last executing test programs: 36.500692517s ago: executing program 0 (id=819): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x80000) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4) socket$igmp(0x2, 0x3, 0x2) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) r1 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x7279, 0x0, 0x4, 0x316}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19) 29.589717932s ago: executing program 0 (id=819): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x80000) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4) socket$igmp(0x2, 0x3, 0x2) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) r1 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x7279, 0x0, 0x4, 0x316}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19) 22.341814443s ago: executing program 0 (id=819): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x80000) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4) socket$igmp(0x2, 0x3, 0x2) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) r1 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x7279, 0x0, 0x4, 0x316}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19) 15.560605748s ago: executing program 0 (id=819): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x80000) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4) socket$igmp(0x2, 0x3, 0x2) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) r1 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x7279, 0x0, 0x4, 0x316}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19) 8.629500239s ago: executing program 0 (id=819): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x80000) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4) socket$igmp(0x2, 0x3, 0x2) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) r1 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x7279, 0x0, 0x4, 0x316}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19) 4.899285779s ago: executing program 3 (id=1111): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x9, 0x6, &(0x7f0000000300)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, 0x0, 0x0, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) r2 = socket(0x10, 0x3, 0x0) bind$tipc(r2, &(0x7f0000000040)=@id={0x1e, 0x3, 0x3, {0x4e24, 0x1}}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=0x0, @ANYRES32], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) setregid(0xffffffffffffffff, 0x0) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000000)={0x2001}, 0x10) bind$tipc(r3, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x30, r5, 0x1, 0x0, 0x100000, {{}, {}, {0x14, 0x19, {0x2, 0x1, 0x0, 0x8}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4008000}, 0x9004) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r6, 0x1, 0x200000010, &(0x7f0000000000), 0x4) syz_usb_connect(0x2, 0x36, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0xeb, 0x11, 0xd0, 0x40, 0x5a9, 0x511, 0xf21d, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x60, 0x0, [{{0x9, 0x4, 0x26, 0xfe, 0x2, 0x18, 0xe9, 0xb6, 0x0, [], [{{0x9, 0x5, 0xd497ce46132ecc85, 0x2, 0x20, 0x7, 0x4, 0x7f}}, {{0x9, 0x5, 0x6, 0x4, 0x10, 0x3, 0x1, 0x4}}]}}]}}]}}, 0x0) 2.881275188s ago: executing program 2 (id=1122): syz_open_dev$I2C(&(0x7f00000002c0), 0x1, 0x0) r0 = socket$xdp(0x2c, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x8948, &(0x7f0000000080)={'ip6gretap0\x00', @ifru_map={0x3, 0x4000000, 0xffff, 0x3, 0x3, 0x4}}) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000002c0)={&(0x7f0000000000)=""/74, 0x30c000, 0x800, 0x0, 0x4}, 0x20) syz_emit_vhci(&(0x7f0000008000)=ANY=[@ANYBLOB="04090000000408"], 0x7) socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket(0x40000000015, 0x5, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) socket$nl_route(0x10, 0x3, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) socketpair(0x1d, 0x2, 0x2, &(0x7f0000000000)={0x0, 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = pidfd_getfd(0xffffffffffffffff, r2, 0x0) sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000280)={&(0x7f0000000100)={0x2c, 0x1, 0x4, 0x801, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFULA_CFG_FLAGS={0x6}, @NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x8}, @NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48804}, 0x851) ioctl$sock_netdev_private(r4, 0x89f9, &(0x7f0000000400)="47cef2d2b32da77763a56dd92b09182ad38bf5ef50464c075bce3951b1f4b157cffef9b05f6e77d6d2a894229d9915da6d56d8e65235c0f308ece9d873305da8606a09491ab5da201e2a7cc36963d7049c7aba647a5ef8a4ee9fb910db424c9fe257af901e7081202fd0f983e6715faa2909982adac799a7c84161c6659cecba119ce2adfd4916af548abdb3b006d44c8ef3a5493cb57e88622fdd8f02aaacd8251398d79355b87f05f4227cfe775fa6a000cdcfbab26649aa15d394ca470a16b420558f19f9c74bb554601c7eac560263d78fc5785a233c3b") r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000010000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000003c80)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x10, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0x3}]}]}, @NFTA_IMMEDIATE_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_NEWSETELEM={0x14, 0xc, 0xa, 0x801, 0x0, 0x0, {0x1, 0x0, 0x8}}, @NFT_MSG_DELRULE={0x20, 0x8, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x3}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xbc}, 0x1, 0x0, 0x0, 0x44}, 0x0) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) 2.35049449s ago: executing program 1 (id=1123): socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) r0 = socket(0x1, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r2 = socket(0x10, 0x3, 0x0) r3 = socket(0x11, 0x3, 0x0) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000001040)='bond0\x00', 0x10) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000040)=0xd8be, 0x4) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r4, &(0x7f0000000500)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYRESHEX, @ANYRES16, @ANYRESDEC, @ANYBLOB="14181800339748000000000000000600000000000500020005000000ad1b0c1161b2e7020000000000000000000000aa0800000000000000", @ANYRES32=r1], 0xd0}, 0x1, 0x0, 0x0, 0x8045}, 0x4080000) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x12, 0x0, '.\x00'}}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0xfec5, 0x0, 0x1, 0x0, 0x0, 0x8}, 0x20040010) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r7 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0x3) mount$bpf(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000280), 0x1000, &(0x7f0000000380)={[{@gid}], [{@obj_type={'obj_type', 0x3d, 'vcan0\x00'}}, {@fsuuid={'fsuuid', 0x3d, {[0x30, 0x40, 0x33, 0x36, 0x39, 0x64, 0x65, 0x31], 0x2d, [0x62, 0x36, 0x37, 0x33], 0x2d, [0x32, 0x36, 0x65, 0x39], 0x2d, [0x53, 0x34, 0x33, 0x61], 0x2d, [0x33, 0x31, 0x39, 0x62, 0x33, 0x62, 0x61, 0x36]}}}]}) ioctl$TIOCSSOFTCAR(r7, 0x5412, &(0x7f00000001c0)=0x11) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) mmap(&(0x7f000003b000/0xf000)=nil, 0xf000, 0x1000006, 0x38011, 0xffffffffffffffff, 0x0) close(r7) socket(0x1, 0x80000, 0x4) 1.931258422s ago: executing program 2 (id=1124): sendmsg$SMC_PNETID_DEL(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x40030000000000}, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) r3 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f00000008c0)={0x1, 0x0, [{0x0, 0x73, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f00000002c0)={0x1, r3}) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000f, @void, @value}, 0x94) 1.904961805s ago: executing program 1 (id=1125): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000002e80), r0) sendmsg$NLBL_CIPSOV4_C_REMOVE(r0, &(0x7f0000003080)={0x0, 0x0, &(0x7f0000003040)={&(0x7f0000002ec0)={0x1c, r1, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x800) 1.880886772s ago: executing program 3 (id=1126): r0 = syz_io_uring_setup(0x117, &(0x7f0000000300), &(0x7f0000000280)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, 0xc}) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) 1.81172923s ago: executing program 1 (id=1127): r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r0, 0xe27, 0x0, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) r5 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f0000000240)=r5) ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000040)={0x1, r5}) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f00000008c0)={0x1, 0x0, [{0x0, 0x73, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_SET_VRING_ERR(r4, 0x4008af22, &(0x7f00000002c0)={0x1, r5}) ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) read$alg(0xffffffffffffffff, &(0x7f0000000100)=""/222, 0xde) 1.811429671s ago: executing program 3 (id=1128): syz_usb_connect$cdc_ecm(0x1, 0x0, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) r1 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000040)={0x1d, r2, 0x8000000000000003}, 0x18) sendmsg$nl_route_sched(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000004740)=@newtaction={0x14, 0x30, 0x1, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4c804}, 0x4091) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r3 = getpid() sched_getscheduler(r3) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo/3\x00') r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b700000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000480)='contention_begin\x00', r8, 0x0, 0x405}, 0x71) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r6, &(0x7f0000000100)={0xa000000d}) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r7, &(0x7f0000000400)={0xa}) read$char_usb(r4, &(0x7f0000000000)=""/25, 0x19) close(r1) 1.623536125s ago: executing program 0 (id=819): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x80000) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4) socket$igmp(0x2, 0x3, 0x2) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) r1 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x7279, 0x0, 0x4, 0x316}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19) 424.172495ms ago: executing program 1 (id=1129): r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r0, 0xe27, 0x0, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) r5 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f0000000240)=r5) ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000040)={0x1, r5}) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f00000008c0)) ioctl$VHOST_SET_VRING_ERR(r4, 0x4008af22, &(0x7f00000002c0)={0x1, r5}) ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000f, @void, @value}, 0x94) 422.683238ms ago: executing program 2 (id=1130): r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = syz_open_dev$vcsu(&(0x7f0000000040), 0xfffffcb2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x2) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r2 = getpid() r3 = syz_pidfd_open(r2, 0x0) setns(r3, 0x24020000) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x11, 0xf7, 0x0, 0x1, 0x20, 0x6, @local}, 0x14) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) ioctl$F2FS_IOC_DEFRAGMENT(r3, 0xc010f508, &(0x7f0000000080)={0x7, 0x7f}) sendto$packet(r4, &(0x7f0000000180)="0b0312002e0064000200475400f6a13bb1000000086086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x8100, r5}, 0x14) syz_clone(0x120e1100, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) 301.84158ms ago: executing program 2 (id=1131): r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r0, 0xe27, 0x0, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) r5 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f0000000240)=r5) ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000040)={0x1, r5}) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f00000008c0)) ioctl$VHOST_SET_VRING_ERR(r4, 0x4008af22, &(0x7f00000002c0)={0x1, r5}) ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000f, @void, @value}, 0x94) 241.926804ms ago: executing program 3 (id=1132): socket(0x400000000010, 0x6, 0x8003) (async) r0 = socket(0x400000000010, 0x6, 0x8003) write(r0, &(0x7f0000000040)="3a03000019002551075c0165ff0ffc02802000030004000500e1000c0400070280000f00", 0x33a) 241.626078ms ago: executing program 3 (id=1133): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c965457498a0e6098b63ed3d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb9f6e4f78dd09c7d2d6ca3c8a5d0d26cc"], &(0x7f0000000340)='syzkaller\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@bridge_delneigh={0x30, 0x1e, 0x1, 0x0, 0x0, {0x7}, [@NDA_LLADDR={0xa}, @NDA_MASTER={0x8, 0x9, 0x2}]}, 0x30}}, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e04046d0c", @ANYRES64], 0x7) r2 = socket(0x840000000002, 0x3, 0x100) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10) setsockopt$sock_int(r2, 0x1, 0x35, &(0x7f0000000080)=0x1, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe80, 0x6000, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e088641100050000210021ac141440e0", 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x48) 169.695837ms ago: executing program 3 (id=1134): syz_open_dev$sg(0x0, 0x1, 0x20105) r0 = fsopen(&(0x7f00000000c0)='nfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='devices.list\x00', 0x275a, 0x0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f0000000740)={0x30, 0x5, 0x0, {0x0, 0xffffffffffffffff, 0x3, 0xfffffffc}}, 0x30) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r3, &(0x7f0000002140)={0x2020, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(r3, &(0x7f0000008400)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9464a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37627aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac8dd104c92088e1f91ace3198c0f59bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d806b2ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a409ce174532a492ef550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0x0, {0xffffffffffffffff, 0x2, 0xfffffffffffffffd, 0x0, 0x0, 0x0, {0x40, 0x4, 0x4, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x120, 0x6000, 0x2, 0x0, 0x0, 0x902}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_INIT(r3, &(0x7f0000000440)={0x50, 0x0, r4, {0x7, 0x29, 0x8}}, 0x50) r5 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x64100, 0xa1) ioctl$TIOCGPTPEER(r5, 0x40480923, 0x8000000a) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') fchdir(r6) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB, @ANYRESDEC=0x0]) r7 = socket(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b0400000000000000000200000054000480500001800a000100696e6e65720000004000028008000240"], 0xa8}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x4, 0xf}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_TARGET={0x8, 0x1, 0xa000}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x404c810}, 0x0) r8 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r9, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af080001000000000008000100000000"], 0x270}, 0x1, 0x0, 0x0, 0x8015}, 0x4) sendmmsg(r7, &(0x7f0000000000), 0x400000000000235, 0x0) read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) lchown(&(0x7f0000000080)='./file0\x00', r10, r11) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0xa040, &(0x7f0000000180)={[{@usrquota_block_hardlimit={'usrquota_block_hardlimit', 0x3d, [0x35, 0x31, 0x35, 0x65, 0x36]}}, {@usrquota_inode_hardlimit={'usrquota_inode_hardlimit', 0x3d, [0x39, 0x38, 0x39, 0x61, 0x31]}}, {@grpquota}, {@huge_advise}], [{@func={'func', 0x3d, 'POLICY_CHECK'}}, {@measure}, {@measure}, {@dont_measure}, {@subj_user={'subj_user', 0x3d, '-$}'}}, {@func={'func', 0x3d, 'FIRMWARE_CHECK'}}, {@dont_hash}, {@euid_lt={'euid<', r10}}]}) 100.257735ms ago: executing program 2 (id=1135): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000002e80), r0) sendmsg$NLBL_CIPSOV4_C_REMOVE(r0, &(0x7f0000003080)={0x0, 0x0, &(0x7f0000003040)={&(0x7f0000002ec0)={0x1c, r1, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x800) 809.926µs ago: executing program 2 (id=1136): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000240)={0x38, 0x2c, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x800}, @nested={0x24, 0x11, 0x0, 0x1, [@generic="2fe5afbf24fbcccc554cd9761e79b8dad8a2018544a3f855448c77987d9d7a52"]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 10) 533.929µs ago: executing program 1 (id=1137): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18) r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x659f, 0x4) write$binfmt_script(r0, &(0x7f00000000c0), 0x28) recvmmsg(r0, &(0x7f00000013c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40002000, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r1, 0x0, 0x8008000000010, &(0x7f00000003c0), 0x0) 0s ago: executing program 1 (id=1138): r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r0, 0xe27, 0x0, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) r5 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f0000000240)=r5) ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000040)={0x1, r5}) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f00000008c0)={0x1, 0x0, [{0x0, 0x73, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_SET_VRING_ERR(r4, 0x4008af22, &(0x7f00000002c0)={0x1, r5}) ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) read$alg(0xffffffffffffffff, &(0x7f0000000100)=""/222, 0xde) kernel console output (not intermixed with test programs): [ 153.601719][ T8949] netlink: 48 bytes leftover after parsing attributes in process `syz.3.827'. [ 153.668812][ T13] hsr_slave_0: left promiscuous mode [ 153.670703][ T13] hsr_slave_1: left promiscuous mode [ 153.681407][ T13] veth1_macvtap: left promiscuous mode [ 153.685027][ T13] veth0_macvtap: left promiscuous mode [ 153.686570][ T13] veth1_vlan: left promiscuous mode [ 153.688009][ T13] veth0_vlan: left promiscuous mode [ 153.756000][ T5320] libceph: connect (1)[c::]:6789 error -101 [ 153.757797][ T5320] libceph: mon0 (1)[c::]:6789 connect error [ 153.763910][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 154.004705][ T1018] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 154.084856][ T5949] Bluetooth: hci3: command tx timeout [ 154.264130][ T5320] libceph: connect (1)[c::]:6789 error -101 [ 154.265890][ T5320] libceph: mon0 (1)[c::]:6789 connect error [ 154.305660][ T8944] ceph: No mds server is up or the cluster is