last executing test programs: 5.797731675s ago: executing program 1 (id=734): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r0, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x6}) ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000)) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r1, &(0x7f00000001c0)={0x1a, 0x323, 0xfd, 0x8, 0x0, 0x0, @multicast}, 0x10) timerfd_create(0x4, 0x81000) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000340)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, 0x0) write$cgroup_int(r2, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'batadv_slave_0\x00'}) openat$sr(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x46, &(0x7f00000001c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaa0086dd600000000000000000bbff02000000000000000000000000000186009078ff00000000000000000000004044e5d0bbd00b7367c76b89bd259200"/85], 0x0) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="64000000020605000a0000000000000000000009100003806269746d61703a706f72740005000400000000000900020073797a30000a0000050005000000000005000100060000001c000780080006409effff7d06000440fe20000006000540"], 0x64}}, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) r4 = syz_open_dev$evdev(0x0, 0x0, 0x0) syz_usb_disconnect(r4) syz_usb_connect(0x4, 0x24, &(0x7f0000000180)=ANY=[], 0x0) ioctl$EVIOCRMFF(r4, 0x5501, &(0x7f0000000400)) r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000010ef170960000000000001090224000100fd2400090400000103000000092100000001220500090581030000260000"], 0x0) syz_usb_control_io$hid(r5, &(0x7f0000001440)={0x24, 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="00220d0000000b701cb976bfb9ee5c4985306b74ce7163a44de32d0b6ae195bafbcadbc0f96a8dc5cc05d1977d24d043bc0206d484e2780e478f0b5ea54e861aade8909765f77856d77721c1cf958cfde5c585901d11a076906c1d65858701905641fc5b68fd67ae21ff29e01f"], 0x0}, 0x0) syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x0) syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x0) r6 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000080)={0x0, "fe79ca3351f25129c1ca0c4b310f855c55392fde21c7d98aef39b24985c9c778"}) socket$packet(0x11, 0x2, 0x300) setresgid(0x0, 0x0, 0x0) 4.208591785s ago: executing program 1 (id=741): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$GTP_CMD_NEWPDP(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)={0x1c, r2, 0x1, 0x0, 0x0, {0x3}, [@GTPA_VERSION={0x8}]}, 0x1c}}, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'rose0\x00', 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000100)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff}, [@call={0x85, 0x0, 0x0, 0x11}, @call={0x85, 0x0, 0x0, 0x23}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x0, 0xe, 0x0, &(0x7f00000000c0)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100000000000000002eeed88696", @ANYRES32=r4], 0x20}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 4.038093242s ago: executing program 1 (id=743): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet(0x2, 0x1, 0x5) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000200)={'filter\x00', 0x4}, 0x64) socket$phonet_pipe(0x23, 0x5, 0x2) r1 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) close(r1) r2 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x1) r3 = socket(0x25, 0x1, 0x0) setsockopt$TIPC_IMPORTANCE(r3, 0x10f, 0x7f, &(0x7f00000000c0), 0x4) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000000), 0xc0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) getpid() mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000000)={[], [], 0x2f}) open(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) syz_io_uring_setup(0x3e, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f00000002c0)=0x0) r7 = socket$inet_smc(0x2b, 0x1, 0x0) syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r7, 0x0}) 3.742283675s ago: executing program 3 (id=746): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$qrtr(0x2a, 0x2, 0x0) sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040), 0xc, 0x0}, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) openat$dsp(0xffffff9c, &(0x7f0000000000), 0x281, 0x0) bind$inet(r2, 0x0, 0x0) getsockopt$inet_mptcp_buf(r2, 0x11c, 0x2, &(0x7f0000000040)=""/185, &(0x7f0000000100)=0x10) connect$qrtr(r1, &(0x7f0000000040)={0x2a, 0x0, 0xffffbffc}, 0xc) r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) write$binfmt_aout(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="03010000b5"], 0xc8) write$binfmt_script(r1, 0x0, 0xeffd) close_range(r0, 0xffffffffffffffff, 0x0) 3.34735818s ago: executing program 3 (id=747): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x4ffe6, 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff}, 0x0) r3 = creat(&(0x7f0000000100)='./bus\x00', 0x0) splice(r2, 0x0, r3, 0x0, 0x16, 0xf00) 3.184074299s ago: executing program 3 (id=748): openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef42b000000e3bd6efb010511000b0002000d000000ba8000001241", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x0) r1 = getpid() r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r1, &(0x7f00000000c0), 0x0, &(0x7f0000008640), 0x0, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301) ioctl$MEDIA_IOC_G_TOPOLOGY(0xffffffffffffffff, 0xc0487c04, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000000300), 0x11, 0x0, &(0x7f0000000640), 0x3, 0x0, &(0x7f00000005c0)=[{}, {0x0, 0x80000000}, {}], 0x0, 0x0, &(0x7f00000000c0)}) ioctl$MEDIA_IOC_ENUM_LINKS(0xffffffffffffffff, 0xc01c7c02, &(0x7f0000000980)={r5, &(0x7f0000000380), &(0x7f0000000900)=[{{0x80000000, 0x0}}, {{}, {0x80000000}}]}) ioctl$USBDEVFS_CONNECTINFO(r4, 0x80045520, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r8 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r8, 0x6, 0x19, &(0x7f0000000040)=0xb7, 0x4) bind$inet(r8, &(0x7f0000003900)={0x2, 0x4e24, @multicast1}, 0x10) connect$inet(r8, &(0x7f0000000480)={0x2, 0x4e24, @empty}, 0x10) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000440)={'erspan0\x00', 0x0}) sendto$inet(r8, &(0x7f0000000100)="f4188a9876a9431deeb98e3edfaafa03a11300e3aebb4102000000000034c5d2af03a5f261a35c07d07d371a4402394549d78c3f511bb4793daf4b4e28410e598769487fb27044ece0b4e738bcc7e1ce3aa7a3df2572a082809f406467bc0f0b47872a2ecc399861b90da1ffcfb35a8f5579b72e3cde817a2a78ff205c6fee57f9177bbeeb2f3d121b9c508660c2d90b0dc3f2412b62e7d99a7dfa6960b663bb8e14764efb33f9465c242b84b75a436ef9af2492b19a15bb9108656d828553e1719de91aa29cb5bf187a0162d50e234b6207725486c9e828d756ff9b6d4f5c4960469dd3a48b4e525f0cbf7158f95d603a37c272f874ee3b5c6e56", 0xfffffffffffffdb0, 0x4040004, 0x0, 0xfffffffb) close(0xffffffffffffffff) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r9 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r9, &(0x7f0000019680)=""/102392, 0x18ff8) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000001020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x20008000) sendmsg$NFT_BATCH(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYRESDEC=r3, @ANYRES64, @ANYBLOB="35628afa087a06db326cb5779540b723ea493b67d4a2709aa2d13ecec35df9364ca68e6acbf5fd3d28b94af00ddcc5d6535669c3ef2ceb3c52ac2de60860f65716dee80cd8e885f1be019211b86d30a91e9229ba51a9785823cef2c10dd72bdd973cc05344acbc9c01824538d8e36a90a2836263df58156350adc7be16e684478e123a8acd222d4dad7c228079bceeb84e37984d958bc6285281e2e457bf350f98eac4f902f47e48f4f41bca432e521c4867b1fddc", @ANYRES32, @ANYRESDEC=r7, @ANYBLOB="6bd09be65900f1d5e05e8ec1af6908657b0c9c2d1451006e0167c4e658bb384414285902f4dc06946c730f39d17990ceffdccafbdb856a9ff403516fdc5f9afdd4423faf6bbed86c9a6514193b0e5194ca6789", @ANYRESDEC=r7, @ANYRESOCT=r9, @ANYRES64=r6, @ANYBLOB="bd89ca684f939142b55ba75b01ef07dfa270ad591e7236b54fcc5a760cffc5de412f1ccdfb6a51a16591529648aab992f92036dcaf7b3692b63f0137ff0dd6313b76366787b487901ecaf2a2e5fcf3db327a2bb0a1cda14f21e461c63e8e059c02ce1937a527481a2ccb1457", @ANYRES8], 0x94}}, 0x20000041) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) 1.465173567s ago: executing program 2 (id=751): pipe(&(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000001100)="94", 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x0) tee(r0, r2, 0xaf5, 0x0) 1.450831388s ago: executing program 3 (id=752): socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x9, 0x3}, &(0x7f0000000040)=0x10) socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet_sctp(0x2, 0x1, 0x84) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0x1000, 0x0, 0xfffffead, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_pts(r0, 0x0) r2 = dup(r1) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x3) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x70000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x1) r4 = openat$cgroup_ro(r2, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) ioctl$TCSETS(r3, 0x89f2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, "bb5dee00"}) dup3(r0, r2, 0x0) dup3(r1, r0, 0x0) r5 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') execveat$binfmt(0xffffffffffffff9c, r5, &(0x7f0000000080), &(0x7f00000000c0), 0x0) openat$binfmt(0xffffffffffffff9c, r5, 0x42, 0x1ff) execveat$binfmt(0xffffffffffffff9c, r5, &(0x7f0000000100), &(0x7f0000000140), 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4, 0x110, r1, 0x9f0a8000) openat$binfmt(0xffffffffffffff9c, r5, 0x2, 0x0) execveat$binfmt(0xffffffffffffff9c, r5, &(0x7f00000001c0), &(0x7f0000000200), 0x0) execveat$binfmt(0xffffffffffffff9c, r5, &(0x7f0000000280), &(0x7f00000002c0), 0x0) execveat$binfmt(0xffffffffffffff9c, 0x0, &(0x7f0000000340), &(0x7f0000000380), 0x0) 1.442232776s ago: executing program 1 (id=754): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@my=0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xb0000) ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r0, 0x7a4, &(0x7f0000000000)={{@host}, 0x20000000}) 1.337748621s ago: executing program 1 (id=755): ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xafb}}, './file0\x00'}) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r1 = syz_usbip_server_init(0x5) syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xc1, 0x3a, 0x89, 0x8, 0x4b4, 0x2, 0x620d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xf1, 0x8a, 0x27}}]}}]}}, 0x0) write$usbip_server(r1, &(0x7f0000001340)=ANY=[@ANYBLOB="00000003"], 0x973) 1.337399842s ago: executing program 2 (id=756): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet(0x2, 0x1, 0x5) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000200)={'filter\x00', 0x4}, 0x64) socket$phonet_pipe(0x23, 0x5, 0x2) r1 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) close(r1) r2 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x1) r3 = socket(0x25, 0x1, 0x0) setsockopt$TIPC_IMPORTANCE(r3, 0x10f, 0x7f, &(0x7f00000000c0), 0x4) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000000), 0xc0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) getpid() mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000000)={[], [], 0x2f}) open(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) syz_io_uring_setup(0x3e, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f00000002c0)=0x0) r7 = socket$inet_smc(0x2b, 0x1, 0x0) syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r7, 0x0}) 1.336133769s ago: executing program 0 (id=757): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@my=0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xb0000) ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r0, 0x7a4, &(0x7f0000000000)={{@host}, 0x20000000}) 1.22264345s ago: executing program 0 (id=758): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(r0, 0x3b8c, &(0x7f0000000040)={0x30, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0}) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x19) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) read$FUSE(0xffffffffffffffff, &(0x7f000000a300)={0x2020}, 0x204c) read$FUSE(0xffffffffffffffff, &(0x7f0000000500)={0x2020}, 0x2020) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) syz_emit_vhci(0x0, 0x17) r3 = mq_open(&(0x7f0000000440)='!selin\xdb\xa1\x02\xbf\xd9l\xd7\xcd\xc0uxse\xee\x0e\xcd\xceq\xa2\xa5\t\x98\x8a\x8f>\xba', 0x6e93ebbbcc088cf2, 0x0, 0x0) ioctl$SNDCTL_SEQ_RESET(0xffffffffffffffff, 0x5100) mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0) mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0) mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@xino_off}]}) 1.221629991s ago: executing program 3 (id=759): r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) mmap(&(0x7f00009ff000/0x600000)=nil, 0x600000, 0x0, 0x11, r0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0xfffffeffffff7ffe, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001880)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)="784e8532bc51d9778e4bbb81e255693d2832f3802728ed763aacf318e80e1b19cf30c5f4214185052aab22dea830553c6db324352d6edce6927f9e747f08a659c1365f8b318c734936b24ccb80c8b9892cf2d5f5e6f9bd14951b8dac37e3c51873f21eb6a3d5b0f6852ef05a094926bd00f74ab5d68f2dbec3a6471ec5517ea7973b0eadd203e9d651881048bf4102cc30729aae5c8a1b3a4223a29d92aa550723d99f6596f26bfc66e02de540c397a62d50bb060246300520caddf20ae6701bac03fe94aec0bb32b8ee92dd974bb54ea2ccc2959f4f07e91cb2f22e8e16b11cee681e1f909bc6edfd7d05f7c914a76c9c99879bc728e358d8fcd7e3767117482364ed76b0bd26fca5cc821dfcc0320e2da567cf8e266adcfa020bdc376bb0e3a3cc9725682a957265884a6705f12b04414779837b8fe1ac5457fc005d8609efe3a00007d08ac5a9c7442bbd775f9d7ff490b3fb820e2f4e64c31cfa2101de770ad8d0903c2cf7f907fccfadad58b54d3e76d855ccc9e69fa067578ef929d153e148f0e611a40fe480ee02c2c6880a3ebf78f949e53ffef9aab25fb2816e2933f480d6d60a91c045b70211934ace2695a867eb88d29b2253174baaa56ce64db43e4f5cc822d371c92fd49dec3ac483d904343b3549e529cac2b8be9532f073d7e7c742cf7fa09b030b36671b397e03b9aca2dea714e57b7b429bd064b3c5406b960dfceba3b624c67490309875a87a93250a9113c7e051c506ecb935ed7beef8b644e7725c473250b4b88c78a33c7329ae801e09fed0a408a4e7af19c2fe674b1a56da16c8aad062b00dc84ea79442cfca1645ee35e9bc22ce3199862506cb15cd79c2704c5b86bd992045fe4f8b3e07a9fe59f7b829a232a5fa15b8bcc971857e036afa9651cf114ac34600be4f663f07067e1e55ed8aa1641f6381cb6ce2cb751f032bd6588835acf67ddf7a3af75526ca75bdcfc7a5566044af497610e79987c61d8e5d8292a88107a5b4ee93a34eac880433585092356f76f2633db86b1a1412e10d3932bb7a52d3007dd635bda34a82769e5a9bdade27aed4f9c68f8527924b07749980e1e15c708010274a6c6ebc5213fe31d3bc459051823b7ee6c32797239e40d4821209b498c95080a2ca90c479da86c164304e02a7e71b8f55586292cc9fafa4c5bda285a9de792d6a6a03e5a1f2a13eac02a95f87f13fbfbedc6533b78cf5ac5ce562ef504f95465814f9bb35495196b73780c0a5fc7c6a006ee2d34123c1224d9c08baf0611ba9e7ceb3ccf887e58a78fe236947c4a486c83e49e0070d4fa81a9652e690dcdae169ebd65c281a863905a7ecf9c8f19fe059b2022ef75ab1e9c7c1ad532ff25da12c5e250f601ce95844223310d9959fddc0e684979c6f15d7673512237239b9eb48f72a930e5cc64c382c662db18581eb0069b2242058812f1ae092e139411fc8ec242e8f7dd4da10bcd3f92c0715edf775ffaabd181a36d2a39ceb192e3ebdff02c0c75bd259e725fd4cd5c2722efc41f37ab25706485a265d683c8569c3209a930e05047074b3941f41003d550d923e6dd50110e18d965763727739902067e73a520270c5cb53d6fd22ec4ea8853d113451cb3da2a7a698c807ec394c1da0b9de2a1d62f24a2292c65640ef6a0924191133e80aa60e4f8f5adbae3131956b38c997085f25f54338653d65847f1602e1ad7eb9501f9867e1bfc2410c3fc6402a1f605c0088ef13db8cf967a868e7ae2713b1dc297a5ab33b27566df656d954ee44ffed8a15bac40262099a3287f40425cd146c4a9639321fd46dd85dab9000bce3558f7c99de2849d57041d79082b82faf85abf5ac0c325ca3645500d2bb04809ac3ab33c24b738765d80c610c917b756a1cd4da3ce0921ae1789ea8c3f00532fe97c435cda5a2f5013b90ea596389af1fbba1510ce50d3476019d70be6634ddabdc925324e0bf6914a803c9bccb9f4daa61e9250e05a0d6e906d68418f906dfdcc416441828680bc9160a932168adf51240bce901a1eee84f69dce9cee3378f8414188afc484cfb92043b352271552a152ecac0ec1ba19f1dc72db5d4155d5bf6a63aee9a702f1e194082e609bb30419901349d244a11617795b4580a849196f5c67ed4b060e42b394bbfb4bbfa601d2c8ddff5986563df99b5f02a0f61d56d11a47095651d7337c7c167a04e4a71596fe58486d74bc8ef0a82c370c9ed24e58ed5950b119664767fd6742e967199c4671f5b48a2d723dabc77fc7f9ac57cc36d95b0e336032ccb4647a5502e44db059bb0bce58e4ed4bdd6931cc92c782c75d44d4a1f25e6f6ca076f2ea586ac5daadc5599aa6e5bb26206ffc1310779cba10d72bdbb7ef62b9d22bec948b2153afa5a8e1c1d8d724fc673069c74564102400417452c5eb5350e2a50a732f76122a5648525fa1793a0af6e0a3dcb568a598f7c179e908b40f19fc10a16d53b112692adc1e4dc954009f726057acf04a9740f6bb66327e746dcd7b8b8851e622f9da2c9ddd124e300f03f07e77cf04a263329b435ed04eadb9dc91cfe396f41114283eccbf58f2dccfe32f908cea6678f7490bacbe60c75eb2754e9722b2c58771537966bfe1066c4d28bcceccdca07eb60ddc355aa710266da85e456aa83739fea4ad7dadf461c682201391fa550e12e01be5a2a2c55c3b697aa2e176aad4be5a8dbfb8043f72c5743992e5c7000608a2cf86d88885bf6e1e2173b1361cec282ef35bde24cf99c11110c16c1678c38b74738911ec3eac23067500103f0f5d7dff122fca66852126ce9ac10c7c065992b3fcd81f7d94adad6fcb45872d3fa97f5d704f1653dad962c16daa6978e2fcf41f10257c306fc05fe4cd20e30989b37b19e874f27a065c8d62f2b4194a1540199be22b7e267ce6d2ffc8243421d9f629f5048587ff5d91f8c7bbb9049b40d859e6d382926ba8f005deb18727cefd76198d00d92ef680b56864c9eea9dca35b0e90d0afe1440af704bf00bd68ca088c568088d6aa34a42d66645743ad481b9e5490cfcee486f456490a0e9c3a0bff49b528871a4dfb104a18ba6a22df288349b6fca36b1908c548e90cec26fa28a0772fa4e9418c8d02a3319bc9e8f3892fc933f465ccb6ec683fdc9dd5854bb1295d114bde2e84d04513897ed3ee41ecc1d6d0354c57046c58e390836f11b3e6d4712f7d61b221aa147a58c3903b319a3da746296e576ae21bca4c1c939986fe04145093c4b9173e1936e54c4bfd9aaa4efdd39f2a39e9554fe1bfee4597ce8c798b6233e22a8dcdc7e610ddf6a8c810e7429bb2fcd60f7108119112b3cc5a71fef1fac311afa0d034fd00954111ded4cf381d6a73cc4f6165052325e04566fbb2c644e8bd7e7cf3923af608af8f3537deaaef891bdc258a8341e742f62727444c2cb28ccf8c7e3d79d1162c29af2914627830fe3433c8beb27efc8e08f14581ee0acb0a761a2b0a1f219601c9bae3c6d92f2d3d712e9c239d2910e9ea0f539bc069b7e8a1e36abb4e3ec20ca1677fa0cf3c4d2d3180d15a3c808d0421b564fcb180316df4f46b33df1e57ca2644d8b3fcdd13fef43a3ab76982887a4751615e7665d639854c8c3a8bdceb6cee0fb00fb19f98c42cd6a555da3c4d6a5c6c3ca9f7ccece5bee4907e8676a05aaf4213d4e60c4f5f0bf1a8126b6555ec137dc5f7ca56901bf21329da5a6ad30ebd1d454d7ee3110ae88de0109084e1cdc6342b68883a5205ef763645cdf26815e9f99f8c4bcc5227142ba4e9da752abe3ce3a11f2df8aff40ea3db731c8c1992fc0ab2681c9613861f61f8173d7fafd7a3516e169a8c0541d7632a59641ad3c67ca2cde8dcfcababaa676e25f113d0a6bf3274fc532fafb6042b633051039d682d87477f3a14fa77a7966a6f019738c0a8eb737eea7464d4477f7be1a4553ae736f0dde836688cd4d90e0d207cb82b33f1207d893b1c720d3070c73d6a9b1e52634aea9117ba6a3c063c28e46a687ab0e239b0d95cc2eb76f2b1b6fa6963bb11489e490e70d7f2394cb350f952170a0f6c6338e8460579a1013d9bbc9cc438f617551803af00700e636d0545a4a6877698441b5961cf86d5c40fbbf95775d13dbb50de6a565bd98c3fc8db86278de0bdada8860917ae00345191f96cdffb43216705048851b9bb9cca1e14d394bd9ecd6f567cb16a17592535b0322d143e14f0f982262d5ea7f6790e16c49f6e8740c40be3ae70bf21e5691a175b0060e72c8025f46a439732b8cb8239a5e6823846838f54cb939beca1ca0425c3e43027b3526fc1ffe5e71b72a908002e2e5090e343e87c82cbf2f162f2fef4081c4212b9e4eed4f746a85859f33bcca464667b850851c6e6aafacf930c2f70e777133c651c1851ea8015a9f01cf7c41bf37af677dcd6ad9b0a8eb235f73db7f72007b9d12044451725c559f47deb4bf5054f154e805788a39e69754a054aff979122800365765843cce90a93a3bc6955963594e02da9f7fad62743419870c04751fcd7d8800fc17d6c1566fd1c35f9b464d235d7569f2d0cceeee1c5adbff3e87f3e67bc4beaa4a3fb948b2241b315d0d2a2060bdb2514eaae67a0add5ff446c8291c69d3acd9b7ffa4d01490994bf0135759ba56973d703883c4736c76f5dacb2629bdb429e41bce829bf72b13c0c3d0163efff66b3cde89a61ec6d4a0c3269924934575ff6a6656fc89e9d0d5a5d2a093022b9791763c14a76581e5e1e9f0cf56803e3a29fa93610cff5473a9299dff90e5bfd0e078bc0c4f48a7e379c63b5b048a5ddaeddb495c1631b871f053ad863e832fdc250c1de5242375734feb2895f905d77a1cb3219bb48c3a1403173e401f99d30e5af3731a08fc47186657353cef9e0a628cbf2f67bbe297c9e5bc1b99968f6d744e338a9b3618f180e49d1b641290b2beeaba720abdf6ef0391ab5499d15b5ee5480060e05bb1b50e6516f1f28588343c73c037f410a413cddaecaca940072844ad343a497984d45aa9b8e2be120b8bd0c6e786f5541e7d400d58431417001694a990af3270f82e4a8717e29514f78d0f8e8d9fb373268656b60c0c1c81999f86343a5271481bdf7b724b55d8ae05cb2ef6d81a7688d2f13a087b4759f3dae8762f76b4cd1fd61cf5b50667e1010c1ae5cd00761b7e077238647ba9206513bf9c62b507088c2d60e76030d572a86a217eca7480886aa9c3a93019316ffcb1555d978a1ed048adbdfd0b128eb073e5eb9593789b7474a8fe1695a7176deb561cd8cd656fd852df410aa4642f1c1534a272b9a0a6e6f1d660d035a4ed6f566678b83775f359a1119643b28b2466c1d192b54bcd3c2e7104ecf1d5fa70544bd38a0edbf26e9a6844bd9adade62cc76be8f2840c50afb9fe95698b945fe2fe17080f4c296b474e47179583f4cdf36fb93c4d53ff4d0697a221d497ce4240db574b53f60dd38862e7e04e64bfdd53639ea6c4b60ec39f7425dab78c7635fac31685b626b67119e3afb3e682fe3476e82b18f115b4b45366816012fb579d67e1f01028622ab891d3a44db13fb8b15ceb4aa88be06c80b049176fd368d32d06975d402b3f4078828edeb8ea49220e888ef3aec7f572aec2ad09c216626a9121f9533b6cb0e5084ebbc1c8b77ddd0021cf749310ab316c285090b50315e51eb6ea04411c77ed685ca0a674aafbb5d39e7752de1956b5811a8e6dc259a5bf1cc43ff94e0eca9bee7452bb81d52480b3760f3563617cd0a5a297cff0da357f678f95ce433de5cca614114916a3b35d4a911c0", 