last executing test programs: 44.039577556s ago: executing program 1 (id=234): pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) (async) mount$fuse(0x0, 0x0, 0x0, 0x1048001, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0]) (async) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x2, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000100)='./file0\x00') (async) rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x6}, 0x20, 0x0, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) r1 = gettid() landlock_create_ruleset(&(0x7f0000000080)={0x200, 0x0, 0x3}, 0x18, 0x3) (async) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc018937e, 0x0) (async) vmsplice(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000440)="fa677a20e61f2ff3d7f787908d8dda23e6c0470ad8931b697c83dfad3144a2171b09c4277c8065888be915330b3d4bcf2686c9726db2350d2a9461a4201ab58e7074097c7f76e65e4784ef6b7df152d5ec2d252ab8d9d1b4212616c3177bef9743b2364ee0ead05c78da9a7c373ebdeb430974d3dcb13e2c093ed33ecd85d2c96784a089f98cfc20a3e2ccefa2661d229e16ee48c130", 0x96}, {&(0x7f0000000500)="bacaefc85678eab528e5d904ff17d7ae0dfafcaadd63312683a1a9a0f0dd23a9787a54f056007d07b87e1a34d242b968a7ae93cf5e9150295e935735bbdb536f1dcf463381cf4a03", 0x48}, {&(0x7f0000000180)="2e48b94ef3cf15e6e77b2f13f920e173cee8d505bc0ebdf95e3700a3b5ee121e515eb32307b040", 0x27}, {&(0x7f0000000580)="5fab1cfc978994c4a91f2d2cf6e8c8c18b03eca55c671a9eb3f0f1e58a1de800d3fb4e84136187a02d524f3e3240d233ac03e95d710cecdfb66e0733b2d97a110a327e3f32e46dcf258d7a2cce84a9e52ccd82babc43ef8e03fa5056a289878ee96374afa9012f43ad8067015702e0a3e6a1a9228b0bd61d35c56f79a7769871c781f926ac3324adc70bb6b2f9a3c02102bb4efc8071f47f8ef11fa0ef2c19144b", 0xa1}, {&(0x7f0000000340)='L', 0x1}], 0x5, 0x6) (async) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=0x0) (async) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async) syz_open_dev$sg(0x0, 0x0, 0x0) (async) syz_open_dev$sg(0x0, 0x0, 0x127081) getrlimit(0xa, &(0x7f0000000040)) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) syz_open_dev$MSR(0x0, 0x0, 0x0) (async) set_mempolicy(0x4000, &(0x7f00000000c0)=0x401, 0x1) (async) mmap(&(0x7f0000618000/0x1000)=nil, 0x1000, 0x3000003, 0x10, 0xffffffffffffffff, 0x4351b000) fsopen(0x0, 0x0) (async) syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="03c9007586c3b619eb3906ef74e7e1b092754fdff60fc08a5054c0e1d37df3121f3e311a01c1fed555420beda3e16973ba802383718f6bf7652255e73f17bfd6d20bd9ba12cbc995bc78470f5e187e9781f99a5aaf7e10deb7c2f0f153ea04445c40560af1ba1ecbaf89e718b0d1976a82ed4f"], 0x79) (async) openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async) socket$inet6_sctp(0xa, 0x5, 0x84) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x15, 0x4, &(0x7f0000000300)=ANY=[@ANYRES64=r2], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00', r3}, 0x10) (async) madvise(&(0x7f0000bdd000/0x3000)=nil, 0x3000, 0x3a) (async) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000bdb000/0x3000)=nil, 0x3000, &(0x7f0000000040)='&\x00') (async) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) 35.786913661s ago: executing program 1 (id=234): pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) (async) mount$fuse(0x0, 0x0, 0x0, 0x1048001, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0]) (async) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x2, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000100)='./file0\x00') (async) rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x6}, 0x20, 0x0, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) r1 = gettid() landlock_create_ruleset(&(0x7f0000000080)={0x200, 0x0, 0x3}, 0x18, 0x3) (async) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc018937e, 0x0) (async) vmsplice(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000440)="fa677a20e61f2ff3d7f787908d8dda23e6c0470ad8931b697c83dfad3144a2171b09c4277c8065888be915330b3d4bcf2686c9726db2350d2a9461a4201ab58e7074097c7f76e65e4784ef6b7df152d5ec2d252ab8d9d1b4212616c3177bef9743b2364ee0ead05c78da9a7c373ebdeb430974d3dcb13e2c093ed33ecd85d2c96784a089f98cfc20a3e2ccefa2661d229e16ee48c130", 0x96}, {&(0x7f0000000500)="bacaefc85678eab528e5d904ff17d7ae0dfafcaadd63312683a1a9a0f0dd23a9787a54f056007d07b87e1a34d242b968a7ae93cf5e9150295e935735bbdb536f1dcf463381cf4a03", 0x48}, {&(0x7f0000000180)="2e48b94ef3cf15e6e77b2f13f920e173cee8d505bc0ebdf95e3700a3b5ee121e515eb32307b040", 0x27}, {&(0x7f0000000580)="5fab1cfc978994c4a91f2d2cf6e8c8c18b03eca55c671a9eb3f0f1e58a1de800d3fb4e84136187a02d524f3e3240d233ac03e95d710cecdfb66e0733b2d97a110a327e3f32e46dcf258d7a2cce84a9e52ccd82babc43ef8e03fa5056a289878ee96374afa9012f43ad8067015702e0a3e6a1a9228b0bd61d35c56f79a7769871c781f926ac3324adc70bb6b2f9a3c02102bb4efc8071f47f8ef11fa0ef2c19144b", 0xa1}, {&(0x7f0000000340)='L', 0x1}], 0x5, 0x6) (async) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=0x0) (async) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async) syz_open_dev$sg(0x0, 0x0, 0x0) (async) syz_open_dev$sg(0x0, 0x0, 0x127081) getrlimit(0xa, &(0x7f0000000040)) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) syz_open_dev$MSR(0x0, 0x0, 0x0) (async) set_mempolicy(0x4000, &(0x7f00000000c0)=0x401, 0x1) (async) mmap(&(0x7f0000618000/0x1000)=nil, 0x1000, 0x3000003, 0x10, 0xffffffffffffffff, 0x4351b000) fsopen(0x0, 0x0) (async) syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="03c9007586c3b619eb3906ef74e7e1b092754fdff60fc08a5054c0e1d37df3121f3e311a01c1fed555420beda3e16973ba802383718f6bf7652255e73f17bfd6d20bd9ba12cbc995bc78470f5e187e9781f99a5aaf7e10deb7c2f0f153ea04445c40560af1ba1ecbaf89e718b0d1976a82ed4f"], 0x79) (async) openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async) socket$inet6_sctp(0xa, 0x5, 0x84) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x15, 0x4, &(0x7f0000000300)=ANY=[@ANYRES64=r2], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00', r3}, 0x10) (async) madvise(&(0x7f0000bdd000/0x3000)=nil, 0x3000, 0x3a) (async) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000bdb000/0x3000)=nil, 0x3000, &(0x7f0000000040)='&\x00') (async) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) 27.607532852s ago: executing program 1 (id=234): pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) (async) mount$fuse(0x0, 0x0, 0x0, 0x1048001, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0]) (async) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x2, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000100)='./file0\x00') (async) rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x6}, 0x20, 0x0, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) r1 = gettid() landlock_create_ruleset(&(0x7f0000000080)={0x200, 0x0, 0x3}, 0x18, 0x3) (async) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc018937e, 0x0) (async) vmsplice(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000440)="fa677a20e61f2ff3d7f787908d8dda23e6c0470ad8931b697c83dfad3144a2171b09c4277c8065888be915330b3d4bcf2686c9726db2350d2a9461a4201ab58e7074097c7f76e65e4784ef6b7df152d5ec2d252ab8d9d1b4212616c3177bef9743b2364ee0ead05c78da9a7c373ebdeb430974d3dcb13e2c093ed33ecd85d2c96784a089f98cfc20a3e2ccefa2661d229e16ee48c130", 0x96}, {&(0x7f0000000500)="bacaefc85678eab528e5d904ff17d7ae0dfafcaadd63312683a1a9a0f0dd23a9787a54f056007d07b87e1a34d242b968a7ae93cf5e9150295e935735bbdb536f1dcf463381cf4a03", 0x48}, {&(0x7f0000000180)="2e48b94ef3cf15e6e77b2f13f920e173cee8d505bc0ebdf95e3700a3b5ee121e515eb32307b040", 0x27}, {&(0x7f0000000580)="5fab1cfc978994c4a91f2d2cf6e8c8c18b03eca55c671a9eb3f0f1e58a1de800d3fb4e84136187a02d524f3e3240d233ac03e95d710cecdfb66e0733b2d97a110a327e3f32e46dcf258d7a2cce84a9e52ccd82babc43ef8e03fa5056a289878ee96374afa9012f43ad8067015702e0a3e6a1a9228b0bd61d35c56f79a7769871c781f926ac3324adc70bb6b2f9a3c02102bb4efc8071f47f8ef11fa0ef2c19144b", 0xa1}, {&(0x7f0000000340)='L', 0x1}], 0x5, 0x6) (async) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=0x0) (async) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async) syz_open_dev$sg(0x0, 0x0, 0x0) (async) syz_open_dev$sg(0x0, 0x0, 0x127081) getrlimit(0xa, &(0x7f0000000040)) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) syz_open_dev$MSR(0x0, 0x0, 0x0) (async) set_mempolicy(0x4000, &(0x7f00000000c0)=0x401, 0x1) (async) mmap(&(0x7f0000618000/0x1000)=nil, 0x1000, 0x3000003, 0x10, 0xffffffffffffffff, 0x4351b000) fsopen(0x0, 0x0) (async) syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="03c9007586c3b619eb3906ef74e7e1b092754fdff60fc08a5054c0e1d37df3121f3e311a01c1fed555420beda3e16973ba802383718f6bf7652255e73f17bfd6d20bd9ba12cbc995bc78470f5e187e9781f99a5aaf7e10deb7c2f0f153ea04445c40560af1ba1ecbaf89e718b0d1976a82ed4f"], 0x79) (async) openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async) socket$inet6_sctp(0xa, 0x5, 0x84) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x15, 0x4, &(0x7f0000000300)=ANY=[@ANYRES64=r2], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00', r3}, 0x10) (async) madvise(&(0x7f0000bdd000/0x3000)=nil, 0x3000, 0x3a) (async) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000bdb000/0x3000)=nil, 0x3000, &(0x7f0000000040)='&\x00') (async) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) 19.639439856s ago: executing program 1 (id=234): pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) (async) mount$fuse(0x0, 0x0, 0x0, 0x1048001, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0]) (async) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x2, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000100)='./file0\x00') (async) rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x6}, 0x20, 0x0, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) r1 = gettid() landlock_create_ruleset(&(0x7f0000000080)={0x200, 0x0, 0x3}, 0x18, 0x3) (async) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc018937e, 0x0) (async) vmsplice(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000440)="fa677a20e61f2ff3d7f787908d8dda23e6c0470ad8931b697c83dfad3144a2171b09c4277c8065888be915330b3d4bcf2686c9726db2350d2a9461a4201ab58e7074097c7f76e65e4784ef6b7df152d5ec2d252ab8d9d1b4212616c3177bef9743b2364ee0ead05c78da9a7c373ebdeb430974d3dcb13e2c093ed33ecd85d2c96784a089f98cfc20a3e2ccefa2661d229e16ee48c130", 0x96}, {&(0x7f0000000500)="bacaefc85678eab528e5d904ff17d7ae0dfafcaadd63312683a1a9a0f0dd23a9787a54f056007d07b87e1a34d242b968a7ae93cf5e9150295e935735bbdb536f1dcf463381cf4a03", 0x48}, {&(0x7f0000000180)="2e48b94ef3cf15e6e77b2f13f920e173cee8d505bc0ebdf95e3700a3b5ee121e515eb32307b040", 0x27}, {&(0x7f0000000580)="5fab1cfc978994c4a91f2d2cf6e8c8c18b03eca55c671a9eb3f0f1e58a1de800d3fb4e84136187a02d524f3e3240d233ac03e95d710cecdfb66e0733b2d97a110a327e3f32e46dcf258d7a2cce84a9e52ccd82babc43ef8e03fa5056a289878ee96374afa9012f43ad8067015702e0a3e6a1a9228b0bd61d35c56f79a7769871c781f926ac3324adc70bb6b2f9a3c02102bb4efc8071f47f8ef11fa0ef2c19144b", 0xa1}, {&(0x7f0000000340)='L', 0x1}], 0x5, 0x6) (async) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=0x0) (async) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async) syz_open_dev$sg(0x0, 0x0, 0x0) (async) syz_open_dev$sg(0x0, 0x0, 0x127081) getrlimit(0xa, &(0x7f0000000040)) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) syz_open_dev$MSR(0x0, 0x0, 0x0) (async) set_mempolicy(0x4000, &(0x7f00000000c0)=0x401, 0x1) (async) mmap(&(0x7f0000618000/0x1000)=nil, 0x1000, 0x3000003, 0x10, 0xffffffffffffffff, 0x4351b000) fsopen(0x0, 0x0) (async) syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="03c9007586c3b619eb3906ef74e7e1b092754fdff60fc08a5054c0e1d37df3121f3e311a01c1fed555420beda3e16973ba802383718f6bf7652255e73f17bfd6d20bd9ba12cbc995bc78470f5e187e9781f99a5aaf7e10deb7c2f0f153ea04445c40560af1ba1ecbaf89e718b0d1976a82ed4f"], 0x79) (async) openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async) socket$inet6_sctp(0xa, 0x5, 0x84) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x15, 0x4, &(0x7f0000000300)=ANY=[@ANYRES64=r2], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00', r3}, 0x10) (async) madvise(&(0x7f0000bdd000/0x3000)=nil, 0x3000, 0x3a) (async) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000bdb000/0x3000)=nil, 0x3000, &(0x7f0000000040)='&\x00') (async) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) 9.966362724s ago: executing program 1 (id=234): pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) (async) mount$fuse(0x0, 0x0, 0x0, 0x1048001, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0]) (async) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x2, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000100)='./file0\x00') (async) rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x6}, 0x20, 0x0, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) r1 = gettid() landlock_create_ruleset(&(0x7f0000000080)={0x200, 0x0, 0x3}, 0x18, 0x3) (async) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc018937e, 0x0) (async) vmsplice(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000440)="fa677a20e61f2ff3d7f787908d8dda23e6c0470ad8931b697c83dfad3144a2171b09c4277c8065888be915330b3d4bcf2686c9726db2350d2a9461a4201ab58e7074097c7f76e65e4784ef6b7df152d5ec2d252ab8d9d1b4212616c3177bef9743b2364ee0ead05c78da9a7c373ebdeb430974d3dcb13e2c093ed33ecd85d2c96784a089f98cfc20a3e2ccefa2661d229e16ee48c130", 0x96}, {&(0x7f0000000500)="bacaefc85678eab528e5d904ff17d7ae0dfafcaadd63312683a1a9a0f0dd23a9787a54f056007d07b87e1a34d242b968a7ae93cf5e9150295e935735bbdb536f1dcf463381cf4a03", 0x48}, {&(0x7f0000000180)="2e48b94ef3cf15e6e77b2f13f920e173cee8d505bc0ebdf95e3700a3b5ee121e515eb32307b040", 0x27}, {&(0x7f0000000580)="5fab1cfc978994c4a91f2d2cf6e8c8c18b03eca55c671a9eb3f0f1e58a1de800d3fb4e84136187a02d524f3e3240d233ac03e95d710cecdfb66e0733b2d97a110a327e3f32e46dcf258d7a2cce84a9e52ccd82babc43ef8e03fa5056a289878ee96374afa9012f43ad8067015702e0a3e6a1a9228b0bd61d35c56f79a7769871c781f926ac3324adc70bb6b2f9a3c02102bb4efc8071f47f8ef11fa0ef2c19144b", 0xa1}, {&(0x7f0000000340)='L', 0x1}], 0x5, 0x6) (async) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=0x0) (async) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async) syz_open_dev$sg(0x0, 0x0, 0x0) (async) syz_open_dev$sg(0x0, 0x0, 0x127081) getrlimit(0xa, &(0x7f0000000040)) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) syz_open_dev$MSR(0x0, 0x0, 0x0) (async) set_mempolicy(0x4000, &(0x7f00000000c0)=0x401, 0x1) (async) mmap(&(0x7f0000618000/0x1000)=nil, 0x1000, 0x3000003, 0x10, 0xffffffffffffffff, 0x4351b000) fsopen(0x0, 0x0) (async) syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="03c9007586c3b619eb3906ef74e7e1b092754fdff60fc08a5054c0e1d37df3121f3e311a01c1fed555420beda3e16973ba802383718f6bf7652255e73f17bfd6d20bd9ba12cbc995bc78470f5e187e9781f99a5aaf7e10deb7c2f0f153ea04445c40560af1ba1ecbaf89e718b0d1976a82ed4f"], 0x79) (async) openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async) socket$inet6_sctp(0xa, 0x5, 0x84) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x15, 0x4, &(0x7f0000000300)=ANY=[@ANYRES64=r2], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00', r3}, 0x10) (async) madvise(&(0x7f0000bdd000/0x3000)=nil, 0x3000, 0x3a) (async) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000bdb000/0x3000)=nil, 0x3000, &(0x7f0000000040)='&\x00') (async) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) 4.058037919s ago: executing program 0 (id=785): r0 = socket$inet(0x2, 0xa, 0x6) syz_open_pts(0xffffffffffffffff, 0x210002) lseek(r0, 0x9, 0x3) r1 = socket(0x10, 0x803, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r6 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r6, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r9 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029e3b470d649b72ab25399cd956c07dead6a93690", 0x1c}], 0x1}, 0x0) r10 = socket$inet(0x2b, 0x801, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(r10, 0x0, 0x483, &(0x7f0000000100), &(0x7f0000000080)=0x68) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@newtfilter={0x118, 0x2c, 0xd27, 0xfff2, 0x0, {0x0, 0x0, 0x0, r5, {0xe, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_u32={{0x8}, {0xec, 0x2, [@TCA_U32_SEL={0x94, 0x5, {0x7, 0xef, 0x8, 0x8, 0x5, 0x9, 0x7, 0x0, [{0x1000, 0x4, 0x401, 0x6}, {0x8, 0x7, 0x1008, 0x5}, {0xfffffff9, 0x43, 0x7ffd, 0x6}, {0x7fde, 0x40, 0x51, 0x3ff}, {0x5, 0xb, 0x2, 0x42}, {0x6, 0x4, 0x8, 0x8}, {0x8001, 0x0, 0x0, 0x8001}, {0x1, 0x1800004, 0xa525}]}}, @TCA_U32_LINK={0x8}, @TCA_U32_POLICE={0x4c, 0x6, [@TCA_POLICE_TBF={0x3c, 0x1, {0x28bf, 0x10000000, 0xebb, 0x1, 0x2, {0x3, 0x2, 0x3, 0x3, 0x6}, {0xf3, 0x1, 0xfffb, 0x6f4, 0x6, 0x6}, 0x6, 0x0, 0xfafd}}, @TCA_POLICE_RATE64={0xc}]}]}}]}, 0x118}, 0x1, 0x0, 0x0, 0x80}, 0x40) dup3(r3, r2, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) 3.820281979s ago: executing program 3 (id=786): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'hsr0\x00', 0x0}) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$EVIOCRMFF(r3, 0x40044581, &(0x7f0000000040)=0x8) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r4}, @IFLA_HSR_SLAVE1={0x8, 0x1, r2}]}}}]}, 0x40}}, 0xc0000c0) (async) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r4}, @IFLA_HSR_SLAVE1={0x8, 0x1, r2}]}}}]}, 0x40}}, 0xc0000c0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002400128009000100626f6e64000000001400028006001900000000000500010004"], 0x44}}, 0x4004948) 3.670328541s ago: executing program 3 (id=787): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) close_range(r0, 0xffffffffffffffff, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) write$FUSE_INTERRUPT(r0, 0x0, 0x0) 3.669914125s ago: executing program 3 (id=788): r0 = socket$inet(0x2, 0xa, 0x6) syz_open_pts(0xffffffffffffffff, 0x210002) lseek(r0, 0x9, 0x3) r1 = socket(0x10, 0x803, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x5, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029e3b470d649b72ab25399cd956c07dead6a93690", 0x1c}], 0x1}, 0x0) r8 = socket$inet(0x2b, 0x801, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(r8, 0x0, 0x483, &(0x7f0000000100), &(0x7f0000000080)=0x68) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@newtfilter={0x118, 0x2c, 0xd27, 0xfff2, 0x0, {0x0, 0x0, 0x0, 0x0, {0xe, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_u32={{0x8}, {0xec, 0x2, [@TCA_U32_SEL={0x94, 0x5, {0x7, 0xef, 0x8, 0x8, 0x5, 0x9, 0x7, 0x0, [{0x1000, 0x4, 0x401, 0x6}, {0x8, 0x7, 0x1008, 0x5}, {0xfffffff9, 0x43, 0x7ffd, 0x6}, {0x7fde, 0x40, 0x51, 0x3ff}, {0x5, 0xb, 0x2, 0x42}, {0x6, 0x4, 0x8, 0x8}, {0x8001, 0x0, 0x0, 0x8001}, {0x1, 0x1800004, 0xa525}]}}, @TCA_U32_LINK={0x8}, @TCA_U32_POLICE={0x4c, 0x6, [@TCA_POLICE_TBF={0x3c, 0x1, {0x28bf, 0x10000000, 0xebb, 0x1, 0x2, {0x3, 0x2, 0x3, 0x3, 0x6}, {0xf3, 0x1, 0xfffb, 0x6f4, 0x6, 0x6}, 0x6, 0x0, 0xfafd}}, @TCA_POLICE_RATE64={0xc}]}]}}]}, 