last executing test programs: 48.161471991s ago: executing program 3 (id=106): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f00000000c0)=0x7a, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='dctcp\x00', 0x6) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10) sendto$inet(r0, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b037511bf746bec66ba", 0x994b6e03113064ae, 0x0, 0x0, 0x0) recvmsg(r0, &(0x7f0000001500)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x437aba2}], 0x1, 0x0, 0x46, 0x407006}, 0x104) 47.202556344s ago: executing program 3 (id=122): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000380)="fe", 0x1}], 0x1) 47.129871221s ago: executing program 3 (id=123): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x50, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x20, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x8}, @TCA_CAKE_INGRESS={0x8, 0xf, 0x1}, @TCA_CAKE_MEMORY={0x8, 0xa, 0x6}]}}]}, 0x50}}, 0x20000000) r3 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0) 47.126103645s ago: executing program 3 (id=125): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPSET_CMD_PROTOCOL(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000880)={0x14, 0x1, 0x6, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x30000000) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x40000, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x3c}}, 0x0) 46.931001507s ago: executing program 3 (id=130): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000200)='./file0\x00', 0x0) lstat(&(0x7f00000000c0)='./file0/file0\x00', 0x0) 46.858098732s ago: executing program 3 (id=134): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_io_uring_setup(0x231, &(0x7f0000000180)={0x0, 0x0, 0x10100}, &(0x7f0000000200)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r1, 0x0, &(0x7f0000000340), 0x0, 0x142}) io_uring_enter(r2, 0x7a98, 0x0, 0x0, 0x0, 0x0) 31.547312741s ago: executing program 32 (id=134): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_io_uring_setup(0x231, &(0x7f0000000180)={0x0, 0x0, 0x10100}, &(0x7f0000000200)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r1, 0x0, &(0x7f0000000340), 0x0, 0x142}) io_uring_enter(r2, 0x7a98, 0x0, 0x0, 0x0, 0x0) 15.755279127s ago: executing program 4 (id=579): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x129000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000440)={'syztnl2\x00', 0x0}) sendmsg$nl_xfrm(r1, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc8c4}, 0x40) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4f549b, 0x0, [0x3, 0x0, 0x0, 0x0, 0x0, 0x32, 0x0, 0x10001]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 15.631779394s ago: executing program 4 (id=580): pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x0, 0x0, 0x0, 0x400000006, 0x6}, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x24, 0x10, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xe, 0x8}, {0x9, 0xfff1}}}, 0x24}}, 0x0) r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x12d3e, 0x0, 0x8, 0x0, 0x0) 14.732530362s ago: executing program 4 (id=590): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000240)=0x3, 0x4) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4) sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x0) recvmmsg(r1, &(0x7f0000001040)=[{{0x0, 0x0, 0x0}, 0x400}], 0x1, 0x40000002, 0x0) 14.732158012s ago: executing program 4 (id=591): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x80700a, 0x0) umount2(&(0x7f0000000100)='./file0/file0\x00', 0xb) 14.691524098s ago: executing program 4 (id=593): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000300)=[@acquire], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x80000) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x10, 0x0, &(0x7f0000000000)=[@request_death], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f00000001c0)="ba30a945e46b03d7dd459192252b6e3c518d8badd03bee30080487b36c9dc92d57f60c92e675acf419e99d5ca8758bdc1e0ddc04ee8d370e9e5c1faa5b4fefed59d0931c498f0c7a38aeae2c26014b38"}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000005c0)={0xc, 0x0, &(0x7f0000000240)=[@dead_binder_done={0x40086310, 0x1000000}], 0x0, 0x0, 0x0}) 14.389050468s ago: executing program 4 (id=596): r0 = syz_io_uring_setup(0x4300, &(0x7f0000000380)={0x0, 0x0, 0x10100, 0x0, 0xd0}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_SENDMSG={0x9, 0x18, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1}) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='*'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 14.373535848s ago: executing program 33 (id=596): r0 = syz_io_uring_setup(0x4300, &(0x7f0000000380)={0x0, 0x0, 0x10100, 0x0, 0xd0}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_SENDMSG={0x9, 0x18, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1}) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='*'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 2.68879898s ago: executing program 5 (id=765): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f00000003c0)={0x0, 0x4533, 0x10100, 0xffffdffe, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f0000000340)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x15a, 0x4000, 0x0, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') read$FUSE(r5, 0x0, 0x3) 2.418746657s ago: executing program 2 (id=770): mkdir(&(0x7f0000000180)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003c58b3bd0000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x2, {0x0, 0x1e}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0) 2.278928628s ago: executing program 0 (id=771): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 1.934810801s ago: executing program 0 (id=772): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000200)={0x1, 0x0, 0x0, &(0x7f0000000740)=""/51, 0x0, 0x10000}) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000002900)={0x1, 0x0, [{0xfadb442058d8a7b1, 0x7e, &(0x7f00000013c0)=""/126}]}) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x1, r2}) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f00000001c0)=0x304008000) 1.888765753s ago: executing program 0 (id=774): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001000"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c00128009000100626f5c64000000000c000280060019"], 0x3c}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010005f3f770005000000000000000000", @ANYRES32=0x0, @ANYBLOB="fd00000000000000280012800a00010076786c616e"], 0x3}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe2, 0x0) 1.844596512s ago: executing program 5 (id=775): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000500)={0xa, 0x2, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f00000000c0)="04", 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x4e24, 0x0, @loopback, 0x1}}, 0x0, 0x0, 0x6, 0x0, "10baa70a93289349d889de25b87376f64276337642b890d33cb5b592e66e6229bc5c7ac135fee1b3871b7ef6619db5b2a94edb6f73ea08b02aa3b47debd38b6d889a8c986b33eb49c3157f1f370dfd67"}, 0xd8) dup(r0) shutdown(r0, 0x1) read(r0, &(0x7f0000000100)=""/216, 0xd8) 1.769006021s ago: executing program 5 (id=776): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x54, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SAVE(r2, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 1.600867871s ago: executing program 2 (id=777): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000004) ioctl$sock_SIOCBRDELBR(r0, 0x89a2, &(0x7f0000000000)='bridge0\x00') r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x40d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0xc060, 0x8}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_NEIGH_SUPPRESS={0x5, 0x20, 0x1}]}}}]}, 0x44}}, 0x0) syz_emit_ethernet(0x2e, &(0x7f00000000c0)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x1e}, @random="6a177a00", @val={@void, {0x8100, 0x1, 0x1, 0xfff}}, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @remote, @rand_addr=0x64010101, @random="8ec66f350ba6", @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, 0x0) 1.479035667s ago: executing program 2 (id=778): mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0xffffff8c) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSIGACCEPT(r0, 0x5607, 0x38) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000080)={@mcast1, 0x800, 0x0, 0x2, 0x0, 0x0, 0xc}, 0x20) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSETMODE(r2, 0x4b3a, 0x1) ioctl$TCXONC(r2, 0x4b3a, 0x0) 1.077668921s ago: executing program 5 (id=779): r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) listen(r0, 0xda90) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='cpuset.effective_mems\x00', 0x275a, 0x0) write$cgroup_subtree(r2, &(0x7f0000000480)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000400), &(0x7f00000000c0)=0x8) 978.773643ms ago: executing program 0 (id=780): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000400)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) pread64(r1, &(0x7f0000000440)=""/4099, 0x1003, 0x59) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) 858.750727ms ago: executing program 0 (id=781): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x80, 0x0, 0x0, 0x0, 0x1) 652.081949ms ago: executing program 2 (id=782): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000380), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') rename(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='./bus\x00') 548.522313ms ago: executing program 2 (id=783): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f00000aa000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r3 = dup(r2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r3, 0x0) 421.433401ms ago: executing program 2 (id=787): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000040), 0x4) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000180)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x989, 0x0, 0x10}, 0x9c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x0, 0x20}, 0xc) sendmmsg$inet6(r0, &(0x7f0000003f00)=[{{0x0, 0xf, &(0x7f0000000300)=[{&(0x7f0000000140)="a2", 0x1a058}], 0x1}}], 0x1, 0x0) writev(r0, &(0x7f0000000580)=[{&(0x7f00000003c0)='k', 0x1600}], 0x1) 402.006568ms ago: executing program 1 (id=788): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0xfffb, @broadcast, 'veth0_virt_wifi\x00'}}, 0x1e) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e) close(r1) connect$pppoe(r2, &(0x7f0000000000)={0x18, 0x0, {0x3, @broadcast, 'vxcan1\x00'}}, 0x1e) 327.984661ms ago: executing program 1 (id=789): r0 = socket(0x10, 0x803, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x3c, 0x2c, 0xd27, 0x30bd29, 0x2, {0x0, 0x0, 0x0, r4, {0x0, 0x5}, {}, {0x7}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x9a36}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0) 266.61546ms ago: executing program 1 (id=790): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r1 = socket$unix(0x1, 0x5, 0x0) r2 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r2, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x41}, 0x3}}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r3, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, 0x0}, 0x0) r4 = dup2(r1, r0) close_range(r4, 0xffffffffffffffff, 0x0) 203.269698ms ago: executing program 1 (id=791): r0 = socket(0x28, 0x5, 0x0) r1 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r1, 0x0) connect$vsock_stream(r0, &(0x7f0000000440), 0x10) sendmmsg(r0, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x0) r2 = accept4$unix(r1, 0x0, 0x0, 0x0) read(r2, 0x0, 0xffffffffffffff1e) 202.684489ms ago: executing program 1 (id=792): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x19, 0x4, 0x8, 0x7fff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1) 198.924159ms ago: executing program 5 (id=793): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x2, 0x5, 0x324, 0x228, 0x228, 0xffffffff, 0x228, 0x0, 0x45c, 0x45c, 0xffffffff, 0x45c, 0x45c, 0x5, 0x0, {[{{@ip={@multicast2, @multicast2, 0xffffffff, 0x0, 'pim6reg\x00', 'dvmrp0\x00', {0x284867cb942d9816}, {}, 0xbc4f28a3537236dc}, 0xac030000, 0x70, 0xa4}, @SNAT0={0x34, 'SNAT\x00', 0x0, {0x1, {0x0, @broadcast, @private=0xa010102, @icmp_id=0x66, @port=0x4e20}}}}, {{@uncond, 0x0, 0x70, 0xa4}, @MASQUERADE={0x34, 'MASQUERADE\x00', 0x0, {0x1, {0x4, @broadcast, @empty, @port, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0xa4}, @SNAT0={0x34, 'SNAT\x00', 0x0, {0x1, {0x0, @local, @local, @icmp_id, @port=0x2}}}}, {{@ip={@initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, 0xffffff00, 0xffffff00, 'virt_wifi0\x00', 'ipvlan1\x00', {0xff}, {}, 0x62, 0x2, 0x14}, 0x0, 0x70, 0xa4}, @DNAT0={0x34, 'DNAT\x00', 0x0, {0x1, {0x14, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, @gre_key=0x81, @gre_key=0x6}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x380) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000080), 0x4) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f0000000080)) 172.463707ms ago: executing program 1 (id=794): r0 = syz_open_dev$ndb(&(0x7f0000000140), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) ioctl$NBD_SET_FLAGS(r2, 0xab0a, 0x1000001000104) ioctl$NBD_SET_SOCK(r2, 0xab00, r1) ioctl$NBD_DO_IT(r0, 0xab03) ioctl$NBD_CLEAR_SOCK(r2, 0xab04) 94.015567ms ago: executing program 5 (id=795): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) write$qrtrtun(r0, &(0x7f0000000c40)="9d", 0x1) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x1, 0x1}}, 0x40) mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000) mlock2(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1) 0s ago: executing program 0 (id=796): socket$inet_mptcp(0x2, 0x1, 0x106) r0 = syz_io_uring_setup(0x6440, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, 0x0, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x40, 0x0, 0x3, 0x1, 0x0, 0xce}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='.'