last executing test programs: 3.53242492s ago: executing program 3 (id=425): getrlimit(0xa, &(0x7f00000000c0)) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x33, &(0x7f0000000200)=0x8, 0x4) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000500)={0x1, @pix={0x434c, 0x7f, 0x584e4f53, 0x3, 0x2, 0x7, 0x7, 0x5, 0x1, 0x4, 0x2, 0x7}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) ftruncate(r1, 0x8800000) (async) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r3, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0) (async) sendfile(r2, r1, 0x0, 0x578410eb) (async) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1b, 0x0, 0x4734, 0x8000}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x14, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@call={0x85, 0x0, 0x0, 0xa0}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) prctl$PR_SET_IO_FLUSHER(0x43, 0x1) (async) io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) syz_emit_ethernet(0x32, &(0x7f00000004c0)={@local, @remote, @val={@val={0x88a8, 0x1, 0x0, 0x3}, {0x8100, 0x2, 0x1, 0x4}}, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @local, @dev={0xac, 0x14, 0x14, 0x26}, @local, @remote}}}}, &(0x7f0000000240)={0x1, 0x1, [0x318, 0x987, 0xcf8, 0xdbe]}) (async) r6 = socket$nl_generic(0x10, 0x3, 0x10) (async) setsockopt$CAN_RAW_FD_FRAMES(r1, 0x65, 0x5, &(0x7f0000000080)=0x1, 0x4) (async) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) (async) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4880}, 0x1) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000000)={{0x1, 0x1, 0x18, r6, {r6}}, './file0\x00'}) 3.037690196s ago: executing program 1 (id=427): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x1, 0xfa00, {0x0, &(0x7f0000000380)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(0xffffffffffffffff, &(0x7f0000000080)={0x13, 0x10, 0xfa00, {&(0x7f0000000480), r1, 0x1}}, 0x18) r2 = fspick(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1) fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f0000000280)='\x00', 0x0, r0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="16000000246837f73199aee6fdb9291b3091ec1a2d41d227975ad8ec300059191b00867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x682c}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x75e}], 0x3) 2.686975429s ago: executing program 1 (id=428): r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@local, @local, @remote}, 0xc) r1 = syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0) kcmp(r1, r1, 0x5, 0xffffffffffffffff, 0xffffffffffffffff) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa0000000003"], 0x1c) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0xbb4) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf2509000200737955d7000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) syz_emit_ethernet(0x30, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x1d}, @random="101cf32d961d", @val={@void, {0x8100, 0x6, 0x1}}, {@x25={0x805, {0x3, 0xbd, 0xfd, "bf2a94ac78fc46543eb5917e7f6230858232f5860a4db7b93758e1"}}}}, 0x0) 1.988954909s ago: executing program 0 (id=429): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={0x94, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x56, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1}, {0x80}, @device_a, @broadcast, @from_mac=@device_b, {0x2, 0x1}}, 0x3, @default, 0xc00, @void, @val, @void, @void, @void, @val={0x5, 0x3, {0x8, 0xa7, 0x5}}, @val={0x25, 0x3, {0x1, 0x8, 0x6}}, @val={0x2a, 0x1, {0x0, 0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x4, 0x8, 0xd7}}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x6, 0x41}}, @val={0x76, 0x6, {0x6, 0xf8, 0x3c, 0xfff}}}}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0x5, 0x3, "e6"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x94}}, 0x0) 1.858930986s ago: executing program 0 (id=430): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth0_vlan\x00'}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[], 0x30}}, 0x80c0) 1.786349721s ago: executing program 0 (id=431): r0 = socket$tipc(0x1e, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000005cc0)={0x11, 0x2, &(0x7f00000007c0)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @call={0x85, 0x0, 0x0, 0xb0}], &(0x7f0000000800)='syzkaller\x00', 0x5ac, 0xe3, &(0x7f0000000840)=""/227, 0x41100, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000980)={0xa, 0x3}, 0x8, 0x10, &(0x7f00000009c0)={0x0, 0xa, 0x5, 0x7}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000005c40)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000005c80), 0x10, 0x7}, 0x94) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xf, 0x0, 0x0, 0x0}, 0x94) r2 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000040)=0x659f, 0x4) write$binfmt_script(r2, &(0x7f00000000c0), 0x28) recvmmsg(r2, &(0x7f0000006640)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x40002000, 0x0) socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee7, 0x8031, 0xffffffffffffffff, 0x0) socketpair(0x2a, 0x2, 0x0, &(0x7f0000000e40)) r3 = syz_io_uring_setup(0x5b17, &(0x7f0000000380)={0x0, 0x9ff1, 0x200, 0x3, 0x11c}, &(0x7f0000000400), &(0x7f0000000440)) io_uring_register$IORING_UNREGISTER_RING_FDS(r3, 0x15, &(0x7f0000005a40)=[{0x6, 0x1, 0x0, &(0x7f0000000740), &(0x7f0000000780)=[0x4, 0x3, 0x1]}, {0x0, 0x1, 0x0, &(0x7f0000000b00), &(0x7f0000000b40)=[0x189]}, {0x3, 0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000005d80)=""/249, 0xf9}, {&(0x7f0000000c80)=""/123, 0x7b}, {&(0x7f0000000d00)=""/46, 0x2e}], &(0x7f0000000d80)=[0x9, 0xe9c, 0x2, 0xf2ba, 0xd3, 0x3ff, 0xa65f]}, {0x4, 0xb396feeac8b83e9, 0x0, &(0x7f0000002000)=[{&(0x7f0000000dc0)=""/65, 0x41}, {&(0x7f0000001e80)=""/171, 0xab}, {&(0x7f0000002080)=""/4096, 0x1000}, {&(0x7f0000001f40)=""/174, 0xae}], &(0x7f0000003080)}, {0xa, 0x1, 0x0, &(0x7f00000046c0)=[{&(0x7f00000030c0)=""/4096, 0x1000}, {&(0x7f00000040c0)=""/46, 0x2e}, {&(0x7f0000004100)=""/229, 0xe5}, {&(0x7f0000004200)=""/156, 0x9c}, {&(0x7f00000042c0)=""/155, 0x9b}, {&(0x7f0000004380)=""/33, 0x21}, {&(0x7f0000000a00)=""/252, 0xfc}, {&(0x7f00000044c0)=""/248, 0xf8}, {&(0x7f00000045c0)=""/169, 0xa9}, {&(0x7f0000000940)=""/22, 0x16}], &(0x7f0000004740)=[0x2, 0xc3d4]}, {0x7, 0x0, 0x0, &(0x7f0000004bc0)=[{&(0x7f0000004780)=""/68, 0x44}, {&(0x7f0000004800)=""/194, 0xc2}, {&(0x7f0000004900)=""/51, 0x33}, {&(0x7f0000004940)=""/170, 0xaa}, {&(0x7f0000004a00)=""/242, 0xf2}, {&(0x7f0000004b00)=""/11, 0xb}, {&(0x7f0000004b40)=""/89, 0x59}], &(0x7f0000004c00)=[0xffffffffffffffff, 0xd, 0x7fffffffffffffff]}, {0x4, 0x0, 0x0, &(0x7f0000005000)=[{&(0x7f0000004c40)=""/114, 0x72}, {&(0x7f0000004cc0)=""/27, 0x1b}, {&(0x7f0000004d00)=""/214, 0xd6}, {&(0x7f0000004e00)=""/16, 0x10}, {&(0x7f0000004e40)=""/36, 0x24}, {&(0x7f0000004e80)=""/83, 0x53}, {&(0x7f0000004f00)=""/168, 0xa8}, {&(0x7f0000004fc0)=""/4, 0x4}], &(0x7f0000005040)=[0xffff, 0x6, 0x100000001, 0x47]}, {0x6, 0x1, 0x0, &(0x7f0000005580)=[{&(0x7f0000005080)=""/52, 0x34}, {&(0x7f00000050c0)=""/201, 0xc9}, {&(0x7f00000051c0)=""/203, 0xcb}, {&(0x7f00000052c0)=""/218, 0xda}, {&(0x7f00000053c0)=""/244, 0xf4}, {&(0x7f00000054c0)=""/190, 0xbe}], &(0x7f00000055c0)=[0x8000000000000001, 0x5]}, {0x5, 0x1, 0x0, &(0x7f00000059c0)=[{&(0x7f0000005600)=""/250, 0xfa}, {&(0x7f0000005700)=""/135, 0x87}, {&(0x7f00000057c0)=""/118, 0x76}, {&(0x7f0000005840)=""/161, 0xa1}, {&(0x7f0000005900)=""/182, 0xb6}], &(0x7f0000005a00)=[0x3, 0x5]}], 0x9) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) msync(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) r6 = openat$nvme_fabrics(0xffffff9c, &(0x7f0000000180), 0x8200, 0x0) syz_io_uring_setup(0x195f, &(0x7f0000000300)={0x0, 0x5968, 0x200, 0x3, 0x327, 0x0, r6}, &(0x7f00000001c0), &(0x7f0000000280)) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) fcntl$lock(r0, 0x7, &(0x7f0000000000)={0x2, 0x7, 0x1, 0x5, r1}) openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) timerfd_create(0x0, 0x0) 1.362001301s ago: executing program 1 (id=433): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'}) readv(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000f40)=""/4096, 0x1000}], 0x1) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000080}, 0x0) 1.361694932s ago: executing program 3 (id=434): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f0000000380)={0xa, 0x4e23, 0xfffffffc, @loopback}, 0x1c) listen(r0, 0x4) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000140)={0x0, 0x1}, 0x8) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x9}, 0x8) sendmmsg$inet6(r1, &(0x7f0000000480)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x80020}, 0x1c, &(0x7f0000000500)=[{&(0x7f00000034c0)='\x00', 0x1}], 0x1}}], 0x1, 0x34000811) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000640)=ANY=[@ANYBLOB="30e01b3981dd"], 0x1000f) 1.360907574s ago: executing program 2 (id=435): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4) setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f00000003c0)=0x6, 0x4) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e22, @empty}], 0x10) listen(r1, 0x3) r2 = socket$netlink(0x10, 0x3, 0x4) writev(r2, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe0064e224e22590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000100)=[@in6={0xa, 0x0, 0x0, @loopback}, @in6={0xa, 0x0, 0xffffffff, @private0}], 0x38) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000000040)=[@in6={0xa, 0x4e27, 0x3, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x8}], 0x1c) 1.268544555s ago: executing program 1 (id=436): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000840)={'batadv_slave_1\x00', 0x0}) r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r2}, 0x90) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)=ANY=[@ANYBLOB="340000001000010027bd70000000000000000000", @ANYRES32=r1, @ANYBLOB="004100000000000014002b8008000100", @ANYRES32=r3], 0x34}}, 0x4008000) r4 = socket$inet6(0xa, 0x80002, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_RTHDR(r5, 0x29, 0x39, &(0x7f0000000040)={0x84, 0x0, 0x2, 0x8}, 0x8) r6 = socket$inet6_icmp(0xa, 0x2, 0x3a) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @local, 0x4}, 0x1c) sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000) 1.268360106s ago: executing program 2 (id=437): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) bind$inet6(r1, &(0x7f0000000080)={0xa, 0x4e21, 0x5, @ipv4={'\x00', '\xff\xff', @empty}, 0x101}, 0x1c) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xff}, 0x1c) r2 = fcntl$dupfd(r1, 0x406, r1) setsockopt$inet6_IPV6_ADDRFORM(r2, 0x29, 0x1, &(0x7f0000000040), 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) read$FUSE(r2, &(0x7f0000002540)={0x2020}, 0xfdef) 1.246483035s ago: executing program 3 (id=438): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfc, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0xfffffff8, 0x3, 0x6361, 0x7, 0x0, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000900)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70b928, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xb}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x5, 0x7, 0x5, 0x1, 0x0, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x240040e0}, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r5) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)='\'', 0x1}], 0x1}, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') r7 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r7, 0x6, 0x2e, 0x0, &(0x7f0000000140)) rename(&(0x7f0000000100)='./bus\x00', &(0x7f0000000180)='./file1\x00') lstat(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000200)) 1.240177952s ago: executing program 1 (id=439): r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x9}}]}}]}, 0x48}}, 0xc840) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=@newtfilter={0x54, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x6}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0x28, 0x2, [@TCA_U32_SEL={0x24, 0x5, {0xd, 0x7, 0x1, 0x3d3f, 0x0, 0xfff, 0xb709, 0x58f, [{0x0, 0x20008000, 0x4, 0x1}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x24040084) recvmmsg$unix(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/219, 0xdb}], 0x1}}], 0x1, 0x60, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)={0x2c, 0x0, 0x1, 0x2, 0x25dfdbfe, {}, [@GTPA_LINK={0x8}, @GTPA_I_TEI={0x8, 0x8, 0x1}, @GTPA_LINK={0x8, 0x1, r1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4004054}, 0x4000044) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x4004000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[], 0xc3}, 0x1, 0x100000000000000, 0x0, 0x2000}, 0x40400c0) r2 = socket(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0) 1.138046116s ago: executing program 1 (id=440): r0 = io_uring_setup(0x5, &(0x7f00000002c0)) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r2 = dup(r1) bind$bt_l2cap(r2, &(0x7f0000000080), 0xe) getpid() socket(0x1e, 0x4, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={0xffffffffffffffff, 0x2000012, 0xe, 0x0, &(0x7f0000000280)="63ec33c9e9b98600000000000000", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) accept4$vsock_stream(r2, 0x0, 0x58, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$VT_RELDISP(r2, 0x5605) 1.06822877s ago: executing program 3 (id=441): r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$TCXONC(r0, 0x540a, 0x3) r1 = socket$unix(0x1, 0x1, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket$kcm(0x11, 0x3, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r4) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000900)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x44, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x5a, 0x2, 0x84d, 0x9, 0x1, 0x800}, {0x8c, 0x1, 0xfffc, 0x7fff, 0x2, 0xb}, 0x5, 0x34, 0x91f}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xc2240edb8ac75ac7}, @TCA_TBF_RATE64={0xc, 0x4, 0xdd31e353c9fd1eb}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x20008851}, 0x50) sendmsg$nl_route_sched(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xb}, {0xe, 0xffea}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0xc7, 0x4}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x4890) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r3, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0xdd86, r7, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="80", 0x1}], 0x1}, 0x4) umount2(&(0x7f0000000140)='./file0\x00', 0x8) 908.017259ms ago: executing program 3 (id=442): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_linger(r0, 0x1, 0xd, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x3) ioctl$UI_SET_ABSBIT(r3, 0x40045567, 0x0) write$uinput_user_dev(r3, &(0x7f0000000ec0)={'syz0\x00', {}, 0x0, [0xfff, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x8, 0x0, 0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0xfffffffc, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d52c0], [0x0, 0x0, 0x2, 0xb16, 0x0, 0xffffffcb, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x1000, 0x0, 0xf, 0x5, 0x8004, 0x0, 0xfffffffc, 0x0, 0xfffffffe, 0x20000000, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfefffffd, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf], [0x87ffffff, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x20000, 0xfffffffd, 0x2, 0xe, 0xfffffffe, 0x0, 0x0, 0x3c63, 0x0, 0x0, 0x0, 0xffff, 0x9, 0x9, 0x40000002, 0x6, 0x0, 0xd12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4], [0x0, 0xfffffffc, 0xfffffffc, 0xc, 0x6, 0x0, 0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7e, 0x0, 0x3, 0x2, 0x800, 0xe, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffd, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x100000000, 0x8, 0x0, 0x3}, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) openat$ptmx(0xffffff9c, &(0x7f00000000c0), 0xa578b166ab60d784, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$TIPC_DEST_DROPPABLE(r4, 0x10f, 0x81, &(0x7f0000000080), 0x4a) sendmmsg$inet(r4, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) close(r5) r6 = openat$rdma_cm(0xffffff9c, &(0x7f0000000b80), 0x2, 0x0) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r6, &(0x7f0000000d00)={0xb, 0x10, 0xfa00, {0x0}}, 0x18) r7 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x110000000097a9, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r7, 0xc0405602, &(0x7f0000000040)={0x21, 0x1, 0x0, "ad2896b02ca8b044d00dc81345c4b935bab32cecd875596364ab192cb8b873aa"}) r8 = socket$can_bcm(0x1d, 0x2, 0x2) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="b4020000000000007911300000000000850000002e0000009500000000000000358bb9f43d86b13600"/50], &(0x7f0000000100)='syzkaller\x00', 0x4, 0xc5, &(0x7f0000000300)=""/197, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000002c0), 0xffffffffffffff35}, 0x54) connect$can_bcm(r8, &(0x7f0000000040), 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'}) 783.128227ms ago: executing program 0 (id=443): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x6e20, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000500)={[0x5206, 0x5, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x1c, 0x0, 0xffffffffffffffff, 0x6, 0xffffffffffffffff], 0x0, 0x41901}) ioctl$KVM_RUN(r2, 0xae80, 0xfffffdfd) 628.564616ms ago: executing program 0 (id=444): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'}) readv(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000f40)=""/4096, 0x1000}], 