0x118}, 0x1, 0x0, 0x0, 0x80}, 0x40) dup3(r3, r2, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) 3.425841139s ago: executing program 2 (id=789): dup(0xffffffffffffffff) syz_init_net_socket$x25(0x9, 0x5, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$hidraw(0x0, 0x0, 0x418000) syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000009000008250200000000000000010902"], 0x0) syz_usb_connect(0x2, 0x24, 0x0, 0x0) pipe2(0x0, 0x80000) r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000100)=0x3ff, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x39cb, 0x4) sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0) recvfrom(r0, 0x0, 0x49, 0x12142, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000200)=@bridge_delneigh={0x28, 0x1c, 0x1, 0x2, 0x25dfdbfb, {0x7, 0x0, 0x0, r3, 0x3, 0x0, 0x6}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}]}, 0x1b}, 0x1, 0x0, 0x0, 0x40051}, 0x40c0) setfsuid(0xee00) membarrier(0x4, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x2000000) 3.189940236s ago: executing program 0 (id=790): r0 = socket$kcm(0x23, 0x2, 0x0) sendmsg$sock(r0, &(0x7f0000000340)={&(0x7f00000002c0)=@phonet, 0x80, &(0x7f0000000180)=[{&(0x7f00000003c0)="a0", 0x1}, {0x0, 0x2}], 0x2, 0x0, 0xeaff}, 0x0) 3.126595972s ago: executing program 0 (id=791): r0 = socket(0x10, 0x803, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0xffffffffffffff34, &(0x7f0000000080)={0x0, 0xb8}}, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x8004, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r3, 0xc05064a7, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4}) getsockname$packet(r0, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x3c) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000540)={0x3, &(0x7f0000000140)=[{0x25, 0x0, 0x1, 0x5}, {0x7, 0x0, 0x0, 0x4d60d799}, {0x6, 0xfe}]}) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r5, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x4, 0x0) r8 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r8) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r7, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r7) sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=@newtfilter={0x3c, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0xb}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0x6, 0x9872419279efcfed}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) r11 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r11, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_SETCRTC(r11, 0xc06864a2, &(0x7f00000002c0)={0x0, 0x0, r12, 0x0, 0x80, 0x5, 0x9, 0xffffffff, {0xfffffffb, 0xd6, 0x80, 0xd, 0x5, 0x401, 0xfff5, 0xa, 0x0, 0x52, 0xffff, 0x7e9, 0x803, 0x9aa1, "cb630dab3a0338057401a192419598961f50dc45c87d55a52a28b8f01c0e0e7a"}}) ioctl$DRM_IOCTL_MODE_CURSOR2(r3, 0xc02464bb, &(0x7f0000000400)={0x2, r12, 0x10001, 0x5, 0x7, 0x4, 0xff26, 0x100, 0x8}) sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWCHAIN={0x44, 0x3, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_USERDATA={0x22, 0x3, "91abc12404cf378042f26c43f91f68d8a90767c0bc71f60877974475de3d"}]}], {0x14}}, 0x6c}}, 0x0) 2.759231674s ago: executing program 3 (id=792): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$zero(0xffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$can_raw(0x1d, 0x3, 0x1) setsockopt$MRT6_DONE(r2, 0x29, 0xc9, 0x0, 0x0) ioctl$KVM_HYPERV_EVENTFD(r1, 0x4048aec9, &(0x7f0000000000)={0x5}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0], 0x1, 0x800, 0x0, 0xffffffffffffffff}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000100)={0x6, 0x1, 0x1, r3, 0x2}) 2.660374557s ago: executing program 3 (id=793): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000040)={0x9, r0}) r2 = socket$kcm(0x2d, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) add_key(&(0x7f0000000080)='logon\x00', &(0x7f0000000340)={'syz', 0x2}, &(0x7f0000000ac0)="a1", 0x1, 0xffffffffffffffff) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) socket$nl_route(0x10, 0x3, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3000009, 0x46031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9) r8 = syz_io_uring_setup(0x4e4, &(0x7f0000000200)={0x0, 0x33f8, 0x10100, 0x0, 0x0, 0x0, r7}, &(0x7f0000000180), &(0x7f00000001c0)) io_uring_enter(r8, 0x708, 0x41e3, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x20000000000, 0x3}, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r5], 0x20}, 0x1, 0x0, 0x0, 0x80d5}, 0x0) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r3, 0x84, 0x78, 0x0, 0x0) recvmmsg(r2, &(0x7f0000000640)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x40000020, 0x0) io_uring_enter(r1, 0x5b1a, 0xe27b, 0x28, &(0x7f0000000080)={[0x5, 0x8000]}, 0x8) flock(r0, 0x8) 2.310330237s ago: executing program 0 (id=794): dup(0xffffffffffffffff) syz_init_net_socket$x25(0x9, 0x5, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$hidraw(0x0, 0x0, 0x418000) syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000009000008250200000000000000010902"], 0x0) syz_usb_connect(0x2, 0x24, 0x0, 0x0) pipe2(0x0, 0x80000) r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000100)=0x3ff, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x39cb, 0x4) sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0) recvfrom(r0, 0x0, 0x49, 0x12142, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000200)=@bridge_delneigh={0x28, 0x1c, 0x1, 0x2, 0x25dfdbfb, {0x7, 0x0, 0x0, r3, 0x3, 0x0, 0x6}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}]}, 0x28}, 0x1, 0x0, 0x0, 0x40051}, 0x40c0) setfsuid(0xee00) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_SET(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)={0x2c, r5, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0x18, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xff}]}]}]}, 0x2c}}, 0x0) membarrier(0x4, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x2000000) 2.170416571s ago: executing program 2 (id=795): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(r1, 0x0, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$sock_proto_private(r2, 0x8b15, &(0x7f0000000080)) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffe80, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xfffffff7) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xe, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r4}, 0x10) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$SG_IO(r6, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r3}, 0x10) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x4c831, 0xffffffffffffffff, 0x8179b000) 2.170227989s ago: executing program 2 (id=796): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) close_range(r0, 0xffffffffffffffff, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) write$FUSE_INTERRUPT(r0, 0x0, 0x0) 2.10765719s ago: executing program 2 (id=797): r0 = fsopen(&(0x7f0000000000)='sysfs\x00', 0x0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="140100032d0001010000000000000000040100800c0011000000000000000080140001000000100000000000000000000000000150bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f8cd1"], 0x114}], 0x1}, 0x0) msgctl$IPC_SET(0x0, 0x1, &(0x7f00000004c0)={{0x1, 0xffffffffffffffff, 0x0, 0x0, 0xee00, 0x1cb, 0x38f}, 0x0, 0x0, 0xb7, 0xda, 0x4, 0x2, 0x8, 0x2, 0x101a, 0xd7df}) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r5 = fsopen(&(0x7f0000000000)='hfs\x00', 0x1000000) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) 2.086117312s ago: executing program 1 (id=234): pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) (async) mount$fuse(0x0, 0x0, 0x0, 0x1048001, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0]) (async) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x2, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000100)='./file0\x00') (async) rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x6}, 0x20, 0x0, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) r1 = gettid() landlock_create_ruleset(&(0x7f0000000080)={0x200, 0x0, 0x3}, 0x18, 0x3) (async) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc018937e, 0x0) (async) vmsplice(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000440)="fa677a20e61f2ff3d7f787908d8dda23e6c0470ad8931b697c83dfad3144a2171b09c4277c8065888be915330b3d4bcf2686c9726db2350d2a9461a4201ab58e7074097c7f76e65e4784ef6b7df152d5ec2d252ab8d9d1b4212616c3177bef9743b2364ee0ead05c78da9a7c373ebdeb430974d3dcb13e2c093ed33ecd85d2c96784a089f98cfc20a3e2ccefa2661d229e16ee48c130", 0x96}, {&(0x7f0000000500)="bacaefc85678eab528e5d904ff17d7ae0dfafcaadd63312683a1a9a0f0dd23a9787a54f056007d07b87e1a34d242b968a7ae93cf5e9150295e935735bbdb536f1dcf463381cf4a03", 0x48}, {&(0x7f0000000180)="2e48b94ef3cf15e6e77b2f13f920e173cee8d505bc0ebdf95e3700a3b5ee121e515eb32307b040", 0x27}, {&(0x7f0000000580)="5fab1cfc978994c4a91f2d2cf6e8c8c18b03eca55c671a9eb3f0f1e58a1de800d3fb4e84136187a02d524f3e3240d233ac03e95d710cecdfb66e0733b2d97a110a327e3f32e46dcf258d7a2cce84a9e52ccd82babc43ef8e03fa5056a289878ee96374afa9012f43ad8067015702e0a3e6a1a9228b0bd61d35c56f79a7769871c781f926ac3324adc70bb6b2f9a3c02102bb4efc8071f47f8ef11fa0ef2c19144b", 0xa1}, {&(0x7f0000000340)='L', 0x1}], 0x5, 0x6) (async) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=0x0) (async) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async) syz_open_dev$sg(0x0, 0x0, 0x0) (async) syz_open_dev$sg(0x0, 0x0, 0x127081) getrlimit(0xa, &(0x7f0000000040)) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) syz_open_dev$MSR(0x0, 0x0, 0x0) (async) set_mempolicy(0x4000, &(0x7f00000000c0)=0x401, 0x1) (async) mmap(&(0x7f0000618000/0x1000)=nil, 0x1000, 0x3000003, 0x10, 0xffffffffffffffff, 0x4351b000) fsopen(0x0, 0x0) (async) syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="03c9007586c3b619eb3906ef74e7e1b092754fdff60fc08a5054c0e1d37df3121f3e311a01c1fed555420beda3e16973ba802383718f6bf7652255e73f17bfd6d20bd9ba12cbc995bc78470f5e187e9781f99a5aaf7e10deb7c2f0f153ea04445c40560af1ba1ecbaf89e718b0d1976a82ed4f"], 0x79) (async) openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async) socket$inet6_sctp(0xa, 0x5, 0x84) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x15, 0x4, &(0x7f0000000300)=ANY=[@ANYRES64=r2], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00', r3}, 0x10) (async) madvise(&(0x7f0000bdd000/0x3000)=nil, 0x3000, 0x3a) (async) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000bdb000/0x3000)=nil, 0x3000, &(0x7f0000000040)='&\x00') (async) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) 83.042684ms ago: executing program 0 (id=798): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = epoll_create1(0x0) r2 = socket$unix(0x1, 0x1, 0x0) capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000140)={0x0, 0x8}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000080)={0xa002a008}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='tlb_flush\x00', r3}, 0x10) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x2e37, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3, 0x4, 0x0, @void, @value, @void, @value}, 0x50) sendfile64(r4, r2, &(0x7f00000000c0)=0x5, 0x5) 82.842876ms ago: executing program 2 (id=799): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000021, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x21000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 81.796529ms ago: executing program 3 (id=800): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r0}, 0x18) r1 = landlock_create_ruleset(&(0x7f00000004c0)={0x0, 0x1}, 0x10, 0x0) landlock_restrict_self(r1, 0x0) (fail_nth: 5) 321.73µs ago: executing program 2 (id=801): r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000200)={r1, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1c, 0x15, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458d40ae89bf938ec0de0200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}}) r2 = syz_open_dev$loop(&(0x7f00000001c0), 0x5, 0x88000) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, 0x0) ioctl$LOOP_CONFIGURE(r2, 0x40101283, &(0x7f0000001280)={r0, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x10, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea80000000000000000000000deff0000000000000000000000000000000800", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x800]}}) 0s ago: executing program 0 (id=802): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_smc(0x2b, 0x1, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000200000006c0400"]) ioctl$int_in(r2, 0x5421, &(0x7f00000000c0)=0x1) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r7 = landlock_create_ruleset(&(0x7f0000000240)={0xc80, 0x1, 0x5}, 0x18, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r7, 0x1, &(0x7f0000000300)={0x8000, r1}, 0x0) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r8 = accept4(r6, 0x0, 0x0, 0x0) sendmsg$alg(r8, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) sendmsg$nl_route_sched_retired(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0) recvmmsg(r8, &(0x7f0000002780)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000580)=""/77, 0x4d}], 0x1}}], 0x1, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000180)=0x1, 0x4) syz_emit_ethernet(0x74, &(0x7f0000000000)={@link_local={0xd}, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x73, 0x0, @private, @multicast1}, {0x0, 0x0, 0xfffffe9a, 0x0, @gue={{0x2}}}}}}}, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x4048080, 0x0, 0x0) mkdirat(0xffffffffffffffff, &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r9 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00') fchdir(r9) r10 = syz_open_dev$vcsn(&(0x7f0000000500), 0x0, 0x12000) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000340)={0x1ff, 0x0, 0x1, 0x1000, &(0x7f0000fff000/0x1000)=nil}) sendmmsg$unix(r1, &(0x7f0000000640)=[{{&(0x7f0000000080)=@abs={0x1, 0x30, 0x30}, 0x6e, 0x0}}, {{&(0x7f0000000680)=@file={0x1, '\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00'}, 0x6e, &(0x7f00000004c0)=[{&(0x7f00000003c0)="fc85cf58413e8105edf745b51ddaacba0a6d92d43da70594a10f1a164754a40d9f1461b75be30a8ae8cd539b4bce432abe2eceba78ef89ab2a42742bcf92bc0170c33791d85d716ac62eb13b49d745fef47decb0e5d06687e5976cbbbd5369a0c15572d487a8b1b0d37b82a801252d6d7b1303dfef6c53827b14e2a75a6bcee11c6f883a7364913a0c013c52951edb2e0951e99d38a45e5139b268d5b0d9e55e809bec7a6e522261d921263270c743f790a9fab252053b72419ecbd2003415889893ba91d2ffc0ea0e909a63996fcf03933dcb96f876b115511bb8aa6607aeda32ebfe5ff15c", 0xe6}], 0x1, &(0x7f0000000540)=[@rights={{0x28, 0x1, 0x1, [r10, r7, r1, r7, r7, r9, r0]}}], 0x28, 0x20000004}}], 0x2, 0x0) kernel console output (not intermixed with test programs): nique to avoid problems! [ 159.207877][ T8339] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 159.213368][ T8339] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.216520][ T8339] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.219691][ T8339] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.222364][ T8339] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.257998][ T91] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.261133][ T91] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.285277][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.288434][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.495254][ T8464] netlink: 'syz.0.553': attribute type 10 has an invalid length. [ 160.402594][ T8476] IPVS: set_ctl: invalid protocol: 43 172.20.20.31:20000 [ 161.139173][ T8469] syz.2.555 (8469) used greatest stack depth: 19848 bytes left [ 161.181708][ T40] kauditd_printk_skb: 60 callbacks suppressed [ 161.181721][ T40] audit: type=1326 audit(1745003206.043:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8480 comm="syz.3.558" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70be579 code=0x0 [ 161.487859][ T40] audit: type=1326 audit(1745003206.353:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8496 comm="syz.2.563" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc8579 code=0x7ffc0000 [ 161.497127][ T40] audit: type=1326 audit(1745003206.373:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8496 comm="syz.2.563" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc8579 code=0x7ffc0000 [ 161.510546][ T40] audit: type=1326 audit(1745003206.373:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8496 comm="syz.2.563" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fc8579 code=0x7ffc0000 [ 161.521228][ T40] audit: type=1326 audit(1745003206.373:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8496 comm="syz.2.563" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc8579 code=0x7ffc0000 [ 161.535137][ T40] audit: type=1326 audit(1745003206.373:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8496 comm="syz.2.563" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc8579 code=0x7ffc0000 [ 161.550062][ T40] audit: type=1326 audit(1745003206.373:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8496 comm="syz.2.563" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fc8579 code=0x7ffc0000 [ 161.567076][ T40] audit: type=1326 audit(1745003206.373:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8496 comm="syz.2.563" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf7fc8579 code=0x7ffc0000 [ 161.577017][ T40] audit: type=1326 audit(1745003206.373:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8496 comm="syz.2.563" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fc8579 code=0x7ffc0000 [ 161.586125][ T40] audit: type=1326 audit(1745003206.373:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8496 comm="syz.2.563" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf7fc8579 code=0x7ffc0000 [ 161.758892][ T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.284387][ T8510] 9pnet: Could not find request transport: f)_w35짷 uS.`(`}NLocd ھ%{|۩? 