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:46898' (ED25519) to the list of known hosts. [ 41.587125][ T5935] cgroup: Unknown subsys name 'net' [ 41.733329][ T5935] cgroup: Unknown subsys name 'cpuset' [ 41.736785][ T5935] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 42.531434][ T5935] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.157550][ T5954] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 45.162085][ T5954] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 45.164684][ T5954] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 45.167201][ T5954] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 45.169554][ T5954] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 45.171647][ T5955] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 45.172027][ T5955] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 45.174204][ T5959] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 45.177334][ T5955] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 45.179137][ T5959] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 45.182060][ T5955] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 45.183278][ T5960] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 45.185053][ T5960] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 45.186911][ T5959] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 45.189514][ T5961] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 45.189738][ T5960] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 45.191227][ T64] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 45.195254][ T5961] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 45.196007][ T5959] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 45.196704][ T64] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 45.196917][ T64] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 45.198743][ T5961] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 45.218995][ T5961] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 45.221340][ T5961] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 45.400139][ T5946] chnl_net:caif_netlink_parms(): no params data found [ 45.442738][ T5957] chnl_net:caif_netlink_parms(): no params data found [ 45.458380][ T5950] chnl_net:caif_netlink_parms(): no params data found [ 45.528254][ T5946] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.531017][ T5946] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.533462][ T5946] bridge_slave_0: entered allmulticast mode [ 45.535757][ T5946] bridge_slave_0: entered promiscuous mode [ 45.576285][ T5946] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.578312][ T5946] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.580297][ T5946] bridge_slave_1: entered allmulticast mode [ 45.582523][ T5946] bridge_slave_1: entered promiscuous mode [ 45.618603][ T5957] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.620737][ T5957] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.622885][ T5957] bridge_slave_0: entered allmulticast mode [ 45.626097][ T5957] bridge_slave_0: entered promiscuous mode [ 45.629668][ T5951] chnl_net:caif_netlink_parms(): no params data found [ 45.637225][ T5946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.650677][ T5957] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.653420][ T5957] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.656315][ T5957] bridge_slave_1: entered allmulticast mode [ 45.659884][ T5957] bridge_slave_1: entered promiscuous mode [ 45.677793][ T5946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.748165][ T5950] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.751184][ T5950] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.754084][ T5950] bridge_slave_0: entered allmulticast mode [ 45.757317][ T5950] bridge_slave_0: entered promiscuous mode [ 45.774799][ T5957] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.782138][ T5946] team0: Port device team_slave_0 added [ 45.784742][ T5950] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.788163][ T5950] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.791224][ T5950] bridge_slave_1: entered allmulticast mode [ 45.794360][ T5950] bridge_slave_1: entered promiscuous mode [ 45.809802][ T5957] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.821090][ T5946] team0: Port device team_slave_1 added [ 45.831023][ T5950] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.863121][ T5957] team0: Port device team_slave_0 added [ 45.877904][ T5950] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.880580][ T5951] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.882794][ T5951] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.884939][ T5951] bridge_slave_0: entered allmulticast mode [ 45.887134][ T5951] bridge_slave_0: entered promiscuous mode [ 45.890382][ T5957] team0: Port device team_slave_1 added [ 45.914136][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.916138][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.923303][ T5946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.944243][ T5951] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.946269][ T5951] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.948272][ T5951] bridge_slave_1: entered allmulticast mode [ 45.950386][ T5951] bridge_slave_1: entered promiscuous mode [ 45.961572][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.964151][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.972663][ T5946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.978137][ T5950] team0: Port device team_slave_0 added [ 45.996768][ T5957] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.998949][ T5957] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.007997][ T5957] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.012248][ T5957] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.014804][ T5957] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.022588][ T5957] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.031518][ T5950] team0: Port device team_slave_1 added [ 46.034851][ T5951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.038680][ T5951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.098063][ T5950] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.100454][ T5950] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.109839][ T5950] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.116050][ T5951] team0: Port device team_slave_0 added [ 46.134380][ T5950] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.136301][ T5950] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.144008][ T5950] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.148176][ T5951] team0: Port device team_slave_1 added [ 46.154670][ T5946] hsr_slave_0: entered promiscuous mode [ 46.157421][ T5946] hsr_slave_1: entered promiscuous mode [ 46.162359][ T5957] hsr_slave_0: entered promiscuous mode [ 46.164397][ T5957] hsr_slave_1: entered promiscuous mode [ 46.166324][ T5957] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.168606][ T5957] Cannot create hsr debugfs directory [ 46.210491][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.212638][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.219835][ T5951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.253616][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.256078][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.265693][ T5951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.274842][ T5950] hsr_slave_0: entered promiscuous mode [ 46.276874][ T5950] hsr_slave_1: entered promiscuous mode [ 46.279035][ T5950] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.281929][ T5950] Cannot create hsr debugfs directory [ 46.367439][ T5951] hsr_slave_0: entered promiscuous mode [ 46.369524][ T5951] hsr_slave_1: entered promiscuous mode [ 46.372741][ T5951] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.375597][ T5951] Cannot create hsr debugfs directory [ 46.548699][ T5946] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 46.554859][ T5946] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 46.567683][ T5946] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 46.574638][ T5946] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 46.592457][ T5957] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 46.597173][ T5957] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 46.603109][ T5957] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 46.610547][ T5957] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 46.628513][ T5950] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 46.634503][ T5950] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 46.638268][ T5950] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 46.643694][ T5950] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 46.680078][ T5951] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 46.684571][ T5951] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 46.689622][ T5951] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 46.694455][ T5951] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 46.726434][ T5946] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.752786][ T5946] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.764062][ T1176] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.767027][ T1176] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.783589][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.786435][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.792166][ T5957] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.803879][ T5950] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.816412][ T5957] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.830615][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.832901][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.839779][ T5950] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.848461][ T5946] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 46.852361][ T5946] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 46.864367][ T84] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.866514][ T84] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.874289][ T164] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.876367][ T164] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.887243][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.889356][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.892979][ T5951] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.903889][ T5951] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.909709][ T1141] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.911742][ T1141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.925539][ T1141] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.927586][ T1141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.962018][ T5951] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 46.974337][ T5946] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.993158][ T5946] veth0_vlan: entered promiscuous mode [ 46.997135][ T5946] veth1_vlan: entered promiscuous mode [ 47.008456][ T5946] veth0_macvtap: entered promiscuous mode [ 47.014834][ T5946] veth1_macvtap: entered promiscuous mode [ 47.021654][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.026605][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.030430][ T5946] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.034522][ T5946] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.037028][ T5946] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.039528][ T5946] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.062602][ T5957] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.077021][ T5950] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.083438][ T5951] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.100115][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.103595][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.108449][ T5957] veth0_vlan: entered promiscuous mode [ 47.125362][ T164] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.128083][ T5957] veth1_vlan: entered promiscuous mode [ 47.128329][ T164] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.144949][ T5951] veth0_vlan: entered promiscuous mode [ 47.158315][ T5957] veth0_macvtap: entered promiscuous mode [ 47.159791][ T5946] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 47.162676][ T5957] veth1_macvtap: entered promiscuous mode [ 47.169063][ T5951] veth1_vlan: entered promiscuous mode [ 47.174696][ T5950] veth0_vlan: entered promiscuous mode [ 47.179642][ T5950] veth1_vlan: entered promiscuous mode [ 47.184599][ T5957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.187525][ T5957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.191177][ T5957] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.197072][ T5957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.201226][ T5957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.205029][ T5957] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.220240][ T5957] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.223410][ T5957] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.225922][ T5957] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.228384][ T5957] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.234330][ T6009] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 47.240263][ T5950] veth0_macvtap: entered promiscuous mode [ 47.242177][ T5961] Bluetooth: hci1: command tx timeout [ 47.243428][ T5314] Bluetooth: hci3: command tx timeout [ 47.243475][ T5949] Bluetooth: hci2: command tx timeout [ 47.243749][ T5949] Bluetooth: hci0: command tx timeout [ 47.246145][ T5951] veth0_macvtap: entered promiscuous mode [ 47.256063][ T5950] veth1_macvtap: entered promiscuous mode [ 47.263806][ T5951] veth1_macvtap: entered promiscuous mode [ 47.268069][ T5950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.271237][ T5950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.274055][ T5950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.277018][ T5950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.280474][ T5950] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.296336][ T5950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.300406][ T5950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.305105][ T5950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.308072][ T5950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.313541][ T5950] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.320573][ T1141] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.322224][ T5951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.323409][ T1141] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.327377][ T5951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.333580][ T5951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.337500][ T5951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.341486][ T5951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.345348][ T5951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.349730][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.354058][ T5950] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.356743][ T5950] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.359351][ T5950] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.363006][ T5950] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.363109][ T39] audit: type=1804 audit(1736365693.792:2): pid=6011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.6" name="/newroot/2/file0/bus" dev="9p" ino=38535737 res=1 errno=0 [ 47.384698][ T5951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.387710][ T5951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.390499][ T5951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.393951][ T5951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.396731][ T5951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.399738][ T5951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.404050][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.407617][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.411895][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.414295][ T5951] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.417832][ T5951] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.420307][ T5951] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.423268][ T5951] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.451552][ T164] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.453909][ T164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.469980][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.474854][ T164] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.474947][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.477259][ T164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.501566][ T1176] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.503927][ T1176] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.862386][ T6049] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 47.970183][ T6052] trusted_key: syz.1.18 sent an empty control message without MSG_MORE. [ 48.939923][ T5987] libceph: connect (1)[c::]:6789 error -101 [ 48.942351][ T5987] libceph: mon0 (1)[c::]:6789 connect error [ 48.949228][ T5987] libceph: connect (1)[c::]:6789 error -101 [ 48.951821][ T5987] libceph: mon0 (1)[c::]:6789 connect error [ 49.086113][ T6124] ceph: No mds server is up or the cluster is laggy [ 49.087353][ T6132] netlink: 'syz.2.35': attribute type 4 has an invalid length. [ 49.317528][ T6145] uprobe: syz.2.41:6145 failed to unregister, leaking uprobe [ 49.321282][ T5314] Bluetooth: hci1: command tx timeout [ 49.322952][ T5314] Bluetooth: hci2: command tx timeout [ 49.330757][ T5961] Bluetooth: hci3: command tx timeout [ 49.381296][ T6155] netlink: 'syz.1.45': attribute type 1 has an invalid length. [ 49.540640][ T6164] Bluetooth: MGMT ver 1.23 [ 49.543787][ T6164] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes [ 49.566041][ T6166] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 49.582768][ T6166] evm: overlay not supported [ 49.584340][ T39] audit: type=1800 audit(1736365696.012:3): pid=6166 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.50" name="file0" dev="overlay" ino=38535694 res=0 errno=0 [ 49.590037][ T39] audit: type=1326 audit(1736365696.012:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6169 comm="syz.2.52" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70be579 code=0x0 [ 49.633228][ T6171] syz.0.51 uses obsolete (PF_INET,SOCK_PACKET) [ 49.646615][ T6172] Cannot find del_set index 4 as target [ 49.734577][ T6176] syzkaller0: entered promiscuous mode [ 49.736213][ T6176] syzkaller0: entered allmulticast mode [ 50.203251][ T5961] Bluetooth: hci0: command tx timeout [ 50.403164][ T6197] fuse: root generation should be zero [ 50.463002][ T6207] overlay: ./bus is not a directory [ 50.682180][ T6216] netfs: Duplicate cookie detected [ 50.683915][ T6216] netfs: O-cookie c=00000006 [fl=5080 na=1 nA=0 s=-] [ 50.685892][ T6216] netfs: O-cookie V=00000003 [9p,syz,] [ 50.687609][ T6216] netfs: O-key=[8] '0c024c0200000000' [ 50.689167][ T6216] netfs: N-cookie c=00000007 [fl=8 na=0 nA=0 s=-] [ 50.691330][ T6216] netfs: N-cookie V=00000003 [9p,syz,] [ 50.692931][ T6216] netfs: N-key=[8] '0c024c0200000000' [ 50.778126][ T6222] vlan2: entered promiscuous mode [ 50.780182][ T6222] bond0: entered promiscuous mode [ 50.782196][ T6222] bond_slave_0: entered promiscuous mode [ 50.784462][ T6222] bond_slave_1: entered promiscuous mode [ 50.788475][ T6222] bond0: left promiscuous mode [ 50.792422][ T6222] bond_slave_0: left promiscuous mode [ 50.794776][ T6222] bond_slave_1: left promiscuous mode [ 50.960930][ T5988] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 50.977965][ T6234] netlink: 4 bytes leftover after parsing attributes in process `syz.0.76'. [ 50.981274][ T6234] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 50.983554][ T6234] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 50.986429][ T6234] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 50.988582][ T6234] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 51.120802][ T5988] usb 7-1: Using ep0 maxpacket: 8 [ 51.131552][ T5988] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 51.134515][ T5988] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 51.137420][ T5988] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 51.140774][ T5988] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 51.145893][ T5988] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 51.149532][ T5988] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.368495][ T5988] usb 7-1: usb_control_msg returned -32 [ 51.371209][ T5988] usbtmc 7-1:16.0: can't read capabilities [ 51.401135][ T5314] Bluetooth: hci2: command tx timeout [ 51.401533][ T5956] Bluetooth: hci1: command tx timeout [ 51.403330][ T5961] Bluetooth: hci3: command tx timeout [ 51.928032][ T5988] usb 7-1: USB disconnect, device number 2 [ 52.201946][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 52.520334][ T6280] netlink: 'syz.0.93': attribute type 1 has an invalid length. [ 52.523327][ T6280] netlink: 'syz.0.93': attribute type 4 has an invalid length. [ 52.525597][ T6280] netlink: 15334 bytes leftover after parsing attributes in process `syz.0.93'. [ 52.776750][ T39] audit: type=1326 audit(1736365699.202:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6283 comm="syz.1.96" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7fc00000 [ 52.783706][ T6320] netlink: 8 bytes leftover after parsing attributes in process `syz.2.99'. [ 52.786813][ T6320] netlink: 12 bytes leftover after parsing attributes in process `syz.2.99'. [ 52.823072][ T6325] netlink: 327 bytes leftover after parsing attributes in process `syz.2.100'. [ 53.358772][ T6369] netlink: 4 bytes leftover after parsing attributes in process `syz.2.111'. [ 53.400870][ T39] audit: type=1326 audit(1736365699.832:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6283 comm="syz.1.96" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70de579 code=0x7fc00000 [ 53.481142][ T5961] Bluetooth: hci1: command tx timeout [ 53.482129][ T5956] Bluetooth: hci3: command tx timeout [ 53.483504][ T5314] Bluetooth: hci2: command tx timeout [ 54.136814][ T6401] netlink: 12 bytes leftover after parsing attributes in process `syz.3.125'. [ 54.153635][ T6401] 8021q: adding VLAN 0 to HW filter on device bond1 [ 54.180143][ T6401] 8021q: adding VLAN 0 to HW filter on device bond1 [ 54.182440][ T6401] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 54.191310][ T6401] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 54.648855][ T6442] overlayfs: failed to resolve './file1': -2 [ 54.670849][ T62] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 54.840832][ T62] usb 5-1: Using ep0 maxpacket: 32 [ 54.843573][ T62] usb 5-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 54.846310][ T62] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 54.850529][ T62] usb 5-1: config 0 descriptor?? [ 54.856310][ T62] as10x_usb: device has been detected [ 54.858867][ T62] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 54.869583][ T62] usb 5-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 