laggy [ 154.316592][ T8967] FAULT_INJECTION: forcing a failure. [ 154.316592][ T8967] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 154.320155][ T8967] CPU: 2 UID: 0 PID: 8967 Comm: syz.1.831 Not tainted 6.14.0-syzkaller-03565-gf6e0150b2003 #0 PREEMPT(full) [ 154.320170][ T8967] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 154.320177][ T8967] Call Trace: [ 154.320181][ T8967] [ 154.320185][ T8967] dump_stack_lvl+0x16c/0x1f0 [ 154.320205][ T8967] should_fail_ex+0x512/0x640 [ 154.320217][ T8967] _copy_to_iter+0x2a4/0x15a0 [ 154.320231][ T8967] ? find_held_lock+0x2b/0x80 [ 154.320243][ T8967] ? __pfx__copy_to_iter+0x10/0x10 [ 154.320257][ T8967] ? __virt_addr_valid+0x5e/0x590 [ 154.320281][ T8967] ? __phys_addr_symbol+0x30/0x80 [ 154.320295][ T8967] ? __check_object_size+0x4c7/0x710 [ 154.320313][ T8967] simple_copy_to_iter+0x5b/0x90 [ 154.320328][ T8967] __skb_datagram_iter+0x125/0x8c0 [ 154.320355][ T8967] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 154.320370][ T8967] ? skb_recv_datagram+0x88/0xc0 [ 154.320385][ T8967] skb_copy_datagram_iter+0x40/0x50 [ 154.320399][ T8967] ping_recvmsg+0x1cc/0x1350 [ 154.320416][ T8967] ? perf_trace_ipi_send_cpumask+0x352/0x550 [ 154.320431][ T8967] ? __pfx_ping_recvmsg+0x10/0x10 [ 154.320447][ T8967] ? aa_sk_perm+0x2f4/0xb10 [ 154.320462][ T8967] ? __pfx_ping_recvmsg+0x10/0x10 [ 154.320477][ T8967] inet_recvmsg+0x467/0x6a0 [ 154.320488][ T8967] ? __pfx_inet_recvmsg+0x10/0x10 [ 154.320500][ T8967] sock_recvmsg+0x1b2/0x250 [ 154.320513][ T8967] sock_read_iter+0x2b9/0x3b0 [ 154.320524][ T8967] ? __pfx_sock_read_iter+0x10/0x10 [ 154.320539][ T8967] ? bpf_lsm_file_permission+0x9/0x10 [ 154.320555][ T8967] ? security_file_permission+0x71/0x210 [ 154.320572][ T8967] ? rw_verify_area+0xcf/0x680 [ 154.320585][ T8967] vfs_read+0xaa3/0xc70 [ 154.320600][ T8967] ? __pfx_vfs_read+0x10/0x10 [ 154.320613][ T8967] ? find_held_lock+0x2b/0x80 [ 154.320629][ T8967] ksys_read+0x205/0x240 [ 154.320642][ T8967] ? __pfx_ksys_read+0x10/0x10 [ 154.320656][ T8967] ? rcu_is_watching+0x12/0xc0 [ 154.320667][ T8967] __do_fast_syscall_32+0x73/0x120 [ 154.320684][ T8967] do_fast_syscall_32+0x32/0x80 [ 154.320700][ T8967] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 154.320713][ T8967] RIP: 0023:0xf7fe8579 [ 154.320721][ T8967] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 154.320732][ T8967] RSP: 002b:00000000f510655c EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 154.320742][ T8967] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 154.320749][ T8967] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000000 [ 154.320755][ T8967] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 154.320760][ T8967] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 154.320767][ T8967] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 154.320777][ T8967] [ 154.398990][ C2] vkms_vblank_simulate: vblank timer overrun [ 154.490512][ T5320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 154.633571][ T8972] md: array md2 already initialised! [ 155.043665][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 155.144210][ T8910] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 155.168652][ T8910] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 155.175201][ T8910] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 155.178399][ T8910] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 155.210175][ T8910] 8021q: adding VLAN 0 to HW filter on device bond0 [ 155.217786][ T8910] 8021q: adding VLAN 0 to HW filter on device team0 [ 155.221690][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.223768][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 155.237992][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.239991][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 155.252657][ T8910] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 155.257040][ T8910] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 155.378014][ T8910] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 155.396368][ T8910] veth0_vlan: entered promiscuous mode [ 155.401164][ T8910] veth1_vlan: entered promiscuous mode [ 155.412127][ T8910] veth0_macvtap: entered promiscuous mode [ 155.415618][ T8910] veth1_macvtap: entered promiscuous mode [ 155.421190][ T8910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.426405][ T8910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.429666][ T8910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.432486][ T8910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.435619][ T8910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.438806][ T8910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.442182][ T8910] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 155.448131][ T8910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.451302][ T8910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.454257][ T8910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.457228][ T8910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.460065][ T8910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.463092][ T8910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.468870][ T8910] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 155.470118][ T9031] netlink: 'syz.1.841': attribute type 1 has an invalid length. [ 155.473084][ T8910] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.473232][ T9031] netlink: 224 bytes leftover after parsing attributes in process `syz.1.841'. [ 155.475778][ T8910] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.475797][ T8910] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.475811][ T8910] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.509635][ T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 155.513319][ T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 155.527398][ T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 155.530371][ T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 155.723850][ T9036] md: array md2 already initialised! [ 155.788494][ T40] audit: type=1800 audit(1743069842.830:27): pid=9043 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.843" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0 [ 156.059126][ T9048] netlink: 4 bytes leftover after parsing attributes in process `syz.1.843'. [ 156.061774][ T9048] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 156.064033][ T9048] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 156.066640][ T9048] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 156.069440][ T9048] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 156.083574][ T7036] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 156.093920][ T1018] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 156.233596][ T7036] usb 8-1: Using ep0 maxpacket: 16 [ 156.237102][ T7036] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 156.241108][ T7036] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 156.244704][ T7036] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 156.249092][ T7036] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 156.252205][ T7036] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.256777][ T7036] usb 8-1: config 0 descriptor?? [ 156.668563][ T7036] microsoft 0003:045E:07DA.0004: ignoring exceeding usage max [ 156.680759][ T7036] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/0003:045E:07DA.0004/input/input6 [ 156.689493][ T7036] microsoft 0003:045E:07DA.0004: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 156.871972][ T7036] usb 8-1: USB disconnect, device number 7 [ 156.935279][ T9067] md: array md2 already initialised! [ 157.123644][ T1018] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 157.467601][ T9081] netlink: 224 bytes leftover after parsing attributes in process `syz.2.853'. [ 157.533665][ T5320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 157.779270][ T63] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 157.781775][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 157.945639][ T168] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.103094][ T65] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 158.106560][ T65] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 158.109128][ T65] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 158.112533][ T65] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 158.115457][ T65] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 158.117713][ T65] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 158.166038][ T1018] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 158.226977][ T9100] chnl_net:caif_netlink_parms(): no params data found [ 158.355373][ T9100] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.357609][ T9100] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.359984][ T9100] bridge_slave_0: entered allmulticast mode [ 158.362143][ T9100] bridge_slave_0: entered promiscuous mode [ 158.367600][ T9100] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.370340][ T9100] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.372327][ T9100] bridge_slave_1: entered allmulticast mode [ 158.374505][ T9100] bridge_slave_1: entered promiscuous mode [ 158.417462][ T9100] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 158.421225][ T9100] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 158.450003][ T9100] team0: Port device team_slave_0 added [ 158.453317][ T9100] team0: Port device team_slave_1 added [ 158.474652][ T9100] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 158.476644][ T9100] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 158.487390][ T9100] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 158.491367][ T9100] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 158.493439][ T9100] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 158.500308][ T9100] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 158.529871][ T9100] hsr_slave_0: entered promiscuous mode [ 158.532021][ T9100] hsr_slave_1: entered promiscuous mode [ 158.534442][ T9100] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 158.536544][ T9100] Cannot create hsr debugfs directory [ 158.676256][ T9121] fuse: Unknown parameter '0x0000000000000004' [ 158.730689][ T9126] syzkaller0: entered promiscuous mode [ 158.732268][ T9126] syzkaller0: entered allmulticast mode [ 158.802903][ T9128] netlink: 4 bytes leftover after parsing attributes in process `syz.1.866'. [ 158.812493][ T9128] netlink: 4 bytes leftover after parsing attributes in process `syz.1.866'. [ 159.206838][ T1018] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 159.843662][ T65] Bluetooth: hci2: command 0x0406 tx timeout [ 159.853564][ T65] Bluetooth: hci1: command 0x0406 tx timeout [ 160.013822][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 160.173680][ T5949] Bluetooth: hci3: command tx timeout [ 160.243731][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 160.245858][ T168] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.331337][ T168] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.394893][ T168] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.481543][ T168] bridge_slave_1: left allmulticast mode [ 160.483159][ T168] bridge_slave_1: left promiscuous mode [ 160.486202][ T168] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.490331][ T168] bridge_slave_0: left allmulticast mode [ 160.492015][ T168] bridge_slave_0: left promiscuous mode [ 160.494049][ T168] bridge0: port 1(bridge_slave_0) entered disabled state [ 160.553610][ T7036] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 160.681387][ T168] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 160.685724][ T168] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 160.688849][ T168] bond0 (unregistering): Released all slaves [ 160.703794][ T7036] usb 8-1: Using ep0 maxpacket: 8 [ 160.706579][ T7036] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 160.709442][ T7036] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 160.713053][ T7036] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 160.716759][ T7036] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 160.720389][ T7036] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 160.724095][ T7036] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 160.726663][ T7036] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.803814][ T5320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 160.936098][ T7036] usb 8-1: usb_control_msg returned -32 [ 160.941948][ T7036] usbtmc 8-1:16.0: can't read capabilities [ 160.986092][ T168] hsr_slave_0: left promiscuous mode [ 160.987920][ T168] hsr_slave_1: left promiscuous mode [ 160.989741][ T168] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 160.991724][ T168] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 160.994997][ T168] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 160.997121][ T168] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 161.013268][ T168] veth1_macvtap: left promiscuous mode [ 161.014886][ T168] veth0_macvtap: left promiscuous mode [ 161.016428][ T168] veth1_vlan: left promiscuous mode [ 161.017944][ T168] veth0_vlan: left promiscuous mode [ 161.329836][ T9190] FAULT_INJECTION: forcing a failure. [ 161.329836][ T9190] name failslab, interval 1, probability 0, space 0, times 0 [ 161.333591][ T9190] CPU: 0 UID: 0 PID: 9190 Comm: syz.2.877 Not tainted 6.14.0-syzkaller-03565-gf6e0150b2003 #0 PREEMPT(full) [ 161.333615][ T9190] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 161.333621][ T9190] Call Trace: [ 161.333625][ T9190] [ 161.333629][ T9190] dump_stack_lvl+0x16c/0x1f0 [ 161.333648][ T9190] should_fail_ex+0x512/0x640 [ 161.333659][ T9190] ? __kmalloc_noprof+0xbf/0x510 [ 161.333675][ T9190] ? lsm_blob_alloc+0x68/0x90 [ 161.333686][ T9190] should_failslab+0xc2/0x120 [ 161.333701][ T9190] __kmalloc_noprof+0xd2/0x510 [ 161.333716][ T9190] ? rcu_is_watching+0x12/0xc0 [ 161.333728][ T9190] lsm_blob_alloc+0x68/0x90 [ 161.333738][ T9190] security_cred_alloc_blank+0x2b/0x260 [ 161.333755][ T9190] cred_alloc_blank+0x61/0xa0 [ 161.333764][ T9190] keyctl_session_to_parent+0x55/0xaf0 [ 161.333778][ T9190] __do_compat_sys_keyctl+0x198/0x440 [ 161.333794][ T9190] __do_fast_syscall_32+0x73/0x120 [ 161.333811][ T9190] do_fast_syscall_32+0x32/0x80 [ 161.333826][ T9190] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 161.333839][ T9190] RIP: 0023:0xf7fd7579 [ 161.333847][ T9190] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 161.333857][ T9190] RSP: 002b:00000000f50d555c EFLAGS: 00000296 ORIG_RAX: 0000000000000120 [ 161.333868][ T9190] RAX: ffffffffffffffda RBX: 0000000000000012 RCX: 0000000000000000 [ 161.333874][ T9190] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 161.333880][ T9190] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 161.333885][ T9190] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 161.333891][ T9190] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 161.333902][ T9190] [ 161.472908][ T9190] ax25_connect(): syz.2.877 uses autobind, please contact jreuter@yaina.de [ 161.648302][ T168] team0 (unregistering): Port device team_slave_1 removed [ 161.651509][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 161.715117][ T9192] usbtmc 8-1:16.0: usb_control_msg returned -32 [ 161.736860][ T168] team0 (unregistering): Port device team_slave_0 removed [ 161.920419][ T5320] usb 8-1: USB disconnect, device number 8 [ 162.055294][ T9197] FAULT_INJECTION: forcing a failure. [ 162.055294][ T9197] name failslab, interval 1, probability 0, space 0, times 0 [ 162.058780][ T9197] CPU: 1 UID: 0 PID: 9197 Comm: syz.2.878 Not tainted 6.14.0-syzkaller-03565-gf6e0150b2003 #0 PREEMPT(full) [ 162.058794][ T9197] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 162.058801][ T9197] Call Trace: [ 162.058805][ T9197] [ 162.058809][ T9197] dump_stack_lvl+0x16c/0x1f0 [ 162.058827][ T9197] should_fail_ex+0x512/0x640 [ 162.058840][ T9197] should_failslab+0xc2/0x120 [ 162.058857][ T9197] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 162.058872][ T9197] ? skb_clone+0x190/0x3f0 [ 162.058883][ T9197] skb_clone+0x190/0x3f0 [ 162.058892][ T9197] netlink_deliver_tap+0xabd/0xd30 [ 162.058909][ T9197] netlink_unicast+0x5df/0x7f0 [ 162.058925][ T9197] ? __pfx_netlink_unicast+0x10/0x10 [ 162.058940][ T9197] ? __phys_addr_symbol+0x30/0x80 [ 162.058955][ T9197] ? __check_object_size+0x4c7/0x710 [ 162.058973][ T9197] netlink_sendmsg+0x8da/0xd70 [ 162.058989][ T9197] ? __pfx_netlink_sendmsg+0x10/0x10 [ 162.059005][ T9197] ? __import_iovec+0x1c8/0x660 [ 162.059020][ T9197] ____sys_sendmsg+0xa8d/0xc60 [ 162.059033][ T9197] ? __pfx_____sys_sendmsg+0x10/0x10 [ 162.059044][ T9197] ? get_compat_msghdr+0x11a/0x170 [ 162.059061][ T9197] ___sys_sendmsg+0x134/0x1d0 [ 162.059077][ T9197] ? __pfx____sys_sendmsg+0x10/0x10 [ 162.059113][ T9197] __sys_sendmsg+0x16d/0x220 [ 162.059134][ T9197] ? __pfx___sys_sendmsg+0x10/0x10 [ 162.059158][ T9197] ? rcu_is_watching+0x12/0xc0 [ 162.059169][ T9197] __do_fast_syscall_32+0x73/0x120 [ 162.059186][ T9197] do_fast_syscall_32+0x32/0x80 [ 162.059201][ T9197] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 162.059214][ T9197] RIP: 0023:0xf7fd7579 [ 162.059222][ T9197] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 162.059233][ T9197] RSP: 002b:00000000f50d555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 162.059243][ T9197] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0 [ 162.059249][ T9197] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 162.059255][ T9197] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 162.059260][ T9197] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 162.059266][ T9197] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 162.059277][ T9197] [ 162.253673][ T5949] Bluetooth: hci3: command tx timeout [ 162.369854][ T9100] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 162.390569][ T9100] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 162.395242][ T9100] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 162.398508][ T9100] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 162.451752][ T9100] 8021q: adding VLAN 0 to HW filter on device bond0 [ 162.496870][ T9100] 8021q: adding VLAN 0 to HW filter on device team0 [ 