猪O P=_[0`@u[)ݦgJ`DXͼ0x0000000000000009 [ 163.360843][ T5964] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 163.365961][ T5964] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 163.369941][ T5964] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 163.375230][ T5964] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 163.378629][ T5964] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 163.417612][ T8511] lo speed is unknown, defaulting to 1000 [ 163.422686][ T8511] lo speed is unknown, defaulting to 1000 [ 163.593980][ T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.662918][ T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.676460][ T8511] chnl_net:caif_netlink_parms(): no params data found [ 163.739320][ T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.835227][ T8511] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.838085][ T8511] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.840347][ T8511] bridge_slave_0: entered allmulticast mode [ 163.843479][ T8511] bridge_slave_0: entered promiscuous mode [ 163.852877][ T8511] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.856995][ T8511] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.859310][ T8511] bridge_slave_1: entered allmulticast mode [ 163.862728][ T8511] bridge_slave_1: entered promiscuous mode [ 163.941873][ T8511] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 163.946972][ T8511] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 163.995540][ T8511] team0: Port device team_slave_0 added [ 164.011102][ T8511] team0: Port device team_slave_1 added [ 164.072291][ T8511] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 164.074923][ T8511] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 164.087419][ T8511] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 164.094050][ T13] bridge_slave_1: left allmulticast mode [ 164.096253][ T13] bridge_slave_1: left promiscuous mode [ 164.112124][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.116608][ T13] bridge_slave_0: left allmulticast mode [ 164.118528][ T13] bridge_slave_0: left promiscuous mode [ 164.120384][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.378739][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 164.382784][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 164.387494][ T13] bond0 (unregistering): Released all slaves [ 164.396223][ T8511] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 164.398484][ T8511] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 164.408831][ T8511] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 164.501314][ T8511] hsr_slave_0: entered promiscuous mode [ 164.503487][ T8511] hsr_slave_1: entered promiscuous mode [ 164.514567][ T8511] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 164.516983][ T8511] Cannot create hsr debugfs directory [ 164.831773][ T13] hsr_slave_0: left promiscuous mode [ 164.834333][ T13] hsr_slave_1: left promiscuous mode [ 164.836340][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 164.838670][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 164.841375][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 164.843698][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 164.869823][ T13] veth1_macvtap: left promiscuous mode [ 164.871618][ T13] veth0_macvtap: left promiscuous mode [ 164.873360][ T13] veth1_vlan: left promiscuous mode [ 164.877796][ T13] veth0_vlan: left promiscuous mode [ 165.464689][ T5961] Bluetooth: hci2: command tx timeout [ 165.501436][ T8561] FAULT_INJECTION: forcing a failure. [ 165.501436][ T8561] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 165.506291][ T8561] CPU: 3 UID: 0 PID: 8561 Comm: syz.2.573 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) [ 165.506311][ T8561] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 165.506318][ T8561] Call Trace: [ 165.506322][ T8561] [ 165.506326][ T8561] dump_stack_lvl+0x16c/0x1f0 [ 165.506345][ T8561] should_fail_ex+0x512/0x640 [ 165.506359][ T8561] _copy_from_user+0x2e/0xd0 [ 165.506374][ T8561] __ia32_compat_sys_socketcall+0x187/0x770 [ 165.506402][ T8561] ? __fget_files+0x20e/0x3c0 [ 165.506413][ T8561] ? __pfx___ia32_compat_sys_socketcall+0x10/0x10 [ 165.506430][ T8561] ? xfd_validate_state+0x5d/0x180 [ 165.506442][ T8561] ? rcu_is_watching+0x12/0xc0 [ 165.506453][ T8561] ? rcu_is_watching+0x12/0xc0 [ 165.506465][ T8561] __do_fast_syscall_32+0x73/0x120 [ 165.506482][ T8561] do_fast_syscall_32+0x32/0x80 [ 165.506497][ T8561] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 165.506510][ T8561] RIP: 0023:0xf7fc8579 [ 165.506519][ T8561] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 165.506528][ T8561] RSP: 002b:00000000f50e5440 EFLAGS: 00000293 ORIG_RAX: 0000000000000066 [ 165.506538][ T8561] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000f50e545c [ 165.506545][ T8561] RDX: 0000000000000000 RSI: 00000000f50e5560 RDI: 00000000f7452ff4 [ 165.506550][ T8561] RBP: 00000000f50e5560 R08: 0000000000000000 R09: 0000000000000000 [ 165.506556][ T8561] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 165.506562][ T8561] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 165.506575][ T8561] [ 165.963324][ T13] team0 (unregistering): Port device team_slave_1 removed [ 166.029004][ T13] team0 (unregistering): Port device team_slave_0 removed [ 166.532491][ T8565] lo speed is unknown, defaulting to 1000 [ 166.535391][ T8570] netlink: 'syz.3.578': attribute type 5 has an invalid length. [ 166.538766][ T8565] lo speed is unknown, defaulting to 1000 [ 166.558185][ T40] kauditd_printk_skb: 124 callbacks suppressed [ 166.558202][ T40] audit: type=1326 audit(1745003211.423:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8571 comm="syz.0.577" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 166.575476][ T40] audit: type=1326 audit(1745003211.423:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8571 comm="syz.0.577" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 166.583020][ T40] audit: type=1326 audit(1745003211.443:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8571 comm="syz.0.577" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 166.591888][ T40] audit: type=1326 audit(1745003211.443:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8571 comm="syz.0.577" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 166.599833][ T40] audit: type=1326 audit(1745003211.443:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8571 comm="syz.0.577" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 166.608151][ T40] audit: type=1326 audit(1745003211.443:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8571 comm="syz.0.577" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 166.617332][ T40] audit: type=1326 audit(1745003211.443:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8571 comm="syz.0.577" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 166.633530][ T40] audit: type=1326 audit(1745003211.443:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8571 comm="syz.0.577" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 166.641086][ T40] audit: type=1326 audit(1745003211.443:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8571 comm="syz.0.577" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 166.651492][ T40] audit: type=1326 audit(1745003211.443:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8571 comm="syz.0.577" exe="/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 167.069304][ T8511] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 167.082322][ T8511] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 167.089360][ T8511] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 167.105410][ T8511] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 167.192090][ T8511] 8021q: adding VLAN 0 to HW filter on device bond0 [ 167.202691][ T8511] 8021q: adding VLAN 0 to HW filter on device team0 [ 167.208726][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.211015][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 167.218177][ T98] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.220561][ T98] bridge0: port 2(bridge_slave_1) entered forwarding state [ 167.248798][ T8511] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 167.252034][ T8511] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 167.338092][ T8511] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 167.366065][ T8511] veth0_vlan: entered promiscuous mode [ 167.376454][ T8511] veth1_vlan: entered promiscuous mode [ 167.391332][ T8511] veth0_macvtap: entered promiscuous mode [ 167.396484][ T8511] veth1_macvtap: entered promiscuous mode [ 167.459995][ T8511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 167.463530][ T8511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.468419][ T8511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 167.472752][ T8511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.477464][ T8511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 167.481401][ T8511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.484584][ T8511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 167.487981][ T8511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.492572][ T8511] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 167.502059][ T8511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 167.514142][ T8511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.520600][ T8511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 167.524242][ T8511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.527254][ T8511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 167.530684][ T8511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.535271][ T8511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 167.539533][ T8511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.544159][ T5961] Bluetooth: hci2: command tx timeout [ 167.545804][ T8511] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 167.551727][ T8511] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.555621][ T8511] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.559645][ T8511] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.562463][ T8511] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.601013][ T8614] FAULT_INJECTION: forcing a failure. [ 167.601013][ T8614] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 167.605718][ T8614] CPU: 2 UID: 0 PID: 8614 Comm: syz.2.583 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) [ 167.605733][ T8614] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 167.605740][ T8614] Call Trace: [ 167.605744][ T8614] [ 167.605748][ T8614] dump_stack_lvl+0x16c/0x1f0 [ 167.605767][ T8614] should_fail_ex+0x512/0x640 [ 167.605782][ T8614] _copy_from_iter+0x2a4/0x15b0 [ 167.605797][ T8614] ? __alloc_skb+0x200/0x380 [ 167.605811][ T8614] ? __pfx__copy_from_iter+0x10/0x10 [ 167.605825][ T8614] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 167.605844][ T8614] netlink_sendmsg+0x829/0xdd0 [ 167.605861][ T8614] ? __pfx_netlink_sendmsg+0x10/0x10 [ 167.605876][ T8614] ? __import_iovec+0x1c8/0x660 [ 167.605893][ T8614] ____sys_sendmsg+0xa95/0xc70 [ 167.605904][ T8614] ? __pfx_____sys_sendmsg+0x10/0x10 [ 167.605913][ T8614] ? get_compat_msghdr+0x11a/0x170 [ 167.605932][ T8614] ___sys_sendmsg+0x134/0x1d0 [ 167.605946][ T8614] ? __pfx____sys_sendmsg+0x10/0x10 [ 167.605975][ T8614] __sys_sendmsg+0x16d/0x220 [ 167.605988][ T8614] ? __pfx___sys_sendmsg+0x10/0x10 [ 167.606006][ T8614] ? rcu_is_watching+0x12/0xc0 [ 167.606018][ T8614] ? rcu_is_watching+0x12/0xc0 [ 167.606029][ T8614] __do_fast_syscall_32+0x73/0x120 [ 167.606046][ T8614] do_fast_syscall_32+0x32/0x80 [ 167.606061][ T8614] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 167.606074][ T8614] RIP: 0023:0xf7fc8579 [ 167.606082][ T8614] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 167.606092][ T8614] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 167.606102][ T8614] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001ac0 [ 167.606108][ T8614] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 167.606114][ T8614] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 167.606119][ T8614] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 167.606125][ T8614] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 167.606137][ T8614] [ 167.711683][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 167.719372][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 167.735252][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 167.737828][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 167.848660][ T8628] netlink: 4 bytes leftover after parsing attributes in process `syz.2.586'. [ 167.914882][ T8628] team0: Port device team_slave_1 removed [ 168.113573][ T98] bridge_slave_1: left allmulticast mode [ 168.115480][ T98] bridge_slave_1: left promiscuous mode [ 168.119416][ T98] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.123840][ T98] bridge_slave_0: left allmulticast mode [ 168.126728][ T98] bridge_slave_0: left promiscuous mode [ 168.129728][ T98] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.244084][ T6015] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 168.394014][ T6015] usb 8-1: Using ep0 maxpacket: 8 [ 168.398588][ T6015] usb 8-1: config 0 has an invalid interface number: 55 but max is 0 [ 168.402923][ T6015] usb 8-1: config 0 has no interface number 0 [ 168.405062][ T6015] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 168.408555][ T6015] usb 8-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 168.413287][ T6015] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 168.417964][ T6015] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 168.423848][ T6015] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 168.427838][ T6015] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.435149][ T6015] usb 8-1: config 0 descriptor?? [ 168.445619][ T6015] ldusb 8-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 168.461607][ T98] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 168.467285][ T98] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 168.471436][ T98] bond0 (unregistering): Released all slaves [ 168.726430][ T98] hsr_slave_0: left promiscuous mode [ 168.728734][ T98] hsr_slave_1: left promiscuous mode [ 168.730703][ T98] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 168.733225][ T98] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 168.738399][ T98] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 168.741794][ T98] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 168.777182][ T98] veth1_macvtap: left promiscuous mode [ 168.778946][ T98] veth0_macvtap: left promiscuous mode [ 168.780704][ T98] veth1_vlan: left promiscuous mode [ 168.782515][ T98] veth0_vlan: left promiscuous mode [ 168.909341][ T9] usb 8-1: USB disconnect, device number 7 [ 168.919257][ T9] ldusb 8-1:0.55: LD USB Device #0 now disconnected [ 169.459356][ T98] team0 (unregistering): Port device team_slave_1 removed [ 169.640956][ T98] team0 (unregistering): Port device team_slave_0 removed [ 169.702998][ T8647] netlink: 8 bytes leftover after parsing attributes in process `syz.3.592'. [ 170.228355][ T8640] lo speed is unknown, defaulting to 1000 [ 170.233258][ T8640] lo speed is unknown, defaulting to 1000 [ 170.291230][ T8655] tmpfs: Unknown parameter 'syzkaller0' [ 170.624207][ T6014] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 170.777122][ T98] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.795743][ T6014] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 170.803982][ T6014] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 170.813964][ T6014] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 170.818755][ T6014] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 170.831844][ T6014] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.865809][ T6014] usb 8-1: config 0 descriptor?? [ 171.277078][ T6014] plantronics 0003:047F:FFFF.0002: reserved main item tag 0xd [ 171.280104][ T6014] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 171.288479][ T6014] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 171.446094][ T98] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.505985][ T98] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.586723][ T8666] netlink: 20 bytes leftover after parsing attributes in process `syz.3.596'. [ 171.610071][ T98] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.729120][ T98] bridge_slave_1: left allmulticast mode [ 171.731619][ T98] bridge_slave_1: left promiscuous mode [ 171.734660][ T98] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.740035][ T98] bridge_slave_0: left allmulticast mode [ 171.742315][ T98] bridge_slave_0: left promiscuous mode [ 171.744409][ T98] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.227490][ T98] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 172.231702][ T98] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 172.235732][ T98] bond0 (unregistering): Released all slaves [ 172.267849][ T5964] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 172.274780][ T5964] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 172.281483][ T5964] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 172.291382][ T5964] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 172.303565][ T5964] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 172.335968][ T98] bond0 (unregistering): Released all slaves [ 172.379336][ T8676] lo speed is unknown, defaulting to 1000 [ 172.385600][ T8676] lo speed is unknown, defaulting to 1000 [ 172.751059][ T8676] chnl_net:caif_netlink_parms(): no params data found [ 172.920192][ T8676] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.934041][ T8676] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.936410][ T8676] bridge_slave_0: entered allmulticast mode [ 172.939088][ T8676] bridge_slave_0: entered promiscuous mode [ 172.972112][ T8676] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.975611][ T8676] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.978016][ T8676] bridge_slave_1: entered allmulticast mode [ 172.982225][ T8676] bridge_slave_1: entered promiscuous mode [ 173.066133][ T8676] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 173.072241][ T8676] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 173.217818][ T8676] team0: Port device team_slave_0 added [ 173.228004][ T8676] team0: Port device team_slave_1 added [ 173.258368][ T98] hsr_slave_0: left promiscuous mode [ 173.261080][ T98] hsr_slave_1: left promiscuous mode [ 173.263188][ T98] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 173.266074][ T98] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 173.268910][ T98] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 173.271484][ T98] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 173.280072][ T98] hsr_slave_0: left promiscuous mode [ 173.282864][ T98] hsr_slave_1: left promiscuous mode [ 173.338870][ T98] veth1_macvtap: left promiscuous mode [ 173.341050][ T98] veth0_macvtap: left promiscuous mode [ 173.343341][ T98] veth1_vlan: left promiscuous mode [ 173.345194][ T98] veth0_vlan: left promiscuous mode [ 173.374911][ T98] veth1_macvtap: left allmulticast mode [ 173.377597][ T98] veth1_macvtap: left promiscuous mode [ 173.379952][ T98] veth0_macvtap: left promiscuous mode [ 173.382310][ T98] veth1_vlan: left promiscuous mode [ 173.404111][ T98] veth0_vlan: left promiscuous mode [ 173.440890][ T6022] usb 