last executing test programs: 39.272261085s ago: executing program 1 (id=184): r0 = socket(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000080)="7800e00018002507b9409b14ffff00000204be04020506050e020409430009003f000c00100000000d0085a168d0bf46d32345653600648d0a00120002000a0000005ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000400160005000a0000000000e000e218d1ddf66ed538f2523a58", 0x78, 0x24040800, 0x0, 0x0) 30.590348609s ago: executing program 1 (id=184): r0 = socket(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000080)="7800e00018002507b9409b14ffff00000204be04020506050e020409430009003f000c00100000000d0085a168d0bf46d32345653600648d0a00120002000a0000005ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000400160005000a0000000000e000e218d1ddf66ed538f2523a58", 0x78, 0x24040800, 0x0, 0x0) 23.587014989s ago: executing program 1 (id=184): r0 = socket(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000080)="7800e00018002507b9409b14ffff00000204be04020506050e020409430009003f000c00100000000d0085a168d0bf46d32345653600648d0a00120002000a0000005ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000400160005000a0000000000e000e218d1ddf66ed538f2523a58", 0x78, 0x24040800, 0x0, 0x0) 16.293659634s ago: executing program 1 (id=184): r0 = socket(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000080)="7800e00018002507b9409b14ffff00000204be04020506050e020409430009003f000c00100000000d0085a168d0bf46d32345653600648d0a00120002000a0000005ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000400160005000a0000000000e000e218d1ddf66ed538f2523a58", 0x78, 0x24040800, 0x0, 0x0) 10.316994601s ago: executing program 1 (id=184): r0 = socket(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000080)="7800e00018002507b9409b14ffff00000204be04020506050e020409430009003f000c00100000000d0085a168d0bf46d32345653600648d0a00120002000a0000005ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000400160005000a0000000000e000e218d1ddf66ed538f2523a58", 0x78, 0x24040800, 0x0, 0x0) 4.898936973s ago: executing program 1 (id=184): r0 = socket(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000080)="7800e00018002507b9409b14ffff00000204be04020506050e020409430009003f000c00100000000d0085a168d0bf46d32345653600648d0a00120002000a0000005ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000400160005000a0000000000e000e218d1ddf66ed538f2523a58", 0x78, 0x24040800, 0x0, 0x0) 3.200146675s ago: executing program 0 (id=476): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRESHEX], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0xfffffffd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x5, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0xbd}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) r1 = socket$nl_audit(0x10, 0x3, 0x9) sendmmsg(r1, &(0x7f0000000d40)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000500)="fe", 0x1}], 0x1}}], 0x1, 0x40002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_triestat\x00') bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) pipe2(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r5, 0x407, 0x7ffffffe) ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000380)={0x2, r5}) socket$inet_tcp(0x2, 0x1, 0x0) r6 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000300)='source', &(0x7f00000000c0)='%(,:', 0x0) r7 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r7, &(0x7f0000000140)=[{&(0x7f00000000c0)="580000001500add427323b472545b4560a117fff0b0082001b59000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee0000000000000000020000", 0x56}, {&(0x7f0000000000)="abd9", 0x2}], 0x2) 2.450297941s ago: executing program 2 (id=488): syz_emit_ethernet(0x42, &(0x7f0000000180)={@local, @empty, @val, {@arp}}, 0x0) 2.380437469s ago: executing program 2 (id=490): r0 = socket(0x2, 0x1, 0x0) bind(r0, &(0x7f0000000000)=@in={0x10, 0x2}, 0x10) connect$inet(r0, &(0x7f0000000140)={0xf, 0x2}, 0x10) sendto(r0, &(0x7f0000001480)="1d77c57c16eb5158caed03d9c0f6dca317dffc1d3274f66f21ae7c59f1ee36dfd4937ea42fcc31cb20e43d2d855805008764d272582aaa8e01850752a4ef2bf19ce924bc6abfa885ce3bb82db3049521de0dca", 0x53, 0x4, &(0x7f0000000400)=@in6={0x1c, 0x1c}, 0x1c) 2.380143279s ago: executing program 3 (id=491): r0 = socket$inet6(0x1c, 0x2, 0x0) setsockopt(r0, 0x29, 0x40, &(0x7f0000000000)="77941fc7", 0x4) bind$inet6(r0, &(0x7f0000000040)={0x1c, 0x1c}, 0x1c) sendto(r0, 0x0, 0x0, 0x100, &(0x7f00000002c0)=@in6={0x1c, 0x1c, 0x3}, 0x1c) 2.379858316s ago: executing program 2 (id=492): r0 = socket$inet6_udp(0x1c, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x52, &(0x7f00000000c0)={0x5, {{0x1c, 0x1c}}, {{0xffc5, 0x1c, 0x1}}}, 0x108) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) setsockopt$inet6_group_source_req(r0, 0x29, 0x53, &(0x7f00000000c0)={0x5, {{0x1c, 0x1c}}, {{0x1c, 0x1c, 0x2}}}, 0x108) 2.272079425s ago: executing program 2 (id=493): socket(0x1b, 0x3, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000001340)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="14000000ffff000001"], 0x74, 0x88}, 0x20184) 2.27181235s ago: executing program 3 (id=494): syz_emit_ethernet(0x83, &(0x7f0000001880)={@random="cdbf0e000084", @remote, @val, {@ipv6}}, 0x0) 2.19889804s ago: executing program 3 (id=495): r0 = socket(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) r3 = socket(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r5) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[], 0x3c}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x2, 0x8}}]}}]}, 0x48}}, 0x0) 2.198519135s ago: executing program 0 (id=496): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x4842, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0x8000000000, 0x1, 0x1, 0x8, 0x4002004c5, 0x1000, 0x1, 0x0, 0x7, 0xe, 0x0, 0x6, 0x0, 0x49], 0xdddd1000, 0x1c7056}) ioctl$KVM_RUN(r2, 0xae80, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x0, 0x2172, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.197820681s ago: executing program 2 (id=497): mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000140)='./file1\x00') ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0xfffffffd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pipe(&(0x7f0000000280)) chdir(&(0x7f0000000280)='./file0\x00') creat(&(0x7f0000000300)='./bus\x00', 0x15d) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14103e, 0x0) r4 = open(&(0x7f0000000000)='./file0\x00', 0x143042, 0xfe) ftruncate(r4, 0x2008002) sendfile(r3, r4, 0x0, 0x80000001) 2.196007255s ago: executing program 0 (id=498): bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841880b2c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) syz_open_dev$radio(&(0x7f0000000100), 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd74) r2 = syz_io_uring_setup(0x917, &(0x7f0000000300)={0x0, 0x400, 0x1, 0x1000001, 0xf7fffffc}, &(0x7f0000000180)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, 0x0, 0x0, 0x4) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="c50a0000000000006113b800000000001800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r1, 0x0, &(0x7f0000000a80)={&(0x7f0000000240)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000380)=""/197, 0xc5}, {&(0x7f0000000480)=""/240, 0xf0}, {&(0x7f0000000580)=""/162, 0xa2}, {&(0x7f00000001c0)=""/56, 0x38}, {&(0x7f0000000640)=""/120, 0x78}, {&(0x7f0000000c00)=""/227, 0xe3}, {&(0x7f00000002c0)=""/27, 0x1b}, {&(0x7f0000000840)=""/155, 0x9b}, {&(0x7f0000000900)=""/133, 0x85}], 0x9, &(0x7f0000000ac0)=""/16, 0x10}, 0x0, 0x140, 0x0, {0x1, r5}}) io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0) r6 = io_uring_setup(0x54a0, &(0x7f0000000000)={0x0, 0x70e5, 0x2, 0x2, 0xf2}) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r6, 0x13, &(0x7f0000000080)=[0x5, 0xa22], 0x2) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r7, 0x400448cb, 0x0) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r9 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000049c0)={0x3, 0x2e, &(0x7f0000000e80)=ANY=[@ANYBLOB="180000000000008000000000f8ffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b70300000000ec2464f1027dd5ff00008500000083000000bf09000000000000550901000000000095000000000000008520000005000000183b000003000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB, @ANYRES32=r1, @ANYBLOB="00000000fcffffff1801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000002000000850000000600000006580600000800001800000099000000000000000300000018340000040000000000000000000000182a0000", @ANYRES32=r1, @ANYBLOB="000000000b00000018400000020000000000000000000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x45057bf4ccb05c67, 0x24, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r10, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) write$dsp(r9, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) ioctl$SNDCTL_DSP_SETFMT(r9, 0x40045010, &(0x7f0000000300)=0x3) ioctl$SNDCTL_DSP_RESET(r9, 0x5000, 0x0) bind$bt_hci(r8, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(r8, &(0x7f0000000040)="05000000010000", 0x7) 2.129951819s ago: executing program 3 (id=499): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) r4 = socket$key(0xf, 0x3, 0x2) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0207a20802"], 0x10}}, 0x0) close(r5) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000380)=ANY=[@ANYBLOB="8400000010000305000000040000000000000000", @ANYRES32=0x0, @ANYBLOB="1546010000000000540012800c0001006d6163766c616e0044000280060002000100000008000100010000000800030003000000080007000500000008000100100000000600020001000000100009800a000400aaaaaaaaaa2e000008000500", @ANYRES32=r1], 0x84}}, 0x20008040) r6 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0) r8 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r8, 0x4c0a, &(0x7f0000000440)={r7, 0x0, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78b39843d601010000000000080d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c18e8438ef2a565ef1e83323695c58d66500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a1e77a68e174f000000000000000010e200"}}) ioctl$LOOP_CHANGE_FD(r8, 0x4c06, r7) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000084000000060a010400000000000000000100000008000b40000000005c0004802c000180090001007866726d000000001c0002800800024000000004050003000000000008000140000000092c00018008000100636d7000200002800c00038005000100ac000000080001400059000c08000240000000030900010073797a30"], 0xf8}}, 0x0) sendmmsg(r4, &(0x7f0000000d40)=[{{&(0x7f0000000300)=@xdp={0x2c, 0xd, r1, 0x19}, 0x80, &(0x7f0000000b00)=[{&(0x7f0000001180)="58fe976078c81eda2fa5fa6eabc4c198700c6efcee48f76fe6fa4ec455005f12c12431b7300bf3fb121d8b6fb819c0c769e9b63c92b3f4f9d908c7484920aa4af543e59dbc3e05f5e7f7ed71d7b303512f28022ef9863c7652007f668d58f0ccf5e4d41e2813b7f6a71aa1b434aad9951e6185f25f7c9f8e4ee7b41b6b028768a809920e99da40811dab321998b0a6de94b45d95606bade1057b20338f44c63021af5f45471684e294fb9de73d3a39165970a4cd4e82a4ef0714774d8761b41dfe8133116f3a078a015cf015d54cfc0eae801f8ecc8dafec35a3ecaf9b905cd2f36e55506008c57d262e64f2ea0041e4d74b870a867a493342618a8549e56fc9dbbedd66c3b548f0656b9a7438f9d570d7d68662409ea0f2a10be2c444ea5119fe97e87bd54c1a61959699dee11a69c53d266e1db3c045e9042ab5d486f89f7428add009b5fce178938cfa5cf720add8d54bc9cbab45eff8e1f71fa26d2cf7cd4faf30d90c0b461c08686ca4ce673920996b9318b541a5d39bc068368cfbf2798187c1c7990c82f5605808164ce1f821200a3e3a08ab185593029a1b14db308af303301c270d1de5ff5d902179a996344c88f8700283b147f2aa94bab2e6f4ad87a7cec3e1bb75b8e0f07d8a0b75d63b063e16adbd3bcade6a172cf265a31a571eb9686b18404f16f113e00b4d7791d8aa2d72796b29f0aebd87f9d4493595e2c5a110a89b87b00fcee34f070f141bb0d2d43681ab78951bda43ad97d0748452d1dd894d9902bdded16d50eb56e9951c40d9f4b53e2d23f93ee2e75e2c0a686f6b8d5f1c896be0f741da09c265d870288f7c0d2664dbe7eb0a072320d8796e06d66cab4194c9201e9edb66ca672fc567dabeac1e21037b2d16562cc1a52e79fb44ca23c323a93db8f0262f20504cc35b6238c3547b8d055bfe28a05236f72cee6506a8fa780da1ff4d807371cf182d5fb3f63129a264836fe57ec31e7969768c1821a62183ba7a5962935ec8648b7b130e0c992d408049c4a0940be88c93de7f44984cb087febde8899d30c4a20b81ae0b7c4fc9d6c62155911146704f14a7b2880972b990f00b85a95b6e360e824cee52696e5f2b3f76b7234530d768c3321a3205e5a6bbb2039778cb5882e3cc8332d3f16c56da48eef382be1deb7bb2bb898b952a55be04ab4928a3d5d25e6eef3fbaf297e597d39e2358cc6053a8d4a14be66de3d0dcaccc4c57a47b5c1aade945dc5cceece034bcc12980a0abb4b848c3fec239826b3c6510c4b0350edc0ff3b721b2e7d684689241e3a5fbb519f0c1ec08324179515c0599e8f8859772e4cf01392ed1533f670683f76c22e19ec6e67d0fe4cf3e35e9818bd752239285b38a0ff8ab395c62298d1519cbcaeac35705fd9ad0d4323ac276a91da8aa58ca85b5fe8a83d2545c9f5350eb24b845a0d39674b23c9876d6f3ac20b22232c019e648f43a8179753d4137fd303d15201c032fd396202d501aa1f857a8a1d03b4c3ffe385949b2a3e186916daea4bdbe25fe24a1ec3b5d85962a5edf0662c96b620c8b65b6fe0f957fafb269d021771e08f450b4e0cb9b336d47e26c06a8d46f68c48573201dee8e4872c8a690043c4cd19f00bb2365aa67ee9d128d2f796cf6944ad5889df37878b08e36a3f3ac0e6119447e5f4480cf71416560d41ced68608e8a1850691559a655384810a00c195d11e0eaa56de570651c5f85a55f5e368910632ec03bbb03f041b01798e20413c9c0ffaecfd91b6f5c05a0e27e3b49eb1a3787b267355e244fbf401e74d2befae14ff6731a05327e4a62fd9fa0d15f95885ece324a6be3653bdb5963919f7540ac2a8f726115e1a2fd2fb79a9a918f057aab98163edf2f4e6dd1636599ebb48a5ccf2abf43d0a5f93aa19f6f1b0adf6960c9a7ad301e3b04334cb77ff0f04dd2187f0abf136f28b79f868b345cc43f5886a054e3a31d4f2ac673e3fe06b2367f3c339bdfb77905c3aa414b094071e9861f1954d1d3ac8fbb85b0dc90944b4d64e8a94fd3601ec848377c5bd85e46c87e6dd008833951dc656644e088b9a17d4111352fd5ffbd4ce6365222859fb51c69340bfa26c7023bd1509ad821af25ff09eb4259262d83743e6e2ca7c0db481713f0d8b3b6cf82c1f2f4c598e1c52337ff050af873bb9a77d876acc5d9076c57566cc61ef7ac49d686bdb16880970df440334f444b422e3a219b255ce53ae3c307c65fb49e6a0c4e3d0527bcccb4655b7ac9d1b096b10eb4628930470d8342960c54e2842949c7a3fa56d9f5ef5a3fc3250933601b5f6cb7b2db27f8d83113230debfec8fef995e99ef4e1bd896599da5f7489d02879c44a9f45676c3ba7a78272cc7b32d438002ca9a431d3b9b8e52fa7ac1e3df6be0f091451af0fbb96f715b9c7f534b5895e2e5ec7e62fc4a980bee6866220bc6405ed0fd2ad274d8e6175eca9d6baa3f61cacdb2fa91bc915a3f1683ad30bb6492daca3bfedac66512892f59e3617e2c420fbeceefd624ab48757792c345713fb505132345a256cfeb38c978d8f2348dcd1f41d2daef4d67a1385b5674db0c46592b93ca21d370de0f5437e51967d0486fe322b634b3cf4c73ff78cc8c50e8478867cab43a5093a08fd5175b1508418cb0f330322c94ebbdf413c785c4b559f2e7c45ed5c537996c1b9d54b83d766aa8743d2f38d348a8978a754cf377b702913da37e7cdab7c581af49f540b0da00e08a913b870a8cd05265b31df41f73a75a5defa674b44a0efc4974e8f7153cb6e14f9143d60092e00ace4c92d38d1b44825b216cde4521b8b89e8d84487db46c4dab42fb482b6ac2dffc5e1b12045b5721dfcdf561d7bb25c3afe2a11818ea5df63d8e831549c7e41b29f8d7a9eee0978018c68326949d6c1917c06c44934b89165d7b6b87714e2de0d7bf49dccbc65220629b72b705034938b967db9c0627378c6a0630ad67b3ee633dfff2fc0aabdaa87fa3ca1570b0c183cdf52e7657b7bde0639787170db87cf5e3ffc5680a9c43fb343e7a9afe8a256273798a93e7a4302e90502039fc5d410a3b5fa099bc822a8d8c1646d18e91ac56c3baf1a2fec1adb3662183d0e897830be756e6825bca3511dbc0c9ce8b8b65047bd6786c1c621843d48d850414033fa2f87bd58c3d16f2bdbccabef6558e16013d0f1b52c01cfaddd0e510bafa1dc802563474dcd5703bf892454741beff253d58237ad2d521aee7349a58488f0346b416aa6d62fbf8563ee6ded3ae063571538c758556fd3a493d72fea3019980e7f414f638d276af11c9652e688659e61713f82689e7387605b3eb304e6d48b1949367cfeb78dcc19bca5724423f783e1900fc5d59e65d88c81cb83e72a9fba56c09f93587e1bbd8e762e576caccb96478682ead789e5a3f2a010a8601558a3be1c6aadec00f7ef3fa895a242a520d6d2b406e7334ba019cda9a60becc8b955dee20464c877df3d709262b20d5be217c4802d0feb1fb9aad56f6151bf2e65377396928435c4d217665000823634a4bad7f4b404d34030297bf66eadbf3924efe25908679f29319d2ae38815f51eb62bfaf674c4b7535a6d660c699cdcc51de9f419af076179a568c8bfcc6db0f0c828dff80290fa172afb2e995c02aa4e440f6404f902f49126231bc946edfdce83342497681a93ea696d2ecbd1c606693f12cc6137213488e329f97d571d0a216187e75448618e804632ac7c958ea398c075c5932f9d40748c6f508d0e34b65173757be73da658a1b3d44ef34ee410e4c1ae7455017688a4464ac5f9c9c7d3d0668c3749b2e767ac626a670549f8ac19205fbd06940617f4f55ec355a4e2ac44d4c56d1bc1574b2ef35b1b76cbda247e376ae623c029666cc97de988b248fb6f16078d9bcd2a2e733f151a4f560385d5f979ca7baaae0e6e0953d254b8d31ad7233eb44f95b781ce154b786045a15204a82f5bb86ce32cdd0ffebf84c87538c57dd43a3cd6178d2340c6ec0508a4bef131fc230f80bfe9bde89926096508f10fa7257077d4eab72192f6d1f8d897f9ac705fb449faaf6761426d2db7ef253b22583166a1e36ecf62dafd176dc7fca1921296f229beee37bd40cb959ae983c884fc188afe5b87f2b047300328bcf864cfea81f5bd37a033800ba4f0e546356d7683221fb4d86a14fc2ba7a604acceaea75b7fd66ec6b19ef4797b270c788e1ca49d01efcccc69a47dcc81e08fd88b0c4bfe2a860dae19d667eb82d249ce3787ef157ff0680d98b34b10bb1efa30125e5313d424f748b92a25627ebeaff298a8a5accc2dd162ddfaaf87d6fc795fa49cd42c0120b9b35d2f610c85ddda1353fd341b6db089c85702e687e46e20d588a39dfcf16accc00cdb603aa617ed873ed963ac08f1d713530019e7639095b6254115ff897f78df7413e8bebcd95a0dceb6afd76a56290db203c2cfa9799654ccea590c4d4a15a844e774caa2bde3db77ed6abbf28ff5bab80561b96f65f29d94d10c93601c8400501818d362f94916b9c6e8030e195dd8cb8b9ced3a6fc2ac4c9eac884f8456d60cf3f7252524fd21b7ef102f43d31ecf5432e52625f8bd9a1c27dc1a62951e6a0cdd30ec1d0feec38edd80c07a12c3b307bb893b3a76202dde1b489d8ad4f2df953cfa96d5b5e8c104e3c4df4a1ed6dfaf668d90ca8407a89fb1c8046ad3c1d77ad2ef0d4b2ba05b0be970999a1ce210ff8b22bc27fba8b537d2349f029071b22ec4cc64716d2169d0f7baa58a8c37f7ee801a7554f66df00d14d3dc76839b8622c10a6cbab84868d1fc6454b3d9143061432934361d1ffb5fd25edf3323c20d3a9012c18e2d410b8c92682d4689212c3667283bb7a8c58899691e66de010fb5a376eefbe078cbfb8fa4783203d8f16fb871ab0fa55ad1e10f663748b858140d402ccd091bf25fe7e76ff7deeff067c5a56ecef53c92ecfac34901a7216d920d061273b0bcc0e14063a023f5a561f0a65cbc2460ef45cbe6285ec702b6384964e788c72e2c1fbc559b549f6bbd3ead5cf39267a13dda62b670ac3e44b5b9e4887da4df09b8d6fc95c5444ecaf4369f2b7bf79e71edda042c6857e79a20a7cbfce66777a48f71cae03d26e7b48f6b9d09667ad487826b9d33c8240b8ec982d5f02214e3983304e80599b3c09f0947e67980d148e1683317ec04a52965756d8d725fc24fae11113073f894eecb8fbceb1a0f2118f72fae03c9af298e5997134a2d0796a2ce52a42f0361fc152757b61562b6bc5e518b752ff03ca5a302b27cb76583a12f68e9ff68a097bf3ea29ee266c71002fb7683b1462cd2407b45290499acad193970b2206d64e82d05f43616274b1268cbe215af5e761170338411296140be7590865a395b85ad1061d61b131014ef8475029defcc09f448ddeeef1414ba50ebb78dc53afc19a681db8217d48839bb62cb0501757118bca15eb16012a1ac08abe3bc80db9d9309e81862ace35ad3b770a3b11baf9fa8fc85c47188814a33456011aa3d6b2da2178c0455ada0618557b0a4ad1d3bac87b661b82b72cb1f604b70df940d088f23d5743fc382577e8dfd827f77aabac768462d33f05b006f19dedc8589645017d4c169cf19e5cf0b39ad220cf7c5bf953d1834d88cabf23d3724c029180ad3dd00eda1f957dbc6ac19a8acd5668508fbc872f59e72c561efa15722c489a4c4bdd3be3a6ec2ce4a31cf14d554f01878a807cd0794e3f546cbcbc10163ac5be1aaed1b8aa2375c02991ab26a8436e12c1a6bece5591a2f30205041bc8d90f4fdd6b3", 