last executing test programs: 47.496086626s ago: executing program 3 (id=130): r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e21, @remote}}, 0x2, 0x8, 0xffffffff, 0xf5, 0x5}, &(0x7f0000000000)=0x98) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r1, 0xff}, 0x8) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r5, 0xc048aeca, &(0x7f0000000080)) io_setup(0x7, &(0x7f0000000c80)=0x0) syz_emit_ethernet(0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaab0c942034375888e450000280022000000069078ac141400ac1e000100000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0) io_submit(r6, 0x8, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r2, &(0x7f0000000040)="0300ffff0000", 0x6}]) 40.48147444s ago: executing program 3 (id=130): r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e21, @remote}}, 0x2, 0x8, 0xffffffff, 0xf5, 0x5}, &(0x7f0000000000)=0x98) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r1, 0xff}, 0x8) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r5, 0xc048aeca, &(0x7f0000000080)) io_setup(0x7, &(0x7f0000000c80)=0x0) syz_emit_ethernet(0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaab0c942034375888e450000280022000000069078ac141400ac1e000100000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0) io_submit(r6, 0x8, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r2, &(0x7f0000000040)="0300ffff0000", 0x6}]) 32.871165566s ago: executing program 3 (id=130): r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e21, @remote}}, 0x2, 0x8, 0xffffffff, 0xf5, 0x5}, &(0x7f0000000000)=0x98) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r1, 0xff}, 0x8) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r5, 0xc048aeca, &(0x7f0000000080)) io_setup(0x7, &(0x7f0000000c80)=0x0) syz_emit_ethernet(0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaab0c942034375888e450000280022000000069078ac141400ac1e000100000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0) io_submit(r6, 0x8, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r2, &(0x7f0000000040)="0300ffff0000", 0x6}]) 24.413185177s ago: executing program 3 (id=130): r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e21, @remote}}, 0x2, 0x8, 0xffffffff, 0xf5, 0x5}, &(0x7f0000000000)=0x98) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r1, 0xff}, 0x8) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r5, 0xc048aeca, &(0x7f0000000080)) io_setup(0x7, &(0x7f0000000c80)=0x0) syz_emit_ethernet(0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaab0c942034375888e450000280022000000069078ac141400ac1e000100000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0) io_submit(r6, 0x8, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r2, &(0x7f0000000040)="0300ffff0000", 0x6}]) 15.702441407s ago: executing program 3 (id=130): r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e21, @remote}}, 0x2, 0x8, 0xffffffff, 0xf5, 0x5}, &(0x7f0000000000)=0x98) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r1, 0xff}, 0x8) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r5, 0xc048aeca, &(0x7f0000000080)) io_setup(0x7, &(0x7f0000000c80)=0x0) syz_emit_ethernet(0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaab0c942034375888e450000280022000000069078ac141400ac1e000100000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0) io_submit(r6, 0x8, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r2, &(0x7f0000000040)="0300ffff0000", 0x6}]) 7.738822705s ago: executing program 3 (id=130): r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e21, @remote}}, 0x2, 0x8, 0xffffffff, 0xf5, 0x5}, &(0x7f0000000000)=0x98) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r1, 0xff}, 0x8) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r5, 0xc048aeca, &(0x7f0000000080)) io_setup(0x7, &(0x7f0000000c80)=0x0) syz_emit_ethernet(0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaab0c942034375888e450000280022000000069078ac141400ac1e000100000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0) io_submit(r6, 0x8, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r2, &(0x7f0000000040)="0300ffff0000", 0x6}]) 5.226422068s ago: executing program 1 (id=382): syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000440)={r0, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78b39843d601010000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323695c58d66500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a1e77a68e174f000000000000000010e200"}}) ioctl$LOOP_SET_STATUS(r1, 0x4c02, 0x0) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000180682547dee243fde9ce2731540aac5d219cff915ff0a7ede7fcf1222579c0a830b7edb32", @ANYRES64=r0, @ANYBLOB='\x00'/20, @ANYBLOB="6b2f1446986c24f2b16a79d3cc96ebe41db90a78784a8a24e27d9187d7c4bab59a45a5548db9aa6e8463d9b9023f589be817ad9903a622635aa746f188f48ed73fd4fb04f8761a363d968d20e811fbc0c57a0c6b89795d269afbe58f18d3e649f7691335417eda063fde12940135f357639a6ca383ff0a503ae122258233c53790a159ae12c807ff997d407d0bbf479f3d16d80f377bbdf1732b5ec5e2cde27e2a310d765ec8844bac22be543a64f9fe8645cfb029cffc7a709e991a771ce720889c0c8b92519dd538f9c66790044437bbd63cf0e9234dea40ebfbe7bf59e0", @ANYBLOB="7b8d3237702bcfbf19581fa9576453ed578d57e7eb2eef5f59639afb5dceb7d7b8cf22d88157b6acb3ee50d8b95857839852b235708d1427ba", @ANYBLOB='\x00'/25], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = socket$xdp(0x2c, 0x3, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', 0x0}) r6 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="1500000008000000020000000200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$BPF_GET_MAP_INFO(0x3, &(0x7f0000000080)={r7, 0x58}, 0x10) setsockopt$XDP_UMEM_COMPLETION_RING(r6, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r6, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) setsockopt$XDP_TX_RING(r3, 0x11b, 0x3, &(0x7f0000000440)=0x400, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f00000002c0)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r6, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) bind$xdp(r6, &(0x7f0000000100)={0x2c, 0x0, r9}, 0x10) bind$xdp(r3, &(0x7f0000000240)={0x2c, 0x1, r5, 0x0, r6}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000005c0)='scmi_xfer_end\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r10}, 0x10) r11 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x0) syz_open_dev$dri(0x0, 0x1ff, 0x0) 4.23772122s ago: executing program 1 (id=385): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000680)=@newtaction={0xac, 0x30, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0x98, 0x1, [@m_connmark={0x50, 0x2, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0xd, 0x5, 0x0, 0x40000003}, 0x8}}]}, {0x4}, {0xc}, {0xc}}}, @m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe6, 0x0, 0x3}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xac}, 0x1, 0x0, 0x0, 0x6000000}, 0x0) 2.901697191s ago: executing program 1 (id=390): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x100000, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2000c044}, 0x0) recvmmsg(r0, 0x0, 0x0, 0x40002100, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0xf, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x7}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x1c, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f00000000c0)={0x4, 0x1}, 0x8, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) keyctl$revoke(0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x26, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffb, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="280000001200010200"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32], 0x28}}, 0x0) recvmmsg(r4, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x400000000000193, 0x48, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)) 1.998695962s ago: executing program 2 (id=393): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='loginuid\x00') writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000080)='8', 0x20000081}], 0x300) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0xfff, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='btrfs_transaction_commit\x00', r0, 0x0, 0x9131}, 0x18) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0) 1.994240441s ago: executing program 2 (id=394): socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_io_uring_setup(0x24f9, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x40000000}, &(0x7f0000000040)=0x0, 0x0) syz_io_uring_submit(r2, 0x0, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x2b, 0x0, @fd_index=0x3}) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000200), 0x4) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x68, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x10, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x68}}, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="44000000020101"], 0x44}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x18, r3, {0x475}}, './file0\x00'}) sendmsg$key(0xffffffffffffffff, &(0x7f00000007c0)={0x400000000000000, 0x0, &(0x7f0000000140)={&(0x7f0000001900)={0x2, 0xf, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @empty}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast2}}]}, 0x60}}, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='proc\x00', 0x0, 0x0) r8 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x100) getdents64(r8, &(0x7f0000000800)=""/4089, 0xff9) fcntl$dupfd(0xffffffffffffffff, 0x0, r3) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffff44, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) openat$cachefiles(0xffffff9c, &(0x7f0000000000), 0x40, 0x0) 1.982525862s ago: executing program 1 (id=395): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x100000, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2000c044}, 0x0) recvmmsg(r0, 0x0, 0x0, 0x40002100, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0xf, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x7}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x1c, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f00000000c0)={0x4, 0x1}, 0x8, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) keyctl$revoke(0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x26, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffb, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="280000001200010200"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32], 0x28}}, 0x0) recvmmsg(r4, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x400000000000193, 0x48, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0, 0x0, 0x0, 0x0, 0x2000000}}], 0x40001b6, 0x0) 1.879498363s ago: executing program 0 (id=396): r0 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xe, 0x50, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x8, 0x0) mmap(&(0x7f0000543000/0x1000)=nil, 0x1000, 0x0, 0x2031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200)=@usbdevfs_disconnect={0x4}) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x6005, &(0x7f0000000040)=0x7, 0x7, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002100)='numa_maps\x00') syz_open_dev$hidraw(&(0x7f00000000c0), 0x4, 0x280000) read$FUSE(r1, &(0x7f0000004180)={0x2020}, 0x2020) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="b3ae1bef0000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0e00000004000000080000000700000000000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="0000000000000000000000000000000000000000840438232694ceab4cb739db4ff3509de15ef3bcfd8603fdac3724b2ad6f510a4228c49cc0dcefeff72986b0619912a4f246", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB, @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r5, 0x27, 0x0, 0x120, 0x0, 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xf}, 0x50) r6 = socket$inet_tcp(0x2, 0x1, 0x0) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$bt_hci(r7, 0x84, 0x81, &(0x7f0000001240)=""/4091, &(0x7f0000001200)=0xffb) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x3, 0x5, &(0x7f0000000340)=ANY=[@ANYRES32=r4], &(0x7f0000000080)='GPL\x00', 0x4, 0xc0, &(0x7f0000000140)=""/192, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mkdir(&(0x7f0000000580)='./file0\x00', 0x0) mkdir(&(0x7f00000008c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x4c0, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus/file0'}}], [{@obj_role={'obj_role', 0x3d, ')(/,}&%'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r8, 0x40305829, &(0x7f0000000000)={0x17c04, 0xffffffffffffffff, 0xb8fc, 0x25d5}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r8, 0x0, 0xe, 0x0, &(0x7f0000000500)="e0b9092dc1b6dbe9ab5becdcc777", 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) ioctl$sock_inet_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x0, @loopback=0x7f000000}}) ioctl$sock_inet_SIOCSIFADDR(r6, 0x891c, &(0x7f0000000540)={'batadv_slave_1\x00', {0x2, 0x0, @private=0xfffffffe}}) ioctl$USBDEVFS_IOCTL(r0, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect) fsopen(&(0x7f0000000080)='ceph\x00', 0x1) 1.73775914s ago: executing program 0 (id=397): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x100000, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2000c044}, 0x0) recvmmsg(r0, 0x0, 0x0, 0x40002100, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0xf, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x7}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x1c, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f00000000c0)={0x4, 0x1}, 0x8, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) keyctl$revoke(0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x26, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffb, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="280000001200010200"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32], 0x28}}, 0x0) recvmmsg(r4, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x400000000000193, 0x48, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmmsg$inet(r5, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0, 0x0, 0x0, 0x0, 0x2000000}}], 0x40001b6, 0x0) 1.736991735s ago: executing program 2 (id=398): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x44}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYRES32, @ANYRESOCT=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="170000000000000004000000ff00000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000007c4cdf112e199fe4b704742e7514b77b84317f91131002ec7683aa8089218cb909726594d9cc6d8697e08867b73ace3bd44e609fe95c37232e952e643bf454d2398f15394fafd22f3d2c2f7b9680e014e5895277a5e724eecf8f472474ba240badd6d59da4e1a48ab66cf5564dc15573ff22a3579473be136d7bd5692f640afc0fb4498c3b1e567025c4ae154155b616633921e12cff5cf261fc934e97c37e59b4aa96ef47cf754ff7ec52b92c125979822027b027be48c549bf7b6cbe6009764ef25040792fa5fd7d775e"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ae8000000000a01010000000000000000050000000900010073797a3000000000ba000600e9eec003775c64e64f439fc0b5fb34bcd039590bba579a25436e11f718b64e3e01796b9e930a3d8eefa0bccf8429a311f3ce5ec5a0a7bb9e08c60e03cbcdd726725fb9b1bd1000cf2a77ab6ab91f2294632773ea59b8de2361cdd8045c5fdb81611e843cb814e4cfe672542287ebd3b2ed48dca1a08690b05bb9bbbcc05551bd05e4c6e0625fcae04323e0f29dbad3c57456d2ca020462188e1236ebe6da1442c71ab0a8ebfaacef2710111417370a0f8cd19c5f9e1a00000900010073797a300000000014010000030a0103000000000000000005"], 0x238}}, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f00000001c0), 0x3ff, 0x191000) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x20a000, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x5) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x0, 0x4d, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) shmctl$SHM_INFO(0x0, 0xe, &(0x7f00000004c0)=""/86) r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_BEACONS(r6, &(0x7f0000000580)={0x0, 0x14, &(0x7f00000000c0)={&(0x7f00000005c0)={0x28, r7, 0x7, 0x0, 0x0, {{0x2}, {@val={0x8, 0x2, 0x8}, @void, @val={0xc, 0x99, {0x1}}}}}, 0x28}}, 0x80) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r9 = openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_pid(r9, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r8}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1000000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x50) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1=0xe0004001}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0) 