last executing test programs: 38.05886841s ago: executing program 2 (id=761): r0 = io_uring_setup(0x30d3, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0x14) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)) syz_open_procfs(0x0, &(0x7f00000001c0)='numa_maps\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}]}) open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0) mount$bind(&(0x7f0000000280)='.\x00', 0x0, 0x0, 0x101091, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={[], [], 0x2f}) chdir(&(0x7f0000000080)='./file0\x00') getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r4, 0x84, 0x8, &(0x7f0000000080)=0x8, 0x4) sendto$inet6(r4, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, 0x0, 0x0) preadv(r3, 0x0, 0x0, 0x0, 0x0) r5 = socket(0x1e, 0x4, 0x0) connect$tipc(r5, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x1, 0x4}}, 0x10) sendmmsg$unix(r5, &(0x7f0000004400), 0x400000000000203, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_STATS(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x1c, r7, 0x1, 0x70bd2a, 0x25dfdbfb}, 0x1c}, 0x1, 0x0, 0x0, 0x20000010}, 0x20040000) close(r3) close_range(r0, 0xffffffffffffffff, 0x0) 31.996992641s ago: executing program 2 (id=761): r0 = io_uring_setup(0x30d3, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0x14) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)) syz_open_procfs(0x0, &(0x7f00000001c0)='numa_maps\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}]}) open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0) mount$bind(&(0x7f0000000280)='.\x00', 0x0, 0x0, 0x101091, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={[], [], 0x2f}) chdir(&(0x7f0000000080)='./file0\x00') getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r4, 0x84, 0x8, &(0x7f0000000080)=0x8, 0x4) sendto$inet6(r4, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, 0x0, 0x0) preadv(r3, 0x0, 0x0, 0x0, 0x0) r5 = socket(0x1e, 0x4, 0x0) connect$tipc(r5, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x1, 0x4}}, 0x10) sendmmsg$unix(r5, &(0x7f0000004400), 0x400000000000203, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_STATS(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x1c, r7, 0x1, 0x70bd2a, 0x25dfdbfb}, 0x1c}, 0x1, 0x0, 0x0, 0x20000010}, 0x20040000) close(r3) close_range(r0, 0xffffffffffffffff, 0x0) 24.607628839s ago: executing program 2 (id=761): r0 = io_uring_setup(0x30d3, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0x14) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)) syz_open_procfs(0x0, &(0x7f00000001c0)='numa_maps\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}]}) open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0) mount$bind(&(0x7f0000000280)='.\x00', 0x0, 0x0, 0x101091, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={[], [], 0x2f}) chdir(&(0x7f0000000080)='./file0\x00') getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r4, 0x84, 0x8, &(0x7f0000000080)=0x8, 0x4) sendto$inet6(r4, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, 0x0, 0x0) preadv(r3, 0x0, 0x0, 0x0, 0x0) r5 = socket(0x1e, 0x4, 0x0) connect$tipc(r5, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x1, 0x4}}, 0x10) sendmmsg$unix(r5, &(0x7f0000004400), 0x400000000000203, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_STATS(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x1c, r7, 0x1, 0x70bd2a, 0x25dfdbfb}, 0x1c}, 0x1, 0x0, 0x0, 0x20000010}, 0x20040000) close(r3) close_range(r0, 0xffffffffffffffff, 0x0) 16.569169077s ago: executing program 2 (id=761): r0 = io_uring_setup(0x30d3, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0x14) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)) syz_open_procfs(0x0, &(0x7f00000001c0)='numa_maps\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}]}) open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0) mount$bind(&(0x7f0000000280)='.\x00', 0x0, 0x0, 0x101091, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={[], [], 0x2f}) chdir(&(0x7f0000000080)='./file0\x00') getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r4, 0x84, 0x8, &(0x7f0000000080)=0x8, 0x4) sendto$inet6(r4, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, 0x0, 0x0) preadv(r3, 0x0, 0x0, 0x0, 0x0) r5 = socket(0x1e, 0x4, 0x0) connect$tipc(r5, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x1, 0x4}}, 0x10) sendmmsg$unix(r5, &(0x7f0000004400), 0x400000000000203, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_STATS(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x1c, r7, 0x1, 0x70bd2a, 0x25dfdbfb}, 0x1c}, 0x1, 0x0, 0x0, 0x20000010}, 0x20040000) close(r3) close_range(r0, 0xffffffffffffffff, 0x0) 9.038029439s ago: executing program 2 (id=761): r0 = io_uring_setup(0x30d3, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0x14) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)) syz_open_procfs(0x0, &(0x7f00000001c0)='numa_maps\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}]}) open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0) mount$bind(&(0x7f0000000280)='.\x00', 0x0, 0x0, 0x101091, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={[], [], 0x2f}) chdir(&(0x7f0000000080)='./file0\x00') getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r4, 0x84, 0x8, &(0x7f0000000080)=0x8, 0x4) sendto$inet6(r4, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, 0x0, 0x0) preadv(r3, 0x0, 0x0, 0x0, 0x0) r5 = socket(0x1e, 0x4, 0x0) connect$tipc(r5, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x1, 0x4}}, 0x10) sendmmsg$unix(r5, &(0x7f0000004400), 0x400000000000203, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_STATS(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x1c, r7, 0x1, 0x70bd2a, 0x25dfdbfb}, 0x1c}, 0x1, 0x0, 0x0, 0x20000010}, 0x20040000) close(r3) close_range(r0, 0xffffffffffffffff, 0x0) 2.589078882s ago: executing program 3 (id=978): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x4, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x22048, &(0x7f00000001c0)={[{@metacopy_off, 0x3a}], [], 0x2f}) userfaultfd(0x1) mkdir(&(0x7f0000000140)='./file0\x00', 0xe8) mount(&(0x7f0000000040)=@sr0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000)='hfs\x00', 0x11, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x80) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$9p_rdma(&(0x7f0000000300), &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0), 0x10, &(0x7f0000000200)=ANY=[@ANYBLOB="7472616e733d72646d612c706f72743d17672cbe38269c73307830303030303030303030"]) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000200)={0x71e5b314, 0x3c2, 0x0, 0xffffffff}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000200)) r2 = open$dir(&(0x7f0000000040)='./file1\x00', 0x28001, 0x100) faccessat(r2, &(0x7f0000000080)='./file0\x00', 0x80) 2.528272926s ago: executing program 3 (id=981): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000180), 0x2) r2 = memfd_create(&(0x7f0000000440)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d[\v\xfc\xad\x0f\xa8\xc5\xad\x001\x8b%\xaa?\x00\x00\x00\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1\xd1\x11\xf0\xc2Gj+kV\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb3\xf8\xe7\x8a\xd1]ai\x97\x1fn\xf3\x06\x1f\v\x0e`J\x81\xb4t\xc6X\xbd\xa7\xd9c\x8e\x9d\f\b\xadi6\xd3\x9bC&\xfa\xe6\xab\xf1\xbffk\xf2\xfd\x85\xccux)s\xabHh\x11\xca\xcf\xe5l\x17i\x0e\xcf>s\xb1\xf3\x03\xab\xd4\xcc\"K\xdal\xe6o\x82\x98\xee\xcc\xfd\xd3\xb3\xca\x8c\x03\xcd\\\xa5\xe4', 0x2) sendfile(0xffffffffffffffff, r1, 0x0, 0x4) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='attr/exec\x00') read$eventfd(r3, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000040)={0x0, 0x0}, 0x8) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100)=r4, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000001000000000000000000000025ba7e8351cd09cf78feb5106c019500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = dup(0xffffffffffffffff) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x235, &(0x7f00000002c0)={0x0, 0xf91, 0x10100, 0x0, 0x8002b1, 0x0, r3}, &(0x7f0000000280)=0x0, &(0x7f0000000340)=0x0) r8 = dup(0xffffffffffffffff) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x8, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r5, 0x2ded, 0xed72, 0x0, 0x0, 0x0) ioprio_set$pid(0x1, 0x0, 0x0) r9 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r9, 0x4008af00, &(0x7f0000000080)=0x200000000) r10 = dup2(r9, r9) readv(r10, &(0x7f0000000600)=[{&(0x7f00000001c0)=""/139, 0x8b}], 0x1) ftruncate(r2, 0xfc03) setrlimit(0x7, &(0x7f0000000400)) dup(r10) fcntl$addseals(r2, 0x409, 0x7) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r8, 0xc0189379, &(0x7f0000000380)={{0x1, 0x1, 0x18, r10}, './file0\x00'}) ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000000)={r2, 0x1, 0x0, 0x8000}) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000900)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a38000000030a03000000000000000000020000000c00024000000000000000010900010073797a3000000000090003"], 0x60}}, 0x0) 2.528053737s ago: executing program 0 (id=982): openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x80081, 0x1fb) write$P9_RUNLINKAT(0xffffffffffffffff, &(0x7f0000000840)={0x7, 0x4d, 0x103}, 0x7) syz_open_dev$tty20(0xc, 0x4, 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) socket$nl_xfrm(0x10, 0x3, 0x6) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000280)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) add_key$user(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe05000000000000000000009500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sched_switch\x00', r4, 0x0, 0x3}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0xfffffecc) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB="2c76657273696f6e3d39703230300000752c636163680f69e0d63d47504c002c6d61736b3d4d49595f415050454e442c6d613d4d41595f455845432c000000"]) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) fsmount(0xffffffffffffffff, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f000000000000000000000000000039d1c723"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="480000000214010028bd7000fddbdf250900020073797a3100000000080001000000000008004400", @ANYRES32, @ANYBLOB="050054000100b2ac08000100000000000900020073"], 0x48}, 0x1, 0x0, 0x0, 0x4000801}, 0x0) syz_emit_ethernet(0x3e2, &(0x7f0000000400)={@local, @local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "717faf", 0x3ac, 0x2f, 0x0, @local, @empty, {[@dstopts={0x62}, @dstopts={0x84, 0x19, '\x00', [@jumbo={0xc2, 0x4, 0x7fffffff}, @generic={0x3, 0xb5, "d80d12c8720441905e8a3872838bff2017e2f7477e0f35539f7ff33f60271e5be4d6a3e20162906e48a6520d57b3382f4abf88a141b08cc157b7520477ddcc01696221b20dcbc0b593cb45eb583c785ac24ffa8b1344dfff718d182fbdb7f5e3a89c6b06725d3e5de9eaab1523155d52a28897fb7424cdd2a466832f385b20eeba571dae225bad12fb9f523518c18b94780919e8cb49538d25f71363c71155fdb67b138ca01e38b77561442d784de7b2f45f5be4d0"}, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}, @hopopts={0x84, 0x3, '\x00', [@enc_lim={0x4, 0x1, 0x8}, @jumbo={0xc2, 0x4, 0x4}, @jumbo={0xc2, 0x4, 0x10}, @pad1, @enc_lim={0x4, 0x1, 0x9}, @pad1, @enc_lim={0x4, 0x1, 0x9}, @enc_lim={0x4, 0x1, 0xd}]}, @srh={0x0, 0x8, 0x4, 0x4, 0x2a, 0x38, 0x5, [@local, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @empty]}, @fragment={0x2c, 0x0, 0xd, 0x1, 0x0, 0x14, 0x68}, @srh={0x0, 0xc, 0x4, 0x6, 0xd6, 0x60, 0x3, [@private0={0xfc, 0x0, '\x00', 0x8}, @private0, @empty, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @dev={0xfe, 0x80, '\x00', 0xf}]}], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x48, 0x3, [0xfffc], "13e0ed17d6398c2a924c2de98250af798c10790496b487ef45306fbd7354d08a168cc77b3631e011bd1135b0158db4fd45ff35abeb0b2abb24e094cf8dfd8eeb24aae40c4bbc18a4"}, {0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800, [], "d967db9b7ec8a607d276706569da8e660a1e3ae89f508724e6d94f0f25ac89c93c6b5ffc0c8ae2ce34b0067154c1a2f28d229d2199bd186b39e6d25793f7e9768c072593642448a0d365a12790ed71bc0907af948e4d7d05c5c43cd6d526e56d9d7a6605230acf3fd9b4d7bae4"}, {0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x86dd, [], "30dc3acad7fb142563eafbe0d3081a603ecb5e9445088477944489457b7c42099bea58e5d2f1fb53d7c3753efa485b53d0c3a3ce15c2e6e6a76ec5bd9d0ea1a6618a68e895fe32d476c277d20f7f73abbf5dabd5457728e12f6cdff4afd6fdd2df22b21cdaf18e2f4e59e098ff6afa79fee5515f89f2d3a15a12b7d147db67525e9ffe4d5fa847706b154bef8046ac76ec350a53f24322658562976eeccaeb7a91605ce32e8b"}, {0x8, 0x88be, 0x0, {{0x4, 0x1, 0x68, 0x1, 0x1, 0x1, 0x1, 0x92}, 0x1, {0x2}}}, {0x8, 0x22eb, 0x2, {{0xf, 0x2, 0x3, 0x0, 0x1, 0x3, 0x1}, 0x2, {0xfffffff7, 0x6, 0x0, 0xc, 0x0, 0x0, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2, "4f45ec0713f22e73a9a561168336166c64419fd7fab2f306440e000aff21343ad3db751eedd43ae129c544025481a99e08aa937ad4c7fde34d1a774e3f18ed35f03cddd979ee54ad2c937c"}}}}}}}, 0x0) 1.998968936s ago: executing program 1 (id=986): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x10) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) io_setup(0xff, &(0x7f0000000380)=0x0) sendmmsg$alg(r1, &(0x7f0000000240)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x50}], 0x1, 0x840) io_submit(r2, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x300, r1, &(0x7f0000000340), 0x41}]) 1.86741583s ago: executing program 2 (id=761): r0 = io_uring_setup(0x30d3, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0x14) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)) syz_open_procfs(0x0, &(0x7f00000001c0)='numa_maps\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}]}) open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0) mount$bind(&(0x7f0000000280)='.\x00', 0x0, 0x0, 0x101091, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={[], [], 0x2f}) chdir(&(0x7f0000000080)='./file0\x00') getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r4, 0x84, 0x8, &(0x7f0000000080)=0x8, 0x4) sendto$inet6(r4, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, 0x0, 0x0) preadv(r3, 0x0, 0x0, 0x0, 0x0) r5 = socket(0x1e, 0x4, 0x0) connect$tipc(r5, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x1, 0x4}}, 0x10) sendmmsg$unix(r5, &(0x7f0000004400), 0x400000000000203, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_STATS(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x1c, r7, 0x1, 0x70bd2a, 0x25dfdbfb}, 0x1c}, 0x1, 0x0, 0x0, 0x20000010}, 0x20040000) close(r3) close_range(r0, 0xffffffffffffffff, 0x0) 1.179258334s ago: executing program 0 (id=987): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x9) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmmsg(r2, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) setsockopt$SO_TIMESTAMP(r2, 0x1, 0x23, &(0x7f00000000c0)=0xe, 0x4) accept4(r1, 0x0, &(0x7f0000000080), 0x80800) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r4, @ANYBLOB="010000000000fbdbdf250100000008000200000000000500050000000000080003000100000048000180050002002000000006000100020007ff0800060003000000080003"], 0x84}}, 0x20000000) 1.17893544s ago: executing program 3 (id=988): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) r3 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) write$binfmt_register(r3, &(0x7f0000000100)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x42b5, 0x3a, 'hfx\xf1*\xc2s\x00', 0x3a, 'hfsplus\x00', 0x3a, './file2'}, 0x37) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r4, 0x800000010d, 0x2, &(0x7f0000000600)="13fef52ccff046266e59fc589237cf9e02c0ed549dc708fbd14908ca580732a391919457f2f84e43c3519760f3604199b3684b3312ce6aee0090edf82c239e6809f7ce09bb686bd59911403f561ef3ab32594a", 0x53) r5 = io_uring_setup(0x573a, &(0x7f0000000580)={0x0, 0xa380, 0x80, 0x0, 0x3dd}) syz_io_uring_setup(0x108, &(0x7f0000000300)={0x0, 0xce61, 0x80, 0x0, 0x89, 0x0, r5}, &(0x7f0000000540)=0x0, 0x0) r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) kcmp(r0, r0, 0x6, r2, r7) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x4a4, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3dc, 0xffffffff, 0xffffffff, 0x3dc, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x198, 0x1b8, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf4}, {0x9, 0x0, 0x24, 0x0, 'syz0\x00'}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@private0, @private1, [], [], 'pimreg1\x00', 'wlan1\x00'}, 0x0, 0x1bc, 0x224, 0x0, {}, [@common=@inet=@recent0={{0xf4}, {0x0, 0x0, 0x1, 0x0, 'syz1\x00'}}, @inet=@rpfilter={{0x24}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'syz0\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x500) read$proc_mixer(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000440), 0x1c1482, 0x0) r9 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$BLKZEROOUT(r9, 0x127f, &(0x7f0000000240)={0x0, 0x1000000}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001040)=@newtaction={0x554, 0x30, 0x1, 0x0, 0x0, {}, [{0x540, 0x1, [@m_police={0x53c, 0x1e, 0x0, 0x0, {{0xb}, {0x494, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x9000000, 0x30000006, 0x7fff, 0x5, 0x8f, {0x40, 0x2, 0xe, 0x401, 0x3, 0x7}, {0x7, 0x2, 0xab1a, 0x4, 0x1}, 0x0, 0xb, 0x4}}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x1000, 0x2, 0x5, 0x401, 0x5, 0x9f, 0x2, 0x8, 0x0, 0x9, 0x1, 0x8000, 0x7fff, 0x40, 0x8, 0x9, 0x9000, 0x2, 0x3, 0x2, 0x7fff, 0x9, 0x6, 0x4, 0x348e, 0x401, 0xc1, 0x80, 0x1, 0x5, 0x2, 0x40, 0x7fffffff, 0x5, 0x9, 0x0, 0x6, 0x1f7c, 0x8000, 0x7, 0x1000, 0x2, 0x520, 0x7fffffff, 0x401, 0xd, 0x6, 0x7fff, 0x5, 0xb9, 0x1000, 0xd078, 0xffff0001, 0x7fff, 0x30a, 0x4, 0x80000000, 0x2, 0x4, 0x80, 0x6, 0x80000001, 0x4, 0xe6, 0x5, 0x0, 0xee, 0x9, 0x9, 0x5, 0x9, 0x6, 0x6, 0x3ff, 0x7, 0x9, 0xfffffffc, 0x9, 0xb, 0x9, 0x0, 0x4, 0xfffffaac, 0x5, 0x79, 0x401, 0x5, 0x5, 0xb, 0xc2e, 0x6, 0x101, 0x0, 0xa, 0xb1, 0x3, 0x6, 0x7fffffff, 0x1, 0x8, 0x9, 0x9fb4, 0x10001, 0x2, 0x7fff, 0x97, 0x0, 0xfffffff8, 0x7, 0x1000, 0x9, 0x1, 0xe, 0x1, 0x6, 0x7f, 0x9, 0x6, 0x7, 0x80000000, 0x1, 0xad00, 0x2, 0x7f, 0x7, 0x8, 0xee1, 0x6, 0x1, 0x8000, 0x0, 0x80, 0x2, 0x68b, 0xabb, 0x5, 0x7fffffff, 0xff, 0x1000, 0x7fffffff, 0x3, 0x1, 0x5, 0x3, 0x0, 0x8, 0x0, 0x8, 0x815, 0x5, 0xffffffff, 0x0, 0x40, 0x0, 0x7, 0x133e, 0xe, 0x1000000, 0x10001, 0x4003, 0x0, 0x8001, 0x9, 0x5, 0x101, 0x7, 0x9, 0xffffff7f, 0x3, 0x7f, 0x28, 0x2, 0x9, 0x1, 0x16fa, 0xffffffff, 0xfffffffc, 0xffffffff, 0x2, 0x9, 0x0, 0xf, 0x8, 0x1, 0x0, 0x8000, 0x8b6, 0xd71, 0x5, 0x7fff, 0xa, 0x7fff, 0x3, 0x200, 0x0, 0x8, 0x40, 0x9, 0x6, 0x4, 0x6, 0x401, 0x9, 0x30000000, 0x1, 0xa5ae, 0x3ff, 0x1, 0x10000, 0x1, 0x27, 0x9, 0x7, 0x7, 0xffffff01, 0x9, 0x8d99, 0xd, 0x6, 0x8236, 0x0, 0x7, 0x5, 0x9, 0x3, 0x0, 0x414, 0x4, 0x5, 0x3cf4, 0x5, 0x16, 0x6, 0x2, 0xfffffff8, 0x5e, 0x3, 0x2, 0x7, 0x40, 0x61, 0x3, 0x0, 0x539f, 0x3, 0x200, 0xffffffff, 0x8001, 0x10001, 0x2, 0x7, 0x7e21, 0x0, 0x10000, 0x4, 0xf6a]}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x4}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x7}], [], [], [@TCA_POLICE_TBF={0x3c, 0x1, {0x4, 0x8, 0x1, 0x6, 0x3, {0x3, 0x0, 0xfffe, 0x0, 0xf1f, 0x800}, {0x4, 0x6, 0x7, 0x320c, 0xebb, 0xfffffffc}, 0x7, 0x4, 0x3}}], []]}, {0x7f, 0x6, "361d3ff8ad661ad53c89a8e7c3daf961eb21bf05a191d1d9426e42a02f0bb4c96321054a115ec4812b56d3215188342da80ec9788fe15d77c961787cbb6dbc8093f5883bbce3741a02fe9aa6c7f4f097c7075c8195bbfed824de36fd6dbe6e0c40ae1d14e3381e947cd9546f0ae1df75da67eb488cf2ada1670487"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x554}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) 1.007901371s ago: executing program 1 (id=989): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0xffffffff}}, 0x70}}, 0x0) 1.007542709s ago: executing program 1 (id=990): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) mlock(&(0x7f0000ffb000/0x3000)=nil, 0x3000) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0e00000004000000040000000300000000000000", @ANYRES32, @ANYBLOB='\x00'/19, @ANYBLOB], 0x48) clock_adjtime(0x4, &(0x7f0000000340)={0x8, 0x2, 0x1b800000, 0xafb, 0x10000, 0x3, 0x8, 0x82d, 0xff, 0x467b, 0x4, 0x5, 0x1, 0x2fd3, 0x401, 0x8, 0x2, 0x0, 0x7, 0xca54, 0x7, 0x5, 0x401, 0x3, 0xfffff546, 0x4}) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0xff90, 0x60}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0x0, 0x8}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0x6, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8, 0x20}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0x7, 0x0}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_open_dev$loop(&(0x7f0000000300), 0x2, 0x40000) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r6 = io_uring_setup(0x1694, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) r7 = syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x82) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x5, 0x12, r7, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x0, 0x0, 0x2) ioctl$sock_bt_hci(r5, 0x800448d3, 0x0) 289.261896ms ago: executing program 0 (id=991): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003880)={0x14, 0x40, 0x9, 0xffffffff, 0x25dfdbff, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000640)={0x1ec, r3, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @a}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c}, @WGDEVICE_A_FLAGS={0x8}, @WGDEVICE_A_PEERS={0x16c, 0x8, 0x0, 0x1, [{0x138, 0x0, 0x0, 0x1, [@WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x2000}, @WGPEER_A_ALLOWEDIPS={0x108, 0x9, 0x0, 