last executing test programs: 22.868643175s ago: executing program 1 (id=486): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1}, [@call={0x85, 0x0, 0x0, 0x13}, @printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}, {0x85, 0x0, 0x0, 0x7b}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000007c0)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000680)="76389e6a65585578f830e9000000", 0x0, 0x10001, 0x60000000, 0xf0, 0x0, 0x0, 0x0}, 0x50) 22.610241788s ago: executing program 1 (id=488): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3a) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8842, 0x2a) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000680), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r2, &(0x7f0000004280)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r2, &(0x7f00000002c0)={0x50, 0x0, r3, {0x7, 0x2b, 0xb, 0x40408d44, 0x0, 0xfffe, 0x2, 0xfffffff6, 0x0, 0x0, 0x20}}, 0x50) r4 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40243, 0x98) close(r2) r5 = getpgid(0x0) mmap$binder(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x1, 0x11, 0xffffffffffffffff, 0x800000000000) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x2000, 0x6, &(0x7f0000bdd000/0x2000)=nil) sched_setattr(r5, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0x0, 0x806, 0x5, 0xffffffff}, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340), 0x0, &(0x7f0000000000)) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x1) ioctl$KVM_SET_MEMORY_ATTRIBUTES(r7, 0x4020aed2, &(0x7f00000000c0)={0xffff1000, 0x301000, 0x8}) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="6e65772064656661756c7420757365723a73796230303030303030ff7f30393600"], 0x2a, 0xfffffffffffffff9) shutdown(r4, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="7513a2a8b570d76dbd68ef70646174652064656661756c"], 0x17, 0xfffffffffffffffd) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) r8 = syz_open_dev$vim2m(&(0x7f0000000040), 0x6, 0x2) ioctl$vim2m_VIDIOC_PREPARE_BUF(r8, 0xc0405602, &(0x7f0000000480)=@multiplanar_userptr={0x0, 0x1, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "023d2134"}, 0x0, 0x100c, {0x0}}) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x8) 14.901906062s ago: executing program 1 (id=506): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x5, 0x7fff7ffc}]}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1e0000000000000006000000ff6c5b67645dc273218ad10244acd3afd100000000000000", @ANYRES32=0x1, @ANYBLOB="00000000000000000000000331c4eccb6d8dbac38b67a6d11ef54c6d8b99f542c129c76e79aa6b390dababa8e842d09eb1aee06f1ea540ec1ee70e514a7b4b37d146fe2ef665204b5163d0d984edce1deb2b4e7c8bc050b51a2fbec53565d6653ff814ee38da47720fadffd293c9ba12787d39deb9e70dacbcb830af8fe0895b546a3fb8925e523b1081a4be8f0f000000000000739b2021a035541647f1a901d6161a1827c3551657d10000e423c395d59ed8cd982a1265517085dde8e949ae537baa57e3a6dd91693c29761a8a9113acbc7800", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000002831100000000000000001000000000020000000"], 0x48) r3 = socket(0x10, 0x803, 0x0) r4 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=@newtfilter={0x5c, 0x2c, 0xd3f, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, {0x2, 0x4}, {0x0, 0x9}, {0xf, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x2c, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_MPLS_OPTS={0x20, 0x63, 0x0, 0x1, @TCA_FLOWER_KEY_MPLS_OPTS_LSE={0x1c, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_MPLS_OPT_LSE_LABEL={0xfffffffffffffd45, 0x5, {0x20000, 0x0, 0x1}}, @TCA_FLOWER_KEY_MPLS_OPT_LSE_DEPTH={0x5, 0x1, 0x1}, @TCA_FLOWER_KEY_MPLS_OPT_LSE_TC={0x5, 0x4, 0x5}]}}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x20040054) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000180)=ANY=[@ANYRESOCT=r2, @ANYRES32=r2, @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r6, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2401, 0x0) clock_adjtime(0xffffffd3, &(0x7f0000000000)={0x10000, 0x6, 0x2, 0x0, 0x7, 0xe, 0x5, 0xfffffffffffffff6, 0x8000009654, 0x1, 0x7fffffff, 0x0, 0x10, 0xb, 0x80000000000000, 0x200cc0, 0x1, 0x5, 0x94d6, 0x0, 0x0, 0x809, 0x0, 0xff, 0x6, 0x2000000000004}) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r0, 0x5) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r1) sendmsg$NL80211_CMD_NOTIFY_RADAR(r1, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x68, r7, 0xee00acfc2bf36d32, 0x70bd25, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x9, 0x21}}}}, [@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x26}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x5}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x5}, @NL80211_ATTR_CENTER_FREQ2={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xd302}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x7da7}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2d}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}]}, 0x68}, 0x1, 0x0, 0x0, 0xc4}, 0x1) r8 = socket$pppl2tp(0x18, 0x1, 0x1) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r9 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x1e3882, 0x0) ioctl$PPPIOCNEWUNIT(r9, 0xc004743e, &(0x7f00000000c0)) pwritev(r6, &(0x7f0000000440)=[{&(0x7f0000000280)="c021", 0x2}], 0x1, 0xbe42, 0x407ff) connect$pppl2tp(r8, &(0x7f00000000c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x4, 0x0, 0x2, 0x0, {0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @remote}, 0x9}}}, 0x3a) r10 = socket$inet6_sctp(0xa, 0x5, 0x84) r11 = socket$l2tp(0x2, 0x2, 0x73) syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r11) sendmsg$NL80211_CMD_LEAVE_MESH(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x20, 0x0, 0x8, 0x70bd25, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x401, 0x37}}}}, ["", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x90}, 0x24000010) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r10, 0x84, 0x4, &(0x7f0000000100)=0xfffffffb, 0x4) sendto$inet6(r10, &(0x7f0000000240)='.', 0x1, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 13.829638705s ago: executing program 1 (id=515): syz_open_dev$loop(&(0x7f0000000040), 0xffffffff00000004, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, 0x0) r3 = syz_io_uring_setup(0x315b, &(0x7f00000002c0)={0x0, 0x70a1, 0x1040, 0x2, 0x21}, &(0x7f0000000100), 0x0, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_EVENTFD(r3, 0x4, 0x0, 0x1) syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1e7d, 0x2c2e, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0xb, "", [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0xea}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x0, 0xf, 0x3}}}}}]}}]}}, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)}, &(0x7f0000000380)=0xc) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f0000000280)={0x3, 0x208, 0x7, 0x9, r6}, 0x10) sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000031}, 0x4041080) bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0), 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x5, 0x4, &(0x7f0000000380)=ANY=[@ANYRES32=r4], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)={0x28, 0x10, 0x1, 0x1000000, 0x0, "", [@nested={0xffffffffffffff85, 0x0, 0x0, 0x0, [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0x8, 0x1c, 0x0, 0x0, @u32=0xc9}]}]}, 0x28}], 0x1, 0x0, 0x0, 0xb305e06d8ab48277}, 0x0) 13.385682927s ago: executing program 3 (id=522): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014"], 0x7c}}, 0x0) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x34, 0x13, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x34}}, 0x0) 13.230326836s ago: executing program 3 (id=523): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r1, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4c840) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000b00)=@newtfilter={0x30, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0x2, 0xfff3}, {0x0, 0xfff3}, {0x4, 0x10}}, [@filter_kind_options=@f_u32={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0xf0ffff, 0x20041090}, 0x0) 12.960729451s ago: executing program 3 (id=526): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="e8000000190001002dbd7000fbdbdf253f202000ff02ff020018000008000100ac1414aac10008"], 0xe8}, 0x1, 0x0, 0x0, 0x44050}, 0x400d090) 12.758870224s ago: executing program 3 (id=528): ioctl$DRM_IOCTL_AGP_ACQUIRE(0xffffffffffffffff, 0x6430) (async) ioctl$DRM_IOCTL_AGP_ACQUIRE(0xffffffffffffffff, 0x6430) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x39) ioctl$KVM_XEN_HVM_CONFIG(r0, 0x4038ae7a, &(0x7f0000000140)={0x400, 0xb40, &(0x7f0000000000)="b50a000d7684f0389b4824a151708ffe529aa7c5b6b3628222d4373e5bec5f6efc6366ad6be40c6771abde43800b8a6051a11f83aa47367d333fb4e797e466e903ee6c88d914a21e99c9c2767a8eb7215d88a7", &(0x7f0000000080)="1e2b0f5fa3ee647e7a6c424c0a2316c9b772ccfccf4ae311e64e2a484cecb4d91ce3d1eef91dc875f322e8b7d719bd0d0685241fef9aa0270561e4cba82482afa888dbf9847175b2ec6907adf5d8d0c3bad93ebeaaa416cd9474ff0e647763abee545c98957a92f4795b39ada2b31577bd9b6dbd882bb4234dc685bd290c3a5b4b55c0c91d5a9254181e8279cd314d18467c898265098a53088fabe872ef215925e49031b65febc93e7216931a9b3c49c2bb605e06f5e8", 0x53, 0xb7}) ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f0000000180)={0x7, 0x5}) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r1, 0x8008f513, &(0x7f00000001c0)) fsopen(&(0x7f0000000200)='ceph\x00', 0x0) (async) fsopen(&(0x7f0000000200)='ceph\x00', 0x0) openat$nullb(0xffffff9c, &(0x7f0000000240), 0x6248c0, 0x0) (async) r2 = openat$nullb(0xffffff9c, &(0x7f0000000240), 0x6248c0, 0x0) ioctl$BLKROSET(r2, 0x125d, &(0x7f0000000280)=0x8) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x40010, r1, 0x7c2a3000) socket$inet_sctp(0x2, 0x1, 0x84) (async) socket$inet_sctp(0x2, 0x1, 0x84) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(r3, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x34, r4, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@ETHTOOL_A_PAUSE_AUTONEG={0x5}, @ETHTOOL_A_PAUSE_TX={0x5}, @ETHTOOL_A_PAUSE_AUTONEG={0x5, 0x2, 0x1}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0xc841}, 0x14) (async) sendmsg$ETHTOOL_MSG_PAUSE_SET(r3, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x34, r4, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@ETHTOOL_A_PAUSE_AUTONEG={0x5}, @ETHTOOL_A_PAUSE_TX={0x5}, @ETHTOOL_A_PAUSE_AUTONEG={0x5, 0x2, 0x1}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0xc841}, 0x14) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xe) ioctl$KVM_CAP_HYPERV_SEND_IPI(r5, 0x4068aea3, &(0x7f0000000400)) r6 = openat$snapshot(0xffffff9c, &(0x7f0000000480), 0x200000, 0x0) ioctl$SNAPSHOT_FREE_SWAP_PAGES(r6, 0x3309) r7 = syz_open_dev$vcsn(&(0x7f00000004c0), 0x214d340, 0x200000) connect$inet6(r7, &(0x7f0000000500)={0xa, 0x4e21, 0x3, @private0, 0xbbea}, 0x1c) open_tree(r7, &(0x7f0000000540)='./file0\x00', 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r7, 0xc0189373, &(0x7f0000000580)={{0x1, 0x1, 0x18, r3, {0x8813}}, './file0\x00'}) ioctl$FS_IOC_GETFSLABEL(r8, 0x81009431, &(0x7f00000005c0)) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nbd(&(0x7f0000000700), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r9, &(0x7f0000000800)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000740)={0x6c, r10, 0x400, 0x70bd29, 0x25dfdbfd, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x3}, @NBD_ATTR_SOCKETS={0x4c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r8}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r3}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r8}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r7}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r8}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20008081}, 0x40) (async) sendmsg$NBD_CMD_CONNECT(r9, &(0x7f0000000800)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000740)={0x6c, r10, 0x400, 0x70bd29, 0x25dfdbfd, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x3}, @NBD_ATTR_SOCKETS={0x4c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r8}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r3}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r8}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r7}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r8}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20008081}, 0x40) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r8, 0x4068aea3, &(0x7f0000000840)) (async) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r8, 0x4068aea3, &(0x7f0000000840)) accept4$x25(0xffffffffffffffff, &(0x7f00000008c0), &(0x7f0000000900)=0x12, 0x800) landlock_create_ruleset(&(0x7f0000000940)={0x10020, 0x1}, 0x18, 0x1) (async) r11 = landlock_create_ruleset(&(0x7f0000000940)={0x10020, 0x1}, 0x18, 0x1) landlock_restrict_self(r11, 0x0) (async) landlock_restrict_self(r11, 0x0) 12.638553124s ago: executing program 2 (id=529): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000080), 0x20a00, 0x0) r1 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xffffffffffffffff) r2 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, r1) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000080)) ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000040)=0xdfe5) setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, &(0x7f0000005e40)="170000000a0001000003d68c5ee17688a2003208020300ecff3f0200000300000a000000009afc5ad9485bbb6a880000d6c8db0000dba67e060180000a0000f10607bdff59100ac45761407a681f009cee4a5acb3da400001fb700674f19b44e09f9315033bf79ac2dff060115003901000000000000ea000000000000000009ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e00000000000000000", 0xb6) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x100000000000000, 0x0}}, 0xfc36) r4 = openat$ptp1(0xffffff9c, 0x0, 0x40882, 0x0) syz_open_dev$cec(0x0, 0x0, 0xe8c00) syz_init_net_socket$llc(0x1a, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180), 0x80200, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$kcm(0x11, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r4}, './file0\x00'}) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r6, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=ANY=[@ANYBLOB], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0, 0xfffffffffffffffd, 0x1000001000, 0x46}, 0x0, 0x0, 0x0, 0x0) keyctl$link(0x8, r1, r2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x11) ioctl$VT_RESIZE(r0, 0x8924, 0x0) 12.533539198s ago: executing program 3 (id=531): openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000640)=[{&(0x7f0000000480)=""/134, 0x86}], 0x1, 0x800, 0x78) socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@newtaction={0x1fc, 0x30, 0x301, 0x0, 0x0, {}, [{0x1e8, 0x1, [@m_csum={0x194, 0x1a, 0x0, 0x0, {{0x9}, {0xac, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x5, 0x1ff, 0x20000000, 0x4, 0xb}, 0x2f}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x1, 0x9, 0x2, 0x6}, 0x55}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x6, 0x60c, 0x7, 0x10000, 0x9}, 0x4c}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x6, 0x7fffffff, 0x20000000, 0x9, 0x3}, 0x2b}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xfffffffffffffff8, 0xa, 0x1}, 0x23}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x6, 0x8, 0x6, 0x8, 0xffffba68}, 0x13}}]}, {0xbd, 0x6, "6ba4ea95b16498ad6d0eca6d45ba37675bd94a46f8160bf26cfb5f55b0c19b7b3c2f15c2afc036ab7733b0912269b8f5a6d5dc5ca3e50ea7942fa19def3bd9d759a547dd6db9622ab6ec327f70622eefeaf820eb37f385e240fb988992663aa963132d495974a13bee34393809f24996c92c07705c57ffa0fe1bb7317f4f15fdce181ebec7f0e24a9df0e8ef2dd65367737c6370bf8f161afda00e5f545a4a75c40f7bf8acf99e8473bcd8938a44749478c0b4bae5230a6a2b"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_ife={0x50, 0x1a, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0xfffffffd}}}]}, {0xb, 0x6, "9034c33ff17a6d"}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x1fc}, 0x1, 0x0, 0x0, 0x1000}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socket(0x10, 0x2, 0x0) r0 = mq_open(&(0x7f0000000180)='\xc5\xa0;L\xb1\xe4\x9cD\xa6\xaf\xe6\xabN\x1e\x8d\x9e\x95\x89\x00'/28, 0x40, 0x118, 0x0) mq_notify(r0, &(0x7f0000000000)={0x110c230000, 0x3, 