1.138181151s ago: executing program 2 (id=399): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f00000001c0)={0x400, 0x300, 0x0, 0x0, 0x0, 0x3e000000, 0x4, 0x0, {}, {}, {}, {}, 0x0, 0x3f0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xb}) 1.137797541s ago: executing program 2 (id=400): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x100000, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2000c044}, 0x0) recvmmsg(r0, 0x0, 0x0, 0x40002100, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0xf, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x7}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x1c, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f00000000c0)={0x4, 0x1}, 0x8, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) keyctl$revoke(0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x26, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffb, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="280000001200010200"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32], 0x28}}, 0x0) recvmmsg(r4, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x400000000000193, 0x48, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)) 1.046091299s ago: executing program 1 (id=401): r0 = landlock_create_ruleset(&(0x7f0000000040)={0xd351}, 0x10, 0x0) landlock_restrict_self(r0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0) openat$audio1(0xffffff9c, &(0x7f0000000040), 0xbfaafea3a8346deb, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = syz_clone(0xc285a00, 0x0, 0x0, 0x0, 0x0, 0x0) kcmp(r1, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x10010, 0xffffffffffffffff, 0xffffc000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r3, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000001c0)={&(0x7f0000000100)=[0x0], 0x1, 0x0, 0x0, 0xffffffffffffffff}) recvmsg(r5, &(0x7f00000005c0)={&(0x7f0000000340)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000400)=""/207, 0xcf}, {&(0x7f0000000680)=""/4096, 0x1000}, {&(0x7f0000000240)}], 0x3, &(0x7f0000000540)=""/120, 0x78}, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) prlimit64(0x0, 0x6, 0x0, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0200000004000000060000000405000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000060000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) mount(&(0x7f0000000000)=@nullb, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='hfsplus\x00', 0x8002, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r6}, 0x38) r7 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0) ioctl$CEC_TRANSMIT(r7, 0xc0386105, &(0x7f0000000040)={0x9, 0x8, 0x3, 0x81, 0xfffffffa, 0xd, "9899b4a4d5bfb2b8b5ec67a9883d45f4", 0x8, 0x9, 0x5, 0xfd, 0x1, 0x0, 0x1}) mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f00000003c0)='ramfs\x00', 0x1801c50, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x800c3, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000040)}) 837.768912ms ago: executing program 0 (id=402): unshare(0x400) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000580)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xf0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 837.413447ms ago: executing program 0 (id=403): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x200000, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) chdir(&(0x7f0000000100)='./file0\x00') unlink(&(0x7f0000000280)='./file1\x00') link(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='./file1\x00') creat(&(0x7f00000001c0)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x140) (fail_nth: 12) 688.471495ms ago: executing program 0 (id=404): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x80000) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f0000000000)=0x639) readv(r1, &(0x7f0000000180)=[{&(0x7f0000000200)=""/147, 0x93}], 0x1) (fail_nth: 21) 458.552929ms ago: executing program 0 (id=405): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r0, &(0x7f0000000000)={0x24, @short={0x2, 0x0, 0x12760cac599d817e}}, 0xb) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x42, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11641e7a, 0x20000000, 0x2, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x20, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x647b}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() syz_emit_ethernet(0xa6, &(0x7f0000000440)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd6012000800703afffe8000000000000000000000000000bbff02000000000000000000000000000186009078080002000000000000000000000aa78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5afdd1183287d61c2a24d41ca18020001ffffffffff60000000000000c705b5d50d8d2e72b5abebb85f5f410c6281874b8bb443f7"], 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000340)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000140)=@ethtool_rxfh_indir={0x39}}) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_generic(0x11, 0x3, 0x10) syz_io_uring_setup(0x117, 0x0, &(0x7f0000000000), 0x0) setuid(0x0) socket$alg(0x26, 0x5, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r5 = inotify_init1(0x0) inotify_add_watch(r5, &(0x7f0000000200)='./bus\x00', 0x6000000b) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}]}) r6 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_exec(r6, &(0x7f00000001c0)={'exec ', ':\x00~\x14-\x90\x14\x05\x00\x8fQhj\x1b\x04\xe5\x8d\xa1\xc2\xaa-\xc7gD#\x03\x1c\xee\xaa\xdd\x80\x9e/\x19{S\x15\xfe\xbaO\xae\xa1z,\xde-\x8fKN\x86g\x9b\xe4\xfe\xae/\x90\xd8^O\x86\x81\x84\xabq\xeb\x8b;F\xe9\xee\xc8\xd1\xb4Q\x05\x14\xe7\xa9c(0D7[\xccB\xe1Y\x99\x05\xae\xba\x00\xc4\b1\x84\xd6\b\xb0\xf0\x9a\x98\x85;\xffUq9:\xaf\xa2\x83\x88d\xc0\xe5\xcfF\x144}\x02\xb9\xb1\x85\x7fx\xe6\'\x8c\x898\'ej\xde;+\n1\xd4\x15\xf9Q\xacw\xcfS\xed\x80\fkt\xed\xdb|\x10\xbd\xbe\xf1\x94\x99\xe1?\x10\xda\xc7\xed['}, 0xb0) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 8.297748ms ago: executing program 1 (id=406): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r0, 0x0, 0x4488c) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = add_key$keyring(&(0x7f0000000180), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0x0) add_key(&(0x7f0000000000)='user\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f0000000380)="0c46f3441843f0cf874f6c3aede9dfc8a97eff424f3aaf2011a623c76066e9e37558529e63f61d7d28601920569df69e4067c1b823096674829ca353747328baa423", 0x42, r2) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000001c0)='contention_end\x00', r1}, 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000002c0), 0x0, 0x40000043, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x15, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x0, 0x1, 0x8}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup(r5) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) ioctl$VT_RELDISP(r5, 0x5605) 0s ago: executing program 2 (id=407): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = syz_io_uring_setup(0x10d, &(0x7f00000003c0), &(0x7f00000000c0)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000240)=@IORING_OP_LINKAT={0x27, 0x10, 0x0, 0xffffffffffffff9c, &(0x7f0000000540)='./file1\x00', &(0x7f0000000780)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1}) io_uring_enter(r1, 0x3f70, 0x0, 0x0, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$SIOCGSKNS(r0, 0x894c, 0x0) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockname$packet(r5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000001540)=0x14) r6 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000380)={'vlan1\x00', 0x0}) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000140)='./file1\x00') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r8, 0x80000300, 0x0, 0x0) r9 = openat$cgroup_ro(r8, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r9, &(0x7f0000000240), 0x208e24b) bind$packet(r6, &(0x7f0000000300)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @remote}, 0x14) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00') socket$packet(0x11, 0x3, 0x300) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000e00)=ANY=[@ANYBLOB="0a000000050000000200000004"], 0x48) close(r10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x2, 0xc, 0x1400, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r11 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r11, @ANYBLOB="0000000000000000b7020000010000e1250000008600000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) kernel console output (not intermixed with test programs): ffer I/O error on dev loop6, logical block 0, async page read [ 71.767688][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 71.770383][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 71.773537][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 71.776147][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 71.778468][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 71.781288][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 71.784950][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 71.787464][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 71.789715][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 71.792506][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 71.794866][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 71.798136][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 71.800825][ T6641] ldm_validate_partition_table(): Disk read failed. [ 71.803749][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 71.806449][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 71.826923][ T6635] chnl_net:caif_netlink_parms(): no params data found [ 71.840027][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 71.843213][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 71.846002][ T6641] Dev loop6: unable to read RDB block 0 [ 71.850558][ T6641] loop6: unable to read partition table [ 71.854647][ T6641] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 71.860613][ T6644] ldm_validate_partition_table(): Disk read failed. [ 71.863288][ T6644] Dev loop6: unable to read RDB block 0 [ 71.865210][ T6644] loop6: unable to read partition table [ 71.866806][ T6644] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 71.885444][ T6635] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.887665][ T6635] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.890100][ T6635] bridge_slave_0: entered allmulticast mode [ 71.893853][ T6635] bridge_slave_0: entered promiscuous mode [ 71.897667][ T6635] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.900545][ T6635] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.902830][ T6635] bridge_slave_1: entered allmulticast mode [ 71.905015][ T6635] bridge_slave_1: entered promiscuous mode [ 71.925642][ T6635] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.929611][ T6635] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.955853][ T6635] team0: Port device team_slave_0 added [ 71.959729][ T6635] team0: Port device team_slave_1 added [ 71.980499][ T6635] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.983198][ T6635] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.991599][ T6635] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.995341][ T6635] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.997316][ T6635] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.006083][ T6635] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.039609][ T6635] hsr_slave_0: entered promiscuous mode [ 72.042728][ T6635] hsr_slave_1: entered promiscuous mode [ 73.137530][ T99] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.202565][ T99] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.289400][ T99] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.388671][ T99] bridge_slave_1: left allmulticast mode [ 73.392724][ T99] bridge_slave_1: left promiscuous mode [ 73.395892][ T99] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.402919][ T99] bridge_slave_0: left allmulticast mode [ 73.405082][ T99] bridge_slave_0: left promiscuous mode [ 73.407448][ T99] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.643610][ T99] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 73.647799][ T99] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 73.653537][ T99] bond0 (unregistering): Released all slaves [ 73.689562][ T6680] netlink: 4 bytes leftover after parsing attributes in process `syz.2.182'. [ 73.692567][ T6680] bridge_slave_1: left allmulticast mode [ 73.694250][ T6680] bridge_slave_1: left promiscuous mode [ 73.696485][ T6680] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.699722][ T6680] bridge_slave_0: left allmulticast mode [ 73.702351][ T6680] bridge_slave_0: left promiscuous mode [ 73.705299][ T6680] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.793117][ T5946] Bluetooth: hci1: command tx timeout [ 74.175847][ T99] hsr_slave_0: left promiscuous mode [ 74.179442][ T99] hsr_slave_1: left promiscuous mode [ 74.183232][ T99] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 74.186345][ T99] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 74.192409][ T99] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 74.195564][ T99] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 74.243006][ T99] veth1_macvtap: left promiscuous mode [ 74.245364][ T99] veth0_macvtap: left promiscuous mode [ 74.248007][ T99] veth1_vlan: left promiscuous mode [ 74.250607][ T99] veth0_vlan: left promiscuous mode [ 74.796747][ T6698] netlink: 8 bytes leftover after parsing attributes in process `syz.2.184'. [ 74.836177][ T6700] netlink: 48 bytes leftover after parsing attributes in process `syz.0.185'. [ 74.900750][ T99] team0 (unregistering): Port device team_slave_1 removed [ 74.957408][ T99] team0 (unregistering): Port device team_slave_0 removed [ 75.555479][ T6635] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 75.568279][ T6635] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 75.574398][ T6635] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 75.584713][ T6635] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 75.607731][ T6711] loop6: detected capacity change from 0 to 524287999 [ 75.618665][ T6711] ldm_validate_partition_table(): Disk read failed. [ 75.624309][ T6711] Dev loop6: unable to read RDB block 0 [ 75.628954][ T6711] loop6: unable to read partition table [ 75.631202][ T6711] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 75.658476][ T6635] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.673920][ T6635] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.677879][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.679979][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.685947][ T6711] ldm_validate_partition_table(): Disk read failed. [ 75.689619][ T6711] Dev loop6: unable to read RDB block 0 [ 75.691104][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.693308][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.696149][ T6711] loop6: unable to read partition table [ 75.701751][ T6711] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 75.788153][ T6635] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.808647][ T6635] veth0_vlan: entered promiscuous mode [ 75.814940][ T6635] veth1_vlan: entered promiscuous mode [ 75.827298][ T6635] veth0_macvtap: entered promiscuous mode [ 75.831376][ T6635] veth1_macvtap: entered promiscuous mode [ 75.839095][ T6635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.842753][ T6635] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.846205][ T6635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.849218][ T6635] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.852391][ T6635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.855326][ T6635] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.858662][ T6635] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.865346][ T6635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.868343][ T6635] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.870303][ T5946] Bluetooth: hci1: command tx timeout [ 75.880252][ T6635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.882702][ T25] cfg80211: failed to load regulatory.db [ 75.884218][ T6635] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.884230][ T6635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.884242][ T6635] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.884787][ T6635] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.912446][ T6635] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.915334][ T6635] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.918142][ T6635] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.925274][ T6635] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.996432][ T1135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.999042][ T1135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.016471][ T1133] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.018590][ T1133] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.992074][ T6741] SET target dimension over the limit! [ 77.016855][ T6743] netlink: 4 bytes leftover after parsing attributes in process `syz.1.198'. [ 77.020105][ T6743] netlink: 12 bytes leftover after parsing attributes in process `syz.1.198'. [ 77.032106][ T6743] overlayfs: overlapping lowerdir path [ 77.185469][ T6755] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 77.194581][ T6749] usb 2-1: USB disconnect, device number 2 [ 77.265491][ T6758] netlink: 28 bytes leftover after parsing attributes in process `syz.2.202'. [ 77.286120][ T6757] hub 2-0:1.0: USB hub found [ 77.287863][ T6757] hub 2-0:1.0: 6 ports detected [ 77.470409][ T56] usb 2-1: new high-speed USB device number 3 using ehci-pci [ 77.654364][ T56] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00 [ 77.657823][ T56] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10 [ 77.666114][ T56] usb 2-1: Product: QEMU USB Tablet [ 77.668186][ T56] usb 2-1: Manufacturer: QEMU [ 77.670258][ T56] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1 [ 77.690897][ T56] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0003/input/input5 [ 77.701544][ T56] hid-generic 0003:0627:0001.0003: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0 [ 77.805684][ T6763] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 78.022976][ T6766] netlink: 'syz.2.205': attribute type 2 has an invalid length. [ 78.026083][ T6766] netlink: 'syz.2.205': attribute type 8 has an invalid length. [ 78.029220][ T6766] netlink: 132 bytes leftover after parsing attributes in process `syz.2.205'. [ 78.222001][ T6780] FAULT_INJECTION: forcing a failure. [ 78.222001][ T6780] name failslab, interval 1, probability 0, space 0, times 0 [ 78.226261][ T6780] CPU: 0 UID: 0 PID: 6780 Comm: syz.2.212 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 [ 78.229104][ T6780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 78.232555][ T6780] Call Trace: [ 78.233724][ T6780] [ 78.234518][ T6782] netlink: 4 bytes leftover after parsing attributes in process `syz.0.211'. [ 78.234646][ T6780] dump_stack_lvl+0x16c/0x1f0 [ 78.237083][ T6782] bridge_slave_1: left allmulticast mode [ 78.238358][ T6780] should_fail_ex+0x497/0x5b0 [ 78.240794][ T6782] bridge_slave_1: left promiscuous mode [ 78.241924][ T6780] ? fs_reclaim_acquire+0xae/0x150 [ 78.241939][ T6780] should_failslab+0xc2/0x120 [ 78.241954][ T6780] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 78.243761][ T6782] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.245020][ T6780] ? security_file_alloc+0x34/0x2b0 [ 78.251034][ T6780] security_file_alloc+0x34/0x2b0 [ 78.252442][ T6780] init_file+0x93/0x480 [ 78.253564][ T6780] alloc_empty_file+0x91/0x1e0 [ 78.254892][ T6780] path_openat+0xe1/0x2d60 [ 78.256129][ T6780] ? hlock_class+0x4e/0x130 [ 78.257404][ T6780] ? __lock_acquire+0x15a9/0x3c40 [ 78.258747][ T6780] ? __pfx_path_openat+0x10/0x10 [ 78.260070][ T6780] ? __pfx___lock_acquire+0x10/0x10 [ 78.261524][ T6780] ? lock_acquire.part.0+0x11b/0x380 [ 78.262928][ T6780] ? find_held_lock+0x2d/0x110 [ 78.264245][ T6780] do_filp_open+0x20c/0x470 [ 78.265484][ T6780] ? __pfx_do_filp_open+0x10/0x10 [ 78.266842][ T6780] ? find_held_lock+0x2d/0x110 [ 78.268103][ T6780] ? alloc_fd+0x41f/0x760 [ 78.269300][ T6780] do_sys_openat2+0x17a/0x1e0 [ 78.270629][ T6780] ? __pfx_do_sys_openat2+0x10/0x10 [ 78.272141][ T6780] ? __fget_files+0x206/0x3a0 [ 78.273509][ T6780] __ia32_compat_sys_openat+0x16e/0x210 [ 78.275085][ T6780] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 78.276794][ T6780] ? ksys_write+0x1ba/0x250 [ 78.278083][ T6780] __do_fast_syscall_32+0x73/0x120 [ 78.279542][ T6780] do_fast_syscall_32+0x32/0x80 [ 78.280925][ T6780] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 78.282728][ T6780] RIP: 0023:0xf7f67579 [ 78.283894][ T6780] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 78.289246][ T6780] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000127 [ 78.291555][ T6780] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000020000240 [ 78.294204][ T6780] RDX: 000000000000275a RSI: 0000000000000000 RDI: 0000000000000000 [ 78.296494][ T6780] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 78.298688][ T6780] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 78.300884][ T6780] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 78.303129][ T6780] [ 78.306583][ T6782] bridge_slave_0: left allmulticast mode [ 78.308582][ T6782] bridge_slave_0: left promiscuous mode [ 78.311078][ T6782] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.443747][ T6788] netlink: 20 bytes leftover after parsing attributes in process `syz.1.213'. [ 78.607050][ T6801] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 78.607061][ T6801] CIFS mount error: No usable UNC path provided in device string! [ 78.607061][ T6801] [ 78.607166][ T6801] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 78.612223][ T1133] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.841741][ T5949] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 78.844678][ T5949] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 78.847543][ T5949] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 78.868009][ T5949] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 78.870789][ T5949] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 78.873040][ T5949] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 78.936657][ T6800] xt_CT: No such helper "snmp_trap" [ 79.060148][ T6818] netlink: 'syz.0.221': attribute type 10 has an invalid length. [ 79.107179][ T6819] netlink: 'syz.0.221': attribute type 10 has an invalid length. [ 79.247251][ T6818] bond0: (slave netdevsim0): Releasing backup interface [ 79.250262][ T6818] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 79.254541][ T6818] team0: Port device netdevsim0 added [ 79.265212][ T6819] team0: Port device netdevsim0 removed [ 79.268807][ T6819] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 79.271887][ T6819] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 79.278039][ T6808] chnl_net:caif_netlink_parms(): no params data found [ 79.345468][ T6808] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.348607][ T6808] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.353025][ T6808] bridge_slave_0: entered allmulticast mode [ 79.356559][ T6808] bridge_slave_0: entered promiscuous mode [ 79.363949][ T6808] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.366959][ T6808] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.369646][ T6808] bridge_slave_1: entered allmulticast mode [ 79.374002][ T6808] bridge_slave_1: entered promiscuous mode [ 79.405179][ T6808] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.408853][ T6808] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.446407][ T6808] team0: Port device team_slave_0 added [ 79.449655][ T6808] team0: Port device team_slave_1 added [ 79.476243][ T6808] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.478397][ T6808] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.486365][ T6808] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.491048][ T6808] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.495343][ T6808] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.504970][ T6808] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.541066][ T6808] hsr_slave_0: entered promiscuous mode [ 79.545076][ T6808] hsr_slave_1: entered promiscuous mode [ 79.547088][ T6808] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.550372][ T6808] Cannot create hsr debugfs directory [ 80.479494][ T1133] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.547228][ T6841] netlink: 4 bytes leftover after parsing attributes in process `syz.1.226'. [ 80.582518][ T1133] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.659874][ T1133] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.760583][ T1133] bridge_slave_1: left allmulticast mode [ 80.762265][ T1133] bridge_slave_1: left promiscuous mode [ 80.764010][ T1133] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.767066][ T1133] bridge_slave_0: left allmulticast mode [ 80.768984][ T1133] bridge_slave_0: left promiscuous mode [ 80.770922][ T1133] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.879852][ T1447] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 80.910055][ T5949] Bluetooth: hci1: command tx timeout [ 80.992890][ T1133] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 80.997148][ T1133] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 81.002446][ T1133] bond0 (unregistering): Released all slaves [ 81.030731][ T1447] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 81.033636][ T1447] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 81.036298][ T1447] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 81.039488][ T1447] usb 7-1: config 0 interface 0 has no altsetting 0 [ 81.042461][ T1447] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 81.045052][ T1447] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 81.048128][ T1447] usb 7-1: config 0 interface 0 has no altsetting 0 [ 81.050951][ T1447] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 81.053529][ T1447] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 81.056695][ T1447] usb 7-1: config 0 interface 0 has no altsetting 0 [ 81.059274][ T1447] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 81.065459][ T1447] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 81.068592][ T1447] usb 7-1: config 0 interface 0 has no altsetting 0 [ 81.073625][ T1447] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 81.077344][ T1447] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 81.085077][ T1447] usb 7-1: config 0 interface 0 has no altsetting 0 [ 81.094005][ T1447] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 81.096860][ T1447] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 81.100290][ T1447] usb 7-1: config 0 interface 0 has no altsetting 0 [ 81.107008][ T1447] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 81.109429][ T1447] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 81.114705][ T1447] usb 7-1: config 0 interface 0 has no altsetting 0 [ 81.117391][ T1447] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 81.122489][ T1447] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 81.128262][ T1447] usb 7-1: config 0 interface 0 has no altsetting 0 [ 81.141081][ T1447] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 81.143675][ T1447] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 81.146234][ T1447] usb 7-1: Product: syz [ 81.147583][ T1447] usb 7-1: Manufacturer: syz [ 81.148933][ T1447] usb 7-1: SerialNumber: syz [ 81.158673][ T1447] usb 7-1: config 0 descriptor?? [ 81.164956][ T1447] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 81.383618][ T1133] hsr_slave_0: left promiscuous mode [ 81.385881][ T1133] hsr_slave_1: left promiscuous mode [ 81.388028][ T1133] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 81.392031][ T1133] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 81.394626][ T1133] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 81.396797][ T1133] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 81.415302][ T1133] veth1_macvtap: left promiscuous mode [ 81.416977][ T1133] veth0_macvtap: left promiscuous mode [ 81.418609][ T1133] veth1_vlan: left promiscuous mode [ 81.421935][ T1133] veth0_vlan: left promiscuous mode [ 81.432966][ T6872] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 81.436317][ T6872] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 81.956042][ T1133] team0 (unregistering): Port device team_slave_1 removed [ 82.017057][ T1133] team0 (unregistering): Port device team_slave_0 removed [ 82.486430][ T5993] usb 7-1: USB disconnect, device number 6 [ 82.489457][ T5993] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 82.528436][ T6808] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 82.546388][ T6808] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 82.553543][ T6808] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 82.575058][ T6808] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 82.636494][ T6808] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.648081][ T6808] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.654190][ T1135] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.656287][ T1135] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.660888][ T1135] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.662964][ T1135] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.753757][ T39] audit: type=1326 audit(1735236869.949:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6894 comm="syz.1.236" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7fc00000 [ 82.764833][ T6808] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.786925][ T6808] veth0_vlan: entered promiscuous mode [ 82.791797][ T6808] veth1_vlan: entered promiscuous mode [ 82.808534][ T6808] veth0_macvtap: entered promiscuous mode [ 82.812337][ T6808] veth1_macvtap: entered promiscuous mode [ 82.821583][ T6808] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.825353][ T6808] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.828260][ T6808] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.831858][ T6808] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.835375][ T6808] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.839429][ T6808] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.844419][ T6808] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.853613][ T6808] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.857102][ T6808] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.861127][ T6808] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.864967][ T6808] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.867930][ T6808] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.871374][ T6808] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.874786][ T6808] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.879363][ T6808] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.882021][ T6808] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.884592][ T6808] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.887319][ T6808] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.913202][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.915609][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.928936][ T99] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.932519][ T99] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.989892][ T5949] Bluetooth: hci1: command tx timeout [ 83.326991][ T6909] netlink: 4 bytes leftover after parsing attributes in process `syz.2.237'. [ 83.429253][ T39] audit: type=1326 audit(1735236870.619:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6894 comm="syz.1.236" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fc5579 code=0x7fc00000 [ 83.875503][ T6924] netlink: 'syz.0.241': attribute type 10 has an invalid length. [ 83.902816][ T6924] bond0: (slave netdevsim0): Releasing backup interface [ 83.905289][ T6924] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 83.912002][ T6924] team0: Port device netdevsim0 added [ 83.923862][ T6924] netlink: 'syz.0.241': attribute type 10 has an invalid length. [ 83.932871][ T6924] team0: Port device netdevsim0 removed [ 83.938256][ T6924] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 83.941084][ T6924] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 84.488765][ T6938] input: syz0 as /devices/virtual/input/input6 [ 84.602616][ T6945] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 84.734531][ T6941] netlink: 8 bytes leftover after parsing attributes in process `syz.1.247'. [ 85.451418][ T6957] netlink: 4 bytes leftover after parsing attributes in process `syz.1.251'. [ 85.938643][ T6968] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 86.236379][ T1135] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.803417][ T5946] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.806823][ T5946] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.809391][ T5946] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.813941][ T5946] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.816513][ T5946] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 86.818664][ T5946] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.891213][ T6978] chnl_net:caif_netlink_parms(): no params data found [ 86.995687][ T6989] netlink: 92 bytes leftover after parsing attributes in process `syz.1.257'. [ 87.034553][ T6978] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.039373][ T6978] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.052721][ T6978] bridge_slave_0: entered allmulticast mode [ 87.056015][ T6978] bridge_slave_0: entered promiscuous mode [ 87.060476][ T6978] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.064649][ T6978] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.089610][ T6978] bridge_slave_1: entered allmulticast mode [ 87.092018][ T6978] bridge_slave_1: entered promiscuous mode [ 87.095063][ T6992] netlink: 4 bytes leftover after parsing attributes in process `syz.2.260'. [ 87.119081][ T6978] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.128871][ T6978] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.175552][ T6978] team0: Port device team_slave_0 added [ 87.178268][ T6978] team0: Port device team_slave_1 added [ 87.205869][ T6978] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.207830][ T6978] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.215132][ T6978] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.218763][ T6978] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.220758][ T6978] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.236134][ T6978] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.261428][ T6978] hsr_slave_0: entered promiscuous mode [ 87.263612][ T6978] hsr_slave_1: entered promiscuous mode [ 87.348232][ T6997] FAULT_INJECTION: forcing a failure. [ 87.348232][ T6997] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 87.352142][ T6997] CPU: 1 UID: 0 PID: 6997 Comm: syz.2.262 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 [ 87.355285][ T6997] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 87.358886][ T6997] Call Trace: [ 87.360238][ T6997] [ 87.361422][ T6997] dump_stack_lvl+0x16c/0x1f0 [ 87.363300][ T6997] should_fail_ex+0x497/0x5b0 [ 87.365205][ T6997] _copy_from_user+0x2e/0xd0 [ 87.367079][ T6997] kstrtouint_from_user+0xd7/0x1c0 [ 87.369095][ T6997] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 87.371375][ T6997] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 87.373591][ T6997] proc_fail_nth_write+0x84/0x250 [ 87.375642][ T6997] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 87.377894][ T6997] ? ksys_write+0x12b/0x250 [ 87.379728][ T6997] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 87.382119][ T6997] vfs_write+0x24c/0x1150 [ 87.383850][ T6997] ? __fget_files+0x1fc/0x3a0 [ 87.385261][ T6997] ? __pfx___mutex_lock+0x10/0x10 [ 87.386805][ T6997] ? __pfx_vfs_write+0x10/0x10 [ 87.388695][ T6997] ? __fget_files+0x206/0x3a0 [ 87.390645][ T6997] ksys_write+0x12b/0x250 [ 87.392399][ T6997] ? __pfx_ksys_write+0x10/0x10 [ 87.394395][ T6997] __do_fast_syscall_32+0x73/0x120 [ 87.396483][ T6997] do_fast_syscall_32+0x32/0x80 [ 87.398426][ T6997] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 87.401005][ T6997] RIP: 0023:0xf7f67579 [ 87.402653][ T6997] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 87.410258][ T6997] RSP: 002b:00000000f50b6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 87.413650][ T6997] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50b6620 [ 87.416842][ T6997] RDX: 0000000000000001 RSI: 00000000f73f3ff4 RDI: 0000000000000000 [ 87.419896][ T6997] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 87.423151][ T6997] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 87.426319][ T6997] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 87.429478][ T6997] [ 87.719621][ T7004] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 87.722248][ T7004] overlayfs: missing 'lowerdir' [ 87.735241][ T7004] process 'syz.2.263' launched '/dev/fd/10' with NULL argv: empty string added [ 88.747470][ T1135] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.820044][ T1135] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.830241][ T5946] Bluetooth: hci1: command tx timeout [ 88.951518][ T1135] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.226751][ T1135] bridge_slave_1: left allmulticast mode [ 89.228512][ T1135] bridge_slave_1: left promiscuous mode [ 89.232082][ T1135] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.237713][ T1135] bridge_slave_0: left allmulticast mode [ 89.239578][ T1135] bridge_slave_0: left promiscuous mode [ 89.243669][ T1135] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.279446][ T7028] netlink: 8 bytes leftover after parsing attributes in process `syz.1.271'. [ 89.294076][ T7029] netlink: 'syz.0.269': attribute type 10 has an invalid length. [ 89.357159][ T7030] netlink: 'syz.0.269': attribute type 10 has an invalid length. [ 89.740915][ T1135] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 89.745961][ T1135] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 89.752034][ T1135] bond0 (unregistering): Released all slaves [ 89.763780][ T7029] bond0: (slave netdevsim0): Releasing backup interface [ 89.766130][ T7029] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 89.769038][ T7029] team0: Port device netdevsim0 added [ 89.790314][ T7030] team0: Port device netdevsim0 removed [ 89.792934][ T7030] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 89.795205][ T7030] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 89.799264][ T7033] FAULT_INJECTION: forcing a failure. [ 89.799264][ T7033] name failslab, interval 1, probability 0, space 0, times 0 [ 89.812008][ T7033] CPU: 3 UID: 0 PID: 7033 Comm: syz.1.272 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 [ 89.815603][ T7033] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 89.818998][ T7033] Call Trace: [ 89.820238][ T7033] [ 89.821382][ T7033] dump_stack_lvl+0x16c/0x1f0 [ 89.822883][ T7033] should_fail_ex+0x497/0x5b0 [ 89.824254][ T7033] ? fs_reclaim_acquire+0xae/0x150 [ 89.825648][ T7033] should_failslab+0xc2/0x120 [ 89.826964][ T7033] __kmalloc_node_track_caller_noprof+0xcf/0x520 [ 89.828638][ T7033] ? kstrdup_const+0x63/0x80 [ 89.829948][ T7033] kstrdup+0x42/0xb0 [ 89.831173][ T7033] kstrdup_const+0x63/0x80 [ 89.832466][ T7033] __kernfs_new_node+0x9c/0x890 [ 89.834003][ T7033] ? __pfx___kernfs_new_node+0x10/0x10 [ 89.835514][ T7033] ? __pfx_lock_release+0x10/0x10 [ 89.836894][ T7033] ? kernfs_add_one+0x39d/0x520 [ 89.838216][ T7033] ? lock_acquire.part.0+0x11b/0x380 [ 89.839677][ T7033] ? find_held_lock+0x2d/0x110 [ 89.841799][ T7033] kernfs_new_node+0x186/0x240 [ 89.843929][ T7033] kernfs_create_link+0xcc/0x240 [ 89.845963][ T7033] sysfs_do_create_link_sd+0x90/0x140 [ 89.848012][ T7033] sysfs_create_link+0x61/0xc0 [ 89.849408][ T7033] device_add+0x62e/0x1a70 [ 89.850756][ T7033] ? __pfx_device_add+0x10/0x10 [ 89.852558][ T7033] ? kfree+0x274/0x4b0 [ 89.854136][ T7033] ? kstrdup+0x8b/0xb0 [ 89.855639][ T7033] device_create_groups_vargs+0x1f8/0x270 [ 89.857783][ T7033] device_create+0xe9/0x130 [ 89.859466][ T7033] ? __pfx_device_create+0x10/0x10 [ 89.861423][ T7033] ? __pfx_vsnprintf+0x10/0x10 [ 89.863297][ T7033] ? __pfx___debug_object_init+0x10/0x10 [ 89.865467][ T7033] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 89.867663][ T7033] bdi_register_va+0x116/0x820 [ 89.869459][ T7033] ? __pfx_bdi_register_va+0x10/0x10 [ 89.871475][ T7033] ? do_init_timer+0xc9/0x110 [ 89.873383][ T7033] super_setup_bdi_name+0x100/0x250 [ 89.875433][ T7033] ? __pfx_super_setup_bdi_name+0x10/0x10 [ 89.877733][ T7033] ? __init_swait_queue_head+0xca/0x150 [ 89.879903][ T7033] ? shrinker_register+0x1a8/0x260 [ 89.881955][ T7033] ? sget+0x4e2/0x6c0 [ 89.883508][ T7033] v9fs_mount+0x308/0xa30 [ 89.885173][ T7033] ? __pfx_v9fs_mount+0x10/0x10 [ 89.887083][ T7033] ? __pfx_v9fs_mount+0x10/0x10 [ 89.889017][ T7033] legacy_get_tree+0x109/0x220 [ 89.890941][ T7033] vfs_get_tree+0x8f/0x380 [ 89.892755][ T7033] path_mount+0x6e1/0x1f10 [ 89.894594][ T7033] ? kmem_cache_free+0x152/0x4c0 [ 89.896620][ T7033] ? __pfx_path_mount+0x10/0x10 [ 89.898557][ T7033] ? putname+0x13c/0x180 [ 89.900233][ T7033] __ia32_sys_mount+0x292/0x310 [ 89.902173][ T7033] ? __pfx___ia32_sys_mount+0x10/0x10 [ 89.904298][ T7033] __do_fast_syscall_32+0x73/0x120 [ 89.906317][ T7033] do_fast_syscall_32+0x32/0x80 [ 89.908243][ T7033] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 89.910722][ T7033] RIP: 0023:0xf7fc5579 [ 89.912335][ T7033] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 89.919792][ T7033] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 89.923118][ T7033] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000040 [ 89.926172][ T7033] RDX: 0000000020000b80 RSI: 0000000000000000 RDI: 0000000020000580 [ 89.929208][ T7033] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 89.932293][ T7033] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 89.935398][ T7033] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 89.938480][ T7033] [ 89.939849][ C3] vkms_vblank_simulate: vblank timer overrun [ 90.099849][ T1447] usb 5-1: new low-speed USB device number 2 using dummy_hcd [ 90.159151][ T7050] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 90.239576][ T6978] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 90.251010][ T1447] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 90.253422][ T1447] usb 5-1: config 0 has no interface number 0 [ 90.255198][ T1447] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 90.258501][ T6978] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 90.272004][ T1447] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 90.275320][ T1447] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 90.278699][ T1447] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 90.287653][ T1447] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 90.291017][ T1447] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 90.291591][ T6978] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 90.295958][ T1447] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 90.302224][ T1447] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.318292][ T1447] usb 5-1: config 0 descriptor?? [ 90.318429][ T6978] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 90.321003][ T7035] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 90.325376][ T7035] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 90.331632][ T1447] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 90.338349][ T1135] hsr_slave_0: left promiscuous mode [ 90.343283][ T1135] hsr_slave_1: left promiscuous mode [ 90.346593][ T1135] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 90.348952][ T1135] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 90.360344][ T1135] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 90.366207][ T1135] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 90.409641][ T1135] veth1_macvtap: left promiscuous mode [ 90.416777][ T1135] veth0_macvtap: left promiscuous mode [ 90.420926][ T1135] veth1_vlan: left promiscuous mode [ 90.423257][ T1135] veth0_vlan: left promiscuous mode [ 90.910870][ T5946] Bluetooth: hci1: command tx timeout [ 91.013211][ T7070] usb usb7: selecting invalid altsetting 6 [ 91.018187][ T7074] usb usb7: selecting invalid altsetting 6 [ 91.266891][ T1135] team0 (unregistering): Port device team_slave_1 removed [ 91.442523][ T1135] team0 (unregistering): Port device team_slave_0 removed [ 92.106883][ T6978] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.119375][ T6978] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.124693][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.126833][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.138751][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.141132][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.161838][ T5979] usb 5-1: USB disconnect, device number 2 [ 92.169317][ T5979] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 92.292288][ T6978] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.327500][ T6978] veth0_vlan: entered promiscuous mode [ 92.339182][ T6978] veth1_vlan: entered promiscuous mode [ 92.375565][ T6978] veth0_macvtap: entered promiscuous mode [ 92.380148][ T6978] veth1_macvtap: entered promiscuous mode [ 92.388412][ T6978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.393653][ T6978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.396766][ T6978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.401841][ T6978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.404733][ T6978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.408704][ T6978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.417531][ T6978] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.429053][ T6978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.432184][ T6978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.435057][ T6978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.438280][ T6978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.444226][ T6978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.447464][ T6978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.452527][ T6978] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.462055][ T6978] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.464614][ T6978] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.467196][ T6978] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.469885][ T6978] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.510504][ T1133] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.515024][ T1133] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.527361][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.530633][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.949972][ T5979] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 93.130287][ T5979] usb 5-1: Using ep0 maxpacket: 8 [ 93.134121][ T5979] usb 5-1: config 0 has an invalid interface number: 52 but max is 0 [ 93.137564][ T5979] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 93.141909][ T5979] usb 5-1: config 0 has no interface number 0 [ 93.144573][ T5979] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 93.149248][ T5979] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 93.154046][ T5979] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 93.160046][ T5979] usb 5-1: config 0 interface 52 has no altsetting 0 [ 93.161594][ T7109] bridge0: port 1(vlan2) entered blocking state [ 93.164247][ T5979] usb 5-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00 [ 93.164536][ T7109] bridge0: port 1(vlan2) entered disabled state [ 93.168125][ T5979] usb 5-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35 [ 93.171665][ T7109] vlan2: entered allmulticast mode [ 93.173480][ T5979] usb 5-1: Product: syz [ 93.177401][ T5979] usb 5-1: SerialNumber: syz [ 93.177681][ T7109] vlan2: left allmulticast mode [ 93.181280][ T5979] usb 5-1: config 0 descriptor?? [ 93.386863][ T39] audit: type=1326 audit(1735236880.579:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7110 comm="syz.1.290" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000 [ 93.388963][ T5979] input: syz (Stick) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.52/input/input7 [ 93.397904][ T39] audit: type=1326 audit(1735236880.579:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7110 