0x1, [{0x88, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x36}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}]}, {0xfe31, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x3}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @remote}}, {0x5, 0x3, 0x2}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}]}]}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}]}, {0x30, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8, 0x3, 0x1}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}]}]}]}, 0x1ec}, 0x1, 0x0, 0x0, 0x4084}, 0x20000010) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20008020}, 0xc, &(0x7f0000000080)={&(0x7f0000000540)={0xba0, r3, 0x100, 0x70bd27, 0x25dfdbff, {}, [@WGDEVICE_A_FWMARK={0x8, 0x7, 0x4}, @WGDEVICE_A_PRIVATE_KEY={0x24}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_PEERS={0x288, 0x8, 0x0, 0x1, [{0x2c, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e20, 0xb, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x7}}]}, {0x17c, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "7d4b2835c937fd3fb913adeb99c408f8f8ec5a31bb9b73e54d24793ca5118488"}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0x4, @remote, 0x2c}}, @WGPEER_A_ALLOWEDIPS={0xe4, 0x9, 0x0, 0x1, [{0x70, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x2}}]}, {0x70, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x1}}]}]}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_FLAGS={0x8, 0x3, 0x4}]}, {0x70, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e20, 0x3, @local, 0x7fff}}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "808b88133f3ec39f9727763c727118c6f59b9c562e2e3f486fb86beb95ede257"}, @WGPEER_A_FLAGS={0x8}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e20, 0x8, @private0, 0xffffffff}}]}, {0x38, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x9}]}, {0x34, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8, 0x3, 0x1}, @WGPEER_A_FLAGS={0x8, 0x3, 0x7}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0x6, @mcast1, 0x7ff}}]}]}, @WGDEVICE_A_PEERS={0x8c4, 0x8, 0x0, 0x1, [{0x3c, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e21, @multicast1}}]}, {0x6c, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e22, 0x8, @rand_addr=' \x01\x00', 0x3}}]}, {0x34c, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x198, 0x9, 0x0, 0x1, [{0xe8, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x1d}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @local}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010100}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5}}]}, {0xac, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5}}]}]}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x200}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x7}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ALLOWEDIPS={0x174, 0x9, 0x0, 0x1, [{0x148, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x1}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x1}}]}]}]}, {0x34, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8, 0x3, 0x4}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0x5, @dev={0xfe, 0x80, '\x00', 0x26}, 0x22a}}, @WGPEER_A_PROTOCOL_VERSION={0x8}]}, {0x30, 0x0, 0x0, 0x1, [@WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0xc}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "aae92ace727948b8032e44188409b260075dc72f1d1a808b69415b3f8474c710"}]}, {0x5c, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0x5, @loopback, 0x400}}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x2a}}}]}, {0x40c, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0x1, @private0, 0x61c}}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ALLOWEDIPS={0x390, 0x9, 0x0, 0x1, [{0x40, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x2}}]}, {0x7c, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x1}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00'}, {0x5, 0x3, 0x1}}]}, {0x88, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010102}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x19}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5, 0x3, 0x2}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010102}, {0x5, 0x3, 0x2}}]}, {0x70, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5}}]}, {0x88, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x3}}]}, {0x88, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x3}}]}]}]}]}]}, 0xba0}, 0x1, 0x0, 0x0, 0x4}, 0x20004080) 288.902539ms ago: executing program 0 (id=992): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9e46, &(0x7f0000006680)) r0 = socket$nl_rdma(0x10, 0x3, 0x14) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x24, 0x1, 0x4, 0x401, 0x0, 0x0, {}, [@NFULA_CFG_CMD={0x5, 0x1, 0x2}, @NFULA_CFG_FLAGS={0x6}]}, 0x24}}, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r0, &(0x7f0000000140)={0x0, 0xfcff, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="18000000091401001000000000000000080001000000000066a82e41147c9c5ac018732ea09bf0a24c9901d07b8aba5a115ef6a462fbce8553e9aa5d6d1bc1d64d0a617d160ae8fb5c84ed91985b14a57240140f8c3ad3ddb5b8d88ae7fd4adee82f3b8da2363ef5978502767efaba49c8c61b6e66e9d26d97a8e776796b6e4a73ad1cf95ea13def5ac5bf12cf06765916c1cf48adde2630"], 0x18}}, 0x0) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x7, 0x8031, 0xffffffffffffffff, 0x10000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) keyctl$invalidate(0x15, 0x0) 288.63897ms ago: executing program 3 (id=993): r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000090000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r6, 0x0) r7 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r7, 0x5412, 0x0) ioctl$TIOCSTI(r7, 0x5412, 0x0) ioctl$TCSETA(r7, 0x5406, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r2}, 0x18) write$6lowpan_control(r1, &(0x7f0000000000)='connect aa:aa:aa:aa:aa:10 0', 0x1b) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="b400000010000904000000000000010000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r8, @ANYBLOB='\b\x00\n\x00'], 0xb4}}, 0x0) 218.985494ms ago: executing program 0 (id=994): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) r0 = io_uring_setup(0x203c, &(0x7f00000000c0)={0x0, 0xd4b5, 0x0, 0x3}) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) r1 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0x15, 0x20000002, r1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000540)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xeaca53e27e3cc454}, 0xc, &(0x7f0000000500)={&(0x7f0000000380)={0x164, 0x2b, 0x86448472688008fc, 0x70bd2c, 0x25dfdbfe, {0x1f}, [@typed={0x8, 0x72, 0x0, 0x0, @ipv4=@loopback}, @typed={0xdb, 0x85, 0x0, 0x0, @binary="6b1ed62fa66f4a5d6383ba9030dc09bb81b2d339eb924376cd3432a7d852b8741adfaffa72fa2560dfe053d5fde0274784350b045ac18ab9467d92b72cab37bf9fe7a414b787fc7dbb6592fc9f859d501b703d58d9691ded0986ca94b5c6fe84df00df225a974a074ef233bd80b5f36665fb62b0bc78438e820520a3fe7a77639943aae6b90556031b62e42fbc0112fdfcc6acc47e0919a40a947348e8bbe9aad3d8b5944ecffa10b79615e1885456a6628b36d12e8ab1c0a1f036198ee3dc7c2a3325807fa51b6656d91961d9fb94fb10c02f64eea3e8"}, @generic="e9b6d244999b498038160944d27a29401d827f624064a5d25a155f3e6ba1713c923b4d9e3325e9977eadec7c40c5e694091f0c8898d674417f0e604bd923c6e1a0b9d8977b7fec0dff8f44bcf9d8933c11051e80d810533d7f6fd3650623dfaa1002e9418f808f58e9"]}, 0x164}, 0x1, 0x0, 0x0, 0x40440c1}, 0x24040081) sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(0xffffffffffffffff, 0x0, 0x24008011) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) syz_create_resource$binfmt(&(0x7f00000001c0)='./file0\x00') connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) (async) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) (async) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="180600000000000000000000000000001801000020207025ffff0000002020207b1af8ff000000c94d5a9201cee82c91984438010300bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x61) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="180600000000000000000000000000001801000020207025ffff0000002020207b1af8ff000000c94d5a9201cee82c91984438010300bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x61) r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r6, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7}) ioctl$sock_netdev_private(r6, 0x8949, &(0x7f0000000000)) (async) ioctl$sock_netdev_private(r6, 0x8949, &(0x7f0000000000)) socket$pppoe(0x18, 0x1, 0x0) (async) r7 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r7, &(0x7f0000000100)={0x18, 0x0, {0x11ff, @dev, 'bond_slave_1\x00'}}, 0x1e) r8 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008108040f809d3af1ed2a674fa5000f000000e8bd6efb250314000e0001", 0x23}], 0x1}, 0x0) (async) sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008108040f809d3af1ed2a674fa5000f000000e8bd6efb250314000e0001", 0x23}], 0x1}, 0x0) 89.171886ms ago: executing program 3 (id=995): syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty=0xffff0000}, {0x0, 0x4e21, 0x8}}}}}, 0x0) 88.843792ms ago: executing program 3 (id=996): openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x80081, 0x1fb) write$P9_RUNLINKAT(0xffffffffffffffff, &(0x7f0000000840)={0x7, 0x4d, 0x103}, 0x7) syz_open_dev$tty20(0xc, 0x4, 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) socket$nl_xfrm(0x10, 0x3, 0x6) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000280)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) add_key$user(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe05000000000000000000009500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sched_switch\x00', r4, 0x0, 0x3}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0xfffffecc) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB="2c76657273696f6e3d39703230300000752c636163680f69e0d63d47504c002c6d61736b3d4d49595f415050454e442c6d613d4d41595f455845432c000000"]) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) fsmount(0xffffffffffffffff, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f000000000000000000000000000039d1c723"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="480000000214010028bd7000fddbdf250900020073797a3100000000080001000000000008004400", @ANYRES32, @ANYBLOB="050054000100b2ac08000100000000000900020073"], 0x48}, 0x1, 0x0, 0x0, 0x4000801}, 0x0) syz_emit_ethernet(0x3e2, &(0x7f0000000400)={@local, @local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "717faf", 0x3ac, 0x2f, 0x0, @local, @empty, {[@dstopts={0x62}, @dstopts={0x84, 0x19, '\x00', [@jumbo={0xc2, 0x4, 0x7fffffff}, @generic={0x3, 0xb5, "d80d12c8720441905e8a3872838bff2017e2f7477e0f35539f7ff33f60271e5be4d6a3e20162906e48a6520d57b3382f4abf88a141b08cc157b7520477ddcc01696221b20dcbc0b593cb45eb583c785ac24ffa8b1344dfff718d182fbdb7f5e3a89c6b06725d3e5de9eaab1523155d52a28897fb7424cdd2a466832f385b20eeba571dae225bad12fb9f523518c18b94780919e8cb49538d25f71363c71155fdb67b138ca01e38b77561442d784de7b2f45f5be4d0"}, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}, @hopopts={0x84, 0x3, '\x00', [@enc_lim={0x4, 0x1, 0x8}, @jumbo={0xc2, 0x4, 0x4}, @jumbo={0xc2, 0x4, 0x10}, @pad1, @enc_lim={0x4, 0x1, 0x9}, @pad1, @enc_lim={0x4, 0x1, 0x9}, @enc_lim={0x4, 0x1, 0xd}]}, @srh={0x0, 0x8, 0x4, 0x4, 0x2a, 0x38, 0x5, [@local, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @empty]}, @fragment={0x2c, 0x0, 0xd, 0x1, 0x0, 0x14, 0x68}, @srh={0x0, 0xc, 0x4, 0x6, 0xd6, 0x60, 0x3, [@private0={0xfc, 0x0, '\x00', 0x8}, @private0, @empty, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @dev={0xfe, 0x80, '\x00', 0xf}]}], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x48, 0x3, [0xfffc], "13e0ed17d6398c2a924c2de98250af798c10790496b487ef45306fbd7354d08a168cc77b3631e011bd1135b0158db4fd45ff35abeb0b2abb24e094cf8dfd8eeb24aae40c4bbc18a4"}, {0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800, [], "d967db9b7ec8a607d276706569da8e660a1e3ae89f508724e6d94f0f25ac89c93c6b5ffc0c8ae2ce34b0067154c1a2f28d229d2199bd186b39e6d25793f7e9768c072593642448a0d365a12790ed71bc0907af948e4d7d05c5c43cd6d526e56d9d7a6605230acf3fd9b4d7bae4"}, {0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x86dd, [], "30dc3acad7fb142563eafbe0d3081a603ecb5e9445088477944489457b7c42099bea58e5d2f1fb53d7c3753efa485b53d0c3a3ce15c2e6e6a76ec5bd9d0ea1a6618a68e895fe32d476c277d20f7f73abbf5dabd5457728e12f6cdff4afd6fdd2df22b21cdaf18e2f4e59e098ff6afa79fee5515f89f2d3a15a12b7d147db67525e9ffe4d5fa847706b154bef8046ac76ec350a53f24322658562976eeccaeb7a91605ce32e8b"}, {0x8, 0x88be, 0x0, {{0x4, 0x1, 0x68, 0x1, 0x1, 0x1, 0x1, 0x92}, 0x1, {0x2}}}, {0x8, 0x22eb, 0x2, {{0xf, 0x2, 0x3, 0x0, 0x1, 0x3, 0x1}, 0x2, {0xfffffff7, 0x6, 0x0, 0xc, 0x0, 0x0, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2, "4f45ec0713f22e73a9a561168336166c64419fd7fab2f306440e000aff21343ad3db751eedd43ae129c544025481a99e08aa937ad4c7fde34d1a774e3f18ed35f03cddd979ee54ad2c937c"}}}}}}}, 0x0) 29.433239ms ago: executing program 1 (id=997): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x2, 0x6, 0x5f8, 0x0, 0x33c, 0x0, 0x1e8, 0xec, 0x530, 0x530, 0x530, 0x530, 0x530, 0x6, 0x0, {[{{@uncond, 0x0, 0xc8, 0xec, 0x40000, {0x7a00000000000000}, [@inet=@rpfilter={{0x24}}]}, @HL={0x24}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0, [], [], 'syzkaller0\x00', 'team_slave_1\x00'}, 0x0, 0xc8, 0xfc, 0x0, {}, [@common=@ipv6header={{0x24}, {0x40, 0x41, 0x1}}]}, @common=@inet=@SET3={0x34, 'SET\x00', 0x3, {{0xffffffffffffffff}, {0xffffffffffffffff}, {}, 0xf3dd}}}, {{@ipv6={@private1={0xfc, 0x1, '\x00', 0x1}, @remote, [], [], '\x00', 'dummy0\x00'}, 0x0, 0x130, 0x154, 0x0, {}, [@common=@srh1={{0x8c}, {0x8, 0x0, 0x0, 0x0, 0x0, @dev, @local, @empty}}]}, @unspec=@CHECKSUM={0x24}}, {{@uncond, 0x0, 0xa4, 0xe4}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2000000]}}}, {{@uncond, 0x0, 0xec, 0x110, 0x0, {}, [@inet=@rpfilter={{0x24}}, @common=@eui64={{0x24}}]}, @unspec=@CHECKSUM={0x24}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x654) 504.811µs ago: executing program 1 (id=998): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) chdir(0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x142) close(r0) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000600)={r2, 0x0, 0x0, 0x0, 0x0, [0x0]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x2, [r3], [0x2b8], [0x8], [0x4]}) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000080)) chdir(&(0x7f00000003c0)='./bus\x00') r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f00000002c0)={'wg2\x00', 0x0}) r8 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'ipvlan0\x00'}}]}, 0x38}, 0x1, 0x0, 0x40000, 0x24000844}, 0x0) sendmsg$WG_CMD_SET_DEVICE(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001240)=ANY=[@ANYBLOB='@\r\x00\x00', @ANYRES16=r6, @ANYBLOB="05000000000000000000010000000600060000000000c40c0880e400008024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b24000100000000000000000000000000000000000000000000000000000000000000000024000200fcbefe9641719404cc5c9ab2766dd4793e367b0ea55e65e2e3416ac9d4e68841240002001171ee8da334a5099295af229a5d237a7f4102f01f28b34347d6cbbe135d83ec24000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c0800030000000000240002005da952055e5857d673cddd36909746c80efa3ff95c317de1063db32bc80a0b3e0003008024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0600050000000000d002098058000080060001000200000008000200ac1e00010500030000000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000200000008000200ffffffff05000300000000007c000080060001000a00000014000200000000000000000000000000000000010500030000000000060001000200000008000200ac1414bb0500030000000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000200000008000200000000000500030000000000dc000080060001000a0000001400020000000000000000000000ffffac1414aa05000300000000000600010002000000080002000000000005000300000000000600010002000000080002007f0000010500030000000000060001000200000008000200000000000500030000000000060001000200000008000200e00000010500030000000000060001000a00000014000200fc0100000000000000000000000000000500030000000000060001000200000008000200000000000500030000000000060001000200000008000200ac1e0001050003000000000094000080060001000a00000014000200fc0200000000000000000000000000000500030000000000060001000a00000014000200ff0100000000000000000000000000010500030000000000060001000200000008000200e00000010500030000000000060001000200000008000200ac1414bb0500030000000000060001000200000008000200ffffffff050003000000000088000080060001000a00000014000200fe8000000000000000000000000000aa0500030000000000060001000200000008000200ac1414aa0500030000000000060001000a00000014000200fe8800000000000000000000000000010500030000000000060001000a00000014000200ff020000000000000000000000000001050003000000000064000080080003000000000008000a000100000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b3922080003000000000024000200379aa288b2244a5b504ba04bea45625d328fb93b62e607a1b2e4da2f7f76a5499400008024000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c080003000000000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b3922080003000000000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b1400040002000000000000000000000000000000d807008000030980f4000080060001000a00000014000200000000000000000000000000000000000500030000000000060001000a00000014000200fc0000000000000000000000000000000500030000000000060001000200000008000200ffffffff0500030000000000060001000200000008000200ac1e00010500030000000000060001000200000008000200e000000105000300000000000600010002000000080002007f0000010500030000000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000a00000014000200fc01000000000000000000000000000005000300000000004c000080060001000200000008000200ac1414bb0500030000000000060001000200000008000200000000000500030000000000060001000200000008000200ac1414bb05000300000000000c010080060001000a00000014000200200100000000000000000000000000010500030000000000060001000200000008000200e000000205000300000000000600010002000000080002000000000005000300000000000600010002000000080002007f0000010500030000000000060001000a00000014000200fe8800000000000000000000000000010500030000000000060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200ffffffff0500030000000000060001000200000008000200e00000010500030000000000060001000a00000014000200fc0100000000000000000000000000000500030000000000940000800600010002000000080002000000000005000300000000000600010002000000080002000000000005000300000000000600010002000000080002007f0000010500030000000000060001000200000008000200e00000020500030000000000060001000200000008000200ac1414000500030000000000060001000200000008000200ac14140005000300000000001c000080060001000200000008000200ffffffff0500030000000000080003000000000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b39221d0004000a0000000000000000000000000000000000ffffac1e0001000000001c04098094000080060001000a0000001400020000000000000000000000ffffac1414bb0500030000000000060001000a00000014000200fe8800000000000000000000000000010500030000000000060001000a00000014000200ff0100000000000000000000000000010500030000000000060001000a00000014000200fe880000000000000000000000000001050003000000000064000080060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200ac1414bb0500030000000000060001000a0000001400020000000000000000000000ffffe00000020500030000000000ac000080060001000200000008000200000000000500030000000000060001000a00000014000200fe80000000000000000000000000000005000300000000000600010002000000080002007f0000010500030000000000060001000200000008000200ac1414bb0500030000000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000200000008000200e0000001050003000000000064000080060001000a00000014000200fc0100000000000000000000000000000500030000000000060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200ac1414000500030000000000f4000080060001000200000008000200000000000500030000000000060001000a00000014000200200100000000000000000000000000000500030000000000060001000a00000014000200fc0200000000000000000000000000000500030000000000060001000a00000014000200fe8000000000000000000000000000aa0500030000000000060001000200000008000200ac1414aa0500030000000000060001000200000008000200000000000500030000000000060001000200000008000200ac1414000500030000000000060001000a00000014000200200100000000000000000000000000020500030000000000a0000080060001000a00000014000200fc0000000000000000000000000000000500030000000000060001000200000008000200ac1414aa0500030000000000060001000a00000014000200fe8800000000000000000000000000010500030000000000060001000a00000014000200fe8000000000000000000000000000aa0500030000000000060001000200000008000200ac14140005000300000000007c000080060001000200000008000200ac1414aa0500030000000000060001000a00000014000200fe8000000000000000000000000000000500030000000000060001000200000008000200e00000010500030000000000060001000a00000014000200fe8000000000000000000000000000bb050003000000000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b2400020055fbc2635cc801d67c589cc98f3cf65074dffe0886750dec83be49fbf628e1dc240002000f1b8b82264208ab1a2dce776c03b9f348f500ef8e7606466943f5ba2ae2881e0c0000800800030000000000060006000000000008000100", @ANYRES32=r7, @ANYBLOB="2400030000000000000000000000000000000000000000000000000000000000000000002400"], 0xd40}}, 0x0) acct(&(0x7f0000000140)='./file0\x00') 333.278µs ago: executing program 0 (id=999): io_uring_setup(0x71aa, 0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0401273, &(0x7f0000000000)={'\x00', 0x2, 0x40, 0x23137, 0xffffffffffffffff, 0x11c3adec}) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) ioctl$BLKTRACESTART(r0, 