8-1: USB disconnect, device number 8 [ 173.538509][ T8731] netlink: 56 bytes leftover after parsing attributes in process `syz.3.605'. [ 174.078741][ T98] team0 (unregistering): Port device team_slave_1 removed [ 174.168901][ T98] team0 (unregistering): Port device team_slave_0 removed [ 174.345855][ T5961] Bluetooth: hci2: command tx timeout [ 174.431281][ T8744] FAULT_INJECTION: forcing a failure. [ 174.431281][ T8744] name failslab, interval 1, probability 0, space 0, times 0 [ 174.438873][ T8744] CPU: 0 UID: 0 PID: 8744 Comm: syz.0.611 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) [ 174.438897][ T8744] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 174.438907][ T8744] Call Trace: [ 174.438913][ T8744] [ 174.438920][ T8744] dump_stack_lvl+0x16c/0x1f0 [ 174.438946][ T8744] should_fail_ex+0x512/0x640 [ 174.438970][ T8744] should_failslab+0xc2/0x120 [ 174.438990][ T8744] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 174.439010][ T8744] ? skb_clone+0x190/0x3f0 [ 174.439036][ T8744] skb_clone+0x190/0x3f0 [ 174.439059][ T8744] netlink_deliver_tap+0xabd/0xd30 [ 174.439086][ T8744] netlink_unicast+0x5df/0x7f0 [ 174.439113][ T8744] ? __pfx_netlink_unicast+0x10/0x10 [ 174.439143][ T8744] netlink_sendmsg+0x8d1/0xdd0 [ 174.439170][ T8744] ? __pfx_netlink_sendmsg+0x10/0x10 [ 174.439203][ T8744] __sys_sendto+0x495/0x510 [ 174.439223][ T8744] ? __pfx___sys_sendto+0x10/0x10 [ 174.439262][ T8744] ? ksys_write+0x1b9/0x240 [ 174.439280][ T8744] ? __pfx_ksys_write+0x10/0x10 [ 174.439300][ T8744] __ia32_sys_sendto+0xdd/0x1b0 [ 174.439319][ T8744] ? lockdep_hardirqs_on+0x7c/0x110 [ 174.439342][ T8744] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 174.439365][ T8744] __do_fast_syscall_32+0x73/0x120 [ 174.439390][ T8744] do_fast_syscall_32+0x32/0x80 [ 174.439411][ T8744] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 174.439429][ T8744] RIP: 0023:0xf7fc3579 [ 174.439440][ T8744] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 174.439453][ T8744] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 174.439468][ T8744] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080 [ 174.439479][ T8744] RDX: 0000000000000078 RSI: 0000000024040800 RDI: 0000000000000000 [ 174.439489][ T8744] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 174.439503][ T8744] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 174.439511][ T8744] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 174.439533][ T8744] [ 174.439651][ T8744] netlink: 'syz.0.611': attribute type 5 has an invalid length. [ 175.844283][ T8676] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 175.846459][ T8676] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 175.856450][ T8676] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 175.860466][ T8676] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 175.862627][ T8676] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 175.883112][ T8676] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 175.942200][ T8676] hsr_slave_0: entered promiscuous mode [ 175.944522][ T8676] hsr_slave_1: entered promiscuous mode [ 176.424034][ T5961] Bluetooth: hci2: command tx timeout [ 176.608712][ T8676] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 176.615120][ T8676] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 176.622452][ T8676] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 176.646482][ T8676] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 176.664484][ T98] IPVS: stop unused estimator thread 0... [ 176.716324][ T8676] 8021q: adding VLAN 0 to HW filter on device bond0 [ 176.733998][ T8752] overlayfs: statfs failed on './file0' [ 176.740692][ T8676] 8021q: adding VLAN 0 to HW filter on device team0 [ 176.749355][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.751816][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.760959][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.763585][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.891173][ T8676] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 176.896042][ T8676] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 177.065903][ T8791] lo speed is unknown, defaulting to 1000 [ 177.067959][ T8791] lo speed is unknown, defaulting to 1000 [ 177.073016][ T8791] lo speed is unknown, defaulting to 1000 [ 177.098467][ T8791] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 177.133242][ T8676] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 177.144039][ T8791] lo speed is unknown, defaulting to 1000 [ 177.146507][ T8791] lo speed is unknown, defaulting to 1000 [ 177.148967][ T8791] lo speed is unknown, defaulting to 1000 [ 177.151553][ T8791] lo speed is unknown, defaulting to 1000 [ 177.180040][ T8676] veth0_vlan: entered promiscuous mode [ 177.186523][ T8676] veth1_vlan: entered promiscuous mode [ 177.206273][ T8676] veth0_macvtap: entered promiscuous mode [ 177.211950][ T8676] veth1_macvtap: entered promiscuous mode [ 177.224918][ T8676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 177.228227][ T8676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.231902][ T8676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 177.236666][ T8676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.241091][ T8676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 177.245419][ T8824] FAULT_INJECTION: forcing a failure. [ 177.245419][ T8824] name failslab, interval 1, probability 0, space 0, times 0 [ 177.249555][ T8824] CPU: 0 UID: 0 PID: 8824 Comm: syz.0.624 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) [ 177.249576][ T8824] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 177.249588][ T8824] Call Trace: [ 177.249593][ T8824] [ 177.249599][ T8824] dump_stack_lvl+0x16c/0x1f0 [ 177.249626][ T8824] should_fail_ex+0x512/0x640 [ 177.249643][ T8824] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 177.249656][ T8824] should_failslab+0xc2/0x120 [ 177.249669][ T8824] __kmalloc_cache_noprof+0x6a/0x3e0 [ 177.249680][ T8824] ? __scm_send+0xeb2/0x15e0 [ 177.249696][ T8824] __scm_send+0xeb2/0x15e0 [ 177.249713][ T8824] ? __pfx___scm_send+0x10/0x10 [ 177.249729][ T8824] unix_dgram_sendmsg+0x86f/0x1910 [ 177.249743][ T8824] ? aa_sk_perm+0x2f4/0xb10 [ 177.249756][ T8824] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 177.249766][ T8824] ? __pfx_aa_sk_perm+0x10/0x10 [ 177.249783][ T8824] ____sys_sendmsg+0xa95/0xc70 [ 177.249795][ T8824] ? __pfx_____sys_sendmsg+0x10/0x10 [ 177.249804][ T8824] ? get_compat_msghdr+0x11a/0x170 [ 177.249819][ T8824] ? __pfx__kstrtoull+0x10/0x10 [ 177.249839][ T8824] ___sys_sendmsg+0x134/0x1d0 [ 177.249853][ T8824] ? __pfx____sys_sendmsg+0x10/0x10 [ 177.249872][ T8824] ? find_held_lock+0x2b/0x80 [ 177.249892][ T8824] __sys_sendmmsg+0x2f9/0x420 [ 177.249907][ T8824] ? __pfx___sys_sendmmsg+0x10/0x10 [ 177.249925][ T8824] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 177.249946][ T8824] ? fput+0x70/0xf0 [ 177.249959][ T8824] ? ksys_write+0x1b9/0x240 [ 177.249969][ T8824] ? __pfx_ksys_write+0x10/0x10 [ 177.249982][ T8824] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 177.249996][ T8824] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 177.250011][ T8824] __do_fast_syscall_32+0x73/0x120 [ 177.250028][ T8824] do_fast_syscall_32+0x32/0x80 [ 177.250043][ T8824] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 177.250056][ T8824] RIP: 0023:0xf7fc3579 [ 177.250064][ T8824] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 177.250074][ T8824] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 177.250084][ T8824] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000880 [ 177.250090][ T8824] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 177.250096][ T8824] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 177.250101][ T8824] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 177.250107][ T8824] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 177.250119][ T8824] [ 177.253588][ T8676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.352739][ T8676] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 177.369526][ T8676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 177.373573][ T8676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.379010][ T8676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 177.383030][ T8676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.387345][ T8676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 177.391479][ T8676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.396241][ T8676] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 177.401374][ T8676] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.406807][ T8676] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.410321][ T8676] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.413820][ T8676] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.466874][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 177.470296][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 177.483423][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 177.492673][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 177.541315][ T8847] netlink: 12 bytes leftover after parsing attributes in process `syz.0.626'. [ 177.847349][ T8861] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 177.850153][ T8861] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 177.853120][ T8861] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 177.898585][ T5961] Bluetooth: hci1: unexpected event for opcode 0x1005 [ 178.581599][ T8872] FAULT_INJECTION: forcing a failure. [ 178.581599][ T8872] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 178.586185][ T8872] CPU: 1 UID: 0 PID: 8872 Comm: syz.3.632 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) [ 178.586210][ T8872] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 178.586218][ T8872] Call Trace: [ 178.586222][ T8872] [ 178.586226][ T8872] dump_stack_lvl+0x16c/0x1f0 [ 178.586245][ T8872] should_fail_ex+0x512/0x640 [ 178.586260][ T8872] _copy_to_user+0x32/0xd0 [ 178.586275][ T8872] simple_read_from_buffer+0xcb/0x170 [ 178.586293][ T8872] proc_fail_nth_read+0x197/0x270 [ 178.586309][ T8872] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 178.586325][ T8872] ? rw_verify_area+0xcf/0x680 [ 178.586341][ T8872] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 178.586356][ T8872] vfs_read+0x1de/0xc70 [ 178.586369][ T8872] ? __pfx___mutex_lock+0x10/0x10 [ 178.586384][ T8872] ? __pfx_vfs_read+0x10/0x10 [ 178.586398][ T8872] ? __fget_files+0x20e/0x3c0 [ 178.586412][ T8872] ksys_read+0x12a/0x240 [ 178.586422][ T8872] ? __pfx_ksys_read+0x10/0x10 [ 178.586437][ T8872] ? rcu_is_watching+0x12/0xc0 [ 178.586450][ T8872] __do_fast_syscall_32+0x73/0x120 [ 178.586467][ T8872] do_fast_syscall_32+0x32/0x80 [ 178.586482][ T8872] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 178.586495][ T8872] RIP: 0023:0xf70be579 [ 178.586503][ T8872] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 178.586513][ T8872] RSP: 002b:00000000f506c590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 178.586523][ T8872] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000f506c620 [ 178.586529][ T8872] RDX: 000000000000000f RSI: 00000000f7422ff4 RDI: 0000000000000000 [ 178.586535][ T8872] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 178.586541][ T8872] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 178.586546][ T8872] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 178.586560][ T8872] [ 179.320215][ T1173] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.474208][ T40] kauditd_printk_skb: 64 callbacks suppressed [ 179.474225][ T40] audit: type=1326 audit(1745003224.343:766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8887 comm="syz.0.637" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fc3579 code=0x0 [ 180.897649][ T8897] FAULT_INJECTION: forcing a failure. [ 180.897649][ T8897] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 180.903051][ T8897] CPU: 0 UID: 0 PID: 8897 Comm: syz.3.640 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) [ 180.903074][ T8897] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 180.903084][ T8897] Call Trace: [ 180.903090][ T8897] [ 180.903097][ T8897] dump_stack_lvl+0x16c/0x1f0 [ 180.903126][ T8897] should_fail_ex+0x512/0x640 [ 180.903151][ T8897] _copy_from_user+0x2e/0xd0 [ 180.903173][ T8897] input_event_from_user+0x137/0x290 [ 180.903191][ T8897] ? __pfx_input_event_from_user+0x10/0x10 [ 180.903210][ T8897] ? input_inject_event+0x1a5/0x390 [ 180.903229][ T8897] evdev_write+0x26b/0x440 [ 180.903259][ T8897] ? __pfx_evdev_write+0x10/0x10 [ 180.903285][ T8897] ? bpf_lsm_file_permission+0x9/0x10 [ 180.903301][ T8897] ? security_file_permission+0x71/0x210 [ 180.903324][ T8897] ? rw_verify_area+0xcf/0x680 [ 180.903352][ T8897] vfs_write+0x25c/0x1180 [ 180.903374][ T8897] ? __pfx_evdev_write+0x10/0x10 [ 180.903403][ T8897] ? __pfx_vfs_write+0x10/0x10 [ 180.903418][ T8897] ? find_held_lock+0x2b/0x80 [ 180.903437][ T8897] ? __fget_files+0x204/0x3c0 [ 180.903457][ T8897] ? __fget_files+0x20e/0x3c0 [ 180.903480][ T8897] ksys_write+0x205/0x240 [ 180.903497][ T8897] ? __pfx_ksys_write+0x10/0x10 [ 180.903517][ T8897] ? rcu_is_watching+0x12/0xc0 [ 180.903537][ T8897] __do_fast_syscall_32+0x73/0x120 [ 180.903564][ T8897] do_fast_syscall_32+0x32/0x80 [ 180.903587][ T8897] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 180.903608][ T8897] RIP: 0023:0xf70be579 [ 180.903621][ T8897] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 180.903637][ T8897] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 180.903654][ T8897] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000040 [ 180.903664][ T8897] RDX: 00000000000012d8 RSI: 0000000000000000 RDI: 0000000000000000 [ 180.903674][ T8897] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 180.903684][ T8897] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 180.903694][ T8897] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 180.903717][ T8897] [ 180.914775][ T8895] lo speed is unknown, defaulting to 1000 [ 180.916496][ T8897] block nbd3: Unsupported socket: shutdown callout must be supported. [ 180.918113][ T8895] lo speed is unknown, defaulting to 1000 [ 180.991050][ T8895] lo speed is unknown, defaulting to 1000 [ 181.045057][ T66] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 181.049118][ T66] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 181.053027][ T66] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 181.057243][ T66] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 181.060348][ T66] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 181.092747][ T8904] lo speed is unknown, defaulting to 1000 [ 181.098199][ T8904] lo speed is unknown, defaulting to 1000 [ 181.101686][ T8904] lo speed is unknown, defaulting to 1000 [ 181.151720][ T8914] 9pnet_fd: Insufficient options for proto=fd [ 181.251857][ T8904] chnl_net:caif_netlink_parms(): no params data found [ 181.276124][ T1173] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.339725][ T1173] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.390711][ T8904] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.393021][ T8904] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.395451][ T8904] bridge_slave_0: entered allmulticast mode [ 181.398134][ T8904] bridge_slave_0: entered promiscuous mode [ 181.401060][ T8904] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.403284][ T8904] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.405946][ T8904] bridge_slave_1: entered allmulticast mode [ 181.408713][ T8904] bridge_slave_1: entered promiscuous mode [ 181.472547][ T1173] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.502827][ T8904] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 181.514279][ T8904] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 181.566761][ T8904] team0: Port device team_slave_0 added [ 181.571767][ T8904] team0: Port device team_slave_1 added [ 181.624972][ T8904] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 181.627187][ T8904] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 181.635347][ T8904] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 181.655669][ T8904] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 181.657916][ T8904] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 181.669445][ T8904] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 181.690332][ T1173] bridge_slave_1: left allmulticast mode [ 181.692144][ T1173] bridge_slave_1: left promiscuous mode [ 181.694042][ T1173] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.697492][ T1173] bridge_slave_0: left allmulticast mode [ 181.699299][ T1173] bridge_slave_0: left promiscuous mode [ 181.701200][ T1173] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.019935][ T1173] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 182.025735][ T1173] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 182.031345][ T1173] bond0 (unregistering): Released all slaves [ 182.062057][ T8904] hsr_slave_0: entered promiscuous mode [ 182.064539][ T8904] hsr_slave_1: entered promiscuous mode [ 182.068337][ T8904] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 182.070821][ T8904] Cannot create hsr debugfs directory [ 182.367260][ T8947] lo speed is unknown, defaulting to 1000 [ 182.374581][ T8947] lo speed is unknown, defaulting to 1000 [ 182.382919][ T8947] lo speed is unknown, defaulting to 1000 [ 182.400182][ T1173] hsr_slave_0: left promiscuous mode [ 182.402908][ T1173] hsr_slave_1: left promiscuous mode [ 182.405991][ T1173] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 182.408481][ T1173] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 182.411861][ T1173] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 182.421265][ T1173] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 182.489509][ T1173] veth1_macvtap: left promiscuous mode [ 182.492463][ T1173] veth0_macvtap: left promiscuous mode [ 182.496956][ T1173] veth1_vlan: left promiscuous mode [ 182.500911][ T1173] veth0_vlan: left promiscuous mode [ 182.601232][ T40] audit: type=1326 audit(1745003227.463:767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8951 comm="syz.3.647" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70be579 code=0x0 [ 182.851591][ T8964] No source specified [ 182.859038][ T8964] FAULT_INJECTION: forcing a failure. [ 182.859038][ T8964] name failslab, interval 1, probability 0, space 0, times 0 [ 182.863031][ T8964] CPU: 2 UID: 0 PID: 8964 Comm: syz.0.650 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) [ 182.863045][ T8964] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 