0x2, @thr={0x0, 0x0}}) close(0x3) mq_notify(r0, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shutdown(0xffffffffffffffff, 0x1) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x87d4b69a72310a97) r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) r5 = gettid() bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0xe4}, 0x94) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) tkill(r5, 0xb) 10.844419402s ago: executing program 2 (id=533): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=0xffffffffffffffff], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYRES16=r0], 0x48) close(0x3) r3 = syz_open_dev$mouse(&(0x7f00000001c0), 0x2, 0x6c2ac1) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000200)='nv', 0x2) r4 = openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x40, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x4) r5 = dup(r4) ioctl$SIOCSIFHWADDR(r5, 0x8925, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa5bc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x50) r6 = socket(0x10, 0x3, 0x0) sendmmsg(r6, &(0x7f0000000000), 0x400000000000235, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x62) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave']) chdir(&(0x7f0000000240)='./file0\x00') r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r7, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x101) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r8, &(0x7f0000000240), 0x3af4701e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r8, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000380)={0x40, 0x1, 0x3}, 0x10) chdir(&(0x7f00000003c0)='./bus\x00') fadvise64(0xffffffffffffffff, 0xfff, 0x8, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0800000004000000080000000900000000040000", @ANYRES32=0x1, @ANYBLOB="14d5a80000000000000000001002000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="010000000400"/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x1e, 0x0, &(0x7f0000000440)=ANY=[@ANYRES64=r1, @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) 10.606414797s ago: executing program 1 (id=535): mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) mkdirat(0xffffffffffffff9c, &(0x7f00000021c0)='./file0\x00', 0x2d) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) clock_adjtime(0x0, &(0x7f0000000100)={0x2, 0x6a, 0x5, 0x8000000000000001, 0x48c, 0x5, 0xd, 0x424, 0x2, 0xffffffffffffffff, 0xf423f, 0xfffffffffffffff9, 0x7, 0x2, 0x1000000081, 0x5, 0x0, 0x5, 0x0, 0x9220000000000000, 0x3, 0x0, 0x80000001, 0x0, 0x5, 0x7}) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x22) r2 = syz_open_dev$vim2m(&(0x7f0000000180), 0x8004, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, 0x0) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x50) unshare(0x65e59e8cd08e8514) timer_create(0x6, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) syz_open_dev$admmidi(&(0x7f0000000080), 0x2, 0x242c3) ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r3, 0x4018f50b, &(0x7f0000000100)={0xfffffffb, 0x0, 0x40}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000000) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="600000000206010800000000000000000000000005000400000000000900020073797a31000000001400078008001240000000000500140008000000050005000a000000050001000600000011000300686173683a6970"], 0x60}}, 0x0) 9.915132674s ago: executing program 3 (id=536): socket$inet6(0xa, 0x805, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fsopen(&(0x7f0000000180)='btrfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r2 = getpgrp(0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5) r3 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$SEG6_CMD_SETHMAC(r3, 0x0, 0x0) r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r5, 0x40186f40, &(0x7f0000000440)=0x10) r6 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r7 = syz_open_dev$dri(&(0x7f00000008c0), 0x1, 0x400) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r7, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r8, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r7, 0xc06864ce, &(0x7f0000000340)={r9, 0x101, 0x100003, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], [0x0, 0x7, 0x0, 0xffffeffc], [0x81, 0x80000006, 0x2], [0x5, 0x0, 0x4, 0x800003]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r6, 0xc00c642d, &(0x7f0000000080)={r10, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r11}) r12 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r12, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) 9.335991137s ago: executing program 2 (id=537): r0 = syz_open_dev$vbi(&(0x7f0000000740), 0x2, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, 0x0) 9.131112928s ago: executing program 0 (id=538): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000440)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000640)={0x20, r1, 0x1, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_REKEY_DATA={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4010000}, 0x4000000) 9.016615289s ago: executing program 1 (id=539): socket$inet6(0xa, 0x2, 0x0) close(0x3) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x1214040, 0x0) r3 = openat(r2, 0x0, 0x351004, 0x0) getdents64(r3, &(0x7f0000005140)=""/4103, 0x1007) unshare(0x28000600) syz_open_dev$dvb_frontend(0x0, 0x0, 0x40002) sched_setaffinity(r0, 0x8, &(0x7f0000000100)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000005580)=""/102392, 0x18ff8) r5 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_opts(r5, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f00000000c0)='veth0_to_bond\x00', 0x10) connect$inet(r5, &(0x7f0000000080)={0x2, 0x4e20, @private=0xa010100}, 0x10) sendmmsg$inet(r5, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0, 0x0, 0x0, 0x0, 0xe0}, 0xe000}], 0x68000, 0xe000) socket(0x0, 0x1, 0xfe) 8.971412519s ago: executing program 0 (id=540): bind$llc(0xffffffffffffffff, &(0x7f0000000040)={0x1a, 0x200, 0x7, 0x2, 0x8, 0x10, @remote}, 0x10) clock_nanosleep(0x1, 0x891db894d17f9ce9, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x400000, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) renameat2(0xffffffffffffffff, &(0x7f00000002c0)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffffff, 0x0, 0x1) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x101000, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x18, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) landlock_restrict_self(r2, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000400), 0x8080, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) pselect6(0x40, &(0x7f0000000000)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x8000000000000001}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xfffffffffffffffe, 0x9, 0x1000000, 0xf, 0x80000006}, 0x0, 0x0) 8.970943786s ago: executing program 2 (id=541): bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x7, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000040095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) connect$unix(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) timer_create(0x3, 0x0, &(0x7f0000000300)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_gettime(0x0, &(0x7f0000000000)) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f00000002c0)={0x84, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e1c, 0x3, 'wrr\x00', 0x5, 0x80, 0x1b}, 0x2c) r1 = socket$kcm(0xa, 0x2, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x87, @multicast1, 0x4e21, 0xffffffff, 'lblc\x00', 0x23, 0x81, 0x5}, {@dev={0xac, 0x14, 0x14, 0x28}, 0x6e23, 0x10000, 0x1cb, 0x9, 0x12d5c}}, 0x44) sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev={0xfe, 0x80, '\x00', 0x2}}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x10, 0x1, 0x24, 0x3}}], 0x10}, 0x40004) ioctl$SOUND_PCM_READ_BITS(0xffffffffffffffff, 0x80045005, &(0x7f0000000200)) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0xc0286687, &(0x7f0000000100)={0x3, 0x8000000000000000, 0x0, 0x0}) 5.295169061s ago: executing program 0 (id=542): r0 = syz_io_uring_setup(0x223f, &(0x7f0000000100)={0x0, 0xe510, 0x100, 0x2, 0x1cd}, &(0x7f0000000040), &(0x7f00000000c0), &(0x7f0000000000)) mremap(&(0x7f0000000000/0x9000)=nil, 0xa00000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) io_uring_register$IORING_REGISTER_NAPI(r0, 0x1b, &(0x7f0000000000)={0xffff, 0x6}, 0x1) (fail_nth: 1) 5.219625716s ago: executing program 2 (id=543): r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000280)=ANY=[@ANYRES64, @ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x23, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) r2 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000400)='.log\x00', 0x80, 0x2b) ioctl$TCFLSH(r2, 0x540b, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) mount$fuse(0x0, &(0x7f0000000440)='./cgroup\x00', &(0x7f0000000480), 0x200008, &(0x7f0000000640)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB="2c653d30303030303030303030300918300000000032303030302c757365725f69649ccc2b94e91f", @ANYRESDEC, @ANYBLOB=',group_id=', @ANYRESDEC=r1, @ANYRES64]) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000e00)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000002c0)={0x9, @pix={0xb, 0x9, 0x30324c4a, 0x7, 0xe, 0x8, 0x4, 0xa, 0x0, 0x2, 0x0, 0x3}}) mount(&(0x7f0000000080)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='affs\x00', 0xa08410, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) setsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast2, @in6=@private2, 0x0, 0x0, 0x4e21, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x100000000000}, {}, 0x0, 0x0, 0x1, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, 0x0, 0x33}, 0x0, @in=@loopback, 0xfffffffe, 0x0, 0x0, 0xb7, 0xfffffffe}}, 0xe4) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000026ffffff000000000000000085000091200000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x41100}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r8, 0x0, 0xe, 0x0, &(0x7f0000000100)="b34715ecd04550d3abc89b6f7bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r9, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="8c000000030701020000000000000000030000000c000640000000000000040008000540000000010c00034000000000000000070c000240000000000000046e0900010b000000300000000034000780080001400000000008000140fffff80108000240000007ff0800014000000010080002400000000608000140000000090c00024000000000000000ffe9bf018aa18882bc19a109f959d9e0c15e3862c45b3584ed5e5c199963994ea61774262be1e81591ec9e0a56ce6c5ce744a7d26ae4787e68f1593e9ef6804238b2c990e6e83274de2a00c2471c909beb6731ecfce3a894d5a796d20cd04a86bef2a2f19c58c4d9e1ea1e7ded219c564764019b0b84db07c4dc5c4fa8efa78c6261253d30ba890f0192519fa929b25700330c25ccc39863776853aa8ab129e51829f0ff60f2a24b7271405495f22808fc7a5a354bafa36653f43c80a70822ba040e14d9f28eb10be2e911bd94df7e329969f6"], 0x8c}, 0x1, 0x0, 0x0, 0x24048001}, 0x40) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1}) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x13, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="85000000aa00000015000000000000006e0000000000000095001a00130fc029e2000000"], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x4}, 0x94) connect$inet(r2, &(0x7f00000003c0)={0x2, 0x4e21, @empty}, 0x10) 4.817455271s ago: executing program 0 (id=544): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x4c1}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x4, 0x0, 0x0, 0x1000, &(0x7f0000004000/0x1000)=nil}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MEMORY_ATTRIBUTES(r1, 0x4020aed2, &(0x7f0000000000)={0xd000, 0xe000, 0x8}) 3.48050308s ago: executing program 2 (id=545): socket$inet6_mptcp(0xa, 0x1, 0x106) r0 = userfaultfd(0x80001) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="796112000000000000007e0000002561d0a7b7e81648c519a977ce2b02f5732faf463adc5b1b32a18818c4ee645ded79ba5b8c5d7fa0c466b989acaf879043aaa4f32b512fcf7b30c64abfe6b5dfc20136481fffe9d1a8ec7ff39341d396ff257e62002dd2453b567e8fa10a708c15d3b86d5f70c42f925e3055c3f248b9df6b021c201fed81944d9a81ec7d1ec5c5e467a203194f255952a10cd54d26f876a15020afaf6b23d001981135019e5a4d4deb0000"], 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x4040800) r6 = socket$inet_icmp(0x2, 0x2, 0x1) sendmmsg$inet(r6, 0x0, 0x0, 0x20000054) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x27c}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) munmap(&(0x7f0000c68000/0x2000)=nil, 0x2000) socket$nl_route(0x10, 0x3, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000400)="2ae0e7", 0x3, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x81, @local}, 0x1c) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x10162, 0x0) r7 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, 0x0) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r8 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') sendfile(r8, r8, 0x0, 0x7) 550.309571ms ago: executing program 0 (id=546): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000100)}, 0x1c) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x16ba82, 0x1) write$cgroup_int(r1, &(0x7f00000006c0)=0x4, 0x12) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r4, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYRESHEX=r4, @ANYRESDEC=r2, @ANYRESDEC=r0], 0x48}, 0x1, 0x0, 0x0, 0x80000}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000600)=@gettfilter={0x24, 0x2e, 0x4, 0x709d2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, {0xffe0, 0x8}, {0xfff3, 0x8}, {0x5, 0x3}}}, 0x24}, 0x1, 0x0, 0x0, 0x20040000}, 0x4000800) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@gettfilter={0x3c, 0x2e, 0x2, 0x70bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x8, 0xa}, {0xfff2, 0x1}, {0x6, 0xfff2}}, [{0x8, 0xb, 0x7}, {0x8, 0xb, 0x1}, {0x8, 0xb, 0x10000}]}, 0xfffffffffffffd56}, 0x1, 0x0, 0x0, 0x4010}, 0x0) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x2b51, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1}, 0x50) r7 = syz_open_dev$tty20(0xc, 0x4, 0x0) capset(&(0x7f0000a31000)={0x20080522}, &(0x7f0000000080)={0x0, 0x7ff, 0x0, 0x0, 0x9}) ioctl$VT_RELDISP(r7, 0x4b52) r8 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet6_mtu(r8, 0x29, 0x17, &(0x7f00000002c0)=0x5, 0x4) sendmmsg$inet6(r8, &(0x7f00000035c0)=[{{&(0x7f0000001040)={0xa, 0x4e21, 0xd, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000003500)=ANY=[@ANYBLOB="1d009dcb37e03a3305e000000900000000000000"], 0x18}}], 0x1, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0xc, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000005000000008000cfc4c20dac93005eb9cc0f0002000000182200005ea6f0be6d91364113e24d4aeb304b63b95a6211b403ce0ca1389fef0dcb6e543df77f418609a1cf", @ANYRES32=r0, @ANYBLOB="0000000000000080a493300000000000852000000500000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000009500000000000000"], &(0x7f0000000240)='GPL\x00', 0x9, 0xda, &(0x7f00000002c0)=""/218, 0x40f00, 0x0, '\x00', r5, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000003c0)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000400)={0x1, 0x3, 0xffff5634, 0xea}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000500)=[r6, 0xffffffffffffffff, 0x1, r9], 0x0, 0x10, 0x4}, 0x94) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r10 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r11 = syz_genetlink_get_family_id$smc(&(0x7f00000003c0), r10) sendmsg$SMC_PNETID_DEL(r1, &(0x7f00000004c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x48, r11, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'xfrm0\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x20040840}, 0x4000105) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r3, 0x50009404, &(0x7f0000000840)) ioctl$XFS_IOC_PATH_TO_FSHANDLE(r10, 0xc01c5868, &(0x7f00000001c0)={r10, &(0x7f0000000040)=':!