0x1276, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r5, 0x84, 0x7d, &(0x7f00000000c0), &(0x7f0000000100)=0x8) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="240000001300290a000000000000000007000000", @ANYRES32=r3, @ANYBLOB="000004000420"], 0x24}}, 0x0) 0s ago: executing program 1 (id=1000): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b87e17ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x2f9, 0x5865, &(0x7f0000000040)="b90103600040f000009e0ff008001fffffe100004000632f77fb080600017f020001be3e7d2a182fff", 0x0, 0x104, 0x6000000000000000, 0x0, 0xfeb9, &(0x7f0000000400)="9209558f0c5fb25cd57f98113135c3171b8b331fbc04f0e6955a796ff8e3aae3cac46cec3030dfc999058aea01f0e6dcf2f9d480d328655aca003927bd50ed49d4843c8a0a2a4b26ceb747947200bd644c85e7a8a7d7cfce840c02a7d69c9e0bca410f64d43290abbbf3131e1fa8bd8c3e5f19d5a491d3d4c1a0fe47de9eebaf073ac3da6256bdb681d18fbd607c9b0d710442bcf78bc36fd3c035812bde582a262bff0e4d6181c818fccf542868c6e602d97bea23a101955dc76bcc984142ab305387aa348566d688edd291a3e9d08952adbdf60462bb7f7faebcdfccf17115708b0d73d0f3a469ce7d8374219b3f92c92bcec4958d474bb281c26691949d054b784a5866f081e53eb9cfd7"}, 0x28) (fail_nth: 26) kernel console output (not intermixed with test programs): 98.057076][ T7532] ? ksys_write+0x1ba/0x250 [ 98.058439][ T7532] __do_fast_syscall_32+0x73/0x120 [ 98.059956][ T7532] do_fast_syscall_32+0x32/0x80 [ 98.061394][ T7532] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 98.063234][ T7532] RIP: 0023:0xf7f81579 [ 98.064474][ T7532] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 98.069941][ T7532] RSP: 002b:00000000f50b555c EFLAGS: 00000296 ORIG_RAX: 0000000000000127 [ 98.072320][ T7532] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000020000340 [ 98.074493][ T7532] RDX: 0000000000000000 RSI: 000000000000fffe RDI: 0000000000000000 [ 98.076780][ T7532] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 98.078946][ T7532] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 98.081199][ T7532] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 98.083480][ T7532] [ 98.419738][ T7544] FAULT_INJECTION: forcing a failure. [ 98.419738][ T7544] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 98.423893][ T7544] CPU: 0 UID: 0 PID: 7544 Comm: syz.2.318 Not tainted 6.13.0-syzkaller #0 [ 98.426306][ T7544] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 98.429406][ T7544] Call Trace: [ 98.430376][ T7544] [ 98.431240][ T7544] dump_stack_lvl+0x16c/0x1f0 [ 98.432622][ T7544] should_fail_ex+0x497/0x5b0 [ 98.433963][ T7544] _copy_from_user+0x2e/0xd0 [ 98.435313][ T7544] binder_thread_write+0x13b8/0x4c30 [ 98.436849][ T7544] ? __pfx___schedule+0x10/0x10 [ 98.438291][ T7544] ? __pfx_binder_thread_write+0x10/0x10 [ 98.439923][ T7544] ? find_held_lock+0x2d/0x110 [ 98.441322][ T7544] ? lockdep_hardirqs_on+0x7c/0x110 [ 98.442787][ T7544] ? lock_acquire+0x2f/0xb0 [ 98.444058][ T7544] ? __might_fault+0xe3/0x190 [ 98.445421][ T7544] ? __might_fault+0xe3/0x190 [ 98.446740][ T7544] binder_ioctl+0x269d/0x7080 [ 98.448082][ T7544] ? tomoyo_path_number_perm+0x46d/0x5b0 [ 98.449668][ T7544] ? tomoyo_path_number_perm+0x190/0x5b0 [ 98.451243][ T7544] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 98.452896][ T7544] ? __pfx_binder_ioctl+0x10/0x10 [ 98.454339][ T7544] ? do_vfs_ioctl+0x513/0x1950 [ 98.455702][ T7544] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 98.457094][ T7544] ? trace_lock_acquire+0x14e/0x1f0 [ 98.458558][ T7544] ? __fget_files+0x206/0x3a0 [ 98.459947][ T7544] ? __pfx_binder_ioctl+0x10/0x10 [ 98.461406][ T7544] compat_ptr_ioctl+0x6b/0xa0 [ 98.462739][ T7544] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 98.464279][ T7544] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 98.465782][ T7544] __do_fast_syscall_32+0x73/0x120 [ 98.467244][ T7544] do_fast_syscall_32+0x32/0x80 [ 98.468625][ T7544] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 98.470431][ T7544] RIP: 0023:0xf7f0f579 [ 98.471602][ T7544] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 98.476913][ T7544] RSP: 002b:00000000f504555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 98.479307][ T7544] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000c0306201 [ 98.481576][ T7544] RDX: 0000000020000480 RSI: 0000000000000000 RDI: 0000000000000000 [ 98.483795][ T7544] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 98.486014][ T7544] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 98.488244][ T7544] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 98.490494][ T7544] [ 98.491685][ T7544] binder: 7541:7544 ioctl c0306201 20000480 returned -14 [ 98.623382][ T5949] Bluetooth: hci2: command 0x0c1a tx timeout [ 98.623432][ T5294] Bluetooth: hci1: command 0x0c1a tx timeout [ 98.623452][ T5952] Bluetooth: hci0: command 0x0c1a tx timeout [ 98.625340][ T5953] Bluetooth: hci3: command 0x0405 tx timeout [ 100.712262][ T67] Bluetooth: hci0: command 0x0c1a tx timeout [ 100.712832][ T5953] Bluetooth: hci3: command 0x0405 tx timeout [ 100.714688][ T5294] Bluetooth: hci1: command 0x0c1a tx timeout [ 100.717004][ T5953] Bluetooth: hci2: command 0x0c1a tx timeout [ 100.827438][ T7606] Cannot find set identified by id 0 to match [ 101.529572][ T7614] xt_CT: No such helper "syz0" [ 101.580242][ T7618] FAULT_INJECTION: forcing a failure. [ 101.580242][ T7618] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 101.587516][ T7618] CPU: 2 UID: 0 PID: 7618 Comm: syz.1.331 Not tainted 6.13.0-syzkaller #0 [ 101.590110][ T7618] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 101.593313][ T7618] Call Trace: [ 101.594353][ T7618] [ 101.595228][ T7618] dump_stack_lvl+0x16c/0x1f0 [ 101.596683][ T7618] should_fail_ex+0x497/0x5b0 [ 101.598102][ T7618] _copy_to_user+0x32/0xd0 [ 101.599466][ T7618] simple_read_from_buffer+0xd0/0x160 [ 101.601056][ T7618] proc_fail_nth_read+0x198/0x270 [ 101.602560][ T7618] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 101.604195][ T7618] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 101.605821][ T7618] vfs_read+0x1df/0xbe0 [ 101.607058][ T7618] ? __fget_files+0x1fc/0x3a0 [ 101.608451][ T7618] ? __pfx___mutex_lock+0x10/0x10 [ 101.609914][ T7618] ? __pfx_vfs_read+0x10/0x10 [ 101.611334][ T7618] ? __fget_files+0x206/0x3a0 [ 101.612720][ T7618] ksys_read+0x12b/0x250 [ 101.613986][ T7618] ? __pfx_ksys_read+0x10/0x10 [ 101.615382][ T7618] __do_fast_syscall_32+0x73/0x120 [ 101.616828][ T7618] do_fast_syscall_32+0x32/0x80 [ 101.618243][ T7618] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 101.620078][ T7618] RIP: 0023:0xf7f96579 [ 101.621251][ T7618] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 101.626673][ T7618] RSP: 002b:00000000f50e6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 101.629078][ T7618] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50e6620 [ 101.631333][ T7618] RDX: 000000000000000f RSI: 00000000f7423ff4 RDI: 0000000000000000 [ 101.633531][ T7618] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 101.635783][ T7618] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 101.638024][ T7618] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 101.640271][ T7618] [ 102.382459][ T7644] netlink: 'syz.0.342': attribute type 3 has an invalid length. [ 102.384733][ T7644] netlink: 'syz.0.342': attribute type 1 has an invalid length. [ 102.387111][ T7644] netlink: 220 bytes leftover after parsing attributes in process `syz.0.342'. [ 102.478779][ T7653] 9pnet: Unknown protocol version 9p200 [ 102.493167][ T7653] siw: device registration error -23 [ 102.782137][ T5953] Bluetooth: hci2: command 0x0c1a tx timeout [ 102.782250][ T5949] Bluetooth: hci1: command 0x0c1a tx timeout [ 102.784586][ T5953] Bluetooth: hci3: command 0x0405 tx timeout [ 102.787311][ T67] Bluetooth: hci0: command 0x0c1a tx timeout [ 104.862136][ T67] Bluetooth: hci3: command 0x0405 tx timeout [ 105.707144][ T7736] 9pnet: Unknown protocol version 9p200 [ 105.711353][ T7736] siw: device registration error -23 [ 105.844381][ T7739] netlink: 'syz.2.365': attribute type 10 has an invalid length. [ 105.859634][ T7739] team0: Port device netdevsim0 added [ 105.872541][ T7739] netlink: 'syz.2.365': attribute type 10 has an invalid length. [ 105.881076][ T7739] team0: Port device netdevsim0 removed [ 105.887405][ T7739] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 106.155949][ T7741] set match dimension is over the limit! [ 107.113919][ T67] Bluetooth: hci1: ACL packet too small [ 107.393300][ T7772] netlink: 'syz.1.376': attribute type 10 has an invalid length. [ 107.447675][ T7773] netlink: 'syz.1.376': attribute type 10 has an invalid length. [ 107.458080][ T7772] team0: Port device netdevsim0 added [ 107.463030][ T7773] team0: Port device netdevsim0 removed [ 107.465526][ T7773] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 109.526599][ T7847] FAULT_INJECTION: forcing a failure. [ 109.526599][ T7847] name failslab, interval 1, probability 0, space 0, times 0 [ 109.531195][ T7847] CPU: 3 UID: 0 PID: 7847 Comm: syz.0.388 Not tainted 6.13.0-syzkaller #0 [ 109.534069][ T7847] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 109.537734][ T7847] Call Trace: [ 109.538895][ T7847] [ 109.539983][ T7847] dump_stack_lvl+0x16c/0x1f0 [ 109.541795][ T7847] should_fail_ex+0x497/0x5b0 [ 109.543564][ T7847] ? fs_reclaim_acquire+0xae/0x150 [ 109.545439][ T7847] should_failslab+0xc2/0x120 [ 109.547202][ T7847] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 109.549144][ T7847] ? lockdep_init_map_type+0x16d/0x7d0 [ 109.551105][ T7847] ? security_inode_alloc+0x3b/0x2b0 [ 109.552909][ T7847] security_inode_alloc+0x3b/0x2b0 [ 109.554768][ T7847] inode_init_always_gfp+0xce4/0x1030 [ 109.556597][ T7847] alloc_inode+0x82/0x230 [ 109.558194][ T7847] new_inode+0x22/0x210 [ 109.559632][ T7847] shmem_get_inode+0x194/0xf00 [ 109.561388][ T7847] ? __vm_enough_memory+0x184/0x3f0 [ 109.563364][ T7847] __shmem_file_setup+0x16f/0x300 [ 109.565119][ T7847] shmem_zero_setup+0x93/0x1b0 [ 109.566830][ T7847] __mmap_region+0x2025/0x2760 [ 109.568587][ T7847] ? __pfx___mmap_region+0x10/0x10 [ 109.570457][ T7847] ? hlock_class+0x4e/0x130 [ 109.572119][ T7847] ? mark_lock+0xb5/0xc60 [ 109.573735][ T7847] ? hlock_class+0x4e/0x130 [ 109.575407][ T7847] ? __lock_acquire+0xcc5/0x3c40 [ 109.577278][ T7847] ? __pfx___lock_acquire+0x10/0x10 [ 109.579248][ T7847] ? mm_get_unmapped_area+0x95/0xe0 [ 109.581149][ T7847] ? shmem_get_unmapped_area+0x183/0xa20 [ 109.583181][ T7847] ? cap_mmap_addr+0x53/0x320 [ 109.584573][ T7847] mmap_region+0x127/0x320 [ 109.585894][ T7847] do_mmap+0xa09/0x1050 [ 109.587136][ T7847] vm_mmap_pgoff+0x1ba/0x360 [ 109.588520][ T7847] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 109.590615][ T7847] ? ksys_write+0x1ba/0x250 [ 109.592461][ T7847] ksys_mmap_pgoff+0x7d/0x5c0 [ 109.594423][ T7847] ? __ia32_sys_mmap_pgoff+0x11/0x1b0 [ 109.596004][ T7847] __do_fast_syscall_32+0x73/0x120 [ 109.597439][ T7847] do_fast_syscall_32+0x32/0x80 [ 109.598833][ T7847] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 109.600634][ T7847] RIP: 0023:0xf7f16579 [ 109.601815][ T7847] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 109.607336][ T7847] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0 [ 109.609824][ T7847] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000b36000 [ 109.612092][ T7847] RDX: 0000000006ebbeee RSI: 0000000000008031 RDI: 00000000ffffffff [ 109.614438][ T7847] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 109.616648][ T7847] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 109.618915][ T7847] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 109.621196][ T7847] [ 109.630322][ T67] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 109.653619][ T7853] geneve2: entered promiscuous mode [ 109.655686][ T7853] geneve2: entered allmulticast mode [ 109.809421][ T7861] netlink: 8 bytes leftover after parsing attributes in process `syz.3.390'. [ 110.064085][ T7872] netlink: 44 bytes leftover after parsing attributes in process `syz.2.395'. [ 110.288110][ T7883] netlink: 16 bytes leftover after parsing attributes in process `syz.2.402'. [ 110.336674][ T7889] vlan3: entered promiscuous mode [ 110.338244][ T7889] vlan3: entered allmulticast mode [ 110.339754][ T7889] hsr_slave_1: entered allmulticast mode [ 110.433671][ T7896] netlink: 4 bytes leftover after parsing attributes in process `syz.2.407'. [ 110.591369][ T7911] netlink: 4 bytes leftover after parsing attributes in process `syz.0.410'. [ 110.812164][ T6002] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 110.925883][ T7934] netlink: 4 bytes leftover after parsing attributes in process `syz.1.420'. [ 110.982465][ T6002] usb 7-1: Using ep0 maxpacket: 8 [ 111.017183][ T6002] usb 7-1: config 1 interface 0 altsetting 127 bulk endpoint 0x1 has invalid maxpacket 64 [ 111.020770][ T6002] usb 7-1: config 1 interface 0 altsetting 127 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 111.032448][ T6002] usb 7-1: config 1 interface 0 has no altsetting 0 [ 111.037157][ T6002] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 111.040495][ T6002] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.045399][ T6002] usb 7-1: Product: Х [ 111.046934][ T6002] usb 7-1: SerialNumber: Ⰱ [ 111.050127][ T7906] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 111.052801][ T7906] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 111.225668][ T7950] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 111.228536][ T7950] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 111.228984][ T7946] FAULT_INJECTION: forcing a failure. [ 111.228984][ T7946] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 111.237149][ T7946] CPU: 1 UID: 0 PID: 7946 Comm: syz.3.423 Not tainted 6.13.0-syzkaller #0 [ 111.239539][ T7946] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 111.242567][ T7946] Call Trace: [ 111.243567][ T7946] [ 111.244415][ T7946] dump_stack_lvl+0x16c/0x1f0 [ 111.245854][ T7946] should_fail_ex+0x497/0x5b0 [ 111.247199][ T7946] _copy_from_user+0x2e/0xd0 [ 111.248467][ T7946] generic_map_update_batch+0x3ff/0x5f0 [ 111.249921][ T7946] ? __pfx_generic_map_update_batch+0x10/0x10 [ 111.251627][ T7946] ? __fget_files+0x206/0x3a0 [ 111.252965][ T7946] ? __pfx_generic_map_update_batch+0x10/0x10 [ 111.254672][ T7946] bpf_map_do_batch+0x576/0x640 [ 111.256061][ T7946] __sys_bpf+0x1c9f/0x57a0 [ 111.257351][ T7946] ? __pfx_lock_release+0x10/0x10 [ 111.258823][ T7946] ? __pfx___sys_bpf+0x10/0x10 [ 111.259332][ T7906] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 111.260152][ T7946] ? vfs_write+0x306/0x1150 [ 111.260169][ T7946] ? __mutex_unlock_slowpath+0x164/0x690 [ 111.260195][ T7946] ? fput+0x67/0x440 [ 111.260209][ T7946] ? ksys_write+0x1ba/0x250 [ 111.265658][ T7950] vhci_hcd vhci_hcd.0: Device attached [ 111.265823][ T7946] ? __pfx_ksys_write+0x10/0x10 [ 111.265840][ T7946] __ia32_sys_bpf+0x76/0xe0 [ 111.268404][ T7906] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.268932][ T7946] __do_fast_syscall_32+0x73/0x120 [ 111.278690][ T7946] do_fast_syscall_32+0x32/0x80 [ 111.280551][ T7946] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 111.282987][ T7946] RIP: 0023:0xf7f81579 [ 111.284562][ T7946] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 111.291775][ T7946] RSP: 002b:00000000f50b555c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 111.294895][ T7946] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 0000000020000200 [ 111.297738][ T7946] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000 [ 111.300680][ T7946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 111.303612][ T7946] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 111.306507][ T7946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 111.309428][ T7946] [ 111.962538][ T8] vhci_hcd: vhci_device speed not set [ 112.082442][ T8] usb 39-1: new full-speed USB device number 2 using vhci_hcd [ 112.469689][ T7952] vhci_hcd: connection reset by peer [ 112.477020][ T1135] vhci_hcd: stop threads [ 112.478626][ T1135] vhci_hcd: release socket [ 112.481132][ T1135] vhci_hcd: disconnect device [ 112.511446][ T7970] netlink: 28 bytes leftover after parsing attributes in process `syz.1.428'. [ 112.568435][ T7975] netlink: 'syz.1.430': attribute type 9 has an invalid length. [ 112.793751][ T6002] usb 7-1: USB disconnect, device number 2 [ 113.176126][ T7995] netlink: 'syz.3.433': attribute type 4 has an invalid length. [ 113.573421][ T8014] netlink: 4 bytes leftover after parsing attributes in process `syz.2.436'. [ 114.493569][ T8066] netlink: 44 bytes leftover after parsing attributes in process `syz.0.443'. [ 115.523986][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 115.524003][ T40] audit: type=1326 audit(1737419628.363:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8101 comm="syz.3.452" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 115.533219][ T40] audit: type=1326 audit(1737419628.363:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8101 comm="syz.3.452" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 115.540903][ T40] audit: type=1326 audit(1737419628.363:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8101 comm="syz.3.452" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 115.552838][ T40] audit: type=1326 audit(1737419628.363:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8101 comm="syz.3.452" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 115.558959][ T40] audit: type=1326 audit(1737419628.363:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8101 comm="syz.3.452" exe="/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 115.561134][ T8104] openvswitch: netlink: Actions may not be safe on all matching packets [ 115.566405][ T40] audit: type=1326 audit(1737419628.363:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8101 comm="syz.3.452" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 115.575163][ T40] audit: type=1326 audit(1737419628.363:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8101 comm="syz.3.452" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 115.585792][ T40] audit: type=1326 audit(1737419628.363:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8101 comm="syz.3.452" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 115.600003][ T40] audit: type=1326 audit(1737419628.363:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8101 comm="syz.3.452" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 115.608124][ T40] audit: type=1326 audit(1737419628.363:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8101 comm="syz.3.452" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 116.619655][ T8162] netlink: 12 bytes leftover after parsing attributes in process `syz.3.460'. [ 117.024440][ T8186] Driver unsupported XDP return value 0 on prog (id 71) dev N/A, expect packet loss! [ 117.262060][ T8] vhci_hcd: vhci_device speed not set [ 117.799645][ T8209] wireguard0: entered promiscuous mode [ 117.801231][ T8209] wireguard0: entered allmulticast mode [ 118.206287][ T8241] Cannot find del_set index 0 as target [ 118.362539][ T8252] capability: warning: `syz.2.481' uses deprecated v2 capabilities in a way that may be insecure [ 119.393167][ T8288] 9pnet: Unknown protocol version 9p200 [ 119.431343][ T8288] siw: device registration error -23 [ 120.180599][ T8322] netlink: 40 bytes leftover after parsing attributes in process `syz.0.494'. [ 120.254226][ T8331] kernel read not supported for file /eth0 (pid: 8331 comm: syz.1.495) [ 120.452076][ T35] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 120.612629][ T35] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 120.616415][ T35] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 120.619783][ T35] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 120.624066][ T35] usb 5-1: config 0 interface 0 has no altsetting 0 [ 120.632698][ T35] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 120.635780][ T35] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 120.638963][ T35] usb 5-1: config 0 interface 0 has no altsetting 0 [ 120.641580][ T35] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 120.644558][ T35] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 120.647757][ T35] usb 5-1: config 0 interface 0 has no altsetting 0 [ 120.650382][ T35] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 120.653288][ T35] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 120.656463][ T35] usb 5-1: config 0 interface 0 has no altsetting 0 [ 120.659137][ T35] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 120.661809][ T35] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 120.665338][ T35] usb 5-1: config 0 interface 0 has no altsetting 0 [ 120.668073][ T35] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 120.670816][ T35] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 120.674294][ T35] usb 5-1: config 0 interface 0 has no altsetting 0 [ 120.676911][ T35] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 120.681436][ T35] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 120.684884][ T35] usb 5-1: config 0 interface 0 has no altsetting 0 [ 120.687506][ T35] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 120.690180][ T35] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 120.693634][ T35] usb 5-1: config 0 interface 0 has no altsetting 0 [ 120.697017][ T35] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 120.699647][ T35] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 120.702391][ T35] usb 5-1: Product: syz [ 120.703701][ T35] usb 5-1: Manufacturer: syz [ 120.705050][ T35] usb 5-1: SerialNumber: syz [ 120.708128][ T35] usb 5-1: config 0 descriptor?? [ 120.712642][ T35] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 120.716279][ T8342] 9pnet: Unknown protocol version 9p200 [ 120.734746][ T8342] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 120.969853][ C3] usb 5-1: yurex_control_callback - control failed: -71 [ 120.970063][ T6002] usb 5-1: USB disconnect, device number 6 [ 120.978295][ T6002] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 121.087323][ T8347] FAULT_INJECTION: forcing a failure. [ 121.087323][ T8347] name failslab, interval 1, probability 0, space 0, times 0 [ 121.091269][ T8347] CPU: 1 UID: 0 PID: 8347 Comm: syz.2.498 Not tainted 6.13.0-syzkaller #0 [ 121.093708][ T8347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 121.096819][ T8347] Call Trace: [ 121.097805][ T8347] [ 121.098701][ T8347] dump_stack_lvl+0x16c/0x1f0 [ 121.100473][ T8347] should_fail_ex+0x497/0x5b0 [ 121.102254][ T8347] ? fs_reclaim_acquire+0xae/0x150 [ 121.104214][ T8347] should_failslab+0xc2/0x120 [ 121.105989][ T8347] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 121.108001][ T8347] ? __kernfs_new_node+0xd3/0x890 [ 121.109751][ T8347] __kernfs_new_node+0xd3/0x890 [ 121.111180][ T8347] ? __pfx___schedule+0x10/0x10 [ 121.112602][ T8347] ? hlock_class+0x4e/0x130 [ 121.113956][ T8347] ? __pfx___kernfs_new_node+0x10/0x10 [ 121.115550][ T8347] ? mark_held_locks+0x9f/0xe0 [ 121.116987][ T8347] ? irqentry_exit+0x3b/0x90 [ 121.118362][ T8347] ? lockdep_hardirqs_on+0x7c/0x110 [ 121.119875][ T8347] kernfs_new_node+0x186/0x240 [ 121.121281][ T8347] kernfs_create_dir_ns+0x4c/0x150 [ 121.122794][ T8347] sysfs_create_dir_ns+0x13b/0x2b0 [ 121.124312][ T8347] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 121.125946][ T8347] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 121.127515][ T8347] ? kobject_add_internal+0x12d/0x990 [ 121.129073][ T8347] ? class_dir_child_ns_type+0xd/0x60 [ 121.130646][ T8347] kobject_add_internal+0x2c8/0x990 [ 121.132164][ T8347] kobject_add+0x16f/0x240 [ 121.133490][ T8347] ? __pfx_kobject_add+0x10/0x10 [ 121.134941][ T8347] ? lock_acquire+0x2f/0xb0 [ 121.136275][ T8347] ? get_device_parent+0x11f/0x4e0 [ 121.137770][ T8347] ? kobject_put+0xab/0x5a0 [ 121.139107][ T8347] ? device_add+0xc02/0x1a70 [ 121.140451][ T8347] device_add+0x289/0x1a70 [ 121.141748][ T8347] ? __pfx_device_add+0x10/0x10 [ 121.143164][ T8347] ? kfree_const+0x1c/0x60 [ 121.144464][ T8347] device_create_groups_vargs+0x1f8/0x270 [ 121.146113][ T8347] device_create+0xe9/0x130 [ 121.147430][ T8347] ? __pfx_device_create+0x10/0x10 [ 121.148909][ T8347] ? __pfx_vsnprintf+0x10/0x10 [ 121.150316][ T8347] ? __pfx___debug_object_init+0x10/0x10 [ 121.151955][ T8347] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 121.153660][ T8347] bdi_register_va+0x116/0x820 [ 121.155077][ T8347] ? __pfx_bdi_register_va+0x10/0x10 [ 121.156627][ T8347] ? do_init_timer+0xc9/0x110 [ 121.158023][ T8347] super_setup_bdi_name+0x100/0x250 [ 121.159546][ T8347] ? __pfx_super_setup_bdi_name+0x10/0x10 [ 121.161240][ T8347] ? shrinker_register+0x1a8/0x260 [ 121.162774][ T8347] afs_get_tree+0xc2d/0x14d0 [ 121.164145][ T8347] ? security_capable+0x7e/0x260 [ 121.165601][ T8347] vfs_get_tree+0x8f/0x380 [ 121.166938][ T8347] path_mount+0x6e1/0x1f00 [ 121.168253][ T8347] ? kmem_cache_free+0x152/0x4c0 [ 121.169697][ T8347] ? __pfx_path_mount+0x10/0x10 [ 121.171127][ T8347] ? putname+0x13c/0x180 [ 121.172363][ T8347] __ia32_sys_mount+0x292/0x310 [ 121.173868][ T8347] ? __pfx___ia32_sys_mount+0x10/0x10 [ 121.175445][ T8347] ? syscall_user_dispatch+0x77/0x140 [ 121.177021][ T8347] __do_fast_syscall_32+0x73/0x120 [ 121.178534][ T8347] do_fast_syscall_32+0x32/0x80 [ 121.180063][ T8347] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 121.181874][ T8347] RIP: 0023:0xf7f0f579 [ 121.183073][ T8347] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 121.188530][ T8347] RSP: 002b:00000000f502455c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 121.190727][ T8347] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000200001c0 [ 121.192999][ T8347] RDX: 00000000200002c0 RSI: 0000000000000000 RDI: 0000000020000580 [ 121.195308][ T8347] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 121.197608][ T8347] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 121.199877][ T8347] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 121.202204][ T8347] [ 121.203420][ T8347] kobject: kobject_add_internal failed for afs-13 (error: -12 parent: bdi) [ 121.882907][ T8365] netlink: 4 bytes leftover after parsing attributes in process `syz.2.503'. [ 121.969432][ T8373] xt_TPROXY: Can be used only with -p tcp or -p udp [ 122.932538][ T8411] can0: slcan on ttyS3. [ 123.092350][ T8425] can0 (unregistered): slcan off ttyS3. [ 123.122786][ T67] Bluetooth: hci3: unexpected event for opcode 0x2012 [ 124.820446][ T8491] mmap: syz.0.520 (8491) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 124.947620][ T8499] netlink: 4 bytes leftover after parsing attributes in process `syz.2.518'. [ 125.667910][ T8527] netlink: 19 bytes leftover after parsing attributes in process `syz.1.522'. [ 125.670675][ T8527] netlink: 20 bytes leftover after parsing attributes in process `syz.1.522'. [ 125.908084][ T8540] binder_alloc: 8537: binder_alloc_buf size 4096 failed, no address space [ 125.910851][ T8540] binder_alloc: allocated: 8 (num: 1 largest: 8), free: 4088 (num: 1 largest: 4088) [ 126.008722][ T8535] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 126.011566][ T8535] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 126.013947][ T8535] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 126.015693][ T8535] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 126.492109][ T58] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 127.375598][ T8585] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 127.760688][ T8598] fuse: Bad value for 'fd' [ 127.982796][ T5953] Bluetooth: hci0: command 0x0c1a tx timeout [ 128.012213][ T8598] nbd3: detected capacity change from 0 to 22 [ 128.021322][ T8606] block nbd3: shutting down sockets [ 128.021818][ T5938] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 128.026766][ T5938] Buffer I/O error on dev nbd3, logical block 0, async page read [ 128.034493][ T55] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 128.037367][ T55] Buffer I/O error on dev nbd3, logical block 0, async page read [ 128.039777][ T5938] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 128.043515][ T5938] Buffer I/O error on dev nbd3, logical block 0, async page read [ 128.046248][ T5938] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 128.049632][ T5938] Buffer I/O error on dev nbd3, logical block 0, async page read [ 128.052921][ T5938] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 128.055639][ T5938] Buffer I/O error on dev nbd3, logical block 0, async page read [ 128.059797][ T5938] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 128.062225][ T67] Bluetooth: hci3: command 0x0405 tx timeout [ 128.062468][ T5953] Bluetooth: hci2: command 0x0c1a tx timeout [ 128.062503][ T5294] Bluetooth: hci1: command 0x0c1a tx timeout [ 128.067142][ T5938] Buffer I/O error on dev nbd3, logical block 0, async page read [ 128.480445][ T5938] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 128.484676][ T5938] Buffer I/O error on dev nbd3, logical block 0, async page read [ 128.489026][ T5938] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 128.492331][ T5938] Buffer I/O error on dev nbd3, logical block 0, async page read [ 128.495477][ T5938] ldm_validate_partition_table(): Disk read failed. [ 128.498244][ T5938] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 128.501803][ T5938] Buffer I/O error on dev nbd3, logical block 0, async page read [ 128.505835][ T5938] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 128.509671][ T5938] Buffer I/O error on dev nbd3, logical block 0, async page read [ 128.515057][ T5938] Dev nbd3: unable to read RDB block 0 [ 128.517905][ T5938] nbd3: unable to read partition table [ 128.522274][ T5938] nbd3: partition table beyond EOD, truncated [ 128.528996][ T5938] ldm_validate_partition_table(): Disk read failed. [ 128.531378][ T5938] Dev nbd3: unable to read RDB block 0 [ 128.534777][ T5938] nbd3: unable to read partition table [ 128.536903][ T5938] nbd3: partition table beyond EOD, truncated [ 128.541737][ T8609] ldm_validate_partition_table(): Disk read failed. [ 128.546361][ T8609] Dev nbd3: unable to read RDB block 0 [ 128.548947][ T8609] nbd3: unable to read partition table [ 128.550777][ T8609] nbd3: partition table beyond EOD, truncated [ 128.871861][ T8625] netlink: 20 bytes leftover after parsing attributes in process `syz.1.543'. [ 129.180261][ T8634] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 129.185116][ T8634] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 129.288844][ T8639] random: crng reseeded on system resumption [ 129.321712][ T8645] 9pnet: Unknown protocol version 9p200 [ 129.325848][ T8645] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 129.412054][ T5959] usb 5-1: new low-speed USB device number 7 using dummy_hcd [ 129.573922][ T5959] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 129.576493][ T5959] usb 5-1: config 0 has no interface number 0 [ 129.578750][ T5959] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 129.582540][ T5959] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 129.585652][ T5959] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 129.589080][ T5959] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 129.592388][ T5959] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 129.595566][ T5959] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 129.599405][ T5959] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 129.602083][ T5959] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.609160][ T5959] usb 5-1: config 0 descriptor?? [ 129.611212][ T8635] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 129.613401][ T8635] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 129.617600][ T5959] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 129.829134][ T5959] usb 5-1: USB disconnect, device number 7 [ 129.832482][ T5959] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 129.989844][ T8647] lo speed is unknown, defaulting to 1000 [ 130.067482][ T8657] netlink: 4 bytes leftover after parsing attributes in process `syz.1.551'. [ 131.262173][ T5294] Bluetooth: hci3: command 0x0405 tx timeout [ 132.303082][ T1413] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.304945][ T1413] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.358941][ T8735] FAULT_INJECTION: forcing a failure. [ 132.358941][ T8735] name failslab, interval 1, probability 0, space 0, times 0 [ 132.362659][ T8735] CPU: 2 UID: 0 PID: 8735 Comm: syz.1.567 Not tainted 6.13.0-syzkaller #0 [ 132.365212][ T8735] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 132.368333][ T8735] Call Trace: [ 132.369305][ T8735] [ 132.370205][ T8735] dump_stack_lvl+0x16c/0x1f0 [ 132.371653][ T8735] should_fail_ex+0x497/0x5b0 [ 132.373037][ T8735] ? fs_reclaim_acquire+0xae/0x150 [ 132.374536][ T8735] should_failslab+0xc2/0x120 [ 132.375914][ T8735] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 132.377647][ T8735] ? __alloc_skb+0x2b3/0x380 [ 132.379048][ T8735] __alloc_skb+0x2b3/0x380 [ 132.380356][ T8735] ? __pfx___alloc_skb+0x10/0x10 [ 132.381837][ T8735] ? lock_acquire+0x2f/0xb0 [ 132.383209][ T8735] netlink_alloc_large_skb+0x69/0x130 [ 132.384868][ T8735] netlink_sendmsg+0x689/0xd70 [ 132.386337][ T8735] ? __pfx_netlink_sendmsg+0x10/0x10 [ 132.387875][ T8735] ____sys_sendmsg+0x9ae/0xb40 [ 132.389271][ T8735] ? __pfx_____sys_sendmsg+0x10/0x10 [ 132.390833][ T8735] ? get_compat_msghdr+0x11b/0x170 [ 132.392322][ T8735] ___sys_sendmsg+0x135/0x1e0 [ 132.393804][ T8735] ? __pfx____sys_sendmsg+0x10/0x10 [ 132.395365][ T8735] ? __pfx_lock_release+0x10/0x10 [ 132.396844][ T8735] ? trace_lock_acquire+0x14e/0x1f0 [ 132.398441][ T8735] ? __fget_files+0x206/0x3a0 [ 132.399911][ T8735] __sys_sendmsg+0x16e/0x220 [ 132.401313][ T8735] ? __pfx___sys_sendmsg+0x10/0x10 [ 132.402829][ T8735] __do_fast_syscall_32+0x73/0x120 [ 132.404344][ T8735] do_fast_syscall_32+0x32/0x80 [ 132.405758][ T8735] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 132.407607][ T8735] RIP: 0023:0xf7f96579 [ 132.408832][ T8735] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 132.414485][ T8735] RSP: 002b:00000000f50c555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 132.416960][ T8735] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000020000000 [ 132.419289][ T8735] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 132.421557][ T8735] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 132.423917][ T8735] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 132.426242][ T8735] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 132.428535][ T8735] [ 133.311466][ T35] IPVS: starting estimator thread 0... [ 133.416114][ T8763] IPVS: using max 36 ests per chain, 86400 per kthread [ 133.538723][ T8766] siw: device registration error -23 [ 133.824369][ T8768] 9pnet_virtio: no channels available for device ./cgroup/../file0 [ 133.951641][ T8772] binder_alloc: 8769: binder_alloc_buf size 4096 failed, no address space [ 133.954659][ T8772] binder_alloc: allocated: 8 (num: 1 largest: 8), free: 4088 (num: 1 largest: 4088) [ 134.713119][ T8785] lo speed is unknown, defaulting to 1000 [ 135.482477][ T8805] netlink: 'syz.2.586': attribute type 3 has an invalid length. [ 136.395803][ T8851] siw: device registration error -23 [ 137.685583][ T8877] block nbd1: shutting down sockets [ 137.821912][ T8893] vxcan1: entered promiscuous mode [ 137.825548][ T8893] vxcan1: entered allmulticast mode [ 137.955661][ T8911] fuse: Bad value for 'group_id' [ 137.957189][ T8911] fuse: Bad value for 'group_id' [ 137.966799][ T8911] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 137.971618][ T8911] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 137.979798][ T8911] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 137.989794][ T8911] overlay: Unknown parameter 'rootcontext' [ 138.144738][ T8918] netlink: 1080 bytes leftover after parsing attributes in process `syz.3.602'. [ 138.147421][ T8918] netlink: 1080 bytes leftover after parsing attributes in process `syz.3.602'. [ 138.159386][ T8918] lo speed is unknown, defaulting to 1000 [ 138.181112][ T8920] netlink: 1080 bytes leftover after parsing attributes in process `syz.3.602'. [ 138.188791][ T8920] netlink: 1080 bytes leftover after parsing attributes in process `syz.3.602'. [ 138.195501][ T8921] lo speed is unknown, defaulting to 1000 [ 138.778951][ T8933] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 138.799272][ T8935] netlink: 4 bytes leftover after parsing attributes in process `syz.2.605'. [ 139.028412][ T8942] netlink: 'syz.0.607': attribute type 1 has an invalid length. [ 139.030747][ T8942] netlink: 4 bytes leftover after parsing attributes in process `syz.0.607'. [ 139.143278][ T8950] netlink: 4 bytes leftover after parsing attributes in process `syz.0.609'. [ 139.273411][ T8948] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 139.275449][ T8948] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 139.282805][ T8948] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 139.285386][ T8948] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 139.293202][ T8948] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 139.295159][ T8948] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 139.305191][ T8948] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 139.307560][ T8948] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 139.418497][ T8959] netlink: 4 bytes leftover after parsing attributes in process `syz.3.612'. [ 139.455324][ T8961] 8021q: adding VLAN 0 to HW filter on device bond2 [ 139.465252][ T8964] netlink: 'syz.3.614': attribute type 5 has an invalid length. [ 139.841339][ T8990] 9pnet: Unknown protocol version 9p200 [ 139.857474][ T8990] siw: device registration error -23 [ 141.100069][ T9043] FAULT_INJECTION: forcing a failure. [ 141.100069][ T9043] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 141.111528][ T9043] CPU: 2 UID: 0 PID: 9043 Comm: syz.0.622 Not tainted 6.13.0-syzkaller #0 [ 141.114059][ T9043] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 141.117276][ T9043] Call Trace: [ 141.118243][ T9043] [ 141.119148][ T9043] dump_stack_lvl+0x16c/0x1f0 [ 141.120551][ T9043] should_fail_ex+0x497/0x5b0 [ 141.121955][ T9043] _copy_from_user+0x2e/0xd0 [ 141.123369][ T9043] generic_map_update_batch+0x391/0x5f0 [ 141.125019][ T9043] ? __pfx_generic_map_update_batch+0x10/0x10 [ 141.126858][ T9043] ? __fget_files+0x206/0x3a0 [ 141.128271][ T9043] ? __pfx_generic_map_update_batch+0x10/0x10 [ 141.130083][ T9043] bpf_map_do_batch+0x576/0x640 [ 141.131522][ T9043] __sys_bpf+0x1c9f/0x57a0 [ 141.132860][ T9043] ? __pfx_lock_release+0x10/0x10 [ 141.134370][ T9043] ? __pfx___sys_bpf+0x10/0x10 [ 141.135780][ T9043] ? vfs_write+0x306/0x1150 [ 141.137153][ T9043] ? __mutex_unlock_slowpath+0x164/0x690 [ 141.138818][ T9043] ? fput+0x67/0x440 [ 141.139980][ T9043] ? ksys_write+0x1ba/0x250 [ 141.141316][ T9043] ? __pfx_ksys_write+0x10/0x10 [ 141.142759][ T9043] __ia32_sys_bpf+0x76/0xe0 [ 141.144092][ T9043] __do_fast_syscall_32+0x73/0x120 [ 141.145583][ T9043] do_fast_syscall_32+0x32/0x80 [ 141.147031][ T9043] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 141.148882][ T9043] RIP: 0023:0xf7f16579 [ 141.150101][ T9043] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 141.155655][ T9043] RSP: 002b:00000000f504555c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 141.158117][ T9043] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 0000000020000200 [ 141.160420][ T9043] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000 [ 141.162742][ T9043] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 141.165010][ T9043] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 141.167339][ T9043] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 141.169673][ T9043] [ 141.174490][ T9047] netlink: 'syz.2.626': attribute type 12 has an invalid length. [ 141.191428][ T9042] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 141.193374][ T9042] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 141.197340][ T9042] vhci_hcd vhci_hcd.0: Device attached [ 141.433125][ T5959] vhci_hcd: vhci_device speed not set [ 141.592722][ T5959] usb 43-1: new full-speed USB device number 2 using vhci_hcd [ 142.342666][ T9079] loop6: detected capacity change from 0 to 524287999 [ 142.348341][ T11] loop: Write error at byte offset 1, length 4096. [ 142.351209][ T11] loop: Write error at byte offset 1, length 4096. [ 142.354681][ C3] blk_print_req_error: 40 callbacks suppressed [ 142.354694][ C3] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 2 prio class 0 [ 142.360833][ C3] buffer_io_error: 40 callbacks suppressed [ 142.360843][ C3] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 142.366767][ C3] Buffer I/O error on dev loop6, logical block 1, lost async page write [ 142.371273][ C2] I/O error, dev loop6, sector 16 op 0x0:(READ) flags 0x80700 phys_seg 3 prio class 0 [ 142.375044][ C2] I/O error, dev loop6, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 142.377810][ C2] Buffer I/O error on dev loop6, logical block 2, async page read [ 142.410352][ T9046] vhci_hcd: connection reset by peer [ 142.413061][ T11] vhci_hcd: stop threads [ 142.415726][ T11] vhci_hcd: release socket [ 142.417539][ T11] vhci_hcd: disconnect device [ 143.656488][ T9118] 9pnet_virtio: no channels available for device syz [ 144.949106][ T9173] input: syz1 as /devices/virtual/input/input8 [ 146.340964][ T9186] sit0: entered allmulticast mode [ 146.508143][ T9195] lo speed is unknown, defaulting to 1000 [ 146.873627][ T5959] vhci_hcd: vhci_device speed not set [ 147.686276][ T40] kauditd_printk_skb: 7 callbacks suppressed [ 147.686285][ T40] audit: type=1326 audit(1737419660.523:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9233 comm="syz.3.650" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 147.697306][ T40] audit: type=1326 audit(1737419660.523:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9233 comm="syz.3.650" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 147.705073][ T40] audit: type=1326 audit(1737419660.533:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9233 comm="syz.3.650" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 147.712561][ T40] audit: type=1326 audit(1737419660.533:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9233 comm="syz.3.650" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 147.719474][ T40] audit: type=1326 audit(1737419660.533:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9233 comm="syz.3.650" exe="/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 