54.873871][ T6449] binder: 6448:6449 ioctl c0306201 200087c0 returned -14 [ 54.886810][ T62] as10x_usb: error during firmware upload part1 [ 54.889105][ T62] Registered device nBox DVB-T Dongle [ 55.062520][ T62] usb 5-1: USB disconnect, device number 2 [ 55.080654][ T62] Unregistered device nBox DVB-T Dongle [ 55.081990][ T62] as10x_usb: device has been disconnected [ 55.170563][ T6472] kvm: MONITOR instruction emulated as NOP! [ 57.382857][ T6522] netlink: 'syz.1.174': attribute type 25 has an invalid length. [ 57.385757][ T6522] netlink: 'syz.1.174': attribute type 1 has an invalid length. [ 57.389850][ T6522] bridge0: port 1(bridge_slave_0) entered learning state [ 57.651016][ T5961] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 57.651273][ T5314] Bluetooth: hci4: command 0x1003 tx timeout [ 58.389543][ T6564] Zero length message leads to an empty skb [ 58.523145][ T1019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 58.527153][ T6575] syz.1.197[6575] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 58.527227][ T6575] syz.1.197[6575] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 58.535544][ T6575] syz.1.197[6575] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 58.545477][ T6575] TCP: request_sock_TCPv6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 58.611851][ T1332] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 58.800759][ T39] audit: type=1326 audit(1736365705.222:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6585 comm="syz.1.203" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x0 [ 59.570907][ T1019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 59.980848][ T1332] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 60.086315][ T6618] Bluetooth: Invalid esc byte 0x00 [ 60.137390][ T1332] usb 6-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 0 [ 60.152121][ T1332] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 60.154845][ T1332] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 60.157249][ T1332] usb 6-1: Product: syz [ 60.160523][ T1332] usb 6-1: Manufacturer: syz [ 60.161996][ T1332] usb 6-1: SerialNumber: syz [ 60.167984][ T6610] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 60.217764][ T6622] syz.0.214[6622] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 60.217821][ T6622] syz.0.214[6622] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 60.221461][ T6622] syz.0.214[6622] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 60.383802][ T1332] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -22 [ 60.392533][ T1332] usb 6-1: USB disconnect, device number 2 [ 60.453548][ T6632] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2237456127 (143197192128 ns) > initial count (6394133056 ns). Using initial count to start timer. [ 60.533675][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 60.536829][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 60.539202][ T834] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 60.600937][ T1019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 60.825139][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 60.830746][ T1332] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 60.970230][ C0] Unknown status report in ack skb [ 60.990740][ T1332] usb 6-1: Using ep0 maxpacket: 8 [ 60.993946][ T1332] usb 6-1: config index 0 descriptor too short (expected 301, got 72) [ 60.996428][ T1332] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 60.999468][ T1332] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 61.002432][ T1332] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 61.005846][ T1332] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 61.009177][ T1332] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 2007, setting to 1024 [ 61.012534][ T1332] usb 6-1: config 16 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 3 [ 61.016490][ T1332] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 61.019140][ T1332] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.025064][ T6610] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 61.233571][ T1332] usb 6-1: usb_control_msg returned -32 [ 61.235931][ T1332] usbtmc 6-1:16.0: can't read capabilities [ 61.260872][ T834] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 61.423881][ T834] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 61.427451][ T834] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 61.430588][ T834] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 61.433777][ T834] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 61.437379][ T834] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 61.440185][ T834] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.443506][ T834] usb 5-1: config 0 descriptor?? [ 61.445463][ T6644] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 61.642764][ T1019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 61.651969][ T1332] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 61.856999][ T834] plantronics 0003:047F:FFFF.0002: unknown main item tag 0xd [ 61.860565][ T834] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 61.869271][ T834] plantronics 0003:047F:FFFF.0002: hiddev1,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 62.058581][ T834] usb 5-1: USB disconnect, device number 3 [ 62.326036][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.329024][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.443128][ C2] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.582073][ T6669] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 62.653981][ T6673] kvm: apic: phys broadcast and lowest prio [ 62.763297][ T62] usb 6-1: USB disconnect, device number 3 [ 63.073310][ T6696] netlink: 8 bytes leftover after parsing attributes in process `syz.0.241'. [ 63.075877][ T6696] netlink: 8 bytes leftover after parsing attributes in process `syz.0.241'. [ 63.127133][ T6698] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 63.129166][ T6698] overlayfs: failed to set xattr on upper [ 63.130796][ T6698] overlayfs: ...falling back to redirect_dir=nofollow. [ 63.132567][ T6698] overlayfs: ...falling back to index=off. [ 63.134170][ T6698] overlayfs: ...falling back to uuid=null. [ 63.135758][ T6698] overlayfs: maximum fs stacking depth exceeded [ 63.250272][ T6712] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3738224872 (478492783616 ns) > initial count (91121186304 ns). Using initial count to start timer. [ 63.260475][ T6712] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 63.722117][ T1019] net_ratelimit: 2 callbacks suppressed [ 63.722129][ T1019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 64.075117][ T12] Bluetooth: (null): Invalid header checksum [ 64.077129][ T12] Bluetooth: (null): Invalid header checksum [ 64.080919][ T6745] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 64.681023][ T1332] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 64.760956][ T1017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 64.939063][ T6758] warning: `syz.1.267' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 64.947483][ T6750] Set syz1 is full, maxelem 65536 reached [ 65.104295][ T6769] bond0: up delay (5) is not a multiple of miimon (4), value rounded to 4 ms [ 65.110191][ T6769] netlink: 'syz.1.272': attribute type 10 has an invalid length. [ 65.113612][ T6769] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.116916][ T6769] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.122873][ T6769] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.124992][ T6769] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.127181][ T6769] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.129236][ T6769] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.133241][ T6769] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 65.172140][ T1145] bond0: (slave bridge0): link status definitely up, 0 Mbps full duplex [ 65.801037][ T1019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 66.545848][ T6830] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 66.548152][ T6830] overlayfs: failed to set xattr on upper [ 66.549989][ T6830] overlayfs: ...falling back to redirect_dir=nofollow. [ 66.553372][ T6830] overlayfs: ...falling back to index=off. [ 66.555061][ T6830] overlayfs: ...falling back to uuid=null. [ 66.556986][ T6830] overlayfs: NFS export requires "index=on", falling back to nfs_export=off. [ 66.841182][ T1019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 67.243796][ T11] wlan1: Trigger new scan to find an IBSS to join [ 67.321544][ T5961] Bluetooth: hci3: command tx timeout [ 67.467568][ T6848] syz.1.302[6848] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 67.467631][ T6848] syz.1.302[6848] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 67.471050][ T6848] syz.1.302[6848] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 67.476891][ T6848] netlink: 'syz.1.302': attribute type 10 has an invalid length. [ 67.487585][ T6848] team0: Device ipvlan1 failed to register rx_handler [ 67.508284][ T6848] syz.1.302 (6848) used greatest stack depth: 21360 bytes left [ 67.524636][ T6850] syz.1.303[6850] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 67.524740][ T6850] syz.1.303[6850] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 67.529366][ T6850] syz.1.303[6850] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 67.721636][ T1332] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 67.882307][ T1019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 68.130971][ T62] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 68.282601][ T62] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 68.285309][ T62] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 68.288288][ T62] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 68.291304][ T62] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 68.294873][ T62] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 68.299824][ T62] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 68.303417][ T62] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 68.305805][ T62] usb 6-1: Product: syz [ 68.307043][ T62] usb 6-1: Manufacturer: syz [ 68.310991][ T62] cdc_wdm 6-1:1.0: skipping garbage [ 68.312512][ T62] cdc_wdm 6-1:1.0: skipping garbage [ 68.315634][ T62] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 68.317368][ T62] cdc_wdm 6-1:1.0: Unknown control protocol [ 68.519851][ C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 68.522611][ C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 68.525242][ C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 68.527758][ C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 68.530439][ C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 68.533106][ C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 68.536754][ C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 68.539321][ C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 68.541936][ C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 68.544518][ C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 68.546805][ C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 68.548767][ C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 68.550594][ T1332] usb 6-1: USB disconnect, device number 4 [ 68.553020][ C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 68.553032][ C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 68.553039][ C2] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 68.841632][ T1019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 68.921320][ T1019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 69.240915][ T62] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 69.400893][ T62] usb 5-1: Using ep0 maxpacket: 8 [ 69.404505][ T62] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 69.407849][ T62] usb 5-1: config 0 has no interface number 0 [ 69.410433][ T62] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 69.414925][ T62] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 69.419532][ T62] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 69.423972][ T62] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 69.429669][ T62] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 69.433283][ T62] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.438936][ T62] usb 5-1: config 0 descriptor?? [ 69.444641][ T62] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 69.845172][ T5314] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 69.848625][ T5314] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 69.851489][ T5314] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 69.855461][ T5314] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 69.858434][ T5314] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 69.862346][ T5314] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 69.960952][ T1017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 69.969586][ T6899] chnl_net:caif_netlink_parms(): no params data found [ 70.034444][ T6899] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.036815][ T6899] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.039107][ T6899] bridge_slave_0: entered allmulticast mode [ 70.041576][ T6899] bridge_slave_0: entered promiscuous mode [ 70.044873][ T6899] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.047007][ T6899] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.049075][ T6899] bridge_slave_1: entered allmulticast mode [ 70.051727][ T6899] bridge_slave_1: entered promiscuous mode [ 70.105462][ T164] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.117916][ T6899] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.131277][ T834] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 70.136941][ T6899] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.156592][ T6908] random: crng reseeded on system resumption [ 70.174110][ T6899] team0: Port device team_slave_0 added [ 70.177004][ T6899] team0: Port device team_slave_1 added [ 70.207627][ T6910] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 70.207660][ T164] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.229184][ T6899] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.231378][ T6899] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.238926][ T6899] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.244314][ T6899] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.246439][ T6899] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.254786][ T6899] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.285623][ T164] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.296528][ T6899] hsr_slave_0: entered promiscuous mode [ 70.301242][ T6899] hsr_slave_1: entered promiscuous mode [ 70.303491][ T6899] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.306618][ T6899] Cannot create hsr debugfs directory [ 70.375934][ T164] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.413479][ T6899] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 70.418063][ T6899] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 70.423462][ T6899] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 70.427134][ T6899] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 70.438144][ T6899] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.440942][ T6899] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.443753][ T6899] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.446499][ T6899] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.503530][ T164] bridge_slave_1: left allmulticast mode [ 70.505665][ T164] bridge_slave_1: left promiscuous mode [ 70.508477][ T164] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.518380][ T164] bridge_slave_0: left allmulticast mode [ 70.520430][ T164] bridge_slave_0: left promiscuous mode [ 70.523569][ T164] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.774850][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.777137][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 70.781952][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 70.810490][ T164] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 70.819416][ T164] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 70.824525][ T164] bond0 (unregistering): Released all slaves [ 70.894023][ T164] bond1 (unregistering): Released all slaves [ 70.902496][ T6899] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.907825][ T1141] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.912613][ T1141] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.937701][ T6899] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.943576][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.945841][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.954180][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.956468][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.002023][ T1019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 71.131404][ T6899] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.200796][ T164] hsr_slave_0: left promiscuous mode [ 71.204009][ T164] hsr_slave_1: left promiscuous mode [ 71.209982][ T164] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 71.212541][ T164] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 71.216619][ T164] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 71.218746][ T164] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 71.248517][ T164] veth1_macvtap: left promiscuous mode [ 71.250497][ T164] veth0_macvtap: left promiscuous mode [ 71.252313][ T164] veth1_vlan: left promiscuous mode [ 71.254812][ T164] veth0_vlan: left promiscuous mode [ 71.387544][ T6949] input: syz0 as /devices/virtual/input/input6 [ 71.729838][ T1019] usb 5-1: USB disconnect, device number 4 [ 71.744179][ T1019] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 71.891902][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 71.892117][ T5961] Bluetooth: hci1: command tx timeout [ 71.981935][ T164] team0 (unregistering): Port device team_slave_1 removed [ 72.022957][ T6969] input: syz0 as /devices/virtual/input/input7 [ 72.042743][ T1019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 72.066120][ T164] team0 (unregistering): Port device team_slave_0 removed [ 72.206872][ T1141] wlan1: Trigger new scan to find an IBSS to join [ 72.641894][ T6899] veth0_vlan: entered promiscuous mode [ 72.645921][ T6899] veth1_vlan: entered promiscuous mode [ 72.660287][ T6899] veth0_macvtap: entered promiscuous mode [ 72.666577][ T6899] veth1_macvtap: entered promiscuous mode [ 72.675765][ T6899] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.678778][ T6899] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.682745][ T6899] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.687092][ T6899] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.690498][ T6899] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.694185][ T6899] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.697229][ T6899] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.699991][ T6899] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.705032][ T6899] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.708923][ T6899] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.715986][ T6899] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.718574][ T6899] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.721337][ T6899] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.724092][ T6899] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.846639][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.849707][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.866910][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.887576][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.081639][ T1017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 73.187632][ T11] wlan1: Creating new IBSS network, BSSID e2:05:d8:30:ae:f4 [ 73.662149][ T7056] binder: 7055:7056 ioctl c0306201 20000140 returned -14 [ 73.715261][ T7066] capability: warning: `syz.1.362' uses deprecated v2 capabilities in a way that may be insecure [ 73.749271][ T7069] ip6tnl1: entered promiscuous mode [ 73.781791][ T39] audit: type=1326 audit(1736365720.212:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7075 comm="syz.1.365" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 73.790120][ T39] audit: type=1326 audit(1736365720.212:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7075 comm="syz.1.365" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 73.797664][ T39] audit: type=1326 audit(1736365720.212:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7075 comm="syz.1.365" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 73.805471][ T39] audit: type=1326 audit(1736365720.222:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7075 comm="syz.1.365" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 73.818158][ T39] audit: type=1326 audit(1736365720.232:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7075 comm="syz.1.365" exe="/syz-executor" sig=0 arch=40000003 syscall=65 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 73.826072][ T39] audit: type=1326 audit(1736365720.232:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7075 comm="syz.1.365" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 73.832465][ T39] audit: type=1326 audit(1736365720.232:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7075 comm="syz.1.365" exe="/syz-executor" sig=0 arch=40000003 syscall=434 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 73.841731][ T39] audit: type=1326 audit(1736365720.232:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7075 comm="syz.1.365" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 73.847909][ T39] audit: type=1326 audit(1736365720.232:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7075 comm="syz.1.365" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 73.854233][ T39] audit: type=1326 audit(1736365720.232:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7075 comm="syz.1.365" exe="/syz-executor" sig=0 arch=40000003 syscall=440 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 73.962491][ T1332] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 73.971125][ T5961] Bluetooth: hci1: command tx timeout [ 74.120983][ T1019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 74.460050][ T7112] input: syz1 as /devices/virtual/input/input8 [ 74.529452][ T7109] syz.0.375 (7109) used greatest stack depth: 20992 bytes left [ 75.161527][ T1017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 75.220907][ T7137] overlayfs: invalid redirect ((null)) [ 75.321803][ T7143] netlink: 8 bytes leftover after parsing attributes in process `syz.4.389'. [ 75.454320][ T7151] input: syz0 as /devices/virtual/input/input9 [ 75.754314][ T7164] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 75.876532][ T7174] input: syz0 as /devices/virtual/input/input10 [ 76.050875][ T5961] Bluetooth: hci1: command tx timeout [ 76.203956][ T1019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 76.270235][ T7192] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.377552][ T7192] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.444493][ T7192] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.495978][ T7192] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.621055][ T7192] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.629263][ T7192] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.637516][ T7192] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.644661][ T7192] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.002038][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 77.220373][ T7225] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 77.241119][ T1017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 77.276797][ T7228] netfs: Couldn't get user pages (rc=-14) [ 77.437456][ T5314] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 77.805376][ T7267] 9pnet: p9_errstr2errno: server reported unknown error ä¯ [ 78.120900][ T5314] Bluetooth: hci1: command tx timeout [ 78.190854][ T835] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 78.281006][ T1019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 78.350793][ T835] usb 6-1: Using ep0 maxpacket: 16 [ 78.354138][ T835] usb 6-1: config 0 has no interfaces? [ 78.357360][ T835] usb 6-1: New USB device found, idVendor=0bfd, idProduct=0106, bcdDevice=ec.89 [ 78.360042][ T835] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 78.362883][ T835] usb 6-1: Product: syz [ 78.364415][ T835] usb 6-1: Manufacturer: syz [ 78.366189][ T835] usb 6-1: SerialNumber: syz [ 78.369435][ T835] usb 6-1: config 0 descriptor?? [ 78.442565][ T7110] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 78.586424][ T7110] usb 6-1: USB disconnect, device number 5 [ 78.845743][ T39] kauditd_printk_skb: 2 callbacks