0x1000}], 0x1}}, {{0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000001240)="b5", 0x1}], 0x1}}], 0x2, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000006480)={&(0x7f0000b9a000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000064c0)=0x40) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) r4 = geteuid() mount$binder(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x800000, &(0x7f0000000140)={[], [{@hash}, {@flag='silent'}, {@obj_role={'obj_role', 0x3d, 'nl80211\x00'}}, {@smackfsdef={'smackfsdef', 0x3d, 'wlan1\x00'}}, {@euid_eq}, {@obj_type={'obj_type', 0x3d, 'wlan1\x00'}}, {@appraise_type}, {@euid_gt={'euid>', r4}}, {@permit_directio}]}) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000003c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r3, @ANYBLOB="04005b00060065004008"], 0x28}}, 0x0) 1.114792438s ago: executing program 3 (id=760): socket$netlink(0x10, 0x3, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sched_setaffinity(0x0, 0xfffffffffffffe58, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) fsopen(&(0x7f0000000240)='reiserfs\x00', 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'blake2s-160-x86\x00'}, 0xffffff61) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000000c0), 0x0) r2 = accept4(r1, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r2) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f000000e0c0)=@newtaction={0xfc, 0x30, 0x220, 0x0, 0x0, {}, [{0xe8, 0x1, [@m_skbedit={0x98, 0x0, 0x0, 0x0, {{0xc}, {0xc, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_MARK={0x8}]}, {0x64, 0x6, "769f4f615bc3d2ebeb9eaadfc0dae4c22ba98da5b80964c0f2a18de9803271ba55faf9ca6409be186b9cf9b5ed0524085efad60aef76be015f5f1662d03dc499499ba782f0916a79f74606fa5e9f59de511bb3ce23891f34bc4f79738f5fe5bc"}, {0xc}, {0xc}}}, @m_pedit={0x4c, 0x0, 0x0, 0x0, {{0xa}, {0x4}, {0x1e, 0x6, "781a6732a5d74d75e472533ecddfe8d82545a5b8ca0c35edfd24"}, {0xc}, {0xc}}}]}]}, 0xfc}}, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x18, "000080f100df000000a7d9de16c708db7200"}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r4 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r4, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189378, &(0x7f0000000280)={{0x1, 0x1, 0x18, r5, {0x7}}, './file0\x00'}) 557.805965ms ago: executing program 0 (id=761): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000000)={0x5, 0xfdfd, 0x29, 0x1e, 0x280, &(0x7f0000000880)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309000000000000000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700001800000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"}) 499.578426ms ago: executing program 0 (id=762): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000380)='X', 0x1, 0x0, &(0x7f0000000140)={0xa, 0x0, 0x0, @private2}, 0x1c) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2400000070000100000000000000000007"], 0x24}}, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000280)={0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe3, 0x0, 0x0, 0x0, 0x7}, 0xfffffffffffffd3c) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x4b, &(0x7f0000000040)=0x5, 0x4) shutdown(r0, 0x1) recvmmsg(r0, &(0x7f0000003f80)=[{{0x0, 0x0, 0x0}, 0x3}], 0x8000223, 0x40002140, 0x0) r2 = socket(0x840000000002, 0x3, 0x100) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) bind$inet(r2, 0x0, 0x0) 369.524181ms ago: executing program 2 (id=763): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000300)='kvm_fpu\x00', r1}, 0x10) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000300)='kvm_fpu\x00', r5}, 0x10) ioctl$KVM_RUN(r4, 0xae80, 0x0) 303.642905ms ago: executing program 0 (id=764): pipe(&(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000001100)="94", 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x0) tee(r0, r2, 0xaf5, 0x0) 301.202282ms ago: executing program 0 (id=765): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x98}}, 0x0) 64.877102ms ago: executing program 2 (id=766): r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f00000013c0), 0x800, 0x0) ioctl$CDROMRESET(r0, 0x127c) 64.722737ms ago: executing program 2 (id=767): mount(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000040)='virtiofs\x00', 0xf6, 0x0) 58.207801ms ago: executing program 1 (id=768): pipe(&(0x7f0000000680)={0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000003c0)=[{&(0x7f00000001c0)="f8", 0x1}], 0x1, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x0) tee(r0, r2, 0xaf5, 0x0) 0s ago: executing program 2 (id=769): openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef42b000000e3bd6efb010511000b0002000d000000ba8000001241", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x0) r1 = getpid() r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r1, &(0x7f00000000c0), 0x0, &(0x7f0000008640), 0x0, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301) ioctl$MEDIA_IOC_G_TOPOLOGY(0xffffffffffffffff, 0xc0487c04, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000000300), 0x11, 0x0, &(0x7f0000000640), 0x3, 0x0, &(0x7f00000005c0)=[{}, {0x0, 0x80000000}, {}], 0x0, 0x0, &(0x7f00000000c0)}) ioctl$MEDIA_IOC_ENUM_LINKS(0xffffffffffffffff, 0xc01c7c02, &(0x7f0000000980)={r5, &(0x7f0000000380), &(0x7f0000000900)=[{{0x80000000, 0x0}}, {{}, {0x80000000}}]}) ioctl$USBDEVFS_CONNECTINFO(r4, 0x80045520, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r8 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r8, 0x6, 0x19, &(0x7f0000000040)=0xb7, 0x4) bind$inet(r8, &(0x7f0000003900)={0x2, 0x4e24, @multicast1}, 0x10) connect$inet(r8, &(0x7f0000000480)={0x2, 0x4e24, @empty}, 0x10) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000440)={'erspan0\x00', 0x0}) sendto$inet(r8, &(0x7f0000000100)="f4188a9876a9431deeb98e3edfaafa03a11300e3aebb4102000000000034c5d2af03a5f261a35c07d07d371a4402394549d78c3f511bb4793daf4b4e28410e598769487fb27044ece0b4e738bcc7e1ce3aa7a3df2572a082809f406467bc0f0b47872a2ecc399861b90da1ffcfb35a8f5579b72e3cde817a2a78ff205c6fee57f9177bbeeb2f3d121b9c508660c2d90b0dc3f2412b62e7d99a7dfa6960b663bb8e14764efb33f9465c242b84b75a436ef9af2492b19a15bb9108656d828553e1719de91aa29cb5bf187a0162d50e234b6207725486c9e828d756ff9b6d4f5c4960469dd3a48b4e525f0cbf7158f95d603a37c272f874ee3b5c6e56", 0xfffffffffffffdb0, 0x4040004, 0x0, 0xfffffffb) close(0xffffffffffffffff) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r9 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r9, &(0x7f0000019680)=""/102392, 0x18ff8) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000001020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x20008000) sendmsg$NFT_BATCH(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYRESDEC=r3, @ANYRES64, @ANYBLOB="35628afa087a06db326cb5779540b723ea493b67d4a2709aa2d13ecec35df9364ca68e6acbf5fd3d28b94af00ddcc5d6535669c3ef2ceb3c52ac2de60860f65716dee80cd8e885f1be019211b86d30a91e9229ba51a9785823cef2c10dd72bdd973cc05344acbc9c01824538d8e36a90a2836263df58156350adc7be16e684478e123a8acd222d4dad7c228079bceeb84e37984d958bc6285281e2e457bf350f98eac4f902f47e48f4f41bca432e521c4867b1fddc", @ANYRES32, @ANYRESDEC=r7, @ANYBLOB="6bd09be65900f1d5e05e8ec1af6908657b0c9c2d1451006e0167c4e658bb384414285902f4dc06946c730f39d17990ceffdccafbdb856a9ff403516fdc5f9afdd4423faf6bbed86c9a6514193b0e5194ca6789", @ANYRESDEC=r7, @ANYRESOCT=r9, @ANYRES64=r6, @ANYBLOB="bd89ca684f939142b55ba75b01ef07dfa270ad591e7236b54fcc5a760cffc5de412f1ccdfb6a51a16591529648aab992f92036dcaf7b3692b63f0137ff0dd6313b76366787b487901ecaf2a2e5fcf3db327a2bb0a1cda14f21e461c63e8e059c02ce1937a527481a2ccb1457", @ANYRES8], 0x94}}, 0x20000041) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) kernel console output (not intermixed with test programs): : 0000000000000000 R09: 0000000000000000 [ 72.486989][ T6473] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 72.488986][ T6473] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 72.490988][ T6473] [ 72.491872][ C2] vkms_vblank_simulate: vblank timer overrun [ 72.707929][ T6477] cdrom: dropping to single frame dma [ 72.751857][ T6483] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 72.874388][ T6486] netlink: 24 bytes leftover after parsing attributes in process `syz.0.197'. [ 73.016974][ T978] gspca_nw80x: reg_r err -110 [ 73.018414][ T978] nw80x 6-1:0.0: probe with driver nw80x failed with error -110 [ 73.181635][ T6491] libceph: resolve '. [ 73.181635][ T6491] #)|.fǝa2sow?'%ЏKAqfCzeSb3L)HyoǤYMhE$ [ 73.181635][ T6491] ' (ret=-3): failed [ 73.406333][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 73.527217][ T39] audit: type=1326 audit(1728176708.810:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.201" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 73.533242][ T39] audit: type=1326 audit(1728176708.810:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.201" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 73.538947][ T39] audit: type=1326 audit(1728176708.810:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.201" exe="/syz-executor" sig=0 arch=40000003 syscall=71 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 73.544476][ T39] audit: type=1326 audit(1728176708.810:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.201" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 73.550529][ T39] audit: type=1326 audit(1728176708.810:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.201" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 73.556142][ T39] audit: type=1326 audit(1728176708.810:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.201" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 73.561863][ T39] audit: type=1326 audit(1728176708.810:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.201" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 73.568644][ T39] audit: type=1326 audit(1728176708.810:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.201" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 73.575221][ T39] audit: type=1326 audit(1728176708.810:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.201" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 73.652281][ T4800] usb 6-1: USB disconnect, device number 4 [ 74.123240][ T6498] FAULT_INJECTION: forcing a failure. [ 74.123240][ T6498] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 74.128126][ T6498] CPU: 2 UID: 0 PID: 6498 Comm: syz.3.202 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 74.131664][ T6498] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.135328][ T6498] Call Trace: [ 74.136530][ T6498] [ 74.137502][ T6498] dump_stack_lvl+0x16c/0x1f0 [ 74.138946][ T6498] should_fail_ex+0x497/0x5b0 [ 74.140441][ T6498] _copy_from_user+0x30/0xf0 [ 74.142010][ T6498] input_event_from_user+0x22d/0x3b0 [ 74.143776][ T6498] ? __pfx_input_event_from_user+0x10/0x10 [ 74.145756][ T6498] ? input_inject_event+0x193/0x370 [ 74.147377][ T6498] evdev_write+0x377/0x750 [ 74.148796][ T6498] ? __pfx_evdev_write+0x10/0x10 [ 74.150499][ T6498] ? bpf_lsm_file_permission+0x9/0x10 [ 74.152385][ T6498] ? security_file_permission+0x71/0x210 [ 74.154257][ T6498] ? __pfx_evdev_write+0x10/0x10 [ 74.155763][ T6498] vfs_write+0x28e/0x1140 [ 74.157245][ T6498] ? __fget_files+0x23a/0x3f0 [ 74.158878][ T6498] ? __pfx_lock_release+0x10/0x10 [ 74.160645][ T6498] ? trace_lock_acquire+0x14a/0x1d0 [ 74.162301][ T6498] ? __pfx_vfs_write+0x10/0x10 [ 74.163948][ T6498] ? lock_acquire+0x2f/0xb0 [ 74.165389][ T6498] ? __fget_files+0x40/0x3f0 [ 74.166859][ T6498] ? __fget_files+0x244/0x3f0 [ 74.168338][ T6498] ksys_write+0x1fa/0x260 [ 74.169694][ T6498] ? __pfx_ksys_write+0x10/0x10 [ 74.171298][ T6498] __do_fast_syscall_32+0x73/0x120 [ 74.173311][ T6498] do_fast_syscall_32+0x32/0x80 [ 74.175061][ T6498] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 74.177313][ T6498] RIP: 0023:0xf73ee579 [ 74.178690][ T6498] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 74.185098][ T6498] RSP: 002b:00000000f56b556c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 74.187895][ T6498] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040 [ 74.190551][ T6498] RDX: 0000000000001068 RSI: 0000000000000000 RDI: 0000000000000000 [ 74.193118][ T6498] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 74.195698][ T6498] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 74.198098][ T6498] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 74.200450][ T6498] [ 74.347971][ T6509] overlay: Unknown parameter '/' [ 74.447688][ T5361] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 74.449999][ T5361] Bluetooth: hci1: Injecting HCI hardware error event [ 74.452950][ T5348] Bluetooth: hci1: hardware error 0x00 [ 74.456036][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 74.973535][ T6514] FAULT_INJECTION: forcing a failure. [ 74.973535][ T6514] name failslab, interval 1, probability 0, space 0, times 0 [ 74.977032][ T6514] CPU: 3 UID: 0 PID: 6514 Comm: syz.3.206 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 74.979693][ T6514] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.982453][ T6514] Call Trace: [ 74.983338][ T6514] [ 74.984112][ T6514] dump_stack_lvl+0x16c/0x1f0 [ 74.985345][ T6514] should_fail_ex+0x497/0x5b0 [ 74.986578][ T6514] ? fs_reclaim_acquire+0xae/0x160 [ 74.988077][ T6514] should_failslab+0xc2/0x120 [ 74.989421][ T6514] __kmalloc_cache_noprof+0x6b/0x310 [ 74.990812][ T6514] ? sctp_auth_shkey_create+0x87/0x1f0 [ 74.992220][ T6514] sctp_auth_shkey_create+0x87/0x1f0 [ 74.993599][ T6514] sctp_auth_asoc_copy_shkeys+0x1f4/0x360 [ 74.995061][ T6514] sctp_association_new+0x1978/0x28b0 [ 74.996470][ T6514] sctp_connect_new_asoc+0x1b7/0x790 [ 74.997826][ T6514] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 74.999332][ T6514] ? mark_held_locks+0x9f/0xe0 [ 75.000630][ T6514] ? sctp_sendmsg+0x112f/0x1f10 [ 75.002021][ T6514] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 75.003446][ T6514] sctp_sendmsg+0x162a/0x1f10 [ 75.004691][ T6514] ? __pfx___lock_acquire+0x10/0x10 [ 75.006009][ T6514] ? __pfx_sctp_sendmsg+0x10/0x10 [ 75.007391][ T6514] ? lock_acquire+0x2f/0xb0 [ 75.008720][ T6514] ? __pfx_aa_sk_perm+0x10/0x10 [ 75.009943][ T6514] ? __pfx_sctp_sendmsg+0x10/0x10 [ 75.011223][ T6514] inet_sendmsg+0x119/0x140 [ 75.012338][ T6514] __sys_sendto+0x426/0x4d0 [ 75.013472][ T6514] ? __pfx___sys_sendto+0x10/0x10 [ 75.014744][ T6514] ? ksys_write+0x1ad/0x260 [ 75.015930][ T6514] ? __pfx_ksys_write+0x10/0x10 [ 75.017088][ T6514] __ia32_sys_sendto+0xdd/0x1b0 [ 75.018370][ T6514] ? lockdep_hardirqs_on+0x7c/0x110 [ 75.019734][ T6514] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 75.021484][ T6514] __do_fast_syscall_32+0x73/0x120 [ 75.022827][ T6514] do_fast_syscall_32+0x32/0x80 [ 75.024112][ T6514] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 75.025786][ T6514] RIP: 0023:0xf73ee579 [ 75.026877][ T6514] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 75.031888][ T6514] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 75.034068][ T6514] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040 [ 75.036130][ T6514] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000020000100 [ 75.038195][ T6514] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000 [ 75.040260][ T6514] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 75.042876][ T6514] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 75.045630][ T6514] [ 75.486039][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 75.505523][ T6530] netlink: 24 bytes leftover after parsing attributes in process `syz.2.209'. [ 75.594584][ T6532] netlink: 'syz.1.211': attribute type 21 has an invalid length. [ 75.888500][ T8] cfg80211: failed to load regulatory.db [ 76.266921][ T39] kauditd_printk_skb: 6 callbacks suppressed [ 76.266932][ T39] audit: type=1326 audit(1728176711.550:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6543 comm="syz.0.215" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 76.307741][ T39] audit: type=1326 audit(1728176711.560:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6543 