182.863052][ T8964] Call Trace: [ 182.863056][ T8964] [ 182.863060][ T8964] dump_stack_lvl+0x16c/0x1f0 [ 182.863079][ T8964] should_fail_ex+0x512/0x640 [ 182.863092][ T8964] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 182.863105][ T8964] should_failslab+0xc2/0x120 [ 182.863131][ T8964] __kmalloc_cache_noprof+0x6a/0x3e0 [ 182.863142][ T8964] ? autofs_init_fs_context+0x1a7/0x580 [ 182.863159][ T8964] ? kasan_save_track+0x14/0x30 [ 182.863172][ T8964] autofs_init_fs_context+0x1a7/0x580 [ 182.863187][ T8964] ? __pfx_autofs_init_fs_context+0x10/0x10 [ 182.863203][ T8964] alloc_fs_context+0x54a/0x9c0 [ 182.863217][ T8964] path_mount+0xb06/0x1f30 [ 182.863230][ T8964] ? kmem_cache_free+0x2d4/0x4d0 [ 182.863241][ T8964] ? __pfx_path_mount+0x10/0x10 [ 182.863254][ T8964] ? putname+0x154/0x1a0 [ 182.863268][ T8964] __ia32_sys_mount+0x28b/0x310 [ 182.863280][ T8964] ? __pfx___ia32_sys_mount+0x10/0x10 [ 182.863294][ T8964] ? rcu_is_watching+0x12/0xc0 [ 182.863306][ T8964] __do_fast_syscall_32+0x73/0x120 [ 182.863323][ T8964] do_fast_syscall_32+0x32/0x80 [ 182.863338][ T8964] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 182.863352][ T8964] RIP: 0023:0xf7fc3579 [ 182.863360][ T8964] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 182.863370][ T8964] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 182.863380][ T8964] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000380 [ 182.863386][ T8964] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000080000400 [ 182.863392][ T8964] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 182.863398][ T8964] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 182.863404][ T8964] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 182.863417][ T8964] [ 183.156000][ T5961] Bluetooth: hci2: command tx timeout [ 183.331878][ T8976] FAULT_INJECTION: forcing a failure. [ 183.331878][ T8976] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 183.340635][ T8976] CPU: 3 UID: 0 PID: 8976 Comm: syz.3.653 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) [ 183.340651][ T8976] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 183.340658][ T8976] Call Trace: [ 183.340662][ T8976] [ 183.340666][ T8976] dump_stack_lvl+0x16c/0x1f0 [ 183.340685][ T8976] should_fail_ex+0x512/0x640 [ 183.340700][ T8976] _copy_from_iter+0x2a4/0x15b0 [ 183.340717][ T8976] ? __pfx__copy_from_iter+0x10/0x10 [ 183.340733][ T8976] ? __pfx___might_resched+0x10/0x10 [ 183.340749][ T8976] file_tty_write.constprop.0+0x486/0x9b0 [ 183.340763][ T8976] vfs_write+0x5ba/0x1180 [ 183.340775][ T8976] ? __pfx_tty_write+0x10/0x10 [ 183.340785][ T8976] ? __pfx_vfs_write+0x10/0x10 [ 183.340795][ T8976] ? find_held_lock+0x2b/0x80 [ 183.340814][ T8976] ksys_write+0x12a/0x240 [ 183.340825][ T8976] ? __pfx_ksys_write+0x10/0x10 [ 183.340837][ T8976] ? rcu_is_watching+0x12/0xc0 [ 183.340849][ T8976] __do_fast_syscall_32+0x73/0x120 [ 183.340866][ T8976] do_fast_syscall_32+0x32/0x80 [ 183.340881][ T8976] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 183.340894][ T8976] RIP: 0023:0xf70be579 [ 183.340902][ T8976] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 183.340913][ T8976] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 183.340922][ T8976] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080001040 [ 183.340929][ T8976] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000000 [ 183.340934][ T8976] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 183.340940][ T8976] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 183.340946][ T8976] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 183.340959][ T8976] [ 183.427450][ T1173] team0 (unregistering): Port device team_slave_1 removed [ 183.484900][ T8978] kvm: requested 3352 ns i8254 timer period limited to 200000 ns [ 183.538712][ T1173] team0 (unregistering): Port device team_slave_0 removed [ 184.398806][ T8987] lo speed is unknown, defaulting to 1000 [ 184.435027][ T8987] lo speed is unknown, defaulting to 1000 [ 184.475799][ T8987] lo speed is unknown, defaulting to 1000 [ 184.479984][ T8993] netlink: 'syz.0.657': attribute type 1 has an invalid length. [ 184.693567][ T8904] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 184.699123][ T8904] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 184.704345][ T8904] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 184.714801][ T8904] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 184.819894][ T8904] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.839867][ T8904] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.859639][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.862773][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.874947][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.877221][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.018370][ T8904] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 185.067789][ T8904] veth0_vlan: entered promiscuous mode [ 185.074225][ T8904] veth1_vlan: entered promiscuous mode [ 185.074535][ T9029] netlink: 8 bytes leftover after parsing attributes in process `syz.3.663'. [ 185.121915][ T8904] veth0_macvtap: entered promiscuous mode [ 185.128545][ T8904] veth1_macvtap: entered promiscuous mode [ 185.138527][ T8904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 185.141713][ T8904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.154277][ T8904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 185.158159][ T8904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.161172][ T8904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 185.165004][ T8904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.168832][ T8904] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 185.174612][ T8904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 185.177882][ T8904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.180825][ T8904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 185.184140][ T8904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.187141][ T8904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 185.190270][ T8904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.194075][ T8904] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 185.198654][ T8904] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.201390][ T8904] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.204742][ T8904] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.208806][ T8904] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.224299][ T5961] Bluetooth: hci2: command tx timeout [ 185.247611][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 185.252542][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 185.257072][ T9039] netlink: 'syz.2.667': attribute type 1 has an invalid length. [ 185.284777][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 185.299356][ T9039] bond1: (slave gretap1): making interface the new active one [ 185.299906][ T9039] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 185.369118][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 185.811212][ T9050] netlink: 80 bytes leftover after parsing attributes in process `syz.0.670'. [ 185.856255][ T40] audit: type=1326 audit(1745003230.723:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9052 comm="syz.0.671" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x0 [ 186.619720][ T9062] FAULT_INJECTION: forcing a failure. [ 186.619720][ T9062] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 186.623700][ T9062] CPU: 1 UID: 0 PID: 9062 Comm: syz.3.674 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) [ 186.623714][ T9062] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 186.623720][ T9062] Call Trace: [ 186.623725][ T9062] [ 186.623729][ T9062] dump_stack_lvl+0x16c/0x1f0 [ 186.623771][ T9062] should_fail_ex+0x512/0x640 [ 186.623788][ T9062] _copy_from_iter+0x2a4/0x15b0 [ 186.623804][ T9062] ? __alloc_skb+0x200/0x380 [ 186.623817][ T9062] ? __pfx__copy_from_iter+0x10/0x10 [ 186.623831][ T9062] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 186.623850][ T9062] netlink_sendmsg+0x829/0xdd0 [ 186.623867][ T9062] ? __pfx_netlink_sendmsg+0x10/0x10 [ 186.623900][ T9062] ? __import_iovec+0x1c8/0x660 [ 186.623925][ T9062] ____sys_sendmsg+0xa95/0xc70 [ 186.623945][ T9062] ? __pfx_____sys_sendmsg+0x10/0x10 [ 186.623959][ T9062] ? get_compat_msghdr+0x11a/0x170 [ 186.623990][ T9062] ___sys_sendmsg+0x134/0x1d0 [ 186.624011][ T9062] ? __pfx____sys_sendmsg+0x10/0x10 [ 186.624056][ T9062] __sys_sendmsg+0x16d/0x220 [ 186.624079][ T9062] ? __pfx___sys_sendmsg+0x10/0x10 [ 186.624104][ T9062] ? rcu_is_watching+0x12/0xc0 [ 186.624117][ T9062] __do_fast_syscall_32+0x73/0x120 [ 186.624134][ T9062] do_fast_syscall_32+0x32/0x80 [ 186.624149][ T9062] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 186.624177][ T9062] RIP: 0023:0xf70be579 [ 186.624190][ T9062] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 186.624207][ T9062] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 186.624222][ T9062] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000280 [ 186.624232][ T9062] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 186.624241][ T9062] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 186.624250][ T9062] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 186.624257][ T9062] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 186.624270][ T9062] [ 187.526833][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.271125][ T66] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 189.275645][ T66] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 189.277670][ T9098] openvswitch: netlink: Missing key (keys=40, expected=80) [ 189.280327][ T66] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 189.286833][ T66] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 189.292425][ T66] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 189.375771][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.388996][ T9095] lo speed is unknown, defaulting to 1000 [ 189.392400][ T9095] lo speed is unknown, defaulting to 1000 [ 189.396061][ T9095] lo speed is unknown, defaulting to 1000 [ 189.434148][ T6012] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 189.475961][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.557457][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.597594][ T6012] usb 8-1: config 1 has an invalid descriptor of length 153, skipping remainder of the config [ 189.601029][ T6012] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 189.611144][ T6012] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 189.614085][ T6012] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.616606][ T6012] usb 8-1: Product: syz [ 189.617961][ T6012] usb 8-1: Manufacturer: syz [ 189.619458][ T6012] usb 8-1: SerialNumber: syz [ 189.642069][ T9095] chnl_net:caif_netlink_parms(): no params data found [ 189.913108][ T9095] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.919182][ T9095] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.921497][ T9095] bridge_slave_0: entered allmulticast mode [ 189.927928][ T9095] bridge_slave_0: entered promiscuous mode [ 189.932616][ T12] bridge_slave_1: left allmulticast mode [ 189.936204][ T12] bridge_slave_1: left promiscuous mode [ 189.938569][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.946099][ T12] bridge_slave_0: left allmulticast mode [ 189.947913][ T12] bridge_slave_0: left promiscuous mode [ 189.949723][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.232738][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 190.237108][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 190.240768][ T12] bond0 (unregistering): Released all slaves [ 190.246498][ T9095] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.248857][ T9095] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.251155][ T9095] bridge_slave_1: entered allmulticast mode [ 190.253753][ T9095] bridge_slave_1: entered promiscuous mode [ 190.287613][ T9095] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 190.292027][ T9095] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 190.326077][ T40] audit: type=1326 audit(1745003235.193:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9083 comm="syz.3.683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 190.337469][ T40] audit: type=1326 audit(1745003235.193:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9083 comm="syz.3.683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 190.344584][ T40] audit: type=1326 audit(1745003235.193:771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9083 comm="syz.3.683" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 190.351695][ T40] audit: type=1326 audit(1745003235.193:772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9083 comm="syz.3.683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 190.357406][ T9116] batman_adv: batadv0: Adding interface: dummy0 [ 190.358487][ T40] audit: type=1326 audit(1745003235.193:773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9083 comm="syz.3.683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 190.360337][ T9116] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.367283][ T40] audit: type=1326 audit(1745003235.193:774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9083 comm="syz.3.683" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 190.382050][ T40] audit: type=1326 audit(1745003235.193:775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9083 comm="syz.3.683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 190.388727][ T40] audit: type=1326 audit(1745003235.193:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9083 comm="syz.3.683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 190.395119][ T40] audit: type=1326 audit(1745003235.193:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9083 comm="syz.3.683" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 190.461498][ T9116] batman_adv: batadv0: Interface activated: dummy0 [ 190.466914][ T9095] team0: Port device team_slave_0 added [ 190.532674][ T9095] team0: Port device team_slave_1 added [ 190.587465][ T9095] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 190.589655][ T9095] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.599817][ T9095] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 190.618551][ T9095] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 190.620691][ T9095] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.628939][ T9095] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 190.670729][ T9095] hsr_slave_0: entered promiscuous mode [ 190.672982][ T9095] hsr_slave_1: entered promiscuous mode [ 190.705419][ T12] hsr_slave_0: left promiscuous mode [ 190.707522][ T12] hsr_slave_1: left promiscuous mode [ 190.709491][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 190.711737][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 190.715344][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 190.717675][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 190.733297][ T12] veth1_macvtap: left promiscuous mode [ 190.736164][ T12] veth0_macvtap: left promiscuous mode [ 190.737949][ T12] veth1_vlan: left promiscuous mode [ 190.739603][ T12] veth0_vlan: left promiscuous mode [ 191.281113][ T12] team0 (unregistering): Port device team_slave_1 removed [ 191.364061][ T12] team0 (unregistering): Port device team_slave_0 removed [ 191.385673][ T66] Bluetooth: hci2: command tx timeout [ 192.044083][ T9155] overlayfs: conflicting options: userxattr,redirect_dir=on [ 192.049780][ T9155] netlink: 8 bytes leftover after parsing attributes in process `syz.0.694'. [ 192.182613][ T34] usb 8-1: USB disconnect, device number 9 [ 192.368740][ T9175] netlink: 4 bytes leftover after parsing attributes in process `syz.3.697'. [ 192.413971][ T836] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 192.511080][ T9095] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 192.527939][ T9095] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 192.536074][ T9095] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 192.541724][ T9095] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 192.564067][ T836] usb 7-1: Using ep0 maxpacket: 8 [ 192.568249][ T836] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 192.574212][ T836] usb 7-1: config 0 has no interface number 0 [ 192.576956][ T836] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 192.585894][ T836] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 192.590959][ T836] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 192.596371][ T836] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 192.598961][ T9095] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.600400][ T836] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 192.605819][ T836] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.610759][ T836] usb 7-1: config 0 descriptor?? [ 192.617183][ T836] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 192.621347][ T9095] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.627228][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.629504][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.645239][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.647604][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.735084][ T9095] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.757368][ T9095] veth0_vlan: entered promiscuous mode [ 192.762862][ T9095] veth1_vlan: entered promiscuous mode [ 192.778740][ T9095] veth0_macvtap: entered promiscuous mode [ 192.782270][ T9095] veth1_macvtap: entered promiscuous mode [ 192.790060][ T9095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 192.793213][ T9095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.797070][ T9095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 192.800230][ T9095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.803128][ T9095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 192.806425][ T9095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.810468][ T9095] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 192.819318][ T9095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 192.822802][ T9095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.826528][ T9095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 192.829738][ T9095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.833415][ T9095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 192.836704][ T9095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.840633][ T9095] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 192.852972][ T9095] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 