comm="syz.1.290" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000 [ 93.403849][ T5342] synaptics_usb 5-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 93.408623][ T39] audit: type=1326 audit(1735236880.589:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7110 comm="syz.1.290" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fc5579 code=0x7ffc0000 [ 93.416609][ T39] audit: type=1326 audit(1735236880.589:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7110 comm="syz.1.290" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000 [ 93.424476][ T39] audit: type=1326 audit(1735236880.589:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7110 comm="syz.1.290" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000 [ 93.424543][ T5342] synaptics_usb 5-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 93.432239][ T39] audit: type=1326 audit(1735236880.589:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7110 comm="syz.1.290" exe="/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf7fc5579 code=0x7ffc0000 [ 93.442930][ T39] audit: type=1326 audit(1735236880.599:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7110 comm="syz.1.290" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x0 [ 93.447612][ T5342] synaptics_usb 5-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 93.454834][ T5342] synaptics_usb 5-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 93.496943][ T6725] synaptics_usb 5-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 93.515059][ T5342] synaptics_usb 5-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 93.523599][ T5342] synaptics_usb 5-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 93.530201][ T5342] synaptics_usb 5-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 93.640133][ T7098] synaptics_usb 5-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 93.661013][ T5979] usb 5-1: USB disconnect, device number 3 [ 94.448473][ T7131] loop6: detected capacity change from 0 to 524287999 [ 94.451470][ C3] blk_print_req_error: 58 callbacks suppressed [ 94.451481][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.455996][ C3] buffer_io_error: 58 callbacks suppressed [ 94.456005][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 94.460742][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.463916][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 94.466877][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.469556][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 94.472134][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.474861][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 94.477400][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.480195][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 94.483095][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.485917][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 94.488875][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.492687][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 94.496939][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.499713][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 94.502973][ T7131] ldm_validate_partition_table(): Disk read failed. [ 94.573884][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.576783][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 94.581206][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.583839][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 94.586668][ T7131] Dev loop6: unable to read RDB block 0 [ 94.590243][ T7131] loop6: unable to read partition table [ 94.591957][ T7131] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 94.608644][ T7132] ldm_validate_partition_table(): Disk read failed. [ 94.611757][ T7132] Dev loop6: unable to read RDB block 0 [ 94.614325][ T7132] loop6: unable to read partition table [ 94.616037][ T7132] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 94.757575][ T1133] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.472307][ T7141] loop6: detected capacity change from 0 to 524287999 [ 95.476211][ T7141] ldm_validate_partition_table(): Disk read failed. [ 95.479336][ T7141] Dev loop6: unable to read RDB block 0 [ 95.482250][ T7141] loop6: unable to read partition table [ 95.483948][ T7141] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 95.533938][ T7145] netlink: 4 bytes leftover after parsing attributes in process `syz.2.299'. [ 95.598229][ T5949] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 95.605440][ T5949] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 95.608623][ T5949] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 95.611815][ T7141] ldm_validate_partition_table(): Disk read failed. [ 95.615076][ T7141] Dev loop6: unable to read RDB block 0 [ 95.615499][ T5949] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 95.617841][ T7141] loop6: unable to read partition table [ 95.619910][ T5949] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 95.625066][ T5949] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 95.627470][ T7141] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 95.676913][ T7152] netlink: 48 bytes leftover after parsing attributes in process `syz.2.300'. [ 95.681862][ T7154] netlink: 'syz.1.296': attribute type 10 has an invalid length. [ 95.735214][ T7155] netlink: 'syz.1.296': attribute type 10 has an invalid length. [ 95.751188][ T7154] bond0: (slave netdevsim0): Releasing backup interface [ 95.757505][ T7154] team0: Port device netdevsim0 added [ 95.769596][ T7155] team0: Port device netdevsim0 removed [ 95.773459][ T7155] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 95.963277][ T7150] chnl_net:caif_netlink_parms(): no params data found [ 96.050366][ T7150] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.053012][ T7150] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.055659][ T7150] bridge_slave_0: entered allmulticast mode [ 96.058574][ T7150] bridge_slave_0: entered promiscuous mode [ 96.063808][ T7150] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.066562][ T7150] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.069359][ T7150] bridge_slave_1: entered allmulticast mode [ 96.072942][ T7150] bridge_slave_1: entered promiscuous mode [ 96.179064][ T7150] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.184398][ T7150] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.208647][ T7150] team0: Port device team_slave_0 added [ 96.212878][ T7150] team0: Port device team_slave_1 added [ 96.234469][ T7150] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.237345][ T7150] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.247814][ T7150] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.253834][ T7150] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.256641][ T7150] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.271457][ T7150] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.358116][ T7150] hsr_slave_0: entered promiscuous mode [ 96.361813][ T7150] hsr_slave_1: entered promiscuous mode [ 96.365698][ T7150] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 96.368687][ T7150] Cannot create hsr debugfs directory [ 96.524158][ T7164] netlink: 4 bytes leftover after parsing attributes in process `syz.0.301'. [ 96.628502][ T7173] loop6: detected capacity change from 0 to 524287999 [ 96.632084][ T7173] ldm_validate_partition_table(): Disk read failed. [ 96.634368][ T7173] Dev loop6: unable to read RDB block 0 [ 96.636996][ T7173] loop6: unable to read partition table [ 96.639337][ T7173] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 96.701712][ T7173] ldm_validate_partition_table(): Disk read failed. [ 96.704856][ T7173] Dev loop6: unable to read RDB block 0 [ 96.707631][ T7173] loop6: unable to read partition table [ 96.714527][ T7173] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 96.754616][ T7176] netlink: 'syz.1.302': attribute type 10 has an invalid length. [ 96.810890][ T7178] netlink: 'syz.1.302': attribute type 10 has an invalid length. [ 96.815594][ T7176] bond0: (slave netdevsim0): Releasing backup interface [ 96.824744][ T7176] team0: Port device netdevsim0 added [ 96.851331][ T7178] team0: Port device netdevsim0 removed [ 96.853933][ T7178] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 96.937902][ T1133] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.005430][ T1133] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.100093][ T1133] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.213268][ T1133] bridge_slave_1: left allmulticast mode [ 97.217863][ T1133] bridge_slave_1: left promiscuous mode [ 97.220120][ T1133] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.223926][ T1133] bridge_slave_0: left allmulticast mode [ 97.225651][ T1133] bridge_slave_0: left promiscuous mode [ 97.227630][ T1133] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.550323][ T1133] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 97.554326][ T1133] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 97.557855][ T1133] bond0 (unregistering): Released all slaves [ 97.710440][ T5949] Bluetooth: hci1: command tx timeout [ 97.858358][ T7207] netlink: 'syz.1.310': attribute type 10 has an invalid length. [ 97.867621][ T7207] bond0: (slave netdevsim0): Releasing backup interface [ 97.877943][ T7207] team0: Port device netdevsim0 added [ 97.884620][ T7207] netlink: 'syz.1.310': attribute type 10 has an invalid length. [ 97.901226][ T7207] team0: Port device netdevsim0 removed [ 97.906527][ T7207] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 98.167366][ T1133] hsr_slave_0: left promiscuous mode [ 98.169521][ T1133] hsr_slave_1: left promiscuous mode [ 98.171680][ T1133] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 98.173956][ T1133] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 98.176540][ T1133] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 98.178772][ T1133] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 98.204965][ T1133] veth1_macvtap: left promiscuous mode [ 98.206608][ T1133] veth0_macvtap: left promiscuous mode [ 98.208256][ T1133] veth1_vlan: left promiscuous mode [ 98.211175][ T1133] veth0_vlan: left promiscuous mode [ 98.240077][ T7214] netlink: 48 bytes leftover after parsing attributes in process `syz.2.311'. [ 98.363546][ T7216] netlink: 'syz.0.312': attribute type 10 has an invalid length. [ 98.417903][ T7217] netlink: 'syz.0.312': attribute type 10 has an invalid length. [ 98.969596][ T1133] team0 (unregistering): Port device team_slave_1 removed [ 99.039608][ T1133] team0 (unregistering): Port device team_slave_0 removed [ 99.497497][ T7216] bond0: (slave netdevsim0): Releasing backup interface [ 99.499591][ T7216] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 99.502769][ T7216] team0: Port device netdevsim0 added [ 99.506039][ T7217] team0: Port device netdevsim0 removed [ 99.508531][ T7217] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 99.510990][ T7217] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 99.577787][ T7227] FAULT_INJECTION: forcing a failure. [ 99.577787][ T7227] name failslab, interval 1, probability 0, space 0, times 0 [ 99.594205][ T7227] CPU: 0 UID: 0 PID: 7227 Comm: syz.0.315 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 [ 99.597242][ T7227] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 99.600361][ T7227] Call Trace: [ 99.601319][ T7227] [ 99.602168][ T7227] dump_stack_lvl+0x16c/0x1f0 [ 99.603538][ T7227] should_fail_ex+0x497/0x5b0 [ 99.604897][ T7227] ? fs_reclaim_acquire+0xae/0x150 [ 99.606358][ T7227] should_failslab+0xc2/0x120 [ 99.607717][ T7227] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 99.609268][ T7227] ? __pfx___might_resched+0x10/0x10 [ 99.610720][ T7227] ? alloc_vmap_area+0x636/0x2a70 [ 99.612080][ T7227] alloc_vmap_area+0x636/0x2a70 [ 99.613412][ T7227] ? __pfx_alloc_vmap_area+0x10/0x10 [ 99.614814][ T7227] __get_vm_area_node+0x19e/0x2f0 [ 99.616136][ T7227] ? kernel_text_address+0x8d/0x100 [ 99.617495][ T7227] __vmalloc_node_range_noprof+0x26a/0x1530 [ 99.619265][ T7227] ? bpf_prog_calc_tag+0x100/0x780 [ 99.620634][ T7227] ? bpf_prog_calc_tag+0x100/0x780 [ 99.622035][ T7227] ? __pfx_stack_trace_save+0x10/0x10 [ 99.623452][ T7227] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 99.625179][ T7227] ? kasan_save_stack+0x33/0x60 [ 99.625514][ T7150] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 99.626435][ T7227] ? kasan_save_track+0x14/0x30 [ 99.629918][ T7227] ? __kasan_kmalloc+0xaa/0xb0 [ 99.631197][ T7227] ? __kmalloc_node_noprof+0x21f/0x520 [ 99.632610][ T7227] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 99.634085][ T7227] ? bpf_check+0xba9/0xc870 [ 99.635321][ T7227] ? bpf_prog_calc_tag+0x100/0x780 [ 99.636661][ T7227] vmalloc_noprof+0x6b/0x90 [ 99.637857][ T7227] ? bpf_prog_calc_tag+0x100/0x780 [ 99.639219][ T7227] bpf_prog_calc_tag+0x100/0x780 [ 99.640597][ T7227] ? __pfx_bpf_prog_calc_tag+0x10/0x10 [ 99.642044][ T7227] ? __pfx_sort+0x10/0x10 [ 99.643185][ T7227] ? find_containing_subprog+0x175/0x1d0 [ 99.644657][ T7227] ? add_subprog_and_kfunc+0x5e5/0x1b70 [ 99.646095][ T7227] resolve_pseudo_ldimm64+0xcd/0x2950 [ 99.647506][ T7227] ? __pfx_add_subprog_and_kfunc+0x10/0x10 [ 99.649089][ T7227] ? __pfx_resolve_pseudo_ldimm64+0x10/0x10 [ 99.650650][ T7227] ? __kmalloc_node_noprof+0x23d/0x520 [ 99.652254][ T7227] ? bpf_lsm_ptrace_access_check+0x1/0x10 [ 99.653856][ T7227] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 99.655712][ T7227] ? check_subprogs+0x592/0x7f0 [ 99.657103][ T7227] bpf_check+0x4fc1/0xc870 [ 99.658309][ T7227] ? hlock_class+0x4e/0x130 [ 99.659489][ T7227] ? lockdep_hardirqs_on_prepare+0x400/0x420 [ 99.661093][ T7227] ? __pfx_bpf_check+0x10/0x10 [ 99.662418][ T7227] ? find_held_lock+0x2d/0x110 [ 99.663761][ T7227] ? bpf_prog_load+0xd45/0x2670 [ 99.665125][ T7227] ? __pfx_lock_release+0x10/0x10 [ 99.666528][ T7227] ? trace_lock_acquire+0x14e/0x1f0 [ 99.668008][ T7227] ? bpf_prog_load+0xd45/0x2670 [ 99.669509][ T7227] ? ktime_get_with_offset+0x273/0x3a0 [ 99.670956][ T7227] ? lockdep_hardirqs_on+0x7c/0x110 [ 99.672335][ T7227] ? read_tsc+0x9/0x20 [ 99.673461][ T7227] ? ktime_get_with_offset+0x20f/0x3a0 [ 99.674924][ T7227] ? bpf_obj_name_cpy+0x156/0x1b0 [ 99.676289][ T7227] bpf_prog_load+0xe3f/0x2670 [ 99.677540][ T7227] ? __pfx_bpf_prog_load+0x10/0x10 [ 99.679153][ T7227] ? find_held_lock+0x2d/0x110 [ 99.680439][ T7227] ? __might_fault+0x13b/0x190 [ 99.681765][ T7227] ? __might_fault+0xe3/0x190 [ 99.683050][ T7227] __sys_bpf+0x5677/0x57a0 [ 99.684270][ T7227] ? __pfx_lock_release+0x10/0x10 [ 99.685611][ T7227] ? __pfx___sys_bpf+0x10/0x10 [ 99.686889][ T7227] ? vfs_write+0x306/0x1150 [ 99.688251][ T7227] ? __mutex_unlock_slowpath+0x164/0x690 [ 99.690481][ T7227] ? fput+0x67/0x440 [ 99.692000][ T7227] ? ksys_write+0x1ba/0x250 [ 99.693798][ T7227] ? __pfx_ksys_write+0x10/0x10 [ 99.695250][ T7227] __ia32_sys_bpf+0x76/0xe0 [ 99.696477][ T7227] __do_fast_syscall_32+0x73/0x120 [ 99.697852][ T7227] do_fast_syscall_32+0x32/0x80 [ 99.699145][ T7227] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 99.700865][ T7227] RIP: 0023:0xf7f42579 [ 99.702010][ T7227] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 99.707227][ T7227] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 99.709529][ T7227] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000840 [ 99.711681][ T7227] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 99.713763][ T7227] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 99.715851][ T7227] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 99.718055][ T7227] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 99.720309][ T7227] [ 99.727678][ T7227] syz.0.315: vmalloc error: size 256, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 99.733381][ T7227] CPU: 0 UID: 0 PID: 7227 Comm: syz.0.315 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 [ 99.735083][ T7150] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 99.736437][ T7227] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 99.736448][ T7227] Call Trace: [ 99.736452][ T7227] [ 99.736457][ T7227] dump_stack_lvl+0x16c/0x1f0 [ 99.744488][ T7227] warn_alloc+0x24d/0x3a0 [ 99.745729][ T7227] ? __pfx_warn_alloc+0x10/0x10 [ 99.747124][ T7227] ? kfree+0x14f/0x4b0 [ 99.748314][ T7227] ? __get_vm_area_node+0x1dc/0x2f0 [ 99.749808][ T7227] __vmalloc_node_range_noprof+0xd27/0x1530 [ 99.751495][ T7227] ? bpf_prog_calc_tag+0x100/0x780 [ 99.753003][ T7227] ? __pfx_stack_trace_save+0x10/0x10 [ 99.754554][ T7227] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 99.756357][ T7227] ? kasan_save_stack+0x33/0x60 [ 99.757756][ T7227] ? kasan_save_track+0x14/0x30 [ 99.759144][ T7227] ? __kasan_kmalloc+0xaa/0xb0 [ 99.760518][ T7227] ? __kmalloc_node_noprof+0x21f/0x520 [ 99.762076][ T7227] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 99.763645][ T7227] ? bpf_check+0xba9/0xc870 [ 99.764960][ T7227] ? bpf_prog_calc_tag+0x100/0x780 [ 99.766430][ T7227] vmalloc_noprof+0x6b/0x90 [ 99.767731][ T7227] ? bpf_prog_calc_tag+0x100/0x780 [ 99.769192][ T7227] bpf_prog_calc_tag+0x100/0x780 [ 99.770607][ T7227] ? __pfx_bpf_prog_calc_tag+0x10/0x10 [ 99.772167][ T7227] ? __pfx_sort+0x10/0x10 [ 99.773416][ T7227] ? find_containing_subprog+0x175/0x1d0 [ 99.775038][ T7227] ? add_subprog_and_kfunc+0x5e5/0x1b70 [ 99.776625][ T7227] resolve_pseudo_ldimm64+0xcd/0x2950 [ 99.778165][ T7227] ? __pfx_add_subprog_and_kfunc+0x10/0x10 [ 99.779834][ T7227] ? __pfx_resolve_pseudo_ldimm64+0x10/0x10 [ 99.781528][ T7227] ? __kmalloc_node_noprof+0x23d/0x520 [ 99.783046][ T7227] ? bpf_lsm_ptrace_access_check+0x1/0x10 [ 99.784670][ T7227] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 99.786223][ T7227] ? check_subprogs+0x592/0x7f0 [ 99.787614][ T7227] bpf_check+0x4fc1/0xc870 [ 99.789123][ T7227] ? hlock_class+0x4e/0x130 [ 99.790439][ T7227] ? lockdep_hardirqs_on_prepare+0x400/0x420 [ 99.792159][ T7227] ? __pfx_bpf_check+0x10/0x10 [ 99.793560][ T7227] ? find_held_lock+0x2d/0x110 [ 99.794956][ T7227] ? bpf_prog_load+0xd45/0x2670 [ 99.796361][ T7227] ? __pfx_lock_release+0x10/0x10 [ 99.797806][ T7227] ? trace_lock_acquire+0x14e/0x1f0 [ 99.799257][ T7227] ? bpf_prog_load+0xd45/0x2670 [ 99.800655][ T7227] ? ktime_get_with_offset+0x273/0x3a0 [ 99.802249][ T7227] ? lockdep_hardirqs_on+0x7c/0x110 [ 99.803776][ T7227] ? read_tsc+0x9/0x20 [ 99.804961][ T7227] ? ktime_get_with_offset+0x20f/0x3a0 [ 99.806522][ T7227] ? bpf_obj_name_cpy+0x156/0x1b0 [ 99.807977][ T7227] bpf_prog_load+0xe3f/0x2670 [ 99.809334][ T7227] ? __pfx_bpf_prog_load+0x10/0x10 [ 99.810794][ T7227] ? find_held_lock+0x2d/0x110 [ 99.812184][ T7227] ? __might_fault+0x13b/0x190 [ 99.813595][ T7227] ? __might_fault+0xe3/0x190 [ 99.814973][ T7227] __sys_bpf+0x5677/0x57a0 [ 99.816212][ T7227] ? __pfx_lock_release+0x10/0x10 [ 99.817651][ T7227] ? __pfx___sys_bpf+0x10/0x10 [ 99.819085][ T7227] ? vfs_write+0x306/0x1150 [ 99.820403][ T7227] ? __mutex_unlock_slowpath+0x164/0x690 [ 99.822015][ T7227] ? fput+0x67/0x440 [ 99.823165][ T7227] ? ksys_write+0x1ba/0x250 [ 99.824478][ T7227] ? __pfx_ksys_write+0x10/0x10 [ 99.825878][ T7227] __ia32_sys_bpf+0x76/0xe0 [ 99.827183][ T7227] __do_fast_syscall_32+0x73/0x120 [ 99.828692][ T7227] do_fast_syscall_32+0x32/0x80 [ 99.829956][ T5949] Bluetooth: hci1: command tx timeout [ 99.830084][ T7227] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 99.833739][ T7227] RIP: 0023:0xf7f42579 [ 99.834925][ T7227] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 99.840499][ T7227] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 99.842890][ T7227] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000840 [ 99.845148][ T7227] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 99.847387][ T7227] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 99.849761][ T7227] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 99.852079][ T7227] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 99.854360][ T7227] [ 99.855764][ T7227] Mem-Info: [ 99.856754][ T7227] active_anon:5748 inactive_anon:80 isolated_anon:0 [ 99.856754][ T7227] active_file:2076 inactive_file:45963 isolated_file:0 [ 99.856754][ T7227] unevictable:1768 dirty:382 writeback:0 [ 99.856754][ T7227] slab_reclaimable:7841 slab_unreclaimable:56161 [ 99.856754][ T7227] mapped:24750 shmem:2491 pagetables:714 [ 99.856754][ T7227] sec_pagetables:305 bounce:0 [ 99.856754][ T7227] kernel_misc_reclaimable:0 [ 99.856754][ T7227] free:55723 free_pcp:1054 free_cma:0 [ 99.871861][ T7227] Node 0 active_anon:4932kB inactive_anon:320kB active_file:660kB inactive_file:8344kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:6140kB dirty:80kB writeback:0kB shmem:5192kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9960kB pagetables:1052kB sec_pagetables:1144kB all_unreclaimable? yes [ 99.873383][ T7150] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 99.883307][ T7227] Node 1 active_anon:18160kB inactive_anon:0kB active_file:7644kB inactive_file:175508kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:92860kB dirty:1448kB writeback:0kB shmem:4772kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:2164kB pagetables:1804kB sec_pagetables:76kB all_unreclaimable? no [ 99.883357][ T7227] Node 0 DMA free:2984kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:92kB inactive_anon:4kB active_file:12kB inactive_file:36kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:488kB local_pcp:148kB free_cma:0kB [ 99.883405][ T7227] lowmem_reserve[]: 0 273 0 0 0 [ 99.906819][ T7150] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 99.907071][ T7227] Node 0 DMA32 free:20216kB boost:2048kB min:15952kB low:19428kB high:22904kB reserved_highatomic:4096KB active_anon:4688kB inactive_anon:316kB active_file:648kB inactive_file:8308kB unevictable:3536kB writepending:80kB present:1032196kB managed:306308kB mlocked:0kB bounce:0kB free_pcp:1120kB local_pcp:168kB free_cma:0kB [ 99.921183][ T7227] lowmem_reserve[]: 0 0 0 0 0 [ 99.923144][ T7227] Node 1 DMA32 free:199716kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB active_anon:18060kB inactive_anon:0kB active_file:7644kB inactive_file:175508kB unevictable:3536kB writepending:1448kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:3280kB local_pcp:344kB free_cma:0kB [ 99.932275][ T7236] loop6: detected capacity change from 0 to 524287999 [ 99.933075][ T7227] lowmem_reserve[]: 0 0 0 0 0 [ 99.935184][ C3] blk_print_req_error: 92 callbacks suppressed [ 99.935193][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.936977][ T7227] Node 0 [ 99.939411][ C3] buffer_io_error: 92 callbacks suppressed [ 99.939424][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.943103][ T7227] DMA: [ 99.944431][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.945955][ T7227] 6*4kB [ 99.948287][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.949166][ T7227] (U) [ 99.952245][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.952624][ T7227] 34*8kB (U) [ 99.955797][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.956544][ T7227] 50*16kB (UE) [ 99.961516][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.963452][ T7227] 59*32kB [ 99.964877][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.967299][ T7227] (UE) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2984kB [ 99.972967][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.974918][ T7227] Node 0 [ 99.977506][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.977711][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.978741][ T7227] DMA32: [ 99.981033][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.981719][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.986640][ T7227] 277*4kB [ 99.987722][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.991448][ T7227] (UMH) [ 99.994414][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.995720][ T7227] 48*8kB [ 99.996754][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 100.001456][ T7227] (UMH) 26*16kB (UMH) [ 100.004359][ T7236] ldm_validate_partition_table(): Disk read failed. [ 100.008277][ T7227] 60*32kB (UMH) 40*64kB (UMEH) 19*128kB (UME) 4*256kB (UM) 6*512kB (UM) 1*1024kB (U) 1*2048kB (M) 1*4096kB (M) = 20084kB [ 100.012789][ T7150] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.013233][ T7227] Node 1 DMA32: 52*4kB (UE) 220*8kB (UME) 250*16kB (UME) 322*32kB (UME) 135*64kB (UME) 74*128kB (UME) 44*256kB (UM) 18*512kB (UM) 5*1024kB (ME) 10*2048kB (M) 29*4096kB (ME) = 199248kB [ 100.021589][ T7150] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.022690][ T7227] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 100.025906][ T1135] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.027873][ T7227] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 100.029984][ T1135] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.035581][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.037436][ T7227] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 100.039330][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.043528][ T7227] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 100.049554][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 100.049572][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 100.049663][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 100.053724][ T7227] 50530 total pagecache pages [ 100.055553][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 100.059152][ T7227] 0 pages in swap cache [ 100.064723][ T7236] Dev loop6: unable to read RDB block 0 [ 100.066024][ T7227] Free swap = 123756kB [ 100.068827][ T7227] Total swap = 124996kB [ 100.074308][ T7227] 524155 pages RAM [ 100.075540][ T7236] loop6: unable to read partition table [ 100.076003][ T7227] 0 pages HighMem/MovableOnly [ 100.077599][ T7236] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 100.079399][ T7227] 206675 pages reserved [ 100.084846][ T7240] ldm_validate_partition_table(): Disk read failed. [ 100.085708][ T7227] 0 pages cma reserved [ 100.087138][ T7240] Dev loop6: unable to read RDB block 0 [ 100.092211][ T7240] loop6: unable to read partition table [ 100.093948][ T7240] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 100.198182][ T7150] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.228405][ T7150] veth0_vlan: entered promiscuous mode [ 100.234243][ T7150] veth1_vlan: entered promiscuous mode [ 100.256565][ T7150] veth0_macvtap: entered promiscuous mode [ 100.261365][ T7150] veth1_macvtap: entered promiscuous mode [ 100.270738][ T7150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 100.274141][ T7150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.277967][ T7150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 100.282497][ T7150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.286350][ T7150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 100.290515][ T7150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.294431][ T7150] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.302014][ T7150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 100.306315][ T7150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.310564][ T7150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 100.314312][ T7150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.318135][ T7150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 100.322556][ T7150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.326383][ T7150] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.335709][ T7150] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.339201][ T7150] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.343629][ T7150] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.347326][ T7150] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.383282][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.386252][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.405735][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.419879][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.653639][ T7271] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 101.656402][ T7271] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 101.690133][ T7271] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 101.700928][ T7271] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 101.703598][ T7271] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 101.709548][ T7271] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 101.720038][ T7271] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 101.722411][ T7271] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 101.725743][ T7271] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 102.033552][ T5949] Bluetooth: hci2: unexpected event for opcode 0x202a [ 102.073840][ T7282] FAULT_INJECTION: forcing a failure. [ 102.073840][ T7282] name failslab, interval 1, probability 0, space 0, times 0 [ 102.078929][ T7282] CPU: 2 UID: 0 PID: 7282 Comm: syz.2.324 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 [ 102.083174][ T7282] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 102.087504][ T7282] Call Trace: [ 102.088893][ T7282] [ 102.090118][ T7282] dump_stack_lvl+0x16c/0x1f0 [ 102.092072][ T7282] should_fail_ex+0x497/0x5b0 [ 102.094028][ T7282] ? fs_reclaim_acquire+0xae/0x150 [ 102.096134][ T7282] should_failslab+0xc2/0x120 [ 102.098084][ T7282] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 102.100473][ T7282] ? __alloc_skb+0x2b3/0x380 [ 102.102381][ T7282] __alloc_skb+0x2b3/0x380 [ 102.104249][ T7282] ? __pfx___alloc_skb+0x10/0x10 [ 102.106299][ T7282] alloc_skb_with_frags+0xe4/0x850 [ 102.108408][ T7282] ? is_bpf_text_address+0x94/0x1a0 [ 102.110556][ T7282] sock_alloc_send_pskb+0x7f1/0x980 [ 102.112709][ T7282] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 102.115083][ T7282] ? lock_acquire.part.0+0x11b/0x380 [ 102.117179][ T7282] __ip_append_data+0x19c7/0x4160 [ 102.119259][ T7282] ? rt_set_nexthop.constprop.0+0x323/0x12d0 [ 102.121617][ T7282] ? __pfx_lock_release+0x10/0x10 [ 102.123499][ T7282] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 102.125746][ T7282] ? ip_dst_mtu_maybe_forward.constprop.0+0x274/0x4c0 [ 102.128496][ T7282] ? __pfx___ip_append_data+0x10/0x10 [ 102.130686][ T7282] ? find_held_lock+0x2d/0x110 [ 102.132615][ T7282] ip_make_skb+0x27d/0x300 [ 102.134406][ T7282] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 102.136635][ T7282] ? __pfx_ip_make_skb+0x10/0x10 [ 102.138633][ T7282] ? __pfx_lock_release+0x10/0x10 [ 102.140519][ T7282] ? udp_sendmsg+0x185d/0x29b0 [ 102.141940][ T7282] udp_sendmsg+0x185d/0x29b0 [ 102.143322][ T7282] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 102.144945][ T7282] ? __pfx_udp_sendmsg+0x10/0x10 [ 102.146380][ T7282] ? bpf_trace_run4+0x27a/0x5a0 [ 102.147793][ T7282] ? __pfx___might_resched+0x10/0x10 [ 102.149337][ T7282] ? aa_sk_perm+0x2f5/0xb20 [ 102.150664][ T7282] ? __import_iovec+0x1f2/0x6d0 [ 102.152124][ T7282] ? __pfx_udp_sendmsg+0x10/0x10 [ 102.153588][ T7282] inet_sendmsg+0x105/0x140 [ 102.154955][ T7282] ____sys_sendmsg+0x907/0xb40 [ 102.156331][ T7282] ? __pfx_____sys_sendmsg+0x10/0x10 [ 102.157846][ T7282] ? get_compat_msghdr+0x11b/0x170 [ 102.159325][ T7282] ? __pfx_lock_release+0x10/0x10 [ 102.160804][ T7282] ___sys_sendmsg+0x135/0x1e0 [ 102.162169][ T7282] ? __pfx____sys_sendmsg+0x10/0x10 [ 102.163677][ T7282] ? handle_mm_fault+0x497/0xaa0 [ 102.165145][ T7282] ? __pfx___might_resched+0x10/0x10 [ 102.166667][ T7282] ? __sys_sendmmsg+0x30e/0x420 [ 102.168107][ T7282] __sys_sendmmsg+0x2fa/0x420 [ 102.169504][ T7282] ? __pfx___sys_sendmmsg+0x10/0x10 [ 102.171021][ T7282] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 102.172783][ T7282] ? fput+0x67/0x440 [ 102.173925][ T7282] ? ksys_write+0x1ba/0x250 [ 102.175263][ T7282] ? __pfx_ksys_write+0x10/0x10 [ 102.176690][ T7282] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 102.178313][ T7282] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 102.180224][ T7282] __do_fast_syscall_32+0x73/0x120 [ 102.181712][ T7282] do_fast_syscall_32+0x32/0x80 [ 102.183132][ T7282] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 102.184979][ T7282] RIP: 0023:0xf7f67579 [ 102.186185][ T7282] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 102.191682][ T7282] RSP: 002b:00000000f509555c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 102.194111][ T7282] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 0000000020007fc0 [ 102.196409][ T7282] RDX: 000000000800001d