0x1) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000080}, 0x0) 628.060851ms ago: executing program 0 (id=445): socket$tipc(0x1e, 0x2, 0x0) socket$inet6(0xa, 0x5, 0x0) r0 = syz_open_dev$swradio(0x0, 0x0, 0x2) ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0e85667, &(0x7f0000000380)={0x40000000, 0x240, "a42a0338cbeeb95d9fa677a6acb9ff737b4fdaf44eaca1c837abb1d98828cc02", 0x5, 0x5, 0x10, 0x8, 0x5, 0x80006, 0x0, 0x3, [0x9, 0x0, 0x1, 0xa13e]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xb, 0x11e41e7a, 0x20000000, 0x6, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x844}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000002c80)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000001c80)=""/4096, 0x1000}], 0x1, &(0x7f0000000b40)=""/49, 0x31}, 0xffff}, {{&(0x7f00000008c0)=@hci, 0x80, &(0x7f0000000a00)=[{&(0x7f0000000940)=""/63, 0x3f}, {&(0x7f0000000980)}, {&(0x7f00000009c0)=""/13, 0xd}], 0x3, &(0x7f0000000a40)=""/176, 0xb0}, 0x4}, {{&(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private2}}}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000480)=""/221, 0xdd}, {&(0x7f0000000580)=""/205, 0xcd}, {&(0x7f0000000180)}, {&(0x7f0000000c80)=""/4096, 0x1000}, {&(0x7f0000000680)=""/143, 0x8f}, {&(0x7f0000000740)=""/131, 0x83}], 0x6, &(0x7f0000000840)=""/111, 0x6f}, 0x3}], 0x3, 0x2, 0x0) kexec_load(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x7ffdd000, 0x8000}], 0x320000) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c8) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000bc0)=@newtaction={0x98, 0x30, 0x48b, 0x0, 0x0, {}, [{0x84, 0x1, [@m_ctinfo={0x30, 0x2, 0x0, 0x0, {{0xffffffffffffff99}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_simple={0x50, 0x0, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x8, 0x3, 'nat\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x6f8, 0x2, 0x0, 0x6, 0x1ff}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x98}}, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x621c2, 0x0) ftruncate(r5, 0x8800000) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file2\x00', 0x207) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) setxattr$security_capability(&(0x7f0000000080)='./file0/file1\x00', &(0x7f00000001c0), 0x0, 0x0, 0x3) socket$inet_udp(0x2, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4) socket(0x1e, 0x4, 0x0) 378.308724ms ago: executing program 2 (id=446): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) r3 = socket$pppoe(0x18, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000100)=0xff, 0x4) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=@newlink={0x44, 0x10, 0x503, 0x0, 0x700, {0x0, 0x0, 0x0, 0x0, 0x2000, 0x1006}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_PRIORITY={0x6, 0x6, 0x7fff}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x440b0) 256.560073ms ago: executing program 2 (id=447): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000980)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x70bd2c, 0xfffffe00, {0x0, 0x0, 0x0, r2, {0xfff2}, {0x10}, {0x1, 0xffe1}}}, 0x24}, 0x1, 0x0, 0x0, 0x40019}, 0x0) 138.565697ms ago: executing program 2 (id=448): bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x25, 0x16, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x3c) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xfffffff9) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) setsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x3, &(0x7f0000000200)=0xfffffffa, 0x4) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000580)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/59, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/231, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000}) r2 = syz_io_uring_setup(0x756a, &(0x7f00000002c0)={0x0, 0xd94e, 0x40, 0x3, 0x37a}, &(0x7f0000000340), &(0x7f0000000540)) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r2, 0x13, &(0x7f00000005c0)=[0x401, 0x8], 0x2) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=ANY=[@ANYBLOB="10010000", @ANYRES16=0x0, @ANYBLOB="000325bd7000fddbdf2546000000080001007063690011000200303030303a30303a31302e300000000008008e00010000000c008f0003000000000000000c00900076020000080000000e0001806e657464657673696d0000000f0002006e657464657673696d30000008008000030000000c008f0008000000000000000c00900002000000000000000e0001006e657464657673696d0000000f0002006e657464e53a2069b1982e268a1f657673696d30000008008e00000000000c008f0004000000000000000c00900004000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00000000000c008f0002000000000000000c009000000000004000000067378e45676369ae973e93"], 0x110}, 0x1, 0x0, 0x0, 0x40}, 0x40) mount$cgroup(0x0, &(0x7f0000000000)='.\x00', &(0x7f00000000c0), 0x10012, &(0x7f0000000040)={[{@name={'name', 0x3d, 'noprefix'}}, {}]}) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, &(0x7f0000000080)={0x2, 0x1f}) 504.52µs ago: executing program 3 (id=449): r0 = openat$sw_sync_info(0xffffff9c, &(0x7f0000000000), 0x40000, 0x0) ioctl$EVIOCGKEY(r0, 0x80404518, &(0x7f0000001040)=""/4096) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000000040)={0x0, 0x0, "d607f8f9951e76c13f64323723e7eecdf40c363423eb3d259266ec9c37865c6c1a4640ce1b22bb3327ef4f001d34c09f39c3539e4f8d3ee0878ae95bc7f52363c468b257ff3e24852548deb01efd54f11ed2c41d078b9cf1fc8f725616b694bb4a6e4606c3fb19d1d2bd3c8c4e97da2213f9d5c3b90400000000000000c279f03558083906666827d61dcc3a633b72fad6265a293e3877adc1660edbc9a0307a25720a170e7f5670e419dc44febf7ddc73fd4a5a0b6c28665f7f46c7084e17c809268103a2584ab40a68e528329dffafc3612e325c1eb4a3ab2e156a97444800", "0615e456c196e819a321fdb3690bfab19538829a732a01781564ef7738cb5b82a704b3952f81c68bb4ceeaad63206f88201638e87c4981cbf9332cbc9c4d69e392bd33237ece7ad91e44edac0da8dacad81adf2e08c21ad6b44ce1f90bd618c255ca40cdb411485fb48a51d329c816b3488c7d032ef69c502c6e1236bd381efd410165988847c1dcb98a18ca2b853910e52044fa3b3026cb88de269537c8f26ffc3b15cbf279832bfc90bd95939043182e88050dfd2a4784a5d1453610fb1f1c2bac36c3ecd3e6fb756ef8880debeef3636afd981d8af4ab119928448f90351aec113335eacf52a18c87738d9679d3acc032a16fbefc64776f363610a15b37bcd36e6a7cba931151b9c9ba5779d550e9ab21603a43a25f3b4895d8dc4f3ce0e7d5e964e888169ea79a0848e9338b3d34d62e963fbf98834f4455419907f0ffdb76373af77a34edee7789f56e7f01bdab9614a0d460f791a06e6cf5243bf2b3a1624a80ec7e1116f1c81f5ef4b895be74bf67eea9193428b58a8b62b7976d3d2e59796c46ec918c83cd49c3f43dbd2967586966c19ace7b0bef5f94eb333b362649f1bfa114f8b1f126e97ec672cff77e2130823fa7a1df6760c6a8917815e9f0a409ed32b133df7dc9afceffcd472b35145c83c9167764d25ce214133c6170adeb6653b30b226a3b6ff1363ac862a540c7fab584cd051ce7ee951e0f121d43cff75afbdec6bc6f6e8f7db58c8086751320d22ee8582e915cabc536e3767e9a9230c9ae8b92398f0ca2a7141ea4588af7afde10e5ec2a6fe85ba5712e126629d4e3998fc4721cb638f2ef8356049e3448466e2c400d5e8baf843fa399907cb526b791c5350ce29204cb6fe50b892a69ec6dbecc28f032a745738faa12c2a34222942fef0ec0511da5fe0b565ceac429da7cc25cfe0320b40a514723e2392a6a361032343edb79fd83cd0a354837153542fd61b3156b54c566036e493250c3a3214738e3cacc24a50d5dfd17d5008b4ca629c3062f3417cb69c48b8b888ae51256bb4e6c68e95a71a00383ad9df263f6a775ded64fef20ed5cb5f31c33cb86f839d00a12e40cd31219113619c4e0585454cb1776278bfd7f5c4275792afb790e83ff0fc6925355c7aee7a070477d9ec2292366e39b9dc66f7adcf449a1a718e5217183faf0f679efc5cef20bcdcf2d12ea0684084ec0d693256e280025b23b5a08b7b1ebe7d41fb045793f971d6ee066604818cb09d86c1eda99a44c35476a113fd5d1a7543f8f99424ebb78dd9e00d719502a6eafa743a061fa3fa55e4deaa0a011b6b9d633f10e0c9446b5a2e3f6d6014ab00695366c1a6bf0c32f703aebb7988c7d4d322681458e85626302c70f37628835e1fcfff1da3099c0b4af433eb9a51f9609f2c0c09a98b18880c846b34d6ac0210f073765666100976ee1d928893f983580ea47a012144633b98e02c3e81869534ab985eb3a73e0bac892dac949f85db949285a6a7a490b1075467226af23df82d8dd09b7282490fbb3ada9ed4cae8f761aefbe0701de6b132f12044c58ac1c2607c8f51361de5bed021dea13fd0a440263cf0b304522a324b581ab274e7bdae5994316657b5c0ab0220d9b08739729f7a35d436878c182aec4f08dd161c11ee5b7937fae7835e8bfe98a44c8d4bbb2e0eee0cb5d7c93517e96a9fc8132e60f3ef7c735bea1934b37df451f981c8d9210e61278c871e6dad6ceb89aa4d7245658a63e65cec7b81d307426a60a31cc917844a14e1d9ad83bef1c9f736d1836687c950d1275caece0d46ab9f3b0e95d9cf560eb8134e8346b35e0a6f60e6a87a14c4aeb3e0d06158390660a52a6e44b524c1e16de2bf99870f78fc81d267072bc63e97d3f26d23fd59799ff2c847d6a724cebc2377a582ba73d99a610a095c28d66c60910ac64b7d18847fa98fd8528b72e0a149b082c731575b2e2763e67c821ba29eecd8b8c87981c4fb1fbbaaa4e8aa077ec98de1362fc7af7a0ac5e3297fd0d924124b2e255b5cc4f6b0873f3d34418d5ae0d6f734628f38cb9b856b2db3fbb2fafb76983eabc51a348e55789e997fa25cbe6e5031bd2e33d4e2686f964a65d1abf7f96a20a8b270b1522ace4adf6fdade5cd3f101574960d13267e2382f70027ebe5ef7f9418e14e6a8a130d2aec2253c8fe21825e3295774db0c9b1340ea28a96589ba0d9f79aa61b92aea6f704ef7f716d849b8c77e6922e198a086d8133491d0bb85b925825a6d307d7cc8f09c655aa3edabf84c75560dfb279ee3e8b825323279edc58c3161e72cf9ae02ef80d500da922c0abeb8b164abd9c17ef7c02e89000d67b0c2ddd078cacbf37c4826be3845948d598980d63c1d7aade89d0637d80a4c102a35eb027a08ef90cc20d17fc514926914e68e5de54b861200ffa4ce1cbc16e4ecf342a1176cdb561f7dea38b3ae0fd81260f72d34e6f33d364cf313d3b3161410dcbf5f0f0579a1d235b49bb5d27f85825b94f1899e7846d0292ad912d934574f9d55d2152dbfb39d662e6e0f2496182d012af8b4bebbdfa1d68e3e988869fb5cd9612db97e6cc574444f4b5025ec9827bafc55341bf6ad3fd4fab2ee43f343cb9bcec0c38384b5699e5c6d5973ba591978275c51a40200d340b9ed3681f08c69f58320f538f9cd78a34eb6ed55710d2478ea4bd15813921817b42f88f1bb038033b519668f0a2e8693b9a19c7bcf96eec04bda625b31c32f4286be922ab2c87aa30310c8f46551450d5bc26b5fbfdedaae0f756384023bb9a28d3200cfeaedd63d6afe076513e8ad73d16607cd4ede16344e60d8707357e82b1089258c56d851a435e23ce0919825e04471dd61a44c43e87c2959d4e89311a30ee8be010094d0ef109bb210dda58b21b685b9e9c078c9ded6117d9a88dd7799291969851cd4c3f22b5f870a275a692188dafcf6e89ba87b0eb61011de031fda25fb3349901d40da2bbdb76eda417c9fafd90fb23504ab150ca0033ea1d00000000000086ba3aaa79d0df4f2e4e4afa565e66d28aa167f835d080bf1d41d0e52dbf81c671f8eacae234bf4fc328302671fab46613b73daf2ace80aff2f80f6a9d84b82480178cc612aa90adfc80ab3bba7d1527fc6ab04f009011bf093494a0d329df4e53d855b1c0ff6a25d22052b3a778e1ca2fbe59c9eeedf99e13682d06da269560524ffa0f404b73b946edf900ee958ceba09a051e27a620fb78e7a352c182c8c2981ce822eeaf6323965b4b3f322d40d406a158b6f3cf5d74822de952fefc341d0dead6c1c8fed8e48e0a85b51c1dcc7796d3f45bb1f50467a475da76c356c9e031b096867da1dbb89c3a038d475dbcdb2df1278d5dba55c2fb5ba6a9778c2a244198491f0f711cdb2ef0332f347afffb1b098b4c59041ccb0c286bb2dd40e7ec713f6ffe0b1067678c748615dae3c1e090f3739a9035767fb9972580d19fdef49a5071f99c3706b8fa4991f430721cf3ca11af0e3bd7c4d0cd0ab5b7d98ee66730c20a098110e4a15ce0bfc88c41fe375f261fe3557e14eb5ff4a2cdf6a008fd7b6702951b8456e940fbd269a0f3ed515ac03cfecce67027d579e1226bd7b7381827453550343566508d38790ee838c3bf85c6c91a45e7a44752f57313533a3e82e4042e65d346afb20c0527575f79080aef4e1aa8d5868d190c8d37bdae7592e41bed37b9d4c30d8126d3debde02dff25f5ef1e48133e2a41cd55347bd23dcce57a00189619db629c530dc112d22ac72bce353681264b5175be40b3ba84408d0f56762cc720e96c128447be7128748e185be2640115556bac64d060207e629b0144e501c1c49c6abd15c7982b01e22da2ad04bb28df1a27f31e18040c16406071d798bb40d901d001e22cc5ed870d08702f49f0021814cdd814901a13c7ab061bb4b8172c639b3449e24f656fee58186e69e6874ea95d946da781b49ca080ffb4a3c87746c661f43e9be52d0ba2ee368b9c143687c8846abac599069decf41e69fddcadf31c5f715917df12df4eedbfcc5805fe8e661b8fcd7b130d7bcc4a9a152de93a15dddacf3cf52479956185a3c5000d18ddce0236d5858c0d8761bca7446e3d30f3e8f48d5e8f86a60cbe46f038b1028ffd35590bdacfeebb86e28d42a923bdc3f9a307b919341a2a7dda096d41070db245c2c424aedd4a4bb9863169454d09f25fd0aa2da7bfc97ad7aca886dd998e041133e07899ad48f7cda600de48ac3951152dfbe6331b8acae24cfd2dd2b14696c75040685c756942a0d049ee9863a2e480388f93876f3910ecb3a59fa16c25b2b3636a542f92744495e10a4ce37f19f5c2256e2d61775d388e2a86b52f76add2f956aa02501f5badb94da12595b2bbf88b05dc70caae6766fd3df4f299d0ff71c8787249b255ea49b3d33b3f1a8c9403cb75d64264465c3578538382b23d721f8a49134020ca2d9e887d9949624ac6d63322b6507e277a0020db9bfa2928736b96c72fa3406a95adfe6b374ffa27001d37d3bbe725e75c257834572026c511f57dce67153a4008f9e75e07ed9237f600005800ee667c137fc78bc4fd4ebf4d228979ab0ccafbcd8b8daad76fb2abcfc585377ea6e19f170db898b950a7b0f4e75466a2ba26e7d60e0a6f5c54a3fe78677f3362c5b01ae791b62ee8a5d0fd65b739ece4f3b758d05a8e4e4ea7e4866ee67750ce2769f72a9f45780eadfae73b42d4dd4c614c797c694ece8af88cc732edabfa26ace57de54835c7551154dfa3be11a0d3b5845ac97b2da84410a652e72cd563acbb2b02bb59370cebaaa80014e3ad280944eae6fbf8d5f85237257bb5b8e5ec3e52dc06f8394176b325a577804e9eb78d7015172d17ed15f905f705d56687f53988bb207c74fbeb2b03a700258e835362886239f4d8f1c2cf6d4d10ff26d2579ea40a5fb99e5b6d01cdeda050d3faa78ed674f2899be08332086c8bf0410a7d06099c50a2d949d49a0f21b43bcdfbdf435875cf5a9def46db63746574ee8a5b1fbcef411154e914dd9e5bb1b1bd2944581083fb66a017e7972df3daefc487e4198cb281d3a80637d52b41738b7f1a57c867d5b2ee5d72465657593339506fd0c3807cd6445eb54cfb5ca9d35ef93eec6383224ebf85197eb6ed75f6c324f6a0345a25be6bb52ed347e57ccb059b903fb7db4e9f46513a4158ce29c1f5d6081b556bbc471e89225cad81aed34dae0f90ee8e7237b3b286e29b49d7a1700c537b28571f7d7e2a55e10792d6f7779ddefa3febdea5693048372a45903c04f1035a96c6cfbe6f6c2b754581aac02f8a70e698be6e37fd411cf4b76317b47683f6b0f80dfdeef3a9767c7e5c30dff786093a21477431fea0458023953700"}) r1 = syz_open_dev$video(&(0x7f0000000100), 0x9, 0x1e3a00) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)={0x14, r3, 0x303, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) ioctl$VIDIOC_ENUMINPUT(r1, 0xc050561a, &(0x7f00000002c0)={0x1, "c5c2a91e002b1b800000ffe73d5eff0010ffffffe70000ffe700", 0x1, 0x7, 0x1, 0xb700, 0x4040300, 0x4}) io_setup(0x5, &(0x7f0000002080)=0x0) io_submit(r4, 0x1, &(0x7f0000002140)=[&(0x7f0000002100)={0x0, 0x0, 0x0, 0x0, 0x6, r0, &(0x7f00000020c0)="ab123bcfc64dff84e087ef08efa2051016a1a1eee9b88df903f02b56ea61de8331f7ff455301ceed065d028d658f8332dce960ecef4a", 0x36, 0xcb, 0x0, 0x2, r0}]) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r0, 0xc0189378, &(0x7f0000002040)={{0x1, 0x1, 0x18, r0, {r1}}, './file0\x00'}) socket$inet_tcp(0x2, 0x1, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) syz_open_dev$radio(&(0x7f0000000080), 0x1, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002240)={0x18, 0x3, &(0x7f0000002300)=ANY=[@ANYRESHEX=r5], &(0x7f0000000300)='GPL\x00', 0x2, 0xb3, &(0x7f0000002180)=""/173, 0x41100, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffdfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r6 = getpid() bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r6, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r7, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, &(0x7f0000000000)) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8c, 0x0) 0s ago: executing program 2 (id=450): unshare(0x200) syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) io_setup(0x222, &(0x7f0000000180)=0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000003c0)=ANY=[@ANYRES16=0x0, @ANYRES64=0x0, @ANYBLOB, @ANYRESOCT=r1, @ANYRES16, @ANYRES8=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x3, &(0x7f0000000540)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xc, 0xb9, &(0x7f0000000140)=""/185, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400037}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="09000000c900ad1a"], 0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r5, &(0x7f00000009c0)={0x2, 0x4e24, @loopback}, 0x10) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0) writev(r5, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events.local\x00', 0x275a, 0x0) lseek(r6, 0x7fffffffffffffff, 0x0) setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000340)={0x3, 0x8003}, 0x4) io_submit(r1, 0x2, &(0x7f0000000300)=[&(0x7f0000000200)={0x0, 0x0, 0x8, 0x0, 0x0, r0, &(0x7f0000000000)='/', 0x1}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) syz_io_uring_setup(0x43d2, &(0x7f0000000580)={0x0, 0x366f, 0x10100, 0x2, 0x4}, 0x0, &(0x7f0000000040)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) syz_emit_vhci(&(0x7f00000004c0)=ANY=[@ANYBLOB="04100107e7fb89c0c34701f32af90f5df4c1674ce82f93311691f9f7234ae3c619896dad315f67ed682b61ad149bb7ae4912af57199d1e58a8bfd8b14ac5ab1ca7cb75cf9f5df437f14652af484181de8834dff3556628c3ba88b845182492935285e0e3d6e68f0fd7c8ead8639f46b87a117892e62f95204f3a3fcc7a5578d222dcc63999d7b2803974dfc3874377a6c0b5c911f1ea02a9b3057efb252f0431aac0f85dd3f19283bd59741f00f8"], 0x4) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:17588' (ED25519) to the list of known hosts. syzkaller login: [ 48.301495][ T5912] cgroup: Unknown subsys name 'net' [ 48.488731][ T5912] cgroup: Unknown subsys name 'cpuset' [ 48.492819][ T5912] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 49.524608][ T5912] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 53.828430][ T5950] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 53.831277][ T5950] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 53.837271][ T5952] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 53.842325][ T5952] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 53.846122][ T5952] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 53.848755][ T5952] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 53.851738][ T5952] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 53.855244][ T5957] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 53.858855][ T5957] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 53.859712][ T5955] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 53.864670][ T5957] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 53.865582][ T5955] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 53.868875][ T5957] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 53.869318][ T5958] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 53.873639][ T5955] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 53.878158][ T5299] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 53.878979][ T5955] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 53.894979][ T5955] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 53.896236][ T5299] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 53.898643][ T5955] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 54.286909][ T5941] chnl_net:caif_netlink_parms(): no params data found [ 54.304289][ T5944] chnl_net:caif_netlink_parms(): no params data found [ 54.322847][ T5942] chnl_net:caif_netlink_parms(): no params data found [ 54.369088][ T5943] chnl_net:caif_netlink_parms(): no params data found [ 54.532369][ T5941] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.536227][ T5941] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.538981][ T5941] bridge_slave_0: entered allmulticast mode [ 54.542750][ T5941] bridge_slave_0: entered promiscuous mode [ 54.585682][ T5941] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.588515][ T5941] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.591636][ T5941] bridge_slave_1: entered allmulticast mode [ 54.595438][ T5941] bridge_slave_1: entered promiscuous mode [ 54.606909][ T5942] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.609312][ T5942] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.612490][ T5942] bridge_slave_0: entered allmulticast mode [ 54.615299][ T5942] bridge_slave_0: entered promiscuous mode [ 54.619899][ T5942] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.622354][ T5942] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.625408][ T5942] bridge_slave_1: entered allmulticast mode [ 54.628910][ T5942] bridge_slave_1: entered promiscuous mode [ 54.686861][ T5941] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.690010][ T5944] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.692875][ T5944] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.695970][ T5944] bridge_slave_0: entered allmulticast mode [ 54.699879][ T5944] bridge_slave_0: entered promiscuous mode [ 54.705186][ T5944] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.709218][ T5944] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.712404][ T5944] bridge_slave_1: entered allmulticast mode [ 54.717006][ T5944] bridge_slave_1: entered promiscuous mode [ 54.732237][ T5942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.741588][ T5943] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.743942][ T5943] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.746579][ T5943] bridge_slave_0: entered allmulticast mode [ 54.749316][ T5943] bridge_slave_0: entered promiscuous mode [ 54.754386][ T5941] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.772066][ T5942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.775377][ T5943] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.777804][ T5943] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.780162][ T5943] bridge_slave_1: entered allmulticast mode [ 54.783108][ T5943] bridge_slave_1: entered promiscuous mode [ 54.809951][ T5944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.819871][ T5944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.824004][ T5941] team0: Port device team_slave_0 added [ 54.832349][ T5941] team0: Port device team_slave_1 added [ 54.836779][ T5943] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.846739][ T5943] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.851097][ T5942] team0: Port device team_slave_0 added [ 54.884860][ T5944] team0: Port device team_slave_0 added [ 54.889479][ T5942] team0: Port device team_slave_1 added [ 54.908943][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.911379][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.920074][ T5941] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.925369][ T5944] team0: Port device team_slave_1 added [ 54.936753][ T5943] team0: Port device team_slave_0 added [ 54.940427][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.943459][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.955431][ T5941] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.976221][ T5943] team0: Port device team_slave_1 added [ 55.006368][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.008687][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.017317][ T5942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.022608][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.026470][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.034790][ T5942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.039821][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.042946][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.055354][ T5944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.061822][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.064663][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.076714][ T5943] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.089241][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.092327][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.104150][ T5944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.110018][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.113439][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.124609][ T5943] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.189297][ T5942] hsr_slave_0: entered promiscuous mode [ 55.192100][ T5942] hsr_slave_1: entered promiscuous mode [ 55.201929][ T5941] hsr_slave_0: entered promiscuous mode [ 55.205599][ T5941] hsr_slave_1: entered promiscuous mode [ 55.208116][ T5941] debugfs: 'hsr0' already exists in 'hsr' [ 55.210042][ T5941] Cannot create hsr debugfs directory [ 55.273075][ T5943] hsr_slave_0: entered promiscuous mode [ 55.280978][ T5943] hsr_slave_1: entered promiscuous mode [ 55.284133][ T5943] debugfs: 'hsr0' already exists in 'hsr' [ 55.287085][ T5943] Cannot create hsr debugfs directory [ 55.295321][ T5944] hsr_slave_0: entered promiscuous mode [ 55.299085][ T5944] hsr_slave_1: entered promiscuous mode [ 55.302427][ T5944] debugfs: 'hsr0' already exists in 'hsr' [ 55.305001][ T5944] Cannot create hsr debugfs directory qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0xa9000) [ 55.636954][ T1111] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1 [ 55.639724][ T1111] ata1: failed to read log page 10h (errno=-5) [ 55.642320][ T1111] ata1.00: exception Emask 0x1 SAct 0xc000 SErr 0x0 action 0x0 [ 55.645496][ T1111] ata1.00: irq_stat 0x40000000 [ 55.653013][ T1111] ata1.00: failed command: WRITE FPDMA QUEUED [ 55.655269][ T1111] ata1.00: cmd 61/48:70:36:11:08/05:00:00:00:00/40 tag 14 ncq dma 692224 out [ 55.655269][ T1111] res 50/00:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error) [ 55.661426][ T1111] ata1.00: status: { DRDY } [ 55.662978][ T1111] ata1.00: failed command: WRITE FPDMA QUEUED [ 55.664982][ T1111] ata1.00: cmd 61/c0:78:7e:16:08/02:00:00:00:00/40 tag 15 ncq dma 360448 out [ 55.664982][ T1111] res 50/00:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error) [ 55.671569][ T1111] ata1.00: status: { DRDY } [ 55.674195][ T1111] ata1.00: configured for UDMA/100 [ 55.676672][ T1111] ata1: EH complete [ 55.713188][ T5941] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 55.750165][ T5941] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 55.766773][ T5941] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 55.788588][ T5941] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 55.810531][ T5942] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 55.821577][ T5942] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 55.844454][ T5942] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 55.865375][ T5942] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 55.883269][ T5944] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 55.887890][ T5944] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 55.896139][ T5299] Bluetooth: hci1: command tx timeout [ 55.896981][ T5944] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 55.902519][ T5944] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 55.968055][ T5943] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 55.975081][ T5943] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 55.976488][ T5299] Bluetooth: hci0: command tx timeout [ 55.976874][ T5955] Bluetooth: hci3: command tx timeout [ 55.976998][ T5950] Bluetooth: hci2: command tx timeout [ 55.992602][ T5943] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 55.997080][ T5943] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 56.054578][ T5941] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.086691][ T5942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.093405][ T5944] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.103690][ T5941] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.116526][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.118980][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.132626][ T5944] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.140821][ T5942] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.144550][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.147088][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.154745][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.157542][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.165288][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.168156][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.174025][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.176692][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.194432][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.196934][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.249011][ T5943] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.295512][ T5943] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.305267][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.309991][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.326507][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.329761][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.362081][ T5943] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 56.366968][ T5943] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.433745][ T5942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.440213][ T5944] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.468345][ T5944] veth0_vlan: entered promiscuous mode [ 56.484291][ T5944] veth1_vlan: entered promiscuous mode [ 56.490342][ T5941] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.512331][ T5943] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.520907][ T5942] veth0_vlan: entered promiscuous mode [ 56.539334][ T5942] veth1_vlan: entered promiscuous mode [ 56.548360][ T5944] veth0_macvtap: entered promiscuous mode [ 56.567853][ T5944] veth1_macvtap: entered promiscuous mode [ 56.585734][ T5941] veth0_vlan: entered promiscuous mode [ 56.590980][ T5943] veth0_vlan: entered promiscuous mode [ 56.600941][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.610011][ T5943] veth1_vlan: entered promiscuous mode [ 56.621501][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.628569][ T5941] veth1_vlan: entered promiscuous mode [ 56.633212][ T5942] veth0_macvtap: entered promiscuous mode [ 56.650290][ T5942] veth1_macvtap: entered promiscuous mode [ 56.653556][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.658229][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.669947][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.674464][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.693792][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.699214][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.722889][ T5941] veth0_macvtap: entered promiscuous mode [ 56.728652][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.732564][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.742433][ T5943] veth0_macvtap: entered promiscuous mode [ 56.760730][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.767289][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.771285][ T5941] veth1_macvtap: entered promiscuous mode [ 56.784161][ T5943] veth1_macvtap: entered promiscuous mode [ 56.801864][ T209] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.806276][ T209] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.842893][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.854255][ T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.858594][ T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.869282][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.877664][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.907220][ T5944] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 56.907884][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.912381][ T209] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.923362][ T209] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.928301][ T60] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.932425][ T60] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.960964][ T60] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.964403][ T60] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.989527][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.993055][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.993525][ T60] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.001540][ T60] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.031913][ T60] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.038408][ T60] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.090674][ T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.094216][ T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.123905][ T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.128361][ T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.171719][ T209] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.174936][ T209] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.206178][ T209] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.209563][ T209] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.297972][ T6036] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 57.309600][ T6036] loop2: detected capacity change from 0 to 7 [ 57.314919][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 57.319805][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 57.326736][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 57.331183][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 57.335257][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 57.339136][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 57.344045][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 57.347436][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 57.351083][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 57.354523][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 57.357880][ C2] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 57.362144][ C2] Buffer I/O error on dev loop2, logical block 0, async page read [ 57.370109][ C2] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 57.374359][ C2] Buffer I/O error on dev loop2, logical block 0, async page read [ 57.377876][ T6036] ldm_validate_partition_table(): Disk read failed. [ 57.380948][ C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 57.381427][ T6041] kernel profiling enabled (shift: 5) [ 57.385169][ C3] Buffer I/O error on dev loop2, logical block 0, async page read [ 57.427702][ C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 57.431768][ C3] Buffer I/O error on dev loop2, logical block 0, async page read [ 57.435488][ C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 57.439680][ C3] Buffer I/O error on dev loop2, logical block 0, async page read [ 57.444625][ T6036] Dev loop2: unable to read RDB block 0 [ 57.457013][ T6036] loop2: unable to read partition table [ 57.458634][ T6040] 0x000000000004-0x000000020000 : "" [ 57.458969][ T6036] loop2: partition table beyond EOD, truncated [ 57.463476][ T6036] loop_reread_partitions: partition scan of loop2 (ŝè˘Ğxü—ŸÑà– ) failed (rc=-5) [ 57.469325][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 57.503208][ T6040] ftl_cs: FTL header corrupt! [ 57.556757][ T6045] mkiss: ax0: crc mode is auto. [ 57.596640][ T40] audit: type=1326 audit(1773685116.842:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.0.7" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef6c code=0x7ffc0000 [ 57.615985][ T40] audit: type=1326 audit(1773685116.852:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.0.7" exe="/syz-executor" sig=0 arch=40000003 syscall=266 compat=1 ip=0xf703ef6c code=0x7ffc0000 [ 57.623478][ T40] audit: type=1326 audit(1773685116.852:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.0.7" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef6c code=0x7ffc0000 [ 57.656057][ T40] audit: type=1326 audit(1773685116.852:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.0.7" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef6c code=0x7ffc0000 [ 