0x1000}, {&(0x7f0000000100)="ccdf57d9ba291ee0f41fb235bf63a828fcefa9e18f4b2f1387c5e3b5d4b9e096041250b9fd69", 0x26}, {&(0x7f0000000a00)="014cc2c5f1d1ebce9bf647425b7f9ed0d1d7053afd9bf181b036de3dc5ad014e849f229e4e55d0ba0f9228df2936ba5c8319d071cc052cac6212f69a58eae1cc6e1134f77abd0f5f6b4d5364f474270ee8749a048f2ee1c35cf90ad694b36408f50284dff8ccf8989bbbc02e4d90bb40fbadc42ef0d8d4e2d4916cbd096da1914c21c0e2a616076fc568380bdcf85ae677b67cf45c60c12e2fb07cffc2701af438a78e6cfd4d9405d518783965b7a4a795487b0a04e32eeb990aa881882053ee218ad1e693bf8c54b314671cbbe1d26d364acc", 0xd3}, {&(0x7f0000000400)="87f7fd95f730533c3310423b29a9f4f43150d0780487d3628f93148d161eed689c5f1317f4f4f7171129", 0x2a}], 0x4, &(0x7f0000000b40)=[{0xc0, 0x1, 0x200000, "660c5dd270d653a706e1ac0a36c6d1813cbf9de1fa82da8ae195c5f02e297d3ac78980b9c81f29d8e88e97cbe442f43bbbd2f4328d132ab68cbf03beff463ba662a80ca53ee09220bc43c6200bd5982642be881c978a53a06a45a62d4f36a55da17322a49b6cfd22a538fd4017def13dd87ba7357b90a80447aef3f2b72de801ae9adb459657e5da89c643f5368d5b6f04a13e1ec22190511d2f9fca5bdb48fa7e45507c4fd5cc667ad4e051255b72ae69662b86"}, {0x50, 0x108, 0x8, "b1395dc2ff8bbe888c16681b602e10c89147577631123ea7c99c4c59ec374f5318c6d7d5ff0ee7e462b6009b0247185c2852a70bbd94e325814c91a5dfe3b6f55bc3"}, {0xb8, 0x11, 0x1, "c78e43e2f730959326c9be552f6ed63701fd4bf35461763996505ae6a9a669396f80194c09715a79bf401d714826c89270271713557c019f88c9eb6daa2fc8dc7800282c520fa7ae6ad2960fcb61bcb28b087b8a7368f719c4c319337bd451a024e4f2fd38f3e14195c1f3f13db7313761dc694d994ec1f24c180181bc556659a58e4aa10fb470c0cfd2bf54664545d619a8eaabb46a58783c43aef10354ad1639755e0e3f50ef81ca2f75"}, {0xc, 0x119, 0x1b}], 0x1d4}}], 0x1, 0x48f4) r10 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r10, 0x3312, 0xd5) preadv(r6, &(0x7f0000000140)=[{&(0x7f00000004c0)=""/152, 0x98}, {&(0x7f0000000580)=""/142, 0x8e}, {&(0x7f0000000100)}, {&(0x7f0000000640)=""/254, 0xfe}, {&(0x7f0000000740)=""/240, 0xf0}], 0x5, 0xb3, 0x3) open(&(0x7f0000000040)='./bus\x00', 0x1ed37e, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r11, 0x89e0, 0x0) ptrace(0x10, 0x0) cachestat(r9, &(0x7f0000000840)={0x800, 0x1}, &(0x7f0000000880), 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x3, &(0x7f00000008c0)) ptrace$getregset(0x13, 0x0, 0x1, &(0x7f0000000080)={0x0}) 1.262914224s ago: executing program 2 (id=500): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841880b2c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) syz_open_dev$radio(&(0x7f0000000100), 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd74) r3 = syz_io_uring_setup(0x917, &(0x7f0000000300)={0x0, 0x400, 0x1, 0x1000001, 0xf7fffffc}, &(0x7f0000000180)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, 0x0, 0x0, 0x4) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="c50a0000000000006113b800000000001800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r2, 0x0, &(0x7f0000000a80)={&(0x7f0000000240)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000380)=""/197, 0xc5}, {&(0x7f0000000480)=""/240, 0xf0}, {&(0x7f0000000580)=""/162, 0xa2}, {&(0x7f00000001c0)=""/56, 0x38}, {&(0x7f0000000640)=""/120, 0x78}, {&(0x7f0000000c00)=""/227, 0xe3}, {&(0x7f00000002c0)=""/27, 0x1b}, {&(0x7f0000000840)=""/155, 0x9b}, {&(0x7f0000000900)=""/133, 0x85}], 0x9, &(0x7f0000000ac0)=""/16, 0x10}, 0x0, 0x140, 0x0, {0x1, r6}}) io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(0xffffffffffffffff, 0x13, &(0x7f0000000080)=[0x5, 0xa22], 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r7, 0x400448cb, 0x0) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r9 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000049c0)={0x3, 0x2e, &(0x7f0000000e80)=ANY=[@ANYBLOB="180000000000008000000000f8ffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b70300000000ec2464f1027dd5ff00008500000083000000bf09000000000000550901000000000095000000000000008520000005000000183b000003000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB, @ANYRES32=r2, @ANYBLOB="00000000fcffffff1801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000002000000850000000600000006580600000800001800000099000000000000000300000018340000040000000000000000000000182a0000", @ANYRES32=r2, @ANYBLOB="000000000b00000018400000020000000000000000000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x45057bf4ccb05c67, 0x24, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r10, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) write$dsp(r9, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) ioctl$SNDCTL_DSP_SETFMT(r9, 0x40045010, &(0x7f0000000300)=0x3) ioctl$SNDCTL_DSP_RESET(r9, 0x5000, 0x0) bind$bt_hci(r8, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(r8, &(0x7f0000000040)="05000000010000", 0x7) 1.150942884s ago: executing program 0 (id=501): mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000140)='./file1\x00') ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0xfffffffd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pipe(&(0x7f0000000280)) chdir(&(0x7f0000000280)='./file0\x00') creat(&(0x7f0000000300)='./bus\x00', 0x15d) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14103e, 0x0) r4 = open(&(0x7f0000000000)='./file0\x00', 0x143042, 0xfe) ftruncate(r4, 0x2008002) sendfile(r3, r4, 0x0, 0x80000001) 1.13231797s ago: executing program 3 (id=502): capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000280)={0x10000, 0x0, 0x0, 0x81, 0xffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32=0x1, @ANYBLOB="060000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="03000000000000000300"/25], 0x50) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0xa282) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000440)={0x4c, 0x2, 0x6, 0x201, 0x0, 0x0, {0x6, 0x0, 0x2}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x4c}}, 0x8000) sendmsg$IPSET_CMD_FLUSH(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, 0x4, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x800) fcntl$setstatus(r1, 0x4, 0x0) ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r1, 0x8982, &(0x7f0000000300)={0x3, 'geneve1\x00', {}, 0x4}) r3 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r3, &(0x7f0000000080)={0x20000003}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) io_uring_enter(r3, 0x627, 0xc1040000, 0x43, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={0x1}, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480)=0xffffffffffffffff, 0x4) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) write$qrtrtun(0xffffffffffffffff, 0x0, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000003af10000000000000002000000000000000000000caa3afd597f6300cedc89b8e8d9e5a71123d6aeb2a1a57f3e0e11c287715dc2222b0b3b63fec6201fe7afe2dd3a0e7f171a0026cc2bde27c6a638e278286ca4258c80f52747c2d60be364f70ec83f14b48b619bb016ca"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES32=r6, @ANYBLOB], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x22000) 204.205848ms ago: executing program 0 (id=503): r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r0, &(0x7f0000000140)="932db3348a9e", 0xf5) 194.23797ms ago: executing program 3 (id=504): syz_open_dev$sndctrl(0x0, 0x0, 0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) close(0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, 0x0, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000040)={'gretap0\x00', &(0x7f00000000c0)={'tunl0\x00', 0x0, 0x1, 0x8, 0xfffffffa, 0xbc4a, {{0xe, 0x4, 0x3, 0x33, 0x38, 0x66, 0x0, 0xc0, 0x29, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, {[@timestamp_addr={0x44, 0x24, 0xb5, 0x1, 0x1, [{@rand_addr=0x64010102, 0x5}, {@private=0xa010101, 0x10000}, {@dev={0xac, 0x14, 0x14, 0x2b}, 0x3}, {@loopback, 0x6}]}]}}}}}) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, r2, 0x1, 0x70bd2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r3}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}}, 0x48d1) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r4) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r4, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r5, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0100000000000000000002000000140001800500020001"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094) 0s ago: executing program 0 (id=505): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRESHEX], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0xfffffffd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x5, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0xbd}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) r1 = socket$nl_audit(0x10, 0x3, 0x9) sendmmsg(r1, &(0x7f0000000d40)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000500)="fe", 0x1}], 0x1}}], 0x1, 0x40002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_triestat\x00') bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) pipe2(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r5, 0x407, 0x7ffffffe) ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000380)={0x2, r5}) socket$inet_tcp(0x2, 0x1, 0x0) r6 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000300)='source', &(0x7f00000000c0)='%(,:', 0x0) r7 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r7, &(0x7f0000000140)=[{&(0x7f00000000c0)="580000001500add427323b472545b4560a117fff0b0082001b59000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee0000000000000000020000", 0x56}, {&(0x7f0000000000)="abd9", 0x2}], 0x2) kernel console output (not intermixed with test programs): .264380][ T40] audit: type=1326 audit(1744856602.407:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7037 comm="syz.3.261" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f36598 code=0x7ffc0000 [ 93.471467][ T59] libceph: connect (1)[c::]:6789 error -101 [ 93.477183][ T59] libceph: mon0 (1)[c::]:6789 connect error [ 93.544264][ T7035] chnl_net:caif_netlink_parms(): no params data found [ 93.652345][ T7035] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.654684][ T7035] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.659562][ T7057] fuse: Bad value for 'user_id' [ 93.662238][ T7057] fuse: Bad value for 'user_id' [ 93.662862][ T7035] bridge_slave_0: entered allmulticast mode [ 93.667231][ T7035] bridge_slave_0: entered promiscuous mode [ 93.670459][ T7035] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.672667][ T7035] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.674855][ T7035] bridge_slave_1: entered allmulticast mode [ 93.678052][ T7035] bridge_slave_1: entered promiscuous mode [ 93.712107][ T7061] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 93.715844][ T7061] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 93.773718][ T7035] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.780579][ T7035] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.817633][ T7035] team0: Port device team_slave_0 added [ 93.821249][ T7035] team0: Port device team_slave_1 added [ 93.838981][ T7039] ceph: No mds server is up or the cluster is laggy [ 93.844687][ T59] libceph: connect (1)[c::]:6789 error -101 [ 93.847115][ T59] libceph: mon0 (1)[c::]:6789 connect error [ 93.876740][ T7035] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.879669][ T7035] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.894370][ T7035] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.898824][ T7035] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.901343][ T7035] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.909503][ T7035] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.971882][ T7035] hsr_slave_0: entered promiscuous mode [ 93.974171][ T7035] hsr_slave_1: entered promiscuous mode [ 93.980412][ T7035] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.982833][ T7035] Cannot create hsr debugfs directory [ 94.016352][ T7066] dccp_invalid_packet: P.Data Offset(100) too large [ 94.133585][ T7035] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.137992][ T7069] dccp_invalid_packet: P.Data Offset(100) too large [ 94.272539][ T7035] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.340239][ T7035] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.415627][ T7035] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.453826][ T7075] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 7075 comm: syz.2.269) [ 94.542883][ T7035] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.550930][ T7035] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.564565][ T7035] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.570335][ T7035] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.618264][ T7035] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.630935][ T7035] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.637309][ T96] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.640135][ T96] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.649783][ T96] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.652544][ T96] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.677650][ T7079] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 94.681506][ T7079] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 94.799275][ T7035] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.840587][ T7035] veth0_vlan: entered promiscuous mode [ 94.845568][ T7035] veth1_vlan: entered promiscuous mode [ 94.866153][ T7035] veth0_macvtap: entered promiscuous mode [ 94.870264][ T7035] veth1_macvtap: entered promiscuous mode [ 94.882053][ T7035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.887377][ T7035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.891394][ T7035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.895535][ T7035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.899650][ T7035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.903855][ T7035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.907881][ T7035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.912450][ T7035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.918306][ T7035] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.927013][ T7035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.931446][ T7035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.939108][ T7035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.942361][ T7035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.955136][ T7035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.959734][ T7035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.964422][ T7035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.970102][ T7035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.977178][ T7035] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.985476][ T7035] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.989817][ T7035] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.993519][ T7035] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.997173][ T7035] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.063163][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.069028][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.103079][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.109285][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.168445][ T7092] Bluetooth: MGMT ver 1.23 [ 95.171990][ T7090] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 95.521045][ T7102] dccp_invalid_packet: P.Data Offset(100) too large [ 95.632686][ T7105] netlink: 8 bytes leftover after parsing attributes in process `syz.2.276'. [ 95.635448][ T7105] netlink: 4 bytes leftover after parsing attributes in process `syz.2.276'. [ 95.642785][ T7105] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 95.645447][ T7105] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 95.648250][ T7105] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 95.650839][ T7105] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 95.844833][ T7120] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 95.848155][ T7120] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 96.077478][ T7124] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 96.085594][ T7124] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 96.521218][ T7135] netlink: 4 bytes leftover after parsing attributes in process `syz.2.285'. [ 96.524722][ T7135] netlink: 12 bytes leftover after parsing attributes in process `syz.2.285'. [ 96.557045][ T77] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 96.730221][ T77] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 96.733601][ T77] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 96.736797][ T77] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 96.744359][ T77] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 96.750035][ T77] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.752515][ T77] usb 8-1: Product: syz [ 96.753736][ T77] usb 8-1: Manufacturer: syz [ 96.755432][ T77] usb 8-1: SerialNumber: syz [ 96.968310][ T77] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 7 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 97.208740][ T836] usb 8-1: USB disconnect, device number 7 [ 97.216096][ T5962] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 97.218783][ T836] usblp0: removed [ 97.342845][ T7155] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 97.346356][ T7155] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 97.777744][ T7168] netlink: 'syz.3.295': attribute type 1 has an invalid length. [ 97.780863][ T7168] netlink: 220 bytes leftover after parsing attributes in process `syz.3.295'. [ 