comm="syz.0.215" exe="/syz-executor" sig=0 arch=40000003 syscall=275 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 76.313578][ T39] audit: type=1326 audit(1728176711.560:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6543 comm="syz.0.215" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 76.326308][ T6550] overlay: Unknown parameter '/' [ 76.327042][ T39] audit: type=1326 audit(1728176711.560:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6543 comm="syz.0.215" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 76.334700][ T39] audit: type=1326 audit(1728176711.560:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6543 comm="syz.0.215" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 76.340342][ T39] audit: type=1326 audit(1728176711.590:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6543 comm="syz.0.215" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 76.346345][ T39] audit: type=1326 audit(1728176711.610:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6551 comm="syz.0.217" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 76.352143][ T39] audit: type=1326 audit(1728176711.610:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6551 comm="syz.0.217" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 76.368146][ T39] audit: type=1326 audit(1728176711.610:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6551 comm="syz.0.217" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 76.374164][ T39] audit: type=1326 audit(1728176711.610:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6551 comm="syz.0.217" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 76.526044][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 76.526471][ T5348] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 77.081968][ T6561] qnx4: no qnx4 filesystem (no root dir). [ 77.114542][ T6563] netlink: 20 bytes leftover after parsing attributes in process `syz.2.220'. [ 77.444904][ T6573] netlink: 24 bytes leftover after parsing attributes in process `syz.2.222'. [ 77.576082][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 77.937849][ T6586] netlink: 2 bytes leftover after parsing attributes in process `syz.0.225'. [ 77.941099][ T6586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.944740][ T6586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.949786][ T6586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.954559][ T6586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.960236][ T6586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.966235][ T6586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.168566][ T6593] loop2: detected capacity change from 0 to 233 [ 78.187647][ T6593] loop2: AHDI p1 p2 [ 78.332521][ T6598] overlay: Unknown parameter '/' [ 78.464964][ T6610] netlink: 'syz.1.227': attribute type 10 has an invalid length. [ 78.491659][ T6610] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 78.606120][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 78.883794][ T6619] netlink: 8 bytes leftover after parsing attributes in process `syz.0.233'. [ 78.917121][ T5393] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 79.068183][ T5393] usb 6-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b [ 79.071257][ T5393] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.075330][ T5393] usb 6-1: config 0 descriptor?? [ 79.081040][ T5393] input: bcm5974 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input7 [ 79.293987][ T9] usb 6-1: USB disconnect, device number 5 [ 79.646034][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 79.699590][ T6619] delete_channel: no stack [ 80.026656][ T6632] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 80.028521][ T6632] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 80.031983][ T6632] vhci_hcd vhci_hcd.0: Device attached [ 80.032504][ T6637] netlink: 'syz.2.238': attribute type 10 has an invalid length. [ 80.043799][ T6637] bond0: (slave netdevsim0): Enslaving as an active interface with a down link [ 80.066627][ T6635] netlink: 24 bytes leftover after parsing attributes in process `syz.0.236'. [ 80.286042][ T978] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 80.306194][ T63] usb 16-1: SetAddress Request (2) to port 0 [ 80.308743][ T63] usb 16-1: new SuperSpeed USB device number 2 using vhci_hcd [ 80.456043][ T978] usb 6-1: Using ep0 maxpacket: 8 [ 80.460418][ T978] usb 6-1: New USB device found, idVendor=04b4, idProduct=0002, bcdDevice=62.0d [ 80.462790][ T978] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 80.464862][ T978] usb 6-1: Product: syz [ 80.468287][ T978] usb 6-1: Manufacturer: syz [ 80.469824][ T978] usb 6-1: SerialNumber: syz [ 80.476853][ T978] usb 6-1: config 0 descriptor?? [ 80.480355][ T978] cytherm 6-1:0.0: Cypress thermometer device now attached [ 80.526644][ T5348] Bluetooth: hci3: command tx timeout [ 80.683509][ T6633] vhci_hcd: cannot find a urb of seqnum 0 max seqnum 1 [ 80.685466][ T5389] usb 6-1: USB disconnect, device number 6 [ 80.687485][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 80.689572][ T5389] cytherm 6-1:0.0: Cypress thermometer now disconnected [ 80.708022][ T1130] vhci_hcd: stop threads [ 80.709987][ T1130] vhci_hcd: release socket [ 80.726697][ T1130] vhci_hcd: disconnect device [ 81.250772][ T6659] netlink: 2 bytes leftover after parsing attributes in process `syz.3.244'. [ 81.253195][ T6659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.255825][ T6659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.258374][ T6659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.261634][ T6659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.264379][ T6659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.267624][ T6659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.472145][ T6666] overlay: Unknown parameter '/' [ 81.726044][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 82.164132][ T6672] FAULT_INJECTION: forcing a failure. [ 82.164132][ T6672] name failslab, interval 1, probability 0, space 0, times 0 [ 82.170339][ T6672] CPU: 3 UID: 0 PID: 6672 Comm: syz.3.247 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 82.173050][ T6672] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 82.175900][ T6672] Call Trace: [ 82.176794][ T6672] [ 82.177566][ T6672] dump_stack_lvl+0x16c/0x1f0 [ 82.178809][ T6672] should_fail_ex+0x497/0x5b0 [ 82.180106][ T6672] ? fs_reclaim_acquire+0xae/0x160 [ 82.181428][ T6672] should_failslab+0xc2/0x120 [ 82.182647][ T6672] kmem_cache_alloc_node_noprof+0x71/0x310 [ 82.184223][ T6672] ? __alloc_skb+0x2b3/0x380 [ 82.185917][ T6672] __alloc_skb+0x2b3/0x380 [ 82.187526][ T6672] ? __pfx___alloc_skb+0x10/0x10 [ 82.189105][ T6672] ? __lock_acquire+0xbdd/0x3ce0 [ 82.190393][ T6672] alloc_skb_with_frags+0xe4/0x850 [ 82.191732][ T6672] ? __pfx___lock_acquire+0x10/0x10 [ 82.193298][ T6672] ? __pfx_mark_lock+0x10/0x10 [ 82.194924][ T6672] sock_alloc_send_pskb+0x7f1/0x980 [ 82.196711][ T6672] ? find_held_lock+0x2d/0x110 [ 82.198315][ T6672] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 82.200340][ T6672] ? lock_acquire+0x2f/0xb0 [ 82.201904][ T6672] ? dev_get_by_index+0x37/0x380 [ 82.203585][ T6672] packet_sendmsg+0x1f18/0x54c0 [ 82.205248][ T6672] ? __pfx___might_resched+0x10/0x10 [ 82.207043][ T6672] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 82.209024][ T6672] ? aa_sk_perm+0x2f5/0xb20 [ 82.210574][ T6672] ? __pfx_packet_sendmsg+0x10/0x10 [ 82.212338][ T6672] ? __pfx_aa_sk_perm+0x10/0x10 [ 82.213941][ T6672] __sys_sendto+0x479/0x4d0 [ 82.215506][ T6672] ? __pfx___sys_sendto+0x10/0x10 [ 82.217260][ T6672] ? ksys_write+0x1ad/0x260 [ 82.218764][ T6672] ? __pfx_ksys_write+0x10/0x10 [ 82.220440][ T6672] __ia32_sys_sendto+0xdd/0x1b0 [ 82.222135][ T6672] ? lockdep_hardirqs_on+0x7c/0x110 [ 82.223903][ T6672] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 82.226096][ T6672] __do_fast_syscall_32+0x73/0x120 [ 82.227764][ T6672] do_fast_syscall_32+0x32/0x80 [ 82.229437][ T6672] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 82.231588][ T6672] RIP: 0023:0xf73ee579 [ 82.233002][ T6672] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 82.238448][ T6672] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 82.240582][ T6672] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000240 [ 82.242613][ T6672] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 00000000200000c0 [ 82.244812][ T6672] RBP: 0000000000000014 R08: 0000000000000000 R09: 0000000000000000 [ 82.246711][ T6672] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 82.248735][ T6672] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 82.250618][ T6672] [ 82.455067][ T6680] netlink: 32 bytes leftover after parsing attributes in process `syz.3.249'. [ 82.500738][ T6680] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 82.522611][ T6686] Bluetooth: MGMT ver 1.23 [ 82.776024][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 82.776091][ T5566] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 82.906163][ T5566] usb 6-1: device descriptor read/64, error -71 [ 82.959615][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.064996][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.146161][ T5566] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 83.152586][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.170202][ T5361] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 83.173975][ T5361] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 83.179095][ T5361] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 83.182075][ T5361] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 83.189716][ T5361] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 83.192564][ T5361] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 83.234809][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.276100][ T5566] usb 6-1: device descriptor read/64, error -71 [ 83.326875][ T6695] chnl_net:caif_netlink_parms(): no params data found [ 83.375560][ T11] bridge_slave_1: left allmulticast mode [ 83.377934][ T11] bridge_slave_1: left promiscuous mode [ 83.380315][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.388683][ T11] bridge_slave_0: left allmulticast mode [ 83.390162][ T11] bridge_slave_0: left promiscuous mode [ 83.391782][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.396360][ T5566] usb usb6-port1: attempt power cycle [ 83.701236][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 83.707823][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 83.712787][ T11] bond0 (unregistering): Released all slaves [ 83.737146][ T5566] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 83.764184][ T5566] usb 6-1: device descriptor read/8, error -71 [ 83.806039][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 83.854827][ T6695] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.857558][ T6695] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.860807][ T6695] bridge_slave_0: entered allmulticast mode [ 83.863684][ T6695] bridge_slave_0: entered promiscuous mode [ 83.871279][ T6695] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.873685][ T6695] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.877391][ T6695] bridge_slave_1: entered allmulticast mode [ 83.880218][ T6695] bridge_slave_1: entered promiscuous mode [ 83.908096][ T6695] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.912798][ T6695] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.972526][ T6695] team0: Port device team_slave_0 added [ 84.001671][ T6695] team0: Port device team_slave_1 added [ 84.006293][ T5566] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 84.028049][ T5566] usb 6-1: device descriptor read/8, error -71 [ 84.034732][ T6695] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.036792][ T6695] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.043469][ T6695] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.054498][ T6695] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.056552][ T6695] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.062737][ T6695] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.077249][ T11] hsr_slave_0: left promiscuous mode [ 84.080001][ T11] hsr_slave_1: left promiscuous mode [ 84.082607][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 84.085235][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 84.091420][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 84.094069][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 84.113249][ T11] veth1_macvtap: left promiscuous mode [ 84.114988][ T11] veth0_macvtap: left promiscuous mode [ 84.116969][ T11] veth1_vlan: left promiscuous mode [ 84.118458][ T11] veth0_vlan: left promiscuous mode [ 84.140776][ T5566] usb usb6-port1: unable to enumerate USB device [ 84.724491][ T11] team0 (unregistering): Port device team_slave_1 removed [ 84.785191][ T6725] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 84.856049][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 84.860269][ T11] team0 (unregistering): Port device team_slave_0 removed [ 85.258352][ T5361] Bluetooth: hci0: command tx timeout [ 85.406133][ T63] usb 16-1: device descriptor read/8, error -110 [ 85.419974][ T6735] netlink: 24 bytes leftover after parsing attributes in process `syz.2.262'. [ 85.436455][ T6695] hsr_slave_0: entered promiscuous mode [ 85.438646][ T6695] hsr_slave_1: entered promiscuous mode [ 85.796417][ T63] usb usb16-port1: attempt power cycle [ 85.886240][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 85.959359][ T6780] netlink: 2 bytes leftover after parsing attributes in process `syz.2.266'. [ 85.962096][ T6780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.964852][ T6780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.973683][ T6780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.982878][ T6780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.991415][ T6695] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 86.005124][ T6695] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 86.011292][ T6695] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 86.022471][ T6695] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 86.088681][ T6695] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.100587][ T6695] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.108042][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.110482][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.118839][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.121243][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.249891][ T6695] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.284048][ T6695] veth0_vlan: entered promiscuous mode [ 86.289288][ T6695] veth1_vlan: entered promiscuous mode [ 86.302605][ T6695] veth0_macvtap: entered promiscuous mode [ 86.305758][ T6695] veth1_macvtap: entered promiscuous mode [ 86.312343][ T6695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.315016][ T6695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.320419][ T6695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.323243][ T6695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.326884][ T6695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.329676][ T6695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.332992][ T6695] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.339284][ T6695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.342690][ T6695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.346529][ T6695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.349851][ T6695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.352990][ T6695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.357222][ T6695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.361537][ T6695] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.367665][ T63] usb usb16-port1: unable to enumerate USB device [ 86.372247][ T6695] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.375074][ T6695] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.378615][ T6695] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.381320][ T6695] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.425776][ T999] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.436548][ T999] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.480630][ T1103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.486805][ T1103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.489657][ T6818] overlay: Unknown parameter '/' [ 86.850025][ T6823] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 86.906051][ T6823] qnx4: no qnx4 filesystem (no root dir). [ 86.926197][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 86.995069][ T6829] netlink: 4 bytes leftover after parsing attributes in process `syz.0.268'. [ 87.018129][ T6829] jfs: Unrecognized mount option "gid=" or missing value [ 87.313566][ T6841] netlink: 8 bytes leftover after parsing attributes in process `syz.2.271'. [ 87.326541][ T5361] Bluetooth: hci0: command tx timeout [ 87.418936][ T6846] mmap: syz.2.271 (6846) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 87.897330][ T6880] netlink: 24 bytes leftover after parsing attributes in process `syz.3.272'. [ 87.966049][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 88.067092][ T6888] netlink: 4 bytes leftover after parsing attributes in process `syz.1.274'. [ 88.270452][ T6888] hsr_slave_1 (unregistering): left promiscuous mode [ 88.271300][ T6893] FAULT_INJECTION: forcing a failure. [ 88.271300][ T6893] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 88.282547][ T6893] CPU: 0 UID: 0 PID: 6893 Comm: syz.2.275 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 88.285245][ T6893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 88.288077][ T6893] Call Trace: [ 88.288998][ T6893] [ 88.289801][ T6893] dump_stack_lvl+0x16c/0x1f0 [ 88.291089][ T6893] should_fail_ex+0x497/0x5b0 [ 88.292375][ T6893] ? fs_reclaim_acquire+0xae/0x160 [ 88.293755][ T6893] should_fail_alloc_page+0xe7/0x130 [ 88.295060][ T6893] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 88.296569][ T6893] ? __pfx_usage_skip+0x10/0x10 [ 88.297878][ T6893] __alloc_pages_noprof+0x190/0x25c0 [ 88.299298][ T6893] ? __pfx_mark_lock+0x10/0x10 [ 88.300589][ T6893] ? check_irq_usage+0x170/0x1290 [ 88.301936][ T6893] ? mark_lock+0xb5/0xc60 [ 88.303105][ T6893] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 88.304644][ T6893] ? __bfs+0x2fa/0x670 [ 88.305746][ T6893] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 88.307338][ T6893] ? policy_nodemask+0xea/0x4e0 [ 88.308653][ T6893] alloc_pages_mpol_noprof+0x2c9/0x610 [ 88.310122][ T6893] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 88.311738][ T6893] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 88.313292][ T6893] folio_alloc_mpol_noprof+0x36/0xd0 [ 88.314700][ T6893] vma_alloc_folio_noprof+0xee/0x1b0 [ 88.315988][ T6893] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 88.317489][ T6893] ? find_held_lock+0x2d/0x110 [ 88.318784][ T6893] do_pte_missing+0x2010/0x3e50 [ 88.320107][ T6893] ? rcu_is_watching+0x12/0xc0 [ 88.321399][ T6893] __handle_mm_fault+0x100a/0x2a10 [ 88.322780][ T6893] ? __pfx___handle_mm_fault+0x10/0x10 [ 88.324250][ T6893] ? __pfx_lock_release+0x10/0x10 [ 88.325613][ T6893] ? follow_page_pte+0x50d/0x1eb0 [ 88.326969][ T6893] handle_mm_fault+0x3fa/0xaa0 [ 88.328269][ T6893] __get_user_pages+0x90f/0x3b90 [ 88.329611][ T6893] ? __pfx___get_user_pages+0x10/0x10 [ 88.331058][ T6893] ? down_read_killable+0xcc/0x380 [ 88.332446][ T6893] ? __pfx_down_read_killable+0x10/0x10 [ 88.333935][ T6893] get_user_pages_unlocked+0x1c2/0x780 [ 88.335398][ T6893] ? __pfx_get_user_pages_unlocked+0x10/0x10 [ 88.337031][ T6893] ? __pfx_get_user_pages_fast_only+0x10/0x10 [ 88.338663][ T6893] ? __pfx___might_resched+0x10/0x10 [ 88.340089][ T6893] ? hlock_class+0x4e/0x130 [ 88.341327][ T6893] hva_to_pfn+0x2da/0xea0 [ 88.342502][ T6893] ? __pfx_hva_to_pfn+0x10/0x10 [ 88.343819][ T6893] ? xa_load+0x14a/0x2c0 [ 88.344983][ T6893] ? __pfx_lock_release+0x10/0x10 [ 88.346349][ T6893] ? xas_load+0x49/0x5b0 [ 88.347499][ T6893] ? xa_load+0xc8/0x2c0 [ 88.348651][ T6893] ? xa_load+0x154/0x2c0 [ 88.349817][ T6893] ? __pfx_xa_load+0x10/0x10 [ 88.351073][ T6893] __gfn_to_pfn_memslot+0x23f/0x570 [ 88.352481][ T6893] kvm_faultin_pfn+0x48c/0x1db0 [ 88.353800][ T6893] ? __pfx_kvm_faultin_pfn+0x10/0x10 [ 88.355225][ T6893] ? __kvm_mmu_topup_memory_cache+0x330/0x600 [ 88.356866][ T6893] ? __pfx_vmx_vcpu_load_vmcs+0x10/0x10 [ 88.358405][ T6893] kvm_tdp_page_fault+0x182/0x350 [ 88.360184][ T6893] kvm_mmu_do_page_fault+0x59f/0x6a0 [ 88.361854][ T6893] ? __pfx_kvm_mmu_do_page_fault+0x10/0x10 [ 88.363436][ T6893] ? mark_held_locks+0x9f/0xe0 [ 88.364754][ T6893] ? hlock_class+0x4e/0x130 [ 88.365989][ T6893] kvm_mmu_page_fault+0x214/0x1b70 [ 88.367388][ T6893] ? __pfx___lock_acquire+0x10/0x10 [ 88.368783][ T6893] ? __pfx_kvm_mmu_page_fault+0x10/0x10 [ 88.370264][ T6893] ? __pfx___schedule+0x10/0x10 [ 88.371580][ T6893] ? __pfx_mark_lock+0x10/0x10 [ 88.372888][ T6893] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 88.374416][ T6893] handle_ept_violation+0x1f0/0x510 [ 88.375814][ T6893] ? __pfx_handle_ept_violation+0x10/0x10 [ 88.377365][ T6893] vmx_handle_exit+0x733/0x1ed0 [ 88.378685][ T6893] vcpu_run+0x2aa3/0x4c90 [ 88.379865][ T6893] ? __pfx_vcpu_run+0x10/0x10 [ 88.381153][ T6893] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 88.382660][ T6893] ? rcu_watching_snap_stopped_since+0xd0/0x110 [ 88.384345][ T6893] ? trace_lock_acquire+0x14a/0x1d0 [ 88.385725][ T6893] ? __local_bh_enable_ip+0xa4/0x120 [ 88.387145][ T6893] ? kvm_arch_vcpu_ioctl_run+0x14d/0x1730 [ 88.388695][ T6893] ? lock_acquire+0x2f/0xb0 [ 88.389931][ T6893] ? kvm_arch_vcpu_ioctl_run+0x447/0x1730 [ 88.391463][ T6893] kvm_arch_vcpu_ioctl_run+0x447/0x1730 [ 88.392966][ T6893] kvm_vcpu_ioctl+0x6c7/0x1510 [ 88.394257][ T6893] ? tomoyo_path_number_perm+0x467/0x5b0 [ 88.395766][ T6893] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 88.397189][ T6893] ? tomoyo_path_number_perm+0x190/0x5b0 [ 88.398698][ T6893] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 88.400317][ T6893] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 88.401908][ T6893] ? do_vfs_ioctl+0x513/0x1950 [ 88.403209][ T6893] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 88.404586][ T6893] ? trace_lock_acquire+0x14a/0x1d0 [ 88.405986][ T6893] kvm_vcpu_compat_ioctl+0x210/0x3f0 [ 88.407413][ T6893] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 88.409020][ T6893] ? __fget_files+0x244/0x3f0 [ 88.410317][ T6893] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 88.411966][ T6893] __do_compat_sys_ioctl+0x259/0x2b0 [ 88.413919][ T6893] __do_fast_syscall_32+0x73/0x120 [ 88.415915][ T6893] do_fast_syscall_32+0x32/0x80 [ 88.417347][ T6893] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 88.419165][ T6893] RIP: 0023:0xf73ae579 [ 88.420278][ T6893] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 88.425366][ T6893] RSP: 002b:00000000f569656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 88.427578][ T6893] RAX: ffffffffffffffda RBX: 000000000000000e RCX: 000000000000ae80 [ 88.429690][ T6893] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 88.431795][ T6893] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 88.433905][ T6893] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 88.436027][ T6893] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 88.438139][ T6893] [ 88.677342][ T6900] overlay: Unknown parameter '/' [ 89.016050][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 89.222796][ T6914] fuse: Bad value for 'rootmode' [ 89.424865][ T5361] Bluetooth: hci0: command tx timeout [ 89.713898][ T6939] block nbd0: not configured, cannot reconfigure [ 90.046111][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 90.309761][ T6987] netlink: 2 bytes leftover after parsing attributes in process `syz.1.290'. [ 90.313379][ T6987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.318504][ T6987] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.321675][ T6987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.325430][ T6987] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.329006][ T6987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.334518][ T6987] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.086049][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 91.486095][ T5361] Bluetooth: hci0: command tx timeout [ 91.625079][ T7010] netlink: 2 bytes leftover after parsing attributes in process `syz.0.297'. [ 91.627866][ T7010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.630512][ T7010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.632968][ T7010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.635500][ T7010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.640536][ T7010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.643302][ T7010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.646750][ T7010] batadv_slave_1: entered promiscuous mode [ 92.126123][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 93.166026][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 94.046636][ T7063] overlay: Unknown parameter '/' [ 94.120848][ T39] kauditd_printk_skb: 39 callbacks suppressed [ 94.120863][ T39] audit: type=1804 audit(1728176729.400:68): pid=7066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.308" name="/newroot/75/file0/file0" dev="9p" ino=35922650 res=1 errno=0 [ 94.205997][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 94.461408][ T39] audit: type=1326 audit(1728176729.740:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7087 comm="syz.3.311" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x0 [ 94.517562][ T7090] netlink: 'syz.1.309': attribute type 2 has an invalid length. [ 94.520946][ T7090] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 94.594317][ T7097] netlink: 2 bytes leftover after parsing attributes in process `syz.2.313'. [ 94.598183][ T7097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.601150][ T7097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.603633][ T7097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.609147][ T7097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.611846][ T7097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.614680][ T7097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.786020][ T5566] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 94.959731][ T5566] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 94.964942][ T5566] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 94.971342][ T5566] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 94.977111][ T5566] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 94.986717][ T5566] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 94.991710][ T5566] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 94.997298][ T5566] usb 6-1: Manufacturer: syz [ 95.002746][ T5566] usb 6-1: config 0 descriptor?? [ 95.246099][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 95.428664][ T5566] appleir 0003:05AC:8243.0002: unknown main item tag 0x0 [ 95.432305][ T5566] appleir 0003:05AC:8243.0002: No inputs registered, leaving [ 95.471425][ T5566] appleir 0003:05AC:8243.0002: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 96.286116][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 97.101400][ T7165] netlink: 2 bytes leftover after parsing attributes in process `syz.3.323'. [ 97.116357][ T7165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.119898][ T7165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.123083][ T7165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.130882][ T7165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.134222][ T7165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.138137][ T7165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.170840][ T7167] netlink: 2 bytes leftover after parsing attributes in process `syz.2.324'. [ 97.173445][ T7167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.183786][ T7167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.188129][ T7167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.191023][ T7167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.193728][ T7167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.196637][ T7167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.235291][ T39] audit: type=1326 audit(1728176732.510:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7169 comm="syz.1.325" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 97.242104][ T39] audit: type=1326 audit(1728176732.520:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7169 comm="syz.1.325" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 97.252652][ T39] audit: type=1326 audit(1728176732.520:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7169 comm="syz.1.325" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 97.252744][ T39] audit: type=1326 audit(1728176732.520:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7169 comm="syz.1.325" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 97.255474][ T39] audit: type=1326 audit(1728176732.520:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7169 comm="syz.1.325" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 97.255569][ T39] audit: type=1326 audit(1728176732.520:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7169 comm="syz.1.325" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 97.255642][ T39] audit: type=1326 audit(1728176732.520:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7169 comm="syz.1.325" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 97.259084][ T39] audit: type=1326 audit(1728176732.520:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7169 comm="syz.1.325" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 97.326126][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 97.436348][ T7170] nbd1: detected capacity change from 0 to 12 [ 97.440142][ T7176] block nbd1: NBD_DISCONNECT [ 97.442189][ T7176] block nbd1: Send disconnect failed -89 [ 97.447532][ T5360] block nbd1: Send control failed (result -89) [ 97.449863][ T5360] block nbd1: Request send failed, requeueing [ 97.455476][ T5360] block nbd1: Disconnected due to user request. [ 97.462407][ T1124] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 97.467791][ T1124] Buffer I/O error on dev nbd1, logical block 0, async page read [ 97.471531][ T5360] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 97.471999][ T5393] usb 6-1: USB disconnect, device number 11 [ 97.475081][ T5360] Buffer I/O error on dev nbd1, logical block 0, async page read [ 97.479877][ T5360] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 97.484246][ T5360] Buffer I/O error on dev nbd1, logical block 0, async page read [ 97.487102][ T5360] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 97.490100][ T5360] Buffer I/O error on dev nbd1, logical block 0, async page read [ 97.492918][ T5360] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 97.495833][ T5360] Buffer I/O error on dev nbd1, logical block 0, async page read [ 97.498562][ T5360] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 97.501482][ T5360] Buffer I/O error on dev nbd1, logical block 0, async page read [ 97.503988][ T5360] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 97.507040][ T5360] Buffer I/O error on dev nbd1, logical block 0, async page read [ 97.509473][ T5360] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 97.512397][ T5360] Buffer I/O error on dev nbd1, logical block 0, async page read [ 97.514850][ T5360] ldm_validate_partition_table(): Disk read failed. [ 97.517180][ T5360] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 97.520042][ T5360] Buffer I/O error on dev nbd1, logical block 0, async page read [ 97.522599][ T5360] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 97.526705][ T5360] Buffer I/O error on dev nbd1, logical block 0, async page read [ 97.529007][ T5360] Dev nbd1: unable to read RDB block 0 [ 97.530574][ T5360] nbd1: unable to read partition table [ 97.532128][ T5360] nbd1: partition table beyond EOD, truncated [ 97.535264][ T7176] ldm_validate_partition_table(): Disk read failed. [ 97.538059][ T7176] Dev nbd1: unable to read RDB block 0 [ 97.539663][ T7176] nbd1: unable to read partition table [ 97.541213][ T7176] nbd1: partition table beyond EOD, truncated [ 97.544086][ T5360] ldm_validate_partition_table(): Disk read failed. [ 97.548734][ T5360] Dev nbd1: unable to read RDB block 0 [ 97.551434][ T5360] nbd1: unable to read partition table [ 97.553661][ T5360] nbd1: partition table beyond EOD, truncated [ 98.366060][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 99.162610][ T7242] trusted_key: syz.1.334 sent an empty control message without MSG_MORE. [ 99.317482][ T7260] netlink: 24 bytes leftover after parsing attributes in process `syz.3.333'. [ 99.406029][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 100.088887][ T7286] overlay: Unknown parameter '//file0' [ 100.446040][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 101.486154][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 101.879105][ T7354] support for the xor transformation has been removed. [ 101.905376][ T7354] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 102.000973][ T7361] tmpfs: Bad value for 'nr_blocks' [ 102.207759][ T7373] overlay: Unknown parameter '/' [ 102.309337][ T7376] netlink: 2 bytes leftover after parsing attributes in process `syz.0.356'. [ 102.325433][ T7376] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 102.328324][ T7376] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.330655][ T7376] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 102.333183][ T7376] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.335768][ T7376] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 102.336116][ T9] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 102.338678][ T7376] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.526006][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 102.546374][ T9] usb 8-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 102.549155][ T9] usb 8-1: config 27 has 0 interfaces, different from the descriptor's value: 1 [ 102.551587][ T9] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 102.554015][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.807349][ T828] usb 8-1: USB disconnect, device number 4 [ 103.382478][ T7399] netlink: 24 bytes leftover after parsing attributes in process `syz.1.359'. [ 103.566013][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 103.579654][ T7401] netlink: 2 bytes leftover after parsing attributes in process `syz.2.361'. [ 103.582916][ T7401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 103.586732][ T7401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 103.590066][ T7401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 103.593613][ T7401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 103.597229][ T7401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 103.600777][ T7401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 103.955110][ T7409] netlink: 24 bytes leftover after parsing attributes in process `syz.3.362'. [ 104.616068][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 105.100590][ T7432] overlay: Unknown parameter '/' [ 105.383962][ T7436] overlay: Unknown parameter '/' [ 105.646061][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 105.920800][ T7458] netlink: 24 bytes leftover after parsing attributes in process `syz.2.369'. [ 106.686018][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 107.052033][ T7477] netlink: 24 bytes leftover after parsing attributes in process `syz.3.372'. [ 107.210906][ T7480] usb 1-1: USB disconnect, device number 2 [ 107.726028][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 107.928998][ T7498] overlay: Unknown parameter '/' [ 108.083243][ T7502] hsr0: entered allmulticast mode [ 108.084726][ T7502] hsr_slave_0: entered allmulticast mode [ 108.089243][ T7502] netlink: 116 bytes leftover after parsing attributes in process `syz.1.380'. [ 108.097566][ T7502] hsr_slave_0: left promiscuous mode [ 108.170431][ T7502] hsr0 (unregistering): left allmulticast mode [ 108.246036][ T39] kauditd_printk_skb: 117 callbacks suppressed [ 108.246048][ T39] audit: type=1326 audit(1728176743.520:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7503 comm="syz.2.381" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73ae579 code=0x0 [ 108.766076][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 109.176159][ T5390] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 109.296023][ T7517] unknown channel width for channel at 909000KHz? [ 109.336266][ T5390] usb 8-1: Using ep0 maxpacket: 8 [ 109.341150][ T5390] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 109.347319][ T5390] usb 