57.664875][ T40] audit: type=1326 audit(1773685116.852:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.0.7" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf703ef6c code=0x7ffc0000 [ 57.686050][ T40] audit: type=1326 audit(1773685116.852:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.0.7" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef6c code=0x7ffc0000 [ 57.695035][ T40] audit: type=1326 audit(1773685116.852:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.0.7" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf703ef6c code=0x7ffc0000 [ 57.709115][ T40] audit: type=1326 audit(1773685116.852:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.0.7" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef6c code=0x7ffc0000 [ 57.718790][ T40] audit: type=1326 audit(1773685116.852:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.0.7" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef6c code=0x7ffc0000 [ 57.975954][ T5299] Bluetooth: hci1: command tx timeout [ 58.046596][ T5299] Bluetooth: hci2: command tx timeout [ 58.048529][ T5299] Bluetooth: hci3: command tx timeout [ 58.050376][ T5299] Bluetooth: hci0: command tx timeout [ 60.232800][ T5950] Bluetooth: hci1: command tx timeout [ 60.234852][ T5950] Bluetooth: hci0: command tx timeout [ 60.237018][ T5950] Bluetooth: hci3: command tx timeout [ 60.238978][ T5950] Bluetooth: hci2: command tx timeout [ 61.149699][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 61.230547][ T6070] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 61.389500][ T6062] bridge_slave_0: left allmulticast mode [ 61.391400][ T6062] bridge_slave_0: left promiscuous mode [ 61.393786][ T6062] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.431351][ T6062] bridge_slave_1: left allmulticast mode [ 61.433263][ T6062] bridge_slave_1: left promiscuous mode [ 61.435130][ T6062] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.509158][ T6062] bond0: (slave bond_slave_0): Releasing backup interface [ 61.516365][ T6062] bond0: (slave bond_slave_1): Releasing backup interface [ 61.525596][ T6062] team0: Port device team_slave_0 removed [ 61.550314][ T6062] team0: Port device team_slave_1 removed [ 61.552746][ T6062] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 61.555659][ T6062] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 61.586976][ T6062] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 61.589497][ T6062] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 61.607381][ T6062] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 61.646468][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 61.676185][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 62.301565][ T5299] Bluetooth: hci2: command tx timeout [ 62.304015][ T5299] Bluetooth: hci3: command tx timeout [ 62.307028][ T5299] Bluetooth: hci0: command tx timeout [ 62.309446][ T5299] Bluetooth: hci1: command tx timeout [ 63.019555][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 63.057664][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 63.065706][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 63.097711][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 63.162782][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 63.200158][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 65.354048][ T6122] capability: warning: `syz.2.22' uses deprecated v2 capabilities in a way that may be insecure [ 66.847134][ T6124] can0: slcan on ttyS3. [ 67.046777][ T6124] can0 (unregistered): slcan off ttyS3. [ 67.619766][ T6139] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 67.622061][ T6139] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 67.629027][ T6139] vhci_hcd vhci_hcd.0: Device attached [ 68.175881][ T10] usb 38-1: SetAddress Request (2) to port 0 [ 68.177977][ T10] usb 38-1: new SuperSpeed USB device number 2 using vhci_hcd [ 68.486376][ T6140] vhci_hcd: connection reset by peer [ 68.489440][ T60] vhci_hcd vhci_hcd.0: stop threads [ 68.491833][ T60] vhci_hcd vhci_hcd.0: release socket [ 68.494537][ T60] vhci_hcd vhci_hcd.0: disconnect device [ 68.706696][ T6155] process 'syz.2.28' launched './file2' with NULL argv: empty string added [ 70.434266][ T6155] netlink: 4 bytes leftover after parsing attributes in process `syz.2.28'. [ 72.577622][ T6172] netlink: 20 bytes leftover after parsing attributes in process `syz.3.32'. [ 74.176186][ T10] usb 38-1: device descriptor read/8, error -110 [ 75.409438][ T6191] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 75.413121][ T6191] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 75.415969][ T6191] vhci_hcd vhci_hcd.0: Device attached [ 75.601741][ T10] usb usb38-port1: attempt power cycle [ 76.192905][ T10] usb usb38-port1: unable to enumerate USB device [ 76.599434][ T1325] usb 44-1: SetAddress Request (2) to port 0 [ 76.599506][ T1325] usb 44-1: new SuperSpeed USB device number 2 using vhci_hcd [ 76.600731][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.600815][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.737083][ T6196] can0: slcan on ttyS3. [ 76.867541][ T6196] can0 (unregistered): slcan off ttyS3. [ 76.928201][ T6192] vhci_hcd: connection reset by peer [ 76.931665][ T80] vhci_hcd vhci_hcd.3: stop threads [ 76.934083][ T80] vhci_hcd vhci_hcd.3: release socket [ 76.948107][ T80] vhci_hcd vhci_hcd.3: disconnect device [ 77.073696][ T6220] FAULT_INJECTION: forcing a failure. [ 77.073696][ T6220] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 77.079052][ T6220] CPU: 3 UID: 0 PID: 6220 Comm: syz.0.41 Not tainted syzkaller #0 PREEMPT(full) [ 77.079080][ T6220] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 77.079088][ T6220] Call Trace: [ 77.079093][ T6220] [ 77.079101][ T6220] dump_stack_lvl+0x100/0x190 [ 77.079124][ T6220] should_fail_ex.cold+0x5/0xa [ 77.079137][ T6220] _copy_to_user+0x32/0xd0 [ 77.079150][ T6220] vmci_host_unlocked_ioctl+0x644/0x2070 [ 77.079169][ T6220] ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10 [ 77.079187][ T6220] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 77.079206][ T6220] ? do_vfs_ioctl+0x226/0x13e0 [ 77.079221][ T6220] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 77.079239][ T6220] ? find_held_lock+0x2b/0x80 [ 77.079249][ T6220] ? hook_file_ioctl_common+0x146/0x410 [ 77.079264][ T6220] ? __fget_files+0x21f/0x3d0 [ 77.079275][ T6220] ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10 [ 77.079292][ T6220] compat_ptr_ioctl+0x6e/0xa0 [ 77.079306][ T6220] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 77.079320][ T6220] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 77.079337][ T6220] __do_fast_syscall_32+0xe3/0x8c0 [ 77.079356][ T6220] do_fast_syscall_32+0x32/0x70 [ 77.079372][ T6220] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 77.079385][ T6220] RIP: 0023:0xf703ef6c [ 77.079394][ T6220] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 77.079404][ T6220] RSP: 002b:00000000f542d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 77.079415][ T6220] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000007a5 [ 77.079421][ T6220] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 77.079427][ T6220] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 77.079432][ T6220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 77.079438][ T6220] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 77.079451][ T6220] [ 77.225150][ T6223] ======================================================= [ 77.225150][ T6223] WARNING: The mand mount option has been deprecated and [ 77.225150][ T6223] and is ignored by this kernel. Remove the mand [ 77.225150][ T6223] option from the mount to silence this warning. [ 77.225150][ T6223] ======================================================= [ 77.326611][ T6226] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 77.343537][ T6226] 9p: Bad value for 'rfdno' [ 77.495987][ T6206] netlink: zone id is out of range [ 77.664640][ T6206] netlink: set zone limit has 4 unknown bytes [ 78.364352][ T6012] hid-generic 0006:0004:0009.0002: unknown main item tag 0x0 [ 78.368697][ T6012] hid-generic 0006:0004:0009.0002: unknown main item tag 0x0 [ 78.372969][ T6012] hid-generic 0006:0004:0009.0002: unknown main item tag 0x0 [ 78.377876][ T6012] hid-generic 0006:0004:0009.0002: unknown main item tag 0x0 [ 78.380507][ T6012] hid-generic 0006:0004:0009.0002: unknown main item tag 0x0 [ 78.383036][ T6012] hid-generic 0006:0004:0009.0002: unknown main item tag 0x0 [ 78.387828][ T6012] hid-generic 0006:0004:0009.0002: unknown main item tag 0x0 [ 78.390380][ T6012] hid-generic 0006:0004:0009.0002: unknown main item tag 0x0 [ 78.392778][ T6012] hid-generic 0006:0004:0009.0002: unknown main item tag 0x0 [ 78.395183][ T6012] hid-generic 0006:0004:0009.0002: unknown main item tag 0x0 [ 78.404566][ T6012] hid-generic 0006:0004:0009.0002: hidraw1: VIRTUAL HID v0.04 Device [syz1] on syz0 [ 80.996723][ T6252] netlink: 4 bytes leftover after parsing attributes in process `syz.0.43'. [ 83.066310][ T1325] usb 44-1: device descriptor read/8, error -110 [ 84.002782][ T6267] input: syz0 as /devices/virtual/input/input5 [ 84.417557][ T1325] usb usb44-port1: attempt power cycle [ 84.585879][ T29] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 84.715922][ T29] usb 7-1: device descriptor read/64, error -71 [ 84.955889][ T29] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 84.987059][ T1325] usb usb44-port1: unable to enumerate USB device [ 85.023671][ T6280] input: syz1 as /devices/virtual/input/input6 [ 85.086874][ T29] usb 7-1: device descriptor read/64, error -71 [ 85.196939][ T29] usb usb7-port1: attempt power cycle [ 85.469970][ T6288] syz.1.55 uses obsolete (PF_INET,SOCK_PACKET) [ 85.555886][ T29] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 85.577841][ T29] usb 7-1: device descriptor read/8, error -71 [ 85.684530][ T6296] netlink: 4 bytes leftover after parsing attributes in process `syz.3.59'. [ 85.815959][ T29] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 85.836311][ T29] usb 7-1: device descriptor read/8, error -71 [ 85.898782][ T6303] syzkaller0: entered promiscuous mode [ 85.901050][ T6303] syzkaller0: entered allmulticast mode [ 85.966096][ T29] usb usb7-port1: unable to enumerate USB device [ 86.212253][ T54] cfg80211: failed to load regulatory.db [ 86.493429][ T6322] netlink: 16 bytes leftover after parsing attributes in process `syz.3.67'. [ 86.685830][ T5945] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 86.815903][ T5945] usb 7-1: device descriptor read/64, error -71 [ 87.075886][ T5945] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 87.103581][ T6327] bridge0: port 1(erspan0) entered blocking state [ 87.105903][ T6327] bridge0: port 1(erspan0) entered disabled state [ 87.108090][ T6327] erspan0: entered allmulticast mode [ 87.110718][ T6327] erspan0: entered promiscuous mode [ 87.112915][ T6327] bridge0: port 1(erspan0) entered blocking state [ 87.115046][ T6327] bridge0: port 1(erspan0) entered forwarding state [ 87.205852][ T5945] usb 7-1: device descriptor read/64, error -71 [ 87.326224][ T5945] usb usb7-port1: attempt power cycle [ 87.401411][ T6329] Device name not specified. [ 87.401411][ T6329] [ 87.552867][ T40] audit: type=1326 audit(1773685146.802:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.2.69" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7fc00000 [ 87.730283][ T6338] random: crng reseeded on system resumption [ 87.739633][ T6333] netlink: 12 bytes leftover after parsing attributes in process `syz.1.70'. [ 87.743536][ T6333] bond0: entered promiscuous mode [ 87.748382][ T6333] bond_slave_0: entered promiscuous mode [ 87.750973][ T6333] bond_slave_1: entered promiscuous mode [ 87.753475][ T6333] bond0: entered allmulticast mode [ 87.755702][ T6333] bond_slave_0: entered allmulticast mode [ 87.758209][ T6333] bond_slave_1: entered allmulticast mode [ 88.218625][ T40] audit: type=1326 audit(1773685147.472:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6328 comm="syz.2.69" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70bef88 code=0x7fc00000 [ 88.439105][ T6362] netlink: 48 bytes leftover after parsing attributes in process `syz.1.79'. [ 88.508127][ T6368] netlink: 'syz.2.82': attribute type 1 has an invalid length. [ 88.787080][ T6379] FAULT_INJECTION: forcing a failure. [ 88.787080][ T6379] name failslab, interval 1, probability 0, space 0, times 1 [ 88.792486][ T6379] CPU: 1 UID: 0 PID: 6379 Comm: syz.0.83 Not tainted syzkaller #0 PREEMPT(full) [ 88.792508][ T6379] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 88.792518][ T6379] Call Trace: [ 88.792524][ T6379] [ 88.792531][ T6379] dump_stack_lvl+0x100/0x190 [ 88.792558][ T6379] should_fail_ex.cold+0x5/0xa [ 88.792579][ T6379] should_failslab+0xc2/0x120 [ 88.792596][ T6379] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 88.792620][ T6379] ? __alloc_skb+0x140/0x710 [ 88.792644][ T6379] __alloc_skb+0x140/0x710 [ 88.792663][ T6379] ? __alloc_skb+0x5b7/0x710 [ 88.792682][ T6379] ? __pfx___alloc_skb+0x10/0x10 [ 88.792708][ T6379] alloc_skb_with_frags+0xe0/0x810 [ 88.792739][ T6379] sock_alloc_send_pskb+0x801/0x980 [ 88.792765][ T6379] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 88.792784][ T6379] ? kfree_skbmem+0x19a/0x210 [ 88.792798][ T6379] ? kmem_cache_free+0x124/0x6a0 [ 88.792818][ T6379] ? skb_release_data+0x7a0/0x9d0 [ 88.792845][ T6379] unix_dgram_sendmsg+0x3c7/0x1820 [ 88.792865][ T6379] ? tomoyo_socket_sendmsg_permission+0x14e/0x3c0 [ 88.792888][ T6379] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 88.792910][ T6379] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 88.792930][ T6379] ? __might_fault+0xc5/0x140 [ 88.792951][ T6379] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 88.792978][ T6379] ____sys_sendmsg+0x9e1/0xb70 [ 88.792994][ T6379] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 88.793012][ T6379] ? __pfx_____sys_sendmsg+0x10/0x10 [ 88.793031][ T6379] ? ___sys_sendmsg+0x19d/0x1e0 [ 88.793046][ T6379] ? kfree+0x2ec/0x6b0 [ 88.793063][ T6379] ? find_held_lock+0x2b/0x80 [ 88.793077][ T6379] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 88.793106][ T6379] ___sys_sendmsg+0x190/0x1e0 [ 88.793124][ T6379] ? __pfx____sys_sendmsg+0x10/0x10 [ 88.793139][ T6379] ? do_user_addr_fault+0x7de/0x12f0 [ 88.793173][ T6379] ? irqentry_exit+0x180/0x670 [ 88.793195][ T6379] ? lockdep_hardirqs_on+0x78/0x100 [ 88.793223][ T6379] ? __pfx___might_resched+0x10/0x10 [ 88.793246][ T6379] ? __sys_sendmmsg+0x313/0x430 [ 88.793269][ T6379] __sys_sendmmsg+0x2ff/0x430 [ 88.793294][ T6379] ? __pfx___sys_sendmmsg+0x10/0x10 [ 88.793322][ T6379] ? __fget_files+0x215/0x3d0 [ 88.793348][ T6379] ? fput+0x79/0x100 [ 88.793371][ T6379] ? ksys_write+0x1ac/0x250 [ 88.793386][ T6379] ? __pfx_ksys_write+0x10/0x10 [ 88.793403][ T6379] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 88.793425][ T6379] ? lockdep_hardirqs_on+0x78/0x100 [ 88.793446][ T6379] __do_fast_syscall_32+0xe3/0x8c0 [ 88.793471][ T6379] do_fast_syscall_32+0x32/0x70 [ 88.793493][ T6379] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 88.793513][ T6379] RIP: 0023:0xf703ef6c [ 88.793526][ T6379] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 88.793540][ T6379] RSP: 002b:00000000f542d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000159 [ 88.793555][ T6379] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001c00 [ 88.793565][ T6379] RDX: 0000000000000159 RSI: 0000000000040840 RDI: 0000000000000000 [ 88.793574][ T6379] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 88.793582][ T6379] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 88.793591][ T6379] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 88.793612][ T6379] [ 88.966386][ T1470] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 89.125898][ T1470] usb 7-1: Using ep0 maxpacket: 32 [ 89.132586][ T1470] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 89.136627][ T1470] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 89.146132][ T1470] usb 7-1: New USB device found, idVendor=0bda, idProduct=817f, bcdDevice=1b.68 [ 89.149324][ T1470] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.152190][ T1470] usb 7-1: Product: syz [ 89.153753][ T1470] usb 7-1: Manufacturer: syz [ 89.155536][ T1470] usb 7-1: SerialNumber: syz [ 89.184396][ T1470] usb 7-1: config 0 descriptor?? [ 89.383382][ T6388] netlink: 4 bytes leftover after parsing attributes in process `syz.3.87'. [ 89.404232][ T29] usb 7-1: USB disconnect, device number 9 [ 89.467136][ T6396] Zero length message leads to an empty skb [ 89.530175][ T6399] netlink: 'syz.0.89': attribute type 1 has an invalid length. [ 89.544141][ T6399] 8021q: adding VLAN 0 to HW filter on device bond1 [ 89.569997][ T6399] bond1: (slave veth3): Enslaving as an active interface with a down link [ 89.571207][ T6397] netlink: 44 bytes leftover after parsing attributes in process `syz.1.88'. [ 89.577391][ T6397] netlink: 'syz.1.88': attribute type 6 has an invalid length. [ 89.581346][ T6397] netlink: 'syz.1.88': attribute type 5 has an invalid length. [ 89.584495][ T6397] netlink: 'syz.1.88': attribute type 4 has an invalid length. [ 89.584624][ T6399] bond1: (slave veth0_to_bond): Enslaving as an active interface with a down link [ 89.591414][ T6391] usb usb7: usbfs: process 6391 (syz.3.87) did not claim interface 0 before use [ 89.597455][ T6399] vlan2: entered