suppressed [ 78.845759][ T39] audit: type=1326 audit(1736365725.272:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7288 comm="syz.0.446" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf715e579 code=0x7fc00000 [ 79.080931][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 79.085340][ T5988] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 79.130137][ T7307] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 79.332211][ T1019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 79.480853][ T5961] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 79.755852][ T39] audit: type=1326 audit(1736365726.182:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7322 comm="syz.2.458" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x0 [ 79.757583][ T7320] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 79.962531][ T7334] netlink: 12 bytes leftover after parsing attributes in process `syz.1.461'. [ 80.040896][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 80.371067][ T1019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 80.447666][ T7353] overlayfs: upper fs does not support tmpfile. [ 80.657706][ T7336] Set syz1 is full, maxelem 65536 reached [ 80.683751][ T7370] netlink: 'syz.4.476': attribute type 1 has an invalid length. [ 80.691300][ T7370] netlink: 224 bytes leftover after parsing attributes in process `syz.4.476'. [ 80.961273][ T7404] Illegal XDP return value 4294967274 on prog (id 65) dev syz_tun, expect packet loss! [ 80.985556][ T7406] input: syz0 as /devices/virtual/input/input11 [ 81.001921][ T7408] netlink: 8 bytes leftover after parsing attributes in process `syz.0.489'. [ 81.005403][ T7408] netlink: 12 bytes leftover after parsing attributes in process `syz.0.489'. [ 81.007359][ T69] cfg80211: failed to load regulatory.db [ 81.069483][ T7413] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 81.427322][ T7441] netfs: Couldn't get user pages (rc=-14) [ 81.522003][ T7444] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.526704][ T7444] bond0: (slave rose0): Enslaving as an active interface with an up link [ 82.036157][ T7480] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.134453][ T7480] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.211527][ T7480] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.286809][ T7480] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.370003][ T7480] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.377536][ T7480] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.386557][ T7480] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.392613][ T7480] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.006433][ T7513] TCP: request_sock_TCP: Possible SYN flooding on port 0.0.0.0:20002. Sending cookies. [ 83.917106][ C2] Unknown status report in ack skb [ 84.287651][ T7555] syz.2.550 (7555) used greatest stack depth: 19760 bytes left [ 84.617107][ T7595] netfs: Couldn't get user pages (rc=-14) [ 84.960045][ T7605] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.032740][ T7605] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.098896][ T7605] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.137507][ T7617] process 'syz.4.574' launched '/dev/fd/7' with NULL argv: empty string added [ 85.171613][ T7605] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.252324][ T7605] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.257685][ T7605] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.264407][ T7605] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.269931][ T7605] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.280877][ T5987] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 85.432327][ T5987] usb 5-1: config 0 has an invalid interface number: 84 but max is 0 [ 85.434719][ T5987] usb 5-1: config 0 has no interface number 0 [ 85.437922][ T5987] usb 5-1: New USB device found, idVendor=8086, idProduct=0b63, bcdDevice=ca.f3 [ 85.440649][ T5987] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 85.443325][ T5987] usb 5-1: Product: syz [ 85.444576][ T5987] usb 5-1: Manufacturer: syz [ 85.446074][ T5987] usb 5-1: SerialNumber: syz [ 85.452617][ T5987] usb 5-1: config 0 descriptor?? [ 85.456549][ T5987] ljca 5-1:0.84: bulk endpoints not found [ 85.665467][ T75] usb 5-1: USB disconnect, device number 5 [ 86.070850][ T835] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 86.222548][ T835] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 86.225904][ T835] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 86.230599][ T835] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 86.236695][ T835] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 86.239184][ T835] usb 6-1: Manufacturer: syz [ 86.245873][ T835] usb 6-1: config 0 descriptor?? [ 86.300919][ T835] rc_core: IR keymap rc-hauppauge not found [ 86.303101][ T835] Registered IR keymap rc-empty [ 86.306686][ T835] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0 [ 86.310164][ T835] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input12 [ 86.457131][ T835] usb 6-1: USB disconnect, device number 6 [ 86.968031][ T5314] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.971637][ T5314] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.975467][ T5314] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.979364][ T5314] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.982677][ T5314] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 86.986002][ T5314] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.009596][ T39] audit: type=1800 audit(1736365733.432:22): pid=7673 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.598" name="file0" dev="9p" ino=38535694 res=0 errno=0 [ 87.081429][ T7670] chnl_net:caif_netlink_parms(): no params data found [ 87.126774][ T7681] netlink: 112 bytes leftover after parsing attributes in process `syz.1.599'. [ 87.132442][ T7670] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.134556][ T7670] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.136601][ T7670] bridge_slave_0: entered allmulticast mode [ 87.138766][ T7670] bridge_slave_0: entered promiscuous mode [ 87.142608][ T7670] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.144656][ T7670] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.146682][ T7670] bridge_slave_1: entered allmulticast mode [ 87.148727][ T7670] bridge_slave_1: entered promiscuous mode [ 87.181065][ T7670] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.189570][ T7670] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.212743][ T7670] team0: Port device team_slave_0 added [ 87.215462][ T7670] team0: Port device team_slave_1 added [ 87.233090][ T7670] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.235055][ T7670] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.244744][ T7670] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.249252][ T7670] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.252876][ T7670] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.261521][ T7670] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.285534][ T7670] hsr_slave_0: entered promiscuous mode [ 87.287693][ T7670] hsr_slave_1: entered promiscuous mode [ 87.289932][ T7670] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.292524][ T7670] Cannot create hsr debugfs directory [ 87.363864][ T7695] loop7: detected capacity change from 0 to 16384 [ 87.404585][ T7670] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 87.409794][ T7670] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 87.423204][ T7670] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 87.433014][ T7670] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 87.455436][ T7670] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.457556][ T7670] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.459912][ T7670] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.462515][ T7670] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.487723][ T7670] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.494626][ T7670] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.505693][ T1176] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.509281][ T1176] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.521847][ T1141] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.523944][ T1141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.529849][ T1141] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.532408][ T1141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.540969][ T7697] loop7: detected capacity change from 16384 to 16383 [ 87.555332][ T7670] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 87.630426][ T7670] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.720790][ T69] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 87.748432][ T7670] veth0_vlan: entered promiscuous mode [ 87.752462][ T7670] veth1_vlan: entered promiscuous mode [ 87.765724][ T7670] veth0_macvtap: entered promiscuous mode [ 87.769021][ T7670] veth1_macvtap: entered promiscuous mode [ 87.775660][ T7670] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.778866][ T7670] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.782248][ T7670] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.785295][ T7670] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.788630][ T7670] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.792386][ T7670] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.798956][ T7670] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.807142][ T7670] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.810126][ T7670] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.813118][ T7670] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.816246][ T7670] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.819141][ T7670] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.822466][ T7670] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.826135][ T7670] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.830133][ T7670] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.832819][ T7670] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.835386][ T7670] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.837882][ T7670] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.868820][ T164] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.873248][ T164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.881363][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.883752][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.890997][ T69] usb 6-1: Using ep0 maxpacket: 8 [ 87.893988][ T69] usb 6-1: config 0 has an invalid interface number: 186 but max is 0 [ 87.896378][ T69] usb 6-1: config 0 has no interface number 0 [ 87.898292][ T69] usb 6-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 87.902309][ T69] usb 6-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 87.907008][ T69] usb 6-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 87.915761][ T69] usb 6-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 87.924042][ T69] usb 6-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 87.927673][ T69] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 87.931976][ T69] usb 6-1: Product: syz [ 87.933467][ T69] usb 6-1: Manufacturer: syz [ 87.934788][ T69] usb 6-1: SerialNumber: syz [ 87.939977][ T69] usb 6-1: config 0 descriptor?? [ 88.014653][ T7732] netlink: 4 bytes leftover after parsing attributes in process `syz.5.613'. [ 88.017456][ T7732] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 88.019601][ T7732] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 88.022349][ T7732] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 88.024496][ T7732] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 88.167614][ T69] iowarrior 6-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0 [ 88.213070][ T5961] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 88.216313][ T5961] Bluetooth: hci3: Injecting HCI hardware error event [ 88.219592][ T5961] Bluetooth: hci3: hardware error 0x00 [ 88.445175][ T56] usb 6-1: USB disconnect, device number 7 [ 88.493924][ T7745] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.596093][ T7745] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.671299][ T7745] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.824028][ T7745] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.939976][ T7745] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.946114][ T7745] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.955491][ T7745] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.972697][ T7745] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.976237][ T7761] netlink: 8 bytes leftover after parsing attributes in process `syz.2.623'. [ 88.983009][ T7761] netlink: 8 bytes leftover after parsing attributes in process `syz.2.623'. [ 89.002954][ T5314] Bluetooth: hci1: command tx timeout [ 89.301008][ T7775] nbd1: detected capacity change from 0 to 12 [ 89.305677][ T7776] block nbd1: shutting down sockets [ 89.305903][ T6451] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 89.311168][ T6451] Buffer I/O error on dev nbd1, logical block 0, async page read [ 89.314444][ T123] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 89.317280][ T123] Buffer I/O error on dev nbd1, logical block 0, async page read [ 89.324447][ T6451] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 89.327905][ T6451] Buffer I/O error on dev nbd1, logical block 0, async page read [ 89.331144][ T6451] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 89.334570][ T6451] Buffer I/O error on dev nbd1, logical block 0, async page read [ 89.337000][ T6451] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 89.339583][ T6451] Buffer I/O error on dev nbd1, logical block 0, async page read [ 89.345519][ T6451] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 89.348848][ T6451] Buffer I/O error on dev nbd1, logical block 0, async page read [ 89.352609][ T6451] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 89.355959][ T6451] Buffer I/O error on dev nbd1, logical block 0, async page read [ 89.358875][ T6451] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 89.362461][ T6451] Buffer I/O error on dev nbd1, logical block 0, async page read [ 89.365313][ T6451] ldm_validate_partition_table(): Disk read failed. [ 89.367518][ T6451] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 89.370340][ T6451] Buffer I/O error on dev nbd1, logical block 0, async page read [ 89.372913][ T6451] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 89.373763][ T7779] block device autoloading is deprecated and will be removed. [ 89.375677][ T6451] Buffer I/O error on dev nbd1, logical block 0, async page read [ 89.381273][ T6451] Dev nbd1: unable to read RDB block 0 [ 89.383146][ T6451] nbd1: unable to read partition table [ 89.384949][ T6451] nbd1: partition table beyond EOD, truncated [ 89.388668][ T6451] ldm_validate_partition_table(): Disk read failed. [ 89.390974][ T6451] Dev nbd1: unable to read RDB block 0 [ 89.392776][ T6451] nbd1: unable to read partition table [ 89.395320][ T6451] nbd1: partition table beyond EOD, truncated [ 89.457306][ T7783] netlink: 'syz.1.632': attribute type 12 has an invalid length. [ 89.750891][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 89.884214][ T7813] overlayfs: failed to verify upper root origin [ 90.068052][ T7819] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.145443][ T7824] syz.0.648[7824] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 90.145492][ T7824] syz.0.648[7824] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 90.148724][ T7824] syz.0.648[7824] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 90.154278][ T7824] syz.0.648[7824] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 90.158658][ T7824] syz.0.648[7824] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 90.163651][ T7824] syz.0.648[7824] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 90.292464][ T5961] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 90.741053][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 90.743983][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 90.746361][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 91.090843][ T5961] Bluetooth: hci1: command tx timeout [ 91.178932][ T7857] block device autoloading is deprecated and will be removed. [ 91.281721][ T7819] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.363224][ T7819] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.452608][ T7819] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.509199][ T7875] netlink: 24 bytes leftover after parsing attributes in process `syz.2.668'. [ 91.556941][ T7819] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.563168][ T7819] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.569552][ T7819] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.576552][ T7819] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.680811][ T69] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 91.845993][ T69] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 91.850490][ T69] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 91.854858][ T69] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 91.857609][ T69] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 91.862123][ T69] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 91.865292][ T69] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.868653][ T69] usb 6-1: config 0 descriptor?? [ 92.265361][ T56] kernel write not supported for file /hidraw0 (pid: 56 comm: kworker/1:1) [ 92.290272][ T7915] binder: 7914:7915 ioctl c0306201 20000580 returned -14 [ 92.293445][ T69] plantronics 0003:047F:FFFF.0003: ignoring exceeding usage max [ 92.293878][ T7915] binder: 7914:7915 ioctl c0306201 0 returned -14 [ 92.298102][ T69] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 92.305479][ T69] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 92.387055][ T7927] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 92.525231][ T7938] netlink: 4 bytes leftover after parsing attributes in process `syz.0.691'. [ 92.850800][ T56] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 93.011098][ T56] usb 5-1: Using ep0 maxpacket: 8 [ 93.014842][ T56] usb 5-1: config 0 has no interfaces? [ 93.017134][ T56] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 93.020815][ T56] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.029841][ T56] usb 5-1: config 0 descriptor?? [ 93.160355][ T35] usb 6-1: USB disconnect, device number 8 [ 93.160930][ T5961] Bluetooth: hci1: command tx timeout [ 93.242460][ T56] usb 5-1: USB disconnect, device number 6 [ 94.712164][ T7992] netlink: 4 bytes leftover after parsing attributes in process `syz.1.707'. [ 94.764623][ T39] audit: type=1800 audit(1736365741.196:23): pid=7994 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.708" name="file0" dev="overlay" ino=1020 res=0 errno=0 [ 94.856311][ T8002] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 94.982511][ T8004] block nbd1: shutting down sockets [ 94.992276][ T8006] erofs (device erofs): cannot read erofs superblock [ 95.241391][ T5961] Bluetooth: hci1: command tx timeout [ 95.257792][ T8024] netlink: 4 bytes leftover after parsing attributes in process `syz.2.721'. [ 96.310802][ T834] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 96.463900][ T834] usb 10-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 96.467066][ T834] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.469695][ T834] usb 10-1: Product: syz [ 96.471256][ T834] usb 10-1: Manufacturer: syz [ 96.473066][ T834] usb 10-1: SerialNumber: syz [ 96.477694][ T834] usb 10-1: config 0 descriptor?? [ 96.691100][ T62] usb 10-1: USB disconnect, device number 2 [ 96.907524][ T8077] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 97.079292][ T8083] netlink: 'syz.0.746': attribute type 1 has an invalid length. [ 97.976378][ T8085] overlayfs: statfs failed on './file0' [ 98.410176][ T8120] loop6: detected capacity change from 0 to 524287999 [ 98.519434][ T8128] netlink: 2036 bytes leftover after parsing attributes in process `syz.1.763'. [ 98.523562][ T8128] netlink: 24 bytes leftover after parsing attributes in process `syz.1.763'. [ 99.416261][ T8158] netlink: 12 bytes leftover after parsing attributes in process `syz.0.774'. [ 99.419624][ T8158] netlink: 'syz.0.774': attribute type 25 has an invalid length. [ 99.571285][ T5988] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 99.657988][ T8163] bridge0: port 3(syz_tun) entered blocking state [ 99.660632][ T8163] bridge0: port 3(syz_tun) entered disabled state [ 99.669848][ T8163] syz_tun: entered allmulticast mode [ 99.675708][ T8163] syz_tun: entered promiscuous mode [ 99.677555][ T8163] bridge0: port 3(syz_tun) entered blocking state [ 99.679554][ T8163] bridge0: port 3(syz_tun) entered forwarding state [ 99.743229][ T5988] usb 6-1: Using ep0 maxpacket: 8 [ 99.747787][ T5988] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 99.750562][ T5988] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 99.753897][ T5988] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 99.757017][ T5988] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 99.762865][ T5988] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 99.767167][ T5988] usb 6-1: New USB device strings: Mfr=0, Product=7, SerialNumber=0 [ 99.770429][ T5988] usb 6-1: Product: syz [ 99.982740][ T5988] usb 6-1: GET_CAPABILITIES returned 0 [ 99.984875][ T5988] usbtmc 6-1:16.0: can't read capabilities [ 100.097357][ T8160] Set syz1 is full, maxelem 65536 reached [ 100.189999][ T69] usb 6-1: USB disconnect, device number 9 [ 100.624382][ T8204] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 100.884578][ T8218] sctp: [Deprecated]: syz.2.787 (pid 8218) Use of int in max_burst socket option deprecated. [ 100.884578][ T8218] Use struct sctp_assoc_value instead [ 101.242312][ T8234] [ 101.243215][ T8234] ====================================================== [ 101.245688][ T8234] WARNING: possible circular locking dependency detected SYZFAIL: failed to recv rpc [ 101.248273][ T8234] 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 Not tainted [ 101.252349][ T8234] ------------------------------------------------------ fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 101.254801][ T8234] syz.1.794/8234 is trying to acquire lock: [ 101.257129][ T8234] ffff888045e92330 (&q->sysfs_lock){+.+.}-{4:4}, at: __blk_mq_update_nr_hw_queues+0x446/0x1460 [ 101.260826][ T8234] [ 101.260826][ T8234] but task is already holding lock: [ 101.263447][ T8234] ffff888045e91e00 (&q->q_usage_counter(io)#50){++++}-{0:0}, at: __blk_mq_update_nr_hw_queues+0x1fc/0x1460 [ 101.267471][ T8234] [ 101.267471][ T8234] which lock already depends on the new lock. [ 101.267471][ T8234] [ 101.271098][ T8234] [ 101.271098][ T8234] the existing dependency chain (in reverse order) is: [ 101.274453][ T8234] [ 101.274453][ T8234] -> #4 (&q->q_usage_counter(io)#50){++++}-{0:0}: [ 101.277680][ T8234] blk_mq_submit_bio+0x1fb6/0x24c0 [ 101.279685][ T8234] __submit_bio+0x384/0x540 [ 101.281997][ T8234] submit_bio_noacct_nocheck+0x698/0xd70 [ 101.284499][ T8234] submit_bio_noacct+0x93a/0x1e20 [ 101.286630][ T8234] block_read_full_folio+0x812/0xa50 [ 101.288211][ T8234] filemap_read_folio+0xc6/0x2a0 [ 101.289800][ T8234] filemap_get_pages+0x155f/0x1be0 [ 101.291344][ T8234] filemap_read+0x3ca/0xd70 [ 101.293035][ T8234] blkdev_read_iter+0x187/0x480 [ 101.294538][ T8234] vfs_read+0x87f/0xbe0 [ 101.295823][ T8234] ksys_read+0x12b/0x250 [ 101.297151][ T8234] do_syscall_64+0xcd/0x250 [ 101.298591][ T8234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.300345][ T8234] [ 101.300345][ T8234] -> #3 (mapping.invalidate_lock#2){.+.+}-{4:4}: [ 101.302649][ T8234] down_read+0x9a/0x330 [ 101.303952][ T8234] filemap_fault+0x62c/0x2820 [ 101.305419][ T8234] __do_fault+0x10a/0x490 [ 101.306772][ T8234] do_pte_missing+0xebd/0x3e00 [ 101.308229][ T8234] __handle_mm_fault+0x103c/0x2a40 [ 101.309810][ T8234] handle_mm_fault+0x3fa/0xaa0 [ 101.311258][ T8234] __get_user_pages+0x8d9/0x3b50 [ 101.312770][ T8234] populate_vma_page_range+0x27f/0x3a0 [ 101.314440][ T8234] __mm_populate+0x1d6/0x380 [ 101.315848][ T8234] do_mlock+0x40a/0x7d0 [ 101.317223][ T8234] __ia32_sys_mlock+0x57/0x80 [ 101.318688][ T8234] __do_fast_syscall_32+0x73/0x120 [ 101.320213][ T8234] do_fast_syscall_32+0x32/0x80 [ 101.321674][ T8234] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 101.323619][ T8234] [ 101.323619][ T8234] -> #2 (&mm->mmap_lock){++++}-{4:4}: [ 101.325769][ T8234] __might_fault+0x11b/0x190 [ 101.327198][ T8234] _copy_from_user+0x29/0xd0 [ 101.328641][ T8234] __blk_trace_setup+0xa8/0x180 [ 101.330117][ T8234] blk_trace_setup+0x47/0x70 [ 101.331533][ T8234] sg_ioctl+0x7a3/0x26b0 [ 101.332882][ T8234] compat_ptr_ioctl+0x6b/0xa0 [ 101.334326][ T8234] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 101.335958][ T8234] __do_fast_syscall_32+0x73/0x120 [ 101.337494][ T8234] do_fast_syscall_32+0x32/0x80 [ 101.338963][ T8234] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 101.340828][ T8234] [ 101.340828][ T8234] -> #1 (&q->debugfs_mutex){+.