97.949404][ T59] hid-generic 0005:16C0:5505.0003: unknown main item tag 0x0 [ 97.960436][ T59] hid-generic 0005:16C0:5505.0003: unknown main item tag 0x0 [ 97.962883][ T59] hid-generic 0005:16C0:5505.0003: unknown main item tag 0x0 [ 97.965469][ T59] hid-generic 0005:16C0:5505.0003: unknown main item tag 0x0 [ 97.996996][ T59] hid-generic 0005:16C0:5505.0003: unknown main item tag 0x0 [ 98.001295][ T59] hid-generic 0005:16C0:5505.0003: unknown main item tag 0x0 [ 98.005459][ T59] hid-generic 0005:16C0:5505.0003: unknown main item tag 0x3 [ 98.138659][ T59] hid-generic 0005:16C0:5505.0003: hidraw1: BLUETOOTH HID v0.8b Device [syz0] on aa:aa:aa:aa:aa:aa [ 99.651504][ T7206] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 99.655305][ T7206] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 99.721635][ T5953] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 99.731082][ T5953] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 99.738613][ T5953] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 99.748636][ T5953] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 99.752639][ T5953] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 99.879715][ T7213] Bluetooth: MGMT ver 1.23 [ 99.882194][ T7209] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 100.059619][ T7208] chnl_net:caif_netlink_parms(): no params data found [ 100.237604][ T7208] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.242468][ T7208] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.249380][ T7208] bridge_slave_0: entered allmulticast mode [ 100.253061][ T7208] bridge_slave_0: entered promiscuous mode [ 100.257231][ T7208] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.259971][ T7208] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.262491][ T7208] bridge_slave_1: entered allmulticast mode [ 100.265594][ T7208] bridge_slave_1: entered promiscuous mode [ 100.324730][ T7208] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.341288][ T7208] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.399444][ T7208] team0: Port device team_slave_0 added [ 100.405810][ T7208] team0: Port device team_slave_1 added [ 100.545210][ T7208] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.549598][ T7208] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.565504][ T7208] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.572399][ T7208] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.575506][ T7208] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.588198][ T7208] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.717692][ T7208] hsr_slave_0: entered promiscuous mode [ 100.720933][ T7208] hsr_slave_1: entered promiscuous mode [ 100.724009][ T7208] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 100.728581][ T7208] Cannot create hsr debugfs directory [ 100.746462][ T34] usb 5-1: new low-speed USB device number 9 using dummy_hcd [ 100.753504][ T7230] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 100.876673][ T7208] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.897826][ T34] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 100.901418][ T34] usb 5-1: config 0 has no interface number 0 [ 100.903686][ T34] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 100.907671][ T34] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 100.911535][ T34] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 100.916332][ T34] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 100.922511][ T34] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 100.933179][ T34] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 100.938743][ T34] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 100.941927][ T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.948893][ T34] usb 5-1: config 0 descriptor?? [ 100.951673][ T7221] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 100.954635][ T7221] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 100.960419][ T34] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 100.991691][ T7208] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.069537][ T7208] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.143529][ T7208] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.262756][ T7208] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 101.268165][ T7208] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 101.273980][ T7208] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 101.280967][ T7208] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 101.347753][ T7208] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.363836][ T7208] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.374261][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.376947][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.386797][ T96] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.389444][ T96] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.518793][ T7249] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 101.523176][ T7208] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.525450][ T7249] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 101.558165][ T7208] veth0_vlan: entered promiscuous mode [ 101.563138][ T7208] veth1_vlan: entered promiscuous mode [ 101.578690][ T7208] veth0_macvtap: entered promiscuous mode [ 101.582720][ T7208] veth1_macvtap: entered promiscuous mode [ 101.591533][ T7208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 101.595481][ T7208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.600324][ T7208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 101.604102][ T7208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.608535][ T7208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 101.611856][ T7208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.614989][ T7208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 101.618643][ T7208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.622370][ T7208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 101.625672][ T7208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.629606][ T7208] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.636575][ T7208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 101.639883][ T7208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.643071][ T7208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 101.646800][ T7208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.649931][ T7208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 101.653670][ T7208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.657262][ T7208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 101.660461][ T7208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.663581][ T7208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 101.667380][ T7208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.671232][ T7208] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.676913][ T7208] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.679629][ T7208] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.682809][ T7208] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.685408][ T7208] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.738396][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.740921][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.742057][ T34] usb 5-1: USB disconnect, device number 9 [ 101.758208][ T34] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 101.764953][ T96] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.768336][ T96] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.837439][ T40] kauditd_printk_skb: 1227 callbacks suppressed [ 101.837456][ T40] audit: type=1804 audit(1744856611.117:1756): pid=7256 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.312" name="/newroot/101/file0" dev="tmpfs" ino=559 res=1 errno=0 [ 101.859234][ T7256] ref_ctr_offset mismatch. inode: 0x22f offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xa [ 101.907056][ T7259] netlink: 'syz.2.312': attribute type 1 has an invalid length. [ 101.910177][ T7259] netlink: 240 bytes leftover after parsing attributes in process `syz.2.312'. [ 101.926237][ T5953] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 102.396032][ T34] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 102.554999][ T34] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 102.559710][ T34] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 102.563721][ T34] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 102.573216][ T34] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 102.576998][ T34] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.579574][ T34] usb 8-1: Product: syz [ 102.580929][ T34] usb 8-1: Manufacturer: syz [ 102.582472][ T34] usb 8-1: SerialNumber: syz [ 102.671569][ T7270] FAULT_INJECTION: forcing a failure. [ 102.671569][ T7270] name failslab, interval 1, probability 0, space 0, times 0 [ 102.675522][ T7270] CPU: 3 UID: 0 PID: 7270 Comm: syz.0.318 Not tainted 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 PREEMPT(full) [ 102.675540][ T7270] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 102.675547][ T7270] Call Trace: [ 102.675551][ T7270] [ 102.675557][ T7270] dump_stack_lvl+0x16c/0x1f0 [ 102.675577][ T7270] should_fail_ex+0x512/0x640 [ 102.675591][ T7270] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 102.675609][ T7270] should_failslab+0xc2/0x120 [ 102.675632][ T7270] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 102.675648][ T7270] ? __alloc_skb+0x2b2/0x380 [ 102.675665][ T7270] __alloc_skb+0x2b2/0x380 [ 102.675678][ T7270] ? __pfx___alloc_skb+0x10/0x10 [ 102.675690][ T7270] ? __pfx___page_table_check_zero+0x10/0x10 [ 102.675709][ T7270] ? get_page_from_freelist+0x1173/0x39b0 [ 102.675728][ T7270] alloc_skb_with_frags+0xe0/0x860 [ 102.675744][ T7270] ? aa_label_sk_perm+0x19b/0x5a0 [ 102.675760][ T7270] sock_alloc_send_pskb+0x7fb/0x990 [ 102.675778][ T7270] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 102.675798][ T7270] unix_dgram_sendmsg+0x463/0x1910 [ 102.675814][ T7270] ? aa_sk_perm+0x2f4/0xb10 [ 102.675826][ T7270] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 102.675837][ T7270] ? __pfx_aa_sk_perm+0x10/0x10 [ 102.675850][ T7270] ? __import_iovec+0x1c8/0x660 [ 102.675867][ T7270] ____sys_sendmsg+0xa95/0xc70 [ 102.675878][ T7270] ? __pfx_____sys_sendmsg+0x10/0x10 [ 102.675888][ T7270] ? get_compat_msghdr+0x11a/0x170 [ 102.675903][ T7270] ? __pfx__kstrtoull+0x10/0x10 [ 102.675922][ T7270] ___sys_sendmsg+0x134/0x1d0 [ 102.675937][ T7270] ? __pfx____sys_sendmsg+0x10/0x10 [ 102.675958][ T7270] ? find_held_lock+0x2b/0x80 [ 102.675980][ T7270] __sys_sendmmsg+0x2f9/0x420 [ 102.675996][ T7270] ? __pfx___sys_sendmmsg+0x10/0x10 [ 102.676014][ T7270] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 102.676036][ T7270] ? fput+0x70/0xf0 [ 102.676047][ T7270] ? ksys_write+0x1b9/0x240 [ 102.676061][ T7270] ? __pfx_ksys_write+0x10/0x10 [ 102.676078][ T7270] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 102.676092][ T7270] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 102.676109][ T7270] __do_fast_syscall_32+0x73/0x120 [ 102.676126][ T7270] do_fast_syscall_32+0x32/0x80 [ 102.676142][ T7270] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 102.676155][ T7270] RIP: 0023:0xf7f24579 [ 102.676164][ T7270] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 102.676174][ T7270] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 102.676184][ T7270] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000 [ 102.676190][ T7270] RDX: 0000000000000041 RSI: 0000000000000000 RDI: 0000000000000000 [ 102.676196][ T7270] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 102.676202][ T7270] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 102.676208][ T7270] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 102.676221][ T7270] [ 102.798256][ T34] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 8 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 102.892080][ T7276] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 102.894862][ T7276] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 103.192321][ T34] usb 8-1: USB disconnect, device number 8 [ 103.199294][ T34] usblp0: removed [ 103.247578][ T7282] dccp_invalid_packet: P.Data Offset(100) too large [ 103.725994][ T34] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 103.875986][ T34] usb 5-1: Using ep0 maxpacket: 8 [ 104.496146][ T58] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 104.648744][ T58] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 104.653372][ T58] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 104.657311][ T58] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 104.665715][ T58] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 104.670212][ T58] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.673385][ T58] usb 8-1: Product: syz [ 104.675066][ T58] usb 8-1: Manufacturer: syz [ 104.677120][ T58] usb 8-1: SerialNumber: syz [ 104.890829][ T58] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 9 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 104.995632][ T7312] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 104.998438][ T7312] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 105.026442][ T5962] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 105.029562][ T5962] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 105.032572][ T5962] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 105.037053][ T5962] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 105.040659][ T5962] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 105.108803][ T58] usb 8-1: USB disconnect, device number 9 [ 105.135697][ T58] usblp0: removed [ 105.226249][ T7319] dccp_invalid_packet: P.Data Offset(100) too large [ 105.241004][ T7313] chnl_net:caif_netlink_parms(): no params data found [ 105.406626][ T40] audit: type=1326 audit(1744856614.677:1757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7326 comm="syz.2.334" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 105.413322][ T40] audit: type=1326 audit(1744856614.687:1758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7326 comm="syz.2.334" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 105.417782][ T7327] FAULT_INJECTION: forcing a failure. [ 105.417782][ T7327] name failslab, interval 1, probability 0, space 0, times 0 [ 105.422845][ T40] audit: type=1326 audit(1744856614.697:1759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7326 comm="syz.2.334" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 105.424923][ T7327] CPU: 2 UID: 0 PID: 7327 Comm: syz.2.334 Not tainted 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 PREEMPT(full) [ 105.424943][ T7327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 105.424950][ T7327] Call Trace: [ 105.424955][ T7327] [ 105.424960][ T7327] dump_stack_lvl+0x16c/0x1f0 [ 105.424982][ T7327] should_fail_ex+0x512/0x640 [ 105.424996][ T7327] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 105.425016][ T7327] should_failslab+0xc2/0x120 [ 105.425028][ T7327] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 105.425046][ T7327] ? audit_log_start+0x2c5/0x7f0 [ 105.425067][ T7327] audit_log_start+0x2c5/0x7f0 [ 105.425087][ T7327] ? __pfx_audit_log_start+0x10/0x10 [ 105.425109][ T7327] ? migrate_enable+0x1ed/0x260 [ 105.425124][ T7327] ? __pfx_migrate_enable+0x10/0x10 [ 105.425140][ T7327] audit_seccomp+0x60/0x290 [ 105.425158][ T7327] __seccomp_filter+0x7b6/0xea0 [ 105.425176][ T7327] ? __pfx___seccomp_filter+0x10/0x10 [ 105.425195][ T7327] ? fput+0x70/0xf0 [ 105.425206][ T7327] ? ksys_write+0x1b9/0x240 [ 105.425224][ T7327] __secure_computing+0x287/0x3b0 [ 105.425241][ T7327] syscall_trace_enter+0x89/0x260 [ 105.425256][ T7327] __do_fast_syscall_32+0xc2/0x120 [ 105.425277][ T7327] do_fast_syscall_32+0x32/0x80 [ 105.425294][ T7327] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 105.425309][ T7327] RIP: 0023:0xf7fc6579 [ 105.425319][ T7327] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 105.425336][ T7327] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 00000000000001b8 [ 105.425348][ T7327] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 105.425356][ T7327] RDX: 0000000000000000 RSI: 0000000000000019 RDI: 0000000000000000 [ 105.425362][ T7327] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 105.425369][ T7327] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 105.425376][ T7327] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 105.425390][ T7327] [ 105.425396][ T7327] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 105.431895][ T40] audit: type=1326 audit(1744856614.697:1760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7326 comm="syz.2.334" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 105.431922][ T40] audit: type=1326 audit(1744856614.697:1761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7326 comm="syz.2.334" exe="/syz-executor" sig=0 arch=40000003 syscall=434 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 105.431943][ T40] audit: type=1326 audit(1744856614.697:1762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7326 comm="syz.2.334" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 105.431964][ T40] audit: type=1326 audit(1744856614.697:1763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7326 comm="syz.2.334" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 105.431983][ T40] audit: type=1326 audit(1744856614.697:1764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7326 comm="syz.2.334" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7fc6579 code=0x7ffc0000 [ 105.584800][ T7313] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.588688][ T7313] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.591216][ T7313] bridge_slave_0: entered allmulticast mode [ 105.595516][ T7313] bridge_slave_0: entered promiscuous mode [ 105.599313][ T7313] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.601822][ T7313] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.604709][ T7313] bridge_slave_1: entered allmulticast mode [ 105.608129][ T7313] bridge_slave_1: entered promiscuous mode [ 105.662927][ T7313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.665297][ T7333] netlink: 4 bytes leftover after parsing attributes in process `syz.2.336'. [ 105.668921][ T7313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.674492][ T7333] netlink: 12 bytes leftover after parsing attributes in process `syz.2.336'. [ 105.713477][ T7313] team0: Port device team_slave_0 added [ 105.722227][ T7313] team0: Port device team_slave_1 added [ 105.773831][ T7313] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.780128][ T7313] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.794904][ T7313] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.801246][ T7313] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.804104][ T7313] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.814857][ T7313] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.827952][ T7335] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 105.831113][ T7335] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.887742][ T7313] hsr_slave_0: entered promiscuous mode [ 105.890195][ T7313] hsr_slave_1: entered promiscuous mode [ 105.892617][ T7313] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 105.895108][ T7313] Cannot create hsr debugfs directory [ 105.901244][ T7335] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 105.904713][ T7335] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.974427][ T7335] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 105.978406][ T7335] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.041409][ T7335] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 106.044535][ T7335] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.098008][ T7313] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.202861][ T7313] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.232303][ T7335] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 106.236773][ T7335] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.255847][ T7335] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 106.259503][ T7335] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.292200][ T34] usb 5-1: unable to get BOS descriptor or descriptor too short [ 106.296157][ T34] usb 5-1: no configurations [ 106.298157][ T34] usb 5-1: can't read configurations, error -22 [ 106.304360][ T7313] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.327432][ T7335] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 106.330662][ T7335] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.348929][ T7335] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 106.352215][ T7335] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.374030][ T7342] netlink: 4 bytes leftover after parsing attributes in process `syz.0.340'. [ 106.400836][ T7313] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.415613][ T7342] netlink: 'syz.0.340': attribute type 27 has an invalid length. [ 106.518137][ T7342] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.521493][ T7342] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.669228][ T7342] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 106.687742][ T7342] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 106.742750][ T77] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 106.752913][ T7342] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 106.829861][ T7342] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.833647][ T7342] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.840794][ T7342] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.844552][ T7342] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.851950][ T7342] geneve1: left promiscuous mode [ 106.898858][ T77] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 106.904567][ T77] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 106.908688][ T77] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 106.920603][ T77] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 106.924447][ T77] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.928203][ T77] usb 7-1: Product: syz [ 106.929994][ T77] usb 7-1: Manufacturer: syz [ 106.932472][ T77] usb 7-1: SerialNumber: syz [ 107.016408][ T7313] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 107.023682][ T7313] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 107.032540][ T7313] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 107.042300][ T7313] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 107.057343][ T5962] Bluetooth: hci0: command tx timeout [ 107.105652][ T7313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.139937][ T7313] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.146957][ T77] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 107.148410][ T1136] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.153804][ T1136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.198736][ T99] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.200952][ T99] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.330411][ T7313] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.362747][ T7313] veth0_vlan: entered promiscuous mode [ 107.374155][ T7313] veth1_vlan: entered promiscuous mode [ 107.401315][ T7313] veth0_macvtap: entered promiscuous mode [ 107.411161][ T7360] Bluetooth: MGMT ver 1.23 [ 107.411263][ T7313] veth1_macvtap: entered promiscuous mode [ 107.414906][ T7353] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 107.425578][ T7313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 107.431934][ T7313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.435091][ T7313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 107.439213][ T7313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.442368][ T7313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 107.445656][ T7313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.451931][ T7313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 107.455214][ T7313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.458642][ T7313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 107.461924][ T7313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.466604][ T7313] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.470501][ T7313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 107.474145][ T7313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.477331][ T7313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 107.480614][ T7313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.483684][ T7313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 107.487325][ T7313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.490401][ T7313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 107.493822][ T7313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.497579][ T7313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 107.500795][ T7313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.508076][ T7313] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.514787][ T7313] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.518977][ T7313] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.521772][ T7313] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.524480][ T7313] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.571391][ T1136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.572039][ T5993] usb 7-1: USB disconnect, device number 4 [ 107.574579][ T1136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.592754][ T5993] usblp0: removed [ 107.600253][ T99] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.602813][ T99] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.047420][ T7373] Zero length message leads to an empty skb [ 108.528144][ T7376] netlink: 4 bytes leftover after parsing attributes in process `syz.2.346'. [ 108.533019][ T7376] netlink: 12 bytes leftover after parsing attributes in process `syz.2.346'. [ 109.371890][ T7388] netlink: 'syz.0.349': attribute type 11 has an invalid length. [ 109.394013][ T7388] netlink: 'syz.0.349': attribute type 10 has an invalid length. [ 109.398278][ T7388] netlink: 40 bytes leftover after parsing attributes in process `syz.0.349'. [ 109.402832][ T7388] batadv0: entered promiscuous mode [ 109.405087][ T7388] batadv0: entered allmulticast mode [ 109.409467][ T7388] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.412955][ T7388] bridge0: port 3(batadv0) entered blocking state [ 109.416907][ T7388] bridge0: port 3(batadv0) entered disabled state [ 109.424927][ T7388] netlink: 20 bytes leftover after parsing attributes in process `syz.0.349'. [ 109.456175][ T5962] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 109.608103][ T12] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 109.611195][ T12] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 109.694360][ T7394] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 109.699596][ T7394] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 109.876176][ T836] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 110.059354][ T836] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 110.063196][ T836] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 110.067366][ T836] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 110.076418][ T836] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 110.080357][ T836] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.084503][ T836] usb 5-1: Product: syz [ 110.094102][ T836] usb 5-1: Manufacturer: syz [ 110.098262][ T836] usb 5-1: SerialNumber: syz [ 110.316121][ T836] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 12 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 110.529529][ T29] usb 5-1: USB disconnect, device number 12 [ 110.541260][ T29] usblp0: removed [ 110.677507][ T7408] netlink: 4 bytes leftover after parsing attributes in process `syz.3.355'. [ 110.682317][ T7408] netlink: 12 bytes leftover after parsing attributes in process `syz.3.355'. [ 110.785077][ T7413] FAULT_INJECTION: forcing a failure. [ 110.785077][ T7413] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 110.789327][ T7413] CPU: 2 UID: 0 PID: 7413 Comm: syz.3.356 Not tainted 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 PREEMPT(full) [ 110.789342][ T7413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 110.789349][ T7413] Call Trace: [ 110.789354][ T7413] [ 110.789368][ T7413] dump_stack_lvl+0x16c/0x1f0 [ 110.789390][ T7413] should_fail_ex+0x512/0x640 [ 110.789405][ T7413] _copy_from_user+0x2e/0xd0 [ 110.789420][ T7413] blkdev_common_ioctl+0x17ec/0x2250 [ 110.789437][ T7413] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 110.789451][ T7413] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 110.789469][ T7413] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 110.789492][ T7413] ? find_held_lock+0x2b/0x80 [ 110.789508][ T7413] compat_blkdev_ioctl+0x24f/0x7a0 [ 110.789526][ T7413] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 110.789546][ T7413] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 110.789562][ T7413] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 110.789577][ T7413] __do_fast_syscall_32+0x73/0x120 [ 110.789594][ T7413] do_fast_syscall_32+0x32/0x80 [ 110.789610][ T7413] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 110.789624][ T7413] RIP: 0023:0xf7f36579 [ 110.789632][ T7413] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 110.789644][ T7413] RSP: 002b:00000000f503555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 110.789654][ T7413] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 0000000000001277 [ 110.789660][ T7413] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 110.789666][ T7413] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 110.789672][ T7413] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 110.789678][ T7413] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 110.789706][ T7413] [ 110.852577][ C2] hpet_rtc_timer_reinit: 6 callbacks suppressed [ 110.852586][ C2] hpet: Lost 2 RTC interrupts [ 111.538276][ T7422] netlink: 12 bytes leftover after parsing attributes in process `syz.0.358'. [ 111.551756][ T7424] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 111.581630][ T7422] netlink: 'syz.0.358': attribute type 6 has an invalid length. [ 111.584880][ T7422] netlink: 'syz.0.358': attribute type 6 has an invalid length. [ 111.643904][ T7424] netlink: 20 bytes leftover after parsing attributes in process `syz.3.366'. [ 111.657126][ T7429] input: syz1 as /devices/virtual/input/input11 [ 111.750095][ T7429] loop6: detected capacity change from 0 to 63 [ 111.990761][ T7440] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 111.994584][ T7440] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 112.167061][ T34] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 112.337415][ T34] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 112.340522][ T34] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 112.343573][ T34] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 112.349343][ T34] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 112.352258][ T34] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.354812][ T34] usb 5-1: Product: syz [ 112.356314][ T34] usb 5-1: Manufacturer: syz [ 112.358027][ T34] usb 5-1: SerialNumber: syz [ 112.570008][ T34] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 13 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 112.818635][ T34] usb 5-1: USB disconnect, device number 13 [ 112.828633][ T34] usblp0: removed [ 113.074020][ T7450] ======================================================= [ 113.074020][ T7450] WARNING: The mand mount option has been deprecated and [ 113.074020][ T7450] and is ignored by this kernel. Remove the mand [ 113.074020][ T7450] option from the mount to silence this warning. [ 113.074020][ T7450] ======================================================= [ 113.103605][ T7450] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8) [ 113.106360][ T7450] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 113.113283][ T7450] vhci_hcd vhci_hcd.0: Device attached [ 113.316000][ T29] vhci_hcd: vhci_device speed not set [ 113.379286][ T29] usb 37-1: new full-speed USB device number 2 using vhci_hcd [ 113.691328][ T7451] vhci_hcd: connection reset by peer [ 113.694615][ T1136] vhci_hcd: stop threads [ 113.696939][ T1136] vhci_hcd: release socket [ 113.701074][ T1136] vhci_hcd: disconnect device [ 113.706730][ T5953] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 113.710515][ T5953] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 113.713916][ T5953] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 113.720217][ T5953] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 113.722931][ T5953] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 113.776217][ T7464] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 113.880042][ T7460] chnl_net:caif_netlink_parms(): no params data found [ 114.080667][ T7460] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.083738][ T7460] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.088063][ T7460] bridge_slave_0: entered allmulticast mode [ 114.091811][ T7460] bridge_slave_0: entered promiscuous mode [ 114.096323][ T7460] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.099298][ T7460] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.102290][ T7460] bridge_slave_1: entered allmulticast mode [ 114.107967][ T7460] bridge_slave_1: entered promiscuous mode [ 114.147913][ T7460] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 114.152710][ T7460] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 114.191377][ T7460] team0: Port device team_slave_0 added [ 114.195103][ T7460] team0: Port device team_slave_1 added [ 114.256496][ T7460] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 114.259357][ T7460] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 114.279404][ T7460] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 114.284610][ T7460] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 114.287183][ T7460] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 114.295242][ T7460] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 114.340114][ T7460] hsr_slave_0: entered promiscuous mode [ 114.342561][ T7460] hsr_slave_1: entered promiscuous mode [ 114.344689][ T7460] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 114.347357][ T7460] Cannot create hsr debugfs directory [ 114.499171][ T7460] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.574965][ T7460] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.583407][ T7486] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 114.587504][ T7486] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 114.673868][ T7460] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.681517][ T7489] Bluetooth: MGMT ver 1.23 [ 114.683359][ T7487] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 114.828370][ T7460] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.994584][ T7460] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 115.003013][ T7460] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 115.017788][ T7460] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 115.023015][ T7460] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 115.066247][ T6121] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 115.074781][ T7460] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.089011][ T7460] 8021q: adding VLAN 0 to HW filter on device team0 [ 115.092489][ T1136] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.092542][ T1136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.096926][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.097016][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.219583][ T7460] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 115.238806][ T6121] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 115.243104][ T6121] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 115.247283][ T7460] veth0_vlan: entered promiscuous