8-1: config 0 has no interface number 0 [ 109.349145][ T5390] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 109.352481][ T5390] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 109.360534][ T5390] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.365122][ T5390] usb 8-1: config 0 descriptor?? [ 109.371949][ T5390] iowarrior 8-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 109.806319][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 109.954946][ T5390] usb 8-1: USB disconnect, device number 5 [ 109.965108][ T5390] iowarrior 8-1:0.1: I/O-Warror #0 now disconnected [ 110.575474][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 110.846043][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 111.397929][ T7568] netlink: 24 bytes leftover after parsing attributes in process `syz.3.397'. [ 111.896024][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 112.926002][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 113.417985][ T7614] overlay: Unknown parameter '/' [ 113.966039][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 114.225796][ T39] audit: type=1326 audit(1728176749.500:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7616 comm="syz.2.412" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73ae579 code=0x0 [ 114.541062][ T7632] netlink: 24 bytes leftover after parsing attributes in process `syz.3.413'. [ 114.712982][ T7636] netlink: 2 bytes leftover after parsing attributes in process `syz.0.416'. [ 114.718558][ T7636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 114.722772][ T7636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 114.726317][ T7636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 114.729591][ T7636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 114.732402][ T7636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 114.735800][ T7636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.016038][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 115.242407][ T7641] netlink: 2 bytes leftover after parsing attributes in process `syz.2.417'. [ 115.245226][ T7641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.248165][ T7641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.251837][ T7641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.254747][ T7641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.257888][ T7641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.261179][ T7641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.711212][ T7661] gfs2: not a GFS2 filesystem [ 115.847318][ T7664] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.424'. [ 115.862243][ T7664] netlink: 8 bytes leftover after parsing attributes in process `syz.1.424'. [ 116.046067][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 116.832179][ T7667] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 116.834480][ T7667] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 116.881425][ T7667] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 116.888480][ T7667] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 116.890593][ T7667] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 116.897623][ T7667] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 116.907130][ T7667] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 116.912882][ T7667] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 116.916396][ T7667] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 116.920514][ T7667] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 117.096118][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 117.310628][ T7685] netlink: 2 bytes leftover after parsing attributes in process `syz.3.431'. [ 117.314679][ T7685] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 117.318783][ T7685] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.322474][ T7685] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 117.326307][ T7685] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.329674][ T7685] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 117.333315][ T7685] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.503583][ T7690] 9pnet_fd: Insufficient options for proto=fd [ 117.965728][ T7701] overlay: Unknown parameter '/' [ 118.126116][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 118.127347][ T5361] Bluetooth: hci2: command 0x0c1a tx timeout [ 118.277596][ T7704] Bluetooth: MGMT ver 1.23 [ 118.386571][ T7708] FAULT_INJECTION: forcing a failure. [ 118.386571][ T7708] name failslab, interval 1, probability 0, space 0, times 0 [ 118.390136][ T7708] CPU: 3 UID: 0 PID: 7708 Comm: syz.1.438 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 118.392888][ T7708] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 118.395683][ T7708] Call Trace: [ 118.396601][ T7708] [ 118.397388][ T7708] dump_stack_lvl+0x16c/0x1f0 [ 118.398644][ T7708] should_fail_ex+0x497/0x5b0 [ 118.400014][ T7708] ? fs_reclaim_acquire+0xae/0x160 [ 118.401364][ T7708] should_failslab+0xc2/0x120 [ 118.402615][ T7708] __kmalloc_noprof+0xcb/0x410 [ 118.403882][ T7708] ? __pfx___mutex_trylock_common+0x10/0x10 [ 118.405458][ T7708] ? genl_rcv_msg+0x580/0x800 [ 118.406708][ T7708] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 118.408571][ T7708] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 118.409999][ T7708] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 118.411584][ T7708] ? bpf_lsm_capable+0x9/0x10 [ 118.412841][ T7708] ? security_capable+0x7e/0x260 [ 118.414459][ T7708] genl_rcv_msg+0x565/0x800 [ 118.416075][ T7708] ? __pfx_genl_rcv_msg+0x10/0x10 [ 118.417805][ T7708] ? __pfx_nfc_genl_dev_up+0x10/0x10 [ 118.419617][ T7708] ? __pfx___lock_acquire+0x10/0x10 [ 118.421406][ T7708] netlink_rcv_skb+0x165/0x410 [ 118.423122][ T7708] ? __pfx_genl_rcv_msg+0x10/0x10 [ 118.424881][ T7708] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 118.426620][ T7708] ? down_read+0xc9/0x330 [ 118.427785][ T7708] ? __pfx_down_read+0x10/0x10 [ 118.429085][ T7708] ? netlink_deliver_tap+0x1ae/0xcf0 [ 118.430487][ T7708] genl_rcv+0x28/0x40 [ 118.431556][ T7708] netlink_unicast+0x53c/0x7f0 [ 118.432856][ T7708] ? __pfx_netlink_unicast+0x10/0x10 [ 118.434257][ T7708] ? __phys_addr_symbol+0x30/0x80 [ 118.435605][ T7708] ? __check_object_size+0x488/0x710 [ 118.437015][ T7708] netlink_sendmsg+0x8b8/0xd70 [ 118.438292][ T7708] ? __pfx_netlink_sendmsg+0x10/0x10 [ 118.439696][ T7708] ? lock_acquire+0x2f/0xb0 [ 118.440934][ T7708] ____sys_sendmsg+0x9ae/0xb40 [ 118.442515][ T7708] ? __pfx_____sys_sendmsg+0x10/0x10 [ 118.444311][ T7708] ? get_compat_msghdr+0x11b/0x170 [ 118.446064][ T7708] ? __pfx___lock_acquire+0x10/0x10 [ 118.447853][ T7708] ___sys_sendmsg+0x135/0x1e0 [ 118.449470][ T7708] ? __pfx____sys_sendmsg+0x10/0x10 [ 118.451129][ T7708] ? lock_acquire+0x2f/0xb0 [ 118.452695][ T7708] ? __fget_files+0x40/0x3f0 [ 118.453982][ T7708] ? fdget+0x176/0x210 [ 118.455070][ T7708] __sys_sendmsg+0x117/0x1f0 [ 118.456334][ T7708] ? __pfx___sys_sendmsg+0x10/0x10 [ 118.457703][ T7708] ? __fget_files+0x244/0x3f0 [ 118.458963][ T7708] __do_fast_syscall_32+0x73/0x120 [ 118.460350][ T7708] do_fast_syscall_32+0x32/0x80 [ 118.461649][ T7708] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 118.463327][ T7708] RIP: 0023:0xf7f81579 [ 118.464429][ T7708] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 118.469473][ T7708] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 118.471666][ T7708] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000140 [ 118.473739][ T7708] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 118.475845][ T7708] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 118.477943][ T7708] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 118.480037][ T7708] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 118.482135][ T7708] [ 118.724977][ T7721] input: syz0 as /devices/virtual/input/input8 [ 118.926736][ T5361] Bluetooth: hci0: command 0x0c1a tx timeout [ 118.929116][ T5361] Bluetooth: hci3: command 0x0c1a tx timeout [ 119.166047][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 119.181127][ T7732] netlink: 24 bytes leftover after parsing attributes in process `syz.3.444'. [ 119.635304][ T7735] netlink: 4 bytes leftover after parsing attributes in process `syz.2.445'. [ 120.206067][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 120.206229][ T5361] Bluetooth: hci2: command 0x0c1a tx timeout [ 120.876418][ T7755] overlay: Unknown parameter '/' [ 120.948273][ T7754] input: syz0 as /devices/virtual/input/input9 [ 121.006402][ T5361] Bluetooth: hci3: command 0x0c1a tx timeout [ 121.008211][ T5361] Bluetooth: hci0: command 0x0c1a tx timeout [ 121.246033][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 121.451823][ T7760] netlink: 2 bytes leftover after parsing attributes in process `syz.2.452'. [ 121.455628][ T7760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 121.459549][ T7760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.463654][ T7760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 121.468219][ T7760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.471779][ T7760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 121.475661][ T7760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.130402][ T7775] binder_alloc: 7772: binder_alloc_buf size -168 failed, no address space [ 122.133099][ T7775] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 122.286054][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 122.286184][ T5361] Bluetooth: hci2: command 0x0c1a tx timeout [ 123.054057][ T7779] ptm ptm42: ldisc open failed (-12), clearing slot 42 [ 123.086023][ T5361] Bluetooth: hci0: command 0x0c1a tx timeout [ 123.086110][ T5348] Bluetooth: hci3: command 0x0c1a tx timeout [ 123.221604][ T39] audit: type=1804 audit(1728176758.500:197): pid=7788 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.460" name="/newroot/121/file0/file0" dev="9p" ino=35922650 res=1 errno=0 [ 123.245889][ T7790] vivid-000: ================= START STATUS ================= [ 123.251583][ T7790] vivid-000: Test Pattern: 75% Colorbar [ 123.253185][ T7790] vivid-000: Fill Percentage of Frame: 100 [ 123.254703][ T7790] vivid-000: Horizontal Movement: No Movement [ 123.257584][ T7790] vivid-000: Vertical Movement: No Movement [ 123.259653][ T7790] vivid-000: OSD Text Mode: All [ 123.260967][ T7790] vivid-000: Show Border: false [ 123.262249][ T7790] vivid-000: Show Square: false [ 123.263535][ T7790] vivid-000: Sensor Flipped Horizontally: false [ 123.265210][ T7790] vivid-000: Sensor Flipped Vertically: false [ 123.266863][ T7790] vivid-000: Insert SAV Code in Image: false [ 123.268687][ T7790] vivid-000: Insert EAV Code in Image: false [ 123.270077][ T7790] vivid-000: Insert Video Guard Band: false [ 123.271619][ T7790] vivid-000: Reduced Framerate: false [ 123.273056][ T7790] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator [ 123.275053][ T7790] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator [ 123.277924][ T7790] vivid-000: Enable Capture Cropping: true grabbed [ 123.279657][ T7790] vivid-000: Enable Capture Composing: true grabbed [ 123.281404][ T7790] vivid-000: Enable Capture Scaler: true grabbed [ 123.283111][ T7790] vivid-000: Timestamp Source: End of Frame [ 123.284668][ T7790] vivid-000: Colorspace: sRGB [ 123.289042][ T7790] vivid-000: Transfer Function: Default [ 123.290553][ T7790] vivid-000: Y'CbCr Encoding: Default [ 123.292025][ T7790] vivid-000: HSV Encoding: Hue 0-179 [ 123.293420][ T7790] vivid-000: Quantization: Default [ 123.294896][ T7790] vivid-000: Apply Alpha To Red Only: false [ 123.298527][ T7790] vivid-000: Standard Aspect Ratio: 4x3 [ 123.300973][ T7790] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 123.303390][ T7790] vivid-000: DV Timings: 640x480p59 inactive [ 123.304984][ T7790] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 123.307342][ T7790] vivid-000: Maximum EDID Blocks: 2 [ 123.308728][ T7790] vivid-000: Limited RGB Range (16-235): false [ 123.310345][ T7790] vivid-000: Rx RGB Quantization Range: Automatic [ 123.312011][ T7790] vivid-000: Power Present: 0x00000001 [ 123.313429][ T7790] tpg source WxH: 320x180 (R'G'B) [ 123.314741][ T7790] tpg field: 1 [ 123.315653][ T7790] tpg crop: 320x180@0x0 [ 123.316899][ T7790] tpg compose: 320x180@0x0 [ 123.318080][ T7790] tpg colorspace: 8 [ 123.319095][ T7790] tpg transfer function: 0/2 [ 123.323203][ T7790] tpg quantization: 0/1 [ 123.324318][ T7790] tpg RGB range: 0/2 [ 123.325361][ T7790] vivid-000: ================== END STATUS ================== [ 123.327414][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 123.370132][ T7790] binder: 7789:7790 ioctl c018620c 20000140 returned -22 [ 123.499663][ T7801] overlay: Unknown parameter '/' [ 124.075284][ T7815] overlay: Unknown parameter '/' [ 124.366036][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 124.955690][ T7822] netlink: 44 bytes leftover after parsing attributes in process `syz.1.467'. [ 124.958403][ T7822] netlink: 24 bytes leftover after parsing attributes in process `syz.1.467'. [ 124.962057][ T7822] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.966650][ T7822] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.968851][ T7822] bridge0: port 2(bridge_slave_1) entered forwarding state [ 125.166112][ T5361] Bluetooth: hci3: command 0x0c1a tx timeout [ 125.266357][ T7837] netlink: 2 bytes leftover after parsing attributes in process `syz.1.471'. [ 125.271917][ T7837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 125.274636][ T7837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 125.285788][ T7837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 125.290210][ T7837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 125.292490][ T7834] tmpfs: Bad value for 'uid' [ 125.292803][ T7837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 125.292815][ T7837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 125.300600][ T7834] tmpfs: Bad value for 'uid' [ 125.406104][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 125.808871][ T7858] overlay: Unknown parameter '/' [ 126.456050][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 126.986101][ T6687] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 127.128417][ T6687] usb 5-1: device descriptor read/64, error -71 [ 127.366256][ T6687] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 127.486082][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 127.506430][ T6687] usb 5-1: device descriptor read/64, error -71 [ 127.530707][ T7875] netlink: 20 bytes leftover after parsing attributes in process `syz.1.485'. [ 127.586910][ T5348] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 127.591654][ T5348] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 127.596424][ T5348] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 127.604012][ T5348] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 127.608601][ T5348] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 127.612717][ T5348] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 127.629688][ T6687] usb usb5-port1: attempt power cycle [ 127.723919][ T7876] chnl_net:caif_netlink_parms(): no params data found [ 127.853323][ T7876] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.855327][ T7876] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.857955][ T7876] bridge_slave_0: entered allmulticast mode [ 127.860928][ T7876] bridge_slave_0: entered promiscuous mode [ 127.882323][ T7876] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.886039][ T7876] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.888205][ T7876] bridge_slave_1: entered allmulticast mode [ 127.890568][ T7876] bridge_slave_1: entered promiscuous mode [ 127.926865][ T7876] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 127.930445][ T7876] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 127.976670][ T7876] team0: Port device team_slave_0 added [ 127.981185][ T7876] team0: Port device team_slave_1 added [ 127.996226][ T6687] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 128.011569][ T7876] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 128.013441][ T7876] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 128.021561][ T7876] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 128.027659][ T6687] usb 5-1: device descriptor read/8, error -71 [ 128.029857][ T7876] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 128.031705][ T7876] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 128.039433][ T7876] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 128.144307][ T7876] hsr_slave_0: entered promiscuous mode [ 128.152708][ T7876] hsr_slave_1: entered promiscuous mode [ 128.159507][ T7876] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 128.162225][ T7876] Cannot create hsr debugfs directory [ 128.266184][ T6687] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 128.286975][ T6687] usb 5-1: device descriptor read/8, error -71 [ 128.399183][ T6687] usb usb5-port1: unable to enumerate USB device [ 128.477400][ T7876] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.536080][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 128.609063][ T7876] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.703216][ T7876] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.758234][ T7876] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.839986][ T7876] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 128.843231][ T7876] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 128.847654][ T7876] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 128.853829][ T7876] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 128.884192][ T7876] 8021q: adding VLAN 0 to HW filter on device bond0 [ 128.903526][ T7876] 8021q: adding VLAN 0 to HW filter on device team0 [ 128.911351][ T1099] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.913982][ T1099] bridge0: port 1(bridge_slave_0) entered forwarding state [ 128.921490][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.924196][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 129.061177][ T7876] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 129.087673][ T7876] veth0_vlan: entered promiscuous mode [ 129.091942][ T7876] veth1_vlan: entered promiscuous mode [ 129.105476][ T7876] veth0_macvtap: entered promiscuous mode [ 129.109911][ T7876] veth1_macvtap: entered promiscuous mode [ 129.116552][ T7876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.120259][ T7876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.123716][ T7876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.127560][ T7876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.131036][ T7876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.134726][ T7876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.138357][ T7876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.142066][ T7876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.146834][ T7876] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 129.156492][ T7876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.160001][ T7876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.163472][ T7876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.167368][ T7876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.170876][ T7876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.174599][ T7876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.179900][ T7876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.185497][ T7876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.194300][ T7876] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 129.201751][ T7876] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.204940][ T7876] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.208540][ T7876] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.211685][ T7876] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.274880][ T1099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.278593][ T1099] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.311312][ T1103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.314644][ T1103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.449477][ T7916] netlink: 24 bytes leftover after parsing attributes in process `syz.2.489'. [ 129.566055][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 129.656132][ T5361] Bluetooth: hci1: command tx timeout [ 129.837110][ T7927] netlink: 24 bytes leftover after parsing attributes in process `syz.3.490'. [ 130.032904][ T7929] netlink: 2 bytes leftover after parsing attributes in process `syz.0.492'. [ 130.038250][ T7929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.041090][ T7929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.043884][ T7929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.047333][ T7929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.049938][ T7929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.052805][ T7929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.055319][ T7929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.059218][ T7929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.615999][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 131.539835][ T7958] overlay: Unknown parameter '/' [ 131.646028][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 131.726109][ T5361] Bluetooth: hci1: command tx timeout [ 131.740884][ T7964] overlay: Unknown parameter '/' [ 132.225529][ T1375] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.246594][ T1375] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.592407][ T7973] overlay: Unknown parameter '/' [ 132.686041][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 132.701804][ T7974] netlink: 24 bytes leftover after parsing attributes in process `syz.1.501'. [ 133.591172][ T7986] netlink: 2 bytes leftover after parsing attributes in process `syz.3.505'. [ 133.593765][ T7986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 133.596889][ T7986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.599509][ T7986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 133.608571][ T7986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.611010][ T7986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 133.613690][ T7986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.617148][ T7986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 133.620409][ T7986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.624357][ T7986] batadv_slave_1: entered promiscuous mode [ 133.726009][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 133.780196][ T5361] Bluetooth: hci2: unexpected event for opcode 0xff00 [ 133.806025][ T5361] Bluetooth: hci1: command tx timeout [ 133.853785][ T8003] sg_write: data in/out 92/98 bytes for SCSI command 0x0-- guessing data in; [ 133.853785][ T8003] program syz.1.509 not setting count and/or reply_len properly [ 133.934444][ T8009] overlay: Unknown parameter '/' [ 134.766052][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 134.933070][ T8020] netlink: 24 bytes leftover after parsing attributes in process `syz.2.511'. [ 135.055570][ T8021] netlink: 24 bytes leftover after parsing attributes in process `syz.1.512'. [ 135.476776][ T8031] overlay: Unknown parameter '/' [ 135.816031][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 135.886095][ T5361] Bluetooth: hci1: command tx timeout [ 136.041959][ T8051] input: syz1 as /devices/virtual/input/input10 [ 136.857567][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 137.809038][ T5348] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 137.811361][ T5348] Bluetooth: hci2: Injecting HCI hardware error event [ 137.814283][ T5348] Bluetooth: hci2: hardware error 0x00 [ 137.849643][ T8117] tmpfs: Bad value for 'mpol' [ 137.880519][ T8120] overlay: Unknown parameter '/' [ 137.896023][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 138.046078][ T4773] Bluetooth: hci1: command 0x0405 tx timeout [ 138.926095][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 139.661199][ T8160] netlink: 44 bytes leftover after parsing attributes in process `syz.1.540'. [ 139.664660][ T8160] netlink: 24 bytes leftover after parsing attributes in process `syz.1.540'. [ 139.668698][ T8160] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.671815][ T8160] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.674544][ T8160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 139.678682][ T8163] netlink: 12 bytes leftover after parsing attributes in process `syz.0.541'. [ 139.743814][ T8166] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 139.823564][ T8181] bridge1: entered promiscuous mode [ 139.825066][ T8181] bridge1: entered allmulticast mode [ 139.871304][ T39] audit: type=1326 audit(1728176775.150:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8180 comm="syz.1.547" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 139.873550][ T8181] netlink: 4 bytes leftover after parsing attributes in process `syz.1.547'. [ 139.880624][ T39] audit: type=1326 audit(1728176775.150:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8180 comm="syz.1.547" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 139.880651][ T39] audit: type=1326 audit(1728176775.150:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8180 comm="syz.1.547" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 139.880668][ T39] audit: type=1326 audit(1728176775.150:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8180 comm="syz.1.547" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 139.880684][ T39] audit: type=1326 audit(1728176775.150:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8180 comm="syz.1.547" exe="/syz-executor" sig=0 arch=40000003 syscall=333 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 139.880701][ T39] audit: type=1326 audit(1728176775.150:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8180 comm="syz.1.547" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 139.880717][ T39] audit: type=1326 audit(1728176775.150:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8180 comm="syz.1.547" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 139.880733][ T39] audit: type=1326 audit(1728176775.150:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8180 comm="syz.1.547" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 139.880947][ T39] audit: type=1326 audit(1728176775.150:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8180 comm="syz.1.547" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 139.909203][ T5348] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 139.911085][ T39] audit: type=1326 audit(1728176775.150:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8180 comm="syz.1.547" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 139.917576][ T8181] netlink: 876 bytes leftover after parsing attributes in process `syz.1.547'. [ 139.966052][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 140.118918][ T8182] overlay: Unknown parameter '/' [ 140.275246][ T8202] netlink: 24 bytes leftover after parsing attributes in process `syz.3.548'. [ 140.446624][ T5393] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 140.596049][ T5393] usb 5-1: Using ep0 maxpacket: 16 [ 140.601222][ T5393] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 140.604940][ T5393] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 140.607973][ T5393] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.616668][ T5393] usb 5-1: config 0 descriptor?? [ 141.005996][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 142.046051][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 142.740341][ T8247] overlay: Unknown parameter '/' [ 143.076853][ T5393] usbhid 5-1:0.0: can't add hid device: -71 [ 143.078517][ T5393] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 143.083543][ T5393] usb 5-1: USB disconnect, device number 6 [ 143.086654][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 143.353581][ T8281] openvswitch: netlink: Missing valid actions attribute. [ 143.355490][ T8281] openvswitch: netlink: Actions may not be safe on all matching packets [ 143.384869][ T8284] netlink: 2 bytes leftover after parsing attributes in process `syz.1.565'. [ 143.388209][ T8284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.390855][ T8284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.395760][ T8284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.404785][ T8284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.410235][ T8284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.413009][ T8284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.415569][ T8284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.419107][ T8284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.702663][ T8299] netlink: 24 bytes leftover after parsing attributes in process `syz.0.566'. [ 144.126023][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 144.140209][ T8304] netlink: 24 bytes leftover after parsing attributes in process `syz.3.568'. [ 144.465286][ T8310] netlink: 4 bytes leftover after parsing attributes in process `syz.0.571'. [ 144.472685][ T8310] netlink: 4 bytes leftover after parsing attributes in process `syz.0.571'. [ 144.657681][ T5348] Bluetooth: unknown link type 32 [ 144.659498][ T5348] Bluetooth: hci0: connection err: -111 [ 144.726165][ T8328] netlink: 8 bytes leftover after parsing attributes in process `syz.0.572'. [ 144.992611][ T8348] overlay: Unknown parameter '/' [ 145.166016][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 145.851561][ T8360] warning: `syz.2.579' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 146.043729][ T8367] netlink: 24 bytes leftover after parsing attributes in process `syz.3.577'. [ 146.206028][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 146.317502][ T8377] netlink: 24 bytes leftover after parsing attributes in process `syz.1.581'. [ 146.326617][ T8378] 9pnet_fd: Insufficient options for proto=fd [ 146.350852][ T8378] FAULT_INJECTION: forcing a failure. [ 146.350852][ T8378] name failslab, interval 1, probability 0, space 0, times 0 [ 146.372749][ T8378] CPU: 3 UID: 0 PID: 8378 Comm: syz.2.582 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 146.376525][ T8378] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 146.379968][ T8378] Call Trace: [ 146.381048][ T8378] [ 146.381986][ T8378] dump_stack_lvl+0x16c/0x1f0 [ 146.383513][ T8378] should_fail_ex+0x497/0x5b0 [ 146.385139][ T8378] ? fs_reclaim_acquire+0xae/0x160 [ 146.387200][ T8378] should_failslab+0xc2/0x120 [ 146.388928][ T8378] kmem_cache_alloc_node_noprof+0x71/0x310 [ 146.390736][ T8378] ? alloc_unbound_pwq+0x3ff/0xe10 [ 146.392158][ T8378] alloc_unbound_pwq+0x3ff/0xe10 [ 146.393456][ T8378] apply_wqattrs_prepare+0x3af/0xbd0 [ 146.394848][ T8378] apply_workqueue_attrs_locked+0x64/0xe0 [ 146.396351][ T8378] __alloc_workqueue+0xf34/0x1810 [ 146.397655][ T8378] alloc_workqueue+0xd3/0x200 [ 146.398847][ T8378] ? __pfx_alloc_workqueue+0x10/0x10 [ 146.400240][ T8378] hci_register_dev+0x1cf/0xc60 [ 146.401516][ T8378] hci_uart_tty_ioctl+0x7d0/0xc10 [ 146.402964][ T8378] ? __pfx_hci_uart_tty_ioctl+0x10/0x10 [ 146.404444][ T8378] tty_compat_ioctl+0x381/0x4d0 [ 146.405908][ T8378] ? __pfx_tty_compat_ioctl+0x10/0x10 [ 146.407316][ T8378] __do_compat_sys_ioctl+0x259/0x2b0 [ 146.408705][ T8378] __do_fast_syscall_32+0x73/0x120 [ 146.410041][ T8378] do_fast_syscall_32+0x32/0x80 [ 146.411317][ T8378] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 146.412977][ T8378] RIP: 0023:0xf73ae579 [ 146.414057][ T8378] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 146.419231][ T8378] RSP: 002b:00000000f567556c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 146.421443][ T8378] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000400455c8 [ 146.423530][ T8378] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 146.425600][ T8378] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 146.427602][ T8378] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 146.429659][ T8378] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 146.431742][ T8378] [ 146.462160][ T8378] Bluetooth: Can't register HCI device [ 146.725403][ T8382] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 146.727218][ T8382] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 146.730513][ T8382] vhci_hcd vhci_hcd.0: Device attached [ 146.809569][ T39] kauditd_printk_skb: 47 callbacks suppressed [ 146.809585][ T39] audit: type=1804 audit(1728176782.090:255): pid=8387 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.584" name="/newroot/25/file0/file0" dev="9p" ino=35922650 res=1 errno=0 [ 146.966185][ T6687] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 147.007042][ T5566] usb 14-1: SetAddress Request (2) to port 0 [ 147.009431][ T5566] usb 14-1: new SuperSpeed USB device number 2 using vhci_hcd [ 147.126684][ T6687] usb 5-1: Using ep0 maxpacket: 8 [ 147.131988][ T6687] usb 5-1: New USB device found, idVendor=04b4, idProduct=0002, bcdDevice=62.0d [ 147.135324][ T6687] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.138888][ T6687] usb 5-1: Product: syz [ 147.140556][ T6687] usb 5-1: Manufacturer: syz [ 147.142441][ T6687] usb 5-1: SerialNumber: syz [ 147.145738][ T6687] usb 5-1: config 0 descriptor?? [ 147.152134][ T6687] cytherm 5-1:0.0: Cypress thermometer device now attached [ 147.233627][ T8395] overlay: Unknown parameter '/' [ 147.246055][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 147.358149][ T5382] usb 5-1: USB disconnect, device number 7 [ 147.360031][ T5382] cytherm 5-1:0.0: Cypress thermometer now disconnected [ 147.365312][ T8383] vhci_hcd: connection reset by peer [ 147.367449][ T1098] vhci_hcd: stop threads [ 147.368628][ T1098] vhci_hcd: release socket [ 147.372390][ T1098] vhci_hcd: disconnect device [ 147.416970][ T5389] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 147.570430][ T5389] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 147.573936][ T5389] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 147.578018][ T5389] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 147.583218][ T5389] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 147.587691][ T5389] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 147.590307][ T5389] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.593808][ T5389] usb 7-1: config 0 descriptor?? [ 147.849149][ T8409] netlink: 24 bytes leftover after parsing attributes in process `syz.3.590'. [ 148.002183][ T5389] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 148.018395][ T5389] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 148.085688][ T5348] Bluetooth: hci3: unexpected event for opcode 0x0c23 [ 148.286064][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 148.307141][ T45] wlan1: Trigger new scan to find an IBSS to join [ 148.376045][ T8424] netlink: 24 bytes leftover after parsing attributes in process `syz.0.592'. [ 148.886167][ T8] usb 7-1: USB disconnect, device number 2 [ 149.284654][ T8440] netlink: 2 bytes leftover after parsing attributes in process `syz.0.598'. [ 149.287375][ T8440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.290111][ T8440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.292637][ T8440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.298704][ T8440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.301258][ T8440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.304295][ T8440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.308441][ T8440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.311137][ T8440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.326041][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 149.492842][ T8443] xt_CT: You must specify a L4 protocol and not use inversions on it [ 149.502284][ T8443] netlink: 12 bytes leftover after parsing attributes in process `syz.2.599'. [ 149.634957][ T8451] netlink: 44 bytes leftover after parsing attributes in process `syz.2.601'. [ 149.635049][ T8448] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 149.639133][ T8448] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 149.645384][ T8448] vhci_hcd vhci_hcd.0: Device attached [ 149.886104][ T63] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 149.906168][ T6687] usb 16-1: SetAddress Request (6) to port 0 [ 149.907810][ T6687] usb 16-1: new SuperSpeed USB device number 6 using vhci_hcd [ 150.036066][ T63] usb 6-1: Using ep0 maxpacket: 8 [ 150.050133][ T63] usb 6-1: New USB device found, idVendor=04b4, idProduct=0002, bcdDevice=62.0d [ 150.052523][ T63] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.054584][ T63] usb 6-1: Product: syz [ 150.055706][ T63] usb 6-1: Manufacturer: syz [ 150.066001][ T63] usb 6-1: SerialNumber: syz [ 150.069346][ T63] usb 6-1: config 0 descriptor?? [ 150.074431][ T63] cytherm 6-1:0.0: Cypress thermometer device now attached [ 150.283428][ T5409] usb 6-1: USB