322] ? __ia32_sys_futex_time32+0x32a/0x530 [ 201.058761][ T9322] __ia32_sys_sendto+0xdb/0x1b0 [ 201.058761][ T9322] ? lockdep_hardirqs_on+0x79/0x100 [ 201.058761][ T9322] __do_fast_syscall_32+0x56/0x80 [ 201.058761][ T9322] do_fast_syscall_32+0x2f/0x70 [ 201.058761][ T9322] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 201.058761][ T9322] RIP: 0023:0xf7f24549 [ 201.058761][ T9322] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 201.058761][ T9322] RSP: 002b:00000000f551e0bc EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 201.058761][ T9322] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000100 [ 201.058761][ T9322] RDX: 00000000ffffffe7 RSI: 000000000000c000 RDI: 0000000000000000 [ 201.058761][ T9322] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 201.058761][ T9322] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 201.058761][ T9322] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 201.848144][ T9330] CPU: 2 PID: 9330 Comm: syz-executor.3 Not tainted 5.10.0-syzkaller #0 [ 201.850890][ T9330] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 201.850890][ T9330] Call Trace: [ 201.850890][ T9330] dump_stack+0x107/0x163 [ 201.850890][ T9330] dump_header+0x106/0x624 [ 201.850890][ T9330] oom_kill_process.cold+0x10/0x15 [ 201.850890][ T9330] out_of_memory+0x358/0x13f0 [ 201.850890][ T9330] ? find_held_lock+0x2d/0x110 [ 201.850890][ T9330] ? oom_killer_disable+0x270/0x270 [ 201.850890][ T9330] mem_cgroup_out_of_memory+0x1e5/0x250 [ 201.850890][ T9330] ? mem_cgroup_margin+0x130/0x130 [ 201.850890][ T9330] try_charge+0xeac/0x1120 [ 201.850890][ T9330] ? drain_all_stock.part.0+0x880/0x880 [ 201.850890][ T9330] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 201.850890][ T9330] ? find_held_lock+0x2d/0x110 [ 201.850890][ T9330] __memcg_kmem_charge+0x68/0x130 [ 201.850890][ T9330] ? mem_cgroup_can_attach+0x390/0x390 [ 201.850890][ T9330] obj_cgroup_charge+0x149/0x530 [ 201.850890][ T9330] ? sock_alloc_inode+0x18/0x1c0 [ 201.850890][ T9330] kmem_cache_alloc+0x9e/0x440 [ 201.850890][ T9330] ? sock_free_inode+0x20/0x20 [ 201.850890][ T9330] sock_alloc_inode+0x18/0x1c0 [ 201.850890][ T9330] ? sock_free_inode+0x20/0x20 [ 201.850890][ T9330] alloc_inode+0x61/0x230 [ 201.850890][ T9330] new_inode_pseudo+0x14/0xe0 [ 201.850890][ T9330] sock_alloc+0x3c/0x260 [ 201.850890][ T9330] __sock_create+0xb9/0x780 [ 201.850890][ T9330] __sys_socket+0xef/0x200 [ 201.850890][ T9330] ? move_addr_to_kernel+0x70/0x70 [ 201.850890][ T9330] __ia32_sys_socket+0x6f/0xb0 [ 201.850890][ T9330] __do_fast_syscall_32+0x56/0x80 [ 201.850890][ T9330] do_fast_syscall_32+0x2f/0x70 [ 201.850890][ T9330] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 201.850890][ T9330] RIP: 0023:0xf7f24549 [ 201.850890][ T9330] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 201.850890][ T9330] RSP: 002b:00000000f54fd0bc EFLAGS: 00000296 ORIG_RAX: 0000000000000167 [ 201.850890][ T9330] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000000001 [ 201.850890][ T9330] RDX: 0000000000000106 RSI: 0000000000000000 RDI: 0000000000000000 [ 201.850890][ T9330] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 201.850890][ T9330] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 201.850890][ T9330] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 201.058761][ T9322] Kernel Offset: disabled [ 201.058761][ T9322] Rebooting in 86400 seconds.. VM DIAGNOSIS: 18:03:33 Registers: info registers vcpu 0 RAX=00000000000c5221 RBX=ffffffff8b0bc000 RCX=ffffffff88eb3510 RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000000 RBP=fffffbfff1617800 RSP=ffffffff8b007e40 R8 =0000000000000001 R9 =ffff88802ca35bab R10=ffffed1005946b75 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=ffffffff8cef0f88 R15=0000000000000000 RIP=ffffffff88ed85be RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802ca00000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fb9e9174518 CR3=0000000079250000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffff81453feaffffffff81453f89 XMM02=ffffffff81453ff8ffffffff81453fea XMM03=ffffffff81453f89ffffffff81453f6d XMM04=ffffffff81468087ffffffff81468060 XMM05=ffffffff8160efdeffffffff814681db XMM06=ffffffff81613c8fffffffff81613c62 XMM07=ffffffff81613cb5ffffffff81613c96 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=1ffff9200045ef1d RCX=ffffffff81593e50 RDX=0000000000000001 RSI=0000000000000004 RDI=ffffc900022f7908 RBP=ffffffff8f2d69d8 RSP=ffffc900022f78e0 R8 =0000000000000001 R9 =0000000000000003 R10=fffff5200045ef21 R11=0000000000000000 R12=ffffffff8f2d69e0 R13=ffffffff8f2d69e8 R14=dead000000000100 R15=dffffc0000000000 RIP=ffffffff81593e62 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cb00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe000003e000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000003c000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f558bdb0 CR3=0000000079250000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffff81453feaffffffff81453f89 XMM02=ffffffff81453ff8ffffffff81453fea XMM03=ffffffff81453f89ffffffff81453f6d XMM04=ffffffff81468087ffffffff81468060 XMM05=ffffffff8160efdeffffffff814681db XMM06=ffffffff81613c8fffffffff81613c62 XMM07=ffffffff81613cb5ffffffff81613c96 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 2 RAX=0000006283f653ce RBX=0000000000000001 RCX=00000000000006e0 RDX=0000000000000062 RSI=ffff88802cc1fa00 RDI=000000000003ff9c RBP=ffff88802cc1fa00 RSP=ffffc90001527b60 R8 =0000000000000000 R9 =0000000000000000 R10=ffffffff8165758e R11=0000000000000000 R12=000000000003ff9c R13=0000000000000000 R14=ffff88802cc26a00 R15=0000000000026a00 RIP=ffffffff812f889b RFL=00000003 [------C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802cc00000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe0000079000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000077000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f904026c6f0 CR3=000000007695a000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000002 XMM02=00000050000000000000000100000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 3 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff841442ac RDI=ffffffff8fb0ad40 RBP=ffffffff8fb0ad00 RSP=ffffc90001fcf100 R8 =000000000000002a R9 =000000000000006b R10=ffffffff8412ad68 R11=000000000000000a R12=0000000000000020 R13=fffffbfff1f615f3 R14=fffffbfff1f615aa R15=dffffc0000000000 RIP=ffffffff84144300 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802cd00000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe00000b4000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000b2000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020200000 CR3=000000002b4c0000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=000000000000000400c800a400000000 XMM02=00000001000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000