192.859532][ T9095] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 192.863327][ T9095] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 192.867630][ T9095] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 192.874001][ T6022] usb 7-1: USB disconnect, device number 7 [ 192.882509][ T6022] ldusb 7-1:0.55: LD USB Device #0 now disconnected [ 192.910169][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 192.912783][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 192.925582][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 192.928909][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 193.075282][ T9207] netlink: 4 bytes leftover after parsing attributes in process `syz.0.698'. [ 193.133456][ T9208] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.140333][ T9207] team0: Port device team_slave_1 removed [ 193.166292][ T9210] FAULT_INJECTION: forcing a failure. [ 193.166292][ T9210] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 193.170924][ T9210] CPU: 2 UID: 0 PID: 9210 Comm: syz.3.699 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) [ 193.170939][ T9210] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 193.170946][ T9210] Call Trace: [ 193.170950][ T9210] [ 193.170954][ T9210] dump_stack_lvl+0x16c/0x1f0 [ 193.170973][ T9210] should_fail_ex+0x512/0x640 [ 193.170988][ T9210] should_fail_alloc_page+0xe7/0x130 [ 193.171003][ T9210] prepare_alloc_pages+0x3c2/0x610 [ 193.171040][ T9210] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 193.171056][ T9210] ? __lock_acquire+0x5ca/0x1ba0 [ 193.171074][ T9210] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 193.171088][ T9210] ? weighted_interleave_nid+0x3e9/0x5a0 [ 193.171106][ T9210] ? __pfx_weighted_interleave_nid+0x10/0x10 [ 193.171121][ T9210] ? __lock_acquire+0x5ca/0x1ba0 [ 193.171137][ T9210] ? policy_nodemask+0xea/0x4e0 [ 193.171151][ T9210] alloc_pages_mpol+0x1fb/0x550 [ 193.171165][ T9210] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 193.171179][ T9210] ? __lock_acquire+0x5ca/0x1ba0 [ 193.171195][ T9210] folio_alloc_mpol_noprof+0x36/0x2f0 [ 193.171211][ T9210] vma_alloc_folio_noprof+0xed/0x1e0 [ 193.171226][ T9210] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 193.171246][ T9210] do_pte_missing+0x223d/0x3fb0 [ 193.171265][ T9210] __handle_mm_fault+0x103d/0x2a40 [ 193.171280][ T9210] ? __pfx___handle_mm_fault+0x10/0x10 [ 193.171290][ T9210] ? __pte_offset_map_lock+0x155/0x2f0 [ 193.171306][ T9210] ? find_held_lock+0x2b/0x80 [ 193.171315][ T9210] ? find_held_lock+0x2b/0x80 [ 193.171334][ T9210] handle_mm_fault+0x3fe/0xad0 [ 193.171348][ T9210] __get_user_pages+0x771/0x36f0 [ 193.171362][ T9210] ? __pfx_mt_find+0x10/0x10 [ 193.171378][ T9210] ? __pfx___get_user_pages+0x10/0x10 [ 193.171393][ T9210] populate_vma_page_range+0x278/0x3a0 [ 193.171405][ T9210] ? __pfx_populate_vma_page_range+0x10/0x10 [ 193.171415][ T9210] ? __pfx_find_vma_intersection+0x10/0x10 [ 193.171431][ T9210] ? __pfx_apply_vma_lock_flags+0x10/0x10 [ 193.171445][ T9210] __mm_populate+0x1d8/0x380 [ 193.171456][ T9210] ? __pfx___mm_populate+0x10/0x10 [ 193.171467][ T9210] ? up_write+0x1b2/0x520 [ 193.171484][ T9210] do_mlock+0x448/0x810 [ 193.171496][ T9210] ? __fget_files+0x20e/0x3c0 [ 193.171507][ T9210] ? __pfx_do_mlock+0x10/0x10 [ 193.171519][ T9210] ? fput+0x70/0xf0 [ 193.171532][ T9210] ? ksys_write+0x1b9/0x240 [ 193.171542][ T9210] ? __pfx_ksys_write+0x10/0x10 [ 193.171555][ T9210] __ia32_sys_mlock+0x57/0x80 [ 193.171567][ T9210] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 193.171583][ T9210] __do_fast_syscall_32+0x73/0x120 [ 193.171600][ T9210] do_fast_syscall_32+0x32/0x80 [ 193.171615][ T9210] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 193.171628][ T9210] RIP: 0023:0xf70be579 [ 193.171636][ T9210] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 193.171645][ T9210] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000096 [ 193.171655][ T9210] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000800000 [ 193.171661][ T9210] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 193.171667][ T9210] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 193.171672][ T9210] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 193.171678][ T9210] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 193.171715][ T9210] [ 193.461622][ T9218] lo speed is unknown, defaulting to 1000 [ 193.465846][ T9218] lo speed is unknown, defaulting to 1000 [ 193.468548][ T9218] lo speed is unknown, defaulting to 1000 [ 193.710214][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.712421][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.542271][ T9243] FAULT_INJECTION: forcing a failure. [ 194.542271][ T9243] name failslab, interval 1, probability 0, space 0, times 0 [ 194.546887][ T9243] CPU: 3 UID: 0 PID: 9243 Comm: syz.2.707 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) [ 194.546901][ T9243] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 194.546908][ T9243] Call Trace: [ 194.546911][ T9243] [ 194.546915][ T9243] dump_stack_lvl+0x16c/0x1f0 [ 194.546934][ T9243] should_fail_ex+0x512/0x640 [ 194.546947][ T9243] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 194.546962][ T9243] should_failslab+0xc2/0x120 [ 194.546975][ T9243] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 194.546987][ T9243] ? blk_cgroup_congested+0x140/0x270 [ 194.546997][ T9243] ? ptlock_alloc+0x1f/0x70 [ 194.547009][ T9243] ptlock_alloc+0x1f/0x70 [ 194.547024][ T9243] pte_alloc_one+0x6d/0x380 [ 194.547037][ T9243] do_huge_pmd_anonymous_page+0x2bb/0x1ff0 [ 194.547049][ T9243] ? find_held_lock+0x2b/0x80 [ 194.547061][ T9243] __handle_mm_fault+0x1c10/0x2a40 [ 194.547076][ T9243] ? __pfx___handle_mm_fault+0x10/0x10 [ 194.547098][ T9243] handle_mm_fault+0x3fe/0xad0 [ 194.547111][ T9243] __get_user_pages+0x771/0x36f0 [ 194.547124][ T9243] ? __pfx_mt_find+0x10/0x10 [ 194.547141][ T9243] ? __pfx___get_user_pages+0x10/0x10 [ 194.547155][ T9243] populate_vma_page_range+0x278/0x3a0 [ 194.547166][ T9243] ? __pfx_populate_vma_page_range+0x10/0x10 [ 194.547176][ T9243] ? __pfx_find_vma_intersection+0x10/0x10 [ 194.547193][ T9243] ? __pfx_apply_vma_lock_flags+0x10/0x10 [ 194.547207][ T9243] __mm_populate+0x1d8/0x380 [ 194.547218][ T9243] ? __pfx___mm_populate+0x10/0x10 [ 194.547230][ T9243] ? up_write+0x1b2/0x520 [ 194.547247][ T9243] do_mlock+0x448/0x810 [ 194.547259][ T9243] ? __fget_files+0x20e/0x3c0 [ 194.547269][ T9243] ? __pfx_do_mlock+0x10/0x10 [ 194.547281][ T9243] ? fput+0x70/0xf0 [ 194.547294][ T9243] ? ksys_write+0x1b9/0x240 [ 194.547305][ T9243] ? __pfx_ksys_write+0x10/0x10 [ 194.547318][ T9243] __ia32_sys_mlock+0x57/0x80 [ 194.547330][ T9243] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 194.547345][ T9243] __do_fast_syscall_32+0x73/0x120 [ 194.547362][ T9243] do_fast_syscall_32+0x32/0x80 [ 194.547377][ T9243] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 194.547390][ T9243] RIP: 0023:0xf7fc8579 [ 194.547397][ T9243] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 194.547407][ T9243] RSP: 002b:00000000f50a455c EFLAGS: 00000296 ORIG_RAX: 0000000000000096 [ 194.547417][ T9243] RAX: ffffffffffffffda RBX: 0000000080c00000 RCX: 0000000000400000 [ 194.547423][ T9243] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 194.547429][ T9243] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 194.547434][ T9243] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 194.547440][ T9243] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 194.547453][ T9243] [ 195.250699][ T9257] 9pnet_fd: Insufficient options for proto=fd [ 195.490504][ T9265] lo speed is unknown, defaulting to 1000 [ 195.498994][ T9265] lo speed is unknown, defaulting to 1000 [ 195.504695][ T9265] lo speed is unknown, defaulting to 1000 [ 195.713652][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.349350][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.402761][ T9276] netlink: 260 bytes leftover after parsing attributes in process `syz.0.717'. [ 197.407528][ T9279] netlink: 8 bytes leftover after parsing attributes in process `syz.2.718'. [ 197.439736][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.528399][ T5961] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 197.532791][ T5961] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 197.535903][ T5961] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 197.538392][ T5961] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 197.540775][ T5961] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 197.618431][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.650126][ T9292] lo speed is unknown, defaulting to 1000 [ 197.652544][ T9292] lo speed is unknown, defaulting to 1000 [ 197.656933][ T9292] lo speed is unknown, defaulting to 1000 [ 197.764567][ T12] bridge_slave_1: left allmulticast mode [ 197.766704][ T12] bridge_slave_1: left promiscuous mode [ 197.768523][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.772473][ T12] bridge_slave_0: left allmulticast mode [ 197.776479][ T12] bridge_slave_0: left promiscuous mode [ 197.779260][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.804426][ T9299] netlink: 4 bytes leftover after parsing attributes in process `syz.3.724'. [ 198.048798][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 198.053201][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 198.062804][ T12] bond0 (unregistering): Released all slaves [ 198.079986][ T9292] chnl_net:caif_netlink_parms(): no params data found [ 198.282080][ T9292] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.284902][ T9292] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.287200][ T9292] bridge_slave_0: entered allmulticast mode [ 198.290133][ T9292] bridge_slave_0: entered promiscuous mode [ 198.326373][ T9292] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.328694][ T9292] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.334092][ T9292] bridge_slave_1: entered allmulticast mode [ 198.336741][ T9292] bridge_slave_1: entered promiscuous mode [ 198.396435][ T9292] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.400858][ T9292] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.450833][ T9292] team0: Port device team_slave_0 added [ 198.456919][ T9292] team0: Port device team_slave_1 added [ 198.519912][ T12] hsr_slave_0: left promiscuous mode [ 198.521940][ T12] hsr_slave_1: left promiscuous mode [ 198.524406][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 198.526638][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 198.529849][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 198.532091][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 198.553646][ T12] veth1_macvtap: left promiscuous mode [ 198.556092][ T12] veth0_macvtap: left promiscuous mode [ 198.557898][ T12] veth1_vlan: left promiscuous mode [ 198.559531][ T12] veth0_vlan: left promiscuous mode [ 198.812541][ T836] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 198.944018][ T836] usb 7-1: device descriptor read/64, error -71 [ 199.193976][ T836] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 199.249224][ T12] team0 (unregistering): Port device team_slave_1 removed [ 199.309402][ T12] team0 (unregistering): Port device team_slave_0 removed [ 199.334015][ T836] usb 7-1: device descriptor read/64, error -71 [ 199.456880][ T836] usb usb7-port1: attempt power cycle [ 199.624860][ T66] Bluetooth: hci2: command tx timeout [ 199.767720][ T9292] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 199.769883][ T9292] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 199.777830][ T9292] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 199.781959][ T9292] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 199.784335][ T9292] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 199.791896][ T9292] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 199.794022][ T836] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 199.827195][ T836] usb 7-1: device descriptor read/8, error -71 [ 199.851386][ T9292] hsr_slave_0: entered promiscuous mode [ 199.854602][ T9292] hsr_slave_1: entered promiscuous mode [ 199.954355][ T9] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 200.092005][ T9] usb 8-1: device descriptor read/64, error -71 [ 200.093981][ T836] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 200.117776][ T836] usb 7-1: device descriptor read/8, error -71 [ 200.203990][ T5993] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 200.225062][ T836] usb usb7-port1: unable to enumerate USB device [ 200.334136][ T9] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 200.373988][ T5993] usb 5-1: Using ep0 maxpacket: 32 [ 200.376813][ T5993] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 200.381333][ T5993] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 200.384184][ T5993] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 200.386634][ T5993] usb 5-1: Product: syz [ 200.387908][ T5993] usb 5-1: Manufacturer: syz [ 200.389330][ T5993] usb 5-1: SerialNumber: syz [ 200.393095][ T5993] usb 5-1: config 0 descriptor?? [ 200.395181][ T9343] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 200.455402][ T9292] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 200.464246][ T9] usb 8-1: device descriptor read/64, error -71 [ 200.465054][ T9292] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 200.476322][ T9292] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 200.488275][ T9292] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 200.540461][ T9292] 8021q: adding VLAN 0 to HW filter on device bond0 [ 200.555109][ T9292] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.569281][ T1173] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.572090][ T1173] bridge0: port 1(bridge_slave_0) entered forwarding state [ 200.574156][ T9] usb usb8-port1: attempt power cycle [ 200.578047][ T1173] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.580753][ T1173] bridge0: port 2(bridge_slave_1) entered forwarding state [ 200.598641][ T9343] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 200.601429][ T9343] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 200.690326][ T9292] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 200.710201][ T9292] veth0_vlan: entered promiscuous mode [ 200.719376][ T9292] veth1_vlan: entered promiscuous mode [ 200.724181][ T6014] usb 5-1: USB disconnect, device number 7 [ 200.738037][ T9292] veth0_macvtap: entered promiscuous mode [ 200.741854][ T9292] veth1_macvtap: entered promiscuous mode [ 200.752774][ T9292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 200.756950][ T9292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.759990][ T9292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 200.765163][ T9292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.768240][ T9292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 200.771464][ T9292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.777477][ T9292] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 200.782198][ T9292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 200.785418][ T9292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.788774][ T9292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 200.792483][ T9292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.795900][ T9292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 200.799131][ T9292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.804058][ T9292] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 200.809742][ T9292] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.812492][ T9292] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.815172][ T9292] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.817909][ T9292] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.895215][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 200.897591][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.914093][ T9] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 200.926211][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 200.928608][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.934400][ T9] usb 8-1: device descriptor read/8, error -71 [ 200.999476][ T9396] netlink: 12 bytes leftover after parsing attributes in process `syz.2.741'. [ 201.175063][ T9] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 201.194918][ T9] usb 8-1: device descriptor read/8, error -71 [ 201.304997][ T9] usb usb8-port1: unable to enumerate USB device [ 201.482275][ T9401] lo speed is unknown, defaulting to 1000 [ 201.485971][ T9401] lo speed is unknown, defaulting to 1000 [ 201.489636][ T9401] lo speed is unknown, defaulting to 1000 [ 203.671906][ T1138] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.909360][ T1138] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.028332][ T1138] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.105134][ T1138] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.178178][ T1138] bridge_slave_1: left allmulticast mode [ 205.179990][ T1138] bridge_slave_1: left promiscuous mode [ 205.181890][ T1138] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.186674][ T1138] bridge_slave_0: left allmulticast mode [ 205.188616][ T1138] bridge_slave_0: left promiscuous mode [ 205.190566][ T1138] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.425189][ T1138] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 205.430678][ T1138] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 205.434640][ T1138] bond0 (unregistering): Released all slaves [ 205.568783][ T5961] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 205.572015][ T5961] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 205.583153][ T5961] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 205.590159][ T5961] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 205.600215][ T5961] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 206.305457][ T5993] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 206.429569][ T9436] lo speed is unknown, defaulting to 1000 [ 206.433204][ T9436] lo speed is unknown, defaulting to 1000 [ 206.438357][ T9436] lo speed is unknown, defaulting to 1000 [ 206.444391][ T5993] usb 5-1: device descriptor read/64, error -71 [ 206.452772][ T836] IPVS: starting estimator thread 0... [ 206.459144][ T9451] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 206.461766][ T9451] tipc: Enabled bearer , priority 10 [ 206.506746][ T1138] hsr_slave_0: left promiscuous mode [ 206.514288][ T1138] hsr_slave_1: left promiscuous mode [ 206.516959][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 