162.502569][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.505285][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 162.525491][ T75] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.528158][ T75] bridge0: port 2(bridge_slave_1) entered forwarding state [ 162.623634][ T9233] netlink: 40 bytes leftover after parsing attributes in process `syz.2.880'. [ 162.724530][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 162.754597][ T9100] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 162.796968][ T9100] veth0_vlan: entered promiscuous mode [ 162.800326][ T9100] veth1_vlan: entered promiscuous mode [ 162.809809][ T9100] veth0_macvtap: entered promiscuous mode [ 162.812626][ T9100] veth1_macvtap: entered promiscuous mode [ 162.819106][ T9100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 162.822156][ T9100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.825946][ T9100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 162.828858][ T9100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.835588][ T9100] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 162.842733][ T9100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 162.847559][ T9100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.850264][ T9100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 162.853266][ T9100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.857380][ T9100] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 162.862096][ T9100] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.868151][ T9100] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.871600][ T9100] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.875180][ T9100] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.900082][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 162.904357][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 162.930222][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 162.932982][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 163.773721][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 163.856546][ T5320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 164.163679][ T5986] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 164.203530][ T57] usb 8-1: new full-speed USB device number 9 using dummy_hcd [ 164.313577][ T5986] usb 6-1: Using ep0 maxpacket: 16 [ 164.316867][ T5986] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 164.320633][ T5986] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 164.324142][ T5986] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 164.328701][ T5986] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 164.331890][ T5986] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.335563][ T5986] usb 6-1: config 0 descriptor?? [ 164.355037][ T57] usb 8-1: config 0 has an invalid interface number: 38 but max is 0 [ 164.358153][ T57] usb 8-1: config 0 has no interface number 0 [ 164.360523][ T57] usb 8-1: config 0 interface 38 has no altsetting 0 [ 164.363002][ T57] usb 8-1: New USB device found, idVendor=05a9, idProduct=0511, bcdDevice=f2.1d [ 164.366576][ T57] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.370001][ T57] usb 8-1: config 0 descriptor?? [ 164.373723][ T57] gspca_main: ov519-2.14.0 probing 05a9:0511 [ 164.575386][ T57] ov519 8-1:0.38: reg_w 50 failed -71 [ 164.744169][ T5986] microsoft 0003:045E:07DA.0005: ignoring exceeding usage max [ 164.750487][ T5986] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/0003:045E:07DA.0005/input/input7 [ 164.756383][ T5986] microsoft 0003:045E:07DA.0005: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 164.813722][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 164.946042][ T24] usb 6-1: USB disconnect, device number 5 [ 165.273865][ T9264] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 165.276306][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 165.281208][ T9264] netlink: 4 bytes leftover after parsing attributes in process `syz.3.890'. [ 165.590367][ T69] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.763931][ T5299] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 165.766854][ T5299] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 165.769432][ T5299] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 165.772980][ T5299] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 165.775679][ T5299] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 165.778082][ T5299] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 165.840653][ T9272] chnl_net:caif_netlink_parms(): no params data found [ 165.843795][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 165.886506][ T9272] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.888956][ T9272] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.891078][ T9272] bridge_slave_0: entered allmulticast mode [ 165.893214][ T9272] bridge_slave_0: entered promiscuous mode [ 165.895720][ T9272] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.898294][ T9272] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.900883][ T9272] bridge_slave_1: entered allmulticast mode [ 165.903416][ T9272] bridge_slave_1: entered promiscuous mode [ 165.919894][ T9272] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 165.923381][ T9272] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 165.971930][ T9272] team0: Port device team_slave_0 added [ 165.978315][ T9272] team0: Port device team_slave_1 added [ 166.006384][ T9272] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 166.008375][ T9272] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 166.015707][ T9272] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 166.024042][ T9272] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 166.026090][ T9272] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 166.033435][ T9272] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 166.061787][ T9272] hsr_slave_0: entered promiscuous mode [ 166.063917][ T9272] hsr_slave_1: entered promiscuous mode [ 166.065736][ T9272] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 166.067922][ T9272] Cannot create hsr debugfs directory [ 166.651288][ T9283] netlink: 'syz.1.893': attribute type 2 has an invalid length. [ 166.654290][ T9283] netlink: 44 bytes leftover after parsing attributes in process `syz.1.893'. [ 166.883876][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 166.887584][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 167.055998][ T69] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.135783][ T69] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.205047][ T69] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.259224][ T40] audit: type=1326 audit(1743069854.300:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9251 comm="syz.2.887" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd7579 code=0x7fc00000 [ 167.333427][ T69] bridge_slave_1: left allmulticast mode [ 167.335726][ T69] bridge_slave_1: left promiscuous mode [ 167.338016][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.342298][ T69] bridge_slave_0: left allmulticast mode [ 167.344826][ T69] bridge_slave_0: left promiscuous mode [ 167.347560][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.368841][ T5940] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 167.602612][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 167.608476][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 167.613051][ T69] bond0 (unregistering): Released all slaves [ 167.843800][ T5299] Bluetooth: hci3: command tx timeout [ 167.923743][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 167.998834][ T69] hsr_slave_0: left promiscuous mode [ 168.001389][ T69] hsr_slave_1: left promiscuous mode [ 168.004863][ T1018] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.005115][ T69] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 168.007686][ T5320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.010134][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 168.013753][ T5320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.019379][ T69] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 168.020316][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.022150][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 168.029296][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.046539][ T1139] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.050293][ T5320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.058412][ T69] veth1_macvtap: left promiscuous mode [ 168.059559][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.063642][ T69] veth0_macvtap: left promiscuous mode [ 168.065962][ T69] veth1_vlan: left promiscuous mode [ 168.067514][ T69] veth0_vlan: left promiscuous mode [ 168.845366][ T69] team0 (unregistering): Port device team_slave_1 removed [ 168.973894][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.973978][ T69] team0 (unregistering): Port device team_slave_0 removed [ 169.246101][ T9332] netlink: 12 bytes leftover after parsing attributes in process `syz.1.899'. [ 169.284873][ T7036] usb 7-1: new full-speed USB device number 13 using dummy_hcd [ 169.435800][ T7036] usb 7-1: config 0 has an invalid interface number: 38 but max is 0 [ 169.441006][ T7036] usb 7-1: config 0 has no interface number 0 [ 169.442859][ T7036] usb 7-1: config 0 interface 38 has no altsetting 0 [ 169.446520][ T7036] usb 7-1: New USB device found, idVendor=05a9, idProduct=0511, bcdDevice=f2.1d [ 169.449274][ T7036] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.452241][ T7036] usb 7-1: config 0 descriptor?? [ 169.456954][ T7036] gspca_main: ov519-2.14.0 probing 05a9:0511 [ 169.461251][ T9272] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 169.464415][ T9272] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 169.467462][ T9272] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 169.470462][ T9272] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 169.505465][ T9272] 8021q: adding VLAN 0 to HW filter on device bond0 [ 169.512337][ T9272] 8021q: adding VLAN 0 to HW filter on device team0 [ 169.517793][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.519838][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 169.525500][ T1142] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.527789][ T1142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 169.545099][ T9272] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 169.613326][ T9272] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 169.638463][ T9272] veth0_vlan: entered promiscuous mode [ 169.642856][ T9272] veth1_vlan: entered promiscuous mode [ 169.652687][ T9272] veth0_macvtap: entered promiscuous mode [ 169.656510][ T9272] veth1_macvtap: entered promiscuous mode [ 169.661268][ T7036] ov519 7-1:0.38: reg_w 50 failed -71 [ 169.661782][ T9272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 169.666047][ T9272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.668802][ T9272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 169.671716][ T9272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.675176][ T9272] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 169.680150][ T9272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.683109][ T9272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.686183][ T9272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.689096][ T9272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.692298][ T9272] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 169.697073][ T9272] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.699532][ T9272] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.702058][ T9272] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.704922][ T9272] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.727309][ T168] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 169.730322][ T168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 169.738141][ T1142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 169.741251][ T1142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 170.234631][ T9358] random: crng reseeded on system resumption [ 170.919022][ T9371] netlink: 224 bytes leftover after parsing attributes in process `syz.2.906'. [ 171.595685][ T9375] netlink: 12 bytes leftover after parsing attributes in process `syz.2.909'. [ 171.844043][ T57] ov519 8-1:0.38: Can't determine sensor slave IDs [ 171.845914][ T57] ov519 8-1:0.38: OV519 Config failed [ 171.847428][ T57] ov519 8-1:0.38: probe with driver ov519 failed with error -22 [ 171.851586][ T57] usb 8-1: USB disconnect, device number 9 [ 172.039192][ T9386] FAULT_INJECTION: forcing a failure. [ 172.039192][ T9386] name failslab, interval 1, probability 0, space 0, times 0 [ 172.042657][ T9386] CPU: 2 UID: 0 PID: 9386 Comm: syz.3.913 Not tainted 6.14.0-syzkaller-03565-gf6e0150b2003 #0 PREEMPT(full) [ 172.042672][ T9386] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 172.042678][ T9386] Call Trace: [ 172.042682][ T9386] [ 172.042686][ T9386] dump_stack_lvl+0x16c/0x1f0 [ 172.042706][ T9386] should_fail_ex+0x512/0x640 [ 172.042716][ T9386] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 172.042732][ T9386] should_failslab+0xc2/0x120 [ 172.042748][ T9386] __kmalloc_cache_noprof+0x6a/0x3e0 [ 172.042761][ T9386] ? p9_client_create+0xc7/0x11c0 [ 172.042777][ T9386] p9_client_create+0xc7/0x11c0 [ 172.042793][ T9386] ? __pfx_p9_client_create+0x10/0x10 [ 172.042808][ T9386] ? rcu_is_watching+0x12/0xc0 [ 172.042819][ T9386] ? trace_kmalloc+0x2b/0xd0 [ 172.042828][ T9386] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 172.042844][ T9386] ? kasan_save_stack+0x33/0x60 [ 172.042857][ T9386] ? kasan_save_track+0x14/0x30 [ 172.042870][ T9386] ? __kasan_kmalloc+0x71/0xb0 [ 172.042884][ T9386] ? lockdep_init_map_type+0x5c/0x280 [ 172.042899][ T9386] ? __raw_spin_lock_init+0x3a/0x110 [ 172.042916][ T9386] v9fs_session_init+0x1f7/0x1a80 [ 172.042936][ T9386] ? __pfx_v9fs_session_init+0x10/0x10 [ 172.042956][ T9386] v9fs_mount+0xc5/0xa30 [ 172.042966][ T9386] ? rcu_is_watching+0x12/0xc0 [ 172.042975][ T9386] ? __pfx_v9fs_mount+0x10/0x10 [ 172.042985][ T9386] ? apparmor_capable+0x114/0x1d0 [ 172.042998][ T9386] ? __pfx_v9fs_mount+0x10/0x10 [ 172.043007][ T9386] legacy_get_tree+0x109/0x220 [ 172.043024][ T9386] vfs_get_tree+0x8b/0x340 [ 172.043036][ T9386] path_mount+0x14d4/0x1f30 [ 172.043046][ T9386] ? kmem_cache_free+0x2d4/0x4d0 [ 172.043059][ T9386] ? __pfx_path_mount+0x10/0x10 [ 172.043069][ T9386] ? putname+0x154/0x1a0 [ 172.043080][ T9386] __ia32_sys_mount+0x28b/0x310 [ 172.043089][ T9386] ? __pfx___ia32_sys_mount+0x10/0x10 [ 172.043100][ T9386] ? rcu_is_watching+0x12/0xc0 [ 172.043110][ T9386] __do_fast_syscall_32+0x73/0x120 [ 172.043127][ T9386] do_fast_syscall_32+0x32/0x80 [ 172.043143][ T9386] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 172.043156][ T9386] RIP: 0023:0xf7f48579 [ 172.043163][ T9386] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 172.043173][ T9386] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 172.043184][ T9386] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000800003c0 [ 172.043190][ T9386] RDX: 0000000080000b80 RSI: 0000000000000000 RDI: 0000000080000580 [ 172.043196][ T9386] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 172.043202][ T9386] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 172.043208][ T9386] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 172.043218][ T9386] [ 172.157232][ T69] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.173538][ T63] usb 6-1: new full-speed USB device number 6 using dummy_hcd [ 172.325767][ T63] usb 6-1: config 0 has an invalid interface number: 38 but max is 0 [ 172.328001][ T63] usb 6-1: config 0 has no interface number 0 [ 172.329757][ T63] usb 6-1: config 0 interface 38 has no altsetting 0 [ 172.331747][ T63] usb 6-1: New USB device found, idVendor=05a9, idProduct=0511, bcdDevice=f2.1d [ 172.335268][ T63] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.339948][ T63] usb 6-1: config 0 descriptor?? [ 172.343613][ T63] gspca_main: ov519-2.14.0 probing 05a9:0511 [ 172.545822][ T63] ov519 6-1:0.38: reg_w 50 failed -71 [ 172.660666][ T5949] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 172.664585][ T5949] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 172.669419][ T5949] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 172.673270][ T5949] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 172.678231][ T5949] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 172.681096][ T5949] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 172.737404][ T9395] chnl_net:caif_netlink_parms(): no params data found [ 172.795200][ T9395] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.797366][ T9395] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.800422][ T9395] bridge_slave_0: entered allmulticast mode [ 172.803106][ T9395] bridge_slave_0: entered promiscuous mode [ 172.807287][ T9395] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.809634][ T9395] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.811816][ T9395] bridge_slave_1: entered allmulticast mode [ 172.814212][ T9395] bridge_slave_1: entered promiscuous mode [ 172.838990][ T9395] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 172.843712][ T9395] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 172.865913][ T9395] team0: Port device team_slave_0 added [ 172.871480][ T9395] team0: Port device team_slave_1 added [ 172.890945][ T9395] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 172.893635][ T9395] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 172.901555][ T9395] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 172.908352][ T9395] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 172.911798][ T9395] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 172.919202][ T9395] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 172.955758][ T9395] hsr_slave_0: entered promiscuous mode [ 172.957983][ T9395] hsr_slave_1: entered promiscuous mode [ 172.959996][ T9395] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 172.962383][ T9395] Cannot create hsr debugfs directory [ 173.100564][ T9407] netlink: 12 bytes leftover after parsing attributes in process `syz.1.917'. [ 173.105202][ T9407] netlink: 12 bytes leftover after parsing attributes in process `syz.1.917'. [ 