mode [ 115.250238][ T7460] veth1_vlan: entered promiscuous mode [ 115.250333][ T6121] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 115.260864][ T6121] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 115.264651][ T6121] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.267748][ T7460] veth0_macvtap: entered promiscuous mode [ 115.268135][ T6121] usb 7-1: Product: syz [ 115.271239][ T6121] usb 7-1: Manufacturer: syz [ 115.272712][ T6121] usb 7-1: SerialNumber: syz [ 115.272931][ T7460] veth1_macvtap: entered promiscuous mode [ 115.284339][ T7460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 115.288099][ T7460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.291322][ T7460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 115.294573][ T7460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.299184][ T7460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 115.302478][ T7460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.305553][ T7460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 115.308947][ T7460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.312007][ T7460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 115.315266][ T7460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.318561][ T7460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 115.321848][ T7460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.326064][ T7460] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 115.332063][ T7460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.335370][ T7460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.338641][ T7460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.341907][ T7460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.344926][ T7460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.349361][ T7460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.352626][ T7460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.355941][ T7460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.359374][ T7460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.362660][ T7460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.366096][ T7460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.369376][ T7460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.373295][ T7460] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 115.379563][ T7460] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.382447][ T7460] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.385373][ T7460] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.388180][ T7460] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.418984][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.421641][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.433949][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.436932][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.482309][ T6121] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 115.516503][ T9] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 115.666186][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 115.670369][ T9] usb 5-1: config 0 has an invalid interface number: 186 but max is 0 [ 115.673174][ T9] usb 5-1: config 0 has no interface number 0 [ 115.675133][ T9] usb 5-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 115.678755][ T9] usb 5-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 115.682630][ T9] usb 5-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 115.690468][ T9] usb 5-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 115.696858][ T34] usb 7-1: USB disconnect, device number 5 [ 115.698157][ T9] usb 5-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 115.701504][ T34] usblp0: removed [ 115.704828][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.710952][ T9] usb 5-1: Product: syz [ 115.712406][ T9] usb 5-1: Manufacturer: syz [ 115.714128][ T9] usb 5-1: SerialNumber: syz [ 115.722634][ T9] usb 5-1: config 0 descriptor?? [ 115.908197][ T7513] dccp_invalid_packet: P.Data Offset(100) too large [ 115.937085][ T7505] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 115.940421][ T7505] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 115.950641][ T9] iowarrior 5-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0 [ 116.012266][ T7517] FAULT_INJECTION: forcing a failure. [ 116.012266][ T7517] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 116.018895][ T7517] CPU: 1 UID: 0 PID: 7517 Comm: syz.3.382 Not tainted 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 PREEMPT(full) [ 116.018918][ T7517] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 116.018926][ T7517] Call Trace: [ 116.018930][ T7517] [ 116.018936][ T7517] dump_stack_lvl+0x16c/0x1f0 [ 116.018964][ T7517] should_fail_ex+0x512/0x640 [ 116.018986][ T7517] _copy_to_user+0x32/0xd0 [ 116.019006][ T7517] simple_read_from_buffer+0xcb/0x170 [ 116.019028][ T7517] proc_fail_nth_read+0x197/0x270 [ 116.019055][ T7517] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 116.019077][ T7517] ? rw_verify_area+0xcf/0x680 [ 116.019095][ T7517] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 116.019112][ T7517] vfs_read+0x1de/0xc70 [ 116.019135][ T7517] ? __pfx___mutex_lock+0x10/0x10 [ 116.019157][ T7517] ? __pfx_vfs_read+0x10/0x10 [ 116.019183][ T7517] ? __fget_files+0x20e/0x3c0 [ 116.019208][ T7517] ksys_read+0x12a/0x240 [ 116.019227][ T7517] ? __pfx_ksys_read+0x10/0x10 [ 116.019249][ T7517] ? rcu_is_watching+0x12/0xc0 [ 116.019272][ T7517] __do_fast_syscall_32+0x73/0x120 [ 116.019294][ T7517] do_fast_syscall_32+0x32/0x80 [ 116.019316][ T7517] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 116.019335][ T7517] RIP: 0023:0xf7f36579 [ 116.019347][ T7517] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 116.019362][ T7517] RSP: 002b:00000000f5056590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 116.019373][ T7517] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5056620 [ 116.019382][ T7517] RDX: 000000000000000f RSI: 00000000f73c2ff4 RDI: 0000000000000000 [ 116.019391][ T7517] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 116.019399][ T7517] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 116.019408][ T7517] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 116.019430][ T7517] [ 116.094974][ T34] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 116.159265][ T58] usb 5-1: USB disconnect, device number 14 [ 116.189822][ T7521] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 116.192861][ T7521] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 116.255977][ T34] usb 7-1: Using ep0 maxpacket: 8 [ 116.258876][ T34] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 116.261565][ T34] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 116.266657][ T34] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 116.270741][ T34] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 116.274734][ T34] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 116.281191][ T34] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 116.285711][ T34] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.497942][ T34] usb 7-1: usb_control_msg returned -32 [ 116.499770][ T34] usbtmc 7-1:16.0: can't read capabilities [ 116.726527][ T5962] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 116.939902][ T34] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 117.095980][ T34] usb 5-1: Using ep0 maxpacket: 8 [ 117.099723][ T34] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 117.102519][ T34] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 117.105746][ T34] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 117.108921][ T34] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 117.112124][ T34] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 117.116617][ T34] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 117.120270][ T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.328091][ T34] usb 5-1: usb_control_msg returned -32 [ 117.330492][ T34] usbtmc 5-1:16.0: can't read capabilities [ 117.606436][ T58] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 118.486176][ T29] vhci_hcd: vhci_device speed not set [ 118.699276][ T58] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 118.702405][ T58] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 118.705478][ T58] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 118.712127][ T58] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 118.715499][ T58] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.718444][ T58] usb 8-1: Product: syz [ 118.719832][ T58] usb 8-1: Manufacturer: syz [ 118.721411][ T58] usb 8-1: SerialNumber: syz [ 118.818114][ T7498] usb 7-1: USB disconnect, device number 6 [ 118.930166][ T58] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 10 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 119.144101][ T34] usb 8-1: USB disconnect, device number 10 [ 119.148918][ T34] usblp0: removed [ 119.773758][ T7498] usb 5-1: USB disconnect, device number 15 [ 119.804196][ T7544] netlink: 4 bytes leftover after parsing attributes in process `syz.2.389'. [ 119.811984][ T7544] netlink: 12 bytes leftover after parsing attributes in process `syz.2.389'. [ 119.861223][ T7548] netlink: 52 bytes leftover after parsing attributes in process `syz.2.391'. [ 119.864896][ T7548] netlink: 56 bytes leftover after parsing attributes in process `syz.2.391'. [ 119.944143][ T7551] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 120.774094][ T5953] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 120.784350][ T5953] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 120.791614][ T5953] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 120.795763][ T5953] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 120.800568][ T5953] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 121.058921][ T7560] chnl_net:caif_netlink_parms(): no params data found [ 121.232514][ T7560] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.237841][ T7560] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.241369][ T7560] bridge_slave_0: entered allmulticast mode [ 121.246519][ T7560] bridge_slave_0: entered promiscuous mode [ 121.252418][ T7560] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.255556][ T7560] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.259327][ T7560] bridge_slave_1: entered allmulticast mode [ 121.263233][ T7560] bridge_slave_1: entered promiscuous mode [ 121.316816][ T7560] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 121.322948][ T7560] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 121.423908][ T7560] team0: Port device team_slave_0 added [ 121.432848][ T7560] team0: Port device team_slave_1 added [ 121.544472][ T7560] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 121.557797][ T7560] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 121.596891][ T7560] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 121.669347][ T7560] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 121.673702][ T7560] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 121.692754][ T7560] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 121.737412][ T7565] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 121.861900][ T7560] hsr_slave_0: entered promiscuous mode [ 121.864151][ T7560] hsr_slave_1: entered promiscuous mode [ 121.866547][ T7560] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 121.868895][ T7560] Cannot create hsr debugfs directory [ 122.029466][ T7585] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 122.033967][ T7585] qrtr: Invalid version 0 [ 122.063317][ T7586] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 122.076212][ T7586] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 122.178729][ T7585] tty tty21: ldisc open failed (-12), clearing slot 20 [ 122.253618][ T7588] netlink: 4 bytes leftover after parsing attributes in process `syz.0.399'. [ 122.295029][ T7560] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.303790][ T7588] netlink: 12 bytes leftover after parsing attributes in process `syz.0.399'. [ 122.355207][ T7560] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.441567][ T7560] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.545704][ T7560] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.638450][ T7600] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 122.641558][ T7600] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 122.669229][ T7560] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 122.699938][ T7560] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 122.708952][ T7560] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 122.713747][ T7560] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 122.761695][ T7560] 8021q: adding VLAN 0 to HW filter on device bond0 [ 122.774137][ T7560] 8021q: adding VLAN 0 to HW filter on device team0 [ 122.782003][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.784397][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.804939][ T99] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.807745][ T99] bridge0: port 2(bridge_slave_1) entered forwarding state [ 122.961600][ T7613] Bluetooth: MGMT ver 1.23 [ 123.017210][ T7560] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 123.077768][ T7560] veth0_vlan: entered promiscuous mode [ 123.102721][ T7560] veth1_vlan: entered promiscuous mode [ 123.125029][ T7560] veth0_macvtap: entered promiscuous mode [ 123.131571][ T7560] veth1_macvtap: entered promiscuous mode [ 123.145555][ T7560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.150426][ T7560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.154430][ T7560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.158591][ T7560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.162664][ T7560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.167237][ T7560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.171276][ T7560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.175391][ T7560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.179481][ T7560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.183770][ T7560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.187989][ T7560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.192251][ T7560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.196178][ T7560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.200337][ T7560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.205746][ T7560] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 123.218514][ T7560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 123.222238][ T7560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.225317][ T7560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 123.229620][ T7560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.232884][ T7560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 123.236180][ T7560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.239777][ T7560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 123.243742][ T7560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.247963][ T7560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 123.251545][ T7560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.254907][ T7560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 123.258528][ T7560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.262363][ T7560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 123.265872][ T7560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.270541][ T7560] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 123.277719][ T7560] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.280630][ T7560] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.283525][ T7560] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.287903][ T7560] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.334767][ T96] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.338277][ T96] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.360854][ T96] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.363403][ T96] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.386048][ T59] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 123.485433][ T7623] netlink: 4 bytes leftover after parsing attributes in process `syz.0.408'. [ 123.489142][ T7623] netlink: 12 bytes leftover after parsing attributes in process `syz.0.408'. [ 123.538313][ T59] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 123.541463][ T59] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 123.544734][ T59] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 123.551550][ T59] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 123.554528][ T59] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.557298][ T59] usb 8-1: Product: syz [ 123.558640][ T59] usb 8-1: Manufacturer: syz [ 123.560074][ T59] usb 8-1: SerialNumber: syz [ 123.779662][ T59] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 11 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 123.880913][ T7637] netlink: 24 bytes leftover after parsing attributes in process `syz.0.412'. [ 123.998821][ T58] usb 8-1: USB disconnect, device number 11 [ 124.003588][ T58] usblp0: removed [ 124.101409][ T7646] netlink: 4 bytes leftover after parsing attributes in process `syz.0.417'. [ 124.727849][ T5953] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 124.731912][ T5953] Bluetooth: hci2: Injecting HCI hardware error event [ 124.735823][ T5953] Bluetooth: hci2: hardware error 0x00 [ 124.876045][ T7669] dccp_invalid_packet: P.Data Offset(100) too large [ 124.959197][ T7671] FAULT_INJECTION: forcing a failure. [ 124.959197][ T7671] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 124.964575][ T7671] CPU: 3 UID: 0 PID: 7671 Comm: syz.3.424 Not tainted 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 PREEMPT(full) [ 124.964599][ T7671] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 124.964610][ T7671] Call Trace: [ 124.964616][ T7671] [ 124.964624][ T7671] dump_stack_lvl+0x16c/0x1f0 [ 124.964653][ T7671] should_fail_ex+0x512/0x640 [ 