&$\x00', 0x800, &(0x7f0000000080)={@align=0xffffffffffffffff, {0xad, 0x0, 0xfffffc24, 0x8}}, 0x9, &(0x7f00000000c0), &(0x7f0000000100)}) mkdirat(r10, &(0x7f0000000200)='./file0\x00', 0xc8) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) r12 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x802, 0x0) write$UHID_CREATE2(r12, &(0x7f0000000500)=ANY=[@ANYBLOB="0b00000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) 0s ago: executing program 0 (id=547): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x3c) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/devices.allow\x00', 0x2, 0xc8) (async) mount$9p_virtio(&(0x7f0000000340), &(0x7f00000003c0)='./cgroup.net/devices.allow\x00', &(0x7f0000000400), 0x8, &(0x7f0000000540)={'trans=virtio,', {[{@access_any}, {@loose}, {@version_9p2000}], [{@rootcontext={'rootcontext', 0x3d, 'system_u'}}, {@obj_user={'obj_user', 0x3d, 'vxcan0\x00'}}, {@fowner_eq}]}}) ioctl$TIOCMGET(r2, 0x5415, &(0x7f0000000180)) (async) open_by_handle_at(r2, &(0x7f0000000140)=@ceph_nfs_fh={0x8, 0x1, {0x80}}, 0x4f0280) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x5, 0x4, 0x4, 0xa, 0x0, 0x1}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r4}, 0xc) (async) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680)) (async) r5 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r5, &(0x7f0000000380)={0x1d, r6, 0x2, {0x2, 0x0, 0x2}}, 0x18) sendmsg$IPVS_CMD_NEW_DEST(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x500}, 0x1, 0x0, 0x0, 0x24008807}, 0x8010) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x8031, 0xffffffffffffffff, 0x0) (async) bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0)={0x0, r0}, 0x8) (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) (async) lgetxattr(0x0, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a70000000060a090400000000000000000200fffe0900020073797a32000000000900010073797a30000000004400048024000180090001006d6574610000000014000280080001400000000108000240000000171c000180090001006d617371000000000c000280080002400000000814000000110001"], 0x98}, 0x1, 0x0, 0x0, 0x24040800}, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$rds(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@mask_fadd={0x58, 0x114, 0x8, {{0xf, 0x1}, 0x0, 0x0, 0x5, 0xfffffffffffffffe, 0x7, 0x3, 0x28, 0x5}}], 0x58}, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000440)=@newqdisc={0x74, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {}, {0xfffb, 0xe}, {0x10, 0xfff3}}, [@TCA_STAB={0x50, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xfa, 0xc, 0xc, 0xedea, 0x0, 0x4, 0x57, 0x4}}, {0xc, 0x2, [0x3, 0xd0, 0x0, 0xd]}}, {{0x1c, 0x1, {0x4, 0x3, 0xd8, 0x1, 0x0, 0x400, 0x1, 0x2}}, {0x8, 0x2, [0x9, 0x4]}}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x90}, 0x20000091) (async) r8 = socket$netlink(0x10, 0x3, 0x4) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8b34, &(0x7f0000000000)={'wlan0\x00'}) bind$inet6(r7, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) listen(0xffffffffffffffff, 0x28d6) (async) syz_emit_ethernet(0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff0800450000280000000008004e2200001b000000000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5010000090780000"], 0x0) (async) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:21092' (ED25519) to the list of known hosts. [ 48.437731][ T5717] cgroup: Unknown subsys name 'net' [ 48.582663][ T5717] cgroup: Unknown subsys name 'cpuset' [ 48.590307][ T5717] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 49.697249][ T5717] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 54.689756][ T62] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 54.694000][ T62] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 54.698444][ T62] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 54.709697][ T5744] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 54.718143][ T5744] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 54.719027][ T5749] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 54.720799][ T5747] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 54.722577][ T5744] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 54.723957][ T5747] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 54.724852][ T5749] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 54.727938][ T5749] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 54.732959][ T5100] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 54.736036][ T5749] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 54.739208][ T5100] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 54.747702][ T5100] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 54.789302][ T5100] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 54.794019][ T5100] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 54.798092][ T5100] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 54.803789][ T5100] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 54.807397][ T5100] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 55.391982][ T5737] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.397456][ T5737] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.400977][ T5737] bridge_slave_0: entered allmulticast mode [ 55.405033][ T5737] bridge_slave_0: entered promiscuous mode [ 55.411968][ T5737] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.415060][ T5737] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.418122][ T5737] bridge_slave_1: entered allmulticast mode [ 55.422429][ T5737] bridge_slave_1: entered promiscuous mode [ 55.479951][ T5737] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.522229][ T5737] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.580899][ T5742] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.584170][ T5742] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.587525][ T5742] bridge_slave_0: entered allmulticast mode [ 55.591530][ T5742] bridge_slave_0: entered promiscuous mode [ 55.596781][ T5742] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.599975][ T5742] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.603034][ T5742] bridge_slave_1: entered allmulticast mode [ 55.606748][ T5742] bridge_slave_1: entered promiscuous mode [ 55.632866][ T5737] team0: Port device team_slave_0 added [ 55.657657][ T5737] team0: Port device team_slave_1 added [ 55.705189][ T5737] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.707482][ T5737] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.717641][ T5737] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.723942][ T5742] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.738370][ T5737] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.740899][ T5737] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.749406][ T5737] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.756289][ T5742] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.829405][ T5741] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.834700][ T5741] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.839118][ T5741] bridge_slave_0: entered allmulticast mode [ 55.858513][ T5741] bridge_slave_0: entered promiscuous mode [ 55.944767][ T5742] team0: Port device team_slave_0 added [ 55.950015][ T5741] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.954924][ T5741] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.963967][ T5741] bridge_slave_1: entered allmulticast mode [ 55.969697][ T5741] bridge_slave_1: entered promiscuous mode [ 55.999435][ T5742] team0: Port device team_slave_1 added [ 56.175077][ T5737] hsr_slave_0: entered promiscuous mode [ 56.180542][ T5737] hsr_slave_1: entered promiscuous mode [ 56.195334][ T5741] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.215980][ T5741] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.361669][ T5742] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.364985][ T5742] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 56.393943][ T5742] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.531725][ T5742] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.534322][ T5742] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 56.546618][ T5742] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.562005][ T5757] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.566502][ T5757] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.571513][ T5757] bridge_slave_0: entered allmulticast mode [ 56.575521][ T5757] bridge_slave_0: entered promiscuous mode [ 56.632495][ T5741] team0: Port device team_slave_0 added [ 56.646769][ T5757] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.651144][ T5757] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.654603][ T5757] bridge_slave_1: entered allmulticast mode [ 56.659804][ T5757] bridge_slave_1: entered promiscuous mode [ 56.687479][ T5741] team0: Port device team_slave_1 added [ 56.795166][ T5749] Bluetooth: hci0: command tx timeout [ 56.796982][ T5100] Bluetooth: hci1: command tx timeout [ 56.802382][ T5742] hsr_slave_0: entered promiscuous mode [ 56.803516][ T5742] hsr_slave_1: entered promiscuous mode [ 56.804210][ T5742] debugfs: 'hsr0' already exists in 'hsr' [ 56.804289][ T5742] Cannot create hsr debugfs directory [ 56.805431][ T5738] Bluetooth: hci2: command tx timeout [ 56.806487][ T5741] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.806517][ T5741] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 56.806538][ T5741] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.833777][ T5757] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.872048][ T5100] Bluetooth: hci3: command tx timeout [ 56.887080][ T5741] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.911442][ T5741] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 56.924277][ T5741] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.966012][ T5757] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.106091][ T5757] team0: Port device team_slave_0 added [ 57.190880][ T5757] team0: Port device team_slave_1 added [ 57.259793][ T5741] hsr_slave_0: entered promiscuous mode [ 57.263779][ T5741] hsr_slave_1: entered promiscuous mode [ 57.267304][ T5741] debugfs: 'hsr0' already exists in 'hsr' [ 57.273810][ T5741] Cannot create hsr debugfs directory [ 57.284314][ T5757] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 57.286948][ T5757] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 57.331381][ T5757] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.426859][ T5757] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.434937][ T5757] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 57.452008][ T5757] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.827117][ T5757] hsr_slave_0: entered promiscuous mode [ 57.832078][ T5757] hsr_slave_1: entered promiscuous mode [ 57.835847][ T5757] debugfs: 'hsr0' already exists in 'hsr' [ 57.841518][ T5757] Cannot create hsr debugfs directory [ 57.852764][ T5737] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 57.892783][ T5737] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 57.913068][ T5737] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 57.939285][ T5737] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 57.996812][ T5737] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 58.012645][ T5737] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 58.073801][ T5737] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 58.086267][ T5737] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 58.286663][ T5742] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 58.294292][ T5742] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 58.340492][ T5742] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 58.346625][ T5742] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 58.350547][ T5742] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 58.361307][ T5742] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 58.457892][ T5742] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 58.491573][ T5742] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 58.802823][ T5741] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 58.815623][ T5741] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 58.821334][ T5741] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 58.831325][ T5741] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 58.854094][ T5737] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.860673][ T5100] Bluetooth: hci1: command tx timeout [ 58.865656][ T5100] Bluetooth: hci2: command tx timeout [ 58.871868][ T5741] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 58.880210][ T5100] Bluetooth: hci0: command tx timeout [ 58.894928][ T5741] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 58.904839][ T5741] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 58.932242][ T5741] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 58.950318][ T5100] Bluetooth: hci3: command tx timeout [ 59.062852][ T5737] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.200329][ T5757] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 59.256219][ T5757] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 59.309167][ T1182] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.313636][ T1182] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.376866][ T5757] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 59.399582][ T5757] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 59.442812][ T5757] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 59.470207][ T5757] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 59.474928][ T5757] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 59.488234][ T5757] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 59.509891][ T5742] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.575922][ T1182] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.584695][ T1182] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.739456][ T5742] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.831742][ T856] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.835863][ T856] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.924585][ T5741] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.960793][ T856] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.963648][ T856] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.006188][ T5741] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.086967][ T88] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.095157][ T88] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.220061][ T88] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.226081][ T88] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.376651][ T5742] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 60.388828][ T5742] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.437600][ T5757] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.584343][ T5757] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.615563][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.618824][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.632381][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.649217][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.960258][ T5100] Bluetooth: hci2: command tx timeout [ 60.963460][ T5100] Bluetooth: hci0: command tx timeout [ 60.966568][ T5100] Bluetooth: hci1: command tx timeout [ 61.020216][ T5738] Bluetooth: hci3: command tx timeout [ 61.496227][ T5737] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.616350][ T5741] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.783930][ T5737] veth0_vlan: entered promiscuous mode [ 61.824061][ T5737] veth1_vlan: entered promiscuous mode [ 61.882961][ T5742] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.899196][ T5741] veth0_vlan: entered promiscuous mode [ 61.972144][ T5737] veth0_macvtap: entered promiscuous mode [ 61.987418][ T5737] veth1_macvtap: entered promiscuous mode [ 62.003378][ T5741] veth1_vlan: entered promiscuous mode [ 62.044800][ T5737] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.123098][ T5737] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.165104][ T5757] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.169941][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.175471][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.185933][ T5742] veth0_vlan: entered promiscuous mode [ 