173.183870][ T29] net_ratelimit: 4 callbacks suppressed [ 173.183882][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 173.241743][ T9409] netlink: 224 bytes leftover after parsing attributes in process `syz.2.916'. [ 173.319249][ T9410] netlink: 44 bytes leftover after parsing attributes in process `syz.1.917'. [ 173.447296][ T9412] netlink: 12 bytes leftover after parsing attributes in process `syz.3.918'. [ 173.804873][ T69] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.863325][ T69] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.930028][ T69] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.083987][ T6163] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 174.121935][ T69] bridge_slave_1: left allmulticast mode [ 174.126901][ T69] bridge_slave_1: left promiscuous mode [ 174.129153][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.133750][ T69] bridge_slave_0: left allmulticast mode [ 174.136055][ T69] bridge_slave_0: left promiscuous mode [ 174.138319][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.243894][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 174.440689][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 174.444616][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 174.447899][ T69] bond0 (unregistering): Released all slaves [ 174.723852][ T5299] Bluetooth: hci3: command tx timeout [ 174.745749][ T69] hsr_slave_0: left promiscuous mode [ 174.748227][ T69] hsr_slave_1: left promiscuous mode [ 174.750546][ T69] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 174.753272][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 174.758540][ T69] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 174.761354][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 174.785483][ T69] veth1_macvtap: left promiscuous mode [ 174.787506][ T69] veth0_macvtap: left promiscuous mode [ 174.789567][ T69] veth1_vlan: left promiscuous mode [ 174.791465][ T69] veth0_vlan: left promiscuous mode [ 174.929294][ T9461] sock: sock_timestamping_bind_phc: sock not bind to device [ 175.294030][ T1018] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 175.429869][ T9471] netlink: 12 bytes leftover after parsing attributes in process `syz.1.927'. [ 175.451274][ T69] team0 (unregistering): Port device team_slave_1 removed [ 175.508338][ T69] team0 (unregistering): Port device team_slave_0 removed [ 175.563855][ T9473] md: array md2 already initialised! [ 175.938622][ T9483] netlink: 'syz.1.929': attribute type 2 has an invalid length. [ 176.026748][ T9475] bridge_slave_0: left allmulticast mode [ 176.028488][ T9475] bridge_slave_0: left promiscuous mode [ 176.030477][ T9475] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.035000][ T9475] bridge_slave_1: left allmulticast mode [ 176.036693][ T9475] bridge_slave_1: left promiscuous mode [ 176.038583][ T9475] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.048343][ T9475] bond0: (slave bond_slave_0): Releasing backup interface [ 176.056563][ T9475] bond0: (slave bond_slave_1): Releasing backup interface [ 176.071893][ T9475] team0: Port device team_slave_0 removed [ 176.077380][ T9475] team0: Port device team_slave_1 removed [ 176.079351][ T9475] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 176.084052][ T9475] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 176.114321][ T9475] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 176.116917][ T9475] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 176.174133][ T9475] bond0: (slave macvlan2): Releasing backup interface [ 176.177637][ T1018] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 176.188617][ T9475] veth0_to_batadv: left promiscuous mode [ 176.246667][ T9395] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 176.250638][ T9395] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 176.255471][ T9395] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 176.261079][ T9395] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 176.300205][ T9395] 8021q: adding VLAN 0 to HW filter on device bond0 [ 176.308346][ T9395] 8021q: adding VLAN 0 to HW filter on device team0 [ 176.312240][ T1142] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.315073][ T1142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.320886][ T1142] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.323590][ T1142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.324154][ T1018] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 176.435016][ T9395] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 176.448707][ T9395] veth0_vlan: entered promiscuous mode [ 176.453908][ T9395] veth1_vlan: entered promiscuous mode [ 176.463727][ T9395] veth0_macvtap: entered promiscuous mode [ 176.466540][ T9395] veth1_macvtap: entered promiscuous mode [ 176.472573][ T9395] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 176.475573][ T9395] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.478719][ T9395] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 176.483396][ T9395] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 176.486785][ T9395] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.490317][ T9395] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 176.495125][ T9395] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.497605][ T9395] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.500033][ T9395] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.502660][ T9395] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.523712][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 176.531385][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 176.533787][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 176.544899][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 176.547879][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 176.803908][ T7036] ov519 7-1:0.38: Can't determine sensor slave IDs [ 176.806701][ T7036] ov519 7-1:0.38: OV519 Config failed [ 176.808818][ T7036] ov519 7-1:0.38: probe with driver ov519 failed with error -22 [ 176.811971][ T7036] usb 7-1: USB disconnect, device number 13 [ 177.123790][ T7036] usb 7-1: new full-speed USB device number 14 using dummy_hcd [ 177.131735][ T5320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 177.285359][ T7036] usb 7-1: config 0 has an invalid interface number: 38 but max is 0 [ 177.287683][ T7036] usb 7-1: config 0 has no interface number 0 [ 177.290097][ T7036] usb 7-1: config 0 interface 38 has no altsetting 0 [ 177.292297][ T7036] usb 7-1: New USB device found, idVendor=05a9, idProduct=0511, bcdDevice=f2.1d [ 177.295169][ T7036] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.298792][ T7036] usb 7-1: config 0 descriptor?? [ 177.302334][ T7036] gspca_main: ov519-2.14.0 probing 05a9:0511 [ 177.364327][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 177.503149][ T7036] ov519 7-1:0.38: reg_w 50 failed -71 [ 177.606065][ T5980] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 178.082180][ T9509] netlink: 12 bytes leftover after parsing attributes in process `syz.2.936'. [ 178.243803][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 178.283855][ T9515] md: array md2 already initialised! [ 178.403916][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 178.678857][ T40] audit: type=1326 audit(1743069865.720:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9521 comm="syz.2.939" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fd7579 code=0x0 [ 178.941062][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.443979][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 179.488960][ T9529] vlan2: entered allmulticast mode [ 179.597368][ T5949] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 179.600995][ T5949] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 179.604875][ T5949] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 179.608787][ T5949] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 179.612339][ T5949] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 179.616421][ T5949] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 179.618791][ T9538] FAULT_INJECTION: forcing a failure. [ 179.618791][ T9538] name failslab, interval 1, probability 0, space 0, times 0 [ 179.623811][ T9538] CPU: 2 UID: 0 PID: 9538 Comm: syz.2.944 Not tainted 6.14.0-syzkaller-03565-gf6e0150b2003 #0 PREEMPT(full) [ 179.623828][ T9538] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 179.623835][ T9538] Call Trace: [ 179.623838][ T9538] [ 179.623842][ T9538] dump_stack_lvl+0x16c/0x1f0 [ 179.623863][ T9538] should_fail_ex+0x512/0x640 [ 179.623874][ T9538] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 179.623889][ T9538] should_failslab+0xc2/0x120 [ 179.623906][ T9538] __kmalloc_cache_noprof+0x6a/0x3e0 [ 179.623919][ T9538] ? copy_mount_options+0x55/0x190 [ 179.623930][ T9538] ? _copy_from_user+0x59/0xd0 [ 179.623943][ T9538] copy_mount_options+0x55/0x190 [ 179.623961][ T9538] __ia32_sys_mount+0x1ac/0x310 [ 179.623971][ T9538] ? __pfx___ia32_sys_mount+0x10/0x10 [ 179.623981][ T9538] ? rcu_is_watching+0x12/0xc0 [ 179.623993][ T9538] __do_fast_syscall_32+0x73/0x120 [ 179.624010][ T9538] do_fast_syscall_32+0x32/0x80 [ 179.624025][ T9538] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 179.624039][ T9538] RIP: 0023:0xf7fd7579 [ 179.624046][ T9538] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 179.624057][ T9538] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 179.624067][ T9538] RAX: ffffffffffffffda RBX: 00000000800013c0 RCX: 0000000080001400 [ 179.624074][ T9538] RDX: 0000000080001440 RSI: 0000000000000800 RDI: 0000000080000000 [ 179.624080][ T9538] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 179.624086][ T9538] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 179.624092][ T9538] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 179.624123][ T9538] [ 179.715095][ T9533] chnl_net:caif_netlink_parms(): no params data found [ 179.726843][ T63] ov519 6-1:0.38: Can't determine sensor slave IDs [ 179.728710][ T63] ov519 6-1:0.38: OV519 Config failed [ 179.730242][ T63] ov519 6-1:0.38: probe with driver ov519 failed with error -22 [ 179.733542][ T63] usb 6-1: USB disconnect, device number 6 [ 179.776938][ T9533] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.779654][ T9533] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.781702][ T9533] bridge_slave_0: entered allmulticast mode [ 179.783981][ T9533] bridge_slave_0: entered promiscuous mode [ 179.787221][ T9533] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.789307][ T9533] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.791300][ T9533] bridge_slave_1: entered allmulticast mode [ 179.793389][ T9533] bridge_slave_1: entered promiscuous mode [ 179.809957][ T9533] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 179.813623][ T9533] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 179.838446][ T9533] team0: Port device team_slave_0 added [ 179.841907][ T9533] team0: Port device team_slave_1 added [ 179.868835][ T9533] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 179.871447][ T9533] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 179.878930][ T9533] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 179.882562][ T9533] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 179.884754][ T9533] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 179.891754][ T9533] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 179.924752][ T9533] hsr_slave_0: entered promiscuous mode [ 179.927492][ T9533] hsr_slave_1: entered promiscuous mode [ 179.929920][ T9533] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 179.932826][ T9533] Cannot create hsr debugfs directory [ 180.174651][ T63] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 180.401121][ T40] audit: type=1326 audit(1743069867.440:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9504 comm="syz.3.935" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f48579 code=0x7fc00000 [ 180.584134][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 180.869401][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.951177][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.005460][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.105831][ T12] bridge_slave_1: left allmulticast mode [ 181.107543][ T12] bridge_slave_1: left promiscuous mode [ 181.109246][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.112192][ T12] bridge_slave_0: left allmulticast mode [ 181.114173][ T12] bridge_slave_0: left promiscuous mode [ 181.115844][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.122984][ T9578] netlink: 'syz.2.955': attribute type 2 has an invalid length. [ 181.350712][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 181.355161][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 181.359465][ T12] bond0 (unregistering): Released all slaves [ 181.574315][ T9585] md: array md2 already initialised! [ 181.604507][ T1018] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 181.664549][ T9613] netlink: 44 bytes leftover after parsing attributes in process `syz.2.963'. [ 181.694707][ T5299] Bluetooth: hci3: command tx timeout [ 181.699097][ T12] hsr_slave_0: left promiscuous mode [ 181.701442][ T12] hsr_slave_1: left promiscuous mode [ 181.703674][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 181.706377][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 181.709687][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 181.712460][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 181.732121][ T12] veth1_macvtap: left promiscuous mode [ 181.736614][ T12] veth0_macvtap: left promiscuous mode [ 181.738363][ T12] veth1_vlan: left promiscuous mode [ 181.739923][ T12] veth0_vlan: left promiscuous mode [ 182.101042][ T9624] syz.1.962: attempt to access beyond end of device [ 182.101042][ T9624] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 182.108607][ T9624] hpfs: hpfs_map_sector(): read error [ 182.395635][ T12] team0 (unregistering): Port device team_slave_1 removed [ 182.431550][ T9633] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.451690][ T9633] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.480290][ T9633] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.484714][ T12] team0 (unregistering): Port device team_slave_0 removed [ 182.485755][ T9633] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.736537][ T9640] netlink: 224 bytes leftover after parsing attributes in process `syz.3.967'. [ 183.079555][ T9533] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 183.082902][ T9533] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 183.087263][ T9533] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 183.090436][ T9533] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 183.117151][ T9533] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.123194][ T9533] 8021q: adding VLAN 0 to HW filter on device team0 [ 183.134157][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.136893][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.141354][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.143930][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.183576][ T9646] md: array md2 already initialised! [ 183.233783][ T9533] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.249061][ T9533] veth0_vlan: entered promiscuous mode [ 183.252699][ T9533] veth1_vlan: entered promiscuous mode [ 183.268324][ T9632] net_ratelimit: 337 callbacks suppressed [ 183.268334][ T9632] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 183.271687][ T9533] veth0_macvtap: entered promiscuous mode [ 183.282778][ T9533] veth1_macvtap: entered promiscuous mode [ 183.290974][ T9533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 183.295040][ T9533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.299126][ T9533] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 183.302999][ T9533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 183.308302][ T9533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.311557][ T9533] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 183.316498][ T9533] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.318843][ T9533] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.321425][ T9533] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.324107][ T9533] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.354895][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 183.357166][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 183.373230][ T168] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 183.375844][ T168] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 183.398506][ T9677] netlink: 'syz.3.973': attribute type 4 has an invalid length. [ 183.405878][ T9677] sp0: Synchronizing with TNC [ 183.468128][ T9677] [U] [ 183.683978][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 184.455480][ T9694] FAULT_INJECTION: forcing a failure. [ 184.455480][ T9694] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 184.460684][ T9694] CPU: 0 UID: 0 PID: 9694 Comm: syz.3.978 Not tainted 6.14.0-syzkaller-03565-gf6e0150b2003 #0 PREEMPT(full) [ 184.460699][ T9694] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 184.460714][ T9694] Call Trace: [ 184.460718][ T9694] [ 184.460732][ T9694] dump_stack_lvl+0x16c/0x1f0 [ 184.460751][ T9694] should_fail_ex+0x512/0x640 [ 184.460764][ T9694] should_fail_alloc_page+0xe7/0x130 [ 184.460782][ T9694] prepare_alloc_pages.constprop.0+0x172/0x570 [ 184.460797][ T9694] __alloc_frozen_pages_noprof+0x18f/0x24d0 [ 184.460816][ T9694] ? __lock_acquire+0x5ca/0x1ba0 [ 184.460832][ T9694] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 184.460850][ T9694] ? find_held_lock+0x2b/0x80 [ 184.460861][ T9694] ? is_bpf_text_address+0x8a/0x1a0 [ 184.460874][ T9694] ? bpf_ksym_find+0x124/0x1c0 [ 184.460883][ T9694] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 184.460895][ T9694] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 184.460915][ T9694] ? policy_nodemask+0xea/0x4e0 [ 184.460932][ T9694] alloc_pages_mpol+0x1fb/0x540 [ 184.460948][ T9694] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 184.460967][ T9694] folio_alloc_mpol_noprof+0x36/0x2f0 [ 184.460979][ T9694] shmem_alloc_folio+0x135/0x160 [ 184.460996][ T9694] shmem_alloc_and_add_folio+0x499/0xc20 [ 184.461008][ T9694] ? shmem_huge_global_enabled+0x72/0x6b0 [ 184.461018][ T9694] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 184.461030][ T9694] ? shmem_allowable_huge_orders+0xd0/0x410 [ 184.461043][ T9694] shmem_get_folio_gfp+0x687/0x1530 [ 184.461056][ T9694] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 184.461070][ T9694] shmem_fault+0x204/0xb10 [ 184.461081][ T9694] ? __pfx_shmem_fault+0x10/0x10 [ 184.461091][ T9694] ? rcu_is_watching+0x12/0xc0 [ 184.461102][ T9694] ? find_held_lock+0x2b/0x80 [ 184.461113][ T9694] ? pte_alloc_one+0x2b1/0x380 [ 184.461126][ T9694] __do_fault+0x10a/0x490 [ 184.461138][ T9694] do_pte_missing+0x9b7/0x3ea0 [ 184.461154][ T9694] ? find_held_lock+0x2b/0x80 [ 184.461166][ T9694] __handle_mm_fault+0x1043/0x2a50 [ 184.461183][ T9694] ? __pfx___handle_mm_fault+0x10/0x10 [ 184.461197][ T9694] ? irqentry_exit+0x3b/0x90 [ 184.461219][ T9694] handle_mm_fault+0x3fa/0xaa0 [ 184.461235][ T9694] __get_user_pages+0x771/0x36f0 [ 184.461252][ T9694] ? __pfx_mt_find+0x10/0x10 [ 184.461261][ T9694] ? __pfx___get_user_pages+0x10/0x10 [ 184.461278][ T9694] populate_vma_page_range+0x278/0x3a0 [ 184.461294][ T9694] ? __pfx_populate_vma_page_range+0x10/0x10 [ 184.461308][ T9694] ? __pfx_find_vma_intersection+0x10/0x10 [ 184.461321][ T9694] ? do_mmap+0x69c/0x11b0 [ 184.461334][ T9694] __mm_populate+0x1d8/0x380 [ 184.461348][ T9694] ? __pfx___mm_populate+0x10/0x10 [ 184.461363][ T9694] ? up_write+0x1b2/0x520 [ 184.461379][ T9694] vm_mmap_pgoff+0x362/0x450 [ 184.461394][ T9694] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 184.461409][ T9694] ? __fget_files+0x20e/0x3c0 [ 184.461425][ T9694] ksys_mmap_pgoff+0x32c/0x5c0 [ 184.461437][ T9694] ? __ia32_sys_mmap_pgoff+0x11/0x1b0 [ 184.461450][ T9694] __do_fast_syscall_32+0x73/0x120 [ 184.461466][ T9694] do_fast_syscall_32+0x32/0x80 [ 184.461481][ T9694] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 184.461494][ T9694] RIP: 0023:0xf7f48579 [ 184.461502][ T9694] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 184.461512][ T9694] RSP: 002b:00000000f504555c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0 [ 184.461523][ T9694] RAX: ffffffffffffffda RBX: 0000000080200000 RCX: 0000000000400000 [ 184.461529][ T9694] RDX: 000000000000000b RSI: 0000000000002012 RDI: 0000000000000007 [ 184.461535][ T9694] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 184.461541][ T9694] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 184.461547][ T9694] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 184.461557][ T9694] [ 184.623580][ T7036] ov519 7-1:0.38: Can't determine sensor slave IDs [ 184.625433][ T7036] ov519 7-1:0.38: OV519 Config failed [ 184.626954][ T7036] ov519 7-1:0.38: probe with driver ov519 failed with error -22 [ 184.629969][ T7036] usb 7-1: USB disconnect, device number 14 [ 184.723766][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 184.768547][ T9698] netlink: 224 bytes leftover after parsing attributes in process `syz.2.979'. [ 185.643624][ T7036] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 185.764744][ T1018] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 185.793599][ T7036] usb 8-1: Using ep0 maxpacket: 8 [ 185.796875][ T7036] usb 8-1: config 1 interface 0 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 64 [ 185.799632][ T7036] usb 8-1: config 1 interface 0 altsetting 1 endpoint 0x82 has invalid maxpacket 7365, setting to 1024 [ 185.802728][ T7036] usb 8-1: config 1 interface 0 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 185.806060][ T7036] usb 8-1: config 1 interface 0 has no altsetting 0 [ 185.809553][ T7036] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 185.812119][ T7036] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.814787][ T7036] usb 8-1: Product: Ⰹ [ 185.816035][ T7036] usb 8-1: SerialNumber: а [ 185.818651][ T9715] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 185.821088][ T9715] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 185.852567][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.853900][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 185.858681][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 186.024166][ T9715] 9pnet_fd: Insufficient options for proto=fd [ 186.029842][ T7036] usblp 8-1:1.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 1 proto 3 vid 0x0525 pid 0xA4A8 [ 186.036849][ T7036] usb 8-1: USB disconnect, device number 10 [ 186.040594][ T7036] usblp0: removed [ 186.243838][ T63] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 186.567247][ T5949] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 186.570682][ T5949] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 186.573560][ T5949] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 186.576186][ T5949] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 186.579369][ T5949] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 186.581578][ T5949] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 186.600780][ T9740] bridge: RTM_NEWNEIGH with invalid state 0x0 [ 186.661545][ T9734] chnl_net:caif_netlink_parms(): no params data found [ 186.720358][ T9734] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.722483][ T9734] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.724735][ T9734] bridge_slave_0: entered allmulticast mode [ 186.726849][ T9734] bridge_slave_0: entered promiscuous mode [ 186.729459][ T9734] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.731514][ T9734] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.733829][ T9734] bridge_slave_1: entered allmulticast mode [ 186.735878][ T9734] bridge_slave_1: entered promiscuous mode [ 186.755494][ T9734] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 186.762722][ T9734] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 186.786511][ T9734] team0: Port device team_slave_0 added [ 186.789206][ T9734] team0: Port device team_slave_1 added [ 186.803847][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 186.808243][ T9734] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 186.810259][ T9734] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.818300][ T9734] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.822017][ T9734] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.824079][ T9734] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.831018][ T9734] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.862145][ T9734] hsr_slave_0: entered promiscuous mode [ 186.864636][ T9734] hsr_slave_1: entered promiscuous mode [ 186.867010][ T9734] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 186.869250][ T9734] Cannot create hsr debugfs directory [ 186.911874][ T9752] netlink: 4 bytes leftover after parsing attributes in process `syz.1.993'. [ 187.204928][ T2085] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 187.219578][ T6163] libceph: connect (1)[c::]:6789 error -101 [ 187.221774][ T6163] libceph: mon0 (1)[c::]:6789 connect error [ 187.495145][ T6163] libceph: connect (1)[c::]:6789 error -101 [ 187.497346][ T6163] libceph: mon0 (1)[c::]:6789 connect error [ 187.612739][ T9773] netlink: 4 bytes leftover after parsing attributes in process `syz.2.999'. [ 187.618400][ T9773] FAULT_INJECTION: forcing a failure. [ 187.618400][ T9773] name failslab, interval 1, probability 0, space 0, times 0 [ 187.622050][ T9773] CPU: 3 UID: 0 PID: 9773 Comm: syz.2.999 Not tainted 6.14.0-syzkaller-03565-gf6e0150b2003 #0 PREEMPT(full) [ 187.622068][ T9773] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 187.622078][ T9773] Call Trace: [ 187.622084][ T9773] [ 187.622089][ T9773] dump_stack_lvl+0x16c/0x1f0 [ 187.622128][ T9773] should_fail_ex+0x512/0x640 [ 187.622140][ T9773] ? fs_reclaim_acquire+0xae/0x150 [ 187.622157][ T9773] ? tomoyo_encode2+0x100/0x3e0 [ 187.622179][ T9773] should_failslab+0xc2/0x120 [ 187.622201][ T9773] __kmalloc_noprof+0xd2/0x510 [ 187.622219][ T9773] ? d_absolute_path+0x136/0x1a0 [ 187.622232][ T9773] tomoyo_encode2+0x100/0x3e0 [ 187.622256][ T9773] tomoyo_encode+0x29/0x50 [ 187.622277][ T9773] tomoyo_realpath_from_path+0x18f/0x6e0 [ 187.622304][ T9773] tomoyo_path_number_perm+0x245/0x580 [ 187.622321][ T9773] ? tomoyo_path_number_perm+0x237/0x580 [ 187.622340][ T9773] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 187.622376][ T9773] ? find_held_lock+0x2b/0x80 [ 187.622392][ T9773] ? __fget_files+0x204/0x3c0 [ 187.622411][ T9773] ? __fget_files+0x20e/0x3c0 [ 187.622433][ T9773] security_file_ioctl_compat+0x9b/0x240 [ 187.622455][ T9773] __do_compat_sys_ioctl+0x4e/0x2c0 [ 187.622475][ T9773] __do_fast_syscall_32+0x73/0x120 [ 187.622496][ T9773] do_fast_syscall_32+0x32/0x80 [ 187.622515][ T9773] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 187.622533][ T9773] RIP: 0023:0xf7fd7579 [ 187.622544][ T9773] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 187.622558][ T9773] RSP: 002b:00000000f50d555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 187.622573][ T9773] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000c05064a7 [ 187.622581][ T9773] RDX: 0000000080000280 RSI: 0000000000000000 RDI: 0000000000000000 [ 187.622587][ T9773] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 187.622596][ T9773] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 187.622605][ T9773] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 187.622622][ T9773] [ 187.622650][ T9773] ERROR: Out of memory at tomoyo_realpath_from_path. [ 187.777029][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.833071][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.843905][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 187.904583][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.969698][ T9761] ceph: No mds server is up or the cluster is laggy [ 188.082084][ T12] bridge_slave_1: left allmulticast mode [ 188.084054][ T12] bridge_slave_1: left promiscuous mode [ 188.085706][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.088562][ T12] bridge_slave_0: left allmulticast mode [ 188.090184][ T12] bridge_slave_0: left promiscuous mode [ 188.091780][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.418326][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 188.446374][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 188.454853][ T12] bond0 (unregistering): Released all slaves [ 188.654541][ T5299] Bluetooth: hci3: command tx timeout [ 188.811936][ T12] hsr_slave_0: left promiscuous mode [ 188.821299][ T12] hsr_slave_1: left promiscuous mode [ 188.827897][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 188.845873][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 188.848856][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 188.852158][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 188.884669][ T1018] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 188.885157][ T12] veth1_macvtap: left promiscuous mode [ 188.888751][ T12] veth0_macvtap: left promiscuous mode [ 188.890297][ T12] veth1_vlan: left promiscuous mode [ 188.894750][ T12] veth0_vlan: left promiscuous mode [ 189.293699][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 189.889659][ T12] team0 (unregistering): Port device team_slave_1 removed [ 189.935596][ T1018] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 189.948835][ T12] team0 (unregistering): Port device team_slave_0 removed [ 190.462377][ T9734] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 190.475043][ T9734] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 190.480456][ T9734] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 190.483643][ T9734] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 190.519669][ T9734] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.527690][ T9734] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.533078][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.535168][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.540354][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.542321][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.679001][ T9734] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 190.694885][ T9734] veth0_vlan: entered promiscuous mode [ 190.698887][ T9734] veth1_vlan: entered promiscuous mode [ 190.718964][ T9734] veth0_macvtap: entered promiscuous mode [ 190.722518][ T9734] veth1_macvtap: entered promiscuous mode [ 190.723568][ T5299] Bluetooth: hci3: command tx timeout [ 190.727830][ T9734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 190.730798][ T9734] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.735103][ T9734] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 190.745406][ T9734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 190.748331][ T9734] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.751510][ T9734] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 190.764738][ T9734] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.768293][ T9734] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.771065][ T9734] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.773418][ T9734] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.806577][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.808825][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.825080][ T1142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.827651][ T1142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.965746][ T5979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 192.003787][ T9033] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 192.325213][ T6163] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 192.945227][ T24] libceph: connect (1)[c::]:6789 error -101 [ 192.948495][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 192.951588][ T24] libceph: connect (1)[c::]:6789 error -101 [ 192.953624][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 192.981937][ T9871] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1021'. [ 193.044318][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 193.073441][ T46] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.074622][ T9879] loop9: detected capacity change from 0 to 7 [ 193.082132][ T9879] loop9: [CUMANA/ADFS] p1 [ADFS] p1 [ 193.085443][ T9879] loop9: partition table partially beyond EOD, truncated [ 193.089132][ T9879] loop9: p1 size 2437361653 extends beyond EOD, truncated [ 193.104219][ T5299] Bluetooth: hci1: unexpected event 0x3e length: 265 > 260 [ 193.104239][ T5299] Bluetooth: hci1: unexpected subevent 0x0d length: 264 > 260 [ 193.108653][ T5299] Bluetooth: hci1: adv larger than maximum supported [ 193.109811][ T9879] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1023'. [ 193.133768][ T40] audit: type=1326 audit(1743069880.180:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9832 comm="syz.2.1012" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd7579 code=0x7fc00000 [ 193.214063][ T24] libceph: connect (1)[c::]:6789 error -101 [ 193.215902][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 193.606669][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.609119][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 193.699208][ T9867] ceph: No mds server is up or the cluster is laggy [ 193.945875][ T5949] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 193.951060][ T5949] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 193.954119][ T5949] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 193.956873][ T5949] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 193.959468][ T5949] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 193.961604][ T5949] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 194.003600][ T9890] md: array md2 already initialised! [ 194.037516][ T9891] chnl_net:caif_netlink_parms(): no params data found [ 194.094017][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 194.107775][ T9891] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.110009][ T9891] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.112130][ T9891] bridge_slave_0: entered allmulticast mode [ 194.114532][ T9891] bridge_slave_0: entered promiscuous mode [ 194.118028][ T9891] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.120361][ T9891] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.122333][ T9891] bridge_slave_1: entered allmulticast mode [ 194.126326][ T9891] bridge_slave_1: entered promiscuous mode [ 194.133310][ T9910] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1027'. [ 194.153814][ T9891] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 194.159114][ T9891] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 194.184734][ T9891] team0: Port device team_slave_0 added [ 194.188001][ T9891] team0: Port device team_slave_1 added [ 194.214841][ T9891] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 194.216983][ T9891] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 194.225319][ T9891] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 194.228952][ T9891] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 194.230897][ T9891] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 194.238190][ T9891] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 194.263796][ T9891] hsr_slave_0: entered promiscuous mode [ 194.265787][ T9891] hsr_slave_1: entered promiscuous mode [ 194.267519][ T9891] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 194.269691][ T9891] Cannot create hsr debugfs directory [ 194.771935][ T9915] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1032'. [ 194.890222][ T46] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.942881][ T46] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.993776][ T46] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 195.003537][ T9926] md: array md2 already initialised! [ 195.066249][ T46] bridge_slave_1: left allmulticast mode [ 195.068015][ T46] bridge_slave_1: left promiscuous mode [ 195.069640][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.073766][ T46] bridge_slave_0: left allmulticast mode [ 195.075333][ T46] bridge_slave_0: left promiscuous mode [ 195.076933][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.123875][ T9033] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 195.320423][ T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 195.324009][ T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 195.327196][ T9941] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 195.327811][ T46] bond0 (unregistering): Released all slaves [ 195.344577][ T9941] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 195.363828][ T9941] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 195.367624][ T9941] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 195.369966][ T9941] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 195.372908][ T9941] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 195.380200][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 195.570117][ T9957] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1041'. [ 195.577167][ T9957] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 195.709356][ T46] hsr_slave_0: left promiscuous mode [ 195.711230][ T46] hsr_slave_1: left promiscuous mode [ 195.712997][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 195.716630][ T46] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 195.719023][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 195.722135][ T46] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 195.743116][ T46] veth1_macvtap: left promiscuous mode [ 195.744846][ T46] veth0_macvtap: left promiscuous mode [ 195.746487][ T46] veth1_vlan: left promiscuous mode [ 195.748186][ T46] veth0_vlan: left promiscuous mode [ 196.003602][ T5299] Bluetooth: hci3: command tx timeout [ 196.225532][ T9976] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1042'. [ 196.266543][ T46] team0 (unregistering): Port device team_slave_1 removed [ 196.335694][ T46] team0 (unregistering): Port device team_slave_0 removed [ 197.043182][ T9891] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 197.049186][ T9891] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 197.056450][ T9891] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 197.060683][ T9891] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 197.107757][ T9891] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.114555][ T9891] 8021q: adding VLAN 0 to HW filter on device team0 [ 197.115289][ T9989] md: array md2 already initialised! [ 197.118472][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.120527][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 197.125985][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.128310][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 197.245127][ T9891] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 197.262212][ T9891] veth0_vlan: entered promiscuous mode [ 197.267180][ T9891] veth1_vlan: entered promiscuous mode [ 197.276168][ T9891] veth0_macvtap: entered promiscuous mode [ 197.281558][ T9891] veth1_macvtap: entered promiscuous mode [ 197.282441][T10012] fuse: Bad value for 'fd' [ 197.287367][ T9891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 197.291285][ T9891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.292709][ T9891] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 197.309195][ T9891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 197.313244][ T9891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.320100][ T9891] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 197.327681][ T9891] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.331368][ T9891] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.335924][ T9891] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.339224][ T9891] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.373396][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 197.375737][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 197.382859][ T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 197.386060][ T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 197.550680][T10021] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1052'. [ 197.848260][ T40] audit: type=1326 audit(1743069884.890:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9921 comm="syz.1.1035" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7fc00000 [ 197.880258][T10023] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1056'. [ 198.133612][ T29] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 198.263577][ T29] usb 7-1: device descriptor read/64, error -71 [ 198.313541][T10030] md: array md2 already initialised! [ 198.523711][ T29] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 198.663703][ T29] usb 7-1: device descriptor read/64, error -71 [ 198.783729][ T29] usb usb7-port1: attempt power cycle [ 199.133687][ T29] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 199.154003][ T29] usb 7-1: device descriptor read/8, error -71 [ 199.294176][ T57] net_ratelimit: 682 callbacks suppressed [ 199.294192][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 199.403648][ T29] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 199.424823][ T29] usb 7-1: device descriptor read/8, error -71 [ 199.456610][T10050] fuse: Bad value for 'fd' [ 199.533672][ T29] usb usb7-port1: unable to enumerate USB device [ 199.877099][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.923642][ T5949] Bluetooth: hci3: command 0xfc11 tx timeout [ 199.928177][ T5299] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 200.323722][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 200.802039][ T5949] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 200.806039][ T5949] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 200.808547][ T5949] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 200.811385][ T5949] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 200.813892][ T5949] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 200.816101][ T5949] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 200.880218][T10056] chnl_net:caif_netlink_parms(): no params data found [ 200.954801][T10056] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.957500][T10056] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.960057][T10056] bridge_slave_0: entered allmulticast mode [ 200.962758][T10056] bridge_slave_0: entered promiscuous mode [ 200.966913][T10056] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.968920][T10056] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.971006][T10056] bridge_slave_1: entered allmulticast mode [ 200.973091][T10056] bridge_slave_1: entered promiscuous mode [ 200.991953][T10056] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 200.995860][T10056] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 201.015248][T10056] team0: Port device team_slave_0 added [ 201.018342][T10056] team0: Port device team_slave_1 added [ 201.036090][T10056] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 201.038269][T10056] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.046143][T10056] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 201.049823][T10056] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 201.052038][T10056] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.059460][T10056] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 201.081467][T10056] hsr_slave_0: entered promiscuous mode [ 201.083367][T10056] hsr_slave_1: entered promiscuous mode [ 201.085763][T10056] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 201.087843][T10056] Cannot create hsr debugfs directory [ 201.373605][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 201.443770][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 201.664822][T10071] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1065'. [ 201.688226][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.801319][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.876526][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.922982][T10075] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 201.929274][T10075] netlink: 'syz.2.1067': attribute type 1 has an invalid length. [ 201.945895][T10075] 8021q: adding VLAN 0 to HW filter on device bond1 [ 201.960295][T10075] bond1: (slave ip6erspan0): making interface the new active one [ 201.964520][T10075] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link [ 201.999786][ T12] bridge_slave_1: left allmulticast mode [ 202.001475][ T12] bridge_slave_1: left promiscuous mode [ 202.003081][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.006457][ T12] bridge_slave_0: left allmulticast mode [ 202.008124][ T12] bridge_slave_0: left promiscuous mode [ 202.009789][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.218981][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 202.222546][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 202.227021][ T12] bond0 (unregistering): Released all slaves [ 202.405596][T10046] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 202.408218][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 202.410808][ T7036] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 202.414888][ T7036] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 202.487264][ T40] audit: type=1326 audit(1743069889.530:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10051 comm="syz.3.1063" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f48579 code=0x7fc00000 [ 202.598808][ T12] hsr_slave_0: left promiscuous mode [ 202.601061][ T12] hsr_slave_1: left promiscuous mode [ 202.602836][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 202.606362][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 202.609136][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 202.611793][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 202.635188][ T12] veth1_macvtap: left promiscuous mode [ 202.636802][ T12] veth0_macvtap: left promiscuous mode [ 202.638415][ T12] veth1_vlan: left promiscuous mode [ 202.640003][ T12] veth0_vlan: left promiscuous mode [ 202.887478][ T5299] Bluetooth: hci4: command tx timeout [ 203.359314][ T12] team0 (unregistering): Port device team_slave_1 removed [ 203.392248][T10113] FAULT_INJECTION: forcing a failure. [ 203.392248][T10113] name failslab, interval 1, probability 0, space 0, times 0 [ 203.396231][T10114] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1074'. [ 203.398756][T10113] CPU: 0 UID: 0 PID: 10113 Comm: syz.1.1075 Not tainted 6.14.0-syzkaller-03565-gf6e0150b2003 #0 PREEMPT(full) [ 203.398774][T10113] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 203.398781][T10113] Call Trace: [ 203.398784][T10113] [ 203.398789][T10113] dump_stack_lvl+0x16c/0x1f0 [ 203.398809][T10113] should_fail_ex+0x512/0x640 [ 203.398821][T10113] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 203.398838][T10113] should_failslab+0xc2/0x120 [ 203.398854][T10113] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 203.398869][T10113] ? __alloc_skb+0x2b2/0x380 [ 203.398886][T10113] __alloc_skb+0x2b2/0x380 [ 203.398900][T10113] ? __pfx___alloc_skb+0x10/0x10 [ 203.398916][T10113] ? __virt_addr_valid+0x5e/0x590 [ 203.398931][T10113] ? __phys_addr_symbol+0x30/0x80 [ 203.398945][T10113] tipc_buf_acquire+0x26/0xe0 [ 203.398955][T10113] tipc_msg_build+0x85a/0x1140 [ 203.398967][T10113] ? __pfx_tipc_msg_build+0x10/0x10 [ 203.398982][T10113] tipc_send_group_bcast+0x7cc/0xa50 [ 203.399000][T10113] ? __pfx_tipc_send_group_bcast+0x10/0x10 [ 203.399013][T10113] ? page_ext_put+0x3e/0xd0 [ 203.399028][T10113] ? __pfx_woken_wake_function+0x10/0x10 [ 203.399039][T10113] ? __page_table_check_zero+0x2d7/0x360 [ 203.399057][T10113] ? get_page_from_freelist+0x10c4/0x34c0 [ 203.399075][T10113] __tipc_sendmsg+0x4ab/0x19a0 [ 203.399091][T10113] ? find_held_lock+0x2b/0x80 [ 203.399104][T10113] ? __pfx___tipc_sendmsg+0x10/0x10 [ 203.399119][T10113] ? __lock_acquire+0xaa4/0x1ba0 [ 203.399135][T10113] ? __pfx___might_resched+0x10/0x10 [ 203.399153][T10113] ? __local_bh_enable_ip+0xa4/0x120 [ 203.399166][T10113] tipc_sendmsg+0x4f/0x70 [ 203.399182][T10113] ____sys_sendmsg+0xa8d/0xc60 [ 203.399195][T10113] ? __pfx_____sys_sendmsg+0x10/0x10 [ 203.399206][T10113] ? get_compat_msghdr+0x11a/0x170 [ 203.399221][T10113] ? __pfx__kstrtoull+0x10/0x10 [ 203.399239][T10113] ___sys_sendmsg+0x134/0x1d0 [ 203.399255][T10113] ? __pfx____sys_sendmsg+0x10/0x10 [ 203.399275][T10113] ? find_held_lock+0x2b/0x80 [ 203.399291][T10113] __sys_sendmmsg+0x2f9/0x420 [ 203.399308][T10113] ? __pfx___sys_sendmmsg+0x10/0x10 [ 203.399327][T10113] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 203.399347][T10113] ? fput+0x70/0xf0 [ 203.399356][T10113] ? ksys_write+0x1b9/0x240 [ 203.399370][T10113] ? __pfx_ksys_write+0x10/0x10 [ 203.399385][T10113] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 203.399398][T10113] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 203.399414][T10113] __do_fast_syscall_32+0x73/0x120 [ 203.399430][T10113] do_fast_syscall_32+0x32/0x80 [ 203.399445][T10113] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 203.399458][T10113] RIP: 0023:0xf7fe8579 [ 203.399466][T10113] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 203.399476][T10113] RSP: 002b:00000000f510655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 203.399486][T10113] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800030c0 [ 203.399498][T10113] RDX: 0000000000000181 RSI: 0000000000000000 RDI: 0000000000000000 [ 203.399503][T10113] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 203.399512][T10113] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 203.399518][T10113] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 203.399528][T10113] [ 203.494025][ T9033] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 203.525540][ T12] team0 (unregistering): Port device team_slave_0 removed [ 203.971418][T10056] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 203.976974][T10056] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 203.980596][T10056] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 203.986418][T10056] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 204.023070][T10056] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.031304][T10056] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.040435][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.042438][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.045948][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.047978][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.117246][T10056] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 204.145452][T10056] veth0_vlan: entered promiscuous mode [ 204.150519][T10056] veth1_vlan: entered promiscuous mode [ 204.160937][T10056] veth0_macvtap: entered promiscuous mode [ 204.164087][T10056] veth1_macvtap: entered promiscuous mode [ 204.170472][T10056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.173392][T10056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.176785][T10056] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 204.181084][T10056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.184233][T10056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.187947][T10056] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 204.191518][T10056] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.194042][T10056] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.196564][T10056] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.199199][T10056] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.202582][T10127] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1078'. [ 204.225890][ T168] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.229514][ T168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.241389][ T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.244575][ T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.260758][T10129] bridge: RTM_NEWNEIGH with invalid state 0x0 [ 204.483707][ T24] net_ratelimit: 339 callbacks suppressed [ 204.483725][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 204.573989][ T9033] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 204.820901][T10121] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 205.603784][T10046] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 205.982763][T10172] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 205.996046][T10172] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 206.014668][T10172] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 206.018600][T10172] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 206.020983][T10172] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 206.024521][T10172] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 206.167388][T10173] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1091'. [ 206.483728][ T24] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 206.653705][ T24] usb 7-1: Using ep0 maxpacket: 16 [ 206.657259][ T24] usb 7-1: config 0 has no interfaces? [ 206.659519][ T24] usb 7-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 206.663036][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.667824][ T24] usb 7-1: config 0 descriptor?? [ 206.806889][ T168] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.872948][ T5299] Bluetooth: hci2: unexpected event for opcode 0x1005 [ 206.873712][ T24] usb 7-1: USB disconnect, device number 19 [ 207.858957][ T5949] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 207.864834][ T5949] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 207.869122][ T5949] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 207.872130][ T5949] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 207.875455][ T5949] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 207.877715][ T5949] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 207.939598][T10193] chnl_net:caif_netlink_parms(): no params data found [ 208.024141][T10193] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.026792][T10193] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.028933][T10193] bridge_slave_0: entered allmulticast mode [ 208.031515][T10193] bridge_slave_0: entered promiscuous mode [ 208.034203][T10193] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.036270][T10193] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.038305][T10193] bridge_slave_1: entered allmulticast mode [ 208.044011][T10193] bridge_slave_1: entered promiscuous mode [ 208.071771][T10193] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.075966][T10193] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.098865][T10193] team0: Port device team_slave_0 added [ 208.102090][T10193] team0: Port device team_slave_1 added [ 