disconnect, device number 12 [ 150.285310][ T5409] cytherm 6-1:0.0: Cypress thermometer now disconnected [ 150.298814][ T8450] vhci_hcd: connection reset by peer [ 150.304265][ T1099] vhci_hcd: stop threads [ 150.307500][ T1099] vhci_hcd: release socket [ 150.309112][ T1099] vhci_hcd: disconnect device [ 150.376029][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 151.007250][ T8484] netlink: 24 bytes leftover after parsing attributes in process `syz.0.607'. [ 151.052067][ T8493] netlink: 44 bytes leftover after parsing attributes in process `syz.1.610'. [ 151.406214][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 151.434181][ T8518] netlink: 2 bytes leftover after parsing attributes in process `syz.2.615'. [ 151.452981][ T8518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 151.464862][ T8518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.474109][ T8518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 151.483730][ T8518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.486651][ T8518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 151.506119][ T8518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.508718][ T8518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 151.511572][ T8518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.771135][ T8527] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 151.773453][ T8527] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 151.796096][ T8527] vhci_hcd vhci_hcd.0: Device attached [ 151.799404][ T8528] vhci_hcd: cannot find a urb of seqnum 0 max seqnum 1 [ 151.801767][ T65] vhci_hcd: stop threads [ 151.803351][ T65] vhci_hcd: release socket [ 151.805055][ T65] vhci_hcd: disconnect device [ 152.058212][ T5566] usb 14-1: device descriptor read/8, error -110 [ 152.446014][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 152.446357][ T5566] usb usb14-port1: attempt power cycle [ 152.518482][ T8535] openvswitch: netlink: Missing valid actions attribute. [ 152.520989][ T8535] openvswitch: netlink: Actions may not be safe on all matching packets [ 152.562592][ T8537] netlink: 44 bytes leftover after parsing attributes in process `syz.0.620'. [ 152.647491][ T8542] overlayfs: failed to resolve './file0': -2 [ 153.006660][ T8557] overlay: Unknown parameter '/' [ 153.036418][ T5566] usb usb14-port1: unable to enumerate USB device [ 153.060238][ T8558] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 153.062649][ T8558] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 153.066764][ T8558] vhci_hcd vhci_hcd.0: Device attached [ 153.096098][ T8559] vhci_hcd: cannot find a urb of seqnum 0 max seqnum 2 [ 153.101262][ T45] vhci_hcd: stop threads [ 153.102756][ T45] vhci_hcd: release socket [ 153.104385][ T45] vhci_hcd: disconnect device [ 153.166791][ T11] wlan1: Trigger new scan to find an IBSS to join [ 153.486269][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 153.802171][ T8581] 9pnet_fd: Insufficient options for proto=fd [ 153.869648][ T5389] kernel write not supported for file bpf-prog (pid: 5389 comm: kworker/2:3) [ 154.184580][ T11] wlan1: Creating new IBSS network, BSSID ca:d8:cc:5e:12:9c [ 154.268679][ T8594] program syz.3.634 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 154.323165][ T5389] hid-generic 0000:1000000:0000.0004: unknown main item tag 0x0 [ 154.330150][ T5389] hid-generic 0000:1000000:0000.0004: unknown main item tag 0x0 [ 154.333324][ T5389] hid-generic 0000:1000000:0000.0004: unknown main item tag 0x0 [ 154.340618][ T5389] hid-generic 0000:1000000:0000.0004: unknown main item tag 0x0 [ 154.345894][ T5389] hid-generic 0000:1000000:0000.0004: unknown main item tag 0x0 [ 154.351215][ T5389] hid-generic 0000:1000000:0000.0004: unknown main item tag 0x0 [ 154.353324][ T5389] hid-generic 0000:1000000:0000.0004: unknown main item tag 0x0 [ 154.355691][ T5389] hid-generic 0000:1000000:0000.0004: unknown main item tag 0x0 [ 154.360379][ T5389] hid-generic 0000:1000000:0000.0004: unknown main item tag 0x0 [ 154.362524][ T5389] hid-generic 0000:1000000:0000.0004: unknown main item tag 0x0 [ 154.364861][ T5389] hid-generic 0000:1000000:0000.0004: unknown main item tag 0x0 [ 154.367451][ T5389] hid-generic 0000:1000000:0000.0004: unknown main item tag 0x0 [ 154.369539][ T5389] hid-generic 0000:1000000:0000.0004: unknown main item tag 0x0 [ 154.371765][ T5389] hid-generic 0000:1000000:0000.0004: unknown main item tag 0x0 [ 154.373863][ T5389] hid-generic 0000:1000000:0000.0004: unknown main item tag 0x0 [ 154.376413][ T5389] hid-generic 0000:1000000:0000.0004: unknown main item tag 0x0 [ 154.378508][ T5389] hid-generic 0000:1000000:0000.0004: unknown main item tag 0x0 [ 154.380629][ T5389] hid-generic 0000:1000000:0000.0004: unknown main item tag 0x0 [ 154.382740][ T5389] hid-generic 0000:1000000:0000.0004: unknown main item tag 0x0 [ 154.384814][ T5389] hid-generic 0000:1000000:0000.0004: unknown main item tag 0x0 [ 154.387486][ T5389] hid-generic 0000:1000000:0000.0004: unknown main item tag 0x0 [ 154.394337][ T5389] hid-generic 0000:1000000:0000.0004: hidraw0: HID v0.00 Device [syz0] on syz1 [ 154.526039][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 155.006104][ T6687] usb 16-1: device descriptor read/8, error -110 [ 155.417154][ T6687] usb usb16-port1: attempt power cycle [ 155.566091][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 156.016467][ T6687] usb usb16-port1: unable to enumerate USB device [ 156.211092][ T8658] netlink: 44 bytes leftover after parsing attributes in process `syz.1.651'. [ 156.219851][ T8658] netlink: 24 bytes leftover after parsing attributes in process `syz.1.651'. [ 156.229417][ T8658] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.232418][ T8658] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.234275][ T8658] bridge0: port 2(bridge_slave_1) entered forwarding state [ 156.606022][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 156.786081][ T8679] netlink: 24 bytes leftover after parsing attributes in process `syz.1.652'. [ 156.946960][ T8684] netlink: 2 bytes leftover after parsing attributes in process `syz.0.654'. [ 156.949547][ T8684] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.952364][ T8684] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.954915][ T8684] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.957815][ T8684] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.960400][ T8684] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.963148][ T8684] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.965805][ T8684] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.968636][ T8684] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.090518][ T8688] FAULT_INJECTION: forcing a failure. [ 157.090518][ T8688] name failslab, interval 1, probability 0, space 0, times 0 [ 157.094513][ T8688] CPU: 3 UID: 0 PID: 8688 Comm: syz.2.656 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 157.097673][ T8688] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 157.100629][ T8688] Call Trace: [ 157.101624][ T8688] [ 157.102454][ T8688] dump_stack_lvl+0x16c/0x1f0 [ 157.103734][ T8688] should_fail_ex+0x497/0x5b0 [ 157.104987][ T8688] ? fs_reclaim_acquire+0xae/0x160 [ 157.106345][ T8688] should_failslab+0xc2/0x120 [ 157.107617][ T8688] __kmalloc_noprof+0xcb/0x410 [ 157.109137][ T8688] ? rcu_is_watching+0x12/0xc0 [ 157.110859][ T8688] tomoyo_encode2+0x100/0x3e0 [ 157.112556][ T8688] tomoyo_realpath_from_path+0x1a7/0x710 [ 157.114559][ T8688] ? tomoyo_path_number_perm+0x232/0x5b0 [ 157.116579][ T8688] tomoyo_path_number_perm+0x245/0x5b0 [ 157.118485][ T8688] ? tomoyo_path_number_perm+0x232/0x5b0 [ 157.120504][ T8688] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 157.122659][ T8688] ? trace_lock_acquire+0x14a/0x1d0 [ 157.124532][ T8688] ? lock_acquire+0x2f/0xb0 [ 157.126155][ T8688] ? __fget_files+0x40/0x3f0 [ 157.127833][ T8688] ? __fget_files+0x244/0x3f0 [ 157.129519][ T8688] security_file_ioctl_compat+0x9b/0x240 [ 157.131530][ T8688] __do_compat_sys_ioctl+0x52/0x2b0 [ 157.133421][ T8688] __do_fast_syscall_32+0x73/0x120 [ 157.135335][ T8688] do_fast_syscall_32+0x32/0x80 [ 157.137112][ T8688] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 157.139362][ T8688] RIP: 0023:0xf73ae579 [ 157.140834][ T8688] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 157.147497][ T8688] RSP: 002b:00000000f569656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 157.150452][ T8688] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 000000000000ae80 [ 157.153281][ T8688] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 157.155896][ T8688] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 157.158040][ T8688] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 157.160799][ T8688] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 157.163616][ T8688] [ 157.164781][ C3] vkms_vblank_simulate: vblank timer overrun [ 157.167366][ T8688] ERROR: Out of memory at tomoyo_realpath_from_path. [ 157.260131][ T8695] : entered promiscuous mode [ 157.519589][ T8708] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 157.521963][ T8708] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 157.525379][ T8708] vhci_hcd vhci_hcd.0: Device attached [ 157.544680][ T8710] vhci_hcd: cannot find a urb of seqnum 0 max seqnum 0 [ 157.549091][ T45] vhci_hcd: stop threads [ 157.550317][ T45] vhci_hcd: release socket [ 157.551522][ T45] vhci_hcd: disconnect device [ 157.646070][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 157.690118][ T8717] netlink: 24 bytes leftover after parsing attributes in process `syz.2.659'. [ 157.919286][ T8720] netlink: 24 bytes leftover after parsing attributes in process `syz.1.662'. [ 158.687279][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 158.869713][ T8738] netlink: 24 bytes leftover after parsing attributes in process `syz.3.666'. [ 159.736166][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 160.086357][ T8758] netlink: 24 bytes leftover after parsing attributes in process `syz.3.672'. [ 160.543149][ T8767] netlink: 2 bytes leftover after parsing attributes in process `syz.2.674'. [ 160.549722][ T8767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 160.553246][ T8767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.556710][ T8767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 160.560181][ T8767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.563473][ T8767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 160.569954][ T8767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.573277][ T8767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 160.576872][ T8767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.765997][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 161.131182][ T8780] overlay: Unknown parameter '/dev/input/event#' [ 161.806042][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 162.846015][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 162.871371][ T8796] netlink: 24 bytes leftover after parsing attributes in process `syz.1.677'. [ 163.668586][ T8822] FAULT_INJECTION: forcing a failure. [ 163.668586][ T8822] name failslab, interval 1, probability 0, space 0, times 0 [ 163.671932][ T8822] CPU: 3 UID: 0 PID: 8822 Comm: syz.2.683 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 163.674425][ T8822] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 163.676944][ T8822] Call Trace: [ 163.677730][ T8822] [ 163.678468][ T8822] dump_stack_lvl+0x16c/0x1f0 [ 163.679946][ T8822] should_fail_ex+0x497/0x5b0 [ 163.681373][ T8822] ? fs_reclaim_acquire+0xae/0x160 [ 163.682890][ T8822] should_failslab+0xc2/0x120 [ 163.684393][ T8822] __kmalloc_cache_noprof+0x6b/0x310 [ 163.685897][ T8822] ? nfnl_err_add+0x4e/0x2d0 [ 163.687413][ T8822] nfnl_err_add+0x4e/0x2d0 [ 163.688867][ T8822] nfnetlink_rcv_batch+0xe40/0x24e0 [ 163.690193][ T8822] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 163.691528][ T8822] ? __pfx_lock_release+0x10/0x10 [ 163.692731][ T8822] ? __local_bh_enable_ip+0xa4/0x120 [ 163.693908][ T8822] ? lockdep_hardirqs_on+0x7c/0x110 [ 163.695104][ T8822] ? __pfx___dev_queue_xmit+0x10/0x10 [ 163.696389][ T8822] ? __nla_parse+0x40/0x60 [ 163.697451][ T8822] nfnetlink_rcv+0x3c3/0x430 [ 163.698617][ T8822] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 163.699843][ T8822] netlink_unicast+0x53c/0x7f0 [ 163.700948][ T8822] ? __pfx_netlink_unicast+0x10/0x10 [ 163.702127][ T8822] ? __phys_addr_symbol+0x30/0x80 [ 163.703329][ T8822] ? __check_object_size+0x4a1/0x710 [ 163.704594][ T8822] netlink_sendmsg+0x8b8/0xd70 [ 163.705731][ T8822] ? __pfx_netlink_sendmsg+0x10/0x10 [ 163.706986][ T8822] ? lock_acquire+0x2f/0xb0 [ 163.708076][ T8822] ____sys_sendmsg+0x9ae/0xb40 [ 163.709245][ T8822] ? __pfx_____sys_sendmsg+0x10/0x10 [ 163.710489][ T8822] ? get_compat_msghdr+0x11b/0x170 [ 163.711710][ T8822] ? __pfx___lock_acquire+0x10/0x10 [ 163.712948][ T8822] ___sys_sendmsg+0x135/0x1e0 [ 163.714062][ T8822] ? __pfx____sys_sendmsg+0x10/0x10 [ 163.715301][ T8822] ? lock_acquire+0x2f/0xb0 [ 163.716397][ T8822] ? __fget_files+0x40/0x3f0 [ 163.717497][ T8822] ? fdget+0x176/0x210 [ 163.718544][ T8822] __sys_sendmsg+0x117/0x1f0 [ 163.719637][ T8822] ? __pfx___sys_sendmsg+0x10/0x10 [ 163.720827][ T8822] ? __fget_files+0x244/0x3f0 [ 163.721886][ T8822] __do_fast_syscall_32+0x73/0x120 [ 163.723054][ T8822] do_fast_syscall_32+0x32/0x80 [ 163.724157][ T8822] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 163.725552][ T8822] RIP: 0023:0xf73ae579 [ 163.726506][ T8822] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 163.731190][ T8822] RSP: 002b:00000000f569656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 163.733107][ T8822] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000002000c2c0 [ 163.734884][ T8822] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 163.736662][ T8822] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 163.738506][ T8822] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 163.740315][ T8822] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 163.742080][ T8822] [ 163.886024][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 164.486475][ T8857] netlink: 24 bytes leftover after parsing attributes in process `syz.3.690'. [ 164.936049][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 164.969762][ T8868] netlink: 28 bytes leftover after parsing attributes in process `syz.2.693'. [ 165.241113][ T8873] overlay: Unknown parameter '/dev/input/event#' [ 165.628078][ T8886] netlink: 24 bytes leftover after parsing attributes in process `syz.0.696'. [ 165.966031][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 167.006027][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 168.046855][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 168.500032][ T8944] netlink: 24 bytes leftover after parsing attributes in process `syz.3.707'. [ 169.096008][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 169.183415][ T8955] netlink: 4 bytes leftover after parsing attributes in process `syz.1.709'. [ 169.201966][ T8957] ======================================================= [ 169.201966][ T8957] WARNING: The mand mount option has been deprecated and [ 169.201966][ T8957] and is ignored by this kernel. Remove the mand [ 169.201966][ T8957] option from the mount to silence this warning. [ 169.201966][ T8957] ======================================================= [ 169.224811][ T8957] wg2: entered allmulticast mode [ 169.240765][ T8958] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 169.242491][ T8958] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 169.244674][ T8958] vhci_hcd vhci_hcd.0: Device attached [ 169.496006][ T5389] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 169.516361][ T5382] usb 20-1: SetAddress Request (2) to port 0 [ 169.518326][ T5382] usb 20-1: new SuperSpeed USB device number 2 using vhci_hcd [ 169.646016][ T5389] usb 8-1: Using ep0 maxpacket: 8 [ 169.665724][ T5389] usb 8-1: New USB device found, idVendor=04b4, idProduct=0002, bcdDevice=62.0d [ 169.668089][ T5389] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.670144][ T5389] usb 8-1: Product: syz [ 169.671240][ T5389] usb 8-1: Manufacturer: syz [ 169.672476][ T5389] usb 8-1: SerialNumber: syz [ 169.674999][ T5389] usb 8-1: config 0 descriptor?? [ 169.679027][ T5389] cytherm 8-1:0.0: Cypress thermometer device now attached [ 169.918176][ T8959] vhci_hcd: cannot find a urb of seqnum 0 max seqnum 1 [ 169.921332][ T6687] usb 8-1: USB disconnect, device number 6 [ 169.923922][ T6687] cytherm 8-1:0.0: Cypress thermometer now disconnected [ 169.929985][ T12] vhci_hcd: stop threads [ 169.931555][ T12] vhci_hcd: release socket [ 169.935694][ T12] vhci_hcd: disconnect device [ 170.042387][ T8986] netlink: 24 bytes leftover after parsing attributes in process `syz.1.715'. [ 170.126120][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 170.840107][ T9004] netlink: 24 bytes leftover after parsing attributes in process `syz.3.719'. [ 171.176015][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 171.552991][ T9028] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 171.554887][ T9028] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 171.573896][ T9028] vhci_hcd vhci_hcd.0: Device attached [ 171.674389][ T9040] overlay: Unknown parameter '/' [ 171.846927][ T5389] usb 16-1: SetAddress Request (10) to port 0 [ 171.848770][ T5389] usb 16-1: new SuperSpeed USB device number 10 using vhci_hcd [ 171.851617][ T5390] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 172.015663][ T9051] binder: 9050:9051 ioctl c00c620f 20000340 returned -22 [ 172.022141][ T5390] usb 6-1: Using ep0 maxpacket: 8 [ 172.026861][ T5390] usb 6-1: New USB device found, idVendor=04b4, idProduct=0002, bcdDevice=62.0d [ 172.029339][ T5390] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.031371][ T5390] usb 6-1: Product: syz [ 172.032462][ T5390] usb 6-1: Manufacturer: syz [ 172.033656][ T5390] usb 6-1: SerialNumber: syz [ 172.038846][ T5390] usb 6-1: config 0 descriptor?? [ 172.043385][ T5390] cytherm 6-1:0.0: Cypress thermometer device now attached [ 172.050568][ T9051] tap0: tun_chr_ioctl cmd 1074025678 [ 172.052011][ T9051] tap0: group set to 0 [ 172.206284][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 172.287188][ T6687] usb 6-1: USB disconnect, device number 13 [ 172.289197][ T6687] cytherm 6-1:0.0: Cypress thermometer now disconnected [ 172.290009][ T9029] vhci_hcd: cannot find