62.210227][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.217923][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.252276][ T5741] veth0_macvtap: entered promiscuous mode [ 62.323474][ T5741] veth1_macvtap: entered promiscuous mode [ 62.534910][ T5742] veth1_vlan: entered promiscuous mode [ 62.580206][ T5741] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.650217][ T5741] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.790043][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.797587][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.823455][ T856] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.827981][ T856] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.829389][ T88] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.834753][ T856] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.871947][ T88] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.899693][ T5757] veth0_vlan: entered promiscuous mode [ 62.913519][ T88] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.936595][ T5742] veth0_macvtap: entered promiscuous mode [ 62.956715][ T5757] veth1_vlan: entered promiscuous mode [ 63.047801][ T5738] Bluetooth: hci1: command tx timeout [ 63.050665][ T5738] Bluetooth: hci0: command tx timeout [ 63.053317][ T5738] Bluetooth: hci2: command tx timeout [ 63.115598][ T5100] Bluetooth: hci3: command tx timeout [ 63.164953][ T5742] veth1_macvtap: entered promiscuous mode [ 63.228902][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.231905][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.293128][ T5757] veth0_macvtap: entered promiscuous mode [ 63.361969][ T5757] veth1_macvtap: entered promiscuous mode [ 63.366423][ T88] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.369135][ T5737] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 63.405549][ T88] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.422527][ T5742] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.446649][ T5757] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.463466][ T5742] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.576722][ T5757] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.705884][ T1182] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.827123][ T1182] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.835472][ T1182] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.029610][ T1182] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.038127][ T1182] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.086624][ T1182] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.094041][ T1182] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.133291][ T1182] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.223070][ T40] audit: type=1326 audit(1778868994.849:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5897 comm="syz.2.3" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feefcc code=0x7ffc0000 [ 64.251096][ T40] audit: type=1326 audit(1778868994.879:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5897 comm="syz.2.3" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feefcc code=0x7ffc0000 [ 64.288500][ T40] audit: type=1326 audit(1778868994.879:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5897 comm="syz.2.3" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feefcc code=0x7ffc0000 [ 64.315416][ T40] audit: type=1326 audit(1778868994.879:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5897 comm="syz.2.3" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feefcc code=0x7ffc0000 [ 64.378502][ T221] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.384147][ T221] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.582752][ T221] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.613571][ T221] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.673408][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.676653][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.759182][ T88] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.762282][ T88] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.247028][ T40] audit: type=1804 audit(1778868995.869:6): pid=5917 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.9" name="/newroot/2/bus/bus" dev="overlay" ino=36 res=1 errno=0 [ 65.769136][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 74.153056][ T6000] syz.0.31 uses obsolete (PF_INET,SOCK_PACKET) [ 75.880806][ T40] audit: type=1326 audit(1778869006.509:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6017 comm="syz.2.39" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feefcc code=0x7ffc0000 [ 75.941839][ T40] audit: type=1326 audit(1778869006.509:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6017 comm="syz.2.39" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feefcc code=0x7ffc0000 [ 76.017933][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 76.107811][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.130886][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.233614][ T39] hid-generic 0000:0000:0000.0002: hidraw1: HID v0.00 Device [syz1] on syz0 [ 78.248391][ T6046] can0: slcan on ttynull. [ 79.619603][ T6043] can0 (unregistered): slcan off ttynull. [ 80.090571][ T6089] tipc: Started in network mode [ 80.139108][ T6089] tipc: Node identity 9efb15762682, cluster identity 4711 [ 80.144146][ T6089] tipc: Enabled bearer , priority 0 [ 80.158288][ T6090] syzkaller0: entered promiscuous mode [ 80.160676][ T6090] syzkaller0: entered allmulticast mode [ 80.285115][ T6090] tipc: Resetting bearer [ 80.318083][ T6088] tipc: Resetting bearer [ 80.507401][ T6088] tipc: Disabling bearer [ 81.614546][ T6107] netlink: 4 bytes leftover after parsing attributes in process `syz.2.63'. [ 81.660798][ T5822] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 81.936477][ T5822] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 81.941030][ T5822] usb 8-1: config 0 has no interfaces? [ 81.945221][ T5822] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 81.950616][ T5822] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 81.954590][ T5822] usb 8-1: Product: syz [ 81.957171][ T5822] usb 8-1: Manufacturer: syz [ 81.975940][ T5822] usb 8-1: config 0 descriptor?? [ 82.265967][ T6105] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 82.279323][ T6105] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 82.518084][ T5910] usb 8-1: USB disconnect, device number 2 [ 83.343060][ T6122] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 85.084117][ T6158] netlink: 12 bytes leftover after parsing attributes in process `syz.0.82'. [ 85.379941][ T6169] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 86.363914][ T58] cfg80211: failed to load regulatory.db [ 86.528434][ T6183] syzkaller0: entered promiscuous mode [ 86.531731][ T6183] syzkaller0: entered allmulticast mode [ 86.590415][ T6185] netlink: 12 bytes leftover after parsing attributes in process `syz.0.93'. [ 87.060584][ T6196] loop6: detected capacity change from 0 to 2640 [ 87.088303][ T6196] Buffer I/O error on dev loop6, logical block 0, async page read [ 87.112139][ T6196] Buffer I/O error on dev loop6, logical block 0, async page read [ 87.150483][ T6196] Buffer I/O error on dev loop6, logical block 0, async page read [ 87.179721][ T6193] Buffer I/O error on dev loop6, logical block 1, async page read [ 87.183492][ T6193] Buffer I/O error on dev loop6, logical block 1, async page read [ 87.188196][ T6196] Buffer I/O error on dev loop6, logical block 0, async page read [ 87.190314][ T6196] Buffer I/O error on dev loop6, logical block 0, async page read [ 87.190413][ T6196] Buffer I/O error on dev loop6, logical block 0, async page read [ 87.190500][ T6196] Buffer I/O error on dev loop6, logical block 0, async page read [ 87.190566][ T6196] Buffer I/O error on dev loop6, logical block 0, async page read [ 87.190622][ T6196] ldm_validate_partition_table(): Disk read failed. [ 87.190868][ T6196] Dev loop6: unable to read RDB block 0 [ 87.191144][ T6196] loop6: unable to read partition table [ 87.208733][ T6196] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 87.377296][ T5148] ldm_validate_partition_table(): Disk read failed. [ 87.407177][ T5148] Dev loop6: unable to read RDB block 0 [ 87.410330][ T5148] loop6: unable to read partition table [ 87.773040][ T6209] loop6: detected capacity change from 0 to 2640 [ 87.785207][ T6209] ldm_validate_partition_table(): Disk read failed. [ 87.793093][ T6209] Dev loop6: unable to read RDB block 0 [ 87.797539][ T6209] loop6: unable to read partition table [ 87.802037][ T6209] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 87.830262][ T39] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 87.900029][ T5148] ldm_validate_partition_table(): Disk read failed. [ 87.903576][ T5148] Dev loop6: unable to read RDB block 0 [ 87.906294][ T5148] loop6: unable to read partition table [ 88.058939][ T39] usb 5-1: Using ep0 maxpacket: 8 [ 88.100859][ T39] usb 5-1: config index 0 descriptor too short (expected 74, got 45) [ 88.108358][ T39] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 88.126365][ T39] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 88.132653][ T39] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024 [ 88.165337][ T39] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 88.172883][ T39] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 88.189256][ T39] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 88.204237][ T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.238978][ T6222] loop6: detected capacity change from 0 to 2640 [ 88.260083][ T6222] ldm_validate_partition_table(): Disk read failed. [ 88.274283][ T6222] Dev loop6: unable to read RDB block 0 [ 88.283131][ T6222] loop6: unable to read partition table [ 88.286773][ T6222] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 88.458007][ T39] usb 5-1: usb_control_msg returned -32 [ 88.462913][ T39] usbtmc 5-1:16.0: can't read capabilities [ 88.496779][ T6229] netlink: 12 bytes leftover after parsing attributes in process `syz.1.106'. [ 88.918270][ C2] usbtmc 5-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 88.935215][ T6233] usbtmc 5-1:16.0: Unable to send data, error -71 [ 88.954431][ T6233] usbtmc 5-1:16.0: usb_control_msg returned -32 [ 89.002764][ T39] usb 5-1: USB disconnect, device number 2 [ 89.600380][ T6242] openvswitch: netlink: Flow actions attr not present in new flow. [ 90.728291][ T6260] netlink: 4 bytes leftover after parsing attributes in process `syz.0.120'. [ 90.811259][ T6258] syzkaller0: entered promiscuous mode [ 90.814293][ T6258] syzkaller0: entered allmulticast mode [ 97.059390][ T6296] loop6: detected capacity change from 0 to 2640 [ 97.063795][ T6296] buffer_io_error: 91 callbacks suppressed [ 97.063812][ T6296] Buffer I/O error on dev loop6, logical block 0, async page read [ 97.110523][ T6296] Buffer I/O error on dev loop6, logical block 0, async page read [ 97.115235][ T6296] Buffer I/O error on dev loop6, logical block 0, async page read [ 97.121558][ T6296] Buffer I/O error on dev loop6, logical block 0, async page read [ 97.166759][ T6296] Buffer I/O error on dev loop6, logical block 0, async page read [ 97.171446][ T6296] Buffer I/O error on dev loop6, logical block 0, async page read [ 97.175533][ T6296] Buffer I/O error on dev loop6, logical block 0, async page read [ 97.183544][ T6296] Buffer I/O error on dev loop6, logical block 0, async page read [ 97.187695][ T6296] ldm_validate_partition_table(): Disk read failed. [ 97.191923][ T6296] Buffer I/O error on dev loop6, logical block 0, async page read [ 97.196413][ T6296] Buffer I/O error on dev loop6, logical block 0, async page read [ 97.201345][ T6296] Dev loop6: unable to read RDB block 0 [ 97.204702][ T6296] loop6: unable to read partition table [ 97.222084][ T6296] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 97.508807][ T5743] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 97.699993][ T5148] ldm_validate_partition_table(): Disk read failed. [ 97.703073][ T6312] netlink: 4 bytes leftover after parsing attributes in process `syz.2.132'. [ 97.703232][ T5148] Dev loop6: unable to read RDB block 0 [ 97.719667][ T5148] loop6: unable to read partition table [ 97.742345][ T5743] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 97.815918][ T5743] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 97.846751][ T5743] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 97.888722][ T5743] usb 8-1: Product: syz [ 97.913199][ T5743] usb 8-1: Manufacturer: syz [ 97.915696][ T5743] usb 8-1: SerialNumber: syz [ 98.273220][ T6318] Zero length message leads to an empty skb [ 98.329981][ T6316] syzkaller0: entered promiscuous mode [ 98.340648][ T6316] syzkaller0: entered allmulticast mode [ 98.355221][ T5743] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 98.701632][ C0] usblp0: nonzero write bulk status received: -71 [ 98.776444][ T3969] usb 8-1: USB disconnect, device number 3 [ 98.790034][ T6335] netlink: 4 bytes leftover after parsing attributes in process `syz.1.138'. [ 98.814550][ T3969] usblp0: removed [ 100.885246][ T5743] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 101.186281][ T5743] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 101.252123][ T5743] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 101.257555][ T5743] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 101.278089][ T5743] usb 8-1: Product: syz [ 101.290378][ T5743] usb 8-1: Manufacturer: syz [ 101.297344][ T5743] usb 8-1: SerialNumber: syz [ 101.830538][ T5743] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 102.107901][ T5743] usb 8-1: USB disconnect, device number 4 [ 102.114964][ C1] usblp0: nonzero write bulk status received: -108 [ 102.136395][ T5743] usblp0: removed [ 103.282666][ T40] audit: type=1326 audit(1778869033.909:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6351 comm="syz.3.142" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700efcc code=0x7ffc0000 [ 103.307930][ T40] audit: type=1326 audit(1778869033.909:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6351 comm="syz.3.142" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700efcc code=0x7ffc0000 [ 105.782315][ T6368] loop6: detected capacity change from 0 to 2640 [ 105.789361][ T6368] buffer_io_error: 34 callbacks suppressed [ 105.789383][ T6368] Buffer I/O error on dev loop6, logical block 0, async page read [ 105.795850][ T6368] Buffer I/O error on dev loop6, logical block 0, async page read [ 105.801319][ T6368] Buffer I/O error on dev loop6, logical block 0, async page read [ 105.810255][ T6368] Buffer I/O error on dev loop6, logical block 0, async page read [ 105.819080][ T6368] Buffer I/O error on dev loop6, logical block 0, async page read [ 105.828967][ T6368] Buffer I/O error on dev loop6, logical block 0, async page read [ 105.833083][ T6368] Buffer I/O error on dev loop6, logical block 0, async page read [ 105.846588][ T6368] Buffer I/O error on dev loop6, logical block 0, async page read [ 105.850488][ T6368] ldm_validate_partition_table(): Disk read failed. [ 105.867837][ T6368] Buffer I/O error on dev loop6, logical block 0, async page read [ 105.871311][ T6368] Buffer I/O error on dev loop6, logical block 0, async page read [ 105.875191][ T6368] Dev loop6: unable to read RDB block 0 [ 105.881013][ T6368] loop6: unable to read partition table [ 105.883500][ T6368] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 105.938907][ T5743] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 106.130399][ T5743] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 106.132533][ T6375] binder: BINDER_SET_CONTEXT_MGR already set [ 106.169802][ T5743] usb 6-1: config 0 has no interfaces? [ 106.188981][ T6375] binder: 6371:6375 ioctl 4018620d 80004a80 returned -16 [ 106.191033][ T5743] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 106.237797][ T5743] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 106.241337][ T5743] usb 6-1: Product: syz [ 106.243218][ T5743] usb 6-1: Manufacturer: syz [ 106.294630][ T5743] usb 6-1: config 0 descriptor?? [ 106.610929][ T6364] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 106.630476][ T6364] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 106.661090][ T6380] syzkaller0: entered promiscuous mode [ 106.663779][ T6380] syzkaller0: entered allmulticast mode [ 106.732487][ T6382] Failed to enqueue queue_pair DETACH event datagram for context (ID=0x10) [ 106.747703][ T5822] usb 6-1: USB disconnect, device number 2 [ 115.786325][ T6396] tipc: Enabling of bearer rejected, failed to enable media [ 115.796444][ T6399] syzkaller0: entered promiscuous mode [ 115.801813][ T6399] syzkaller0: entered allmulticast mode [ 116.234527][ T6445] syzkaller0: entered promiscuous mode [ 116.249959][ T6445] syzkaller0: entered allmulticast mode [ 116.544108][ T6463] syzkaller0: entered promiscuous mode [ 116.598076][ T6463] syzkaller0: entered allmulticast mode [ 116.948757][ T9] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 117.116158][ T9] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 117.136901][ T9] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 117.141180][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 117.146679][ T9] usb 6-1: Product: syz [ 117.148829][ T9] usb 6-1: Manufacturer: syz [ 117.154155][ T9] usb 6-1: SerialNumber: syz [ 117.408195][ T9] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 117.759747][ T5822] usb 6-1: USB disconnect, device number 3 [ 117.781649][ T5822] usblp0: removed [ 117.858978][ T3969] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 118.064433][ T3969] usb 5-1: Using ep0 maxpacket: 16 [ 118.086942][ T3969] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 118.098810][ T58] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 118.099344][ T3969] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 118.125078][ T3969] usb 5-1: New USB device found, idVendor=1532, idProduct=011b, bcdDevice= 0.00 [ 118.134715][ T3969] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.141813][ T3969] usb 5-1: config 0 descriptor?? [ 118.290849][ T58] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 118.302393][ T58] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 118.314816][ T58] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 118.327717][ T58] usb 8-1: Product: syz [ 118.336554][ T58] usb 8-1: Manufacturer: syz [ 118.344994][ T58] usb 8-1: SerialNumber: syz [ 118.630067][ T3969] usbhid 5-1:0.0: can't add hid device: -71 [ 118.640534][ T3969] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 118.647656][ T3969] usb 5-1: USB disconnect, device number 3 [ 118.929000][ T58] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 119.119006][ T6491] can0: slcan on ttynull. [ 119.217732][ T5848] usb 8-1: USB disconnect, device number 5 [ 119.221514][ C3] usblp0: nonzero write bulk status received: -71 [ 119.469525][ T5848] usblp0: removed [ 120.091263][ T6486] can0 (unregistered): slcan off ttynull. [ 120.428947][ T5848] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 120.432885][ C2] raw-gadget.0 gadget.0: ignoring, device is not running [ 120.587056][ T5848] usb 5-1: device descriptor read/64, error -32 [ 120.634882][ T6508] netlink: 4 bytes leftover after parsing attributes in process `syz.3.177'. [ 120.863844][ T5848] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 121.123931][ T5848] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 121.208425][ T3969] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 121.348114][ T5848] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 121.370858][ T5848] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 121.402281][ T3969] usb 6-1: Using ep0 maxpacket: 16 [ 121.429950][ T5848] usb 5-1: Product: syz [ 121.433437][ T5848] usb 5-1: Manufacturer: syz [ 121.436079][ T5848] usb 5-1: SerialNumber: syz [ 121.450194][ T3969] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 121.463949][ T3969] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 121.543407][ T3969] usb 6-1: New USB device found, idVendor=1532, idProduct=011b, bcdDevice= 0.00 [ 121.549013][ T3969] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.565048][ T3969] usb 6-1: config 0 descriptor?? [ 121.814318][ T5848] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 122.135392][ T3969] usbhid 6-1:0.0: can't add hid device: -71 [ 122.155695][ T3969] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 122.184877][ T3969] usb 6-1: USB disconnect, device number 4 [ 122.331979][ T5848] usb 5-1: USB disconnect, device number 5 [ 122.337651][ C3] usblp0: nonzero write bulk status received: -71 [ 122.346273][ T6499] usblp0: removed [ 123.059915][ T6528] syzkaller0: entered promiscuous mode [ 123.073558][ T6528] syzkaller0: entered allmulticast mode [ 130.202080][ T6581] syzkaller0: entered promiscuous mode [ 130.204203][ T6581] syzkaller0: entered allmulticast mode [ 136.693424][ T6614] loop6: detected capacity change from 0 to 2640 [ 136.706291][ T6614] buffer_io_error: 11 callbacks suppressed [ 136.706310][ T6614] Buffer I/O error on dev loop6, logical block 0, async page read [ 136.715595][ T6614] Buffer I/O error on dev loop6, logical block 0, async page read [ 136.738336][ T5848] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 136.778062][ T6614] Buffer I/O error on dev loop6, logical block 0, async page read [ 136.801366][ T6616] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0xc800 phys_seg 128 prio class 2 [ 136.808472][ T6614] Buffer I/O error on dev loop6, logical block 0, async page read [ 136.829751][ T6616] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0xc800 phys_seg 128 prio class 2 [ 136.835960][ T6614] Buffer I/O error on dev loop6, logical block 0, async page read [ 136.850790][ T6614] Buffer I/O error on dev loop6, logical block 0, async page read [ 136.854273][ T6614] Buffer I/O error on dev loop6, logical block 0, async page read [ 136.854786][ T6616] I/O error, dev loop6, sector 1008 op 0x1:(WRITE) flags 0xc800 phys_seg 128 prio class 2 [ 136.877755][ T6614] Buffer I/O error on dev loop6, logical block 0, async page read [ 136.877881][ T6614] ldm_validate_partition_table(): Disk read failed. [ 136.877926][ T6614] Buffer I/O error on dev loop6, logical block 0, async page read [ 136.878060][ T6614] Buffer I/O error on dev loop6, logical block 0, async page read [ 136.878355][ T6614] Dev loop6: unable to read RDB block 0 [ 136.879113][ T6614] loop6: unable to read partition table [ 136.891737][ T6614] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 136.910716][ T6616] I/O error, dev loop6, sector 1008 op 0x1:(WRITE) flags 0xc800 phys_seg 128 prio class 2 [ 136.911592][ T6616] I/O error, dev loop6, sector 2016 op 0x1:(WRITE) flags 0x8800 phys_seg 3 prio class 2 [ 136.911621][ T6616] I/O error, dev loop6, sector 2016 op 0x1:(WRITE) flags 0x8800 phys_seg 3 prio class 2 [ 136.911692][ T6616] I/O error, dev loop6, sector 2032 op 0x1:(WRITE) flags 0x8800 phys_seg 77 prio class 2 [ 136.911714][ T6616] I/O error, dev loop6, sector 2032 op 0x1:(WRITE) flags 0x8800 phys_seg 77 prio class 2 [ 137.049514][ T5848] usb 5-1: config 0 has no interfaces? [ 137.109704][ T5848] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 137.114740][ T5848] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 137.143026][ T5848] usb 5-1: Product: syz [ 137.145118][ T5848] usb 5-1: Manufacturer: syz [ 137.153265][ T5848] usb 5-1: config 0 descriptor?? [ 137.389983][ T6621] loop6: detected capacity change from 0 to 2640 [ 137.400084][ T6621] ldm_validate_partition_table(): Disk read failed. [ 137.404641][ T6621] Dev loop6: unable to read RDB block 0 [ 137.414597][ T6621] loop6: unable to read partition table [ 137.437277][ T6607] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 137.447892][ T6607] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 137.461801][ T6621] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 137.530985][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.541363][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 137.737147][ T6625] loop6: detected capacity change from 0 to 2640 [ 137.758093][ T6625] ldm_validate_partition_table(): Disk read failed. [ 137.770532][ T6625] Dev loop6: unable to read RDB block 0 [ 137.774101][ T6625] loop6: unable to read partition table [ 137.825143][ T6630] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0xc800 phys_seg 128 prio class 2 [ 137.839829][ T6630] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0xc800 phys_seg 128 prio class 2 [ 137.866514][ T6625] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 139.065335][ T3969] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 139.289577][ T3969] usb 7-1: Using ep0 maxpacket: 8 [ 139.296957][ T3969] usb 7-1: config index 0 descriptor too short (expected 74, got 45) [ 139.300889][ T3969] usb 7-1: config 16 has an invalid descriptor of length 102, skipping remainder of the config [ 139.308180][ T3969] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 139.316424][ T3969] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 139.316443][ T3969] usb 7-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 139.316467][ T3969] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 139.316484][ T3969] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.339118][ T3969] usbtmc 7-1:16.0: bulk endpoints not found [ 139.539199][ T3969] usb 5-1: USB disconnect, device number 6 [ 140.039917][ T40] audit: type=1326 audit(1778869070.669:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6659 comm="syz.0.219" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 140.109990][ T40] audit: type=1326 audit(1778869070.669:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6659 comm="syz.0.219" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 140.319377][ T6667] can0: slcan on ttynull. [ 141.113324][ T6657] can0 (unregistered): slcan off ttynull. [ 141.857858][ T5910] usb 7-1: USB disconnect, device number 2 [ 141.984918][ T6692] netlink: 4 bytes leftover after parsing attributes in process `syz.2.223'. [ 142.898124][ T6701] can0: slcan on ttynull. [ 144.080757][ T6697] can0 (unregistered): slcan off ttynull. [ 144.540859][ T6726] can0: slcan on ttynull. [ 145.489721][ T6718] can0 (unregistered): slcan off ttynull. [ 146.065326][ T6750] FAULT_INJECTION: forcing a failure. [ 146.065326][ T6750] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 146.078293][ T6750] CPU: 2 UID: 0 PID: 6750 Comm: syz.2.238 Not tainted syzkaller #0 PREEMPT(full) [ 146.078322][ T6750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 146.078350][ T6750] Call Trace: [ 146.078357][ T6750] [ 146.078364][ T6750] dump_stack_lvl+0x100/0x190 [ 146.078402][ T6750] should_fail_ex.cold+0x5/0xa [ 146.078425][ T6750] _copy_to_user+0x32/0xd0 [ 146.078447][ T6750] simple_read_from_buffer+0xcb/0x170 [ 146.078470][ T6750] proc_fail_nth_read+0x1af/0x230 [ 146.078496][ T6750] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 146.078522][ T6750] ? rw_verify_area+0xce/0x6d0 [ 146.078539][ T6750] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 146.078563][ T6750] vfs_read+0x1e4/0xb30 [ 146.078584][ T6750] ? __pfx_vfs_read+0x10/0x10 [ 146.078600][ T6750] ? find_held_lock+0x2b/0x80 [ 146.078644][ T6750] ? __fget_files+0x215/0x3d0 [ 146.078667][ T6750] ? __fget_files+0x21f/0x3d0 [ 146.078691][ T6750] ksys_read+0x12a/0x250 [ 146.078708][ T6750] ? __pfx_ksys_read+0x10/0x10 [ 146.078726][ T6750] ? rcu_is_watching+0x12/0xc0 [ 146.078745][ T6750] ? rcu_is_watching+0x12/0xc0 [ 146.078766][ T6750] do_int80_emulation+0x141/0x700 [ 146.078797][ T6750] asm_int80_emulation+0x1a/0x20 [ 146.078813][ T6750] RIP: 0023:0xf71261ab [ 146.078826][ T6750] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53 [ 146.078840][ T6750] RSP: 002b:00000000f53dd4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 146.078856][ T6750] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f53dd5d0 [ 146.078865][ T6750] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000 [ 146.078873][ T6750] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 146.078882][ T6750] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 146.078890][ T6750] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 146.078911][ T6750] [ 146.512450][ T6739] infiniband syz1: set active [ 146.518342][ T6739] infiniband syz1: added bond0 [ 146.587214][ T6739] smbdirect: ib_dev[syz1]: added: IB_CA max_fast_reg_page_list_len=512 device_cap_flags=0x1c001223c76 kernel_cap_flags=0x14 page_size_cap=0xfffff000 [ 146.610274][ T6739] smbdirect: ib_dev[syz1]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=32 max_cqe=32767 max_qp_wr=1048576 max_send_sge=32 max_recv_sge=32 [ 146.633333][ T6739] smbdirect: ib_dev[syz1]PORT[1]: iwarp=0 ib=0 roce=1 v1=0 v2=1 core_cap_flags=0x803005 [ 146.696773][ T6739] RDS/IB: syz1: added [ 146.701356][ T6739] smc: adding ib device syz1 with port count 1 [ 146.705873][ T6739] smc: ib device syz1 port 1 has no pnetid [ 148.171064][ T6781] xt_TCPMSS: Only works on TCP SYN packets [ 148.225893][ T6783] openvswitch: netlink: IP tunnel TTL not specified. [ 148.709777][ T6787] can0: slcan on ttynull. [ 148.738735][ T6791] block nbd1: Device being setup by another task [ 148.746025][ T6788] block nbd1: shutting down sockets [ 149.808611][ T6785] can0 (unregistered): slcan off ttynull. [ 150.208100][ T6815] process 'syz.1.256' launched './file2' with NULL argv: empty string added [ 150.321388][ T6815] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 150.393947][ T6821] can0: slcan on ttynull. [ 150.868947][ T5829] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 151.059292][ T5829] usb 5-1: Using ep0 maxpacket: 32 [ 151.129397][ T5829] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 151.251215][ T5829] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 151.262158][ T5829] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 151.304316][ T5829] usb 5-1: Product: syz [ 151.308131][ T5829] usb 5-1: Manufacturer: syz [ 151.311977][ T5829] usb 5-1: SerialNumber: syz [ 151.331614][ T5829] usb 5-1: config 0 descriptor?? [ 151.343417][ T6826] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 151.373479][ T5829] hub 5-1:0.0: bad descriptor, ignoring hub [ 151.408447][ T6811] can0 (unregistered): slcan off ttynull. [ 151.412374][ T5829] hub 5-1:0.0: probe with driver hub failed with error -5 [ 151.640783][ T6838] netlink: 'syz.2.259': attribute type 1 has an invalid length. [ 151.701442][ T5829] usb 5-1: USB disconnect, device number 7 [ 151.706917][ T6838] netlink: 224 bytes leftover after parsing attributes in process `syz.2.259'. [ 151.954743][ T6849] can0: slcan on ttynull. [ 153.424366][ T6872] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.264'. [ 153.571955][ T6872] veth0_to_bond: default FDB implementation only supports local addresses [ 153.991031][ T40] audit: type=1326 audit(1778869084.599:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6881 comm="syz.2.268" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf6feefcc code=0x0 [ 154.143990][ T6887] openvswitch: netlink: EtherType 558 is less than min 600 [ 154.838827][ T5849] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 154.864136][ T5848] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 155.070496][ T5849] usb 6-1: Using ep0 maxpacket: 32 [ 155.093974][ T5849] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 155.101669][ T5849] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 155.137385][ T5848] usb 5-1: Using ep0 maxpacket: 8 [ 155.152961][ T6868] can0 (unregistered): slcan off ttynull. [ 155.226290][ T5848] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 155.230119][ T5848] usb 5-1: config 0 has no interface number 0 [ 155.247143][ T5849] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 155.266686][ T5848] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 155.273226][ T5849] usb 6-1: Product: syz [ 155.275889][ T5848] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 155.284103][ T5849] usb 6-1: Manufacturer: syz [ 155.289131][ T5849] usb 6-1: SerialNumber: syz [ 155.332195][ T5848] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 155.372209][ T5849] usb 6-1: config 0 descriptor?? [ 155.378404][ T6894] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 155.392677][ T5849] hub 6-1:0.0: bad descriptor, ignoring hub [ 155.405277][ T5849] hub 6-1:0.0: probe with driver hub failed with error -5 [ 155.414722][ T5848] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 155.480508][ T5848] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 155.527814][ T5848] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.550038][ T5848] usb 5-1: config 0 descriptor?? [ 155.562402][ T5848] ldusb 5-1:0.55: LD USB Device #1 now attached to major 180 minor 1 [ 155.719045][ T5858] usb 6-1: USB disconnect, device number 5 [ 155.846747][ T6908] can0: slcan on ttynull. [ 156.417065][ T5743] usb 5-1: USB disconnect, device number 8 [ 158.570978][ T5743] ldusb 5-1:0.55: LD USB Device #1 now disconnected [ 159.782558][ T6915] can0 (unregistered): slcan off ttynull. [ 160.300354][ T6941] openvswitch: netlink: Missing valid actions attribute. [ 160.326742][ T6941] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 160.429911][ T6922] can0: slcan on ttynull. [ 160.965139][ T5822] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 161.067948][ T6921] can0 (unregistered): slcan off ttynull. [ 161.151343][ T5822] usb 6-1: Using ep0 maxpacket: 32 [ 161.156206][ T5822] usb 6-1: config 1 interface 0 altsetting 128 endpoint 0x82 has invalid wMaxPacketSize 0 [ 161.261820][ T5822] usb 6-1: config 1 interface 0 altsetting 128 bulk endpoint 0x82 has invalid maxpacket 0 [ 161.306325][ T5822] usb 6-1: config 1 interface 0 altsetting 128 bulk endpoint 0x3 has invalid maxpacket 64 [ 161.310516][ T5822] usb 6-1: config 1 interface 0 altsetting 128 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 161.357489][ T5822] usb 6-1: config 1 interface 0 has no altsetting 0 [ 161.390060][ T5822] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 161.395131][ T5822] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.405970][ T5822] usb 6-1: Product: syz [ 161.412111][ T5822] usb 6-1: Manufacturer: syz [ 161.423720][ T5822] usb 6-1: SerialNumber: syz [ 161.432274][ T6948] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 162.466431][ T6977] netlink: 4 bytes leftover after parsing attributes in process `syz.0.285'. [ 164.107251][ T5822] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -22 [ 164.130178][ T5822] usb 6-1: USB disconnect, device number 6 [ 164.820554][ T7007] lo speed is unknown, defaulting to 1000 [ 164.841749][ T7007] lo speed is unknown, defaulting to 1000 [ 164.884546][ T7007] lo speed is unknown, defaulting to 1000 [ 164.963762][ T7007] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 165.081669][ T7007] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 165.213451][ T7007] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 165.244333][ T7007] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 165.415424][ T7007] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 165.501903][ T7017] capability: warning: `syz.3.301' uses deprecated v2 capabilities in a way that may be insecure [ 165.801545][ T7007] lo speed is unknown, defaulting to 1000 [ 165.869664][ T7007] lo speed is unknown, defaulting to 1000 [ 165.912167][ T7007] lo speed is unknown, defaulting to 1000 [ 165.933654][ T7007] lo speed is unknown, defaulting to 1000 [ 165.954601][ T7003] smc: removing ib device syz1 [ 165.960104][ T7020] FAULT_INJECTION: forcing a failure. [ 165.960104][ T7020] name failslab, interval 1, probability 0, space 0, times 1 [ 166.010332][ T7020] CPU: 0 UID: 0 PID: 7020 Comm: syz.3.302 Not tainted syzkaller #0 PREEMPT(full) [ 166.010361][ T7020] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 166.010372][ T7020] Call Trace: [ 166.010379][ T7020] [ 166.010387][ T7020] dump_stack_lvl+0x100/0x190 [ 166.010416][ T7020] should_fail_ex.cold+0x5/0xa [ 166.010441][ T7020] ? tomoyo_realpath_from_path+0xb6/0x690 [ 166.010468][ T7020] should_failslab+0xc2/0x120 [ 166.010491][ T7020] __kmalloc_noprof+0xe0/0x850 [ 166.010509][ T7020] ? kfree+0x1dd/0x6c0 [ 166.010539][ T7020] tomoyo_realpath_from_path+0xb6/0x690 [ 166.010570][ T7020] tomoyo_path_number_perm+0x23c/0x580 [ 166.010589][ T7020] ? tomoyo_path_number_perm+0x22e/0x580 [ 166.010612][ T7020] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 166.010633][ T7020] ? get_pid_task+0x106/0x250 [ 166.010692][ T7020] ? find_held_lock+0x2b/0x80 [ 166.010716][ T7020] ? __fget_files+0x215/0x3d0 [ 166.010737][ T7020] ? hook_file_ioctl_common+0x149/0x410 [ 166.010756][ T7020] ? __fget_files+0x215/0x3d0 [ 166.010782][ T7020] ? __fget_files+0x21f/0x3d0 [ 166.010808][ T7020] security_file_ioctl_compat+0xd3/0x230 [ 166.010832][ T7020] __ia32_compat_sys_ioctl+0xc2/0x360 [ 166.010855][ T7020] __do_fast_syscall_32+0xe7/0x950 [ 166.010884][ T7020] ? lockdep_hardirqs_on+0x78/0x100 [ 166.010913][ T7020] do_fast_syscall_32+0x32/0x70 [ 166.010931][ T7020] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 166.010955][ T7020] RIP: 0023:0xf700efcc [ 166.010970][ T7020] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 166.010986][ T7020] RSP: 002b:00000000f53fd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 166.011006][ T7020] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004b41 [ 166.011017][ T7020] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 166.011027][ T7020] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 166.011038][ T7020] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 166.011048][ T7020] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 166.011090][ T7020] [ 166.011134][ T7020] ERROR: Out of memory at tomoyo_realpath_from_path. [ 166.203565][ T7003] smbdirect: ib_dev[syz1] removed [ 166.269313][ T7024] netlink: 8 bytes leftover after parsing attributes in process `syz.2.304'. [ 168.460424][ T7040] smbdirect: ib_dev[syz0]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 168.484717][ T7040] smbdirect: ib_dev[syz0]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 168.497101][ T7040] smbdirect: ib_dev[syz0]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 168.522747][ T7040] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 169.710704][ T7043] EXT4-fs (sr0): VFS: Can't find ext4 filesystem [ 172.228821][ T5822] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 172.408793][ T5822] usb 8-1: Using ep0 maxpacket: 32 [ 172.497129][ T5822] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 172.503660][ T5822] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 172.599248][ T5822] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 172.656323][ T5822] usb 8-1: Product: syz [ 172.661224][ T5822] usb 8-1: Manufacturer: syz [ 172.663763][ T5822] usb 8-1: SerialNumber: syz [ 172.774298][ T5822] usb 8-1: config 0 descriptor?? [ 172.837650][ T7063] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 172.842754][ T5822] hub 8-1:0.0: bad descriptor, ignoring hub [ 172.846013][ T5822] hub 8-1:0.0: probe with driver hub failed with error -5 [ 172.966757][ T7071] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.322' sets config #1 [ 172.984582][ T7071] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 173.187496][ T7078] sd 0:0:0:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x24 ascq=0x0 [ 173.271014][ T58] usb 8-1: USB disconnect, device number 6 [ 173.943754][ T7084] netlink: 28 bytes leftover after parsing attributes in process `syz.0.326'. [ 174.903791][ T7104] syzkaller0: entered promiscuous mode [ 174.911175][ T7104] syzkaller0: entered allmulticast mode [ 175.697901][ T7112] FAULT_INJECTION: forcing a failure. [ 175.697901][ T7112] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 175.712867][ T7112] CPU: 1 UID: 0 PID: 7112 Comm: syz.3.335 Not tainted syzkaller #0 PREEMPT(full) [ 175.712893][ T7112] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 175.712902][ T7112] Call Trace: [ 175.713020][ T7112] [ 175.713027][ T7112] dump_stack_lvl+0x100/0x190 [ 175.713060][ T7112] should_fail_ex.cold+0x5/0xa [ 175.713083][ T7112] _copy_from_user+0x2e/0xd0 [ 175.713101][ T7112] do_fb_ioctl+0x1a9/0x7e0 [ 175.713126][ T7112] ? __pfx_do_fb_ioctl+0x10/0x10 [ 175.713152][ T7112] ? find_held_lock+0x2b/0x80 [ 175.713174][ T7112] ? tomoyo_path_number_perm+0x28f/0x580 [ 175.713204][ T7112] ? get_pid_task+0x106/0x250 [ 175.713238][ T7112] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 175.713261][ T7112] fb_compat_ioctl+0x4f5/0x680 [ 175.713283][ T7112] ? __pfx_fb_compat_ioctl+0x10/0x10 [ 175.713304][ T7112] ? hook_file_ioctl_common+0x149/0x410 [ 175.713327][ T7112] ? __fget_files+0x21f/0x3d0 [ 175.713351][ T7112] ? __pfx_fb_compat_ioctl+0x10/0x10 [ 175.713374][ T7112] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 175.713394][ T7112] __do_fast_syscall_32+0xe7/0x950 [ 175.713420][ T7112] ? lockdep_hardirqs_on+0x78/0x100 [ 175.713445][ T7112] do_fast_syscall_32+0x32/0x70 [ 175.713460][ T7112] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 175.713481][ T7112] RIP: 0023:0xf700efcc [ 175.713495][ T7112] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 175.713510][ T7112] RSP: 002b:00000000f53fd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 175.713527][ T7112] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004601 [ 175.713537][ T7112] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 175.713547][ T7112] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 175.713555][ T7112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 175.713565][ T7112] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 175.713585][ T7112] [ 176.453712][ T40] audit: type=1326 audit(1778869107.106:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7120 comm="syz.1.338" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f83fcc code=0x7ffc0000 [ 176.498742][ T40] audit: type=1326 audit(1778869107.106:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7120 comm="syz.1.338" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f83fcc code=0x7ffc0000 [ 176.553258][ T7113] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.564673][ T7113] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.870046][ T7113] bridge_slave_0: left allmulticast mode [ 176.872406][ T7113] bridge_slave_0: left promiscuous mode [ 176.883188][ T7113] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.903589][ T7113] bridge_slave_1: left allmulticast mode [ 176.907518][ T7113] bridge_slave_1: left promiscuous mode [ 176.910637][ T7113] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.065352][ T7113] bond0: (slave bond_slave_0): Releasing backup interface [ 177.279635][ T7113] bond0: (slave bond_slave_1): Releasing backup interface [ 177.370752][ T7113] team0: Port device team_slave_0 removed [ 177.402598][ T7113] team0: Port device team_slave_1 removed [ 177.408375][ T7113] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 177.443432][ T7113] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 177.485516][ T7113] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 177.492818][ T7113] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 177.515398][ T7113] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 177.532161][ T58] lo speed is unknown, defaulting to 1000 [ 177.562043][ T58] syz2: Port: 1 Link DOWN [ 177.563517][ T7137] syzkaller0: entered promiscuous mode [ 177.584170][ T7137] syzkaller0: entered allmulticast mode [ 178.038765][ T7163] netlink: 136 bytes leftover after parsing attributes in process `syz.0.349'. [ 178.043948][ T7163] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 178.360226][ T7173] netlink: 'syz.0.353': attribute type 1 has an invalid length. [ 178.692274][ T7173] 8021q: adding VLAN 0 to HW filter on device bond2 [ 178.931589][ T7190] netlink: 16 bytes leftover after parsing attributes in process `syz.2.357'. [ 179.046684][ T7195] netlink: 4 bytes leftover after parsing attributes in process `syz.0.359'. [ 179.056559][ T7195] hsr_slave_0: left promiscuous mode [ 179.061363][ T7195] hsr_slave_1: left promiscuous mode [ 179.220714][ T5843] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 179.428730][ T5843] usb 7-1: Using ep0 maxpacket: 8 [ 179.435113][ T5843] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 179.440822][ T5843] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 179.447718][ T5843] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 60960, setting to 1024 [ 179.466059][ T5843] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 179.476560][ T5843] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 179.517250][ T5843] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 179.548766][ T5843] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.782442][ T5843] usb 7-1: GET_CAPABILITIES returned 0 [ 179.785000][ T5843] usbtmc 7-1:16.0: can't read capabilities [ 179.913460][ T7215] netlink: 4 bytes leftover after parsing attributes in process `syz.3.367'. [ 180.012614][ T5845] usb 7-1: USB disconnect, device number 3 [ 180.449630][ T5744] Bluetooth: hci0: command 0x0406 tx timeout [ 180.452276][ T5744] Bluetooth: hci3: command 0x0406 tx timeout [ 180.454746][ T5744] Bluetooth: hci1: command 0x0406 tx timeout [ 181.087262][ T7228] lo speed is unknown, defaulting to 1000 [ 181.341714][ T7243] netlink: 72 bytes leftover after parsing attributes in process `syz.2.377'. [ 181.530880][ T7246] netlink: 4 bytes leftover after parsing attributes in process `syz.3.378'. [ 183.272810][ T7265] netlink: 'syz.1.385': attribute type 39 has an invalid length. [ 183.414237][ T7259] netlink: 'syz.3.382': attribute type 4 has an invalid length. [ 183.433206][ T7267] netlink: 'syz.3.382': attribute type 4 has an invalid length. [ 183.511453][ T7269] netlink: 816 bytes leftover after parsing attributes in process `syz.1.385'. [ 184.220296][ T7272] netlink: 4 bytes leftover after parsing attributes in process `syz.3.386'. [ 187.361150][ T7290] syzkaller0: entered promiscuous mode [ 187.364793][ T7290] syzkaller0: entered allmulticast mode [ 187.723421][ T7300] netlink: 4 bytes leftover after parsing attributes in process `syz.3.395'. [ 188.149824][ T7311] netlink: 72 bytes leftover after parsing attributes in process `syz.1.400'. [ 188.444347][ T7318] tipc: Started in network mode [ 188.490537][ T7318] tipc: Node identity 2007ff, cluster identity 4711 [ 188.492936][ T7318] tipc: Node number set to 2099199 [ 188.686000][ T7325] syzkaller0: entered promiscuous mode [ 188.688162][ T7325] syzkaller0: entered allmulticast mode [ 188.896887][ T7329] overlayfs: missing 'lowerdir' [ 189.083106][ T7332] netlink: 224 bytes leftover after parsing attributes in process `syz.3.407'. [ 189.087134][ T7332] netlink: 8 bytes leftover after parsing attributes in process `syz.3.407'. [ 190.699202][ T7344] syzkaller1: entered promiscuous mode [ 190.707549][ T7344] syzkaller1: entered allmulticast mode [ 191.566208][ T7355] syzkaller0: entered promiscuous mode [ 191.574421][ T7355] syzkaller0: entered allmulticast mode [ 191.980968][ T7360] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 192.015467][ T7360] IPv6: NLM_F_CREATE should be set when creating new route [ 192.246017][ T7359] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.432892][ T7359] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.640213][ T7359] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.891210][ T7359] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.145178][ T1158] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.195770][ T1158] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.212700][ T13] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.264301][ T1158] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.507834][ T7377] program syz.3.423 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 195.380090][ T40] audit: type=1326 audit(1778869126.361:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7388 comm="syz.2.429" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feefcc code=0x7ffc0000 [ 195.440239][ T40] audit: type=1326 audit(1778869126.361:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7388 