147.732177][ T40] audit: type=1326 audit(1737419660.533:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9233 comm="syz.3.650" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 147.741428][ T40] audit: type=1326 audit(1737419660.533:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9233 comm="syz.3.650" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 147.751266][ T9239] netlink: 'syz.1.649': attribute type 1 has an invalid length. [ 147.751768][ T40] audit: type=1326 audit(1737419660.533:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9233 comm="syz.3.650" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 147.762581][ T40] audit: type=1326 audit(1737419660.533:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9233 comm="syz.3.650" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 147.770945][ T40] audit: type=1326 audit(1737419660.533:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9233 comm="syz.3.650" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 148.198435][ T9255] sit0: entered allmulticast mode [ 148.292968][ T9262] netlink: 8 bytes leftover after parsing attributes in process `syz.2.656'. [ 148.674422][ T9271] fuse: Bad value for 'fd' [ 148.932399][ T9271] nbd1: detected capacity change from 0 to 22 [ 148.937579][ T9276] block nbd1: shutting down sockets [ 148.951796][ C2] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 148.954548][ C2] Buffer I/O error on dev nbd1, logical block 0, async page read [ 148.964296][ T5938] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 148.966978][ T5938] Buffer I/O error on dev nbd1, logical block 0, async page read [ 148.969299][ T5938] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 148.972307][ T5938] Buffer I/O error on dev nbd1, logical block 0, async page read [ 148.974636][ T5938] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 148.977292][ T5938] Buffer I/O error on dev nbd1, logical block 0, async page read [ 148.979590][ T5938] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 148.982963][ T5938] Buffer I/O error on dev nbd1, logical block 0, async page read [ 148.985274][ T5938] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 148.993172][ T5938] Buffer I/O error on dev nbd1, logical block 0, async page read [ 148.995538][ T5938] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 148.998228][ T5938] Buffer I/O error on dev nbd1, logical block 0, async page read [ 149.000516][ T5938] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 149.004401][ T5938] Buffer I/O error on dev nbd1, logical block 0, async page read [ 149.006994][ T5938] ldm_validate_partition_table(): Disk read failed. [ 149.009763][ T5938] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 149.013762][ T5938] Buffer I/O error on dev nbd1, logical block 0, async page read [ 149.016585][ T5938] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 149.024230][ T5938] Buffer I/O error on dev nbd1, logical block 0, async page read [ 149.026667][ T5938] Dev nbd1: unable to read RDB block 0 [ 149.028427][ T5938] nbd1: unable to read partition table [ 149.030108][ T5938] nbd1: partition table beyond EOD, truncated [ 149.044430][ T9280] ldm_validate_partition_table(): Disk read failed. [ 149.046641][ T9280] Dev nbd1: unable to read RDB block 0 [ 149.048418][ T9280] nbd1: unable to read partition table [ 149.051812][ T9280] nbd1: partition table beyond EOD, truncated [ 149.054942][ T5938] ldm_validate_partition_table(): Disk read failed. [ 149.062348][ T5938] Dev nbd1: unable to read RDB block 0 [ 149.064108][ T5938] nbd1: unable to read partition table [ 149.065807][ T5938] nbd1: partition table beyond EOD, truncated [ 149.939250][ T9344] netlink: 4 bytes leftover after parsing attributes in process `syz.3.670'. [ 150.018869][ T9353] lo speed is unknown, defaulting to 1000 [ 150.204340][ T9369] netlink: 8 bytes leftover after parsing attributes in process `syz.3.675'. [ 150.225308][ T9371] netlink: 16 bytes leftover after parsing attributes in process `syz.2.676'. [ 152.057152][ T9424] block device autoloading is deprecated and will be removed. [ 152.653612][ T9433] netlink: 'syz.2.692': attribute type 11 has an invalid length. [ 152.737701][ T9437] netlink: 12 bytes leftover after parsing attributes in process `syz.0.694'. [ 153.323792][ T9466] 9pnet: Unknown protocol version 9p200 [ 153.326632][ T9466] siw: device registration error -23 [ 153.417617][ T9468] 9pnet: Unknown protocol version 9p200 [ 153.444784][ T9469] netlink: 12 bytes leftover after parsing attributes in process `syz.1.700'. [ 153.445744][ T9468] siw: device registration error -23 [ 153.721947][ T9474] cgroup: Invalid name [ 153.722116][ T9475] cgroup: Invalid name [ 154.112694][ T9495] can0: slcan on ttyS3. [ 154.412657][ T9510] can0 (unregistered): slcan off ttyS3. [ 155.141637][ T9542] Cannot find add_set index 0 as target [ 156.483176][ T9599] netlink: 36 bytes leftover after parsing attributes in process `syz.3.730'. [ 156.487214][ T9599] netlink: 16 bytes leftover after parsing attributes in process `syz.3.730'. [ 156.489758][ T9599] netlink: 36 bytes leftover after parsing attributes in process `syz.3.730'. [ 156.492411][ T9599] netlink: 36 bytes leftover after parsing attributes in process `syz.3.730'. [ 156.822855][ T9607] netlink: 20 bytes leftover after parsing attributes in process `syz.3.732'. [ 157.025422][ T9626] 9pnet: p9_errstr2errno: server reported unknown error 18446744073709 [ 157.088679][ T9626] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2248643489 (17989147912 ns) > initial count (11631199424 ns). Using initial count to start timer. [ 157.203665][ T9634] 9pnet: Unknown protocol version 9p200 [ 157.212683][ T9634] siw: device registration error -23 [ 157.219898][ T9636] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 157.263832][ T9639] FAULT_INJECTION: forcing a failure. [ 157.263832][ T9639] name failslab, interval 1, probability 0, space 0, times 0 [ 157.267600][ T9639] CPU: 3 UID: 0 PID: 9639 Comm: syz.0.739 Not tainted 6.13.0-syzkaller #0 [ 157.270010][ T9639] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 157.273376][ T9639] Call Trace: [ 157.274377][ T9639] [ 157.275238][ T9639] dump_stack_lvl+0x16c/0x1f0 [ 157.276713][ T9639] should_fail_ex+0x497/0x5b0 [ 157.278256][ T9639] ? fs_reclaim_acquire+0xae/0x150 [ 157.279758][ T9639] should_failslab+0xc2/0x120 [ 157.281156][ T9639] __kmalloc_noprof+0xce/0x4f0 [ 157.282934][ T9639] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 157.285182][ T9639] ? tomoyo_realpath_from_path+0xbf/0x710 [ 157.286900][ T9639] ? rcu_is_watching+0x12/0xc0 [ 157.288298][ T9639] tomoyo_realpath_from_path+0xbf/0x710 [ 157.289918][ T9639] tomoyo_check_open_permission+0x2ad/0x3c0 [ 157.291646][ T9639] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 157.293509][ T9639] ? __pfx___lock_acquire+0x10/0x10 [ 157.295048][ T9639] ? __pfx_hook_file_open+0x10/0x10 [ 157.296695][ T9639] ? lock_acquire+0x2f/0xb0 [ 157.298545][ T9639] tomoyo_file_open+0x6b/0x90 [ 157.300425][ T9639] security_file_open+0x84/0x1e0 [ 157.301988][ T9639] do_dentry_open+0x57e/0x1ea0 [ 157.303504][ T9639] ? inode_permission+0xdd/0x5f0 [ 157.304987][ T9639] vfs_open+0x82/0x3f0 [ 157.306234][ T9639] ? may_open+0x1f2/0x400 [ 157.307838][ T9639] path_openat+0x1e6a/0x2d60 [ 157.309221][ T9639] ? __pfx_path_openat+0x10/0x10 [ 157.310634][ T9639] ? __pfx___lock_acquire+0x10/0x10 [ 157.312113][ T9639] ? lock_acquire.part.0+0x11b/0x380 [ 157.313602][ T9639] ? find_held_lock+0x2d/0x110 [ 157.314957][ T9639] do_filp_open+0x20c/0x470 [ 157.316499][ T9639] ? __pfx_do_filp_open+0x10/0x10 [ 157.317931][ T9639] ? find_held_lock+0x2d/0x110 [ 157.319324][ T9639] ? alloc_fd+0x41f/0x760 [ 157.320539][ T9639] do_sys_openat2+0x17a/0x1e0 [ 157.321899][ T9639] ? __pfx_do_sys_openat2+0x10/0x10 [ 157.323425][ T9639] ? __fget_files+0x206/0x3a0 [ 157.324773][ T9639] __ia32_compat_sys_openat+0x16e/0x210 [ 157.326419][ T9639] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 157.328813][ T9639] ? ksys_write+0x1ba/0x250 [ 157.330486][ T9639] __do_fast_syscall_32+0x73/0x120 [ 157.331978][ T9639] do_fast_syscall_32+0x32/0x80 [ 157.333367][ T9639] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 157.335199][ T9639] RIP: 0023:0xf7f16579 [ 157.336420][ T9639] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 157.343537][ T9639] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 0000000000000127 [ 157.345949][ T9639] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000020000340 [ 157.348939][ T9639] RDX: 0000000000000000 RSI: 000000000000fffe RDI: 0000000000000000 [ 157.351516][ T9639] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 157.353838][ T9639] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 157.356090][ T9639] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 157.359162][ T9639] [ 157.378456][ T9639] ERROR: Out of memory at tomoyo_realpath_from_path. [ 157.510849][ T9662] netlink: 'syz.0.742': attribute type 5 has an invalid length. [ 158.361104][ T9693] 9pnet_fd: Insufficient options for proto=fd [ 158.542226][ T6002] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 158.810145][ T9694] cgroup: fork rejected by pids controller in /syz0 [ 159.909388][ T9783] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 160.130767][ T9789] netlink: 16 bytes leftover after parsing attributes in process `syz.0.753'. [ 160.156961][ T9788] syzkaller0: entered allmulticast mode [ 160.164980][ T9788] syzkaller0 (unregistering): left allmulticast mode [ 160.440888][ T9797] 9pnet: Unknown protocol version 9p200 [ 160.443880][ T9797] siw: device registration error -23 [ 160.486843][ T9799] 9pnet: p9_errstr2errno: server reported unknown error 18446744073709 [ 160.518682][ T9799] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2248643489 (17989147912 ns) > initial count (11631199424 ns). Using initial count to start timer. [ 160.526349][ T99] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.614196][ T99] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.702830][ T99] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.783351][ T99] bond0: (slave netdevsim0): Releasing backup interface [ 160.787349][ T99] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.825355][ T5294] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 160.829544][ T5294] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 160.834090][ T5294] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 160.846934][ T5294] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 160.851496][ T5294] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 160.854685][ T5294] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 160.863430][ T67] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 160.866205][ T67] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 160.869396][ T67] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 160.880716][ T67] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 160.883464][ T67] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 160.885734][ T67] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 160.931960][ T9814] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 160.939590][ T99] bridge_slave_1: left allmulticast mode [ 160.941422][ T99] bridge_slave_1: left promiscuous mode [ 160.951655][ T99] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.971872][ T99] bridge_slave_0: left allmulticast mode [ 160.983224][ T99] bridge_slave_0: left promiscuous mode [ 160.985350][ T99] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.130766][ T9824] Process accounting resumed [ 161.185756][ T99] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 161.330014][ T99] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 161.335143][ T99] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 161.339335][ T99] bond0 (unregistering): Released all slaves [ 161.357179][ T9812] lo speed is unknown, defaulting to 1000 [ 161.505046][ T9812] chnl_net:caif_netlink_parms(): no params data found [ 161.613170][ T9812] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.615414][ T9812] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.617615][ T9812] bridge_slave_0: entered allmulticast mode [ 161.620291][ T9812] bridge_slave_0: entered promiscuous mode [ 161.625507][ T9812] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.627643][ T9812] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.629638][ T9812] bridge_slave_1: entered allmulticast mode [ 161.631774][ T9812] bridge_slave_1: entered promiscuous mode [ 161.653588][ T9812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 161.665950][ T9812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 161.688417][ T99] hsr_slave_0: left promiscuous mode [ 161.691717][ T99] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 161.694692][ T99] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 161.712062][ T99] hsr_slave_1: left allmulticast mode [ 161.713717][ T99] hsr_slave_1: left promiscuous mode [ 161.715436][ T99] veth1_macvtap: left promiscuous mode [ 161.717225][ T99] veth0_macvtap: left promiscuous mode [ 161.718865][ T99] veth1_vlan: left promiscuous mode [ 161.720432][ T99] veth0_vlan: left promiscuous mode [ 162.431922][ T99] team0 (unregistering): Port device team_slave_1 removed [ 162.612516][ T99] team0 (unregistering): Port device team_slave_0 removed [ 162.942097][ T5294] Bluetooth: hci3: command tx timeout [ 163.169386][ T9812] team0: Port device team_slave_0 added [ 163.173648][ T9812] team0: Port device team_slave_1 added [ 163.176178][ T9871] FAULT_INJECTION: forcing a failure. [ 163.176178][ T9871] name failslab, interval 1, probability 0, space 0, times 0 [ 163.181014][ T9871] CPU: 1 UID: 0 PID: 9871 Comm: syz.3.770 Not tainted 6.13.0-syzkaller #0 [ 163.184098][ T9871] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 163.187932][ T9871] Call Trace: [ 163.189142][ T9871] [ 163.190228][ T9871] dump_stack_lvl+0x16c/0x1f0 [ 163.191945][ T9871] should_fail_ex+0x497/0x5b0 [ 163.193661][ T9871] ? fs_reclaim_acquire+0xae/0x150 [ 163.195494][ T9871] should_failslab+0xc2/0x120 [ 163.197190][ T9871] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 163.199145][ T9871] ? __alloc_skb+0x2b3/0x380 [ 163.200768][ T9871] __alloc_skb+0x2b3/0x380 [ 163.202406][ T9871] ? __pfx___alloc_skb+0x10/0x10 [ 163.204208][ T9871] ? netlink_autobind.isra.0+0xa1/0x360 [ 163.206263][ T9871] netlink_alloc_large_skb+0x69/0x130 [ 163.208203][ T9871] netlink_sendmsg+0x689/0xd70 [ 163.209969][ T9871] ? __pfx_netlink_sendmsg+0x10/0x10 [ 163.211898][ T9871] ____sys_sendmsg+0x9ae/0xb40 [ 163.213676][ T9871] ? __pfx_____sys_sendmsg+0x10/0x10 [ 163.215478][ T9871] ? get_compat_msghdr+0x11b/0x170 [ 163.216840][ T9871] ___sys_sendmsg+0x135/0x1e0 [ 163.218227][ T9871] ? __pfx____sys_sendmsg+0x10/0x10 [ 163.219901][ T9871] ? __pfx_lock_release+0x10/0x10 [ 163.221603][ T9871] ? trace_lock_acquire+0x14e/0x1f0 [ 163.223416][ T9871] ? __fget_files+0x206/0x3a0 [ 163.225114][ T9871] __sys_sendmsg+0x16e/0x220 [ 163.226819][ T9871] ? __pfx___sys_sendmsg+0x10/0x10 [ 163.228691][ T9871] __do_fast_syscall_32+0x73/0x120 [ 163.230564][ T9871] do_fast_syscall_32+0x32/0x80 [ 163.232342][ T9871] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 163.234649][ T9871] RIP: 0023:0xf7f81579 [ 163.236146][ T9871] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 163.242988][ T9871] RSP: 002b:00000000f509455c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 163.245263][ T9871] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000020000140 [ 163.247373][ T9871] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 163.249465][ T9871] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 163.251654][ T9871] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 163.254195][ T9871] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 163.256792][ T9871] [ 163.285445][ T9812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 163.287987][ T9812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.297935][ T9812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 163.302909][ T9812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 163.305444][ T9812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.315053][ T9812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 163.356674][ T9812] hsr_slave_0: entered promiscuous mode [ 163.359512][ T9812] hsr_slave_1: entered promiscuous mode [ 163.365703][ T9812] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 163.368580][ T9812] Cannot create hsr debugfs directory [ 163.873610][ T9881] IPVS: set_ctl: invalid protocol: 0 100.1.1.2:20002 [ 164.098882][ T9812] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 164.108301][ T9812] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 164.112743][ T9812] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 164.116792][ T9812] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 164.163556][ T9812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 164.174133][ T9812] 8021q: adding VLAN 0 to HW filter on device team0 [ 164.198823][ T1135] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.201032][ T1135] bridge0: port 1(bridge_slave_0) entered forwarding state [ 164.235059][ T1135] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.237244][ T1135] bridge0: port 2(bridge_slave_1) entered forwarding state [ 164.260059][ T9812] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 164.265578][ T9812] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 164.339725][ T9812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 164.359040][ T9812] veth0_vlan: entered promiscuous mode [ 164.365086][ T9812] veth1_vlan: entered promiscuous mode [ 164.378811][ T9812] veth0_macvtap: entered promiscuous mode [ 164.391581][ T9812] veth1_macvtap: entered promiscuous mode [ 164.404844][ T9812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 164.407951][ T9812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.410736][ T9812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 164.424116][ T9812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.427093][ T9812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 164.430220][ T9812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.435516][ T9812] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 164.444282][ T9812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.447369][ T9812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.450239][ T9812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.453552][ T9812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.456435][ T9812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.459477][ T9812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.463031][ T9812] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 164.466520][ T9812] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.469110][ T9812] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.471664][ T9812] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.474498][ T9812] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.559763][ T1135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.568586][ T1135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.580013][ T1135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.582631][ T1135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.648450][ T9937] random: crng reseeded on system resumption [ 165.893409][ T9981] netlink: 12 bytes leftover after parsing attributes in process `syz.1.785'. [ 166.688538][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.860772][ T67] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 166.864267][ T67] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 166.866980][ T67] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 166.869637][ T67] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 166.872242][ T67] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 166.874697][ T67] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 166.899074][T10001] lo speed is unknown, defaulting to 1000 [ 166.965346][T10001] chnl_net:caif_netlink_parms(): no params data found [ 167.135578][T10001] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.137670][T10001] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.139750][T10001] bridge_slave_0: entered allmulticast mode [ 167.142261][T10001] bridge_slave_0: entered promiscuous mode [ 167.144952][T10001] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.147084][T10001] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.149484][T10001] bridge_slave_1: entered allmulticast mode [ 167.151919][T10001] bridge_slave_1: entered promiscuous mode [ 167.200110][T10001] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.213397][T10001] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.246012][T10001] team0: Port device team_slave_0 added [ 167.249974][T10001] team0: Port device team_slave_1 added [ 167.295698][T10001] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 167.297776][T10001] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.305433][T10001] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 167.310804][T10001] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 167.313691][T10001] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.323953][T10001] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 