a urb of seqnum 0 max seqnum 3 [ 172.296466][ T65] vhci_hcd: stop threads [ 172.297984][ T65] vhci_hcd: release socket [ 172.306648][ T65] vhci_hcd: disconnect device [ 172.453627][ T9067] netlink: 24 bytes leftover after parsing attributes in process `syz.2.728'. [ 172.736041][ T9] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 172.862655][ T9075] overlay: Unknown parameter '/' [ 173.030435][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 173.033406][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 173.037240][ T9] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 173.041688][ T9] usb 8-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00 [ 173.046375][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.052993][ T9] usb 8-1: config 0 descriptor?? [ 173.256065][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 173.421484][ T9096] netlink: 24 bytes leftover after parsing attributes in process `syz.2.733'. [ 173.596177][ T7168] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 173.604984][ T9] hid-udraw 0003:20D6:CB17.0005: unknown main item tag 0x0 [ 173.609185][ T9] input: THQ uDraw Game Tablet for PS3 Joypad as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/0003:20D6:CB17.0005/input/input11 [ 173.616891][ T9] input: THQ uDraw Game Tablet for PS3 Touchpad as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/0003:20D6:CB17.0005/input/input12 [ 173.623677][ T9] input: THQ uDraw Game Tablet for PS3 Pen as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/0003:20D6:CB17.0005/input/input13 [ 173.630693][ T9] input: THQ uDraw Game Tablet for PS3 Accelerometer as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/0003:20D6:CB17.0005/input/input14 [ 173.678149][ T9] hid-udraw 0003:20D6:CB17.0005: hidraw0: USB HID v0.00 Device [HID 20d6:cb17] on usb-dummy_hcd.3-1/input0 [ 173.767888][ T7168] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 173.770941][ T7168] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 173.774433][ T7168] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 173.778128][ T7168] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 173.782042][ T7168] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 173.789123][ T7168] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 173.792293][ T7168] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 173.795170][ T7168] usb 6-1: Product: syz [ 173.796891][ T7168] usb 6-1: Manufacturer: syz [ 173.800424][ C3] ata1: illegal qc_active transition (00000000->08000000) [ 173.805790][ T7168] cdc_wdm 6-1:1.0: skipping garbage [ 173.807849][ T7168] cdc_wdm 6-1:1.0: skipping garbage [ 173.810995][ T7168] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 173.813122][ T7168] cdc_wdm 6-1:1.0: Unknown control protocol [ 173.909512][ T5391] usb 8-1: USB disconnect, device number 7 [ 174.118790][ T1067] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300) [ 174.125252][ T1067] ata1.00: configured for UDMA/100 [ 174.220211][ T9094] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 174.226983][ T9094] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 174.244684][ T5390] usb 6-1: USB disconnect, device number 14 [ 174.286059][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 174.550142][ T9118] overlay: Unknown parameter '/' [ 174.606070][ T5382] usb 20-1: device descriptor read/8, error -110 [ 174.808058][ T9126] xt_CT: You must specify a L4 protocol and not use inversions on it [ 174.823667][ T9126] netlink: 12 bytes leftover after parsing attributes in process `syz.0.740'. [ 175.006661][ T5382] usb usb20-port1: attempt power cycle [ 175.306106][ T9148] overlay: Unknown parameter '/dev/input/event#' [ 175.335999][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 175.498245][ T9155] netlink: 24 bytes leftover after parsing attributes in process `syz.0.745'. [ 175.722477][ T5382] usb usb20-port1: unable to enumerate USB device [ 175.934905][ T9165] netlink: 2 bytes leftover after parsing attributes in process `syz.3.748'. [ 175.939735][ T9165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.943456][ T9165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.947880][ T9165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.951680][ T9165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.954616][ T9165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.958994][ T9165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.962712][ T9165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.967951][ T9165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.376056][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 176.936061][ T5389] usb 16-1: device descriptor read/8, error -110 [ 177.346614][ T5389] usb usb16-port1: attempt power cycle [ 177.406025][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 177.702793][ T39] audit: type=1804 audit(1728176812.980:256): pid=9180 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.751" name="/newroot/201/file0/file0" dev="9p" ino=35922650 res=1 errno=0 [ 177.818368][ T9194] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 177.820138][ T9194] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 177.834434][ T9194] vhci_hcd vhci_hcd.0: Device attached [ 177.938072][ T39] audit: type=1326 audit(1728176813.210:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.0.758" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 177.966182][ T5389] usb 16-1: SetAddress Request (13) to port 0 [ 177.968029][ T5389] usb 16-1: new SuperSpeed USB device number 13 using vhci_hcd [ 177.993884][ T9212] overlay: Unknown parameter '/' [ 178.012941][ T39] audit: type=1326 audit(1728176813.210:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.0.758" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 178.047343][ T39] audit: type=1326 audit(1728176813.210:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.0.758" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 178.053248][ T39] audit: type=1326 audit(1728176813.210:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.0.758" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 178.061051][ T39] audit: type=1326 audit(1728176813.210:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.0.758" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 178.069003][ T9213] overlayfs: conflicting lowerdir path [ 178.071076][ T39] audit: type=1326 audit(1728176813.210:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.0.758" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 178.076878][ T5390] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 178.081931][ T39] audit: type=1326 audit(1728176813.210:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.0.758" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 178.091848][ T39] audit: type=1326 audit(1728176813.210:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.0.758" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 178.101972][ T39] audit: type=1326 audit(1728176813.220:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.0.758" exe="/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 178.226047][ T5390] usb 6-1: Using ep0 maxpacket: 8 [ 178.230119][ T5390] usb 6-1: New USB device found, idVendor=04b4, idProduct=0002, bcdDevice=62.0d [ 178.232481][ T5390] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.234672][ T5390] usb 6-1: Product: syz [ 178.235799][ T5390] usb 6-1: Manufacturer: syz [ 178.244799][ T5390] usb 6-1: SerialNumber: syz [ 178.247127][ T5390] usb 6-1: config 0 descriptor?? [ 178.250290][ T5390] cytherm 6-1:0.0: Cypress thermometer device now attached [ 178.446032][ C2] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 178.475078][ T9195] vhci_hcd: cannot find a urb of seqnum 0 max seqnum 4 [ 178.475530][ T5390] usb 6-1: USB disconnect, device number 15 [ 178.478965][ T5390] cytherm 6-1:0.0: Cypress thermometer now disconnected [ 178.483185][ T1099] vhci_hcd: stop threads [ 178.484342][ T1099] vhci_hcd: release socket [ 178.489514][ T1099] vhci_hcd: disconnect device [ 178.718075][ T9226] netlink: 12 bytes leftover after parsing attributes in process `syz.0.762'. [ 179.097769][ T9239] netlink: 2 bytes leftover after parsing attributes in process `syz.2.769'. [ 179.101212][ T9239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 179.105021][ T9239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 179.109280][ T9239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 179.113203][ T9239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 179.117219][ T9239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 179.120926][ T9239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 179.124100][ T9239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 179.128304][ T9239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 179.136800][ T9240] ------------[ cut here ]------------ [ 179.139214][ T9240] kmem_cache of name '9p-fcall-cache' already exists [ 179.143073][ T9240] WARNING: CPU: 0 PID: 9240 at mm/slab_common.c:107 __kmem_cache_create_args+0xb0/0x3c0 [ 179.146540][ T9240] Modules linked in: [ 179.147699][ T9240] CPU: 0 UID: 0 PID: 9240 Comm: syz.1.768 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 179.152341][ T9240] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 179.155984][ T9240] RIP: 0010:__kmem_cache_create_args+0xb0/0x3c0 [ 179.158062][ T9240] Code: 98 48 3d 10 bb f1 8d 74 25 48 8b 7b 60 48 89 ee e8 c5 68 34 09 85 c0 75 e0 90 48 c7 c7 e8 1f 58 8d 48 89 ee e8 41 b1 7e ff 90 <0f> 0b 90 90 be 20 00 00 00 48 89 ef e8 4f 6a 34 09 48 85 c0 0f 85 [ 179.164281][ T9240] RSP: 0018:ffffc900073d78f0 EFLAGS: 00010286 [ 179.166496][ T9240] RAX: 0000000000000000 RBX: ffff88804898db80 RCX: ffffc9000c2b2000 [ 179.169138][ T9240] RDX: 0000000000040000 RSI: ffffffff814e28c6 RDI: 0000000000000001 [ 179.171841][ T9240] RBP: ffffffff8ca1e320 R08: 0000000000000001 R09: 0000000000000000 [ 179.174517][ T9240] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 [ 179.177293][ T9240] R13: 0000000000020018 R14: ffffc900073d79e0 R15: 0000000000020018 [ 179.179974][ T9240] FS: 0000000000000000(0000) GS:ffff88802b400000(0063) knlGS:00000000f56e5b40 [ 179.183006][ T9240] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 179.185330][ T9240] CR2: 00000000f73cbad8 CR3: 0000000020e70000 CR4: 0000000000352ef0 [ 179.188159][ T9240] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 179.190788][ T9240] DR3: 0000000001a3000e DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 179.193361][ T9240] Call Trace: [ 179.194515][ T9240] [ 179.195557][ T9240] ? __warn+0xea/0x3d0 [ 179.197041][ T9240] ? __kmem_cache_create_args+0xb0/0x3c0 [ 179.198556][ T9240] ? report_bug+0x3c0/0x580 [ 179.200137][ T9240] ? handle_bug+0x54/0xa0 [ 179.201448][ T9240] ? exc_invalid_op+0x17/0x50 [ 179.203199][ T9240] ? asm_exc_invalid_op+0x1a/0x20 [ 179.205011][ T9240] ? __warn_printk+0x1a6/0x350 [ 179.207207][ T9240] ? __kmem_cache_create_args+0xb0/0x3c0 [ 179.209037][ T9240] p9_client_create+0xe04/0x1150 [ 179.210830][ T9240] ? __pfx_p9_client_create+0x10/0x10 [ 179.212834][ T9240] ? __raw_spin_lock_init+0x3a/0x110 [ 179.214720][ T9240] v9fs_session_init+0x1f8/0x1a80 [ 179.216713][ T9240] ? __pfx_v9fs_session_init+0x10/0x10 [ 179.218304][ T9240] ? kasan_save_track+0x14/0x30 [ 179.219675][ T9240] v9fs_mount+0xc6/0xa50 [ 179.221060][ T9240] ? __pfx_v9fs_mount+0x10/0x10 [ 179.222755][ T9240] ? __pfx_v9fs_mount+0x10/0x10 [ 179.224511][ T9240] legacy_get_tree+0x109/0x220 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 179.226559][ T9240] vfs_get_tree+0x8f/0x380 [ 179.228283][ T9240] path_mount+0x6e1/0x1f10 [ 179.229532][ T9240] ? kmem_cache_free+0x152/0x4b0 [ 179.230924][ T9240] ? __pfx_path_mount+0x10/0x10 [ 179.232244][ T9240] ? putname+0x12e/0x170 [ 179.233399][ T9240] __ia32_sys_mount+0x292/0x310 [ 179.234758][ T9240] ? __pfx___ia32_sys_mount+0x10/0x10 [ 179.236364][ T9240] __do_fast_syscall_32+0x73/0x120 [ 179.237779][ T9240] do_fast_syscall_32+0x32/0x80 [ 179.239605][ T9240] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 179.241336][ T9240] RIP: 0023:0xf7f81579 [ 179.242423][ T9240] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 179.247550][ T9240] RSP: 002b:00000000f56e556c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 179.250468][ T9240] RAX: ffffffffffffffda RBX: 00000000200001c0 RCX: 0000000020000480 [ 179.252615][ T9240] RDX: 00000000200004c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 179.254641][ T9240] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 179.256910][ T9240] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 179.259014][ T9240] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 179.261258][ T9240] [ 179.262157][ T9240] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 179.264085][ T9240] CPU: 0 UID: 0 PID: 9240 Comm: syz.1.768 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 179.266791][ T9240] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 179.269831][ T9240] Call Trace: [ 179.270752][ T9240] [ 179.271555][ T9240] dump_stack_lvl+0x3d/0x1f0 [ 179.272767][ T9240] panic+0x71d/0x800 [ 179.273812][ T9240] ? __pfx_panic+0x10/0x10 [ 179.274981][ T9240] ? show_trace_log_lvl+0x29d/0x3d0 [ 179.276382][ T9240] ? __kmem_cache_create_args+0xb0/0x3c0 [ 179.277916][ T9240] check_panic_on_warn+0xab/0xb0 [ 179.279503][ T9240] __warn+0xf6/0x3d0 [ 179.280660][ T9240] ? __kmem_cache_create_args+0xb0/0x3c0 [ 179.282303][ T9240] report_bug+0x3c0/0x580 [ 179.283495][ T9240] handle_bug+0x54/0xa0 [ 179.284827][ T9240] exc_invalid_op+0x17/0x50 [ 179.286343][ T9240] asm_exc_invalid_op+0x1a/0x20 [ 179.287638][ T9240] RIP: 0010:__kmem_cache_create_args+0xb0/0x3c0 [ 179.289263][ T9240] Code: 98 48 3d 10 bb f1 8d 74 25 48 8b 7b 60 48 89 ee e8 c5 68 34 09 85 c0 75 e0 90 48 c7 c7 e8 1f 58 8d 48 89 ee e8 41 b1 7e ff 90 <0f> 0b 90 90 be 20 00 00 00 48 89 ef e8 4f 6a 34 09 48 85 c0 0f 85 [ 179.294266][ T9240] RSP: 0018:ffffc900073d78f0 EFLAGS: 00010286 [ 179.295875][ T9240] RAX: 0000000000000000 RBX: ffff88804898db80 RCX: ffffc9000c2b2000 [ 179.297965][ T9240] RDX: 0000000000040000 RSI: ffffffff814e28c6 RDI: 0000000000000001 [ 179.300015][ T9240] RBP: ffffffff8ca1e320 R08: 0000000000000001 R09: 0000000000000000 [ 179.302060][ T9240] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 [ 179.304219][ T9240] R13: 0000000000020018 R14: ffffc900073d79e0 R15: 0000000000020018 [ 179.306290][ T9240] ? __warn_printk+0x1a6/0x350 [ 179.307505][ T9240] p9_client_create+0xe04/0x1150 [ 179.308683][ T9240] ? __pfx_p9_client_create+0x10/0x10 [ 179.310066][ T9240] ? __raw_spin_lock_init+0x3a/0x110 [ 179.311446][ T9240] v9fs_session_init+0x1f8/0x1a80 [ 179.312770][ T9240] ? __pfx_v9fs_session_init+0x10/0x10 [ 179.314228][ T9240] ? kasan_save_track+0x14/0x30 [ 179.315603][ T9240] v9fs_mount+0xc6/0xa50 [ 179.316926][ T9240] ? __pfx_v9fs_mount+0x10/0x10 [ 179.318365][ T9240] ? __pfx_v9fs_mount+0x10/0x10 [ 179.319648][ T9240] legacy_get_tree+0x109/0x220 [ 179.320895][ T9240] vfs_get_tree+0x8f/0x380 [ 179.322077][ T9240] path_mount+0x6e1/0x1f10 [ 179.323637][ T9240] ? kmem_cache_free+0x152/0x4b0 [ 179.325385][ T9240] ? __pfx_path_mount+0x10/0x10 [ 179.327091][ T9240] ? putname+0x12e/0x170 [ 179.328600][ T9240] __ia32_sys_mount+0x292/0x310 [ 179.330286][ T9240] ? __pfx___ia32_sys_mount+0x10/0x10 [ 179.332172][ T9240] __do_fast_syscall_32+0x73/0x120 [ 179.333950][ T9240] do_fast_syscall_32+0x32/0x80 [ 179.335645][ T9240] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 179.337837][ T9240] RIP: 0023:0xf7f81579 [ 179.339253][ T9240] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 179.345827][ T9240] RSP: 002b:00000000f56e556c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 179.348723][ T9240] RAX: ffffffffffffffda RBX: 00000000200001c0 RCX: 0000000020000480 [ 179.351430][ T9240] RDX: 00000000200004c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 179.354147][ T9240] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 179.356921][ T9240] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 179.359643][ T9240] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 179.362396][ T9240] [ 179.364166][ T9240] Kernel Offset: disabled [ 179.365847][ T9240] Rebooting in 86400 seconds.. VM DIAGNOSIS: 01:06:53 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000039 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85034e45 RDI=ffffffff9a63a220 RBP=ffffffff9a63a1e0 RSP=ffffc900073d7258 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000039 R14=ffffffff85034de0 R15=0000000000000000 RIP=ffffffff85034e6f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b400000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f73cbad8 CR3=0000000020e70000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000001a3000e DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000126900000000 0000000800000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000a906f3 RBX=0000000000000001 RCX=ffffffff8b12f709 RDX=0000000000000000 RSI=ffffffff8b4cc8e0 RDI=ffffffff8bb12120 RBP=ffffed10036ea910 RSP=ffffc90000477e08 R8 =0000000000000001 R9 =ffffed10056a7025 R10=ffff88802b53812b R11=0000000000000000 R12=0000000000000001 R13=ffff88801b754880 R14=ffffffff901cce88 R15=0000000000000000 RIP=ffffffff8b130aef RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b500000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f5105729 CR3=00000000572e6000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000000004d1f05 RBX=0000000000000002 RCX=ffffffff8b12f709 RDX=0000000000000000 RSI=ffffffff8b4cc8e0 RDI=ffffffff8bb12120 RBP=ffffed10036ed000 RSP=ffffc90000487e08 R8 =0000000000000001 R9 =ffffed10056c7025 R10=ffff88802b63812b R11=0000000000000000 R12=0000000000000002 R13=ffff88801b768000 R14=ffffffff901cce88 R15=0000000000000000 RIP=ffffffff8b130aef RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c01300 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000002a1ae000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=fffffbfff2d31588 RBX=fffffbfff2d31589 RCX=ffffffff81693e8e RDX=0000000000000001 RSI=0000000000000008 RDI=ffffffff9698ac40 RBP=fffffbfff2d31588 RSP=ffffc90001f27550 R8 =0000000000000000 R9 =fffffbfff2d31588 R10=ffffffff9698ac47 R11=0000000000000002 R12=0000000000000000 R13=ffff8880206fd388 R14=0000000000000022 R15=ffff8880206fc880 RIP=ffffffff81ede9b4 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f736475c CR3=000000002a1ae000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000