comm="syz.2.429" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feefcc code=0x7ffc0000 [ 198.576979][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 198.579634][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.380629][ T7404] Driver unsupported XDP return value 0 on prog (id 28) dev N/A, expect packet loss! [ 199.493320][ T7406] netlink: 'syz.3.432': attribute type 1 has an invalid length. [ 199.513341][ T7407] netlink: 'syz.3.432': attribute type 1 has an invalid length. [ 199.548214][ T7398] netlink: 4 bytes leftover after parsing attributes in process `syz.2.431'. [ 199.585190][ T7406] 8021q: adding VLAN 0 to HW filter on device bond1 [ 200.493472][ T7427] netlink: 8 bytes leftover after parsing attributes in process `syz.1.438'. [ 201.069925][ T7436] syzkaller0: entered promiscuous mode [ 201.074259][ T7436] syzkaller0: entered allmulticast mode [ 201.491369][ T7438] /dev/sr0: Can't open blockdev [ 201.559866][ T7442] syzkaller0: entered promiscuous mode [ 201.597886][ T7442] syzkaller0: entered allmulticast mode [ 202.051966][ T7447] can0: slcan on ttynull. [ 202.079876][ T7452] netlink: 8 bytes leftover after parsing attributes in process `syz.3.446'. [ 202.379674][ T7449] lo speed is unknown, defaulting to 1000 [ 202.443741][ T7463] xfs: Unknown parameter 'norecovery9UKG$ gVti9 ' [ 202.683915][ T7467] netlink: 4 bytes leftover after parsing attributes in process `syz.2.450'. [ 202.864427][ T7467] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 202.925995][ T7467] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 203.033317][ T7443] can0 (unregistered): slcan off ttynull. [ 203.566446][ T7476] syzkaller0: entered promiscuous mode [ 203.585540][ T7476] syzkaller0: entered allmulticast mode [ 204.956729][ T7509] bridge_slave_0: left allmulticast mode [ 204.981268][ T7509] bridge_slave_0: left promiscuous mode [ 204.988881][ T7509] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.046558][ T7509] bridge_slave_1: left allmulticast mode [ 205.051342][ T7509] bridge_slave_1: left promiscuous mode [ 205.055562][ T7509] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.131247][ T7521] 9p: Bad value for 'rfdno' [ 205.244939][ T7509] bond0: (slave bond_slave_0): Releasing backup interface [ 205.297741][ T7509] bond0: (slave bond_slave_1): Releasing backup interface [ 205.345620][ T7509] team0: Port device team_slave_0 removed [ 205.401855][ T7509] team0: Port device team_slave_1 removed [ 205.409752][ T7509] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 205.415923][ T7509] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 205.427989][ T7509] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 205.434213][ T7509] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 205.440545][ T7509] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 205.773088][ T7531] syzkaller0: entered promiscuous mode [ 205.777345][ T7531] syzkaller0: entered allmulticast mode [ 206.442658][ T5822] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 206.585353][ T5822] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 206.596472][ T5822] usb 5-1: config 0 has no interfaces? [ 206.624558][ T5822] usb 5-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 206.628348][ T5822] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.643939][ T5822] usb 5-1: Product: syz [ 206.659715][ T7550] bridge_slave_0: left allmulticast mode [ 206.665300][ T5822] usb 5-1: Manufacturer: syz [ 206.673147][ T7550] bridge_slave_0: left promiscuous mode [ 206.689638][ T5822] usb 5-1: SerialNumber: syz [ 206.713636][ T5822] usb 5-1: config 0 descriptor?? [ 206.717028][ T7550] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.814922][ T7550] bridge_slave_1: left allmulticast mode [ 206.834414][ T7550] bridge_slave_1: left promiscuous mode [ 206.850873][ T7550] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.957384][ T7550] bond0: (slave bond_slave_0): Releasing backup interface [ 206.973604][ T7550] bond0: (slave bond_slave_1): Releasing backup interface [ 207.007355][ T7550] team0: Port device team_slave_0 removed [ 207.017226][ T7550] team0: Port device team_slave_1 removed [ 207.022976][ T7550] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 207.028557][ T7550] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 207.039128][ T7550] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 207.602484][ T7570] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 207.697401][ T7562] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 207.741942][ T7573] netlink: 8 bytes leftover after parsing attributes in process `syz.3.480'. [ 207.745990][ T7573] netlink: 8 bytes leftover after parsing attributes in process `syz.3.480'. [ 207.791792][ T7567] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 208.835633][ T7596] netlink: 4 bytes leftover after parsing attributes in process `syz.2.489'. [ 209.132907][ T40] audit: type=1800 audit(1778869140.160:18): pid=7586 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.485" name="/" dev="fuse" ino=4 res=0 errno=0 [ 209.329781][ T5822] usb 5-1: USB disconnect, device number 9 [ 209.413327][ T7605] loop7: detected capacity change from 0 to 7 [ 209.716283][ T7609] netlink: 20 bytes leftover after parsing attributes in process `syz.0.492'. [ 209.883148][ T7605] Dev loop7: unable to read RDB block 7 [ 209.886222][ T7605] loop7: unable to read partition table [ 209.894126][ T7605] loop7: partition table beyond EOD, truncated [ 209.902109][ C3] blk_print_req_error: 6 callbacks suppressed [ 209.902131][ C3] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 209.952625][ C3] buffer_io_error: 43 callbacks suppressed [ 209.952643][ C3] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 209.954499][ T7605] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 209.966632][ C3] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 209.966686][ C3] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 210.197430][ T7599] trusted_key: encrypted_key: keylen parameter is missing [ 210.282085][ T5148] Dev loop7: unable to read RDB block 7 [ 210.292423][ T5148] loop7: unable to read partition table [ 210.294834][ T5148] loop7: partition table beyond EOD, truncated [ 211.155418][ T58] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 211.249523][ T7630] netlink: 4 bytes leftover after parsing attributes in process `syz.0.498'. [ 211.329202][ T58] usb 8-1: Using ep0 maxpacket: 8 [ 211.336851][ T58] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 211.356822][ T58] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 211.358160][ T7599] trusted_key: encrypted_key: master key parameter 'defaul0000096' is invalid [ 211.370167][ T7614] x_tables: duplicate underflow at hook 1 [ 211.380477][ T58] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 211.397373][ T58] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 211.418808][ T58] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 211.429088][ T58] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.527811][ T7633] syzkaller0: entered promiscuous mode [ 211.530618][ T7633] syzkaller0: entered allmulticast mode [ 211.665651][ T58] usb 8-1: GET_CAPABILITIES returned 0 [ 211.668875][ T58] usbtmc 8-1:16.0: can't read capabilities [ 211.993260][ T7626] sock: sock_timestamping_bind_phc: sock not bind to device [ 211.999319][ T5858] usb 8-1: USB disconnect, device number 7 [ 212.104641][ T7633] syz.0.499 (7633) used greatest stack depth: 18520 bytes left [ 212.703536][ T7638] lo speed is unknown, defaulting to 1000 [ 214.545542][ T7645] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 214.549804][ T7645] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 214.553928][ T7645] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 216.484044][ T7667] netlink: 4 bytes leftover after parsing attributes in process `syz.3.507'. [ 217.456729][ T40] audit: type=1326 audit(1778869148.543:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7692 comm="syz.1.515" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f83fcc code=0x0 [ 217.529099][ T7695] netlink: 44 bytes leftover after parsing attributes in process `syz.3.516'. [ 217.613877][ T7702] netlink: 4 bytes leftover after parsing attributes in process `syz.2.517'. [ 217.760587][ T7707] netlink: 830 bytes leftover after parsing attributes in process `syz.3.520'. [ 217.795748][ T5910] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 217.946508][ T7709] syzkaller0: entered promiscuous mode [ 217.960669][ T7709] syzkaller0: entered allmulticast mode [ 217.977463][ T5910] usb 6-1: Using ep0 maxpacket: 32 [ 217.982757][ T5910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 217.990481][ T5910] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00 [ 218.023553][ T5910] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.066975][ T5910] usb 6-1: config 0 descriptor?? [ 218.162803][ T7718] qrtr: Invalid version 0 [ 218.923079][ T7740] can0: slcan on ttynull. [ 220.246539][ T7729] can0 (unregistered): slcan off ttynull. [ 220.268861][ T7749] netlink: 8 bytes leftover after parsing attributes in process `syz.0.532'. [ 220.508536][ T7750] ceph: No mds server is up or the cluster is laggy [ 220.542071][ T5910] usbhid 6-1:0.0: can't add hid device: -71 [ 220.556405][ T5910] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 220.581132][ T5910] usb 6-1: USB disconnect, device number 7 [ 220.692834][ T7759] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined [ 221.789820][ T7755] syz.2.533 (7755): drop_caches: 2 [ 221.956346][ T7778] ubi16: attaching mtd0 [ 221.965244][ T7778] ubi16: scanning is finished [ 221.977102][ T7778] ubi16: empty MTD device detected [ 222.071261][ T7782] faux_driver vgem: [drm] Unknown color mode 2054; guessing buffer size. [ 226.112634][ T7813] FAULT_INJECTION: forcing a failure. [ 226.112634][ T7813] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 226.120577][ T7813] CPU: 3 UID: 0 PID: 7813 Comm: syz.0.542 Not tainted syzkaller #0 PREEMPT(full) [ 226.120603][ T7813] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 226.120612][ T7813] Call Trace: [ 226.120618][ T7813] [ 226.120624][ T7813] dump_stack_lvl+0x100/0x190 [ 226.120650][ T7813] should_fail_ex.cold+0x5/0xa [ 226.120672][ T7813] _copy_to_user+0x32/0xd0 [ 226.120691][ T7813] simple_read_from_buffer+0xcb/0x170 [ 226.120712][ T7813] proc_fail_nth_read+0x1af/0x230 [ 226.120740][ T7813] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 226.120769][ T7813] ? rw_verify_area+0xce/0x6d0 [ 226.120793][ T7813] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 226.120838][ T7813] vfs_read+0x1e4/0xb30 [ 226.120860][ T7813] ? __pfx_vfs_read+0x10/0x10 [ 226.120877][ T7813] ? find_held_lock+0x2b/0x80 [ 226.120898][ T7813] ? __fget_files+0x215/0x3d0 [ 226.120921][ T7813] ? __fget_files+0x21f/0x3d0 [ 226.120945][ T7813] ksys_read+0x12a/0x250 [ 226.120963][ T7813] ? __pfx_ksys_read+0x10/0x10 [ 226.120981][ T7813] ? rcu_is_watching+0x12/0xc0 [ 226.121001][ T7813] ? rcu_is_watching+0x12/0xc0 [ 226.121023][ T7813] do_int80_emulation+0x141/0x700 [ 226.121052][ T7813] asm_int80_emulation+0x1a/0x20 [ 226.121070][ T7813] RIP: 0023:0xf71161ab [ 226.121083][ T7813] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53 [ 226.121098][ T7813] RSP: 002b:00000000f53cd4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 226.121116][ T7813] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f53cd5d0 [ 226.121127][ T7813] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000 [ 226.121136][ T7813] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 226.121145][ T7813] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 226.121154][ T7813] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 226.121175][ T7813] [ 226.121963][ T7815] fuse: Bad value for 'fd' [ 231.052553][ T5849] hid-generic 0004:709D2D:25DFDBFB.0003: reserved main item tag 0xe [ 231.107478][ T5849] hid-generic 0004:709D2D:25DFDBFB.0003: hidraw1: HID v0.00 Device [syz0] on syz0 [ 231.262088][ T7870] fido_id[7870]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 231.319631][ C0] ================================================================== [ 231.326627][ C0] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0x3a/0x60 [ 231.338938][ C0] Read of size 1 at addr ffff8880291cb818 by task kworker/u32:12/7849 [ 231.346609][ C0] [ 231.348213][ C0] CPU: 0 UID: 0 PID: 7849 Comm: kworker/u32:12 Not tainted syzkaller #0 PREEMPT(full) [ 231.348234][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 231.348273][ C0] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet [ 231.348309][ C0] Call Trace: [ 231.348317][ C0] [ 231.348326][ C0] dump_stack_lvl+0x100/0x190 [ 231.348349][ C0] print_report+0x13d/0x4b0 [ 231.348375][ C0] ? __virt_addr_valid+0x239/0x430 [ 231.348402][ C0] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 231.348423][ C0] kasan_report+0xdf/0x1d0 [ 231.348443][ C0] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 231.348465][ C0] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 231.348486][ C0] __kasan_check_byte+0x36/0x50 [ 231.348504][ C0] lock_acquire+0x12a/0x370 [ 231.348520][ C0] ? do_raw_spin_unlock+0x53/0x1e0 [ 231.348538][ C0] ? .slowpath+0x9/0x18 [ 231.348561][ C0] _raw_spin_lock_irqsave+0x3a/0x60 [ 231.348582][ C0] ? p9_req_put+0xaf/0x250 [ 231.348597][ C0] p9_req_put+0xaf/0x250 [ 231.348611][ C0] req_done+0x1dc/0x2e0 [ 231.348634][ C0] ? __pfx_req_done+0x10/0x10 [ 231.348658][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 231.348681][ C0] ? sched_clock_cpu+0x6c/0x570 [ 231.348697][ C0] ? __pfx_req_done+0x10/0x10 [ 231.348717][ C0] vring_interrupt+0x2ef/0x650 [ 231.348741][ C0] ? __pfx_vring_interrupt+0x10/0x10 [ 231.348762][ C0] __handle_irq_event_percpu+0x235/0x8c0 [ 231.348787][ C0] handle_irq_event+0xab/0x1e0 [ 231.348808][ C0] handle_edge_irq+0x35e/0x960 [ 231.348830][ C0] __common_interrupt+0xd8/0x2f0 [ 231.348847][ C0] common_interrupt+0xb9/0xe0 [ 231.348865][ C0] [ 231.348871][ C0] [ 231.348877][ C0] asm_common_interrupt+0x26/0x40 [ 231.348894][ C0] RIP: 0010:unwind_next_frame+0x10/0x2090 [ 231.348916][ C0] Code: 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 b8 00 00 00 00 00 fc ff df 41 57 <48> 89 fa 41 56 48 c1 ea 03 41 55 49 89 fd 41 54 55 53 48 83 ec 38 [ 231.348931][ C0] RSP: 0018:ffffc90003f7f610 EFLAGS: 00000202 [ 231.348944][ C0] RAX: dffffc0000000000 RBX: ffffc90003f7f700 RCX: ffffc90003f7f708 [ 231.348955][ C0] RDX: ffffc90003f80000 RSI: ffff888040ea4a00 RDI: ffffc90003f7f670 [ 231.348966][ C0] RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000 [ 231.348976][ C0] R10: ffffc90003f7f670 R11: 0000000000000000 R12: fffff520007efed0 [ 231.348986][ C0] R13: fffff520007efecf R14: ffffc90003f7f670 R15: ffffc90003f7f678 [ 231.349003][ C0] __unwind_start+0x3d1/0x7f0 [ 231.349024][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 231.349046][ C0] arch_stack_walk+0x73/0xf0 [ 231.349068][ C0] ? __unwind_start+0x2fb/0x7f0 [ 231.349089][ C0] stack_trace_save+0x8e/0xc0 [ 231.349110][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 231.349130][ C0] ? kasan_save_stack+0x3f/0x50 [ 231.349145][ C0] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 231.349169][ C0] ? __netdev_alloc_skb+0x252/0x960 [ 231.349187][ C0] ? batadv_iv_ogm_aggregate_new+0x106/0x4c0 [ 231.349207][ C0] ? batadv_iv_ogm_schedule_buff+0xee0/0x1520 [ 231.349228][ C0] ? batadv_iv_send_outstanding_bat_ogm_packet+0x6dd/0x860 [ 231.349250][ C0] ? process_one_work+0xa0e/0x1980 [ 231.349265][ C0] ? worker_thread+0x5ef/0xe50 [ 231.349280][ C0] ? kthread+0x370/0x450 [ 231.349294][ C0] kasan_save_stack+0x30/0x50 [ 231.349326][ C0] kasan_save_track+0x14/0x30 [ 231.349341][ C0] __kasan_kmalloc+0xaa/0xb0 [ 231.349356][ C0] batadv_forw_packet_alloc+0x3a9/0x4d0 [ 231.349383][ C0] batadv_iv_ogm_aggregate_new+0x135/0x4c0 [ 231.349406][ C0] batadv_iv_ogm_schedule_buff+0xee0/0x1520 [ 231.349431][ C0] ? __pfx_batadv_iv_ogm_schedule_buff+0x10/0x10 [ 231.349455][ C0] ? batadv_send_skb_packet+0x574/0x6e0 [ 231.349478][ C0] batadv_iv_send_outstanding_bat_ogm_packet+0x6dd/0x860 [ 231.349501][ C0] process_one_work+0xa0e/0x1980 [ 231.349519][ C0] ? __pfx_process_one_work+0x10/0x10 [ 231.349536][ C0] ? __pfx_batadv_iv_send_outstanding_bat_ogm_packet+0x10/0x10 [ 231.349557][ C0] worker_thread+0x5ef/0xe50 [ 231.349574][ C0] ? kthread+0x13a/0x450 [ 231.349587][ C0] ? __pfx_worker_thread+0x10/0x10 [ 231.349602][ C0] kthread+0x370/0x450 [ 231.349616][ C0] ? __pfx_kthread+0x10/0x10 [ 231.349630][ C0] ret_from_fork+0x72b/0xd50 [ 231.349653][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 231.349670][ C0] ? __switch_to+0x800/0x1100 [ 231.349692][ C0] ? __pfx_kthread+0x10/0x10 [ 231.349708][ C0] ret_from_fork_asm+0x1a/0x30 [ 231.349733][ C0] [ 231.349739][ C0] [ 231.655553][ C0] Allocated by task 7872: [ 231.658344][ C0] kasan_save_stack+0x30/0x50 [ 231.662381][ C0] kasan_save_track+0x14/0x30 [ 231.665306][ C0] __kasan_kmalloc+0xaa/0xb0 [ 231.677055][ C0] p9_client_create+0xaf/0xd40 [ 231.679627][ C0] v9fs_session_init+0x3c/0xd20 [ 231.685907][ C0] v9fs_get_tree+0xb8/0xb50 [ 231.693906][ C0] vfs_get_tree+0x92/0x320 [ 231.696960][ C0] path_mount+0x7d0/0x23d0 [ 231.700318][ C0] __ia32_sys_mount+0x292/0x310 [ 231.702986][ C0] __do_fast_syscall_32+0xe7/0x950 [ 231.705995][ C0] do_fast_syscall_32+0x32/0x70 [ 231.709136][ C0] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 231.713822][ C0] [ 231.715560][ C0] Freed by task 7872: [ 231.718045][ C0] kasan_save_stack+0x30/0x50 [ 231.720888][ C0] kasan_save_track+0x14/0x30 [ 231.723452][ C0] kasan_save_free_info+0x3b/0x70 [ 231.726474][ C0] __kasan_slab_free+0x5f/0x80 [ 231.729282][ C0] kfree+0x223/0x6c0 [ 231.731431][ C0] p9_client_create+0x72d/0xd40 [ 231.735613][ C0] v9fs_session_init+0x3c/0xd20 [ 231.747616][ C0] v9fs_get_tree+0xb8/0xb50 [ 231.750515][ C0] vfs_get_tree+0x92/0x320 [ 231.753312][ C0] path_mount+0x7d0/0x23d0 [ 231.756206][ C0] __ia32_sys_mount+0x292/0x310 [ 231.760760][ C0] __do_fast_syscall_32+0xe7/0x950 [ 231.763289][ C0] do_fast_syscall_32+0x32/0x70 [ 231.776431][ C0] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 231.779208][ C0] [ 231.780347][ C0] The buggy address belongs to the object at ffff8880291cb800 [ 231.780347][ C0] which belongs to the cache kmalloc-512 of size 512 [ 231.801889][ C0] The buggy address is located 24 bytes inside of [ 231.801889][ C0] freed 512-byte region [ffff8880291cb800, ffff8880291cba00) [ 231.810651][ C0] [ 231.812352][ C0] The buggy address belongs to the physical page: [ 231.827151][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x291c8 [ 231.833539][ C0] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 231.841538][ C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 231.852087][ C0] page_type: f5(slab) [ 231.854475][ C0] raw: 00fff00000000040 ffff88801b842c80 dead000000000100 dead000000000122 [ 231.864217][ C0] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 231.865832][ T7873] warning: `syz.0.547' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 231.869462][ C0] head: 00fff00000000040 ffff88801b842c80 dead000000000100 dead000000000122 [ 231.869482][ C0] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 231.869498][ C0] head: 00fff00000000002 ffffffffffffff01 00000000ffffffff 00000000ffffffff [ 231.869512][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 231.869521][ C0] page dumped because: kasan: bad access detected [ 231.869530][ C0] page_owner tracks the page as allocated [ 231.869536][ C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1158, tgid 1158 (kworker/u32:8), ts 148146408808, free_ts 126085736304 [ 231.869565][ C0] post_alloc_hook+0x153/0x170 [ 231.973217][ C0] get_page_from_freelist+0x11a6/0x33b0 [ 231.976390][ C0] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 231.980414][ C0] new_slab+0xa6/0x6c0 [ 231.982988][ C0] refill_objects+0x277/0x420 [ 231.998623][ C0] __pcs_replace_empty_main+0x375/0x650 [ 232.002164][ C0] __kmalloc_cache_noprof+0x493/0x6f0 [ 232.005816][ C0] batadv_forw_packet_alloc+0x3a9/0x4d0 [ 232.009358][ C0] batadv_iv_ogm_aggregate_new+0x135/0x4c0 [ 232.012175][ C0] batadv_iv_ogm_schedule_buff+0xee0/0x1520 [ 232.018493][ C0] batadv_iv_send_outstanding_bat_ogm_packet+0x6dd/0x860 [ 232.027769][ C0] process_one_work+0xa0e/0x1980 [ 232.030914][ C0] worker_thread+0x5ef/0xe50 [ 232.044757][ C0] kthread+0x370/0x450 [ 232.046986][ C0] ret_from_fork+0x72b/0xd50 [ 232.049672][ C0] ret_from_fork_asm+0x1a/0x30 [ 232.052503][ C0] page last free pid 5757 tgid 5757 stack trace: [ 232.056225][ C0] __free_frozen_pages+0x747/0x1040 [ 232.066102][ C0] qlist_free_all+0x47/0xf0 [ 232.068964][ C0] kasan_quarantine_reduce+0x1a0/0x1f0 [ 232.072288][ C0] __kasan_slab_alloc+0x69/0x90 [ 232.078024][ C0] kmem_cache_alloc_noprof+0x241/0x6e0 [ 232.088268][ C0] do_getname+0x35/0x390 [ 232.090908][ C0] do_sys_openat2+0xc5/0x1e0 [ 232.093825][ C0] __ia32_compat_sys_openat+0x12d/0x210 [ 232.105237][ C0] __do_fast_syscall_32+0xe7/0x950 [ 232.108560][ C0] do_fast_syscall_32+0x32/0x70 [ 232.111959][ C0] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 232.121147][ C0] [ 232.122804][ C0] Memory state around the buggy address: [ 232.129646][ C0] ffff8880291cb700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 232.138944][ C0] ffff8880291cb780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 232.147707][ C0] >ffff8880291cb800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 232.158447][ C0] ^ [ 232.161582][ C0] ffff8880291cb880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 232.177667][ C0] ffff8880291cb900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 232.183568][ C0] ================================================================== [ 232.188583][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 232.198631][ C0] CPU: 0 UID: 0 PID: 7849 Comm: kworker/u32:12 Not tainted syzkaller #0 PREEMPT(full) [ 232.207708][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 232.220332][ C0] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet [ 232.229790][ C0] Call Trace: [ 232.231881][ C0] [ 232.235699][ C0] dump_stack_lvl+0x100/0x190 [ 232.244562][ C0] vpanic+0x552/0x970 [ 232.247144][ C0] ? __pfx_vpanic+0x10/0x10 [ 232.252413][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 232.265685][ C0] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 232.269031][ C0] panic+0xd1/0xe0 [ 232.271487][ C0] ? __pfx_panic+0x10/0x10 [ 232.274711][ C0] ? end_report.part.0+0x23/0x90 [ 232.277977][ C0] ? rcu_is_watching+0x12/0xc0 [ 232.281203][ C0] ? end_report.part.0+0x23/0x90 [ 232.284309][ C0] ? check_panic_on_warn+0x1f/0x90 [ 232.287800][ C0] check_panic_on_warn.cold+0x19/0x34 [ 232.291421][ C0] end_report.part.0+0x3a/0x90 [ 232.294613][ C0] kasan_report.cold+0xe/0x18 [ 232.297920][ C0] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 232.301262][ C0] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 232.304834][ C0] __kasan_check_byte+0x36/0x50 [ 232.310618][ C0] lock_acquire+0x12a/0x370 [ 232.313833][ C0] ? do_raw_spin_unlock+0x53/0x1e0 [ 232.318135][ C0] ? .slowpath+0x9/0x18 [ 232.321024][ C0] _raw_spin_lock_irqsave+0x3a/0x60 [ 232.323963][ C0] ? p9_req_put+0xaf/0x250 [ 232.326389][ C0] p9_req_put+0xaf/0x250 [ 232.328912][ C0] req_done+0x1dc/0x2e0 [ 232.331158][ C0] ? __pfx_req_done+0x10/0x10 [ 232.352366][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 232.356053][ C0] ? sched_clock_cpu+0x6c/0x570 [ 232.359076][ C0] ? __pfx_req_done+0x10/0x10 [ 232.367708][ C0] vring_interrupt+0x2ef/0x650 [ 232.377591][ C0] ? __pfx_vring_interrupt+0x10/0x10 [ 232.385674][ C0] __handle_irq_event_percpu+0x235/0x8c0 [ 232.396212][ C0] handle_irq_event+0xab/0x1e0 [ 232.403831][ C0] handle_edge_irq+0x35e/0x960 [ 232.413695][ C0] __common_interrupt+0xd8/0x2f0 [ 232.422494][ C0] common_interrupt+0xb9/0xe0 [ 232.424854][ C0] [ 232.426220][ C0] [ 232.427601][ C0] asm_common_interrupt+0x26/0x40 [ 232.433347][ C0] RIP: 0010:unwind_next_frame+0x10/0x2090 [ 232.445632][ C0] Code: 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 b8 00 00 00 00 00 fc ff df 41 57 <48> 89 fa 41 56 48 c1 ea 03 41 55 49 89 fd 41 54 55 53 48 83 ec 38 [ 232.470255][ C0] RSP: 0018:ffffc90003f7f610 EFLAGS: 00000202 [ 232.475694][ C0] RAX: dffffc0000000000 RBX: ffffc90003f7f700 RCX: ffffc90003f7f708 [ 232.485319][ C0] RDX: ffffc90003f80000 RSI: ffff888040ea4a00 RDI: ffffc90003f7f670 [ 232.494520][ C0] RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000 [ 232.510704][ C0] R10: ffffc90003f7f670 R11: 0000000000000000 R12: fffff520007efed0 [ 232.525888][ C0] R13: fffff520007efecf R14: ffffc90003f7f670 R15: ffffc90003f7f678 [ 232.534524][ C0] __unwind_start+0x3d1/0x7f0 [ 232.544810][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 232.553548][ C0] arch_stack_walk+0x73/0xf0 [ 232.556545][ C0] ? __unwind_start+0x2fb/0x7f0 [ 232.560209][ C0] stack_trace_save+0x8e/0xc0 [ 232.581734][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 232.587427][ C0] ? kasan_save_stack+0x3f/0x50 [ 232.590994][ C0] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 232.605437][ C0] ? __netdev_alloc_skb+0x252/0x960 [ 232.613731][ C0] ? batadv_iv_ogm_aggregate_new+0x106/0x4c0 [ 232.617563][ C0] ? batadv_iv_ogm_schedule_buff+0xee0/0x1520 [ 232.627100][ C0] ? batadv_iv_send_outstanding_bat_ogm_packet+0x6dd/0x860 [ 232.637717][ C0] ? process_one_work+0xa0e/0x1980 [ 232.647981][ C0] ? worker_thread+0x5ef/0xe50 [ 232.653170][ C0] ? kthread+0x370/0x450 [ 232.655436][ C0] kasan_save_stack+0x30/0x50 [ 232.657926][ C0] kasan_save_track+0x14/0x30 [ 232.660551][ C0] __kasan_kmalloc+0xaa/0xb0 [ 232.663756][ C0] batadv_forw_packet_alloc+0x3a9/0x4d0 [ 232.667107][ C0] batadv_iv_ogm_aggregate_new+0x135/0x4c0 [ 232.670275][ C0] batadv_iv_ogm_schedule_buff+0xee0/0x1520 [ 232.674188][ C0] ? __pfx_batadv_iv_ogm_schedule_buff+0x10/0x10 [ 232.678653][ C0] ? batadv_send_skb_packet+0x574/0x6e0 [ 232.683550][ C0] batadv_iv_send_outstanding_bat_ogm_packet+0x6dd/0x860 [ 232.693530][ C0] process_one_work+0xa0e/0x1980 [ 232.701052][ C0] ? __pfx_process_one_work+0x10/0x10 [ 232.706056][ C0] ? __pfx_batadv_iv_send_outstanding_bat_ogm_packet+0x10/0x10 [ 232.720008][ C0] worker_thread+0x5ef/0xe50 [ 232.723279][ C0] ? kthread+0x13a/0x450 [ 232.726202][ C0] ? __pfx_worker_thread+0x10/0x10 [ 232.729694][ C0] kthread+0x370/0x450 [ 232.747568][ C0] ? __pfx_kthread+0x10/0x10 [ 232.754140][ C0] ret_from_fork+0x72b/0xd50 [ 232.757921][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 232.766967][ C0] ? __switch_to+0x800/0x1100 [ 232.775908][ C0] ? __pfx_kthread+0x10/0x10 [ 232.778908][ C0] ret_from_fork_asm+0x1a/0x30 [ 232.788876][ C0] [ 232.793641][ C0] Kernel Offset: disabled [ 232.802336][ C0] Rebooting in 86400 seconds.. VM DIAGNOSIS: 18:19:22 Registers: info registers vcpu 0 CPU#0 RAX=000000000000000a RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff857c1f75 RDI=ffffffff9b462820 RBP=ffffffff9b4627e0 RSP=ffffc90000007710 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=206e692065655542 R12=0000000000000000 R13=000000000000000a R14=0000000000000010 R15=ffffffff857c1f10 RIP=ffffffff857c1f9f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097177000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f7f055b8 CR3=0000000047864000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0010b880840015de 030210b080840015 de032401e0808084 0015dc0310040015 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 15f8030c020015f0 0302040015ec030a 040015e80301ffff fff804880015e003 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ed08169003060400 168c031a04001688 030002001680030a 040015fc030a0400 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2003020800180301 a808001388030063 616d3a6873616801 ffffffffffffffff ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000014082a0 8808000002010000 00080606015dc400 0002070008003003 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0008002803000800 2003020800180301 a808001388030063 616d3a6873616801 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ed08169003060400 168c031a04001688 030002001680030a ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 040015fc030a0400 15f8030c020015f0 0302040015ec030a 040015e80301ffff ZMM25=6bc75afc6bc75afc 6bc75afc6bc75afc 6bc75afc6bc75afc 6bc75afc6bc75afc 6bc75afc6bc75afc 6bc75afc6bc75afc 6bc75afc6bc75afc 6bc75afc6bc75afc ZMM26=a06e1317a06e1317 a06e1317a06e1317 a06e1317a06e1317 a06e1317a06e1317 a06e1317a06e1317 a06e1317a06e1317 a06e1317a06e1317 a06e1317a06e1317 ZMM27=e87be838e87be838 e87be838e87be838 e87be838e87be838 e87be838e87be838 e87be838e87be838 e87be838e87be838 e87be838e87be838 e87be838e87be838 ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=d0080000d0080000 d0080000d0080000 d0080000d0080000 d0080000d0080000 d0080000d0080000 d0080000d0080000 d0080000d0080000 d0080000d0080000 info registers vcpu 1 CPU#1 RAX=ffff8880248b3898 RBX=ffff8880248b3890 RCX=ffffffff8b8981ee RDX=0000000000000000 RSI=0000000000000008 RDI=ffff8880248b3890 RBP=dffffc0000000000 RSP=ffffc9000450f6d8 R8 =0000000000000000 R9 =0000000000000001 R10=0000000000000002 R11=0000000000000000 R12=1ffff920008a1ee5 R13=0000000000000000 R14=ffffc9000450f788 R15=ffff88802b1fca00 RIP=ffffffff8274cc6a RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097277000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f735c5f8 CR3=000000006a287000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000000000db4d7 RBX=ffff88801bfeca00 RCX=ffffffff8b883095 RDX=0000000000000000 RSI=ffffffff8df1e186 RDI=ffffffff8c1c3800 RBP=0000000000000000 RSP=ffffc9000047fdf0 R8 =0000000000000001 R9 =ffffed10056867b5 R10=ffff88802b433dab R11=0000000000000000 R12=0000000000000002 R13=ffffed10037fd940 R14=0000000000000002 R15=ffffffff90d7ef50 RIP=ffffffff8b88187f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00000000 DS =0000 0000000000000000 ffffffff 00000000 FS =0000 0000000000000000 ffffffff 00000000 GS =0000 ffff888097377000 ffffffff 00000000 LDT=0000 0000000000000000 ffffffff 00000000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000563cc055a4a0 CR3=0000000044dad000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000000de271 RBX=ffff88801bfea500 RCX=ffffffff8b883095 RDX=0000000000000000 RSI=ffffffff8df1e186 RDI=ffffffff8c1c3800 RBP=0000000000000000 RSP=ffffc9000048fdf0 R8 =0000000000000001 R9 =ffffed10056a67b5 R10=ffff88802b533dab R11=0000000000000000 R12=0000000000000003 R13=ffffed10037fd4a0 R14=0000000000000003 R15=ffffffff90d7ef50 RIP=ffffffff8b88187f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097477000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000563cc058e7b0 CR3=000000002a521000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000104080 Opmask01=0000000000000000 Opmask02=00000000ffff7fdf Opmask03=0000000000000000 Opmask04=00000000fffff7ff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 44455a494c414954 494e495f43455355 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000563cc0545590 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f71dfdf1b20 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f71dfdf1b20 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f71dfd52c80 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 333030302e424642 44464435323a4432 443930373a343030 302f646968752f63 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 317761726469682f 7761726469682f33 3030302e42464244 464435323a443244 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3930373a34303030 2f646968752f6373 696d2f6c61757472 69762f7365636976 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 003a6166703a756b 733a302e30312d35 33712d6370727663 3a3174633a554d45 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 516e76633a302e30 312d3533712d6370 7276703a29393030 322c394843492b35 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3351284350647261 646e6174536e703a 554d45516e76733a 302e3072623a3431 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 30322f31302f3430 64623a322d332e36 312e312d6e616962 65642d332e36312e ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 323032302c313032 302c394631302c32 4331302c38423130 2c464131302c4541 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000