allmulticast mode [ 89.599251][ T6399] veth0_to_bond: entered allmulticast mode [ 89.601593][ T6399] veth0_to_bond: entered promiscuous mode [ 89.604087][ T6399] veth0_to_bond: left promiscuous mode [ 89.607335][ T6399] veth0_to_bond: entered promiscuous mode [ 89.609530][ T6399] bond1: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 89.615351][ T6399] veth0_to_bond: left promiscuous mode [ 89.690389][ T6406] i801_smbus 0000:00:1f.3: Illegal SMBus block read size 0 [ 89.738504][ T6408] netlink: 'syz.1.93': attribute type 1 has an invalid length. [ 90.573409][ T6437] syzkaller1: entered promiscuous mode [ 90.575277][ T6437] syzkaller1: entered allmulticast mode [ 91.215950][ T1325] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 91.295137][ T6469] FAULT_INJECTION: forcing a failure. [ 91.295137][ T6469] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 91.300145][ T6469] CPU: 2 UID: 0 PID: 6469 Comm: syz.2.114 Not tainted syzkaller #0 PREEMPT(full) [ 91.300160][ T6469] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 91.300167][ T6469] Call Trace: [ 91.300171][ T6469] [ 91.300175][ T6469] dump_stack_lvl+0x100/0x190 [ 91.300195][ T6469] should_fail_ex.cold+0x5/0xa [ 91.300209][ T6469] _copy_to_user+0x32/0xd0 [ 91.300228][ T6469] rng_dev_read+0x223/0x910 [ 91.300245][ T6469] ? __pfx_virtio_read+0x10/0x10 [ 91.300256][ T6469] ? __pfx_rng_dev_read+0x10/0x10 [ 91.300274][ T6469] ? bpf_lsm_file_permission+0x9/0x10 [ 91.300291][ T6469] ? security_file_permission+0x76/0x210 [ 91.300304][ T6469] ? rw_verify_area+0xce/0x6d0 [ 91.300320][ T6469] ? __pfx_rng_dev_read+0x10/0x10 [ 91.300336][ T6469] vfs_read+0x1e4/0xb30 [ 91.300354][ T6469] ? __pfx_vfs_read+0x10/0x10 [ 91.300369][ T6469] ? find_held_lock+0x2b/0x80 [ 91.300379][ T6469] ? __fget_files+0x215/0x3d0 [ 91.300388][ T6469] ? __fget_files+0x215/0x3d0 [ 91.300399][ T6469] ? __fget_files+0x21f/0x3d0 [ 91.300412][ T6469] ksys_read+0x12a/0x250 [ 91.300421][ T6469] ? __pfx_ksys_read+0x10/0x10 [ 91.300430][ T6469] ? __pfx_ksys_write+0x10/0x10 [ 91.300442][ T6469] __do_fast_syscall_32+0xe3/0x8c0 [ 91.300459][ T6469] do_fast_syscall_32+0x32/0x70 [ 91.300474][ T6469] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 91.300488][ T6469] RIP: 0023:0xf70bef6c [ 91.300497][ T6469] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 91.300506][ T6469] RSP: 002b:00000000f54ad50c EFLAGS: 00000292 ORIG_RAX: 0000000000000003 [ 91.300517][ T6469] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800024c0 [ 91.300523][ T6469] RDX: 00000000fffffec1 RSI: 0000000000000000 RDI: 0000000000000000 [ 91.300529][ T6469] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 91.300534][ T6469] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 91.300540][ T6469] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 91.300552][ T6469] [ 91.404654][ T1325] usb 5-1: device descriptor read/64, error -71 [ 91.534601][ T6484] trusted_key: encrypted_key: hex blob is missing [ 91.542921][ T6485] ieee802154 phy0 wpan0: encryption failed: -22 [ 91.556105][ T40] audit: type=1326 audit(1773685150.802:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6483 comm="syz.2.120" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70bef6c code=0x0 [ 91.656371][ T1325] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 91.699178][ T6490] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 91.785942][ T1325] usb 5-1: device descriptor read/64, error -71 [ 91.830755][ T6495] netlink: 28 bytes leftover after parsing attributes in process `syz.3.124'. [ 91.896165][ T1325] usb usb5-port1: attempt power cycle [ 92.025109][ T6500] workqueue: name exceeds WQ_NAME_LEN. Truncating to: 1ùà^!‚lü1Ü*ĝ$pOcÚɔÎÜr$ċG—•µ [ 92.092313][ T6500] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!‚lü1Ü*ĝ$pOcÚɔÎÜr$ċG—•µ' [ 92.105605][ T6500] CPU: 2 UID: 0 PID: 6500 Comm: syz.1.125 Not tainted syzkaller #0 PREEMPT(full) [ 92.105632][ T6500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 92.105643][ T6500] Call Trace: [ 92.105651][ T6500] [ 92.105659][ T6500] dump_stack_lvl+0x100/0x190 [ 92.105691][ T6500] sysfs_warn_dup.cold+0x1c/0x28 [ 92.105715][ T6500] sysfs_do_create_link_sd+0x113/0x140 [ 92.105758][ T6500] sysfs_create_link+0x61/0xc0 [ 92.105785][ T6500] device_add+0x675/0x1950 [ 92.105815][ T6500] ? __pfx_device_add+0x10/0x10 [ 92.105835][ T6500] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 92.105868][ T6500] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 92.105898][ T6500] wiphy_register+0x1e5b/0x2d30 [ 92.105932][ T6500] ? __rtnl_unlock+0xb9/0xf0 [ 92.105959][ T6500] ? netdev_run_todo+0x7a0/0x12c0 [ 92.105992][ T6500] ? __pfx_wiphy_register+0x10/0x10 [ 92.106022][ T6500] ? __asan_memset+0x23/0x50 [ 92.106049][ T6500] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 92.106084][ T6500] ieee80211_register_hw+0x2cfd/0x4140 [ 92.106124][ T6500] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 92.106151][ T6500] ? __pfx___debug_object_init+0x10/0x10 [ 92.106182][ T6500] ? find_held_lock+0x2b/0x80 [ 92.106200][ T6500] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 92.106230][ T6500] ? __hrtimer_setup+0x178/0x280 [ 92.106257][ T6500] mac80211_hwsim_new_radio+0x2847/0x57d0 [ 92.106301][ T6500] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 92.106330][ T6500] ? __asan_memcpy+0x3c/0x60 [ 92.106357][ T6500] hwsim_new_radio_nl+0xc1f/0x1340 [ 92.106388][ T6500] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 92.106422][ T6500] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 92.106440][ T6500] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 92.106464][ T6500] genl_family_rcv_msg_doit+0x214/0x300 [ 92.106486][ T6500] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 92.106505][ T6500] ? genl_get_cmd+0x3ef/0x720 [ 92.106528][ T6500] ? bpf_lsm_capable+0x9/0x10 [ 92.106546][ T6500] ? security_capable+0x80/0x260 [ 92.106573][ T6500] ? ns_capable+0xd2/0xf0 [ 92.106593][ T6500] genl_rcv_msg+0x560/0x800 [ 92.106614][ T6500] ? __pfx_genl_rcv_msg+0x10/0x10 [ 92.106633][ T6500] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 92.106668][ T6500] netlink_rcv_skb+0x159/0x420 [ 92.106693][ T6500] ? __pfx_genl_rcv_msg+0x10/0x10 [ 92.106713][ T6500] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 92.106751][ T6500] ? netlink_deliver_tap+0x1ae/0xcc0 [ 92.106781][ T6500] genl_rcv+0x28/0x40 [ 92.106793][ T6500] netlink_unicast+0x5aa/0x870 [ 92.106833][ T6500] ? __pfx_netlink_unicast+0x10/0x10 [ 92.106870][ T6500] netlink_sendmsg+0x8b0/0xda0 [ 92.106925][ T6500] ? __pfx_netlink_sendmsg+0x10/0x10 [ 92.106956][ T6500] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 92.106989][ T6500] ____sys_sendmsg+0x9e1/0xb70 [ 92.107007][ T6500] ? __pfx_netlink_sendmsg+0x10/0x10 [ 92.107038][ T6500] ? __pfx_____sys_sendmsg+0x10/0x10 [ 92.107059][ T6500] ? __pfx_futex_wake_mark+0x10/0x10 [ 92.107097][ T6500] ___sys_sendmsg+0x190/0x1e0 [ 92.107119][ T6500] ? __pfx____sys_sendmsg+0x10/0x10 [ 92.107172][ T6500] __sys_sendmsg+0x170/0x220 [ 92.107197][ T6500] ? __pfx___sys_sendmsg+0x10/0x10 [ 92.107221][ T6500] ? __ia32_sys_futex_time32+0x2f4/0x470 [ 92.107262][ T6500] __do_fast_syscall_32+0xe3/0x8c0 [ 92.107291][ T6500] do_fast_syscall_32+0x32/0x70 [ 92.107313][ T6500] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 92.107334][ T6500] RIP: 0023:0xf7fe5f6c [ 92.107350][ T6500] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 92.107366][ T6500] RSP: 002b:00000000f54a650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 92.107384][ T6500] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000100 [ 92.107395][ T6500] RDX: 0000000004000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 92.107405][ T6500] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 92.107415][ T6500] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 92.107424][ T6500] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 92.107446][ T6500] [ 92.325951][ T1325] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 92.346241][ T1325] usb 5-1: device descriptor read/8, error -71 [ 92.486424][ T6508] hfsplus: unable to find HFS+ superblock [ 92.606151][ T1325] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 92.627003][ T1325] usb 5-1: device descriptor read/8, error -71 [ 92.737431][ T1325] usb usb5-port1: unable to enumerate USB device [ 93.737767][ T6524] can0: slcan on ttyS3. [ 93.749990][ T6528] netlink: 56 bytes leftover after parsing attributes in process `syz.3.135'. [ 93.796920][ T6524] can0 (unregistered): slcan off ttyS3. [ 94.705254][ T6544] fuse: Bad value for 'fd' [ 95.316918][ T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 95.868657][ T6572] netlink: 4 bytes leftover after parsing attributes in process `syz.3.145'. [ 95.881369][ T6575] binder: 6574:6575 ioctl c0306201 800003c0 returned -14 [ 95.884283][ T6572] netlink: 4 bytes leftover after parsing attributes in process `syz.3.145'. [ 95.888519][ T6575] FAULT_INJECTION: forcing a failure. [ 95.888519][ T6575] name failslab, interval 1, probability 0, space 0, times 0 [ 95.893537][ T6572] netlink: 4 bytes leftover after parsing attributes in process `syz.3.145'. [ 95.900330][ T6572] netlink: 4 bytes leftover after parsing attributes in process `syz.3.145'. [ 95.903599][ T6572] netlink: 4 bytes leftover after parsing attributes in process `syz.3.145'. [ 95.926821][ T6575] CPU: 3 UID: 0 PID: 6575 Comm: syz.1.146 Not tainted syzkaller #0 PREEMPT(full) [ 95.926843][ T6575] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 95.926850][ T6575] Call Trace: [ 95.926854][ T6575] [ 95.926858][ T6575] dump_stack_lvl+0x100/0x190 [ 95.926909][ T6575] should_fail_ex.cold+0x5/0xa [ 95.926928][ T6575] ? tomoyo_realpath_from_path+0xb6/0x690 [ 95.926944][ T6575] should_failslab+0xc2/0x120 [ 95.926956][ T6575] __kmalloc_noprof+0xe0/0x850 [ 95.926981][ T6575] tomoyo_realpath_from_path+0xb6/0x690 [ 95.927009][ T6575] tomoyo_path_number_perm+0x23c/0x580 [ 95.927026][ T6575] ? tomoyo_path_number_perm+0x22e/0x580 [ 95.927041][ T6575] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 95.927094][ T6575] ? find_held_lock+0x2b/0x80 [ 95.927112][ T6575] ? hook_file_ioctl_common+0x146/0x410 [ 95.927130][ T6575] ? __fget_files+0x215/0x3d0 [ 95.927147][ T6575] ? __fget_files+0x21f/0x3d0 [ 95.927167][ T6575] security_file_ioctl_compat+0xd3/0x230 [ 95.927189][ T6575] __ia32_compat_sys_ioctl+0xc2/0x360 [ 95.927217][ T6575] __do_fast_syscall_32+0xe3/0x8c0 [ 95.927242][ T6575] do_fast_syscall_32+0x32/0x70 [ 95.927267][ T6575] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 95.927288][ T6575] RIP: 0023:0xf7fe5f6c [ 95.927302][ T6575] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 95.927312][ T6575] RSP: 002b:00000000f54a650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 95.927329][ T6575] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c0306201 [ 95.927339][ T6575] RDX: 00000000800001c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 95.927349][ T6575] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 95.927358][ T6575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 95.927367][ T6575] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 95.927389][ T6575] [ 95.927488][ T6575] ERROR: Out of memory at tomoyo_realpath_from_path. [ 103.683405][ T6611] FAULT_INJECTION: forcing a failure. [ 103.683405][ T6611] name failslab, interval 1, probability 0, space 0, times 0 [ 103.688008][ T6611] CPU: 0 UID: 0 PID: 6611 Comm: syz.1.150 Not tainted syzkaller #0 PREEMPT(full) [ 103.688024][ T6611] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 103.688030][ T6611] Call Trace: [ 103.688034][ T6611] [ 103.688039][ T6611] dump_stack_lvl+0x100/0x190 [ 103.688072][ T6611] should_fail_ex.cold+0x5/0xa [ 103.688085][ T6611] should_failslab+0xc2/0x120 [ 103.688096][ T6611] __kmalloc_cache_noprof+0x7a/0x6f0 [ 103.688111][ T6611] ? nsim_fib_event_nb+0x1a8/0xe40 [ 103.688128][ T6611] ? __mutex_unlock_slowpath+0x15c/0x790 [ 103.688146][ T6611] nsim_fib_event_nb+0x1a8/0xe40 [ 103.688168][ T6611] ? lock_acquire+0x1cf/0x380 [ 103.688182][ T6611] notifier_call_chain+0x99/0x420 [ 103.688199][ T6611] atomic_notifier_call_chain+0x71/0x1c0 [ 103.688214][ T6611] call_fib_notifiers+0x33/0x70 [ 103.688230][ T6611] fib6_add_rt2node+0x184c/0x3c30 [ 103.688253][ T6611] ? __pfx_fib6_add_rt2node+0x10/0x10 [ 103.688273][ T6611] ? fib6_add+0x60e/0x1d30 [ 103.688287][ T6611] fib6_add+0x60e/0x1d30 [ 103.688304][ T6611] ? do_raw_spin_lock+0x128/0x260 [ 103.688319][ T6611] ? __pfx_fib6_add+0x10/0x10 [ 103.688333][ T6611] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 103.688348][ T6611] ? __asan_memcpy+0x3c/0x60 [ 103.688365][ T6611] ip6_route_add+0xf9/0x1d0 [ 103.688377][ T6611] addrconf_prefix_route+0x2fb/0x510 [ 103.688392][ T6611] ? __pfx_addrconf_prefix_route+0x10/0x10 [ 103.688405][ T6611] ? atomic_notifier_call_chain+0xa8/0x1c0 [ 103.688431][ T6611] inet6_addr_add+0x575/0x9a0 [ 103.688449][ T6611] inet6_rtm_newaddr+0x1475/0x1bb0 [ 103.688466][ T6611] ? kmem_cache_free+0x124/0x6a0 [ 103.688481][ T6611] ? __pfx_inet6_rtm_newaddr+0x10/0x10 [ 103.688498][ T6611] ? __lock_acquire+0x4a5/0x2630 [ 103.688518][ T6611] ? find_held_lock+0x2b/0x80 [ 103.688527][ T6611] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 103.688541][ T6611] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 103.688558][ T6611] ? __pfx_inet6_rtm_newaddr+0x10/0x10 [ 103.688574][ T6611] rtnetlink_rcv_msg+0x95e/0xe90 [ 103.688589][ T6611] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 103.688608][ T6611] ? ref_tracker_free+0x37e/0x6c0 [ 103.688623][ T6611] netlink_rcv_skb+0x159/0x420 [ 103.688640][ T6611] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 103.688655][ T6611] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 103.688676][ T6611] ? netlink_deliver_tap+0x1ae/0xcc0 [ 103.688693][ T6611] netlink_unicast+0x5aa/0x870 [ 103.688711][ T6611] ? __pfx_netlink_unicast+0x10/0x10 [ 103.688732][ T6611] netlink_sendmsg+0x8b0/0xda0 [ 103.688752][ T6611] ? __pfx_netlink_sendmsg+0x10/0x10 [ 103.688776][ T6611] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 103.688800][ T6611] ____sys_sendmsg+0x9e1/0xb70 [ 103.688814][ T6611] ? __pfx_netlink_sendmsg+0x10/0x10 [ 103.688837][ T6611] ? __pfx_____sys_sendmsg+0x10/0x10 [ 103.688854][ T6611] ___sys_sendmsg+0x190/0x1e0 [ 103.688866][ T6611] ? __pfx____sys_sendmsg+0x10/0x10 [ 103.688907][ T6611] __sys_sendmsg+0x170/0x220 [ 103.688923][ T6611] ? __pfx___sys_sendmsg+0x10/0x10 [ 103.688942][ T6611] ? __pfx_ksys_write+0x10/0x10 [ 103.688954][ T6611] __do_fast_syscall_32+0xe3/0x8c0 [ 103.688972][ T6611] do_fast_syscall_32+0x32/0x70 [ 103.688987][ T6611] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 103.689000][ T6611] RIP: 0023:0xf7fe5f6c [ 103.689009][ T6611] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 103.689019][ T6611] RSP: 002b:00000000f54a650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 103.689029][ T6611] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040 [ 103.689035][ T6611] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 103.689040][ T6611] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 103.689046][ T6611] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 103.689052][ T6611] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 103.689064][ T6611] [ 103.910061][ T40] audit: type=1326 audit(1773685163.162:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6609 comm="syz.0.149" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf703ef6c code=0x0 [ 104.907829][ T6621] bridge0: port 1(erspan0) entered disabled state [ 105.026852][ T46] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.032064][ T46] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.035441][ T46] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.039671][ T46] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.204054][ T6628] can0: slcan on ttyS3. [ 105.688571][ T6628] can0 (unregistered): slcan off ttyS3. [ 106.175168][ T6645] netlink: 'syz.1.156': attribute type 4 has an invalid length. [ 107.414791][ T6667] support for cryptoloop has been removed. Use dm-crypt instead. [ 108.245496][ T6680] FAULT_INJECTION: forcing a failure. [ 108.245496][ T6680] name failslab, interval 1, probability 0, space 0, times 0 [ 108.251182][ T6680] CPU: 0 UID: 0 PID: 6680 Comm: syz.3.165 Not tainted syzkaller #0 PREEMPT(full) [ 108.251206][ T6680] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 108.251216][ T6680] Call Trace: [ 108.251223][ T6680] [ 108.251230][ T6680] dump_stack_lvl+0x100/0x190 [ 108.251263][ T6680] should_fail_ex.cold+0x5/0xa [ 108.251285][ T6680] should_failslab+0xc2/0x120 [ 108.251305][ T6680] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 108.251331][ T6680] ? do_getname_kernel+0x5d/0x250 [ 108.251356][ T6680] do_getname_kernel+0x5d/0x250 [ 108.251378][ T6680] kern_path+0x1f/0x50 [ 108.251408][ T6680] bpf_uprobe_multi_link_attach+0x424/0x13d0 [ 108.251433][ T6680] ? find_held_lock+0x2b/0x80 [ 108.251449][ T6680] ? __fget_files+0x215/0x3d0 [ 108.251472][ T6680] ? __pfx_bpf_uprobe_multi_link_attach+0x10/0x10 [ 108.251492][ T6680] ? __fget_files+0x21f/0x3d0 [ 108.251513][ T6680] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 108.251547][ T6680] __sys_bpf+0x3faf/0x4b90 [ 108.251571][ T6680] ? __pfx___sys_bpf+0x10/0x10 [ 108.251591][ T6680] ? proc_fail_nth_write+0x9f/0x220 [ 108.251614][ T6680] ? find_held_lock+0x2b/0x80 [ 108.251634][ T6680] ? find_held_lock+0x2b/0x80 [ 108.251658][ T6680] ? ksys_write+0x190/0x250 [ 108.251678][ T6680] ? __mutex_unlock_slowpath+0x15c/0x790 [ 108.251714][ T6680] ? fput+0x79/0x100 [ 108.251733][ T6680] ? ksys_write+0x1ac/0x250 [ 108.251753][ T6680] __ia32_sys_bpf+0x79/0xf0 [ 108.251771][ T6680] ? lockdep_hardirqs_on+0x78/0x100 [ 108.251795][ T6680] __do_fast_syscall_32+0xe3/0x8c0 [ 108.251821][ T6680] do_fast_syscall_32+0x32/0x70 [ 108.251845][ T6680] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 108.251865][ T6680] RIP: 0023:0xf704ef6c [ 108.251879][ T6680] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 108.251894][ T6680] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000165 [ 108.251911][ T6680] RAX: ffffffffffffffda RBX: 000000000000001c RCX: 00000000800005c0 [ 108.251922][ T6680] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 108.251932][ T6680] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 108.251941][ T6680] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 108.251951][ T6680] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 108.251974][ T6680] [ 109.000992][ T6688] ubi31: attaching mtd0 [ 109.047231][ T6688] ubi31 error: ubi_attach_mtd_dev: bad VID header (4096) or data offsets (4160) [ 109.913407][ T6715] FAULT_INJECTION: forcing a failure. [ 109.913407][ T6715] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 109.913621][ T6715] CPU: 1 UID: 0 PID: 6715 Comm: syz.3.178 Not tainted syzkaller #0 PREEMPT(full) [ 109.913642][ T6715] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 109.913668][ T6715] Call Trace: [ 109.913675][ T6715] [ 109.913682][ T6715] dump_stack_lvl+0x100/0x190 [ 109.913713][ T6715] should_fail_ex.cold+0x5/0xa [ 109.913735][ T6715] _copy_from_user+0x2e/0xd0 [ 109.913756][ T6715] snd_ctl_elem_add_compat+0x72/0x3e0 [ 109.913783][ T6715] snd_ctl_ioctl_compat+0xa05/0xc70 [ 109.913821][ T6715] ? __pfx_snd_ctl_ioctl_compat+0x10/0x10 [ 109.913847][ T6715] ? find_held_lock+0x2b/0x80 [ 109.913863][ T6715] ? hook_file_ioctl_common+0x146/0x410 [ 109.913887][ T6715] ? __fget_files+0x21f/0x3d0 [ 109.913920][ T6715] ? __pfx_snd_ctl_ioctl_compat+0x10/0x10 [ 109.913949][ T6715] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 109.913977][ T6715] __do_fast_syscall_32+0xe3/0x8c0 [ 109.914007][ T6715] do_fast_syscall_32+0x32/0x70 [ 109.914032][ T6715] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 109.914054][ T6715] RIP: 0023:0xf704ef6c [ 109.914068][ T6715] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 109.914084][ T6715] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 109.914100][ T6715] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c1105517 [ 109.914110][ T6715] RDX: 0000000080000340 RSI: 0000000000000000 RDI: 0000000000000000 [ 109.914120][ T6715] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 109.914129][ T6715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 109.914139][ T6715] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 109.914161][ T6715] [ 110.282099][ T6704] orangefs_mount: mount request failed with -4 [ 110.364173][ T6729] netlink: 12 bytes leftover after parsing attributes in process `syz.0.184'. [ 110.492703][ T6734] netlink: 'syz.0.185': attribute type 21 has an invalid length. [ 110.495428][ T6734] netlink: 128 bytes leftover after parsing attributes in process `syz.0.185'. [ 110.502371][ T6734] netlink: 'syz.0.185': attribute type 4 has an invalid length. [ 110.505466][ T6734] netlink: 3 bytes leftover after parsing attributes in process `syz.0.185'. [ 111.075897][ T1470] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 111.244862][ T1470] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 111.260185][ T1470] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.264061][ T1470] usb 5-1: Product: syz [ 111.267580][ T1470] usb 5-1: Manufacturer: syz [ 111.272158][ T1470] usb 5-1: SerialNumber: syz [ 111.288242][ T1470] usb 5-1: config 0 descriptor?? [ 111.513851][ T1470] usb 5-1: USB disconnect, device number 6 [ 111.727326][ T6744] Bluetooth: MGMT ver 1.23 [ 111.807907][ T6758] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9) [ 111.810369][ T6758] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 111.813290][ T6758] vhci_hcd vhci_hcd.0: Device attached [ 111.847368][ T6744] ref_ctr_offset mismatch. inode: 0x104 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x300000018 [ 111.901000][ T6762] netlink: 16 bytes leftover after parsing attributes in process `syz.3.193'. [ 111.905917][ T1470] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 112.001073][ T6764] fuse: Unknown parameter 'user_id00000000000000000000' [ 112.045849][ T53] usb 39-1: new low-speed USB device number 2 using vhci_hcd [ 112.065848][ T1470] usb 7-1: Using ep0 maxpacket: 32 [ 112.069478][ T1470] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 112.074808][ T1470] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 112.078142][ T1470] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 112.080779][ T1470] usb 7-1: Product: syz [ 112.082113][ T1470] usb 7-1: Manufacturer: syz [ 112.083771][ T1470] usb 7-1: SerialNumber: syz [ 112.087303][ T1470] usb 7-1: config 0 descriptor?? [ 112.093086][ T6754] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 112.227519][ T6759] vhci_hcd: connection reset by peer [ 112.230419][ T6536] vhci_hcd vhci_hcd.1: stop threads [ 112.232212][ T6536] vhci_hcd vhci_hcd.1: release socket [ 112.234108][ T6536] vhci_hcd vhci_hcd.1: disconnect device [ 112.364065][ T1470] usb 7-1: USB disconnect, device number 10 [ 112.642639][ T6774] netlink: 60 bytes leftover after parsing attributes in process `syz.3.197'. [ 114.148154][ T6780] can0: slcan on ttyS3. [ 114.361654][ T6781] can0 (unregistered): slcan off ttyS3. [ 114.677184][ T6806] FAULT_INJECTION: forcing a failure. [ 114.677184][ T6806] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 114.683846][ T6806] CPU: 2 UID: 0 PID: 6806 Comm: syz.3.206 Not tainted syzkaller #0 PREEMPT(full) [ 114.683871][ T6806] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 114.683881][ T6806] Call Trace: [ 114.683889][ T6806] [ 114.683897][ T6806] dump_stack_lvl+0x100/0x190 [ 114.683929][ T6806] should_fail_ex.cold+0x5/0xa [ 114.683951][ T6806] _copy_from_user+0x2e/0xd0 [ 114.683972][ T6806] kstrtouint_from_user+0xd6/0x1d0 [ 114.683998][ T6806] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 114.684021][ T6806] ? __lock_acquire+0x4a5/0x2630 [ 114.684047][ T6806] ? lock_acquire+0x1cf/0x380 [ 114.684074][ T6806] proc_fail_nth_write+0x83/0x220 [ 114.684096][ T6806] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 114.684124][ T6806] vfs_write+0x2aa/0x1070 [ 114.684142][ T6806] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 114.684165][ T6806] ? __pfx_vfs_write+0x10/0x10 [ 114.684190][ T6806] ? find_held_lock+0x2b/0x80 [ 114.684206][ T6806] ? __fget_files+0x215/0x3d0 [ 114.684233][ T6806] ? __fget_files+0x21f/0x3d0 [ 114.684256][ T6806] ksys_write+0x12a/0x250 [ 114.684272][ T6806] ? __pfx_ksys_write+0x10/0x10 [ 114.684296][ T6806] do_int80_emulation+0x141/0x6b0 [ 114.684325][ T6806] asm_int80_emulation+0x1a/0x20 [ 114.684343][ T6806] RIP: 0023:0xf7185cab [ 114.684357][ T6806] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53 [ 114.684372][ T6806] RSP: 002b:00000000f543d4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 114.684388][ T6806] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f543d5d0 [ 114.684399][ T6806] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 114.684408][ T6806] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 114.684417][ T6806] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 114.684427][ T6806] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 114.684450][ T6806] [ 114.834735][ T6811] warning: `syz.3.208' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 115.720110][ T6816] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9) [ 115.722887][ T6816] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 115.727282][ T6816] vhci_hcd vhci_hcd.0: Device attached [ 115.783347][ T6826] netlink: 132 bytes leftover after parsing attributes in process `syz.0.211'. [ 115.849985][ T6822] vhci_hcd: connection closed [ 115.850438][ T60] vhci_hcd vhci_hcd.3: stop threads [ 115.854798][ T60] vhci_hcd vhci_hcd.3: release socket [ 115.859865][ T60] vhci_hcd vhci_hcd.3: disconnect device [ 116.003721][ T6831] sch_tbf: peakrate 1 is lower than or equals to rate 16149960914006595198 ! [ 117.121260][ T6849] set match dimension is over the limit! [ 117.176000][ T53] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 118.638665][ T6891] binder: 6888:6891 ioctl c0306201 80000040 returned -22 [ 119.575441][ T6905] netlink: 4 bytes leftover after parsing attributes in process `syz.3.237'. [ 119.697637][ T6903] syz.1.236 (6903) used greatest stack depth: 19088 bytes left [ 119.719105][ T6915] netlink: 'syz.1.239': attribute type 1 has an invalid length. [ 119.751415][ T6915] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 119.757518][ T6915] netlink: 28 bytes leftover after parsing attributes in process `syz.1.239'. [ 119.763336][ T6915] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface [ 119.769340][ T6915] bond1 (unregistering): Released all slaves [ 120.020292][ T6926] netlink: 8 bytes leftover after parsing attributes in process `syz.1.240'. [ 121.693590][ T6948] IPVS: set_ctl: invalid protocol: 29 0.0.0.0:20003 [ 122.255927][ T6066] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 122.305906][ T6956] can0: slcan on ttyS3. [ 122.576256][ T6956] can0 (unregistered): slcan off ttyS3. [ 122.798997][ T6066] usb 8-1: config 0 has an invalid interface number: 50 but max is 0 [ 122.802776][ T6066] usb 8-1: config 0 has no interface number 0 [ 122.806549][ T6066] usb 8-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 122.816386][ T6066] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 122.820319][ T6066] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.823837][ T6066] usb 8-1: Product: syz [ 122.827795][ T6066] usb 8-1: Manufacturer: syz [ 122.830095][ T6066] usb 8-1: SerialNumber: syz [ 122.840005][ T6066] usb 8-1: config 0 descriptor?? [ 122.852618][ T6066] yurex 8-1:0.50: USB YUREX device now attached to Yurex #0 [ 123.824235][ T6991] netlink: 68 bytes leftover after parsing attributes in process `syz.2.252'. [ 123.827906][ T6991] FAULT_INJECTION: forcing a failure. [ 123.827906][ T6991] name failslab, interval 1, probability 0, space 0, times 0 [ 123.832159][ T6991] CPU: 2 UID: 0 PID: 6991 Comm: syz.2.252 Not tainted syzkaller #0 PREEMPT(full) [ 123.832173][ T6991] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 123.832179][ T6991] Call Trace: [ 123.832182][ T6991] [ 123.832187][ T6991] dump_stack_lvl+0x100/0x190 [ 123.832207][ T6991] should_fail_ex.cold+0x5/0xa [ 123.832220][ T6991] should_failslab+0xc2/0x120 [ 123.832232][ T6991] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 123.832248][ T6991] ? dst_alloc+0x99/0x1a0 [ 123.832263][ T6991] dst_alloc+0x99/0x1a0 [ 123.832276][ T6991] rt_dst_alloc+0x35/0x3a0 [ 123.832293][ T6991] ip_route_output_key_hash_rcu+0x87a/0x2870 [ 123.832309][ T6991] ip_route_output_key_hash+0x118/0x2b0 [ 123.832321][ T6991] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 123.832338][ T6991] ? find_held_lock+0x2b/0x80 [ 123.832349][ T6991] ip_route_output_flow+0x27/0x150 [ 123.832362][ T6991] udp_sendmsg+0x1a77/0x2890 [ 123.832379][ T6991] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 123.832396][ T6991] ? __pfx_udp_sendmsg+0x10/0x10 [ 123.832421][ T6991] ? aa_sk_perm+0x309/0xaa0 [ 123.832440][ T6991] ? __pfx_udp_sendmsg+0x10/0x10 [ 123.832455][ T6991] inet_sendmsg+0x105/0x140 [ 123.832467][ T6991] ____sys_sendmsg+0x98d/0xb70 [ 123.832477][ T6991] ? __pfx_inet_sendmsg+0x10/0x10 [ 123.832489][ T6991] ? __pfx_____sys_sendmsg+0x10/0x10 [ 123.832498][ T6991] ? _parse_integer_limit+0x17f/0x1d0 [ 123.832516][ T6991] ? ___sys_sendmsg+0x19d/0x1e0 [ 123.832525][ T6991] ? kfree+0x2ec/0x6b0 [ 123.832538][ T6991] ? __pfx__kstrtoull+0x10/0x10 [ 123.832554][ T6991] ___sys_sendmsg+0x190/0x1e0 [ 123.832566][ T6991] ? __pfx____sys_sendmsg+0x10/0x10 [ 123.832577][ T6991] ? __lock_acquire+0x4a5/0x2630 [ 123.832595][ T6991] ? find_held_lock+0x2b/0x80 [ 123.832609][ T6991] ? __pfx___might_resched+0x10/0x10 [ 123.832632][ T6991] __sys_sendmmsg+0x2ff/0x430 [ 123.832649][ T6991] ? __pfx___sys_sendmmsg+0x10/0x10 [ 123.832668][ T6991] ? __fget_files+0x215/0x3d0 [ 123.832684][ T6991] ? fput+0x79/0x100 [ 123.832695][ T6991] ? ksys_write+0x1ac/0x250 [ 123.832704][ T6991] ? __pfx_ksys_write+0x10/0x10 [ 123.832714][ T6991] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 123.832730][ T6991] ? lockdep_hardirqs_on+0x78/0x100 [ 123.832745][ T6991] __do_fast_syscall_32+0xe3/0x8c0 [ 123.832762][ T6991] do_fast_syscall_32+0x32/0x70 [ 123.832778][ T6991] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 123.832791][ T6991] RIP: 0023:0xf70bef6c [ 123.832800][ T6991] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 123.832810][ T6991] RSP: 002b:00000000f548c50c EFLAGS: 00000292 ORIG_RAX: 0000000000000159 [ 123.832820][ T6991] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080004d00 [ 123.832827][ T6991] RDX: 0000000000000300 RSI: 0000000000000f1c RDI: 0000000000000000 [ 123.832832][ T6991] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 123.832838][ T6991] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 123.832844][ T6991] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 123.832856][ T6991] [ 124.460167][ T6995] fuse: Bad value for 'fd' [ 124.924278][ T7004] netlink: 24 bytes leftover after parsing attributes in process `syz.1.257'. [ 125.077585][ T1470] usb 8-1: USB disconnect, device number 2 [ 125.085354][ T1470] yurex 8-1:0.50: USB YUREX #0 now disconnected [ 125.280886][ T7008] netlink: 'syz.3.259': attribute type 1 has an invalid length. [ 125.408872][ T7013] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 125.412722][ T7013] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 125.487378][ T7008] binder: 7007:7008 ioctl f501 0 returned -22 [ 125.622021][ T7017] netlink: 4 bytes leftover after parsing attributes in process `syz.2.261'. [ 125.800731][ T7017] netlink: 4 bytes leftover after parsing attributes in process `syz.2.261'. [ 126.224759][ T7031] netlink: 12 bytes leftover after parsing attributes in process `syz.2.264'. [ 126.859244][ T7040] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 127.752311][ T7068] FAULT_INJECTION: forcing a failure. [ 127.752311][ T7068] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 127.757433][ T7068] CPU: 3 UID: 0 PID: 7068 Comm: syz.3.274 Not tainted syzkaller #0 PREEMPT(full) [ 127.757449][ T7068] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 127.757456][ T7068] Call Trace: [ 127.757460][ T7068] [ 127.757465][ T7068] dump_stack_lvl+0x100/0x190 [ 127.757487][ T7068] should_fail_ex.cold+0x5/0xa [ 127.757502][ T7068] _copy_from_user+0x2e/0xd0 [ 127.757517][ T7068] cmsghdr_from_user_compat_to_kern+0x4eb/0x7d0 [ 127.757538][ T7068] ? __pfx_cmsghdr_from_user_compat_to_kern+0x10/0x10 [ 127.757554][ T7068] ? __import_iovec+0x1d2/0x640 [ 127.757571][ T7068] ____sys_sendmsg+0x607/0xb70 [ 127.757584][ T7068] ? __pfx_____sys_sendmsg+0x10/0x10 [ 127.757595][ T7068] ? _parse_integer_limit+0x17f/0x1d0 [ 127.757616][ T7068] ? _kstrtoull+0x13c/0x1f0 [ 127.757632][ T7068] ? __pfx__kstrtoull+0x10/0x10 [ 127.757649][ T7068] ___sys_sendmsg+0x190/0x1e0 [ 127.757663][ T7068] ? __pfx____sys_sendmsg+0x10/0x10 [ 127.757675][ T7068] ? __lock_acquire+0x4a5/0x2630 [ 127.757695][ T7068] ? find_held_lock+0x2b/0x80 [ 127.757714][ T7068] __sys_sendmmsg+0x2ff/0x430 [ 127.757732][ T7068] ? __pfx___sys_sendmmsg+0x10/0x10 [ 127.757753][ T7068] ? __fget_files+0x215/0x3d0 [ 127.757770][ T7068] ? fput+0x79/0x100 [ 127.757783][ T7068] ? ksys_write+0x1ac/0x250 [ 127.757793][ T7068] ? __pfx_ksys_write+0x10/0x10 [ 127.757805][ T7068] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 127.757821][ T7068] ? lockdep_hardirqs_on+0x78/0x100 [ 127.757838][ T7068] __do_fast_syscall_32+0xe3/0x8c0 [ 127.757856][ T7068] do_fast_syscall_32+0x32/0x70 [ 127.757873][ T7068] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 127.757888][ T7068] RIP: 0023:0xf704ef6c [ 127.757898][ T7068] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 127.757908][ T7068] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000159 [ 127.757920][ T7068] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000440 [ 127.757926][ T7068] RDX: 0000000000000001 RSI: 0000000020078070 RDI: 0000000000000000 [ 127.757933][ T7068] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 127.757939][ T7068] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 127.757945][ T7068] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 127.757959][ T7068] [ 127.996672][ T7070] fuse: Unknown parameter 'fd0x0000000000000004' [ 129.553301][ T7111] netlink: 45 bytes leftover after parsing attributes in process `syz.2.289'. [ 129.805822][ T10] usb 7-1: new low-speed USB device number 11 using dummy_hcd [ 129.978250][ T10] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 129.982095][ T10] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 129.985454][ T10] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8 [ 129.996133][ T10] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 