167.351062][T10001] hsr_slave_0: entered promiscuous mode [ 167.354534][T10001] hsr_slave_1: entered promiscuous mode [ 167.358252][T10001] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 167.360676][T10001] Cannot create hsr debugfs directory [ 168.401924][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.543395][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.647309][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.830180][ T12] bridge_slave_1: left allmulticast mode [ 168.831879][ T12] bridge_slave_1: left promiscuous mode [ 168.835851][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.839548][ T12] bridge_slave_0: left allmulticast mode [ 168.841243][ T12] bridge_slave_0: left promiscuous mode [ 168.845512][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.953624][T10068] Process accounting resumed [ 168.953804][ T5294] Bluetooth: hci3: command tx timeout [ 168.987624][ T40] kauditd_printk_skb: 38 callbacks suppressed [ 168.987633][ T40] audit: type=1326 audit(1737419681.823:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10069 comm="syz.1.798" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f96579 code=0x0 [ 169.088084][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 169.095126][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 169.098825][ T12] bond0 (unregistering): Released all slaves [ 169.486327][ T12] hsr_slave_0: left promiscuous mode [ 169.490323][ T12] hsr_slave_1: left promiscuous mode [ 169.493841][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 169.496626][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 169.502278][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 169.504491][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 169.529971][ T12] veth1_macvtap: left promiscuous mode [ 169.531665][ T12] veth0_macvtap: left promiscuous mode [ 169.534042][ T12] veth1_vlan: left promiscuous mode [ 169.535636][ T12] veth0_vlan: left promiscuous mode [ 170.046400][ T40] audit: type=1326 audit(1737419682.883:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10121 comm="syz.3.806" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x0 [ 170.215401][ T12] team0 (unregistering): Port device team_slave_1 removed [ 170.307450][ T12] team0 (unregistering): Port device team_slave_0 removed [ 170.414769][T10128] 9pnet: Unknown protocol version 9p200 [ 170.416748][T10128] siw: device registration error -23 [ 170.920187][T10001] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 170.927241][T10001] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 170.931748][T10001] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 170.938849][T10001] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 171.004522][T10001] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.014885][T10001] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.018626][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.021379][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.023965][ T5294] Bluetooth: hci3: command tx timeout [ 171.035209][ T1227] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.037210][ T1227] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.129580][T10001] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 171.157407][T10001] veth0_vlan: entered promiscuous mode [ 171.174175][T10001] veth1_vlan: entered promiscuous mode [ 171.186461][T10001] veth0_macvtap: entered promiscuous mode [ 171.189857][T10001] veth1_macvtap: entered promiscuous mode [ 171.197241][T10001] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.200260][T10001] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.205540][T10001] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.209518][T10001] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.214611][T10001] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.217593][T10001] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.221024][T10001] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 171.227026][T10001] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.230027][T10001] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.232963][T10001] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.235884][T10001] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.238565][T10001] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.241360][T10001] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.244762][T10001] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 171.248916][T10001] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.251279][T10001] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.253877][T10001] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.256440][T10001] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.289251][ T1136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 171.292474][ T1136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 171.303812][ T99] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 171.306272][ T99] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 171.686830][T10176] xt_CT: You must specify a L4 protocol and not use inversions on it [ 171.790340][ T40] audit: type=1326 audit(1737419684.623:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10179 comm="syz.3.821" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 171.797894][ T40] audit: type=1326 audit(1737419684.623:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10179 comm="syz.3.821" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 171.804538][ T40] audit: type=1326 audit(1737419684.623:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10179 comm="syz.3.821" exe="/syz-executor" sig=0 arch=40000003 syscall=120 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 171.811056][ T40] audit: type=1326 audit(1737419684.643:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10179 comm="syz.3.821" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 171.819149][ T40] audit: type=1326 audit(1737419684.643:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10179 comm="syz.3.821" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 171.826440][ T40] audit: type=1326 audit(1737419684.643:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10181 comm="syz.3.821" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 171.834792][ T40] audit: type=1326 audit(1737419684.643:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10179 comm="syz.3.821" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 171.841020][ T40] audit: type=1326 audit(1737419684.643:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10179 comm="syz.3.821" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x7ffc0000 [ 172.045760][T10186] netlink: 'syz.3.822': attribute type 21 has an invalid length. [ 172.109945][T10193] netlink: 12 bytes leftover after parsing attributes in process `syz.1.825'. [ 172.647105][T10217] vxcan3: entered promiscuous mode [ 172.648730][T10217] vxcan3: entered allmulticast mode [ 172.981019][T10230] geneve2: entered promiscuous mode [ 172.982595][T10230] geneve2: entered allmulticast mode [ 173.261082][T10236] Bluetooth: MGMT ver 1.23 [ 173.526807][T10242] netlink: 44 bytes leftover after parsing attributes in process `syz.1.838'. [ 174.077700][ T1136] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.210614][ T67] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 174.215959][ T67] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 174.219659][ T67] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 174.228305][ T67] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 174.231804][ T67] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 174.234977][ T67] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 174.247126][T10261] netlink: 4 bytes leftover after parsing attributes in process `syz.3.844'. [ 174.254757][T10258] lo speed is unknown, defaulting to 1000 [ 174.335332][T10258] chnl_net:caif_netlink_parms(): no params data found [ 174.416136][T10258] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.418288][T10258] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.420396][T10258] bridge_slave_0: entered allmulticast mode [ 174.424047][T10258] bridge_slave_0: entered promiscuous mode [ 174.426712][T10258] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.429297][T10258] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.431473][T10258] bridge_slave_1: entered allmulticast mode [ 174.433863][T10258] bridge_slave_1: entered promiscuous mode [ 174.470854][T10258] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 174.482599][T10258] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 174.518706][T10258] team0: Port device team_slave_0 added [ 174.521647][T10258] team0: Port device team_slave_1 added [ 174.542459][T10258] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 174.544807][T10258] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 174.555817][T10258] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 174.559833][T10258] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 174.562761][T10258] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 174.570157][T10258] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 174.596577][T10258] hsr_slave_0: entered promiscuous mode [ 174.598728][T10258] hsr_slave_1: entered promiscuous mode [ 174.600734][T10258] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 174.603652][T10258] Cannot create hsr debugfs directory [ 175.100007][T10293] netlink: 'syz.0.850': attribute type 5 has an invalid length. [ 175.149123][T10295] 8021q: adding VLAN 0 to HW filter on device bond3 [ 175.819875][ T1136] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.886696][ T1136] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.971374][ T1136] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.082915][ T1136] bridge_slave_1: left allmulticast mode [ 176.084555][ T1136] bridge_slave_1: left promiscuous mode [ 176.086553][ T1136] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.099830][ T1136] bridge_slave_0: left allmulticast mode [ 176.101487][ T1136] bridge_slave_0: left promiscuous mode [ 176.104656][ T1136] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.193829][T10317] netlink: 16 bytes leftover after parsing attributes in process `syz.0.858'. [ 176.302181][ T5294] Bluetooth: hci3: command tx timeout [ 176.407168][ T1136] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 176.411079][ T1136] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 176.414948][ T1136] bond0 (unregistering): Released all slaves [ 176.582170][ T6002] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 176.732108][ T6002] usb 6-1: Using ep0 maxpacket: 16 [ 176.736123][ T6002] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 176.741259][ T6002] usb 6-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 176.748383][ T6002] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.761054][ T6002] usb 6-1: config 0 descriptor?? [ 176.764601][ T6002] input: bcm5974 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input10 [ 176.798455][ T1136] hsr_slave_0: left promiscuous mode [ 176.801012][ T1136] hsr_slave_1: left promiscuous mode [ 176.805260][ T1136] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 176.807539][ T1136] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 176.810301][ T1136] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 176.814109][ T1136] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 176.846698][ T1136] veth1_macvtap: left promiscuous mode [ 176.848991][ T1136] veth0_macvtap: left promiscuous mode [ 176.851241][ T1136] veth1_vlan: left promiscuous mode [ 176.854902][ T1136] veth0_vlan: left promiscuous mode [ 176.970264][ T5340] bcm5974 6-1:0.0: could not read from device [ 176.986503][ T6002] bcm5974 6-1:0.0: could not read from device [ 177.006951][ T5340] bcm5974 6-1:0.0: could not read from device [ 177.022713][ T6002] input: failed to attach handler mousedev to device input10, error: -5 [ 177.031724][ T6002] usb 6-1: USB disconnect, device number 3 [ 177.037137][ T5340] bcm5974 6-1:0.0: could not read from device [ 177.043238][ T5340] bcm5974 6-1:0.0: could not read from device [ 177.749756][ T1136] team0 (unregistering): Port device team_slave_1 removed [ 177.847527][ T1136] team0 (unregistering): Port device team_slave_0 removed [ 178.385145][ T5294] Bluetooth: hci3: command tx timeout [ 178.900435][T10258] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 178.920337][T10258] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 178.924629][T10258] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 178.934567][T10258] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 178.977617][T10258] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.984506][T10258] 8021q: adding VLAN 0 to HW filter on device team0 [ 178.991302][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.993312][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.999335][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.001226][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.117805][T10258] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.167214][T10258] veth0_vlan: entered promiscuous mode [ 179.174298][T10258] veth1_vlan: entered promiscuous mode [ 179.189786][T10258] veth0_macvtap: entered promiscuous mode [ 179.193221][T10258] veth1_macvtap: entered promiscuous mode [ 179.200630][T10258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 179.206024][T10258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 179.209060][T10258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 179.211749][T10258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 179.217287][T10258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 179.220694][T10258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 179.225382][T10258] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 179.230165][T10258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 179.235372][T10258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 179.238476][T10258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 179.241617][T10258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 179.246713][T10258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 179.249901][T10258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 179.255338][T10258] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 179.260477][T10258] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.264290][T10258] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.266411][T10258] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.268707][T10258] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.307750][ T99] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 179.309773][ T99] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 179.321483][ T39] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 179.323771][ T39] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 179.332218][T10389] FAULT_INJECTION: forcing a failure. [ 179.332218][T10389] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 179.335595][T10389] CPU: 3 UID: 0 PID: 10389 Comm: syz.3.867 Not tainted 6.13.0-syzkaller #0 [ 179.337766][T10389] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 179.340544][T10389] Call Trace: [ 179.341419][T10389] [ 179.342207][T10389] dump_stack_lvl+0x16c/0x1f0 [ 179.343474][T10389] should_fail_ex+0x497/0x5b0 [ 179.344699][T10389] _copy_from_user+0x2e/0xd0 [ 179.345899][T10389] generic_map_update_batch+0x3ff/0x5f0 [ 179.347316][T10389] ? __pfx_generic_map_update_batch+0x10/0x10 [ 179.348818][T10389] ? __fget_files+0x206/0x3a0 [ 179.350012][T10389] ? __pfx_generic_map_update_batch+0x10/0x10 [ 179.351514][T10389] bpf_map_do_batch+0x576/0x640 [ 179.352775][T10389] __sys_bpf+0x1c9f/0x57a0 [ 179.353961][T10389] ? __pfx_lock_release+0x10/0x10 [ 179.355266][T10389] ? __pfx___sys_bpf+0x10/0x10 [ 179.356507][T10389] ? vfs_write+0x306/0x1150 [ 179.357672][T10389] ? __mutex_unlock_slowpath+0x164/0x690 [ 179.359138][T10389] ? fput+0x67/0x440 [ 179.360154][T10389] ? ksys_write+0x1ba/0x250 [ 179.361331][T10389] ? __pfx_ksys_write+0x10/0x10 [ 179.362609][T10389] __ia32_sys_bpf+0x76/0xe0 [ 179.363789][T10389] __do_fast_syscall_32+0x73/0x120 [ 179.365127][T10389] do_fast_syscall_32+0x32/0x80 [ 179.366403][T10389] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 179.368015][T10389] RIP: 0023:0xf7f81579 [ 179.369066][T10389] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 179.373942][T10389] RSP: 002b:00000000f50b555c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 179.376043][T10389] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 0000000020000200 [ 179.378095][T10389] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000 [ 179.380168][T10389] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 179.382154][T10389] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 179.384132][T10389] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 179.386169][T10389] [ 180.514243][T10414] 9pnet_fd: Insufficient options for proto=fd [ 181.305975][T10438] netlink: 12 bytes leftover after parsing attributes in process `syz.3.877'. [ 182.099002][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.562360][ T40] kauditd_printk_skb: 42 callbacks suppressed [ 182.562372][ T40] audit: type=1326 audit(1737419695.393:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.0.885" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 182.570324][ T40] audit: type=1326 audit(1737419695.393:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.0.885" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 182.583195][ T40] audit: type=1326 audit(1737419695.393:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.0.885" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 182.589314][ T40] audit: type=1326 audit(1737419695.393:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.0.885" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 182.596956][ T40] audit: type=1326 audit(1737419695.393:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.0.885" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 182.603050][ T40] audit: type=1326 audit(1737419695.393:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.0.885" exe="/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 182.610114][ T40] audit: type=1326 audit(1737419695.403:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.0.885" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 182.617007][ T40] audit: type=1326 audit(1737419695.403:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.0.885" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 182.625018][ T40] audit: type=1326 audit(1737419695.403:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.0.885" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 182.633722][ T40] audit: type=1326 audit(1737419695.403:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.0.885" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 182.670784][ T67] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 182.676630][ T67] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 182.681024][ T67] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 182.685932][ T67] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 182.691195][ T67] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 182.694337][ T67] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 182.718178][T10476] lo speed is unknown, defaulting to 1000 [ 182.795818][T10476] chnl_net:caif_netlink_parms(): no params data found [ 182.985326][T10476] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.987494][T10476] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.989748][T10476] bridge_slave_0: entered allmulticast mode [ 182.993106][T10476] bridge_slave_0: entered promiscuous mode [ 182.997596][T10476] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.999620][T10476] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.001776][T10476] bridge_slave_1: entered allmulticast mode [ 183.004215][T10476] bridge_slave_1: entered promiscuous mode [ 183.061907][T10476] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 183.068414][T10476] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 183.109152][T10502] netlink: 8 bytes leftover after parsing attributes in process `syz.1.900'. [ 183.113615][T10476] team0: Port device team_slave_0 added [ 183.115468][T10502] netlink: 4 bytes leftover after parsing attributes in process `syz.1.900'. [ 183.118631][T10502] netlink: 'syz.1.900': attribute type 14 has an invalid length. [ 183.127514][T10476] team0: Port device team_slave_1 added [ 183.160112][T10476] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 183.165733][T10476] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 183.173138][T10476] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 183.177079][T10476] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 183.178995][T10476] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 183.187706][T10476] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 183.235919][T10476] hsr_slave_0: entered promiscuous mode [ 183.238104][T10476] hsr_slave_1: entered promiscuous mode [ 183.243061][T10476] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 