206.519896][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 206.523363][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 206.528328][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 206.554067][ T9453] IPVS: using max 29 ests per chain, 69600 per kthread [ 206.557853][ T1138] veth1_macvtap: left promiscuous mode [ 206.560154][ T1138] veth0_macvtap: left promiscuous mode [ 206.562452][ T1138] veth1_vlan: left promiscuous mode [ 206.566534][ T1138] veth0_vlan: left promiscuous mode [ 206.595289][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 206.684188][ T5993] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 206.824089][ T5993] usb 5-1: device descriptor read/64, error -71 [ 206.864021][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 206.935635][ T5993] usb usb5-port1: attempt power cycle [ 207.211310][ T1138] team0 (unregistering): Port device team_slave_1 removed [ 207.282880][ T1138] team0 (unregistering): Port device team_slave_0 removed [ 207.283982][ T5993] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 207.314734][ T5993] usb 5-1: device descriptor read/8, error -71 [ 207.393980][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 207.573980][ T5993] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 207.584411][ T5993] usb 5-1: device descriptor read/8, error -71 [ 207.634962][ T66] Bluetooth: hci2: command tx timeout [ 207.704254][ T5993] usb usb5-port1: unable to enumerate USB device [ 207.862417][ T9462] lo speed is unknown, defaulting to 1000 [ 207.898519][ T9462] lo speed is unknown, defaulting to 1000 [ 207.900572][ T9467] lo speed is unknown, defaulting to 1000 [ 207.905162][ T9462] lo speed is unknown, defaulting to 1000 [ 207.905599][ T9467] lo speed is unknown, defaulting to 1000 [ 207.919667][ T9467] lo speed is unknown, defaulting to 1000 [ 207.984349][ T9436] chnl_net:caif_netlink_parms(): no params data found [ 208.162596][ T9436] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.166173][ T9436] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.168531][ T9436] bridge_slave_0: entered allmulticast mode [ 208.172396][ T9436] bridge_slave_0: entered promiscuous mode [ 208.183173][ T9436] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.186097][ T9436] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.188535][ T9436] bridge_slave_1: entered allmulticast mode [ 208.191392][ T9436] bridge_slave_1: entered promiscuous mode [ 208.252168][ T9436] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.270381][ T9436] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.338781][ T9436] team0: Port device team_slave_0 added [ 208.345730][ T9436] team0: Port device team_slave_1 added [ 208.385669][ T9436] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 208.388054][ T9436] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.396098][ T9436] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.401199][ T9436] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 208.403418][ T9436] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.411428][ T9436] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 208.423995][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 208.607424][ T9436] hsr_slave_0: entered promiscuous mode [ 208.611586][ T9436] hsr_slave_1: entered promiscuous mode [ 209.154673][ T1115] sr 2:0:0:0: [sr0] tag#22 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 209.161203][ T1115] sr 2:0:0:0: [sr0] tag#22 Sense Key : Illegal Request [current] [ 209.164900][ T1115] sr 2:0:0:0: [sr0] tag#22 Add. Sense: Invalid command operation code [ 209.168773][ T1115] sr 2:0:0:0: [sr0] tag#22 CDB: Write(10) 2a 00 00 00 00 00 00 00 02 00 [ 209.171749][ T1115] critical target error, dev sr0, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 209.178810][ T1115] Buffer I/O error on dev sr0, logical block 0, lost async page write [ 209.330955][ T9511] netlink: 4 bytes leftover after parsing attributes in process `syz.2.754'. [ 209.371472][ T9518] tipc: Enabling of bearer rejected, already enabled [ 209.454519][ T9524] FAULT_INJECTION: forcing a failure. [ 209.454519][ T9524] name failslab, interval 1, probability 0, space 0, times 0 [ 209.458476][ T9524] CPU: 2 UID: 0 PID: 9524 Comm: syz.3.757 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) [ 209.458491][ T9524] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 209.458498][ T9524] Call Trace: [ 209.458502][ T9524] [ 209.458506][ T9524] dump_stack_lvl+0x16c/0x1f0 [ 209.458525][ T9524] should_fail_ex+0x512/0x640 [ 209.458541][ T9524] should_failslab+0xc2/0x120 [ 209.458555][ T9524] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 209.458569][ T9524] ? skb_clone+0x190/0x3f0 [ 209.458585][ T9524] skb_clone+0x190/0x3f0 [ 209.458600][ T9524] netlink_deliver_tap+0xabd/0xd30 [ 209.458618][ T9524] netlink_unicast+0x5df/0x7f0 [ 209.458635][ T9524] ? __pfx_netlink_unicast+0x10/0x10 [ 209.458653][ T9524] netlink_sendmsg+0x8d1/0xdd0 [ 209.458670][ T9524] ? __pfx_netlink_sendmsg+0x10/0x10 [ 209.458686][ T9524] ? __import_iovec+0x1c8/0x660 [ 209.458703][ T9524] ____sys_sendmsg+0xa95/0xc70 [ 209.458714][ T9524] ? __pfx_____sys_sendmsg+0x10/0x10 [ 209.458724][ T9524] ? get_compat_msghdr+0x11a/0x170 [ 209.458743][ T9524] ___sys_sendmsg+0x134/0x1d0 [ 209.458758][ T9524] ? __pfx____sys_sendmsg+0x10/0x10 [ 209.458788][ T9524] __sys_sendmsg+0x16d/0x220 [ 209.458801][ T9524] ? __pfx___sys_sendmsg+0x10/0x10 [ 209.458821][ T9524] ? rcu_is_watching+0x12/0xc0 [ 209.458834][ T9524] __do_fast_syscall_32+0x73/0x120 [ 209.458850][ T9524] do_fast_syscall_32+0x32/0x80 [ 209.458865][ T9524] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 209.458878][ T9524] RIP: 0023:0xf70be579 [ 209.458887][ T9524] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 209.458896][ T9524] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 209.458906][ T9524] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 209.458912][ T9524] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000 [ 209.458918][ T9524] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 209.458924][ T9524] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 209.458929][ T9524] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 209.458942][ T9524] [ 209.459057][ T9524] netlink: 20 bytes leftover after parsing attributes in process `syz.3.757'. [ 209.463988][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 209.743972][ T66] Bluetooth: hci2: command tx timeout [ 209.856466][ T9436] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 209.874455][ T9436] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 209.878858][ T9436] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 209.883082][ T9436] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 209.888593][ T9551] FAULT_INJECTION: forcing a failure. [ 209.888593][ T9551] name failslab, interval 1, probability 0, space 0, times 0 [ 209.896250][ T9551] CPU: 0 UID: 0 PID: 9551 Comm: syz.3.758 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) [ 209.896266][ T9551] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 209.896273][ T9551] Call Trace: [ 209.896277][ T9551] [ 209.896281][ T9551] dump_stack_lvl+0x16c/0x1f0 [ 209.896300][ T9551] should_fail_ex+0x512/0x640 [ 209.896315][ T9551] should_failslab+0xc2/0x120 [ 209.896328][ T9551] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 209.896342][ T9551] ? skb_clone+0x190/0x3f0 [ 209.896359][ T9551] skb_clone+0x190/0x3f0 [ 209.896373][ T9551] netlink_deliver_tap+0xabd/0xd30 [ 209.896391][ T9551] netlink_unicast+0x5df/0x7f0 [ 209.896407][ T9551] ? __pfx_netlink_unicast+0x10/0x10 [ 209.896426][ T9551] netlink_sendmsg+0x8d1/0xdd0 [ 209.896443][ T9551] ? __pfx_netlink_sendmsg+0x10/0x10 [ 209.896459][ T9551] ? __import_iovec+0x1c8/0x660 [ 209.896476][ T9551] ____sys_sendmsg+0xa95/0xc70 [ 209.896487][ T9551] ? __pfx_____sys_sendmsg+0x10/0x10 [ 209.896496][ T9551] ? get_compat_msghdr+0x11a/0x170 [ 209.896515][ T9551] ___sys_sendmsg+0x134/0x1d0 [ 209.896530][ T9551] ? __pfx____sys_sendmsg+0x10/0x10 [ 209.896559][ T9551] __sys_sendmsg+0x16d/0x220 [ 209.896573][ T9551] ? __pfx___sys_sendmsg+0x10/0x10 [ 209.896592][ T9551] ? rcu_is_watching+0x12/0xc0 [ 209.896605][ T9551] __do_fast_syscall_32+0x73/0x120 [ 209.896622][ T9551] do_fast_syscall_32+0x32/0x80 [ 209.896637][ T9551] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 209.896650][ T9551] RIP: 0023:0xf70be579 [ 209.896658][ T9551] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 209.896668][ T9551] RSP: 002b:00000000f508d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 209.896678][ T9551] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 0000000080000080 [ 209.896684][ T9551] RDX: 000000000000c000 RSI: 0000000000000000 RDI: 0000000000000000 [ 209.896690][ T9551] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 209.896696][ T9551] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 209.896702][ T9551] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 209.896714][ T9551] [ 209.923871][ T9436] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.983832][ T9436] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.988920][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.991151][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.999711][ T1173] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.002346][ T1173] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.105060][ T9436] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 210.123287][ T9436] veth0_vlan: entered promiscuous mode [ 210.128093][ T9436] veth1_vlan: entered promiscuous mode [ 210.140421][ T9436] veth0_macvtap: entered promiscuous mode [ 210.144193][ T9436] veth1_macvtap: entered promiscuous mode [ 210.151856][ T9436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.158565][ T9436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.161617][ T9436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.164937][ T9436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.166632][ T9573] FAULT_INJECTION: forcing a failure. [ 210.166632][ T9573] name failslab, interval 1, probability 0, space 0, times 0 [ 210.167983][ T9436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.172086][ T9573] CPU: 2 UID: 0 PID: 9573 Comm: syz.0.760 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) [ 210.172101][ T9573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 210.172108][ T9573] Call Trace: [ 210.172112][ T9573] [ 210.172117][ T9573] dump_stack_lvl+0x16c/0x1f0 [ 210.172135][ T9573] should_fail_ex+0x512/0x640 [ 210.172151][ T9573] should_failslab+0xc2/0x120 [ 210.172165][ T9573] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 210.172179][ T9573] ? skb_clone+0x190/0x3f0 [ 210.172195][ T9573] skb_clone+0x190/0x3f0 [ 210.172210][ T9573] netlink_deliver_tap+0xabd/0xd30 [ 210.172227][ T9573] netlink_unicast+0x5df/0x7f0 [ 210.172244][ T9573] ? __pfx_netlink_unicast+0x10/0x10 [ 210.172263][ T9573] netlink_sendmsg+0x8d1/0xdd0 [ 210.172280][ T9573] ? __pfx_netlink_sendmsg+0x10/0x10 [ 210.172296][ T9573] ? __import_iovec+0x1c8/0x660 [ 210.172313][ T9573] ____sys_sendmsg+0xa95/0xc70 [ 210.172324][ T9573] ? __pfx_____sys_sendmsg+0x10/0x10 [ 210.172333][ T9573] ? get_compat_msghdr+0x11a/0x170 [ 210.172352][ T9573] ___sys_sendmsg+0x134/0x1d0 [ 210.172368][ T9573] ? __pfx____sys_sendmsg+0x10/0x10 [ 210.172397][ T9573] __sys_sendmsg+0x16d/0x220 [ 210.172411][ T9573] ? __pfx___sys_sendmsg+0x10/0x10 [ 210.172430][ T9573] ? rcu_is_watching+0x12/0xc0 [ 210.172443][ T9573] __do_fast_syscall_32+0x73/0x120 [ 210.172460][ T9573] do_fast_syscall_32+0x32/0x80 [ 210.172476][ T9573] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 210.172489][ T9573] RIP: 0023:0xf7fc3579 [ 210.172497][ T9573] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 210.172507][ T9573] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 210.172517][ T9573] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 210.172523][ T9573] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000 [ 210.172529][ T9573] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 210.172535][ T9573] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 210.172541][ T9573] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 210.172553][ T9573] [ 210.244222][ T9436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.248146][ T9436] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 210.257183][ T9436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 210.260401][ T9436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.263525][ T9436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 210.268464][ T9436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.271720][ T9436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 210.275026][ T9436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.280257][ T9436] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 210.285068][ T9436] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.287883][ T9436] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.290675][ T9436] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.293728][ T9436] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.331336][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 210.333799][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 210.348200][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 210.350674][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 210.352058][ T9580] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 210.356457][ T9580] overlayfs: failed to set xattr on upper [ 210.358350][ T9580] overlayfs: ...falling back to redirect_dir=nofollow. [ 210.360864][ T9580] overlayfs: ...falling back to index=off. [ 210.362780][ T9580] overlayfs: ...falling back to uuid=null. [ 210.390194][ T9579] netlink: 48 bytes leftover after parsing attributes in process `syz.0.761'. [ 210.503959][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 210.581526][ T9588] FAULT_INJECTION: forcing a failure. [ 210.581526][ T9588] name failslab, interval 1, probability 0, space 0, times 0 [ 210.590298][ T9588] CPU: 0 UID: 0 PID: 9588 Comm: syz.3.764 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) [ 210.590314][ T9588] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 210.590321][ T9588] Call Trace: [ 210.590324][ T9588] [ 210.590329][ T9588] dump_stack_lvl+0x16c/0x1f0 [ 210.590347][ T9588] should_fail_ex+0x512/0x640 [ 210.590362][ T9588] should_failslab+0xc2/0x120 [ 210.590376][ T9588] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 210.590390][ T9588] ? skb_clone+0x190/0x3f0 [ 210.590407][ T9588] skb_clone+0x190/0x3f0 [ 210.590421][ T9588] netlink_deliver_tap+0xabd/0xd30 [ 210.590439][ T9588] netlink_unicast+0x5df/0x7f0 [ 210.590456][ T9588] ? __pfx_netlink_unicast+0x10/0x10 [ 210.590474][ T9588] netlink_sendmsg+0x8d1/0xdd0 [ 210.590491][ T9588] ? __pfx_netlink_sendmsg+0x10/0x10 [ 210.590507][ T9588] ? __import_iovec+0x1c8/0x660 [ 210.590524][ T9588] ____sys_sendmsg+0xa95/0xc70 [ 210.590536][ T9588] ? __pfx_____sys_sendmsg+0x10/0x10 [ 210.590545][ T9588] ? get_compat_msghdr+0x11a/0x170 [ 210.590565][ T9588] ___sys_sendmsg+0x134/0x1d0 [ 210.590579][ T9588] ? __pfx____sys_sendmsg+0x10/0x10 [ 210.590609][ T9588] __sys_sendmsg+0x16d/0x220 [ 210.590650][ T9588] ? __pfx___sys_sendmsg+0x10/0x10 [ 210.590678][ T9588] ? rcu_is_watching+0x12/0xc0 [ 210.590695][ T9588] __do_fast_syscall_32+0x73/0x120 [ 210.590712][ T9588] do_fast_syscall_32+0x32/0x80 [ 210.590727][ T9588] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 210.590740][ T9588] RIP: 0023:0xf70be579 [ 210.590749][ T9588] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 210.590759][ T9588] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 210.590770][ T9588] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 210.590777][ T9588] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000 [ 210.590782][ T9588] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 210.590788][ T9588] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 210.590794][ T9588] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 210.590806][ T9588] [ 210.590953][ T9588] netlink: 28 bytes leftover after parsing attributes in process `syz.3.764'. [ 210.673082][ T9588] netlink: 28 bytes leftover after parsing attributes in process `syz.3.764'. [ 211.544015][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 211.623546][ T9608] netlink: 4 bytes leftover after parsing attributes in process `syz.2.769'. [ 211.874000][ T835] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 212.035707][ T835] usb 8-1: config index 0 descriptor too short (expected 23569, got 27) [ 212.038382][ T835] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 212.042354][ T835] usb 8-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 212.045347][ T835] usb 8-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 212.047865][ T835] usb 8-1: Manufacturer: syz [ 212.050971][ T835] usb 8-1: config 0 descriptor?? [ 212.094139][ T835] rc_core: IR keymap rc-hauppauge not found [ 212.096320][ T835] Registered IR keymap rc-empty [ 212.101053][ T835] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0 [ 212.105896][ T835] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0/input9 [ 212.311445][ T9617] program syz.3.770 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 212.341996][ T9] usb 8-1: USB disconnect, device number 14 [ 212.584029][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 212.802060][ T9624] netfs: Couldn't get user pages (rc=-14) [ 212.818854][ T9624] overlay: ./file0 is not a directory [ 212.990705][ T9628] netlink: 20 bytes leftover after parsing attributes in process `syz.3.776'. [ 213.368856][ T91] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.624057][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 214.673958][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 215.247753][ T91] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.304427][ T9646] netlink: 20 bytes leftover after parsing attributes in process `syz.3.781'. [ 215.330461][ T91] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.417008][ T91] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.436569][ T5961] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 215.439453][ T5961] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 215.442536][ T5961] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 215.447097][ T5961] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 215.450005][ T5961] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 215.467387][ T9651] lo speed is unknown, defaulting to 1000 [ 215.470595][ T9651] lo speed