129.999259][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.001271][ T7114] netlink: 'syz.1.290': attribute type 1 has an invalid length. [ 130.007193][ T7111] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 130.029427][ T10] hub 7-1:1.0: bad descriptor, ignoring hub [ 130.042623][ T10] hub 7-1:1.0: probe with driver hub failed with error -5 [ 130.049027][ T10] cdc_wdm 7-1:1.0: skipping garbage [ 130.051010][ T10] cdc_wdm 7-1:1.0: skipping garbage [ 130.059360][ T7114] netlink: 28 bytes leftover after parsing attributes in process `syz.1.290'. [ 130.065571][ T10] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 130.067711][ T10] cdc_wdm 7-1:1.0: Unknown control protocol [ 130.072618][ T40] audit: type=1326 audit(1773685189.322:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7116 comm="syz.0.291" exe="/syz-executor" sig=9 arch=40000003 syscall=172 compat=1 ip=0xf703ef6c code=0x0 [ 130.080262][ T7114] bond1 (unregistering): Released all slaves [ 130.313923][ T7132] netlink: 16 bytes leftover after parsing attributes in process `syz.3.294'. [ 130.440879][ T7128] FAULT_INJECTION: forcing a failure. [ 130.440879][ T7128] name failslab, interval 1, probability 0, space 0, times 0 [ 130.446562][ T7128] CPU: 3 UID: 0 PID: 7128 Comm: syz.0.293 Not tainted syzkaller #0 PREEMPT(full) [ 130.446586][ T7128] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 130.446596][ T7128] Call Trace: [ 130.446602][ T7128] [ 130.446609][ T7128] dump_stack_lvl+0x100/0x190 [ 130.446640][ T7128] should_fail_ex.cold+0x5/0xa [ 130.446695][ T7128] should_failslab+0xc2/0x120 [ 130.446715][ T7128] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 130.446742][ T7128] ? __alloc_skb+0x140/0x710 [ 130.446768][ T7128] __alloc_skb+0x140/0x710 [ 130.446788][ T7128] ? __alloc_skb+0x5b7/0x710 [ 130.446809][ T7128] ? __pfx___alloc_skb+0x10/0x10 [ 130.446838][ T7128] alloc_skb_with_frags+0xe0/0x810 [ 130.446871][ T7128] sock_alloc_send_pskb+0x801/0x980 [ 130.446900][ T7128] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 130.446922][ T7128] ? find_held_lock+0x2b/0x80 [ 130.446937][ T7128] ? sock_def_readable+0x1d2/0x630 [ 130.446957][ T7128] ? sock_def_readable+0x1d2/0x630 [ 130.446985][ T7128] unix_dgram_sendmsg+0x3c7/0x1820 [ 130.447006][ T7128] ? tomoyo_socket_sendmsg_permission+0x14e/0x3c0 [ 130.447032][ T7128] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 130.447056][ T7128] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 130.447078][ T7128] ? __might_fault+0xc5/0x140 [ 130.447115][ T7128] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 130.447148][ T7128] ____sys_sendmsg+0x9e1/0xb70 [ 130.447169][ T7128] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 130.447189][ T7128] ? __pfx_____sys_sendmsg+0x10/0x10 [ 130.447205][ T7128] ? _parse_integer_limit+0x17f/0x1d0 [ 130.447233][ T7128] ? ___sys_sendmsg+0x19d/0x1e0 [ 130.447250][ T7128] ? kfree+0x2ec/0x6b0 [ 130.447269][ T7128] ? __pfx__kstrtoull+0x10/0x10 [ 130.447296][ T7128] ___sys_sendmsg+0x190/0x1e0 [ 130.447316][ T7128] ? __pfx____sys_sendmsg+0x10/0x10 [ 130.447335][ T7128] ? __lock_acquire+0x4a5/0x2630 [ 130.447367][ T7128] ? find_held_lock+0x2b/0x80 [ 130.447391][ T7128] ? __pfx___might_resched+0x10/0x10 [ 130.447422][ T7128] __sys_sendmmsg+0x2ff/0x430 [ 130.447449][ T7128] ? __pfx___sys_sendmmsg+0x10/0x10 [ 130.447481][ T7128] ? __fget_files+0x215/0x3d0 [ 130.447508][ T7128] ? fput+0x79/0x100 [ 130.447528][ T7128] ? ksys_write+0x1ac/0x250 [ 130.447543][ T7128] ? __pfx_ksys_write+0x10/0x10 [ 130.447561][ T7128] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 130.447586][ T7128] ? lockdep_hardirqs_on+0x78/0x100 [ 130.447610][ T7128] __do_fast_syscall_32+0xe3/0x8c0 [ 130.447637][ T7128] do_fast_syscall_32+0x32/0x70 [ 130.447662][ T7128] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 130.447683][ T7128] RIP: 0023:0xf703ef6c [ 130.447698][ T7128] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 130.447714][ T7128] RSP: 002b:00000000f542d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000159 [ 130.447731][ T7128] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000000 [ 130.447742][ T7128] RDX: 0000000000000041 RSI: 0000000030000000 RDI: 0000000000000000 [ 130.447751][ T7128] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 130.447761][ T7128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 130.447770][ T7128] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 130.447793][ T7128] [ 130.550761][ T7137] vivid-000: ================= START STATUS ================= [ 130.601861][ T7137] vivid-000: Generate PTS: true [ 130.603781][ T7137] vivid-000: Generate SCR: true [ 130.605572][ T7137] tpg source WxH: 720x576 (Y'CbCr) [ 130.607663][ T7137] tpg field: 4 [ 130.609000][ T7137] tpg crop: (0,0)/720x576 [ 130.610508][ T7137] tpg compose: (0,0)/720x576 [ 130.612109][ T7137] tpg colorspace: 1 [ 130.613407][ T7137] tpg transfer function: 0/0 [ 130.614986][ T7137] tpg Y'CbCr encoding: 0/0 [ 130.616458][ T7137] tpg quantization: 0/0 [ 130.617885][ T7137] tpg RGB range: 0/2 [ 130.619275][ T7137] vivid-000: ================== END STATUS ================== [ 131.028368][ T7111] cdc_wdm 7-1:1.0: Error autopm - -16 [ 131.035827][ T10] usb 7-1: USB disconnect, device number 11 [ 131.166025][ T10] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 131.327352][ T10] usb 7-1: Using ep0 maxpacket: 8 [ 131.330188][ T10] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 131.333511][ T10] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 131.336744][ T10] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 131.340431][ T10] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 131.344266][ T10] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 131.347601][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.357960][ T10] hub 7-1:1.0: bad descriptor, ignoring hub [ 131.360186][ T10] hub 7-1:1.0: probe with driver hub failed with error -5 [ 131.362933][ T10] cdc_wdm 7-1:1.0: skipping garbage [ 131.364691][ T10] cdc_wdm 7-1:1.0: skipping garbage [ 131.368458][ T10] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 131.370468][ T10] cdc_wdm 7-1:1.0: Unknown control protocol [ 131.676027][ T10] usb 7-1: USB disconnect, device number 12 [ 131.764267][ T7153] netlink: 28 bytes leftover after parsing attributes in process `syz.1.299'. [ 131.776782][ T7153] netlink: 56 bytes leftover after parsing attributes in process `syz.1.299'. [ 133.182976][ T7179] binder: 7176:7179 ioctl f501 0 returned -22 [ 133.510178][ T7183] netlink: 'syz.3.309': attribute type 1 has an invalid length. [ 133.787005][ T40] audit: type=1804 audit(1773685193.042:16): pid=7189 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.312" name="/newroot/94/file0/file0" dev="9p" ino=77332555 res=1 errno=0 [ 133.809178][ T7189] dvmrp9: entered allmulticast mode [ 134.322725][ T7194] TCP: TCP_TX_DELAY enabled [ 134.615934][ T10] usb 8-1: new low-speed USB device number 3 using dummy_hcd [ 134.745909][ T10] usb 8-1: device descriptor read/64, error -71 [ 135.210147][ T7205] 9p: Bad value for 'wfdno' [ 135.216379][ T10] usb 8-1: new low-speed USB device number 4 using dummy_hcd [ 135.365852][ T10] usb 8-1: device descriptor read/64, error -71 [ 135.486139][ T10] usb usb8-port1: attempt power cycle [ 135.778099][ T7218] infiniband syz2: set down [ 135.781663][ T7218] infiniband syz2: added ipvlan0 [ 135.807261][ T7218] RDS/IB: syz2: added [ 135.808975][ T7218] smc: adding ib device syz2 with port count 1 [ 135.811199][ T7218] smc: ib device syz2 port 1 has no pnetid [ 136.461319][ T7234] syzkaller0: entered promiscuous mode [ 136.463274][ T7234] syzkaller0: entered allmulticast mode [ 136.928460][ T10] usb 8-1: new low-speed USB device number 5 using dummy_hcd [ 136.948012][ T10] usb 8-1: device descriptor read/8, error -71 [ 137.195867][ T10] usb 8-1: new low-speed USB device number 6 using dummy_hcd [ 137.226956][ T10] usb 8-1: device descriptor read/8, error -71 [ 137.266866][ T7245] netlink: 8 bytes leftover after parsing attributes in process `syz.0.327'. [ 137.336044][ T10] usb usb8-port1: unable to enumerate USB device [ 137.380944][ T7252] fuse: Bad value for 'group_id' [ 137.383058][ T7252] fuse: Bad value for 'group_id' [ 137.419367][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.422005][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 137.511916][ T7259] binder: BC_ACQUIRE_RESULT not supported [ 137.513897][ T7259] binder: 7258:7259 ioctl c0306201 80004a40 returned -22 [ 137.530266][ T7259] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 137.537106][ T7263] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 137.657117][ T7245] bridge0: port 1(erspan0) entered blocking state [ 137.659785][ T7245] bridge0: port 1(erspan0) entered forwarding state [ 137.677141][ T7245] 8021q: adding VLAN 0 to HW filter on device bond0 [ 137.682543][ T7245] 8021q: adding VLAN 0 to HW filter on device team0 [ 137.698321][ T7245] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 137.776438][ T7270] orangefs_devreq_open: device cannot be opened in blocking mode [ 137.781970][ T7267] capability: warning: `syz.1.334' uses 32-bit capabilities (legacy support in use) [ 138.614322][ T7284] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.340'. [ 138.867231][ T7294] FAULT_INJECTION: forcing a failure. [ 138.867231][ T7294] name failslab, interval 1, probability 0, space 0, times 0 [ 138.874508][ T7294] CPU: 1 UID: 0 PID: 7294 Comm: syz.0.343 Tainted: G L syzkaller #0 PREEMPT(full) [ 138.874536][ T7294] Tainted: [L]=SOFTLOCKUP [ 138.874541][ T7294] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 138.874549][ T7294] Call Trace: [ 138.874555][ T7294] [ 138.874559][ T7294] dump_stack_lvl+0x100/0x190 [ 138.874580][ T7294] should_fail_ex.cold+0x5/0xa [ 138.874592][ T7294] ? tomoyo_realpath_from_path+0xb6/0x690 [ 138.874606][ T7294] should_failslab+0xc2/0x120 [ 138.874643][ T7294] __kmalloc_noprof+0xe0/0x850 [ 138.874673][ T7294] tomoyo_realpath_from_path+0xb6/0x690 [ 138.874745][ T7294] tomoyo_path_number_perm+0x23c/0x580 [ 138.874760][ T7294] ? tomoyo_path_number_perm+0x22e/0x580 [ 138.874772][ T7294] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 138.874796][ T7294] ? find_held_lock+0x2b/0x80 [ 138.874806][ T7294] ? hook_file_ioctl_common+0x146/0x410 [ 138.874817][ T7294] ? __fget_files+0x215/0x3d0 [ 138.874829][ T7294] ? __fget_files+0x21f/0x3d0 [ 138.874840][ T7294] security_file_ioctl_compat+0xd3/0x230 [ 138.874853][ T7294] __ia32_compat_sys_ioctl+0xc2/0x360 [ 138.874871][ T7294] __do_fast_syscall_32+0xe3/0x8c0 [ 138.874889][ T7294] do_fast_syscall_32+0x32/0x70 [ 138.874904][ T7294] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 138.874918][ T7294] RIP: 0023:0xf703ef6c [ 138.874926][ T7294] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 138.874936][ T7294] RSP: 002b:00000000f542d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 138.874946][ T7294] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80 [ 138.874953][ T7294] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 138.874961][ T7294] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 138.874966][ T7294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 138.874972][ T7294] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 138.874985][ T7294] [ 138.874990][ T7294] ERROR: Out of memory at tomoyo_realpath_from_path. [ 139.262152][ T7307] 9pnet_virtio: no channels available for device syz [ 139.303702][ T7309] netlink: 'syz.1.349': attribute type 4 has an invalid length. [ 140.620204][ T7332] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 140.622676][ T7332] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 140.626937][ T7332] vhci_hcd vhci_hcd.0: Device attached [ 140.665441][ T7340] overlayfs: conflicting options: userxattr,metacopy=on [ 140.758986][ T7343] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 140.762322][ T7343] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 140.771560][ T7343] vhci_hcd vhci_hcd.0: Device attached [ 140.847385][ T7346] syz.0.357 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 140.915928][ T10] usb 44-1: SetAddress Request (6) to port 0 [ 140.915988][ T10] usb 44-1: new SuperSpeed USB device number 6 using vhci_hcd [ 141.005162][ T7337] vhci_hcd: connection reset by peer [ 141.005887][ T90] vhci_hcd vhci_hcd.3: stop threads [ 141.005908][ T90] vhci_hcd vhci_hcd.3: release socket [ 141.005960][ T90] vhci_hcd vhci_hcd.3: disconnect device [ 141.014687][ T7343] fuse: Bad value for 'group_id' [ 141.014708][ T7343] fuse: Bad value for 'group_id' [ 141.086072][ T1325] usb 40-1: SetAddress Request (2) to port 0 [ 141.086123][ T1325] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd [ 141.500714][ T7344] vhci_hcd: connection reset by peer [ 141.502295][ T90] vhci_hcd vhci_hcd.1: stop threads [ 141.502312][ T90] vhci_hcd vhci_hcd.1: release socket [ 141.502371][ T90] vhci_hcd vhci_hcd.1: disconnect device [ 141.814129][ T7365] FAULT_INJECTION: forcing a failure. [ 141.814129][ T7365] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 141.821855][ T7365] CPU: 2 UID: 0 PID: 7365 Comm: syz.0.363 Tainted: G L syzkaller #0 PREEMPT(full) [ 141.821899][ T7365] Tainted: [L]=SOFTLOCKUP [ 141.821905][ T7365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 141.821914][ T7365] Call Trace: [ 141.821919][ T7365] [ 141.821924][ T7365] dump_stack_lvl+0x100/0x190 [ 141.821945][ T7365] should_fail_ex.cold+0x5/0xa [ 141.821956][ T7365] ? prepare_alloc_pages+0x16d/0x5f0 [ 141.821970][ T7365] should_fail_alloc_page+0xeb/0x140 [ 141.821983][ T7365] prepare_alloc_pages+0x1f0/0x5f0 [ 141.821998][ T7365] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 141.822019][ T7365] ? __lock_acquire+0x4a5/0x2630 [ 141.822037][ T7365] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 141.822056][ T7365] ? do_raw_spin_lock+0x128/0x260 [ 141.822073][ T7365] ? look_up_lock_class+0x64/0x120 [ 141.822094][ T7365] ? __lock_acquire+0x4a5/0x2630 [ 141.822108][ T7365] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 141.822127][ T7365] ? policy_nodemask+0xed/0x4f0 [ 141.822140][ T7365] alloc_pages_mpol+0x1fb/0x550 [ 141.822152][ T7365] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 141.822163][ T7365] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 141.822181][ T7365] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 141.822200][ T7365] folio_alloc_mpol_noprof+0x36/0x340 [ 141.822215][ T7365] shmem_alloc_folio+0x135/0x160 [ 141.822230][ T7365] shmem_alloc_and_add_folio+0x371/0xd40 [ 141.822251][ T7365] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 141.822269][ T7365] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 141.822286][ T7365] ? stack_trace_save+0x8e/0xc0 [ 141.822299][ T7365] shmem_get_folio_gfp+0x6ab/0x1900 [ 141.822319][ T7365] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 141.822345][ T7365] shmem_write_begin+0x1a4/0x420 [ 141.822371][ T7365] ? __pfx_shmem_write_begin+0x10/0x10 [ 141.822398][ T7365] ? balance_dirty_pages_ratelimited_flags+0x91/0x1170 [ 141.822429][ T7365] generic_perform_write+0x292/0xa40 [ 141.822464][ T7365] ? __pfx_generic_perform_write+0x10/0x10 [ 141.822494][ T7365] ? file_update_time_flags+0x373/0x500 [ 141.822511][ T7365] shmem_file_write_iter+0x10e/0x140 [ 141.822524][ T7365] iter_file_splice_write+0x830/0x10a0 [ 141.822543][ T7365] ? __pfx_iter_file_splice_write+0x10/0x10 [ 141.822556][ T7365] ? shmem_file_splice_read+0x724/0xdd0 [ 141.822582][ T7365] ? __pfx_iter_file_splice_write+0x10/0x10 [ 141.822594][ T7365] direct_splice_actor+0x192/0x6c0 [ 141.822639][ T7365] splice_direct_to_actor+0x345/0xa30 [ 141.822652][ T7365] ? __pfx_direct_splice_actor+0x10/0x10 [ 141.822673][ T7365] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 141.822688][ T7365] do_splice_direct+0x174/0x240 [ 141.822700][ T7365] ? __pfx_do_splice_direct+0x10/0x10 [ 141.822711][ T7365] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 141.822731][ T7365] ? rw_verify_area+0xce/0x6d0 [ 141.822749][ T7365] do_sendfile+0xadc/0xe20 [ 141.822769][ T7365] ? __pfx_do_sendfile+0x10/0x10 [ 141.822787][ T7365] ? __fget_files+0x21f/0x3d0 [ 141.822800][ T7365] __ia32_compat_sys_sendfile+0x1e5/0x220 [ 141.822814][ T7365] ? __pfx___ia32_compat_sys_sendfile+0x10/0x10 [ 141.822827][ T7365] ? __pfx_ksys_write+0x10/0x10 [ 141.822840][ T7365] __do_fast_syscall_32+0xe3/0x8c0 [ 141.822859][ T7365] do_fast_syscall_32+0x32/0x70 [ 141.822876][ T7365] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 141.822890][ T7365] RIP: 0023:0xf703ef6c [ 141.822900][ T7365] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 141.822910][ T7365] RSP: 002b:00000000f542d50c EFLAGS: 00000292 ORIG_RAX: 00000000000000bb [ 141.822924][ T7365] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000003 [ 141.822930][ T7365] RDX: 0000000000000000 RSI: 000000007e78a6f1 RDI: 0000000000000000 [ 141.822936][ T7365] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 141.822942][ T7365] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 141.822948][ T7365] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 141.822962][ T7365] [ 142.092619][ T7369] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.605177][ T7422] fuse: Bad value for 'rootmode' [ 144.864946][ T7426] skbuff: bad partial csum: csum=65535/2 headroom=4 headlen=65543 [ 145.950164][ T7440] netlink: 'syz.0.384': attribute type 1 has an invalid