124.964676][ T7671] _copy_to_user+0x32/0xd0 [ 124.964699][ T7671] simple_read_from_buffer+0xcb/0x170 [ 124.964726][ T7671] proc_fail_nth_read+0x197/0x270 [ 124.964750][ T7671] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 124.964775][ T7671] ? rw_verify_area+0xcf/0x680 [ 124.964796][ T7671] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 124.964818][ T7671] vfs_read+0x1de/0xc70 [ 124.964844][ T7671] ? __pfx___mutex_lock+0x10/0x10 [ 124.964868][ T7671] ? __pfx_vfs_read+0x10/0x10 [ 124.964896][ T7671] ? __fget_files+0x20e/0x3c0 [ 124.964935][ T7671] ksys_read+0x12a/0x240 [ 124.964958][ T7671] ? __pfx_ksys_read+0x10/0x10 [ 124.964978][ T7671] ? rcu_is_watching+0x12/0xc0 [ 124.965002][ T7671] ? rcu_is_watching+0x12/0xc0 [ 124.965026][ T7671] __do_fast_syscall_32+0x73/0x120 [ 124.965052][ T7671] do_fast_syscall_32+0x32/0x80 [ 124.965077][ T7671] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 124.965097][ T7671] RIP: 0023:0xf7f36579 [ 124.965111][ T7671] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 124.965127][ T7671] RSP: 002b:00000000f5056590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 124.965144][ T7671] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f5056620 [ 124.965155][ T7671] RDX: 000000000000000f RSI: 00000000f73c2ff4 RDI: 0000000000000000 [ 124.965165][ T7671] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 124.965174][ T7671] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 124.965183][ T7671] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 124.965206][ T7671] [ 125.048809][ T5962] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 125.257062][ T7686] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 125.260488][ T7686] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 125.356252][ T10] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 125.517238][ T10] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 125.520416][ T10] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 125.523444][ T10] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 125.529317][ T10] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 125.532140][ T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.534655][ T10] usb 7-1: Product: syz [ 125.536520][ T10] usb 7-1: Manufacturer: syz [ 125.538329][ T10] usb 7-1: SerialNumber: syz [ 125.746518][ T10] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 7 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 125.999091][ T58] usb 7-1: USB disconnect, device number 7 [ 126.002747][ T58] usblp0: removed [ 126.056282][ T7705] dccp_invalid_packet: P.Data Offset(100) too large [ 126.776016][ T836] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 126.806211][ T5953] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 126.930532][ T836] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 126.934129][ T836] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 126.938131][ T836] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 126.941021][ T836] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 126.946686][ T836] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 126.951439][ T836] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 126.954147][ T836] usb 8-1: Product: syz [ 126.957452][ T836] usb 8-1: Manufacturer: syz [ 126.963656][ T836] cdc_wdm 8-1:1.0: skipping garbage [ 126.965585][ T836] cdc_wdm 8-1:1.0: skipping garbage [ 126.967859][ T836] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22 [ 127.519605][ T7721] netlink: 'syz.3.435': attribute type 1 has an invalid length. [ 127.522980][ T7721] __nla_validate_parse: 1 callbacks suppressed [ 127.522991][ T7721] netlink: 208 bytes leftover after parsing attributes in process `syz.3.435'. [ 128.522067][ T5962] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 128.529523][ T5962] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 128.534712][ T5962] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 128.539566][ T5962] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 128.543036][ T5962] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 128.741413][ T7728] chnl_net:caif_netlink_parms(): no params data found [ 128.879506][ T7728] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.882938][ T7728] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.886724][ T7728] bridge_slave_0: entered allmulticast mode [ 128.890573][ T7728] bridge_slave_0: entered promiscuous mode [ 128.895117][ T7728] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.899352][ T7728] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.902209][ T7728] bridge_slave_1: entered allmulticast mode [ 128.906077][ T7728] bridge_slave_1: entered promiscuous mode [ 128.971521][ T7728] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 128.979168][ T7728] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 129.048088][ T7728] team0: Port device team_slave_0 added [ 129.054066][ T7728] team0: Port device team_slave_1 added [ 129.156905][ T7728] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 129.159759][ T7728] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 129.170878][ T7728] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 129.176836][ T7728] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 129.179530][ T7728] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 129.190949][ T7728] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 129.322567][ T7728] hsr_slave_0: entered promiscuous mode [ 129.325924][ T7728] hsr_slave_1: entered promiscuous mode [ 129.329005][ T7728] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 129.332130][ T7728] Cannot create hsr debugfs directory [ 129.399276][ T7743] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 129.403298][ T7743] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 129.615103][ T7728] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.627551][ T7498] usb 8-1: USB disconnect, device number 12 [ 129.711433][ T7746] netlink: 4 bytes leftover after parsing attributes in process `syz.2.441'. [ 129.796854][ T7749] input: syz0 as /devices/virtual/input/input12 [ 129.803622][ T7749] netlink: 52 bytes leftover after parsing attributes in process `syz.2.441'. [ 129.896861][ T7728] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.997013][ T7728] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.055977][ T7498] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 130.074047][ T7728] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.214097][ T7728] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 130.216048][ T34] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 130.219414][ T7498] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 130.223084][ T7728] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 130.226095][ T7498] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 130.234988][ T7728] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 130.236058][ T7498] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 130.241672][ T7498] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 130.245259][ T7728] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 130.246217][ T7498] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 130.251858][ T7498] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.259973][ T7498] usb 8-1: config 0 descriptor?? [ 130.330112][ T7728] 8021q: adding VLAN 0 to HW filter on device bond0 [ 130.347757][ T7728] 8021q: adding VLAN 0 to HW filter on device team0 [ 130.354403][ T99] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.357341][ T99] bridge0: port 1(bridge_slave_0) entered forwarding state [ 130.367710][ T99] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.370621][ T99] bridge0: port 2(bridge_slave_1) entered forwarding state [ 130.378891][ T34] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 130.382596][ T34] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 130.386420][ T34] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 130.397543][ T34] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 130.401238][ T34] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.404338][ T34] usb 7-1: Product: syz [ 130.416158][ T34] usb 7-1: Manufacturer: syz [ 130.418271][ T34] usb 7-1: SerialNumber: syz [ 130.542369][ T7728] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 130.560749][ T40] audit: type=1326 audit(1744856639.837:1770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7752 comm="syz.0.443" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24579 code=0x7ffc0000 [ 130.569741][ T40] audit: type=1326 audit(1744856639.837:1771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7752 comm="syz.0.443" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24579 code=0x7ffc0000 [ 130.576820][ T40] audit: type=1326 audit(1744856639.837:1772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7752 comm="syz.0.443" exe="/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf7f24579 code=0x7ffc0000 [ 130.578977][ T7728] veth0_vlan: entered promiscuous mode [ 130.584650][ T40] audit: type=1326 audit(1744856639.837:1773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7752 comm="syz.0.443" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24579 code=0x7ffc0000 [ 130.590298][ T7728] veth1_vlan: entered promiscuous mode [ 130.594757][ T40] audit: type=1326 audit(1744856639.837:1774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7752 comm="syz.0.443" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24579 code=0x7ffc0000 [ 130.609296][ T7728] veth0_macvtap: entered promiscuous mode [ 130.617940][ T7728] veth1_macvtap: entered promiscuous mode [ 130.632709][ T7728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 130.641381][ T34] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 8 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 130.646088][ T5962] Bluetooth: hci0: command tx timeout [ 130.649142][ T7728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.653694][ T7728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 130.658366][ T7728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.661726][ T7728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 130.664572][ T7728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.668676][ T7728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 130.671644][ T7728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.675032][ T7728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 130.678237][ T7728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.681240][ T7728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 130.684835][ T7728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.688145][ T7728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 130.691364][ T7728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.694478][ T7728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 130.698558][ T7728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.702657][ T7728] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 130.709887][ T7728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.713716][ T7728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.717614][ T7728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.720960][ T7728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.724589][ T7728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.729649][ T7728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.732696][ T7728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.736026][ T7728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.738933][ T7728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.742692][ T7728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.747266][ T7728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.751272][ T7728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.754941][ T7728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.758898][ T7728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.763291][ T7728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.767302][ T7728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.772775][ T7728] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 130.781748][ T7728] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.785243][ T7728] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.789265][ T7728] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.792793][ T7728] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.833887][ T99] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 130.836504][ T99] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 130.861252][ T96] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 130.864507][ T96] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 130.872161][ T34] usb 7-1: USB disconnect, device number 8 [ 130.883385][ T34] usblp0: removed [ 130.889223][ T7498] usbhid 8-1:0.0: can't add hid device: -71 [ 130.891224][ T7498] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 130.896531][ T7498] usb 8-1: USB disconnect, device number 13 [ 131.344399][ T40] audit: type=1326 audit(1744856640.617:1775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7765 comm="syz.0.445" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24579 code=0x7ffc0000 [ 131.351429][ T40] audit: type=1326 audit(1744856640.617:1776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7765 comm="syz.0.445" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24579 code=0x7ffc0000 [ 131.358341][ T40] audit: type=1326 audit(1744856640.617:1777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7765 comm="syz.0.445" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf7f24579 code=0x7ffc0000 [ 131.364948][ T40] audit: type=1326 audit(1744856640.617:1778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7765 comm="syz.0.445" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24579 code=0x7ffc0000 [ 131.371854][ T40] audit: type=1326 audit(1744856640.617:1779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7765 comm="syz.0.445" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24579 code=0x7ffc0000 [ 131.535557][ T7772] FAULT_INJECTION: forcing a failure. [ 131.535557][ T7772] name failslab, interval 1, probability 0, space 0, times 0 [ 131.542886][ T7772] CPU: 2 UID: 0 PID: 7772 Comm: syz.3.446 Not tainted 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 PREEMPT(full) [ 131.542933][ T7772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 131.542944][ T7772] Call Trace: [ 131.542950][ T7772] [ 131.542957][ T7772] dump_stack_lvl+0x16c/0x1f0 [ 131.542988][ T7772] should_fail_ex+0x512/0x640 [ 131.543008][ T7772] ? __kmalloc_node_noprof+0xc5/0x500 [ 131.543037][ T7772] should_failslab+0xc2/0x120 [ 131.543055][ T7772] __kmalloc_node_noprof+0xd8/0x500 [ 131.543080][ T7772] ? qdisc_alloc+0xbb/0xc50 [ 131.543120][ T7772] qdisc_alloc+0xbb/0xc50 [ 131.543147][ T7772] qdisc_create_dflt+0x73/0x430 [ 131.543171][ T7772] dev_activate+0x63f/0x12d0 [ 131.543196][ T7772] ? __pfx_dev_activate+0x10/0x10 [ 131.543225][ T7772] __dev_open+0x43a/0x7d0 [ 131.543247][ T7772] ? __pfx___dev_open+0x10/0x10 [ 131.543270][ T7772] ? __local_bh_enable_ip+0xa4/0x120 [ 131.543298][ T7772] __dev_change_flags+0x55d/0x720 [ 131.543321][ T7772] ? __pfx___dev_change_flags+0x10/0x10 [ 131.543342][ T7772] ? validate_linkmsg+0x57c/0xb60 [ 131.543366][ T7772] ? __pfx_validate_linkmsg+0x10/0x10 [ 131.543391][ T7772] netif_change_flags+0x8d/0x160 [ 131.543415][ T7772] do_setlink.constprop.0+0xddf/0x44b0 [ 131.543446][ T7772] ? __pfx_do_setlink.constprop.0+0x10/0x10 [ 131.543485][ T7772] ? __call_rcu_common.constprop.0+0x3e5/0x9f0 [ 131.543503][ T7772] ? lockdep_hardirqs_on+0x7c/0x110 [ 131.543532][ T7772] ? __nf_unregister_net_hook+0x36d/0x680 [ 131.543558][ T7772] ? nf_unregister_net_hooks+0xcd/0x160 [ 131.543582][ T7772] ? ipvlan_unregister_nf_hook+0x8d/0xc0 [ 131.543603][ T7772] ? ipvlan_set_port_mode+0x3ab/0x4c0 [ 131.543631][ T7772] rtnl_newlink+0x1446/0x2000 [ 131.543662][ T7772] ? __pfx_rtnl_newlink+0x10/0x10 [ 131.543687][ T7772] ? kasan_quarantine_put+0x10a/0x240 [ 131.543710][ T7772] ? lockdep_hardirqs_on+0x7c/0x110 [ 131.543738][ T7772] ? kfree_skbmem+0x1a4/0x1f0 [ 131.543763][ T7772] ? rcu_is_watching+0x12/0xc0 [ 131.543794][ T7772] ? __pfx_rtnl_newlink+0x10/0x10 [ 131.543816][ T7772] ? __pfx_rtnl_newlink+0x10/0x10 [ 131.543835][ T7772] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 131.543859][ T7772] ? __pfx_rtnl_newlink+0x10/0x10 [ 131.543881][ T7772] rtnetlink_rcv_msg+0x95b/0xe90 [ 131.543906][ T7772] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 131.543948][ T7772] netlink_rcv_skb+0x16a/0x440 [ 131.543972][ T7772] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 131.543997][ T7772] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 131.544037][ T7772] ? netlink_deliver_tap+0x1ae/0xd30 [ 131.544065][ T7772] netlink_unicast+0x53a/0x7f0 [ 131.544093][ T7772] ? __pfx_netlink_unicast+0x10/0x10 [ 131.544125][ T7772] netlink_sendmsg+0x8d1/0xdd0 [ 131.544154][ T7772] ? __pfx_netlink_sendmsg+0x10/0x10 [ 131.544179][ T7772] ? __import_iovec+0x1c8/0x660 [ 131.544207][ T7772] ____sys_sendmsg+0xa95/0xc70 [ 131.544226][ T7772] ? __pfx_____sys_sendmsg+0x10/0x10 [ 131.544241][ T7772] ? get_compat_msghdr+0x11a/0x170 [ 131.544275][ T7772] ___sys_sendmsg+0x134/0x1d0 [ 131.544299][ T7772] ? __pfx____sys_sendmsg+0x10/0x10 [ 131.544357][ T7772] __sys_sendmsg+0x16d/0x220 [ 131.544379][ T7772] ? __pfx___sys_sendmsg+0x10/0x10 [ 131.544418][ T7772] ? rcu_is_watching+0x12/0xc0 [ 131.544444][ T7772] __do_fast_syscall_32+0x73/0x120 [ 131.544472][ T7772] do_fast_syscall_32+0x32/0x80 [ 131.544499][ T7772] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 131.544520][ T7772] RIP: 0023:0xf7f36579 [ 131.544534][ T7772] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 131.544550][ T7772] RSP: 002b:00000000f501455c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 131.544566][ T7772] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080000080 [ 131.544576][ T7772] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 