+.}-{4:4}: [ 101.342924][ T8234] __mutex_lock+0x19b/0xa60 [ 101.344313][ T8234] blk_register_queue+0x13c/0x4f0 [ 101.345829][ T8234] add_disk_fwnode+0x785/0x1300 [ 101.347301][ T8234] brd_alloc.isra.0+0x50a/0x7c0 [ 101.348786][ T8234] brd_init+0x12b/0x1d0 [ 101.350062][ T8234] do_one_initcall+0x128/0x630 [ 101.351521][ T8234] kernel_init_freeable+0x58f/0x8b0 [ 101.353121][ T8234] kernel_init+0x1c/0x2b0 [ 101.354544][ T8234] ret_from_fork+0x45/0x80 [ 101.355920][ T8234] ret_from_fork_asm+0x1a/0x30 [ 101.357482][ T8234] [ 101.357482][ T8234] -> #0 (&q->sysfs_lock){+.+.}-{4:4}: [ 101.359550][ T8234] __lock_acquire+0x249e/0x3c40 [ 101.361095][ T8234] lock_acquire.part.0+0x11b/0x380 [ 101.362709][ T8234] __mutex_lock+0x19b/0xa60 [ 101.364118][ T8234] __blk_mq_update_nr_hw_queues+0x446/0x1460 [ 101.365934][ T8234] blk_mq_update_nr_hw_queues+0x2a/0x40 [ 101.367622][ T8234] nbd_start_device+0x15b/0xd70 [ 101.369126][ T8234] nbd_ioctl+0x21a/0xfd0 [ 101.370444][ T8234] compat_blkdev_ioctl+0x2f7/0x750 [ 101.371999][ T8234] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 101.373609][ T8234] __do_fast_syscall_32+0x73/0x120 [ 101.375148][ T8234] do_fast_syscall_32+0x32/0x80 [ 101.376646][ T8234] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 101.378544][ T8234] [ 101.378544][ T8234] other info that might help us debug this: [ 101.378544][ T8234] [ 101.381314][ T8234] Chain exists of: [ 101.381314][ T8234] &q->sysfs_lock --> mapping.invalidate_lock#2 --> &q->q_usage_counter(io)#50 [ 101.381314][ T8234] [ 101.385347][ T8234] Possible unsafe locking scenario: [ 101.385347][ T8234] [ 101.387388][ T8234] CPU0 CPU1 [ 101.388845][ T8234] ---- ---- [ 101.390339][ T8234] lock(&q->q_usage_counter(io)#50); [ 101.391824][ T8234] lock(mapping.invalidate_lock#2); [ 101.393980][ T8234] lock(&q->q_usage_counter(io)#50); [ 101.396202][ T8234] lock(&q->sysfs_lock); [ 101.397405][ T8234] [ 101.397405][ T8234] *** DEADLOCK *** [ 101.397405][ T8234] [ 101.399651][ T8234] 4 locks held by syz.1.794/8234: [ 101.401086][ T8234] #0: ffff888023ae5998 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_ioctl+0x151/0xfd0 [ 101.403788][ T8234] #1: ffff888023ae58d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0x20/0x40 [ 101.406832][ T8234] #2: ffff888045e91e00 (&q->q_usage_counter(io)#50){++++}-{0:0}, at: __blk_mq_update_nr_hw_queues+0x1fc/0x1460 [ 101.410145][ T8234] #3: ffff888045e91e38 (&q->q_usage_counter(queue)#34){+.+.}-{0:0}, at: __blk_mq_update_nr_hw_queues+0x1fc/0x1460 [ 101.413551][ T8234] [ 101.413551][ T8234] stack backtrace: [ 101.415227][ T8234] CPU: 3 UID: 0 PID: 8234 Comm: syz.1.794 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 101.418087][ T8234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 101.420984][ T8234] Call Trace: [ 101.421903][ T8234] [ 101.422755][ T8234] dump_stack_lvl+0x116/0x1f0 [ 101.424137][ T8234] print_circular_bug+0x41c/0x610 [ 101.425581][ T8234] check_noncircular+0x31a/0x400 [ 101.426995][ T8234] ? __pfx_check_noncircular+0x10/0x10 [ 101.428459][ T8234] ? save_trace+0x42/0xa10 [ 101.429706][ T8234] ? add_lock_to_list+0x17d/0x390 [ 101.431119][ T8234] __lock_acquire+0x249e/0x3c40 [ 101.432449][ T8234] ? __pfx___lock_acquire+0x10/0x10 [ 101.433937][ T8234] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 101.435584][ T8234] ? stack_depot_save_flags+0x36d/0x9e0 [ 101.437093][ T8234] lock_acquire.part.0+0x11b/0x380 [ 101.438561][ T8234] ? __blk_mq_update_nr_hw_queues+0x446/0x1460 [ 101.440286][ T8234] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 101.441855][ T8234] ? rcu_is_watching+0x12/0xc0 [ 101.443330][ T8234] ? trace_lock_acquire+0x14e/0x1f0 [ 101.444811][ T8234] ? __blk_mq_update_nr_hw_queues+0x446/0x1460 [ 101.446518][ T8234] ? lock_acquire+0x2f/0xb0 [ 101.447779][ T8234] ? __blk_mq_update_nr_hw_queues+0x446/0x1460 [ 101.449483][ T8234] __mutex_lock+0x19b/0xa60 [ 101.450779][ T8234] ? __blk_mq_update_nr_hw_queues+0x446/0x1460 [ 101.452467][ T8234] ? __blk_mq_update_nr_hw_queues+0x446/0x1460 [ 101.454163][ T8234] ? __pfx___mutex_lock+0x10/0x10 [ 101.455601][ T8234] ? __blk_mq_update_nr_hw_queues+0x446/0x1460 [ 101.457319][ T8234] __blk_mq_update_nr_hw_queues+0x446/0x1460 [ 101.458973][ T8234] ? lock_acquire.part.0+0x11b/0x380 [ 101.460444][ T8234] ? __mutex_trylock_common+0xea/0x250 [ 101.461936][ T8234] ? __pfx___mutex_trylock_common+0x10/0x10 [ 101.463563][ T8234] ? blk_mq_update_nr_hw_queues+0x20/0x40 [ 101.465130][ T8234] ? rcu_is_watching+0x12/0xc0 [ 101.466472][ T8234] ? __pfx___blk_mq_update_nr_hw_queues+0x10/0x10 [ 101.468215][ T8234] ? blk_mq_update_nr_hw_queues+0x20/0x40 [ 101.469818][ T8234] ? __pfx___mutex_lock+0x10/0x10 [ 101.471212][ T8234] ? lockdep_hardirqs_on+0x7c/0x110 [ 101.472666][ T8234] ? __mutex_lock+0x1cc/0xa60 [ 101.473979][ T8234] ? nbd_ioctl+0x151/0xfd0 [ 101.475240][ T8234] ? __pfx___mutex_lock+0x10/0x10 [ 101.476666][ T8234] blk_mq_update_nr_hw_queues+0x2a/0x40 [ 101.478194][ T8234] nbd_start_device+0x15b/0xd70 [ 101.479590][ T8234] ? bpf_lsm_capable+0x9/0x10 [ 101.480908][ T8234] nbd_ioctl+0x21a/0xfd0 [ 101.482089][ T8234] ? __pfx_nbd_ioctl+0x10/0x10 [ 101.483411][ T8234] ? __pfx_lock_release+0x10/0x10 [ 101.484834][ T8234] ? trace_lock_acquire+0x14e/0x1f0 [ 101.486321][ T8234] ? __pfx_lock_release+0x10/0x10 [ 101.487754][ T8234] ? __pfx_nbd_ioctl+0x10/0x10 [ 101.489114][ T8234] compat_blkdev_ioctl+0x2f7/0x750 [ 101.490510][ T8234] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 101.492051][ T8234] ? __fget_files+0x206/0x3a0 [ 101.493367][ T8234] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 101.494911][ T8234] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 101.496351][ T8234] __do_fast_syscall_32+0x73/0x120 [ 101.497776][ T8234] do_fast_syscall_32+0x32/0x80 [ 101.499139][ T8234] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 101.500908][ T8234] RIP: 0023:0xf70de579 [ 101.502040][ T8234] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 101.507296][ T8234] RSP: 002b:00000000f50af55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 101.509585][ T8234] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000ab03 [ 101.511738][ T8234] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 101.513921][ T8234] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 101.516139][ T8234] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 101.518378][ T8234] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 101.520559][ T8234] [ 101.521474][ C3] vkms_vblank_simulate: vblank timer overrun [ 101.581323][ T8234] block nbd1: shutting down sockets [ 101.581515][ T6557] bridge0: port 3(syz_tun) entered disabled state [ 101.600247][ T6557] syz_tun (unregistering): left allmulticast mode [ 101.602259][ T6557] syz_tun (unregistering): left promiscuous mode [ 101.604093][ T6557] bridge0: port 3(syz_tun) entered disabled state [ 101.805482][ T12] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.903464][ T12] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.982720][ T12] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.021972][ T12] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.079726][ T12] bridge_slave_1: left allmulticast mode [ 102.082054][ T12] bridge_slave_1: left promiscuous mode [ 102.084184][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.087697][ T12] bridge_slave_0: left allmulticast mode [ 102.089796][ T12] bridge_slave_0: left promiscuous mode [ 102.092051][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.184769][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 102.187905][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 102.190839][ T12] bond0 (unregistering): Released all slaves [ 102.586175][ T12] hsr_slave_0: left promiscuous mode [ 102.588720][ T12] hsr_slave_1: left promiscuous mode [ 102.593001][ T12] veth1_macvtap: left promiscuous mode [ 102.595189][ T12] veth0_macvtap: left promiscuous mode [ 102.597450][ T12] veth1_vlan: left promiscuous mode [ 102.599537][ T12] veth0_vlan: left promiscuous mode [ 102.816323][ T12] team0 (unregistering): Port device team_slave_1 removed [ 102.855517][ T12] team0 (unregistering): Port device team_slave_0 removed [ 103.219025][ T1141] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 103.363109][ T12] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.405040][ T12] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.472717][ T12] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.513179][ T12] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.576734][ T12] bridge_slave_1: left allmulticast mode [ 103.579417][ T12] bridge_slave_1: left promiscuous mode [ 103.581762][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.585295][ T12] bridge_slave_0: left allmulticast mode [ 103.587347][ T12] bridge_slave_0: left promiscuous mode [ 103.589437][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.626236][ T12] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 103.706302][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 103.709413][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 103.712544][ T12] bond0 (unregistering): Released all slaves [ 104.015794][ T12] hsr_slave_0: left promiscuous mode [ 104.017780][ T12] hsr_slave_1: left promiscuous mode [ 104.019641][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 104.022226][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 104.025566][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 104.028280][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 104.031479][ T12] veth1_macvtap: left promiscuous mode [ 104.033125][ T12] veth0_macvtap: left promiscuous mode [ 104.034611][ T12] veth1_vlan: left promiscuous mode [ 104.036028][ T12] veth0_vlan: left promiscuous mode [ 104.288727][ T12] team0 (unregistering): Port device team_slave_1 removed [ 104.332528][ T12] team0 (unregistering): Port device team_slave_0 removed VM DIAGNOSIS: 19:49:07 Registers: info registers vcpu 0 CPU#0 RAX=00000000000af4f4 RBX=0000000000000000 RCX=ffffffff8b1a6899 RDX=ffffed1005686fee RSI=ffffffff8bb16fc0 RDI=ffffffff81702ec9 RBP=fffffbfff1b52ef8 RSP=ffffffff8da07e20 R8 =0000000000000000 R9 =ffffed1005686fed R10=ffff88802b437f6b R11=0000000000000001 R12=0000000000000000 R13=ffffffff8da977c0 R14=ffffffff901cead0 R15=0000000000000000 RIP=ffffffff8b1a7c7f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020000084 CR3=0000000074fd2000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000002 RBX=0000000000000001 RCX=ffffffff8b14f92a RDX=ffff888024af8000 RSI=0000000000000000 RDI=0000000000000001 RBP=0000000000000002 RSP=ffffc90004ecfa30 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=00000000000a201e R12=0000000000000001 R13=ffff888027c5a000 R14=ffff888027c5a00c R15=1ffff11004f8b7c0 RIP=ffffffff8b14f9ee RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7260360 CR3=0000000074fd2000 CR4=00352ef0 DR0=0000000000000003 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffffe8ffac410e10 RCX=ffffffff8527cc13 RDX=ffff888023cdc880 RSI=0000000000000018 RDI=0000000000000004 RBP=000000000000000e RSP=ffffc90000548bb0 R8 =0000000000000004 R9 =0000000000000018 R10=000000000000000e R11=00000000000a201e R12=0000000000000018 R13=dffffc0000000000 R14=0000000000000438 R15=000000000000000d RIP=ffffffff8527cc13 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7f36e40 CR3=000000000db7e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f73d3ff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000023 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff851449b5 RDI=ffffffff9a668200 RBP=ffffffff9a6681c0 RSP=ffffc90003b4f000 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=722d302e33312e36 R12=0000000000000000 R13=0000000000000023 R14=ffffffff85144950 R15=0000000000000000 RIP=ffffffff851449df RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b700000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f44860f0 CR3=000000007730a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f73d3ff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000