208.119484][T10193] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 208.121479][T10193] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.129349][T10193] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.133035][T10193] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 208.135548][T10193] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.142741][T10193] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 208.166851][T10193] hsr_slave_0: entered promiscuous mode [ 208.168869][T10193] hsr_slave_1: entered promiscuous mode [ 208.170651][T10193] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 208.172789][T10193] Cannot create hsr debugfs directory [ 208.303584][ T7036] usb 8-1: new full-speed USB device number 11 using dummy_hcd [ 208.457095][ T7036] usb 8-1: config 0 has an invalid interface number: 38 but max is 0 [ 208.463633][ T7036] usb 8-1: config 0 has no interface number 0 [ 208.470460][ T7036] usb 8-1: config 0 interface 38 has no altsetting 0 [ 208.472845][ T7036] usb 8-1: New USB device found, idVendor=05a9, idProduct=0511, bcdDevice=f2.1d [ 208.475627][ T7036] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.491114][ T7036] usb 8-1: config 0 descriptor?? [ 208.495799][ T7036] gspca_main: ov519-2.14.0 probing 05a9:0511 [ 208.605230][ T40] audit: type=1326 audit(1743070151.650:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10184 comm="syz.2.1096" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd7579 code=0x7fc00000 [ 208.643413][T10220] serio: Serial port ptm0 [ 208.676663][ T168] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.694948][ T7036] ov519 8-1:0.38: reg_w 50 failed -71 [ 208.745532][ T168] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.767668][T10217] cgroup: fork rejected by pids controller in /syz1 [ 208.818623][ T168] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.947436][ T168] bridge_slave_1: left allmulticast mode [ 208.949137][ T168] bridge_slave_1: left promiscuous mode [ 208.950763][ T168] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.954186][ T168] bridge_slave_0: left allmulticast mode [ 208.955850][ T168] bridge_slave_0: left promiscuous mode [ 208.957497][ T168] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.169885][ T168] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 209.174143][ T168] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 209.177264][ T168] bond0 (unregistering): Released all slaves [ 209.496444][ T40] audit: type=1800 audit(1743070152.540:35): pid=10273 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1105" name="memory.events.local" dev="tmpfs" ino=1615 res=0 errno=0 [ 209.529455][ T168] hsr_slave_0: left promiscuous mode [ 209.534825][ T168] hsr_slave_1: left promiscuous mode [ 209.541634][ T168] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 209.544458][ T168] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 209.551044][ T168] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 209.573945][ T168] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 209.601426][ T168] veth1_macvtap: left promiscuous mode [ 209.603185][ T168] veth0_macvtap: left promiscuous mode [ 209.605304][ T168] veth1_vlan: left promiscuous mode [ 209.606876][ T168] veth0_vlan: left promiscuous mode [ 209.765753][ T29] net_ratelimit: 343 callbacks suppressed [ 209.765766][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 209.923747][ T5299] Bluetooth: hci3: command tx timeout [ 210.147760][ T168] team0 (unregistering): Port device team_slave_1 removed [ 210.226720][ T168] team0 (unregistering): Port device team_slave_0 removed [ 210.567837][ T6163] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 210.693341][T10193] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 210.698264][T10193] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 210.701377][T10193] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 210.706006][T10193] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 210.730146][T10193] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.736555][T10193] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.744154][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.746474][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.749118][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.751084][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.758435][T10316] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !寿$ULvyآDUDw}z [ 210.813777][T10046] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 210.879420][T10193] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 210.901695][T10193] veth0_vlan: entered promiscuous mode [ 210.905869][T10193] veth1_vlan: entered promiscuous mode [ 210.916143][T10193] veth0_macvtap: entered promiscuous mode [ 210.920679][T10193] veth1_macvtap: entered promiscuous mode [ 210.937957][T10193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.940867][T10193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.944124][T10193] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 210.948990][T10193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 210.951888][T10193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.956597][T10193] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 210.961656][T10193] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.964470][T10193] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.967040][T10193] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.969752][T10193] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.004695][ T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 211.006938][ T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 211.022250][ T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 211.025020][ T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 211.065061][ T40] audit: type=1326 audit(1743070154.110:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10300 comm="syz.1.1110" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7fc00000 [ 211.073744][ T40] audit: type=1326 audit(1743070154.110:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10300 comm="syz.1.1110" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fe8579 code=0x7fc00000 [ 211.079621][ T40] audit: type=1326 audit(1743070154.110:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10300 comm="syz.1.1110" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7fc00000 [ 211.085710][ T40] audit: type=1326 audit(1743070154.110:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10300 comm="syz.1.1110" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7fc00000 [ 211.092314][ T40] audit: type=1326 audit(1743070154.110:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10300 comm="syz.1.1110" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7fc00000 [ 211.103048][ T40] audit: type=1326 audit(1743070154.110:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10300 comm="syz.1.1110" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7fc00000 [ 211.109331][ T40] audit: type=1326 audit(1743070154.110:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10300 comm="syz.1.1110" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7fc00000 [ 211.123378][ T40] audit: type=1326 audit(1743070154.110:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10300 comm="syz.1.1110" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7fc00000 [ 211.435360][T10344] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1115'. [ 211.637562][T10347] FAULT_INJECTION: forcing a failure. [ 211.637562][T10347] name failslab, interval 1, probability 0, space 0, times 0 [ 211.640785][T10347] CPU: 1 UID: 0 PID: 10347 Comm: syz.1.1116 Not tainted 6.14.0-syzkaller-03565-gf6e0150b2003 #0 PREEMPT(full) [ 211.640801][T10347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 211.640807][T10347] Call Trace: [ 211.640812][T10347] [ 211.640816][T10347] dump_stack_lvl+0x16c/0x1f0 [ 211.640835][T10347] should_fail_ex+0x512/0x640 [ 211.640846][T10347] ? __kmalloc_noprof+0xbf/0x510 [ 211.640862][T10347] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 211.640874][T10347] should_failslab+0xc2/0x120 [ 211.640891][T10347] __kmalloc_noprof+0xd2/0x510 [ 211.640909][T10347] ? __pfx___mutex_trylock_common+0x10/0x10 [ 211.640927][T10347] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 211.640940][T10347] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 211.640950][T10347] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 211.640961][T10347] ? trace_cap_capable+0x18d/0x200 [ 211.640976][T10347] ? bpf_lsm_capable+0x9/0x10 [ 211.640986][T10347] ? security_capable+0x7e/0x260 [ 211.640998][T10347] ? ns_capable+0xd7/0x110 [ 211.641010][T10347] genl_rcv_msg+0x55c/0x800 [ 211.641021][T10347] ? __pfx_genl_rcv_msg+0x10/0x10 [ 211.641030][T10347] ? __pfx___dev_queue_xmit+0x10/0x10 [ 211.641044][T10347] ? __pfx_mptcp_pm_nl_add_addr_doit+0x10/0x10 [ 211.641062][T10347] ? __lock_acquire+0xaa4/0x1ba0 [ 211.641077][T10347] netlink_rcv_skb+0x16a/0x440 [ 211.641092][T10347] ? __pfx_genl_rcv_msg+0x10/0x10 [ 211.641102][T10347] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 211.641122][T10347] ? __pfx_down_read+0x10/0x10 [ 211.641132][T10347] ? netlink_deliver_tap+0x1ae/0xd30 [ 211.641148][T10347] genl_rcv+0x28/0x40 [ 211.641156][T10347] netlink_unicast+0x53a/0x7f0 [ 211.641172][T10347] ? __pfx_netlink_unicast+0x10/0x10 [ 211.641187][T10347] ? __phys_addr_symbol+0x30/0x80 [ 211.641201][T10347] ? __check_object_size+0x4c7/0x710 [ 211.641219][T10347] netlink_sendmsg+0x8da/0xd70 [ 211.641235][T10347] ? __pfx_netlink_sendmsg+0x10/0x10 [ 211.641251][T10347] ? __import_iovec+0x1c8/0x660 [ 211.641266][T10347] ____sys_sendmsg+0xa8d/0xc60 [ 211.641277][T10347] ? release_compress_blocks+0x680/0xaa0 [ 211.641290][T10347] ? __pfx_____sys_sendmsg+0x10/0x10 [ 211.641301][T10347] ? get_compat_msghdr+0x11a/0x170 [ 211.641319][T10347] ___sys_sendmsg+0x134/0x1d0 [ 211.641335][T10347] ? __pfx____sys_sendmsg+0x10/0x10 [ 211.641363][T10347] __sys_sendmsg+0x16d/0x220 [ 211.641379][T10347] ? __pfx___sys_sendmsg+0x10/0x10 [ 211.641399][T10347] ? rcu_is_watching+0x12/0xc0 [ 211.641410][T10347] __do_fast_syscall_32+0x73/0x120 [ 211.641426][T10347] do_fast_syscall_32+0x32/0x80 [ 211.641442][T10347] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 211.641455][T10347] RIP: 0023:0xf7fe8579 [ 211.641463][T10347] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 211.641492][T10347] RSP: 002b:00000000f510655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 211.641503][T10347] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000080000400 [ 211.641510][T10347] RDX: 0000000004000840 RSI: 0000000000000000 RDI: 0000000000000000 [ 211.641516][T10347] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 211.641521][T10347] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 211.641527][T10347] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 211.641538][T10347] [ 211.854330][T10046] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 212.143638][ T5940] usb 6-1: new full-speed USB device number 7 using dummy_hcd [ 212.224916][T10365] /dev/sr0: Can't open blockdev [ 212.295182][ T5940] usb 6-1: config 0 has an invalid interface number: 38 but max is 0 [ 212.297439][ T5940] usb 6-1: config 0 has no interface number 0 [ 212.299268][ T5940] usb 6-1: config 0 interface 38 has no altsetting 0 [ 212.301110][ T5940] usb 6-1: New USB device found, idVendor=05a9, idProduct=0511, bcdDevice=f2.1d [ 212.304137][ T5940] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.308738][ T5940] usb 6-1: config 0 descriptor?? [ 212.313185][ T5940] gspca_main: ov519-2.14.0 probing 05a9:0511 [ 212.515509][ T5940] ov519 6-1:0.38: reg_w 50 failed -71 [ 212.558788][ T5299] Bluetooth: hci2: unexpected event 0x09 length: 4 > 3 [ 212.884522][ T9033] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 213.603784][ T5320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 213.879531][ T75] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.934339][T10046] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 214.964034][T10046] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 215.078621][ T5949] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 215.083246][ T5949] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 215.087177][ T5949] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 215.090499][ T5949] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 215.092668][ T5949] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 215.095690][ T5949] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 215.230204][T10401] chnl_net:caif_netlink_parms(): no params data found [ 215.339084][T10401] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.341122][T10401] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.343143][T10401] bridge_slave_0: entered allmulticast mode [ 215.345934][T10401] bridge_slave_0: entered promiscuous mode [ 215.348930][T10401] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.351158][T10401] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.353650][T10401] bridge_slave_1: entered allmulticast mode [ 215.356426][T10401] bridge_slave_1: entered promiscuous mode [ 215.376173][T10401] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 215.379673][T10425] FAULT_INJECTION: forcing a failure. [ 215.379673][T10425] name failslab, interval 1, probability 0, space 0, times 0 [ 215.384013][T10417] md: array md2 already initialised! [ 215.384262][T10425] CPU: 0 UID: 0 PID: 10425 Comm: syz.2.1136 Not tainted 6.14.0-syzkaller-03565-gf6e0150b2003 #0 PREEMPT(full) [ 215.384280][T10425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 215.384287][T10425] Call Trace: [ 215.384291][T10425] [ 215.384296][T10425] dump_stack_lvl+0x16c/0x1f0 [ 215.384318][T10425] should_fail_ex+0x512/0x640 [ 215.384330][T10425] ? __kmalloc_noprof+0xbf/0x510 [ 215.384347][T10425] ? rfkill_alloc+0xac/0x330 [ 215.384363][T10425] should_failslab+0xc2/0x120 [ 215.384381][T10425] __kmalloc_noprof+0xd2/0x510 [ 215.384405][T10425] rfkill_alloc+0xac/0x330 [ 215.384422][T10425] wiphy_new_nm+0x1217/0x2160 [ 215.384440][T10425] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 215.384459][T10425] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 215.384476][T10425] ieee80211_alloc_hw_nm+0x1b7a/0x2260 [ 215.384492][T10425] ? __local_bh_enable_ip+0xa4/0x120 [ 215.384507][T10425] mac80211_hwsim_new_radio+0x1d4/0x54b0 [ 215.384531][T10425] ? rcu_is_watching+0x12/0xc0 [ 215.384542][T10425] ? trace_kmalloc+0x2b/0xd0 [ 215.384552][T10425] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 215.384568][T10425] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 215.384585][T10425] ? __asan_memcpy+0x3c/0x60 [ 215.384600][T10425] hwsim_new_radio_nl+0xb51/0x12c0 [ 215.384617][T10425] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 215.384636][T10425] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 215.384652][T10425] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 215.384665][T10425] genl_family_rcv_msg_doit+0x206/0x2f0 [ 215.384676][T10425] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 215.384686][T10425] ? trace_cap_capable+0x18d/0x200 [ 215.384702][T10425] ? bpf_lsm_capable+0x9/0x10 [ 215.384713][T10425] ? security_capable+0x7e/0x260 [ 215.384726][T10425] ? ns_capable+0xd7/0x110 [ 215.384738][T10425] genl_rcv_msg+0x55c/0x800 [ 215.384749][T10425] ? __pfx_genl_rcv_msg+0x10/0x10 [ 215.384759][T10425] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 215.384776][T10425] ? __lock_acquire+0xaa4/0x1ba0 [ 215.384792][T10425] netlink_rcv_skb+0x16a/0x440 [ 215.384807][T10425] ? __pfx_genl_rcv_msg+0x10/0x10 [ 215.384818][T10425] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 215.384838][T10425] ? __pfx_down_read+0x10/0x10 [ 215.384849][T10425] ? netlink_deliver_tap+0x1ae/0xd30 [ 215.384864][T10425] genl_rcv+0x28/0x40 [ 215.384872][T10425] netlink_unicast+0x53a/0x7f0 [ 215.384889][T10425] ? __pfx_netlink_unicast+0x10/0x10 [ 215.384904][T10425] ? __phys_addr_symbol+0x30/0x80 [ 215.384919][T10425] ? __check_object_size+0x4c7/0x710 [ 215.384941][T10425] netlink_sendmsg+0x8da/0xd70 [ 215.384959][T10425] ? __pfx_netlink_sendmsg+0x10/0x10 [ 215.384975][T10425] ? __import_iovec+0x1c8/0x660 [ 215.384991][T10425] ____sys_sendmsg+0xa8d/0xc60 [ 215.385005][T10425] ? __pfx_____sys_sendmsg+0x10/0x10 [ 215.385016][T10425] ? get_compat_msghdr+0x11a/0x170 [ 215.385035][T10425] ___sys_sendmsg+0x134/0x1d0 [ 215.385052][T10425] ? __pfx____sys_sendmsg+0x10/0x10 [ 215.385080][T10425] __sys_sendmsg+0x16d/0x220 [ 215.385096][T10425] ? __pfx___sys_sendmsg+0x10/0x10 [ 215.385116][T10425] ? rcu_is_watching+0x12/0xc0 [ 215.385127][T10425] __do_fast_syscall_32+0x73/0x120 [ 215.385144][T10425] do_fast_syscall_32+0x32/0x80 [ 215.385159][T10425] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 215.385173][T10425] RIP: 0023:0xf7fd7579 [ 215.385183][T10425] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 215.385194][T10425] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 215.385204][T10425] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040 [ 215.385211][T10425] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 215.385217][T10425] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 215.385223][T10425] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 215.385228][T10425] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 215.385239][T10425] [ 215.385248][T10425] INFO: trying to register non-static key. [ 215.385294][T10401] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 215.506234][T10425] The code is fine but needs lockdep annotation, or maybe [ 215.509007][T10425] you didn't initialize this object before use? [ 215.510764][T10425] turning off the locking correctness validator. [ 215.512620][T10425] CPU: 0 UID: 0 PID: 10425 Comm: syz.2.1136 Not tainted 6.14.0-syzkaller-03565-gf6e0150b2003 #0 PREEMPT(full) [ 215.512634][T10425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 215.512641][T10425] Call Trace: [ 215.512646][T10425] [ 215.512651][T10425] dump_stack_lvl+0x116/0x1f0 [ 215.512672][T10425] register_lock_class+0x4a3/0x4c0 [ 215.512689][T10425] __lock_acquire+0x99/0x1ba0 [ 215.512705][T10425] lock_acquire+0x179/0x350 [ 215.512718][T10425] ? cfg80211_dev_free+0x30/0x3d0 [ 215.512729][T10425] ? dump_stack_lvl+0x1a1/0x1f0 [ 215.512744][T10425] _raw_spin_lock_irqsave+0x3a/0x60 [ 215.512757][T10425] ? cfg80211_dev_free+0x30/0x3d0 [ 215.512767][T10425] cfg80211_dev_free+0x30/0x3d0 [ 215.512776][T10425] ? __pfx_wiphy_dev_release+0x10/0x10 [ 215.512787][T10425] device_release+0xa1/0x240 [ 215.512798][T10425] kobject_put+0x1e4/0x5a0 [ 215.512814][T10425] put_device+0x1f/0x30 [ 215.512824][T10425] wiphy_new_nm+0x1c1f/0x2160 [ 215.512840][T10425] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 215.512858][T10425] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 215.512879][T10425] ieee80211_alloc_hw_nm+0x1b7a/0x2260 [ 215.512894][T10425] ? __local_bh_enable_ip+0xa4/0x120 [ 215.512908][T10425] mac80211_hwsim_new_radio+0x1d4/0x54b0 [ 215.512928][T10425] ? rcu_is_watching+0x12/0xc0 [ 215.512938][T10425] ? trace_kmalloc+0x2b/0xd0 [ 215.512949][T10425] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 215.512965][T10425] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 215.512981][T10425] ? __asan_memcpy+0x3c/0x60 [ 215.512995][T10425] hwsim_new_radio_nl+0xb51/0x12c0 [ 215.513012][T10425] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 215.513029][T10425] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 215.513041][T10425] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 215.513053][T10425] genl_family_rcv_msg_doit+0x206/0x2f0 [ 215.513064][T10425] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 215.513073][T10425] ? trace_cap_capable+0x18d/0x200 [ 215.513087][T10425] ? bpf_lsm_capable+0x9/0x10 [ 215.513097][T10425] ? security_capable+0x7e/0x260 [ 215.513109][T10425] ? ns_capable+0xd7/0x110 [ 215.513120][T10425] genl_rcv_msg+0x55c/0x800 [ 215.513130][T10425] ? __pfx_genl_rcv_msg+0x10/0x10 [ 215.513139][T10425] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 215.513155][T10425] ? __lock_acquire+0xaa4/0x1ba0 [ 215.513170][T10425] netlink_rcv_skb+0x16a/0x440 [ 215.513184][T10425] ? __pfx_genl_rcv_msg+0x10/0x10 [ 215.513194][T10425] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 215.513211][T10425] ? __pfx_down_read+0x10/0x10 [ 215.513221][T10425] ? netlink_deliver_tap+0x1ae/0xd30 [ 215.513235][T10425] genl_rcv+0x28/0x40 [ 215.513243][T10425] netlink_unicast+0x53a/0x7f0 [ 215.513259][T10425] ? __pfx_netlink_unicast+0x10/0x10 [ 215.513273][T10425] ? __phys_addr_symbol+0x30/0x80 [ 215.513287][T10425] ? __check_object_size+0x4c7/0x710 [ 215.513305][T10425] netlink_sendmsg+0x8da/0xd70 [ 215.513320][T10425] ? __pfx_netlink_sendmsg+0x10/0x10 [ 215.513335][T10425] ? __import_iovec+0x1c8/0x660 [ 215.513350][T10425] ____sys_sendmsg+0xa8d/0xc60 [ 215.513364][T10425] ? __pfx_____sys_sendmsg+0x10/0x10 [ 215.513375][T10425] ? get_compat_msghdr+0x11a/0x170 [ 215.513391][T10425] ___sys_sendmsg+0x134/0x1d0 [ 215.513407][T10425] ? __pfx____sys_sendmsg+0x10/0x10 [ 215.513428][T10425] __sys_sendmsg+0x16d/0x220 [ 215.513444][T10425] ? __pfx___sys_sendmsg+0x10/0x10 [ 215.513461][T10425] ? rcu_is_watching+0x12/0xc0 [ 215.513471][T10425] __do_fast_syscall_32+0x73/0x120 [ 215.513488][T10425] do_fast_syscall_32+0x32/0x80 [ 215.513503][T10425] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 215.513516][T10425] RIP: 0023:0xf7fd7579 [ 215.513525][T10425] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 215.513535][T10425] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 215.513546][T10425] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040 [ 215.513552][T10425] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 215.513558][T10425] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 215.513563][T10425] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 215.513569][T10425] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 215.513578][T10425] [ 215.513953][T10425] ------------[ cut here ]------------ [ 215.634190][T10425] WARNING: CPU: 0 PID: 10425 at net/wireless/core.c:1197 cfg80211_dev_free+0x2e7/0x3d0 [ 215.636808][T10425] Modules linked in: [ 215.637916][T10425] CPU: 0 UID: 0 PID: 10425 Comm: syz.2.1136 Not tainted 6.14.0-syzkaller-03565-gf6e0150b2003 #0 PREEMPT(full) [ 215.641156][T10425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 215.644065][T10425] RIP: 0010:cfg80211_dev_free+0x2e7/0x3d0 [ 215.645590][T10425] Code: 00 00 49 8b bd e0 08 00 00 e8 35 e0 65 f7 4c 89 ef 48 83 c4 10 5b 5d 41 5c 41 5d 41 5e 41 5f e9 1f e0 65 f7 e8 0a f4 0d f7 90 <0f> 0b 90 e9 6f fd ff ff 4c 89 ff e8 79 ae 70 f7 e9 aa fe ff ff 4c [ 215.650859][T10425] RSP: 0018:ffffc90003bdf1a0 EFLAGS: 00010093 [ 215.652570][T10425] RAX: 0000000000000000 RBX: 0000000000000293 RCX: ffffffff8198302c [ 215.654752][T10425] RDX: ffff888026228000 RSI: ffffffff8aad0d76 RDI: ffffc90003bdf110 [ 215.656942][T10425] RBP: ffff8880611406a8 R08: 0000000000000001 R09: fffff5200077be22 [ 215.659119][T10425] R10: 0000000000000003 R11: ffff8880611406d0 R12: ffff8880611406b8 [ 215.661316][T10425] R13: ffff888061140000 R14: ffff88801bf2da80 R15: 0000000000000000 [ 215.663409][T10425] FS: 0000000000000000(0000) GS:ffff888097c5a000(0063) knlGS:00000000f50f6b40 [ 215.665904][T10425] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 215.667735][T10425] CR2: 0000000080001000 CR3: 00000000638f2000 CR4: 0000000000352ef0 [ 215.669964][T10425] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 215.672171][T10425] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 215.674359][T10425] Call Trace: [ 215.675305][T10425] [ 215.676155][T10425] ? __warn+0xea/0x3c0 [ 215.677313][T10425] ? cfg80211_dev_free+0x2e7/0x3d0 [ 215.678745][T10425] ? report_bug+0x3c3/0x580 [ 215.680045][T10425] ? cfg80211_dev_free+0x2e7/0x3d0 [ 215.681487][T10425] ? handle_bug+0x184/0x210 [ 215.682762][T10425] ? exc_invalid_op+0x17/0x50 [ 215.684128][T10425] ? asm_exc_invalid_op+0x1a/0x20 [ 215.685550][T10425] ? do_raw_spin_lock+0x12c/0x2b0 [ 215.686932][T10425] ? cfg80211_dev_free+0x2e6/0x3d0 [ 215.688382][T10425] ? cfg80211_dev_free+0x2e7/0x3d0 [ 215.689831][T10425] ? __pfx_wiphy_dev_release+0x10/0x10 [ 215.691357][T10425] device_release+0xa1/0x240 [ 215.692689][T10425] kobject_put+0x1e4/0x5a0 [ 215.693948][T10425] put_device+0x1f/0x30 [ 215.695119][T10425] wiphy_new_nm+0x1c1f/0x2160 [ 215.696455][T10425] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 215.698290][T10425] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 215.700182][T10425] ieee80211_alloc_hw_nm+0x1b7a/0x2260 [ 215.701960][T10425] ? __local_bh_enable_ip+0xa4/0x120 [ 215.703468][T10425] mac80211_hwsim_new_radio+0x1d4/0x54b0 [ 215.705058][T10425] ? rcu_is_watching+0x12/0xc0 [ 215.706395][T10425] ? trace_kmalloc+0x2b/0xd0 [ 215.707710][T10425] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 215.709562][T10425] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 215.711249][T10425] ? __asan_memcpy+0x3c/0x60 [ 215.712573][T10425] hwsim_new_radio_nl+0xb51/0x12c0 [ 215.713999][T10425] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 215.715521][T10425] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 215.717559][T10425] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 215.719605][T10425] genl_family_rcv_msg_doit+0x206/0x2f0 [ 215.721148][T10425] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 215.722839][T10425] ? trace_cap_capable+0x18d/0x200 [ 215.724271][T10425] ? bpf_lsm_capable+0x9/0x10 [ 215.725593][T10425] ? security_capable+0x7e/0x260 [ 215.726986][T10425] ? ns_capable+0xd7/0x110 [ 215.728249][T10425] genl_rcv_msg+0x55c/0x800 [ 215.729522][T10425] ? __pfx_genl_rcv_msg+0x10/0x10 [ 215.730921][T10425] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 215.732472][T10425] ? __lock_acquire+0xaa4/0x1ba0 [ 215.733857][T10425] netlink_rcv_skb+0x16a/0x440 [ 215.735204][T10425] ? __pfx_genl_rcv_msg+0x10/0x10 [ 215.736621][T10425] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 215.738092][T10425] ? __pfx_down_read+0x10/0x10 [ 215.739433][T10425] ? netlink_deliver_tap+0x1ae/0xd30 [ 215.740919][T10425] genl_rcv+0x28/0x40 [ 215.742040][T10425] netlink_unicast+0x53a/0x7f0 [ 215.743383][T10425] ? __pfx_netlink_unicast+0x10/0x10 [ 215.744869][T10425] ? __phys_addr_symbol+0x30/0x80 [ 215.746281][T10425] ? __check_object_size+0x4c7/0x710 [ 215.747778][T10425] netlink_sendmsg+0x8da/0xd70 [ 215.749127][T10425] ? __pfx_netlink_sendmsg+0x10/0x10 [ 215.750602][T10425] ? __import_iovec+0x1c8/0x660 [ 215.751972][T10425] ____sys_sendmsg+0xa8d/0xc60 [ 215.753315][T10425] ? __pfx_____sys_sendmsg+0x10/0x10 [ 215.754787][T10425] ? get_compat_msghdr+0x11a/0x170 [ 215.756218][T10425] ___sys_sendmsg+0x134/0x1d0 [ 215.757541][T10425] ? __pfx____sys_sendmsg+0x10/0x10 [ 215.758996][T10425] __sys_sendmsg+0x16d/0x220 [ 215.760307][T10425] ? __pfx___sys_sendmsg+0x10/0x10 [ 215.761737][T10425] ? rcu_is_watching+0x12/0xc0 [ 215.763069][T10425] __do_fast_syscall_32+0x73/0x120 [ 215.764510][T10425] do_fast_syscall_32+0x32/0x80 [ 215.765884][T10425] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 215.767641][T10425] RIP: 0023:0xf7fd7579 [ 215.768799][T10425] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 215.774089][T10425] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 215.776390][T10425] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040 [ 215.778581][T10425] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 215.780865][T10425] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 215.783091][T10425] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 215.785331][T10425] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 215.787744][T10425] [ 215.788699][T10425] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 215.790707][T10425] CPU: 0 UID: 0 PID: 10425 Comm: syz.2.1136 Not tainted 6.14.0-syzkaller-03565-gf6e0150b2003 #0 PREEMPT(full) [ 215.793913][T10425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 215.796858][T10425] Call Trace: [ 215.797802][T10425] [ 215.798655][T10425] dump_stack_lvl+0x3d/0x1f0 [ 215.799968][T10425] panic+0x71c/0x800 [ 215.801034][T10425] ? __pfx_panic+0x10/0x10 [ 215.802241][T10425] ? show_trace_log_lvl+0x29c/0x3c0 [ 215.803698][T10425] ? check_panic_on_warn+0x1f/0xb0 [ 215.805141][T10425] ? cfg80211_dev_free+0x2e7/0x3d0 [ 215.806576][T10425] check_panic_on_warn+0xab/0xb0 [ 215.807972][T10425] __warn+0xf6/0x3c0 [ 215.809082][T10425] ? cfg80211_dev_free+0x2e7/0x3d0 [ 215.810520][T10425] report_bug+0x3c3/0x580 [ 215.811741][T10425] ? cfg80211_dev_free+0x2e7/0x3d0 [ 215.813181][T10425] handle_bug+0x184/0x210 [ 215.814375][T10425] exc_invalid_op+0x17/0x50 [ 215.815653][T10425] asm_exc_invalid_op+0x1a/0x20 [ 215.817030][T10425] RIP: 0010:cfg80211_dev_free+0x2e7/0x3d0 [ 215.818614][T10425] Code: 00 00 49 8b bd e0 08 00 00 e8 35 e0 65 f7 4c 89 ef 48 83 c4 10 5b 5d 41 5c 41 5d 41 5e 41 5f e9 1f e0 65 f7 e8 0a f4 0d f7 90 <0f> 0b 90 e9 6f fd ff ff 4c 89 ff e8 79 ae 70 f7 e9 aa fe ff ff 4c [ 215.823922][T10425] RSP: 0018:ffffc90003bdf1a0 EFLAGS: 00010093 [ 215.825625][T10425] RAX: 0000000000000000 RBX: 0000000000000293 RCX: ffffffff8198302c [ 215.827829][T10425] RDX: ffff888026228000 RSI: ffffffff8aad0d76 RDI: ffffc90003bdf110 [ 215.829932][T10425] RBP: ffff8880611406a8 R08: 0000000000000001 R09: fffff5200077be22 [ 215.832123][T10425] R10: 0000000000000003 R11: ffff8880611406d0 R12: ffff8880611406b8 [ 215.834304][T10425] R13: ffff888061140000 R14: ffff88801bf2da80 R15: 0000000000000000 [ 215.836493][T10425] ? do_raw_spin_lock+0x12c/0x2b0 [ 215.837917][T10425] ? cfg80211_dev_free+0x2e6/0x3d0 [ 215.839356][T10425] ? __pfx_wiphy_dev_release+0x10/0x10 [ 215.840887][T10425] device_release+0xa1/0x240 [ 215.842192][T10425] kobject_put+0x1e4/0x5a0 [ 215.843454][T10425] put_device+0x1f/0x30 [ 215.844647][T10425] wiphy_new_nm+0x1c1f/0x2160 [ 215.845976][T10425] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 215.847802][T10425] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 215.849690][T10425] ieee80211_alloc_hw_nm+0x1b7a/0x2260 [ 215.851217][T10425] ? __local_bh_enable_ip+0xa4/0x120 [ 215.852715][T10425] mac80211_hwsim_new_radio+0x1d4/0x54b0 [ 215.854279][T10425] ? rcu_is_watching+0x12/0xc0 [ 215.855628][T10425] ? trace_kmalloc+0x2b/0xd0 [ 215.856923][T10425] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 215.858781][T10425] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 215.860475][T10425] ? __asan_memcpy+0x3c/0x60 [ 215.861771][T10425] hwsim_new_radio_nl+0xb51/0x12c0 [ 215.863194][T10425] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 215.864735][T10425] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 215.866769][T10425] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 215.868808][T10425] genl_family_rcv_msg_doit+0x206/0x2f0 [ 215.870338][T10425] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 215.872031][T10425] ? trace_cap_capable+0x18d/0x200 [ 215.873468][T10425] ? bpf_lsm_capable+0x9/0x10 [ 215.874792][T10425] ? security_capable+0x7e/0x260 [ 215.876184][T10425] ? ns_capable+0xd7/0x110 [ 215.877435][T10425] genl_rcv_msg+0x55c/0x800 [ 215.878876][T10425] ? __pfx_genl_rcv_msg+0x10/0x10 [ 215.880296][T10425] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 215.881849][T10425] ? __lock_acquire+0xaa4/0x1ba0 [ 215.883237][T10425] netlink_rcv_skb+0x16a/0x440 [ 215.884593][T10425] ? __pfx_genl_rcv_msg+0x10/0x10 [ 215.885997][T10425] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 215.887440][T10425] ? __pfx_down_read+0x10/0x10 [ 215.888620][T10425] ? netlink_deliver_tap+0x1ae/0xd30 [ 215.889908][T10425] genl_rcv+0x28/0x40 [ 215.890888][T10425] netlink_unicast+0x53a/0x7f0 [ 215.892233][T10425] ? __pfx_netlink_unicast+0x10/0x10 [ 215.893721][T10425] ? __phys_addr_symbol+0x30/0x80 [ 215.895129][T10425] ? __check_object_size+0x4c7/0x710 [ 215.896615][T10425] netlink_sendmsg+0x8da/0xd70 [ 215.897959][T10425] ? __pfx_netlink_sendmsg+0x10/0x10 [ 215.899472][T10425] ? __import_iovec+0x1c8/0x660 [ 215.900845][T10425] ____sys_sendmsg+0xa8d/0xc60 [ 215.902187][T10425] ? __pfx_____sys_sendmsg+0x10/0x10 [ 215.903657][T10425] ? get_compat_msghdr+0x11a/0x170 [ 215.905096][T10425] ___sys_sendmsg+0x134/0x1d0 [ 215.906414][T10425] ? __pfx____sys_sendmsg+0x10/0x10 [ 215.907889][T10425] __sys_sendmsg+0x16d/0x220 [ 215.909214][T10425] ? __pfx___sys_sendmsg+0x10/0x10 [ 215.910648][T10425] ? rcu_is_watching+0x12/0xc0 [ 215.911991][T10425] __do_fast_syscall_32+0x73/0x120 [ 215.913428][T10425] do_fast_syscall_32+0x32/0x80 [ 215.914799][T10425] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 215.916560][T10425] RIP: 0023:0xf7fd7579 [ 215.917700][T10425] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 215.922966][T10425] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 215.925263][T10425] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040 [ 215.927433][T10425] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 215.929640][T10425] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 215.931844][T10425] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 215.934042][T10425] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 215.936237][T10425] [ 215.937643][T10425] Kernel Offset: disabled [ 215.938875][T10425] Rebooting in 86400 seconds.. VM DIAGNOSIS: 10:05:02 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000076 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff854169d5 RDI=ffffffff9ab71d20 RBP=ffffffff9ab71ce0 RSP=ffffc90003bdeb40 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=28203a30646e6f62 R12=0000000000000000 R13=0000000000000076 R14=ffffffff9ab71ce0 R15=ffffffff85416970 RIP=ffffffff854169ff RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097c5a000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080001000 CR3=00000000638f2000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=ffff88802b441240 RCX=ffffffff81aede49 RDX=ffff88801d284880 RSI=0000000000000000 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc900001e7930 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=ffffed1005688249 R13=0000000000000001 R14=dffffc0000000000 R15=ffff88802b53b140 RIP=ffffffff81bb0180 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097d5a000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000008000048c CR3=000000000df82000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffff88802b441220 RCX=ffffffff81aede49 RDX=ffff888021dda440 RSI=0000000000000000 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc90002fef7e8 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=000000000000001e R12=ffffed1005688245 R13=0000000000000001 R14=dffffc0000000000 R15=ffff88802b63b140 RIP=ffffffff81aede1e RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097e5a000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7fd55c0 CR3=00000000659de000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000002800000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000002 RBX=ffff88802b73b0c0 RCX=ffffffff81af03ae RDX=ffff88801d694880 RSI=ffffffff81af0388 RDI=0000000000000005 RBP=ffffc9000044fd10 RSP=ffffc9000044fc38 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=fffffbfff1c391ee R12=1ffff92000089f8c R13=0000000000000002 R14=0000000000000001 R15=ffffed10056e7619 RIP=ffffffff81bb0197 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097f5a000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000057b814c0 CR3=000000001c3d6000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000001 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe5c031780 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6565656565656565 6565656565656565 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffff0000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2038642034372033 3020383020303120 3130203062203437 2033302037302000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2032642034372033 3020323020303120 3130203062203437 2033302037302000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3035413030303030 3020303932303030 2030203a52204135 3234203135353634 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 30203530202e3020 3020203030203000 2030202030202030 2020202020302020 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 682a6e322a3a3a2a 3a3a2a3a3a2a3a3a 2a3c382a3e682a6e 322a3a332a3a332a ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a3f6c3a3a3a3a3a 3a3a3a3068383a3a 2a305a59582a573f 383e3a3b5e51573e ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000