131.544586][ T7772] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 131.544595][ T7772] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 131.544605][ T7772] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 131.544631][ T7772] [ 131.544961][ T7772] ipvlan1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 131.953832][ T7776] syzkaller0: entered promiscuous mode [ 131.955647][ T7776] syzkaller0: entered allmulticast mode [ 132.331235][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.340295][ T7784] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 132.352322][ T7784] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 134.377211][ T5953] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 134.382577][ T5953] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 134.387747][ T5953] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 134.391762][ T5953] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 134.395182][ T5953] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 134.563786][ T7793] chnl_net:caif_netlink_parms(): no params data found [ 134.636002][ T5993] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 134.703652][ T7793] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.707213][ T7793] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.709664][ T7793] bridge_slave_0: entered allmulticast mode [ 134.713420][ T7793] bridge_slave_0: entered promiscuous mode [ 134.724379][ T7793] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.728269][ T7793] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.731665][ T7793] bridge_slave_1: entered allmulticast mode [ 134.738096][ T7793] bridge_slave_1: entered promiscuous mode [ 134.788147][ T5993] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 134.792383][ T5993] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 134.796365][ T5993] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 134.805381][ T5993] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 134.809341][ T5993] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.810579][ T7793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 134.812220][ T5993] usb 5-1: Product: syz [ 134.818886][ T5993] usb 5-1: Manufacturer: syz [ 134.820538][ T5993] usb 5-1: SerialNumber: syz [ 134.822130][ T7793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 134.898965][ T7793] team0: Port device team_slave_0 added [ 134.904099][ T7793] team0: Port device team_slave_1 added [ 134.939228][ T7793] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 134.941506][ T7793] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 134.951192][ T7793] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 134.955590][ T7793] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 134.958042][ T7793] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 134.966666][ T7793] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 135.015126][ T7793] hsr_slave_0: entered promiscuous mode [ 135.018452][ T7793] hsr_slave_1: entered promiscuous mode [ 135.020629][ T7793] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 135.023084][ T7793] Cannot create hsr debugfs directory [ 135.028205][ T5993] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 16 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 135.216495][ T7806] netlink: 4 bytes leftover after parsing attributes in process `syz.2.454'. [ 135.256963][ T65] usb 5-1: USB disconnect, device number 16 [ 135.264051][ T65] usblp0: removed [ 135.264588][ T7793] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.375849][ T7793] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.452208][ T7793] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.540802][ T7793] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.592522][ T7828] kvm: requested 3352 ns i8254 timer period limited to 200000 ns [ 135.621976][ T7828] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 135.627849][ T7828] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 135.635376][ T7828] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 135.642667][ T7828] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 135.649114][ T7828] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 135.658739][ T7828] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 135.700180][ T7793] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 135.707632][ T7793] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 135.716464][ T7793] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 135.724346][ T7793] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 135.792926][ T7793] 8021q: adding VLAN 0 to HW filter on device bond0 [ 135.803642][ T7793] 8021q: adding VLAN 0 to HW filter on device team0 [ 135.811904][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.814757][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 135.823923][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.826339][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 135.857199][ T7793] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 135.860653][ T7793] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 135.974070][ T7793] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 136.011744][ T7793] veth0_vlan: entered promiscuous mode [ 136.019962][ T7793] veth1_vlan: entered promiscuous mode [ 136.054789][ T7793] veth0_macvtap: entered promiscuous mode [ 136.062697][ T7793] veth1_macvtap: entered promiscuous mode [ 136.075533][ T7793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.080669][ T7793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.084747][ T7793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.089853][ T7793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.093830][ T7793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.098367][ T7793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.102790][ T7793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.107451][ T7793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.111442][ T7793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.115683][ T7793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.119801][ T7793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.123878][ T7793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.127907][ T7793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.132265][ T7793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.136604][ T7793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.140781][ T7793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.146745][ T7793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.151766][ T7793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.157547][ T7793] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 136.174234][ T7793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 136.178751][ T7793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.183469][ T7793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 136.188644][ T7793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.192741][ T7793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 136.197177][ T7793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.201349][ T7793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 136.205683][ T7793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.209844][ T7793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 136.214192][ T7793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.218261][ T7793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 136.222588][ T7793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.226858][ T7793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 136.231268][ T7793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.235302][ T7793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 136.239703][ T7793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.243822][ T7793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 136.250122][ T7793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.256748][ T7793] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 136.264771][ T7793] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.268457][ T7793] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.272037][ T7793] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.275569][ T7793] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.335560][ T1188] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 136.340797][ T1188] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 136.362342][ T1188] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 136.365025][ T1188] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 136.567283][ T7853] netlink: 4 bytes leftover after parsing attributes in process `syz.3.463'. [ 136.588639][ T7854] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 136.593226][ T7854] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 136.896248][ T77] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 137.050358][ T77] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 137.054434][ T77] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 137.058218][ T77] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 137.065411][ T77] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 137.069666][ T77] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.073058][ T77] usb 8-1: Product: syz [ 137.074799][ T77] usb 8-1: Manufacturer: syz [ 137.076844][ T77] usb 8-1: SerialNumber: syz [ 137.284593][ T77] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 14 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 137.517434][ T40] kauditd_printk_skb: 51 callbacks suppressed [ 137.517470][ T40] audit: type=1326 audit(1744856646.787:1831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7867 comm="syz.2.468" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ff00000 [ 137.529379][ T40] audit: type=1326 audit(1744856646.787:1832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7867 comm="syz.2.468" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ff00000 [ 137.537533][ T40] audit: type=1326 audit(1744856646.787:1833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7867 comm="syz.2.468" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ff00000 [ 137.546040][ T40] audit: type=1326 audit(1744856646.787:1834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7867 comm="syz.2.468" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ff00000 [ 137.554016][ T40] audit: type=1326 audit(1744856646.787:1835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7867 comm="syz.2.468" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ff00000 [ 137.561281][ T40] audit: type=1326 audit(1744856646.787:1836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7867 comm="syz.2.468" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ff00000 [ 137.571424][ T40] audit: type=1326 audit(1744856646.787:1837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7867 comm="syz.2.468" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ff00000 [ 137.579313][ T40] audit: type=1326 audit(1744856646.787:1838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7867 comm="syz.2.468" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ff00000 [ 137.598226][ T40] audit: type=1326 audit(1744856646.787:1839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7867 comm="syz.2.468" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ff00000 [ 137.608039][ T40] audit: type=1326 audit(1744856646.787:1840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7867 comm="syz.2.468" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ff00000 [ 137.700542][ T1329] usb 8-1: USB disconnect, device number 14 [ 137.707130][ T1329] usblp0: removed [ 137.877396][ T7875] mmap: syz.3.469 (7875) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 139.817878][ T7894] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 139.821337][ T7894] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 139.920498][ T5953] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 139.927131][ T5953] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 139.933530][ T5953] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 139.938462][ T5953] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 139.941730][ T5953] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 140.266132][ T7898] chnl_net:caif_netlink_parms(): no params data found [ 140.372859][ T7898] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.375630][ T7898] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.378590][ T7898] bridge_slave_0: entered allmulticast mode [ 140.382096][ T7898] bridge_slave_0: entered promiscuous mode [ 140.388063][ T7898] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.390640][ T7898] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.393380][ T7898] bridge_slave_1: entered allmulticast mode [ 140.398865][ T7898] bridge_slave_1: entered promiscuous mode [ 140.479476][ T7898] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 140.487751][ T7898] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 140.550431][ T7898] team0: Port device team_slave_0 added [ 140.555623][ T7898] team0: Port device team_slave_1 added [ 140.671484][ T7898] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 140.674523][ T7898] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 140.686243][ T7898] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 140.692494][ T7898] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 140.699171][ T7898] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 140.710169][ T7898] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 140.780781][ T7916] dccp_invalid_packet: P.Data Offset(100) too large [ 140.838031][ T7898] hsr_slave_0: entered promiscuous mode [ 140.841186][ T7898] hsr_slave_1: entered promiscuous mode [ 140.844063][ T7898] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 140.856188][ T7898] Cannot create hsr debugfs directory [ 141.110509][ T7898] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.195310][ T7898] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.273298][ T7955] netlink: 4 bytes leftover after parsing attributes in process `syz.3.495'. [ 141.314628][ T7898] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.406384][ T7898] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.439745][ T7971] netlink: 8 bytes leftover after parsing attributes in process `syz.3.499'. [ 141.446789][ T7971] netlink: 'syz.3.499': attribute type 9 has an invalid length. [ 141.464824][ T7971] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode [ 141.468048][ T7971] macvlan2: entered allmulticast mode [ 141.470637][ T7971] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode [ 141.484819][ T7971] loop6: detected capacity change from 0 to 524287999 [ 141.844166][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 141.847228][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 141.892468][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 141.896411][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 141.901873][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 141.904798][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 141.914698][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 141.919222][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 141.939420][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 141.942426][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 141.950939][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 141.952629][ T7976] Bluetooth: MGMT ver 1.23 [ 141.954349][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 141.956746][ T7973] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 141.964441][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 141.968579][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 141.994716][ T7983] random: crng reseeded on system resumption [ 141.997909][ T7898] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 142.003847][ T7898] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 142.023361][ T7898] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 142.034058][ T7898] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 142.048419][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 142.051473][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 142.054068][ T7971] ldm_validate_partition_table(): Disk read failed. [ 142.059120][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 142.062077][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 142.065216][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 142.068947][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 142.073834][ T7971] Dev loop6: unable to read RDB block 0 [ 142.079862][ T7971] loop6: unable to read partition table [ 142.085570][ T7971] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 142.101369][ T7978] ldm_validate_partition_table(): Disk read failed. [ 142.119220][ T7898] 8021q: adding VLAN 0 to HW filter on device bond0 [ 142.139448][ T7978] Dev loop6: unable to read RDB block 0 [ 142.144117][ T7978] loop6: unable to read partition table [ 142.153636][ T7898] 8021q: adding VLAN 0 to HW filter on device team0 [ 142.160685][ T7978] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 142.168340][ T1188] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.171436][ T1188] bridge0: port 1(bridge_slave_0) entered forwarding state [ 142.192116][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.194688][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 142.276965][ T7898] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 142.429561][ T7898] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 142.511690][ T7898] veth0_vlan: entered promiscuous mode [ 142.518679][ T7898] veth1_vlan: entered promiscuous mode [ 142.551388][ T7898] veth0_macvtap: entered promiscuous mode [ 142.555682][ T7898] veth1_macvtap: entered promiscuous mode [ 