is unknown, defaulting to 1000 [ 215.475774][ T9651] lo speed is unknown, defaulting to 1000 [ 215.579389][ T9651] chnl_net:caif_netlink_parms(): no params data found [ 215.583707][ T91] bridge_slave_1: left allmulticast mode [ 215.586067][ T91] bridge_slave_1: left promiscuous mode [ 215.588012][ T91] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.594142][ T91] bridge_slave_0: left allmulticast mode [ 215.595970][ T91] bridge_slave_0: left promiscuous mode [ 215.597787][ T91] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.706528][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 215.850336][ T91] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 215.854606][ T91] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 215.858154][ T91] bond0 (unregistering): Released all slaves [ 215.948633][ T9651] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.950960][ T9651] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.953275][ T9651] bridge_slave_0: entered allmulticast mode [ 215.956493][ T9651] bridge_slave_0: entered promiscuous mode [ 215.959498][ T9651] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.962235][ T9651] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.964797][ T9651] bridge_slave_1: entered allmulticast mode [ 215.967359][ T9651] bridge_slave_1: entered promiscuous mode [ 216.023301][ T9651] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 216.031817][ T9651] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 216.080925][ T9651] team0: Port device team_slave_0 added [ 216.106809][ T9651] team0: Port device team_slave_1 added [ 216.141649][ T9651] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 216.143982][ T9651] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 216.151933][ T9651] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 216.157774][ T9651] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 216.160395][ T9651] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 216.168586][ T9651] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 216.203729][ T91] hsr_slave_0: left promiscuous mode [ 216.207038][ T91] hsr_slave_1: left promiscuous mode [ 216.209031][ T91] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 216.211396][ T91] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 216.214019][ T91] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 216.216360][ T91] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 216.233860][ T91] veth1_macvtap: left promiscuous mode [ 216.235712][ T91] veth0_macvtap: left promiscuous mode [ 216.237473][ T91] veth1_vlan: left promiscuous mode [ 216.239232][ T91] veth0_vlan: left promiscuous mode [ 216.744026][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 216.797258][ T91] team0 (unregistering): Port device team_slave_1 removed [ 216.859140][ T91] team0 (unregistering): Port device team_slave_0 removed [ 217.321242][ T9651] hsr_slave_0: entered promiscuous mode [ 217.324942][ T9651] hsr_slave_1: entered promiscuous mode [ 217.464206][ T5961] Bluetooth: hci2: command tx timeout [ 217.793954][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 217.859062][ T9651] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 217.863019][ T9651] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 217.868041][ T9651] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 217.871742][ T9651] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 217.912517][ T9651] 8021q: adding VLAN 0 to HW filter on device bond0 [ 217.922375][ T9651] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.927295][ T1138] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.929613][ T1138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.935060][ T1138] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.937407][ T1138] bridge0: port 2(bridge_slave_1) entered forwarding state [ 218.023257][ T9651] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 218.045524][ T9651] veth0_vlan: entered promiscuous mode [ 218.050172][ T9651] veth1_vlan: entered promiscuous mode [ 218.063295][ T9651] veth0_macvtap: entered promiscuous mode [ 218.069340][ T9651] veth1_macvtap: entered promiscuous mode [ 218.077362][ T9651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 218.080591][ T9651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.083589][ T9651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 218.086996][ T9651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.089987][ T9651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 218.093171][ T9651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.097145][ T9651] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 218.101955][ T9651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 218.105429][ T9651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.108520][ T9651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 218.111754][ T9651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.115809][ T9651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 218.119077][ T9651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.123401][ T9651] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 218.130704][ T9651] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.134547][ T9651] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.138324][ T9651] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.141926][ T9651] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.177101][ T91] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 218.179654][ T91] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.201624][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 218.204462][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.814035][ T6022] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 218.824008][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 218.965660][ T6022] usb 7-1: config index 0 descriptor too short (expected 23569, got 27) [ 218.968387][ T6022] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 218.973241][ T6022] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 218.976937][ T6022] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 218.980037][ T6022] usb 7-1: Manufacturer: syz [ 218.984633][ T6022] usb 7-1: config 0 descriptor?? [ 219.024841][ T6022] rc_core: IR keymap rc-hauppauge not found [ 219.027296][ T6022] Registered IR keymap rc-empty [ 219.030065][ T6022] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0 [ 219.035116][ T6022] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input10 [ 219.248404][ T9723] program syz.2.783 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 219.340528][ T6022] usb 7-1: USB disconnect, device number 12 [ 219.873982][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 220.147022][ T40] kauditd_printk_skb: 17 callbacks suppressed [ 220.147033][ T40] audit: type=1326 audit(1745003778.017:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9743 comm="syz.0.791" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x0 [ 220.153988][ T57] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 220.333957][ T57] usb 7-1: Using ep0 maxpacket: 8 [ 220.337023][ T57] usb 7-1: config 0 has no interfaces? [ 220.338841][ T57] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 220.342175][ T57] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.347110][ T57] usb 7-1: config 0 descriptor?? [ 220.554293][ T57] usb 7-1: USB disconnect, device number 13 [ 220.786593][ T9751] team0 (unregistering): Port device team_slave_0 removed [ 220.794583][ T9751] team0 (unregistering): Port device team_slave_1 removed [ 220.904002][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 221.232227][ T1138] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 221.314032][ T5993] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 221.473970][ T5993] usb 5-1: Using ep0 maxpacket: 8 [ 221.477221][ T5993] usb 5-1: config 0 has no interfaces? [ 221.479054][ T5993] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 221.481897][ T5993] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.489503][ T5993] usb 5-1: config 0 descriptor?? [ 221.702668][ T6022] usb 5-1: USB disconnect, device number 12 [ 221.953973][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 222.712561][ T1138] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.797489][ T1138] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.859690][ T1138] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.975810][ T1138] bridge_slave_1: left allmulticast mode [ 222.977564][ T1138] bridge_slave_1: left promiscuous mode [ 222.979343][ T1138] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.984001][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 222.984180][ T1138] bridge_slave_0: left allmulticast mode [ 222.988683][ T1138] bridge_slave_0: left promiscuous mode [ 222.991032][ T1138] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.221147][ T9765] FAULT_INJECTION: forcing a failure. [ 223.221147][ T9765] name failslab, interval 1, probability 0, space 0, times 0 [ 223.226809][ T9765] CPU: 1 UID: 0 PID: 9765 Comm: syz.3.800 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) [ 223.226834][ T9765] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 223.226845][ T9765] Call Trace: [ 223.226851][ T9765] [ 223.226858][ T9765] dump_stack_lvl+0x16c/0x1f0 [ 223.226886][ T9765] should_fail_ex+0x512/0x640 [ 223.226903][ T9765] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 223.226921][ T9765] should_failslab+0xc2/0x120 [ 223.226942][ T9765] __kmalloc_cache_noprof+0x6a/0x3e0 [ 223.226958][ T9765] ? get_mm_exe_file+0x8a/0x1a0 [ 223.226978][ T9765] ? landlock_init_hierarchy_log+0xa7/0x870 [ 223.227005][ T9765] landlock_init_hierarchy_log+0xa7/0x870 [ 223.227032][ T9765] landlock_merge_ruleset+0x6e1/0x870 [ 223.227056][ T9765] ? prepare_creds+0x583/0x7d0 [ 223.227084][ T9765] __do_sys_landlock_restrict_self+0x2a2/0x910 [ 223.227114][ T9765] __do_fast_syscall_32+0x73/0x120 [ 223.227139][ T9765] do_fast_syscall_32+0x32/0x80 [ 223.227163][ T9765] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 223.227183][ T9765] RIP: 0023:0xf70be579 [ 223.227196][ T9765] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 223.227212][ T9765] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 00000000000001be [ 223.227228][ T9765] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000000 [ 223.227238][ T9765] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 223.227247][ T9765] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 223.227256][ T9765] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 223.227265][ T9765] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 223.227288][ T9765] [ 223.227673][ T9765] ------------[ cut here ]------------ [ 223.304964][ T9765] WARNING: CPU: 1 PID: 9765 at security/landlock/domain.h:133 free_ruleset+0x226/0x270 [ 223.308897][ T9765] Modules linked in: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 223.310641][ T9765] CPU: 1 UID: 0 PID: 9765 Comm: syz.3.800 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) [ 223.317242][ T9765] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 223.321743][ T9765] RIP: 0010:free_ruleset+0x226/0x270 [ 223.324108][ T9765] Code: 84 61 ff ff ff 48 89 eb e9 12 ff ff ff e8 c2 29 2d fd be 03 00 00 00 4c 89 f7 e8 b5 ee 3e 00 e9 42 ff ff ff e8 ab 29 2d fd 90 <0f> 0b 90 eb af e8 30 aa 91 fd e9 4a fe ff ff 48 89 df e8 23 aa 91 [ 223.331885][ T9765] RSP: 0018:ffffc900068dfe28 EFLAGS: 00010293 [ 223.334578][ T9765] RAX: 0000000000000000 RBX: ffff888026396c80 RCX: ffffffff848e74df [ 223.337909][ T9765] RDX: ffff8880228d4880 RSI: ffffffff848d7dc5 RDI: 0000000000000005 [ 223.341110][ T9765] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 223.344553][ T9765] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88806c47ff00 [ 223.347846][ T9765] R13: dffffc0000000000 R14: ffff888026396ca0 R15: fffffffffffffff4 [ 223.351051][ T9765] FS: 0000000000000000(0000) GS:ffff8880978bd000(0063) knlGS:00000000f50aeb40 [ 223.354794][ T9765] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 223.357529][ T9765] CR2: 00000000f50adcc0 CR3: 00000000238f2000 CR4: 0000000000352ef0 [ 223.360824][ T9765] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 223.364176][ T9765] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 223.367537][ T9765] Call Trace: [ 223.368957][ T9765] [ 223.370226][ T9765] landlock_put_ruleset+0xa5/0xb0 [ 223.372370][ T9765] landlock_merge_ruleset+0x218/0x870 Connection to localhost closed by remote host. [ 223.374665][ T9765] ? prepare_creds+0x583/0x7d0 [ 223.376918][ T9765] __do_sys_landlock_restrict_self+0x2a2/0x910 [ 223.379549][ T9765] __do_fast_syscall_32+0x73/0x120 [ 223.381737][ T9765] do_fast_syscall_32+0x32/0x80 [ 223.384121][ T9765] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 223.386789][ T9765] RIP: 0023:0xf70be579 [ 223.388554][ T9765] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 223.396434][ T9765] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 00000000000001be [ 223.399232][ T9765] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000000 [ 223.402007][ T9765] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 223.404542][ T9765] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 223.407002][ T9765] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 223.409429][ T9765] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 223.411890][ T9765] [ 223.412878][ T9765] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 223.415194][ T9765] CPU: 1 UID: 0 PID: 9765 Comm: syz.3.800 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) [ 223.419096][ T9765] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 223.422661][ T9765] Call Trace: [ 223.424001][ T9765] [ 223.425052][ T9765] dump_stack_lvl+0x3d/0x1f0 [ 223.426753][ T9765] panic+0x71c/0x800 [ 223.428096][ T9765] ? __pfx_panic+0x10/0x10 [ 223.429560][ T9765] ? show_trace_log_lvl+0x29b/0x3e0 [ 223.431297][ T9765] ? check_panic_on_warn+0x1f/0xb0 [ 223.432980][ T9765] ? free_ruleset+0x226/0x270 [ 223.434541][ T9765] check_panic_on_warn+0xab/0xb0 [ 223.436155][ T9765] __warn+0xf6/0x3c0 [ 223.437519][ T9765] ? free_ruleset+0x226/0x270 [ 223.439094][ T9765] report_bug+0x3c3/0x580 [ 223.440536][ T9765] ? free_ruleset+0x226/0x270 [ 223.442116][ T9765] handle_bug+0x184/0x210 [ 223.443495][ T9765] exc_invalid_op+0x17/0x50 [ 223.444956][ T9765] asm_exc_invalid_op+0x1a/0x20 [ 223.446506][ T9765] RIP: 0010:free_ruleset+0x226/0x270 [ 223.448271][ T9765] Code: 84 61 ff ff ff 48 89 eb e9 12 ff ff ff e8 c2 29 2d fd be 03 00 00 00 4c 89 f7 e8 b5 ee 3e 00 e9 42 ff ff ff e8 ab 29 2d fd 90 <0f> 0b 90 eb af e8 30 aa 91 fd e9 4a fe ff ff 48 89 df e8 23 aa 91 [ 223.454195][ T9765] RSP: 0018:ffffc900068dfe28 EFLAGS: 00010293 [ 223.456234][ T9765] RAX: 0000000000000000 RBX: ffff888026396c80 RCX: ffffffff848e74df [ 223.458825][ T9765] RDX: ffff8880228d4880 RSI: ffffffff848d7dc5 RDI: 0000000000000005 [ 223.461315][ T9765] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 223.463726][ T9765] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88806c47ff00 [ 223.466191][ T9765] R13: dffffc0000000000 R14: ffff888026396ca0 R15: fffffffffffffff4 [ 223.468755][ T9765] ? landlock_log_drop_domain+0x5f/0x1e0 [ 223.470486][ T9765] ? free_ruleset+0x225/0x270 [ 223.471988][ T9765] ? free_ruleset+0x225/0x270 [ 223.473477][ T9765] landlock_put_ruleset+0xa5/0xb0 [ 223.475025][ T9765] landlock_merge_ruleset+0x218/0x870 [ 223.476765][ T9765] ? prepare_creds+0x583/0x7d0 [ 223.478320][ T9765] __do_sys_landlock_restrict_self+0x2a2/0x910 [ 223.480274][ T9765] __do_fast_syscall_32+0x73/0x120 [ 223.481900][ T9765] do_fast_syscall_32+0x32/0x80 [ 223.483445][ T9765] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 223.485544][ T9765] RIP: 0023:0xf70be579 [ 223.486844][ T9765] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 223.492927][ T9765] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 00000000000001be [ 223.495749][ T9765] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000000 [ 223.498263][ T9765] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 223.500752][ T9765] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 223.503230][ T9765] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 223.505853][ T9765] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 223.508336][ T9765] [ 223.510042][ T9765] Kernel Offset: disabled [ 223.511381][ T9765] Rebooting in 86400 seconds.. VM DIAGNOSIS: 19:07:48 Registers: info registers vcpu 0 CPU#0 RAX=ffff888025e28000 RBX=ffffffff8e3c1440 RCX=0000000000000001 RDX=0000000000000000 RSI=ffffffff816999f1 RDI=fffffbfff1c78288 RBP=0000000000000002 RSP=ffffc90002f7f450 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000013654 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff8197a843 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880977bd000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000056e3c4c0 CR3=0000000025566000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff854ade95 RDI=ffffffff9ae0eb40 RBP=ffffffff9ae0eb00 RSP=ffffc900068df790 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000020 R14=ffffffff9ae0eb00 R15=ffffffff854ade30 RIP=ffffffff854adebf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880978bd000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f50adcc0 CR3=00000000238f2000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=1ffff920006ddeee RCX=ffffffff81f5aeb9 RDX=ffff8880257f2440 RSI=0000018000000000 RDI=0000000000000007 RBP=ffffea0001729380 RSP=ffffc900036ef760 R8 =0000000000000007 R9 =0000018000000000 R10=0000018000000000 R11=0000000000000000 R12=04fff7800000402c R13=0000018000000000 R14=0000018000000000 R15=0000008000000000 RIP=ffffffff81baa770 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880979bd000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7f26e40 CR3=0000000049e78000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f73c2ff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000080000001 RBX=000000000005bd0e RCX=ffffffff820520ad RDX=ffff888021d2c880 RSI=0000000000013aa2 RDI=0000000000000006 RBP=0000000000013aa2 RSP=ffffc900066bf560 R8 =0000000000000006 R9 =0000000000013aa2 R10=000000000005bd0e R11=0000000000000000 R12=1ffff92000cd7ead R13=ffffea00016f4380 R14=00000000f64a9000 R15=0000000000000000 RIP=ffffffff81baa12c RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097abd000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080001280 CR3=000000000e182000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001d800000000 0000000300000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000