length. [ 145.966018][ T10] usb 44-1: device descriptor read/8, error -110 [ 146.126209][ T1325] usb 40-1: device descriptor read/8, error -110 [ 146.367028][ T10] usb usb44-port1: attempt power cycle [ 146.522525][ T1325] usb usb40-port1: attempt power cycle [ 146.655906][ T7452] netlink: 'syz.0.389': attribute type 11 has an invalid length. [ 146.946788][ T10] usb usb44-port1: unable to enumerate USB device [ 147.096351][ T1325] usb usb40-port1: unable to enumerate USB device [ 147.876025][ T1325] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 148.026931][ T1325] usb 8-1: Using ep0 maxpacket: 8 [ 148.036311][ T1325] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 148.039062][ T1325] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 148.042250][ T1325] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 148.045707][ T1325] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 148.052054][ T1325] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 148.057462][ T1325] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 148.060906][ T1325] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.157980][ T7473] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.264274][ T7477] netlink: 'syz.1.399': attribute type 10 has an invalid length. [ 148.276369][ T1325] usb 8-1: usb_control_msg returned -32 [ 148.278700][ T7477] syz_tun: entered promiscuous mode [ 148.279002][ T1325] usbtmc 8-1:16.0: can't read capabilities [ 148.285236][ T7477] syz_tun: entered allmulticast mode [ 148.289030][ T7477] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 148.727185][ T7490] overlayfs: missing 'lowerdir' [ 148.738207][ T40] audit: type=1804 audit(1773685207.992:17): pid=7489 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.401" name="/newroot/113/bus/bus" dev="tmpfs" ino=609 res=1 errno=0 [ 149.193450][ T1470] hid_parser_main: 7 callbacks suppressed [ 149.193470][ T1470] hid-generic 0005:00B6:0009.0003: unknown main item tag 0x0 [ 149.201045][ T1470] hid-generic 0005:00B6:0009.0003: unknown main item tag 0x0 [ 149.216003][ T1470] hid-generic 0005:00B6:0009.0003: unknown main item tag 0x0 [ 149.218778][ T1470] hid-generic 0005:00B6:0009.0003: unknown main item tag 0x0 [ 149.221960][ T1470] hid-generic 0005:00B6:0009.0003: unknown main item tag 0x0 [ 149.225348][ T1470] hid-generic 0005:00B6:0009.0003: unknown main item tag 0x0 [ 149.233308][ T1470] hid-generic 0005:00B6:0009.0003: unknown main item tag 0x0 [ 149.246145][ T1470] hid-generic 0005:00B6:0009.0003: unknown main item tag 0x0 [ 149.249270][ T1470] hid-generic 0005:00B6:0009.0003: unknown main item tag 0x0 [ 149.252501][ T1470] hid-generic 0005:00B6:0009.0003: unknown main item tag 0x0 [ 149.292988][ T1470] hid-generic 0005:00B6:0009.0003: hidraw1: BLUETOOTH HID v1ade12.f3 Device [syz0] on syz1 [ 149.464671][ T7498] netlink: 36 bytes leftover after parsing attributes in process `syz.1.404'. [ 149.467584][ T7498] netlink: 12 bytes leftover after parsing attributes in process `syz.1.404'. [ 149.475352][ T7498] overlay: ./file0 is not a directory [ 150.490853][ T7517] netlink: 4 bytes leftover after parsing attributes in process `syz.0.411'. [ 150.661752][ T5956] usb 8-1: USB disconnect, device number 7 [ 150.723771][ T7531] netlink: 4 bytes leftover after parsing attributes in process `syz.2.415'. [ 150.786850][ T7537] binder: 7527:7537 ioctl c0306201 80000180 returned -14 [ 150.798796][ T7539] netlink: 'syz.2.417': attribute type 3 has an invalid length. [ 150.802196][ T7539] netlink: 'syz.2.417': attribute type 3 has an invalid length. [ 150.805659][ T7539] netlink: 4 bytes leftover after parsing attributes in process `syz.2.417'. [ 150.822002][ T7541] netlink: 36 bytes leftover after parsing attributes in process `syz.0.418'. [ 150.905523][ T7544] netlink: 156 bytes leftover after parsing attributes in process `syz.0.418'. [ 152.789482][ T7570] lo speed is unknown, defaulting to 1000 [ 152.793937][ T7570] lo speed is unknown, defaulting to 1000 [ 152.812627][ T7570] lo speed is unknown, defaulting to 1000 [ 153.153065][ T7570] infiniband syU×: set down [ 153.155161][ T24] lo speed is unknown, defaulting to 1000 [ 153.158786][ T7570] infiniband syU×: added lo [ 153.207762][ T7570] RDS/IB: syU×: added [ 153.215126][ T7570] smc: adding ib device syU× with port count 1 [ 153.217987][ T7570] smc: ib device syU× port 1 has no pnetid [ 153.220793][ T1470] lo speed is unknown, defaulting to 1000 [ 153.224685][ T7570] lo speed is unknown, defaulting to 1000 [ 153.422383][ T7570] lo speed is unknown, defaulting to 1000 [ 153.513486][ T7570] lo speed is unknown, defaulting to 1000 [ 153.629223][ T7570] lo speed is unknown, defaulting to 1000 [ 153.884434][ T7592] erspan0: entered promiscuous mode [ 153.888542][ T7592] netlink: 8 bytes leftover after parsing attributes in process `syz.1.436'. [ 153.946087][ T7596] syzkaller0: entered promiscuous mode [ 153.948535][ T7596] syzkaller0: entered allmulticast mode [ 153.957003][ T7596] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 154.105618][ T7602] syzkaller0: entered promiscuous mode [ 154.111164][ T7602] syzkaller0: entered allmulticast mode [ 154.197262][ T7601] [U]  [ 154.231207][ T7606] input: syz0 as /devices/virtual/input/input7 [ 154.779587][ T7618] netlink: 'syz.2.446': attribute type 1 has an invalid length. [ 154.781049][ T7616] evm: overlay not supported [ 154.803699][ T7618] bond1: entered promiscuous mode [ 154.808864][ T7618] 8021q: adding VLAN 0 to HW filter on device bond1 [ 154.830048][ T7618] bond1: (slave bridge1): making interface the new active one [ 154.833488][ T7618] bridge1: entered promiscuous mode [ 154.836495][ T7618] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 155.174287][ T1228] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 155.179884][ T1228] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 155.216384][ T10] ------------[ cut here ]------------ [ 155.219334][ T10] no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0x0 with flags 0x0 [ 155.223791][ T10] WARNING: net/mac80211/rate.c:401 at __rate_control_send_low+0x610/0x760, CPU#0: kworker/0:1/10 [ 155.228473][ T10] Modules linked in: [ 155.230727][ T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Tainted: G L syzkaller #0 PREEMPT(full) [ 155.234854][ T10] Tainted: [L]=SOFTLOCKUP [ 155.236713][ T10] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 155.241224][ T10] Workqueue: mld mld_ifc_work [ 155.243337][ T10] RIP: 0010:__rate_control_send_low+0x621/0x760 [ 155.246309][ T10] Code: f7 48 8b 44 24 10 8b ac a8 d4 00 00 00 e8 f7 cc 04 f7 48 8d 3d 00 3c e7 05 44 8b 44 24 04 48 8b 74 24 10 45 89 f1 89 d9 89 ea <67> 48 0f b9 3a e9 2f fd ff ff 48 8b 7c 24 08 e8 7b 58 70 f7 e9 03 [ 155.254654][ T10] RSP: 0018:ffffc900001c68c8 EFLAGS: 00010293 [ 155.257494][ T10] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 155.260655][ T10] RDX: 00000000ffffffff RSI: 0000000000000000 RDI: ffffffff90ea8770 [ 155.263257][ T10] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 155.266212][ T10] R10: 000000000000000c R11: 0000000000000000 R12: ffff8880137f1ce8 [ 155.269714][ T10] R13: ffff8880533ab128 R14: 0000000000000000 R15: dffffc0000000000 [ 155.273153][ T10] FS: 0000000000000000(0000) GS:ffff88809714a000(0000) knlGS:0000000000000000 [ 155.277313][ T10] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 155.280310][ T10] CR2: 00000000f73fe844 CR3: 00000000759e7000 CR4: 0000000000352ef0 [ 155.283914][ T10] Call Trace: [ 155.285456][ T10] [ 155.286905][ T10] rate_control_send_low+0x2a8/0x7e0 [ 155.289247][ T10] ? __lock_acquire+0x4a5/0x2630 [ 155.291461][ T10] rate_control_get_rate+0x1be/0x5c0 [ 155.293773][ T10] ieee80211_tx_h_rate_ctrl+0x778/0x1a20 [ 155.295971][ T10] ? __pfx_ieee80211_tx_h_rate_ctrl+0x10/0x10 [ 155.298576][ T10] ? mark_held_locks+0x40/0x70 [ 155.300246][ T10] invoke_tx_handlers_late+0xfb4/0x2750 [ 155.302742][ T10] ? ieee80211_tx_h_select_key+0x2c9/0x1ca0 [ 155.305409][ T10] ieee80211_tx_dequeue+0x3693/0x4fd0 [ 155.307923][ T10] ? __pfx_ieee80211_tx_dequeue+0x10/0x10 [ 155.310458][ T10] ? do_raw_spin_lock+0x128/0x260 [ 155.312756][ T10] ? ieee80211_next_txq+0xda/0xa50 [ 155.315029][ T10] ieee80211_handle_wake_tx_queue+0x19c/0x260 [ 155.318011][ T10] ? __pfx_ieee80211_handle_wake_tx_queue+0x10/0x10 [ 155.321182][ T10] ? __pfx___ieee80211_schedule_txq+0x10/0x10 [ 155.324487][ T10] ? mark_held_locks+0x40/0x70 [ 155.327055][ T10] ? __local_bh_enable_ip+0x9e/0x120 [ 155.329462][ T10] ieee80211_queue_skb+0x1299/0x1fc0 [ 155.331801][ T10] ieee80211_tx+0x2e4/0x460 [ 155.333614][ T10] ? __pfx_ieee80211_tx+0x10/0x10 [ 155.335911][ T10] ? ieee80211_skb_resize+0x119/0x670 [ 155.338305][ T10] ? ieee80211_set_qos_hdr+0x2c1/0x3f0 [ 155.340740][ T10] ieee80211_xmit+0x30f/0x3e0 [ 155.342815][ T10] __ieee80211_subif_start_xmit+0x882/0x13a0 [ 155.345471][ T10] ? __lock_acquire+0x4a5/0x2630 [ 155.347748][ T10] ? __pfx___ieee80211_subif_start_xmit+0x10/0x10 [ 155.350600][ T10] ? __lock_acquire+0x4a5/0x2630 [ 155.352797][ T10] ieee80211_subif_start_xmit+0x111/0x1960 [ 155.355373][ T10] ? mark_held_locks+0x40/0x70 [ 155.357581][ T10] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 155.360183][ T10] ? __pfx_ieee80211_subif_start_xmit+0x10/0x10 [ 155.362942][ T10] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 155.365606][ T10] ? skb_network_protocol+0xac/0x3d0 [ 155.367957][ T10] ? validate_xmit_xfrm+0x44f/0x1360 [ 155.370341][ T10] ? dev_hard_start_xmit+0x121/0x7d0 [ 155.372560][ T10] dev_hard_start_xmit+0x121/0x7d0 [ 155.374801][ T10] __dev_queue_xmit+0x32c1/0x4800 [ 155.377192][ T10] ? look_up_lock_class+0x55/0x120 [ 155.379486][ T10] ? __pfx___dev_queue_xmit+0x10/0x10 [ 155.381833][ T10] ? __lock_acquire+0x4a5/0x2630 [ 155.384043][ T10] ? __asan_memcpy+0x3c/0x60 [ 155.386237][ T10] ? eth_header+0x120/0x1f0 [ 155.388305][ T10] neigh_resolve_output+0x51f/0x8f0 [ 155.390595][ T10] ip6_finish_output2+0xb0f/0x1ce0 [ 155.392815][ T10] __ip6_finish_output+0x357/0xdf0 [ 155.395054][ T10] ip6_output+0x2aa/0xa60 [ 155.397062][ T10] ? __pfx_ip6_output+0x10/0x10 [ 155.399196][ T10] ? __pfx_ip6_finish_output+0x10/0x10 [ 155.401527][ T10] ? NF_HOOK.constprop.0+0x277/0x5a0 [ 155.403842][ T10] ? NF_HOOK.constprop.0+0x277/0x5a0 [ 155.406267][ T10] ? __pfx_ip6_output+0x10/0x10 [ 155.408434][ T10] NF_HOOK.constprop.0+0x115/0x5a0 [ 155.410701][ T10] ? __pfx_NF_HOOK.constprop.0+0x10/0x10 [ 155.413252][ T10] ? __pfx_dst_output+0x10/0x10 [ 155.415461][ T10] mld_sendpack+0x8f7/0xec0 [ 155.417613][ T10] ? __pfx_mld_sendpack+0x10/0x10 [ 155.419991][ T10] ? finish_task_switch.isra.0+0x200/0xb80 [ 155.422772][ T10] mld_ifc_work+0x75a/0xc10 [ 155.425080][ T10] ? rcu_is_watching+0x12/0xc0 [ 155.427443][ T10] process_one_work+0xa23/0x19a0 [ 155.429613][ T10] ? __pfx_process_one_work+0x10/0x10 [ 155.431730][ T10] ? __pfx_mld_ifc_work+0x10/0x10 [ 155.433918][ T10] worker_thread+0x5ef/0xe50 [ 155.436056][ T10] ? __pfx_worker_thread+0x10/0x10 [ 155.438315][ T10] ? kthread+0x13a/0x450 [ 155.440229][ T10] ? __pfx_worker_thread+0x10/0x10 [ 155.442488][ T10] kthread+0x370/0x450 [ 155.444300][ T10] ? __pfx_kthread+0x10/0x10 [ 155.446402][ T10] ret_from_fork+0x754/0xd80 [ 155.448471][ T10] ? __pfx_ret_from_fork+0x10/0x10 [ 155.450789][ T10] ? __switch_to+0x7b4/0x1120 [ 155.452812][ T10] ? __pfx_kthread+0x10/0x10 [ 155.454319][ T10] ret_from_fork_asm+0x1a/0x30 [ 155.456273][ T10] [ 155.457649][ T10] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 155.460768][ T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Tainted: G L syzkaller #0 PREEMPT(full) [ 155.465374][ T10] Tainted: [L]=SOFTLOCKUP [ 155.467264][ T10] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 155.471677][ T10] Workqueue: mld mld_ifc_work [ 155.473742][ T10] Call Trace: [ 155.475242][ T10] [ 155.476580][ T10] dump_stack_lvl+0x100/0x190 [ 155.478674][ T10] vpanic+0x552/0x970 [ 155.480457][ T10] ? __pfx_vpanic+0x10/0x10 [ 155.482459][ T10] panic+0xd1/0xe0 [ 155.484115][ T10] ? __pfx_panic+0x10/0x10 [ 155.486137][ T10] ? check_panic_on_warn+0x1f/0x90 [ 155.488600][ T10] check_panic_on_warn.cold+0x19/0x34 [ 155.490828][ T10] ? __rate_control_send_low+0x610/0x760 [ 155.493378][ T10] __warn.cold+0x191/0x348 [ 155.495338][ T10] __report_bug+0x296/0x3d0 [ 155.497009][ T10] ? __rate_control_send_low+0x610/0x760 [ 155.499010][ T10] ? __pfx___report_bug+0x10/0x10 [ 155.500760][ T10] report_bug_entry+0xe1/0x290 [ 155.502404][ T10] ? __rate_control_send_low+0x621/0x760 [ 155.504293][ T10] handle_bug+0x1cd/0x2a0 [ 155.505778][ T10] exc_invalid_op+0x17/0x50 [ 155.507292][ T10] asm_exc_invalid_op+0x1a/0x20 [ 155.508889][ T10] RIP: 0010:__rate_control_send_low+0x621/0x760 [ 155.510939][ T10] Code: f7 48 8b 44 24 10 8b ac a8 d4 00 00 00 e8 f7 cc 04 f7 48 8d 3d 00 3c e7 05 44 8b 44 24 04 48 8b 74 24 10 45 89 f1 89 d9 89 ea <67> 48 0f b9 3a e9 2f fd ff ff 48 8b 7c 24 08 e8 7b 58 70 f7 e9 03 [ 155.517217][ T10] RSP: 0018:ffffc900001c68c8 EFLAGS: 00010293 [ 155.519553][ T10] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 155.522227][ T10] RDX: 00000000ffffffff RSI: 0000000000000000 RDI: ffffffff90ea8770 [ 155.525073][ T10] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 155.527896][ T10] R10: 000000000000000c R11: 0000000000000000 R12: ffff8880137f1ce8 [ 155.530547][ T10] R13: ffff8880533ab128 R14: 0000000000000000 R15: dffffc0000000000 [ 155.533167][ T10] ? __rate_control_send_low+0x609/0x760 [ 155.535595][ T10] rate_control_send_low+0x2a8/0x7e0 [ 155.537422][ T10] ? __lock_acquire+0x4a5/0x2630 [ 155.539165][ T10] rate_control_get_rate+0x1be/0x5c0 [ 155.540914][ T10] ieee80211_tx_h_rate_ctrl+0x778/0x1a20 [ 155.542838][ T10] ? __pfx_ieee80211_tx_h_rate_ctrl+0x10/0x10 [ 155.545232][ T10] ? mark_held_locks+0x40/0x70 [ 155.547757][ T10] invoke_tx_handlers_late+0xfb4/0x2750 [ 155.550723][ T10] ? ieee80211_tx_h_select_key+0x2c9/0x1ca0 [ 155.553366][ T10] ieee80211_tx_dequeue+0x3693/0x4fd0 [ 155.555519][ T10] ? __pfx_ieee80211_tx_dequeue+0x10/0x10 [ 155.557510][ T10] ? do_raw_spin_lock+0x128/0x260 [ 155.559307][ T10] ? ieee80211_next_txq+0xda/0xa50 [ 155.561090][ T10] ieee80211_handle_wake_tx_queue+0x19c/0x260 [ 155.563112][ T10] ? __pfx_ieee80211_handle_wake_tx_queue+0x10/0x10 [ 155.565634][ T10] ? __pfx___ieee80211_schedule_txq+0x10/0x10 [ 155.568231][ T10] ? mark_held_locks+0x40/0x70 [ 155.570781][ T10] ? __local_bh_enable_ip+0x9e/0x120 [ 155.573438][ T10] ieee80211_queue_skb+0x1299/0x1fc0 [ 155.575738][ T10] ieee80211_tx+0x2e4/0x460 [ 155.577532][ T10] ? __pfx_ieee80211_tx+0x10/0x10 [ 155.579440][ T10] ? ieee80211_skb_resize+0x119/0x670 [ 155.581388][ T10] ? ieee80211_set_qos_hdr+0x2c1/0x3f0 [ 155.583238][ T10] ieee80211_xmit+0x30f/0x3e0 [ 155.585031][ T10] __ieee80211_subif_start_xmit+0x882/0x13a0 [ 155.587390][ T10] ? __lock_acquire+0x4a5/0x2630 [ 155.589136][ T10] ? __pfx___ieee80211_subif_start_xmit+0x10/0x10 [ 155.591449][ T10] ? __lock_acquire+0x4a5/0x2630 [ 155.593231][ T10] ieee80211_subif_start_xmit+0x111/0x1960 [ 155.595469][ T10] ? mark_held_locks+0x40/0x70 [ 155.597173][ T10] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 155.599300][ T10] ? __pfx_ieee80211_subif_start_xmit+0x10/0x10 [ 155.602027][ T10] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 155.604533][ T10] ? skb_network_protocol+0xac/0x3d0 [ 155.606766][ T10] ? validate_xmit_xfrm+0x44f/0x1360 [ 155.608621][ T10] ? dev_hard_start_xmit+0x121/0x7d0 [ 155.610445][ T10] dev_hard_start_xmit+0x121/0x7d0 [ 155.612260][ T10] __dev_queue_xmit+0x32c1/0x4800 [ 155.613953][ T10] ? look_up_lock_class+0x55/0x120 [ 155.616227][ T10] ? __pfx___dev_queue_xmit+0x10/0x10 [ 155.618036][ T10] ? __lock_acquire+0x4a5/0x2630 [ 155.619752][ T10] ? __asan_memcpy+0x3c/0x60 [ 155.621358][ T10] ? eth_header+0x120/0x1f0 [ 155.622926][ T10] neigh_resolve_output+0x51f/0x8f0 [ 155.624704][ T10] ip6_finish_output2+0xb0f/0x1ce0 [ 155.626603][ T10] __ip6_finish_output+0x357/0xdf0 [ 155.628433][ T10] ip6_output+0x2aa/0xa60 [ 155.630075][ T10] ? __pfx_ip6_output+0x10/0x10 [ 155.632007][ T10] ? __pfx_ip6_finish_output+0x10/0x10 [ 155.634067][ T10] ? NF_HOOK.constprop.0+0x277/0x5a0 [ 155.635973][ T10] ? NF_HOOK.constprop.0+0x277/0x5a0 [ 155.637792][ T10] ? __pfx_ip6_output+0x10/0x10 [ 155.639447][ T10] NF_HOOK.constprop.0+0x115/0x5a0 [ 155.641248][ T10] ? __pfx_NF_HOOK.constprop.0+0x10/0x10 [ 155.643144][ T10] ? __pfx_dst_output+0x10/0x10 [ 155.644814][ T10] mld_sendpack+0x8f7/0xec0 [ 155.646454][ T10] ? __pfx_mld_sendpack+0x10/0x10 [ 155.648185][ T10] ? finish_task_switch.isra.0+0x200/0xb80 [ 155.650335][ T10] mld_ifc_work+0x75a/0xc10 [ 155.652290][ T10] ? rcu_is_watching+0x12/0xc0 [ 155.654349][ T10] process_one_work+0xa23/0x19a0 [ 155.656613][ T10] ? __pfx_process_one_work+0x10/0x10 [ 155.659101][ T10] ? __pfx_mld_ifc_work+0x10/0x10 [ 155.661118][ T10] worker_thread+0x5ef/0xe50 [ 155.662775][ T10] ? __pfx_worker_thread+0x10/0x10 [ 155.665099][ T10] ? kthread+0x13a/0x450 [ 155.666951][ T10] ? __pfx_worker_thread+0x10/0x10 [ 155.669117][ T10] kthread+0x370/0x450 [ 155.670469][ T10] ? __pfx_kthread+0x10/0x10 [ 155.672338][ T10] ret_from_fork+0x754/0xd80 [ 155.674345][ T10] ? __pfx_ret_from_fork+0x10/0x10 [ 155.676545][ T10] ? __switch_to+0x7b4/0x1120 [ 155.678232][ T10] ? __pfx_kthread+0x10/0x10 [ 155.680464][ T10] ret_from_fork_asm+0x1a/0x30 [ 155.683157][ T10] [ 155.685420][ T10] Kernel Offset: disabled [ 155.687174][ T10] Rebooting in 86400 seconds..