183.245216][T10476] Cannot create hsr debugfs directory [ 183.286558][T10514] netlink: 12 bytes leftover after parsing attributes in process `syz.1.895'. [ 183.827330][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.916562][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.962391][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 184.082673][ T12] bridge_slave_1: left allmulticast mode [ 184.084348][ T12] bridge_slave_1: left promiscuous mode [ 184.086053][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.090645][ T12] bridge_slave_0: left allmulticast mode [ 184.092672][ T12] bridge_slave_0: left promiscuous mode [ 184.094395][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.209928][T10535] binder: 10528:10535 ioctl c0306201 20000280 returned -14 [ 184.350533][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 184.357010][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 184.361383][ T12] bond0 (unregistering): Released all slaves [ 184.702251][ T67] Bluetooth: hci3: command tx timeout [ 184.705534][ T12] hsr_slave_0: left promiscuous mode [ 184.708498][ T12] hsr_slave_1: left promiscuous mode [ 184.711117][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 184.714046][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 184.717249][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 184.719976][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 184.745426][ T12] veth1_macvtap: left promiscuous mode [ 184.747474][ T12] veth0_macvtap: left promiscuous mode [ 184.749572][ T12] veth1_vlan: left promiscuous mode [ 184.751604][ T12] veth0_vlan: left promiscuous mode [ 185.584035][ T12] team0 (unregistering): Port device team_slave_1 removed [ 185.666166][ T12] team0 (unregistering): Port device team_slave_0 removed [ 186.265308][T10569] netlink: 12 bytes leftover after parsing attributes in process `syz.3.916'. [ 186.268624][T10570] netlink: 12 bytes leftover after parsing attributes in process `syz.3.916'. [ 186.364583][T10590] block nbd3: shutting down sockets [ 186.440042][T10476] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 186.448221][T10476] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 186.453511][T10476] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 186.475361][T10476] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 186.511193][T10476] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.529057][T10476] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.533628][ T1136] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.535756][ T1136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.562745][ T1227] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.565320][ T1227] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.770039][T10476] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 186.792416][ T67] Bluetooth: hci3: command tx timeout [ 186.819574][T10476] veth0_vlan: entered promiscuous mode [ 186.827054][T10476] veth1_vlan: entered promiscuous mode [ 186.839680][T10476] veth0_macvtap: entered promiscuous mode [ 186.850084][T10476] veth1_macvtap: entered promiscuous mode [ 186.859477][T10476] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 186.864794][T10476] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.867715][T10476] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 186.871273][T10476] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.875050][T10476] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 186.878258][T10476] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.881778][T10476] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 186.896461][T10476] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 186.899808][T10476] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.904898][T10476] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 186.909375][T10476] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.913471][T10476] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 186.917751][T10476] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.921826][T10476] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 186.929421][T10476] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.932840][T10476] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.935284][T10476] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.937689][T10476] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.091106][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 187.103405][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 187.124642][ T39] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 187.127172][ T39] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 187.602806][T10640] kernel read not supported for file /eth0 (pid: 10640 comm: syz.0.923) [ 187.605381][ T40] kauditd_printk_skb: 23 callbacks suppressed [ 187.605389][ T40] audit: type=1800 audit(1737419700.443:246): pid=10640 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.923" name="eth0" dev="mqueue" ino=33917 res=0 errno=0 [ 188.623626][T10669] 9pnet: Unknown protocol version 9p200 [ 188.626832][T10669] siw: device registration error -23 [ 188.758215][T10675] usb usb8: usbfs: process 10675 (syz.1.936) did not claim interface 0 before use [ 188.765364][T10675] netlink: 'syz.1.936': attribute type 10 has an invalid length. [ 188.908178][T10685] lo speed is unknown, defaulting to 1000 [ 189.421803][T10697] FAULT_INJECTION: forcing a failure. [ 189.421803][T10697] name failslab, interval 1, probability 0, space 0, times 0 [ 189.425493][T10697] CPU: 1 UID: 0 PID: 10697 Comm: syz.3.942 Not tainted 6.13.0-syzkaller #0 [ 189.427964][T10697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 189.431033][T10697] Call Trace: [ 189.432027][T10697] [ 189.432929][T10697] dump_stack_lvl+0x16c/0x1f0 [ 189.434362][T10697] should_fail_ex+0x497/0x5b0 [ 189.435743][T10697] ? fs_reclaim_acquire+0xae/0x150 [ 189.437252][T10697] should_failslab+0xc2/0x120 [ 189.438661][T10697] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 189.440167][T10697] ? __kernfs_new_node+0xd3/0x890 [ 189.441634][T10697] __kernfs_new_node+0xd3/0x890 [ 189.443098][T10697] ? lockdep_hardirqs_on+0x7c/0x110 [ 189.444589][T10697] ? __pfx___kernfs_new_node+0x10/0x10 [ 189.446165][T10697] ? __switch_to+0x749/0x1190 [ 189.447508][T10697] ? hlock_class+0x4e/0x130 [ 189.448897][T10697] ? mark_lock+0xb5/0xc60 [ 189.450253][T10697] ? __pfx_mark_lock+0x10/0x10 [ 189.451682][T10697] ? __pfx_mark_lock+0x10/0x10 [ 189.453082][T10697] kernfs_new_node+0x186/0x240 [ 189.454554][T10697] ? __pfx___schedule+0x10/0x10 [ 189.455953][T10697] __kernfs_create_file+0x53/0x350 [ 189.457469][T10697] sysfs_add_file_mode_ns+0x1ff/0x3b0 [ 189.459066][T10697] sysfs_create_file_ns+0x13e/0x1d0 [ 189.460601][T10697] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 189.462320][T10697] ? __pfx___up_read+0x10/0x10 [ 189.463739][T10697] ? __pfx_tb_acpi_bus_match+0x10/0x10 [ 189.465348][T10697] ? acpi_device_notify+0xb9/0x480 [ 189.466884][T10697] device_create_file+0xf2/0x1e0 [ 189.468315][T10697] device_add+0x2c0/0x1a70 [ 189.469603][T10697] ? rcu_is_watching+0x12/0xc0 [ 189.470969][T10697] ? __pfx_device_add+0x10/0x10 [ 189.472391][T10697] ? kstrdup+0x8b/0xb0 [ 189.473599][T10697] device_create_groups_vargs+0x1f8/0x270 [ 189.475199][T10697] device_create+0xe9/0x130 [ 189.476514][T10697] ? __pfx_device_create+0x10/0x10 [ 189.478009][T10697] ? __pfx_vsnprintf+0x10/0x10 [ 189.479369][T10697] ? __pfx___debug_object_init+0x10/0x10 [ 189.480961][T10697] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 189.482658][T10697] bdi_register_va+0x116/0x820 [ 189.484077][T10697] ? __pfx_bdi_register_va+0x10/0x10 [ 189.485654][T10697] ? do_init_timer+0xc9/0x110 [ 189.486996][T10697] super_setup_bdi_name+0x100/0x250 [ 189.488506][T10697] ? __pfx_super_setup_bdi_name+0x10/0x10 [ 189.490166][T10697] ? shrinker_register+0x1a8/0x260 [ 189.491660][T10697] afs_get_tree+0xc2d/0x14d0 [ 189.492985][T10697] ? security_capable+0x7e/0x260 [ 189.494413][T10697] vfs_get_tree+0x8f/0x380 [ 189.495697][T10697] path_mount+0x6e1/0x1f00 [ 189.497019][T10697] ? kmem_cache_free+0x152/0x4c0 [ 189.498471][T10697] ? __pfx_path_mount+0x10/0x10 [ 189.499885][T10697] ? putname+0x13c/0x180 [ 189.501074][T10697] __ia32_sys_mount+0x292/0x310 [ 189.502479][T10697] ? __pfx___ia32_sys_mount+0x10/0x10 [ 189.504055][T10697] ? syscall_user_dispatch+0x77/0x140 [ 189.505653][T10697] __do_fast_syscall_32+0x73/0x120 [ 189.507159][T10697] do_fast_syscall_32+0x32/0x80 [ 189.508607][T10697] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 189.510477][T10697] RIP: 0023:0xf7f81579 [ 189.511666][T10697] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 189.517024][T10697] RSP: 002b:00000000f509455c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 189.519287][T10697] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000200001c0 [ 189.521480][T10697] RDX: 00000000200002c0 RSI: 0000000000000000 RDI: 0000000020000580 [ 189.523732][T10697] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 189.525979][T10697] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 189.528214][T10697] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 189.530500][T10697] [ 189.647701][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.733870][T10704] netlink: 'syz.1.943': attribute type 4 has an invalid length. [ 189.745641][ T8] lo speed is unknown, defaulting to 1000 [ 189.753691][T10702] netlink: 'syz.1.943': attribute type 4 has an invalid length. [ 189.766129][ T833] lo speed is unknown, defaulting to 1000 [ 189.769325][T10702] loop6: detected capacity change from 0 to 524287999 [ 189.783638][ C1] blk_print_req_error: 40 callbacks suppressed [ 189.783651][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 189.788300][ C1] buffer_io_error: 40 callbacks suppressed [ 189.788312][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 189.795738][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 189.799314][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 189.803639][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 189.807145][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 189.810733][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 189.814487][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 189.817355][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 189.820045][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 189.824298][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 189.827336][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 189.830025][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 189.833458][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 189.837148][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 189.840090][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 189.843842][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 189.846335][T10702] ldm_validate_partition_table(): Disk read failed. [ 189.848605][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 189.852438][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 189.855344][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 189.858275][T10702] Dev loop6: unable to read RDB block 0 [ 189.862563][T10702] loop6: unable to read partition table [ 189.865042][T10702] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 190.311461][T10709] netlink: 40 bytes leftover after parsing attributes in process `syz.3.946'. [ 190.422481][ T5294] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 190.426731][ T5294] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 190.430224][ T5294] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 190.436275][ T5294] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 190.438811][ T5294] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 190.441595][ T5294] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 190.455223][T10710] 9pnet: Unknown protocol version 9p200 [ 190.457489][T10710] siw: device registration error -23 [ 190.467532][T10711] lo speed is unknown, defaulting to 1000 [ 190.534799][T10711] chnl_net:caif_netlink_parms(): no params data found [ 190.552180][ T58] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 190.602408][T10711] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.604552][T10711] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.606622][T10711] bridge_slave_0: entered allmulticast mode [ 190.608888][T10711] bridge_slave_0: entered promiscuous mode [ 190.613230][T10711] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.615371][T10711] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.617452][T10711] bridge_slave_1: entered allmulticast mode [ 190.619630][T10711] bridge_slave_1: entered promiscuous mode [ 190.655110][T10711] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 190.659953][T10711] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 190.701140][T10711] team0: Port device team_slave_0 added [ 190.705455][ T58] usb 8-1: too many configurations: 9, using maximum allowed: 8 [ 190.709245][ T58] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 190.713641][ T58] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 190.714198][T10711] team0: Port device team_slave_1 added [ 190.716777][ T58] usb 8-1: config 0 interface 0 has no altsetting 0 [ 190.722718][ T58] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 190.726280][ T58] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 190.730217][ T58] usb 8-1: config 0 interface 0 has no altsetting 0 [ 190.740037][ T58] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 190.745227][ T58] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 190.748920][ T58] usb 8-1: config 0 interface 0 has no altsetting 0 [ 190.752370][ T58] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 190.754966][ T58] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 190.758191][ T58] usb 8-1: config 0 interface 0 has no altsetting 0 [ 190.764046][ T58] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 190.766750][ T58] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 190.768352][T10711] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 190.770091][ T58] usb 8-1: config 0 interface 0 has no altsetting 0 [ 190.771346][ T58] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 190.773034][T10711] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.775059][ T58] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 190.778401][T10711] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 190.786732][ T58] usb 8-1: config 0 interface 0 has no altsetting 0 [ 190.791440][T10711] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 190.796751][ T58] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 190.798330][T10711] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.800880][ T58] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 190.800905][ T58] usb 8-1: config 0 interface 0 has no altsetting 0 [ 190.801891][ T58] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 190.808552][T10711] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 190.811723][ T58] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 190.823747][ T58] usb 8-1: config 0 interface 0 has no altsetting 0 [ 190.828791][ T58] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 190.831571][ T58] usb 8-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 190.835146][ T58] usb 8-1: Product: syz [ 190.836863][ T58] usb 8-1: Manufacturer: syz [ 190.838766][ T58] usb 8-1: SerialNumber: syz [ 190.843632][ T58] usb 8-1: config 0 descriptor?? [ 190.849039][ T58] yurex 8-1:0.0: USB YUREX device now attached to Yurex #0 [ 190.861619][T10711] hsr_slave_0: entered promiscuous mode [ 190.868952][T10711] hsr_slave_1: entered promiscuous mode [ 190.872616][T10711] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 190.874954][T10711] Cannot create hsr debugfs directory [ 191.100975][ C2] usb 8-1: yurex_control_callback - control failed: -71 [ 191.102219][ T833] usb 8-1: USB disconnect, device number 4 [ 191.106268][ T833] yurex 8-1:0.0: USB YUREX #0 now disconnected [ 191.264224][T10729] FAULT_INJECTION: forcing a failure. [ 191.264224][T10729] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 191.269015][T10729] CPU: 0 UID: 0 PID: 10729 Comm: syz.0.949 Not tainted 6.13.0-syzkaller #0 [ 191.272224][T10729] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 191.276188][T10729] Call Trace: [ 191.277441][T10729] [ 191.278557][T10729] dump_stack_lvl+0x16c/0x1f0 [ 191.280302][T10729] should_fail_ex+0x497/0x5b0 [ 191.282066][T10729] _copy_from_user+0x2e/0xd0 [ 191.283812][T10729] get_compat_sigset+0x21/0x50 [ 191.285616][T10729] set_compat_user_sigmask+0xa8/0x2a0 [ 191.287599][T10729] ? __pfx_set_compat_user_sigmask+0x10/0x10 [ 191.289838][T10729] ? poll_select_set_timeout+0xbb/0x150 [ 191.291888][T10729] __ia32_compat_sys_ppoll_time32+0x1cf/0x2c0 [ 191.294173][T10729] ? __pfx___ia32_compat_sys_ppoll_time32+0x10/0x10 [ 191.296606][T10729] ? __secure_computing+0x273/0x3f0 [ 191.298543][T10729] do_int80_emulation+0x104/0x200 [ 191.300405][T10729] asm_int80_emulation+0x1a/0x20 [ 191.302251][T10729] RIP: 0023:0xf7f16579 [ 191.303764][T10729] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 191.310827][T10729] RSP: 002b:00000000f504555c EFLAGS: 00000296 ORIG_RAX: 0000000000000135 [ 191.313915][T10729] RAX: ffffffffffffffda RBX: 0000000020000280 RCX: 0000000000000003 [ 191.316835][T10729] RDX: 0000000020000300 RSI: 00000000200003c0 RDI: 0000000000000008 [ 191.319070][T10729] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 191.321031][T10729] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 191.323860][T10729] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 191.326834][T10729] [ 191.492133][ T8] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 191.605416][T10738] input: syz1 as /devices/virtual/input/input11 [ 191.651336][T10740] netlink: 4 bytes leftover after parsing attributes in process `syz.1.952'. [ 191.664079][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.711616][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.812941][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.910220][T10746] overlayfs: failed to resolve './file1': -2 [ 191.932604][ T11] bridge_slave_1: left allmulticast mode [ 191.934284][ T11] bridge_slave_1: left promiscuous mode [ 191.935985][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.969837][ T11] bridge_slave_0: left allmulticast mode [ 191.972800][ T11] bridge_slave_0: left promiscuous mode [ 191.974624][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.280781][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 192.294014][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 192.299723][ T11] bond0 (unregistering): Released all slaves [ 192.462393][ T67] Bluetooth: hci3: command tx timeout [ 192.480781][T10765] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 192.686382][ T11] hsr_slave_0: left promiscuous mode [ 192.688356][ T11] hsr_slave_1: left promiscuous mode [ 192.690449][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 192.692720][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 192.695174][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 192.697307][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 192.721183][ T11] veth1_macvtap: left promiscuous mode [ 192.723933][ T11] veth0_macvtap: left promiscuous mode [ 192.726035][ T11] veth1_vlan: left promiscuous mode [ 192.727967][ T11] veth0_vlan: left promiscuous mode [ 192.949831][T10780] 9pnet: Unknown protocol version 9p200 [ 192.957152][T10780] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 193.383836][ T11] team0 (unregistering): Port device team_slave_1 removed [ 193.474567][ T11] team0 (unregistering): Port device team_slave_0 removed [ 193.581221][T10796] capability: warning: `syz.0.964' uses 32-bit capabilities (legacy support in use) [ 193.743113][ T1413] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.782444][T10802] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 194.055164][T10801] can0: slcan on ttyS3. [ 194.099975][T10711] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 194.107636][T10711] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 194.128922][T10711] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 194.154674][T10711] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 194.212621][T10813] xt_TPROXY: Can be used only with -p tcp or -p udp [ 194.287847][T10711] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.307759][T10711] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.313018][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.315148][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.328131][ T66] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.331025][ T66] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.452891][T10793] can0 (unregistered): slcan off ttyS3. [ 194.460742][T10711] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.481368][T10711] veth0_vlan: entered promiscuous mode [ 194.485961][T10711] veth1_vlan: entered promiscuous mode [ 194.509458][T10711] veth0_macvtap: entered promiscuous mode [ 194.515873][T10711] veth1_macvtap: entered promiscuous mode [ 194.521613][T10711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 