142.573866][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.579540][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.583366][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.587722][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.591764][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.596875][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.600781][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.605270][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.610740][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.615026][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.619439][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.623855][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.627474][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.631437][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.634970][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.638334][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.641367][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.644781][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.647974][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.651362][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.655556][ T7898] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 142.659844][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.663166][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.666694][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.670213][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.673270][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.676538][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.679663][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.682988][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.686252][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.689494][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.692560][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.821254][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.824564][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.828165][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.831492][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.834889][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.838172][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.841669][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.844811][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.848271][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.853030][ T7898] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 142.858273][ T7898] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.861188][ T7898] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.866173][ T7898] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.869829][ T7898] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.986603][ T99] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 142.989234][ T99] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.024563][ T99] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.030227][ T99] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.363207][ T8022] netlink: 8 bytes leftover after parsing attributes in process `syz.3.504'. [ 143.367535][ T8022] netlink: 8 bytes leftover after parsing attributes in process `syz.3.504'. [ 144.006235][ T5953] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 144.015074][ T8015] ================================================================== [ 144.017752][ T8015] BUG: KASAN: slab-use-after-free in skb_queue_purge_reason+0x381/0x420 [ 144.020681][ T8015] Read of size 8 at addr ffff888075563058 by task syz.2.500/8015 [ 144.024898][ T8015] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 144.026562][ T8015] CPU: 3 UID: 0 PID: 8015 Comm: syz.2.500 Not tainted 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 PREEMPT(full) [ 144.026579][ T8015] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 144.026586][ T8015] Call Trace: [ 144.026592][ T8015] [ 144.026597][ T8015] dump_stack_lvl+0x116/0x1f0 [ 144.026617][ T8015] print_report+0xc3/0x670 [ 144.026637][ T8015] ? __virt_addr_valid+0x5e/0x590 [ 144.026654][ T8015] ? __phys_addr+0xc6/0x150 [ 144.026669][ T8015] ? skb_queue_purge_reason+0x381/0x420 [ 144.026685][ T8015] kasan_report+0xe0/0x110 [ 144.026694][ T8015] ? skb_queue_purge_reason+0x381/0x420 [ 144.026711][ T8015] skb_queue_purge_reason+0x381/0x420 [ 144.026727][ T8015] ? __pfx_skb_queue_purge_reason+0x10/0x10 [ 144.026744][ T8015] ? lockdep_hardirqs_on+0x7c/0x110 [ 144.026758][ T8015] ? drain_workqueue+0x313/0x3d0 [ 144.026770][ T8015] ? __pfx_vhci_flush+0x10/0x10 [ 144.026784][ T8015] vhci_flush+0x40/0x50 [ 144.026793][ T8015] hci_dev_reset+0x22e/0x530 [ 144.026810][ T8015] hci_sock_ioctl+0x493/0x7d0 [ 144.026827][ T8015] ? __pfx_hci_sock_ioctl+0x10/0x10 [ 144.026846][ T8015] hci_sock_compat_ioctl+0x43/0x80 [ 144.026861][ T8015] ? __pfx_hci_sock_compat_ioctl+0x10/0x10 [ 144.026877][ T8015] compat_sock_ioctl+0x173/0x7c0 [ 144.026897][ T8015] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 144.026911][ T8015] ? hook_file_ioctl_common+0x145/0x410 [ 144.026931][ T8015] ? __fget_files+0x20e/0x3c0 [ 144.026957][ T8015] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 144.026972][ T8015] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 144.026986][ T8015] __do_fast_syscall_32+0x73/0x120 [ 144.027003][ T8015] do_fast_syscall_32+0x32/0x80 [ 144.027018][ T8015] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 144.027031][ T8015] RIP: 0023:0xf7fc6579 [ 144.027040][ T8015] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 144.027050][ T8015] RSP: 002b:00000000f50c555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 144.027061][ T8015] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000400448cb [ 144.027068][ T8015] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 144.027073][ T8015] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 144.027079][ T8015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 144.027085][ T8015] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 144.027095][ T8015] [ 144.027098][ T8015] [ 144.107978][ T8015] Allocated by task 7898: [ 144.109427][ T8015] kasan_save_stack+0x33/0x60 [ 144.111036][ T8015] kasan_save_track+0x14/0x30 [ 144.112693][ T8015] __kasan_kmalloc+0xaa/0xb0 [ 144.114320][ T8015] vhci_open+0x4c/0x430 [ 144.115668][ T8015] misc_open+0x35a/0x420 [ 144.117120][ T8015] chrdev_open+0x231/0x6a0 [ 144.118671][ T8015] do_dentry_open+0x741/0x1c10 [ 144.120302][ T8015] vfs_open+0x82/0x3f0 [ 144.121885][ T8015] path_openat+0x1e5e/0x2d40 [ 144.123885][ T8015] do_filp_open+0x20b/0x470 [ 144.125859][ T8015] do_sys_openat2+0x11b/0x1d0 [ 144.127828][ T8015] __ia32_compat_sys_openat+0x16d/0x210 [ 144.130031][ T8015] __do_fast_syscall_32+0x73/0x120 [ 144.132186][ T8015] do_fast_syscall_32+0x32/0x80 [ 144.134354][ T8015] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 144.137160][ T8015] [ 144.138279][ T8015] Freed by task 7898: [ 144.139970][ T8015] kasan_save_stack+0x33/0x60 [ 144.141989][ T8015] kasan_save_track+0x14/0x30 [ 144.143944][ T8015] kasan_save_free_info+0x3b/0x60 [ 144.146076][ T8015] __kasan_slab_free+0x51/0x70 [ 144.148086][ T8015] kfree+0x2b6/0x4d0 [ 144.149789][ T8015] vhci_release+0xbb/0xf0 [ 144.151667][ T8015] __fput+0x3ff/0xb70 [ 144.153363][ T8015] task_work_run+0x14d/0x240 [ 144.155363][ T8015] do_exit+0xafb/0x2c30 [ 144.157230][ T8015] do_group_exit+0xd3/0x2a0 [ 144.159254][ T8015] __ia32_sys_exit_group+0x3e/0x50 [ 144.161538][ T8015] ia32_sys_call+0xd56/0x1c40 [ 144.163529][ T8015] __do_fast_syscall_32+0x73/0x120 [ 144.165642][ T8015] do_fast_syscall_32+0x32/0x80 [ 144.167701][ T8015] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 144.170337][ T8015] [ 144.171398][ T8015] The buggy address belongs to the object at ffff888075563000 [ 144.171398][ T8015] which belongs to the cache kmalloc-1k of size 1024 [ 144.177312][ T8015] The buggy address is located 88 bytes inside of [ 144.177312][ T8015] freed 1024-byte region [ffff888075563000, ffff888075563400) [ 144.182912][ T8015] [ 144.183938][ T8015] The buggy address belongs to the physical page: [ 144.186671][ T8015] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75560 [ 144.190359][ T8015] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 144.193878][ T8015] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 144.197044][ T8015] page_type: f5(slab) [ 144.198862][ T8015] raw: 04fff00000000040 ffff88801b442dc0 ffffea00013ff200 dead000000000002 [ 144.202537][ T8015] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 144.206080][ T8015] head: 04fff00000000040 ffff88801b442dc0 ffffea00013ff200 dead000000000002 [ 144.209602][ T8015] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 144.213272][ T8015] head: 04fff00000000003 ffffea0001d55801 00000000ffffffff 00000000ffffffff [ 144.216818][ T8015] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 144.220336][ T8015] page dumped because: kasan: bad access detected [ 144.223031][ T8015] page_owner tracks the page as allocated [ 144.225361][ T8015] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1145, tgid 1145 (kworker/u32:8), ts 89450099622, free_ts 89387450478 [ 144.233219][ T8015] post_alloc_hook+0x181/0x1b0 [ 144.235225][ T8015] get_page_from_freelist+0x1193/0x39b0 [ 144.237559][ T8015] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 144.240005][ T8015] alloc_pages_mpol+0x1fb/0x550 [ 144.242148][ T8015] new_slab+0x23c/0x330 [ 144.243954][ T8015] ___slab_alloc+0xd9c/0x1940 [ 144.245979][ T8015] __slab_alloc.constprop.0+0x56/0xb0 [ 144.248273][ T8015] __kmalloc_noprof+0x2f2/0x510 [ 144.250352][ T8015] ieee802_11_parse_elems_full+0x1d7/0x3780 [ 144.252809][ T8015] ieee80211_inform_bss+0x10b/0x1140 [ 144.254995][ T8015] cfg80211_inform_single_bss_data+0x8e7/0x1df0 [ 144.257582][ T8015] cfg80211_inform_bss_data+0x224/0x3bd0 [ 144.259925][ T8015] cfg80211_inform_bss_frame_data+0x26e/0x7a0 [ 144.262482][ T8015] ieee80211_bss_info_update+0x310/0xab0 [ 144.264807][ T8015] ieee80211_ibss_rx_queued_mgmt+0x1905/0x2fd0 [ 144.267357][ T8015] ieee80211_iface_work+0xbf4/0x1020 [ 144.269536][ T8015] page last free pid 6674 tgid 6674 stack trace: [ 144.272183][ T8015] __free_frozen_pages+0x69d/0xff0 [ 144.274305][ T8015] __put_partials+0x16d/0x1c0 [ 144.276311][ T8015] qlist_free_all+0x4e/0x120 [ 144.278331][ T8015] kasan_quarantine_reduce+0x195/0x1e0 [ 144.280671][ T8015] __kasan_slab_alloc+0x69/0x90 [ 144.282799][ T8015] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 144.285056][ T8015] getname_flags.part.0+0x4c/0x550 [ 144.287207][ T8015] getname_flags+0x93/0xf0 [ 144.289109][ T8015] user_path_at+0x24/0x60 [ 144.290996][ T8015] do_faccessat+0x139/0xba0 [ 144.292899][ T8015] __x64_sys_faccessat2+0x96/0x100 [ 144.295033][ T8015] do_syscall_64+0xcd/0x260 [ 144.296936][ T8015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.299394][ T8015] [ 144.300416][ T8015] Memory state around the buggy address: [ 144.302797][ T8015] ffff888075562f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 144.306120][ T8015] ffff888075562f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 144.309363][ T8015] >ffff888075563000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 144.312638][ T8015] ^ [ 144.315384][ T8015] ffff888075563080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 144.318713][ T8015] ffff888075563100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 144.321957][ T8015] ================================================================== [ 144.345542][ T8015] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 144.348573][ T8015] CPU: 3 UID: 0 PID: 8015 Comm: syz.2.500 Not tainted 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 PREEMPT(full) [ 144.353575][ T8015] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 144.357985][ T8015] Call Trace: [ 144.359413][ T8015] [ 144.360678][ T8015] dump_stack_lvl+0x3d/0x1f0 [ 144.362891][ T8015] panic+0x71c/0x800 [ 144.364602][ T8015] ? __pfx_panic+0x10/0x10 [ 144.366494][ T8015] ? mark_held_locks+0x49/0x80 [ 144.368510][ T8015] ? preempt_schedule_thunk+0x16/0x30 [ 144.370920][ T8015] ? skb_queue_purge_reason+0x381/0x420 [ 144.373366][ T8015] ? preempt_schedule_common+0x44/0xc0 [ 144.375792][ T8015] ? skb_queue_purge_reason+0x381/0x420 [ 144.378128][ T8015] check_panic_on_warn+0xab/0xb0 [ 144.380218][ T8015] end_report+0x107/0x170 [ 144.382062][ T8015] kasan_report+0xee/0x110 [ 144.383943][ T8015] ? skb_queue_purge_reason+0x381/0x420 [ 144.386314][ T8015] skb_queue_purge_reason+0x381/0x420 [ 144.388605][ T8015] ? __pfx_skb_queue_purge_reason+0x10/0x10 [ 144.391131][ T8015] ? lockdep_hardirqs_on+0x7c/0x110 [ 144.393312][ T8015] ? drain_workqueue+0x313/0x3d0 [ 144.395520][ T8015] ? __pfx_vhci_flush+0x10/0x10 [ 144.397649][ T8015] vhci_flush+0x40/0x50 [ 144.399430][ T8015] hci_dev_reset+0x22e/0x530 [ 144.401488][ T8015] hci_sock_ioctl+0x493/0x7d0 [ 144.403455][ T8015] ? __pfx_hci_sock_ioctl+0x10/0x10 [ 144.405647][ T8015] hci_sock_compat_ioctl+0x43/0x80 [ 144.407963][ T8015] ? __pfx_hci_sock_compat_ioctl+0x10/0x10 [ 144.410672][ T8015] compat_sock_ioctl+0x173/0x7c0 [ 144.413320][ T8015] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 144.416187][ T8015] ? hook_file_ioctl_common+0x145/0x410 [ 144.418794][ T8015] ? __fget_files+0x20e/0x3c0 [ 144.420736][ T8015] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 144.422840][ T8015] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 144.425011][ T8015] __do_fast_syscall_32+0x73/0x120 [ 144.427205][ T8015] do_fast_syscall_32+0x32/0x80 [ 144.428897][ T8015] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 144.431062][ T8015] RIP: 0023:0xf7fc6579 [ 144.432860][ T8015] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 144.438873][ T8015] RSP: 002b:00000000f50c555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 144.442001][ T8015] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000400448cb [ 144.445524][ T8015] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 144.448452][ T8015] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 144.451229][ T8015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 144.454222][ T8015] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 144.457620][ T8015] [ 144.459572][ T8015] Kernel Offset: disabled [ 144.461290][ T8015] Rebooting in 86400 seconds.. VM DIAGNOSIS: 02:19:57 Registers: info registers vcpu 0 CPU#0 RAX=0000000000203d27 RBX=0000000000000000 RCX=ffffffff8b702439 RDX=0000000000000000 RSI=ffffffff8dbeb4b7 RDI=ffffffff8bf45100 RBP=fffffbfff1c12ee8 RSP=ffffffff8e007e10 R8 =0000000000000001 R9 =ffffed10056465bd R10=ffff88802b232deb R11=0000000000000000 R12=0000000000000000 R13=ffffffff8e097740 R14=ffffffff90868010 R15=0000000000000000 RIP=ffffffff8b700ccf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977b9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002f91fffc CR3=0000000051f88000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000037c841 RBX=0000000000000001 RCX=ffffffff8b702439 RDX=0000000000000000 RSI=ffffffff8dbeb4b7 RDI=ffffffff8bf45100 RBP=ffffed1003b55488 RSP=ffffc9000046fdf8 R8 =0000000000000001 R9 =ffffed10056665bd R10=ffff88802b332deb R11=0000000000000000 R12=0000000000000001 R13=ffff88801daaa440 R14=ffffffff90868010 R15=0000000000000000 RIP=ffffffff8b700ccf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880978b9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c250fff CR3=00000000525b6000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000013 RBX=0000000000000000 RCX=ffffffff87b2b6af RDX=ffff888020160000 RSI=ffffffff815f450c RDI=0000000000000000 RBP=0000000000000013 RSP=ffffc90000538d00 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000026 R11=0000000000000000 R12=0000000000000046 R13=0000000000000000 R14=000000000000000a R15=0000000000000026 RIP=ffffffff815f4512 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880979b9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7fe6e40 CR3=000000004dfdc000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f7482ff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff854bca60 RDI=ffffffff9ae12b40 RBP=ffffffff9ae12b00 RSP=ffffc90004d6f5a8 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000031303854 R12=0000000000000000 R13=0000000000000020 R14=fffffbfff35c25ba R15=dffffc0000000000 RIP=ffffffff854bca87 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097ab9000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f5024e7c CR3=0000000051f88000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fefeffd0 Opmask01=0000000000000003 Opmask02=000000000000ffdf Opmask03=2040000404420020 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055f1a90a1b10 000055f1a9081350 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffff00 ffffffffff0000ff ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 3c1fccab8b4d5e36 737326878561505c ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73737373737373e2 7373737373431a73 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000b1 0000000000000000 44455a494c414954 494e495f43455355 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6f742079617272 6120656c75722079 7261726f706d6574 002a3f005b3f2a00 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4a4a51055c445757 440540495057055c 5744574a55484051 000f1a005b1a0f00 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000201 0039320000306963 682f68746f6f7465 756c622f6c617574 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f6cbfd8f83e2d45 000055f4f613f890 0000000000000251 0000000038346c6c ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f6cbfd8f83e2d45 000055f4f613cf3f 0000000000000261 0000003177617264 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 26483b3a3a264b3b 3a0a00307f617930 382433273f397b27 697a787c69303b7e ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692054524f50202c 2064696c61696d20 0070253a20252054 524f504d49005452 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692020520050202c 2025204f504d4900 0061253a20252000 2527204d49005452 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000