194.524976][T10711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.527845][T10711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 194.530812][T10711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.536636][T10711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 194.539586][T10711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.542098][ T67] Bluetooth: hci3: command tx timeout [ 194.544672][T10711] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 194.556055][T10711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 194.560021][T10711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.563010][T10711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 194.565857][T10711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.568616][T10711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 194.573923][T10711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.578423][T10711] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 194.584192][T10711] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.586713][T10711] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.589768][T10711] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.592736][T10711] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.698459][ T1135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 194.712093][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 194.714366][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 194.728600][ T1135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 195.332039][T10853] 9pnet: Unknown protocol version 9p200 [ 195.338651][T10853] siw: device registration error -23 [ 195.402162][T10855] ISOFS: Unable to identify CD-ROM format. [ 196.069112][T10877] hfs: can't find a HFS filesystem on dev sr0 [ 196.277680][T10887] 9pnet: Unknown protocol version 9p200 [ 196.280194][T10887] siw: device registration error -23 [ 196.605166][T10893] No such timeout policy "syz0" [ 196.822905][ T1135] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.542405][T10901] netlink: 36 bytes leftover after parsing attributes in process `syz.0.987'. [ 197.545063][T10901] netlink: 16 bytes leftover after parsing attributes in process `syz.0.987'. [ 197.547662][T10901] netlink: 36 bytes leftover after parsing attributes in process `syz.0.987'. [ 197.550169][T10901] netlink: 36 bytes leftover after parsing attributes in process `syz.0.987'. [ 197.577782][ T5294] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 197.581425][ T5294] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 197.592164][ T5294] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 197.595218][ T5294] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 197.597959][ T5294] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 197.600800][ T5294] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 197.615236][T10902] lo speed is unknown, defaulting to 1000 [ 197.676251][T10902] chnl_net:caif_netlink_parms(): no params data found [ 197.718598][T10906] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 197.733208][T10902] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.735377][T10902] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.738856][T10902] bridge_slave_0: entered allmulticast mode [ 197.741119][T10902] bridge_slave_0: entered promiscuous mode [ 197.744998][T10902] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.747155][T10902] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.749340][T10902] bridge_slave_1: entered allmulticast mode [ 197.751631][T10902] bridge_slave_1: entered promiscuous mode [ 197.771305][T10902] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 197.775257][T10902] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 197.826429][T10902] team0: Port device team_slave_0 added [ 197.846807][T10902] team0: Port device team_slave_1 added [ 197.865062][T10902] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 197.867108][T10902] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 197.876658][T10902] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 197.880514][T10902] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 197.882689][T10902] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 197.890005][T10902] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 197.918442][T10902] hsr_slave_0: entered promiscuous mode [ 197.920573][T10902] hsr_slave_1: entered promiscuous mode [ 197.922673][T10902] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 197.924855][T10902] Cannot create hsr debugfs directory [ 198.398163][T10922] vlan2: entered allmulticast mode [ 198.399650][T10922] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 198.405105][T10922] mac80211_hwsim hwsim3 wlan1: left allmulticast mode [ 198.605963][T10933] Cannot find map_set index 0 as target [ 198.659442][T10937] [ 198.660189][T10937] ====================================================== [ 198.662357][T10937] WARNING: possible circular locking dependency detected [ 198.664326][T10937] 6.13.0-syzkaller #0 Not tainted [ 198.665800][T10937] ------------------------------------------------------ [ 198.669397][T10937] syz.0.999/10937 is trying to acquire lock: [ 198.671084][T10937] ffff888021f4a8e0 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0xe3/0x190 [ 198.673619][T10937] [ 198.673619][T10937] but task is already holding lock: [ 198.675663][T10937] ffff88804383d758 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0xc9/0x290 [ 198.678263][T10937] [ 198.678263][T10937] which lock already depends on the new lock. [ 198.678263][T10937] [ 198.681132][T10937] [ 198.681132][T10937] the existing dependency chain (in reverse order) is: [ 198.683647][T10937] [ 198.683647][T10937] -> #5 (&q->debugfs_mutex){+.+.}-{4:4}: [ 198.685873][T10937] __mutex_lock+0x19b/0xa60 [ 198.687313][T10937] blk_mq_init_sched+0x42b/0x640 [ 198.688774][T10942] MPI: mpi too large (185152 bits) [ 198.688863][T10937] elevator_init_mq+0x2cd/0x420 [ 198.691893][T10937] add_disk_fwnode+0x113/0x1300 [ 198.693464][T10937] sd_probe+0xa66/0xfa0 [ 198.694840][T10937] really_probe+0x23e/0xa90 [ 198.696325][T10937] __driver_probe_device+0x1de/0x440 [ 198.697997][T10937] driver_probe_device+0x4c/0x1b0 [ 198.699582][T10937] __device_attach_driver+0x1df/0x310 [ 198.701265][T10937] bus_for_each_drv+0x157/0x1e0 [ 198.702788][T10937] __device_attach_async_helper+0x1d3/0x290 [ 198.704605][T10937] async_run_entry_fn+0x9c/0x530 [ 198.706150][T10937] process_one_work+0x958/0x1b30 [ 198.707693][T10937] worker_thread+0x6c8/0xf00 [ 198.709266][T10937] kthread+0x2c1/0x3a0 [ 198.710761][T10937] ret_from_fork+0x45/0x80 [ 198.712244][T10937] ret_from_fork_asm+0x1a/0x30 [ 198.714204][T10937] [ 198.714204][T10937] -> #4 (&q->q_usage_counter(queue)#51){++++}-{0:0}: [ 198.717222][T10937] blk_queue_enter+0x50f/0x640 [ 198.718774][T10937] blk_mq_alloc_request+0x59b/0x950 [ 198.720411][T10937] scsi_execute_cmd+0x20a/0xf30 [ 198.721956][T10937] read_capacity_16+0x21a/0xe20 [ 198.723526][T10937] sd_revalidate_disk.isra.0+0x1a06/0xa8d0 [ 198.725318][T10937] sd_probe+0x8ee/0xfa0 [ 198.726692][T10937] really_probe+0x23e/0xa90 [ 198.728148][T10937] __driver_probe_device+0x1de/0x440 [ 198.729863][T10937] driver_probe_device+0x4c/0x1b0 [ 198.731379][T10937] __device_attach_driver+0x1df/0x310 [ 198.733068][T10937] bus_for_each_drv+0x157/0x1e0 [ 198.734614][T10937] __device_attach_async_helper+0x1d3/0x290 [ 198.736418][T10937] async_run_entry_fn+0x9c/0x530 [ 198.737966][T10937] process_one_work+0x958/0x1b30 [ 198.739519][T10937] worker_thread+0x6c8/0xf00 [ 198.741001][T10937] kthread+0x2c1/0x3a0 [ 198.742335][T10937] ret_from_fork+0x45/0x80 [ 198.743763][T10937] ret_from_fork_asm+0x1a/0x30 [ 198.745286][T10937] [ 198.745286][T10937] -> #3 (&q->limits_lock){+.+.}-{4:4}: [ 198.747473][T10937] __mutex_lock+0x19b/0xa60 [ 198.748911][T10937] __nbd_set_size+0x2c0/0x730 [ 198.750408][T10937] nbd_start_device+0x8fd/0xd70 [ 198.751941][T10937] nbd_ioctl+0x21a/0xfd0 [ 198.753347][T10937] compat_blkdev_ioctl+0x2f7/0x750 [ 198.754953][T10937] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 198.756593][T10937] __do_fast_syscall_32+0x73/0x120 [ 198.758192][T10937] do_fast_syscall_32+0x32/0x80 [ 198.759676][T10937] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 198.761519][T10937] [ 198.761519][T10937] -> #2 (&q->q_usage_counter(io)#52){++++}-{0:0}: [ 198.763930][T10937] blk_mq_submit_bio+0x1fb6/0x24c0 [ 198.765469][T10937] __submit_bio+0x384/0x540 [ 198.766879][T10937] submit_bio_noacct_nocheck+0x698/0xd70 [ 198.768614][T10937] submit_bio_noacct+0x93a/0x1e20 [ 198.770143][T10937] block_read_full_folio+0x812/0xa50 [ 198.771755][T10937] filemap_read_folio+0xc6/0x2a0 [ 198.773291][T10937] filemap_get_pages+0x155f/0x1be0 [ 198.774912][T10937] filemap_read+0x3ca/0xd70 [ 198.776283][T10937] blkdev_read_iter+0x187/0x480 [ 198.777700][T10937] vfs_read+0x87f/0xbe0 [ 198.778979][T10937] ksys_read+0x12b/0x250 [ 198.780301][T10937] do_syscall_64+0xcd/0x250 [ 198.781723][T10937] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.783564][T10937] [ 198.783564][T10937] -> #1 (mapping.invalidate_lock#2){++++}-{4:4}: [ 198.785956][T10937] down_read+0x9a/0x330 [ 198.787302][T10937] filemap_fault+0x62c/0x2820 [ 198.788781][T10937] __do_fault+0x10a/0x490 [ 198.790188][T10937] do_pte_missing+0xebd/0x3e00 [ 198.791687][T10937] __handle_mm_fault+0x103c/0x2a40 [ 198.793291][T10937] handle_mm_fault+0x3fa/0xaa0 [ 198.794796][T10937] __get_user_pages+0x8d9/0x3b50 [ 198.796354][T10937] populate_vma_page_range+0x27f/0x3a0 [ 198.798044][T10937] __mm_populate+0x1d6/0x380 [ 198.799497][T10937] do_mlock+0x40a/0x7d0 [ 198.800837][T10937] __ia32_sys_mlock+0x57/0x80 [ 198.802329][T10937] __do_fast_syscall_32+0x73/0x120 [ 198.803928][T10937] do_fast_syscall_32+0x32/0x80 [ 198.805409][T10937] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 198.807329][T10937] [ 198.807329][T10937] -> #0 (&mm->mmap_lock){++++}-{4:4}: [ 198.809464][T10937] __lock_acquire+0x249e/0x3c40 [ 198.810972][T10937] lock_acquire.part.0+0x11b/0x380 [ 198.812542][T10937] __might_fault+0x11b/0x190 [ 198.813976][T10937] _copy_from_user+0x29/0xd0 [ 198.815441][T10937] compat_blk_trace_setup+0xc9/0x200 [ 198.817118][T10937] blk_trace_ioctl+0x24a/0x290 [ 198.818643][T10937] compat_blkdev_ioctl+0x13c/0x750 [ 198.820242][T10937] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 198.821908][T10937] __do_fast_syscall_32+0x73/0x120 [ 198.823510][T10937] do_fast_syscall_32+0x32/0x80 [ 198.825083][T10937] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 198.827029][T10937] [ 198.827029][T10937] other info that might help us debug this: [ 198.827029][T10937] [ 198.829910][T10937] Chain exists of: [ 198.829910][T10937] &mm->mmap_lock --> &q->q_usage_counter(queue)#51 --> &q->debugfs_mutex [ 198.829910][T10937] [ 198.833900][T10937] Possible unsafe locking scenario: [ 198.833900][T10937] [ 198.836035][T10937] CPU0 CPU1 [ 198.837571][T10937] ---- ---- [ 198.839095][T10937] lock(&q->debugfs_mutex); [ 198.840365][T10937] lock(&q->q_usage_counter(queue)#51); [ 198.842640][T10937] lock(&q->debugfs_mutex); [ 198.844610][T10937] rlock(&mm->mmap_lock); [ 198.845873][T10937] [ 198.845873][T10937] *** DEADLOCK *** [ 198.845873][T10937] [ 198.848136][T10937] 1 lock held by syz.0.999/10937: [ 198.849519][T10937] #0: ffff88804383d758 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0xc9/0x290 [ 198.852150][T10937] [ 198.852150][T10937] stack backtrace: [ 198.853791][T10937] CPU: 2 UID: 0 PID: 10937 Comm: syz.0.999 Not tainted 6.13.0-syzkaller #0 [ 198.856165][T10937] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 198.859052][T10937] Call Trace: [ 198.860019][T10937] [ 198.860881][T10937] dump_stack_lvl+0x116/0x1f0 [ 198.862249][T10937] print_circular_bug+0x41c/0x610 [ 198.863609][T10937] check_noncircular+0x31a/0x400 [ 198.864985][T10937] ? __pfx_check_noncircular+0x10/0x10 [ 198.866558][T10937] ? lockdep_lock+0xc6/0x200 [ 198.867888][T10937] ? __pfx_lockdep_lock+0x10/0x10 [ 198.869334][T10937] __lock_acquire+0x249e/0x3c40 [ 198.870744][T10937] ? __pfx___lock_acquire+0x10/0x10 [ 198.872243][T10937] ? bdev_name.constprop.0+0x298/0x490 [ 198.873806][T10937] lock_acquire.part.0+0x11b/0x380 [ 198.875273][T10937] ? __might_fault+0xe3/0x190 [ 198.876594][T10937] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 198.878181][T10937] ? rcu_is_watching+0x12/0xc0 [ 198.879548][T10937] ? trace_lock_acquire+0x14e/0x1f0 [ 198.880960][T10937] ? __might_fault+0xe3/0x190 [ 198.882316][T10937] ? lock_acquire+0x2f/0xb0 [ 198.883643][T10937] ? __might_fault+0xe3/0x190 [ 198.884988][T10937] ? __might_fault+0xe3/0x190 [ 198.886340][T10937] __might_fault+0x11b/0x190 [ 198.887657][T10937] ? __might_fault+0xe3/0x190 [ 198.888994][T10937] _copy_from_user+0x29/0xd0 [ 198.890329][T10937] compat_blk_trace_setup+0xc9/0x200 [ 198.892233][T10937] ? __pfx_compat_blk_trace_setup+0x10/0x10 [ 198.894443][T10937] ? blk_trace_ioctl+0xc9/0x290 [ 198.896269][T10937] ? snprintf+0xc8/0x100 [ 198.897861][T10937] ? __pfx_snprintf+0x10/0x10 [ 198.899608][T10937] blk_trace_ioctl+0x24a/0x290 [ 198.901386][T10937] ? __pfx_blk_trace_ioctl+0x10/0x10 [ 198.903401][T10937] ? __pfx_lock_release+0x10/0x10 [ 198.905261][T10937] ? trace_lock_acquire+0x14e/0x1f0 [ 198.907463][T10937] compat_blkdev_ioctl+0x13c/0x750 [ 198.909366][T10937] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 198.911458][T10937] ? __fget_files+0x206/0x3a0 [ 198.913218][T10937] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 198.915301][T10937] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 198.917280][T10937] __do_fast_syscall_32+0x73/0x120 [ 198.919196][T10937] do_fast_syscall_32+0x32/0x80 [ 198.921043][T10937] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 198.923406][T10937] RIP: 0023:0xf7f16579 [ 198.924929][T10937] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 198.932018][T10937] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 198.935132][T10937] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0401273 [ 198.938078][T10937] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 198.940993][T10937] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 198.943910][T10937] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 198.946834][T10937] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 198.949776][T10937] [ 198.953330][T10939] 9pnet: Unknown protocol version 9p200 [ 198.955502][T10939] siw: device registration error -23 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 198.976605][ T1135] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.090730][T10937] bridge0: port 3(syz_tun) entered disabled state [ 199.095747][T10937] syz_tun (unregistering): left allmulticast mode [ 199.098220][T10937] syz_tun (unregistering): left promiscuous mode [ 199.100585][T10937] bridge0: port 3(syz_tun) entered disabled state [ 199.110558][ T1135] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.250399][T10941] bridge0: port 3(syz_tun) entered disabled state [ 199.254429][T10941] syz_tun (unregistering): left allmulticast mode [ 199.256555][T10941] syz_tun (unregistering): left promiscuous mode [ 199.258398][T10941] bridge0: port 3(syz_tun) entered disabled state [ 199.305015][ T1135] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.448478][ T1135] bridge_slave_1: left allmulticast mode [ 199.450142][ T1135] bridge_slave_1: left promiscuous mode [ 199.451811][ T1135] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.454707][ T1135] bridge_slave_0: left allmulticast mode [ 199.456358][ T1135] bridge_slave_0: left promiscuous mode [ 199.458020][ T1135] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.535377][ T1135] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 199.539035][ T1135] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 199.542188][ T1135] bond0 (unregistering): Released all slaves [ 199.663470][ T67] Bluetooth: hci3: command tx timeout [ 199.869328][ T1135] hsr_slave_0: left promiscuous mode [ 199.871845][ T1135] hsr_slave_1: left promiscuous mode [ 199.875823][ T1135] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 199.878738][ T1135] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 199.882025][ T1135] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 199.884962][ T1135] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 199.889759][ T1135] veth1_macvtap: left promiscuous mode [ 199.891954][ T1135] veth0_macvtap: left promiscuous mode [ 199.894234][ T1135] veth1_vlan: left promiscuous mode [ 199.896334][ T1135] veth0_vlan: left promiscuous mode [ 200.074608][ T1135] team0 (unregistering): Port device team_slave_1 removed [ 200.108756][ T1135] team0 (unregistering): Port device team_slave_0 removed [ 200.676167][ T1135] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.724727][ T1135] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.764818][ T1135] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.805259][ T1135] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.852264][ T1135] bridge_slave_0: left allmulticast mode [ 200.854583][ T1135] bridge_slave_0: left promiscuous mode [ 200.856874][ T1135] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.046362][ T1135] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 201.049887][ T1135] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 201.053195][ T1135] bond0 (unregistering): Released all slaves [ 201.056403][ T1135] bond1 (unregistering): Released all slaves [ 201.124924][ T1135] bond2 (unregistering): Released all slaves [ 201.187633][ T1135] bond3 (unregistering): Released all slaves [ 201.440015][ T1135] hsr_slave_0: left promiscuous mode [ 201.441937][ T1135] hsr_slave_1: left promiscuous mode [ 201.444221][ T1135] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 201.446426][ T1135] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 201.448759][ T1135] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 201.450899][ T1135] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 201.455098][ T1135] veth1_macvtap: left promiscuous mode [ 201.456685][ T1135] veth0_macvtap: left promiscuous mode [ 201.458300][ T1135] veth1_vlan: left promiscuous mode [ 201.459807][ T1135] veth0_vlan: left promiscuous mode [ 201.744068][ T67] Bluetooth: hci3: command 0x041b tx timeout [ 202.304212][ T1135] bridge_slave_1: left allmulticast mode [ 202.306546][ T1135] bridge_slave_1: left promiscuous mode [ 202.308386][ T1135] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.311092][ T1135] bridge_slave_0: left allmulticast mode [ 202.313827][ T1135] bridge_slave_0: left promiscuous mode [ 202.316076][ T1135] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.433858][ T1135] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 202.437486][ T1135] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 202.440430][ T1135] bond0 (unregistering): Released all slaves [ 202.536178][ T1135] hsr_slave_0: left promiscuous mode [ 202.538139][ T1135] hsr_slave_1: left promiscuous mode [ 202.540097][ T1135] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 202.542963][ T1135] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 202.574923][ T1135] team0 (unregistering): Port device team_slave_1 removed [ 202.617605][ T1135] team0 (unregistering): Port device team_slave_0 removed VM DIAGNOSIS: 00:35:11 Registers: info registers vcpu 0 CPU#0 RAX=00000000005a259c RBX=0000000000000000 RCX=ffffffff8b1a8899 RDX=ffffed1005686fee RSI=ffffffff8bb19a40 RDI=ffffffff81702c79 RBP=fffffbfff1b52ef8 RSP=ffffffff8da07e20 R8 =0000000000000000 R9 =ffffed1005686fed R10=ffff88802b437f6b R11=0000000000003b18 R12=0000000000000000 R13=ffffffff8da977c0 R14=ffffffff901d29d0 R15=0000000000000000 RIP=ffffffff8b1a9c7f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020001200 CR3=000000000db7e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000782c54 RBX=0000000000000001 RCX=ffffffff8b1a8899 RDX=ffffed10056a6fee RSI=ffffffff8bb19a40 RDI=ffffffff81702c79 RBP=ffffed10039dc910 RSP=ffffc9000047fe08 R8 =0000000000000000 R9 =ffffed10056a6fed R10=ffff88802b537f6b R11=0000000000044e00 R12=0000000000000001 R13=ffff88801cee4880 R14=ffffffff901d29d0 R15=0000000000000000 RIP=ffffffff8b1a9c7f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b500000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=0000000062b36000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85145395 RDI=ffffffff9a66e200 RBP=ffffffff9a66e1c0 RSP=ffffc90002e57320 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=000000000000002d R14=ffffffff85145330 R15=0000000000000000 RIP=ffffffff851453bf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=00000000745be000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffff00 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=00000000180400fb RCX=ffffffff81e3ffe5 RDX=ffff88801f848000 RSI=0000000000000020 RDI=0000000000000007 RBP=800000004e583007 RSP=ffffc90003f67718 R8 =0000000000000007 R9 =0000000000000020 R10=0000000000000028 R11=1ffffffff1bb8bf9 R12=0000000000000028 R13=ffff888061d05480 R14=ffffea00013960c0 R15=dffffc0000000000 RIP=ffffffff81994d80 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b700000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7f855c0 CR3=000000006323e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000