RSI: 0000000000000000 RDI: 0000000000000000 [ 102.198672][ T7282] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 102.200957][ T7282] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 102.203242][ T7282] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 102.205516][ T7282] [ 103.162208][ T7298] FAULT_INJECTION: forcing a failure. [ 103.162208][ T7298] name failslab, interval 1, probability 0, space 0, times 0 [ 103.165889][ T7298] CPU: 3 UID: 0 PID: 7298 Comm: syz.1.330 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 [ 103.169324][ T7298] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 103.172482][ T7298] Call Trace: [ 103.173484][ T7298] [ 103.174382][ T7298] dump_stack_lvl+0x16c/0x1f0 [ 103.175838][ T7298] should_fail_ex+0x497/0x5b0 [ 103.177342][ T7298] ? fs_reclaim_acquire+0xae/0x150 [ 103.178858][ T7298] should_failslab+0xc2/0x120 [ 103.180299][ T7298] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 103.181898][ T7298] ? __lock_acquire+0x15a9/0x3c40 [ 103.183398][ T7298] ? __kernfs_new_node+0xd3/0x890 [ 103.184963][ T7298] __kernfs_new_node+0xd3/0x890 [ 103.186591][ T7298] ? __pfx___kernfs_new_node+0x10/0x10 [ 103.188343][ T7298] ? __pfx___lock_acquire+0x10/0x10 [ 103.189850][ T7298] kernfs_new_node+0x186/0x240 [ 103.191272][ T7298] ? find_held_lock+0x2d/0x110 [ 103.192741][ T7298] __kernfs_create_file+0x53/0x350 [ 103.194264][ T7298] sysfs_add_file_mode_ns+0x1ff/0x3b0 [ 103.195910][ T7298] internal_create_group+0x56c/0xf10 [ 103.197549][ T7298] ? __pfx_internal_create_group+0x10/0x10 [ 103.199285][ T7298] ? kernfs_create_link+0x1bd/0x240 [ 103.200831][ T7298] internal_create_groups+0x9d/0x150 [ 103.202376][ T7298] device_add+0x6d3/0x1a70 [ 103.203749][ T7298] ? __pfx_device_add+0x10/0x10 [ 103.205213][ T7298] ? kfree+0x274/0x4b0 [ 103.206602][ T7298] ? kstrdup+0x8b/0xb0 [ 103.207820][ T7298] device_create_groups_vargs+0x1f8/0x270 [ 103.209569][ T7298] device_create+0xe9/0x130 [ 103.211105][ T7298] ? __pfx_device_create+0x10/0x10 [ 103.212658][ T7298] ? __pfx_vsnprintf+0x10/0x10 [ 103.214074][ T7298] ? __pfx___debug_object_init+0x10/0x10 [ 103.215865][ T7298] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 103.217868][ T7298] bdi_register_va+0x116/0x820 [ 103.219269][ T7298] ? __pfx_bdi_register_va+0x10/0x10 [ 103.220828][ T7298] ? do_init_timer+0xc9/0x110 [ 103.222203][ T7298] super_setup_bdi_name+0x100/0x250 [ 103.222461][ T7299] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 103.223754][ T7298] ? __pfx_super_setup_bdi_name+0x10/0x10 [ 103.226670][ T7299] overlayfs: missing 'lowerdir' [ 103.228260][ T7298] ? __init_swait_queue_head+0xca/0x150 [ 103.228280][ T7298] ? shrinker_register+0x1a8/0x260 [ 103.232767][ T7298] ? sget+0x4e2/0x6c0 [ 103.233933][ T7298] v9fs_mount+0x308/0xa30 [ 103.235662][ T7298] ? __pfx_v9fs_mount+0x10/0x10 [ 103.237517][ T7298] ? __pfx_v9fs_mount+0x10/0x10 [ 103.239412][ T7298] legacy_get_tree+0x109/0x220 [ 103.241287][ T7298] vfs_get_tree+0x8f/0x380 [ 103.242757][ T7298] path_mount+0x6e1/0x1f10 [ 103.244059][ T7298] ? kmem_cache_free+0x152/0x4c0 [ 103.245431][ T7298] ? __pfx_path_mount+0x10/0x10 [ 103.246838][ T7298] ? putname+0x13c/0x180 [ 103.248478][ T7298] __ia32_sys_mount+0x292/0x310 [ 103.250271][ T7296] netlink: 'syz.0.329': attribute type 9 has an invalid length. [ 103.250468][ T7298] ? __pfx___ia32_sys_mount+0x10/0x10 [ 103.252873][ T7296] netlink: 8 bytes leftover after parsing attributes in process `syz.0.329'. [ 103.254953][ T7298] __do_fast_syscall_32+0x73/0x120 [ 103.259706][ T7298] do_fast_syscall_32+0x32/0x80 [ 103.261617][ T7298] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 103.264162][ T7298] RIP: 0023:0xf7fc5579 [ 103.265801][ T7298] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 103.273500][ T7298] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 103.276827][ T7298] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000040 [ 103.279211][ T7298] RDX: 0000000020000b80 RSI: 0000000000000000 RDI: 0000000020000580 [ 103.281776][ T7298] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 103.284910][ T7298] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 103.288033][ T7298] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 103.291282][ T7298] [ 103.292724][ C3] vkms_vblank_simulate: vblank timer overrun [ 103.388781][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.709895][ T5949] Bluetooth: hci0: command 0x0c1a tx timeout [ 103.790199][ T5949] Bluetooth: hci3: command 0x0c1a tx timeout [ 104.087204][ T7310] FAULT_INJECTION: forcing a failure. [ 104.087204][ T7310] name failslab, interval 1, probability 0, space 0, times 0 [ 104.092525][ T7310] CPU: 0 UID: 0 PID: 7310 Comm: syz.0.332 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 [ 104.096760][ T7310] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 104.101060][ T7310] Call Trace: [ 104.102420][ T7310] [ 104.103648][ T7310] dump_stack_lvl+0x16c/0x1f0 [ 104.105551][ T7310] should_fail_ex+0x497/0x5b0 [ 104.107465][ T7310] ? fs_reclaim_acquire+0xae/0x150 [ 104.109520][ T7310] should_failslab+0xc2/0x120 [ 104.111394][ T7310] kmem_cache_alloc_lru_noprof+0x73/0x3b0 [ 104.113642][ T7310] ? shmem_alloc_inode+0x25/0x50 [ 104.115625][ T7310] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 104.117774][ T7310] shmem_alloc_inode+0x25/0x50 [ 104.119671][ T7310] alloc_inode+0x5d/0x230 [ 104.121569][ T7310] new_inode+0x22/0x210 [ 104.123270][ T7310] shmem_get_inode+0x194/0xf00 [ 104.125228][ T7310] shmem_mknod+0x1a8/0x450 [ 104.126979][ T7310] ? __pfx_shmem_create+0x10/0x10 [ 104.128982][ T7310] lookup_open.isra.0+0x1174/0x14c0 [ 104.131051][ T7310] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 104.133224][ T7310] ? can_split_folio+0x3e0/0x4f0 [ 104.135195][ T7310] ? lock_acquire+0x2f/0xb0 [ 104.137016][ T7310] ? path_openat+0x153e/0x2d60 [ 104.138913][ T7310] ? can_split_folio+0x3e0/0x4f0 [ 104.140847][ T7310] ? __pfx_down_write+0x10/0x10 [ 104.142800][ T7310] ? mnt_get_write_access+0x20c/0x300 [ 104.145000][ T7310] path_openat+0x904/0x2d60 [ 104.146807][ T7310] ? __pfx_path_openat+0x10/0x10 [ 104.148758][ T7310] ? __pfx___lock_acquire+0x10/0x10 [ 104.150780][ T7310] ? lock_acquire.part.0+0x11b/0x380 [ 104.152840][ T7310] ? find_held_lock+0x2d/0x110 [ 104.154642][ T7310] do_filp_open+0x20c/0x470 [ 104.156487][ T7310] ? __pfx_do_filp_open+0x10/0x10 [ 104.158554][ T7310] ? find_held_lock+0x2d/0x110 [ 104.160394][ T7310] ? alloc_fd+0x41f/0x760 [ 104.161983][ T7310] do_sys_openat2+0x17a/0x1e0 [ 104.163786][ T7310] ? __pfx_do_sys_openat2+0x10/0x10 [ 104.165863][ T7310] ? __fget_files+0x206/0x3a0 [ 104.167733][ T7310] __ia32_compat_sys_openat+0x16e/0x210 [ 104.169977][ T7310] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 104.172371][ T7310] ? ksys_write+0x1ba/0x250 [ 104.174166][ T7310] __do_fast_syscall_32+0x73/0x120 [ 104.176201][ T7310] do_fast_syscall_32+0x32/0x80 [ 104.178112][ T7310] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 104.180588][ T7310] RIP: 0023:0xf7f42579 [ 104.182214][ T7310] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 104.189722][ T7310] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000127 [ 104.193007][ T7310] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000020000240 [ 104.196272][ T7310] RDX: 000000000000275a RSI: 0000000000000000 RDI: 0000000000000000 [ 104.199486][ T7310] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 104.202481][ T7310] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 104.205395][ T7310] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 104.208293][ T7310] [ 104.245278][ T5946] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 104.248540][ T5946] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 104.251899][ T5946] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 104.254510][ T5946] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 104.256814][ T5946] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 104.258946][ T5946] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 104.359333][ T7317] chnl_net:caif_netlink_parms(): no params data found [ 104.420353][ T7317] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.423186][ T7317] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.426181][ T7317] bridge_slave_0: entered allmulticast mode [ 104.428372][ T7317] bridge_slave_0: entered promiscuous mode [ 104.432037][ T7317] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.434144][ T7317] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.436302][ T7317] bridge_slave_1: entered allmulticast mode [ 104.438416][ T7317] bridge_slave_1: entered promiscuous mode [ 104.462182][ T7317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.466801][ T7317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.482057][ T7336] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 104.484682][ T7336] overlayfs: missing 'lowerdir' [ 104.515310][ T5949] Bluetooth: hci0: unexpected event for opcode 0x202a [ 104.528571][ T7317] team0: Port device team_slave_0 added [ 104.538595][ T7317] team0: Port device team_slave_1 added [ 104.584851][ T7317] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.586987][ T7317] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.595090][ T7317] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.602652][ T7317] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.604646][ T7317] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.612005][ T7317] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.656034][ T7317] hsr_slave_0: entered promiscuous mode [ 104.658843][ T7317] hsr_slave_1: entered promiscuous mode [ 104.987387][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.993568][ T7338] netlink: 48 bytes leftover after parsing attributes in process `syz.1.340'. [ 104.997276][ T7338] netlink: 4 bytes leftover after parsing attributes in process `syz.1.340'. [ 105.044035][ T7340] loop6: detected capacity change from 0 to 524287999 [ 105.047585][ C0] blk_print_req_error: 24 callbacks suppressed [ 105.047594][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 105.052186][ C0] buffer_io_error: 24 callbacks suppressed [ 105.052193][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 105.056421][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 105.059181][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 105.061698][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 105.064442][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 105.067112][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 105.069854][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 105.072642][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 105.076071][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 105.080068][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 105.082918][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 105.085443][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 105.088848][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 105.092271][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 105.094981][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 105.097334][ T7340] ldm_validate_partition_table(): Disk read failed. [ 105.100206][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 105.102871][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.103678][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 105.110348][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 105.113118][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 105.115971][ T7340] Dev loop6: unable to read RDB block 0 [ 105.119245][ T7340] loop6: unable to read partition table [ 105.121187][ T7340] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 105.225070][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.276423][ T39] audit: type=1326 audit(1735236892.469:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7347 comm="syz.2.345" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67579 code=0x7ffc0000 [ 105.299578][ T7349] tty tty24: ldisc open failed (-12), clearing slot 23 [ 105.354988][ T11] bridge_slave_1: left allmulticast mode [ 105.357890][ T11] bridge_slave_1: left promiscuous mode [ 105.360334][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.364402][ T11] bridge_slave_0: left allmulticast mode [ 105.366671][ T11] bridge_slave_0: left promiscuous mode [ 105.368419][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.709275][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 105.715893][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 105.721526][ T11] bond0 (unregistering): Released all slaves [ 105.841973][ T7370] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 105.845366][ T7370] overlayfs: missing 'lowerdir' [ 105.882778][ T5949] Bluetooth: hci3: command 0x0c1a tx timeout [ 106.202999][ T7317] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 106.207249][ T7317] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 106.216978][ T7317] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 106.224483][ T7317] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 106.243768][ T11] hsr_slave_0: left promiscuous mode [ 106.245788][ T11] hsr_slave_1: left promiscuous mode [ 106.248590][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 106.251414][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 106.255093][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 106.257266][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 106.288774][ T11] veth1_macvtap: left promiscuous mode [ 106.290559][ T11] veth0_macvtap: left promiscuous mode [ 106.292197][ T11] veth1_vlan: left promiscuous mode [ 106.293737][ T11] veth0_vlan: left promiscuous mode [ 106.352090][ T7400] netlink: 8 bytes leftover after parsing attributes in process `syz.0.349'. [ 106.356247][ T7400] netlink: 4 bytes leftover after parsing attributes in process `syz.0.349'. [ 106.361064][ T5949] Bluetooth: hci1: command tx timeout [ 107.281453][ T11] team0 (unregistering): Port device team_slave_1 removed [ 107.382195][ T11] team0 (unregistering): Port device team_slave_0 removed [ 107.908994][ T7415] bridge0: port 1(vlan2) entered blocking state [ 107.911102][ T7415] bridge0: port 1(vlan2) entered disabled state [ 107.913010][ T7415] vlan2: entered allmulticast mode [ 107.914996][ T7415] vlan2: left allmulticast mode [ 107.949988][ T5949] Bluetooth: hci3: command 0x0c1a tx timeout [ 107.973709][ T7317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.988190][ T7317] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.993191][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.996060][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.007119][ T99] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.010003][ T99] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.036784][ T7317] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 108.041465][ T7317] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 108.134247][ T7317] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.154342][ T7317] veth0_vlan: entered promiscuous mode [ 108.159319][ T7317] veth1_vlan: entered promiscuous mode [ 108.170521][ T7317] veth0_macvtap: entered promiscuous mode [ 108.175752][ T7317] veth1_macvtap: entered promiscuous mode [ 108.195714][ T7317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 108.199675][ T7317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.203811][ T7317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 108.206776][ T7317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.210635][ T7317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 108.214624][ T7317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.219455][ T7317] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.224238][ T7317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 108.227296][ T7317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.230923][ T7317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 108.234138][ T7317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.237102][ T7317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 108.240787][ T7317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.246898][ T7317] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.279462][ T7317] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.283864][ T7317] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.299005][ T7317] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.324899][ T7317] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.439934][ T5949] Bluetooth: hci1: command tx timeout [ 108.509128][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.511911][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.526245][ T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.529294][ T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.216567][ T7441] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 109.219509][ T7441] overlayfs: missing 'lowerdir' [ 109.477456][ T7445] netlink: 'syz.1.362': attribute type 10 has an invalid length. [ 109.484046][ T7445] bond0: (slave netdevsim0): Releasing backup interface [ 109.489877][ T7445] team0: Port device netdevsim0 added [ 109.498408][ T7445] netlink: 'syz.1.362': attribute type 10 has an invalid length. [ 109.504869][ T7445] team0: Port device netdevsim0 removed [ 109.509082][ T7445] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 110.045829][ T7455] netlink: 48 bytes leftover after parsing attributes in process `syz.0.365'. [ 111.184059][ T7470] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 111.444037][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.162942][ T7482] netdevsim netdevsim2 netdevsim2: entered allmulticast mode [ 112.320526][ T7489] netlink: 48 bytes leftover after parsing attributes in process `syz.1.374'. [ 112.342270][ T5946] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 112.345589][ T5946] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 112.348087][ T5946] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 112.350796][ T5946] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 112.353242][ T5946] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 112.355361][ T5946] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 112.451096][ T7490] chnl_net:caif_netlink_parms(): no params data found [ 112.554748][ T7490] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.559163][ T7490] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.561626][ T7490] bridge_slave_0: entered allmulticast mode [ 112.563948][ T7490] bridge_slave_0: entered promiscuous mode [ 112.567562][ T7490] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.569727][ T7490] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.572394][ T7490] bridge_slave_1: entered allmulticast mode [ 112.574737][ T7490] bridge_slave_1: entered promiscuous mode [ 112.603736][ T7490] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 112.608308][ T7490] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 112.637641][ T7490] team0: Port device team_slave_0 added [ 112.664669][ T7490] team0: Port device team_slave_1 added [ 112.709430][ T7490] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.712270][ T7490] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.722245][ T7490] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.727786][ T7490] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 112.730551][ T7490] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.740172][ T7490] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 112.796074][ T7490] hsr_slave_0: entered promiscuous mode [ 112.800709][ T7490] hsr_slave_1: entered promiscuous mode [ 112.805722][ T7490] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 112.809912][ T7490] Cannot create hsr debugfs directory [ 113.113547][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.171696][ T7517] netlink: 'syz.1.379': attribute type 10 has an invalid length. [ 113.185413][ T7517] bond0: (slave netdevsim0): Releasing backup interface [ 113.192991][ T7517] team0: Port device netdevsim0 added [ 113.205303][ T7517] netlink: 'syz.1.379': attribute type 10 has an invalid length. [ 113.217288][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.230590][ T7517] team0: Port device netdevsim0 removed [ 113.238777][ T7517] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 113.355348][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.514964][ T11] bridge_slave_1: left allmulticast mode [ 113.517366][ T11] bridge_slave_1: left promiscuous mode [ 113.519344][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.525196][ T11] bridge_slave_0: left allmulticast mode [ 113.527044][ T11] bridge_slave_0: left promiscuous mode [ 113.528733][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.881248][ T7525] fuse: Bad value for 'group_id' [ 113.883740][ T7525] fuse: Bad value for 'group_id' [ 113.971182][ T7527] loop6: detected capacity change from 0 to 524287999 [ 113.973493][ C3] blk_print_req_error: 7 callbacks suppressed [ 113.973502][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 113.978058][ C3] buffer_io_error: 7 callbacks suppressed [ 113.978070][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 113.982972][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 113.985663][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 113.988130][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 113.991607][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 113.994939][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 113.998480][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 114.001403][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 114.003998][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 114.006437][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 114.009185][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 114.014250][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 114.017087][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 114.020169][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 114.022954][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 114.025730][ T7527] ldm_validate_partition_table(): Disk read failed. [ 114.027855][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 114.030744][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 114.033829][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 114.036627][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 114.041098][ T7527] Dev loop6: unable to read RDB block 0 [ 114.043159][ T7527] loop6: unable to read partition table [ 114.045015][ T7527] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 114.103493][ T7529] ldm_validate_partition_table(): Disk read failed. [ 114.106221][ T7529] Dev loop6: unable to read RDB block 0 [ 114.108195][ T7529] loop6: unable to read partition table [ 114.110590][ T7529] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 114.204587][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 114.213745][ T35] hid-generic 0001:0000:0002.0004: unknown main item tag 0x0 [ 114.215971][ T35] hid-generic 0001:0000:0002.0004: unknown main item tag 0x0 [ 114.218094][ T35] hid-generic 0001:0000:0002.0004: unknown main item tag 0x0 [ 114.228582][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 114.228880][ T35] hid-generic 0001:0000:0002.0004: unknown main item tag 0x0 [ 114.238255][ T11] bond0 (unregistering): Released all slaves [ 114.260004][ T35] hid-generic 0001:0000:0002.0004: unknown main item tag 0x0 [ 114.263486][ T35] hid-generic 0001:0000:0002.0004: unknown main item tag 0x0 [ 114.266801][ T35] hid-generic 0001:0000:0002.0004: unknown main item tag 0x0 [ 114.269653][ T35] hid-generic 0001:0000:0002.0004: unknown main item tag 0x0 [ 114.273359][ T35] hid-generic 0001:0000:0002.0004: unknown main item tag 0x0 [ 114.282890][ T35] hid-generic 0001:0000:0002.0004: unknown main item tag 0x0 [ 114.290014][ T35] hid-generic 0001:0000:0002.0004: unknown main item tag 0x0 [ 114.294724][ T35] hid-generic 0001:0000:0002.0004: unknown main item tag 0x0 [ 114.303136][ T35] hid-generic 0001:0000:0002.0004: unknown main item tag 0x0 [ 114.310060][ T35] hid-generic 0001:0000:0002.0004: unknown main item tag 0x0 [ 114.320084][ T35] hid-generic 0001:0000:0002.0004: unknown main item tag 0x0 [ 114.327423][ T7520] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 114.334181][ T35] hid-generic 0001:0000:0002.0004: unknown main item tag 0x0 [ 114.346646][ T35] hid-generic 0001:0000:0002.0004: unknown main item tag 0x0 [ 114.356952][ T35] hid-generic 0001:0000:0002.0004: unknown main item tag 0x0 [ 114.369836][ T35] hid-generic 0001:0000:0002.0004: unknown main item tag 0x0 [ 114.372788][ T35] hid-generic 0001:0000:0002.0004: unknown main item tag 0x0 [ 114.383174][ T35] hid-generic 0001:0000:0002.0004: unknown main item tag 0x0 [ 114.432115][ T35] hid-generic 0001:0000:0002.0004: hidraw1: HID v2.00 Device [syz0] on syz0 [ 114.443308][ T5949] Bluetooth: hci1: command tx timeout [ 114.851757][ T11] hsr_slave_0: left promiscuous mode [ 114.854652][ T11] hsr_slave_1: left promiscuous mode [ 114.856751][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 114.858946][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 114.862625][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 114.864822][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 114.885139][ T11] veth1_macvtap: left promiscuous mode [ 114.886787][ T11] veth0_macvtap: left promiscuous mode [ 114.888407][ T11] veth1_vlan: left promiscuous mode [ 114.890269][ T11] veth0_vlan: left promiscuous mode [ 115.459107][ T11] team0 (unregistering): Port device team_slave_1 removed [ 115.538398][ T11] team0 (unregistering): Port device team_slave_0 removed [ 115.780048][ T56] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 115.799136][ T7559] netlink: 48 bytes leftover after parsing attributes in process `syz.2.388'. [ 115.941188][ T56] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 115.944669][ T56] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 115.947755][ T56] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 115.952812][ T56] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 115.955397][ T56] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.958715][ T56] usb 5-1: config 0 descriptor?? [ 116.002241][ T7561] loop6: detected capacity change from 0 to 524287999 [ 116.005421][ T7561] ldm_validate_partition_table(): Disk read failed. [ 116.007699][ T7561] Dev loop6: unable to read RDB block 0 [ 116.010271][ T7561] loop6: unable to read partition table [ 116.012032][ T7561] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 116.081202][ T7561] ldm_validate_partition_table(): Disk read failed. [ 116.083477][ T7561] Dev loop6: unable to read RDB block 0 [ 116.085635][ T7561] loop6: unable to read partition table [ 116.087548][ T7561] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 116.167389][ T7490] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 116.170676][ T7490] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 116.174023][ T7490] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 116.178199][ T7490] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 116.222087][ T7490] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.236778][ T7490] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.242592][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.244648][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.250082][ T1135] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.252146][ T1135] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.349442][ T7490] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.366734][ T7490] veth0_vlan: entered promiscuous mode [ 116.370840][ T7490] veth1_vlan: entered promiscuous mode [ 116.373284][ T56] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving [ 116.386560][ T7490] veth0_macvtap: entered promiscuous mode [ 116.391357][ T7490] veth1_macvtap: entered promiscuous mode [ 116.392538][ T56] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 116.401967][ T7490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 116.405083][ T7490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.407917][ T7490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 116.412237][ T7490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.415147][ T7490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 116.418179][ T7490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.421592][ T7490] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 116.426391][ T7490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 116.430704][ T7490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.434064][ T7490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 116.437278][ T7490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.440457][ T7490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 116.443496][ T7490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.446904][ T7490] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 116.451994][ T7490] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.455364][ T7490] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.458788][ T7490] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.462443][ T7490] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.509864][ T5949] Bluetooth: hci1: command 0x041b tx timeout [ 116.518958][ T1135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.521479][ T1135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.532511][ T1135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.535720][ T1135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.646671][ T6077] usb 5-1: USB disconnect, device number 4 [ 116.834804][ T5357] ldm_validate_partition_table(): Disk read failed. [ 116.837068][ T5357] Dev loop6: unable to read RDB block 0 [ 116.839221][ T5357] loop6: unable to read partition table [ 116.925481][ T7575] bridge0: port 1(vlan2) entered blocking state [ 116.928272][ T7575] bridge0: port 1(vlan2) entered disabled state [ 116.931329][ T7575] vlan2: entered allmulticast mode [ 116.934696][ T7575] vlan2: left allmulticast mode [ 117.158057][ T7582] netlink: 48 bytes leftover after parsing attributes in process `syz.2.394'. [ 117.243009][ T7585] ======================================================= [ 117.243009][ T7585] WARNING: The mand mount option has been deprecated and [ 117.243009][ T7585] and is ignored by this kernel. Remove the mand [ 117.243009][ T7585] option from the mount to silence this warning. [ 117.243009][ T7585] ======================================================= [ 117.254920][ T7585] overlayfs: failed to resolve './bus/file0': -2 [ 117.260065][ T7585] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.396' sets config #0 [ 118.256314][ T7607] FAULT_INJECTION: forcing a failure. [ 118.256314][ T7607] name failslab, interval 1, probability 0, space 0, times 0 [ 118.259590][ T7607] CPU: 0 UID: 0 PID: 7607 Comm: syz.0.403 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 [ 118.262244][ T7607] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 118.265001][ T7607] Call Trace: [ 118.265891][ T7607] [ 118.266660][ T7607] dump_stack_lvl+0x16c/0x1f0 [ 118.267928][ T7607] should_fail_ex+0x497/0x5b0 [ 118.269153][ T7607] ? fs_reclaim_acquire+0xae/0x150 [ 118.270492][ T7607] should_failslab+0xc2/0x120 [ 118.271782][ T7607] __kmalloc_cache_noprof+0x68/0x420 [ 118.273222][ T7607] ? kasan_quarantine_put+0x10a/0x240 [ 118.274644][ T7607] p9_client_stat+0x98/0x250 [ 118.275899][ T7607] ? __pfx_p9_client_stat+0x10/0x10 [ 118.277258][ T7607] v9fs_inode_from_fid+0x77/0x550 [ 118.278565][ T7607] ? __pfx_v9fs_inode_from_fid+0x10/0x10 [ 118.280042][ T7607] ? v9fs_fid_lookup+0xe9/0xec0 [ 118.281324][ T7607] v9fs_vfs_lookup+0x482/0x5c0 [ 118.282569][ T7607] ? __pfx_v9fs_vfs_lookup+0x10/0x10 [ 118.283974][ T7607] ? lock_acquire+0x2f/0xb0 [ 118.285158][ T7607] ? do_raw_spin_unlock+0x172/0x230 [ 118.286514][ T7607] ? _raw_spin_unlock+0x28/0x50 [ 118.287771][ T7607] lookup_one_qstr_excl+0x11d/0x190 [ 118.289131][ T7607] ? mnt_want_write+0x161/0x450 [ 118.290392][ T7607] filename_create+0x1ed/0x530 [ 118.291634][ T7607] ? __pfx_filename_create+0x10/0x10 [ 118.293047][ T7607] ? __phys_addr_symbol+0x30/0x80 [ 118.294353][ T7607] ? __check_object_size+0x488/0x710 [ 118.295734][ T7607] do_mkdirat+0xab/0x3a0 [ 118.296849][ T7607] ? __pfx_do_mkdirat+0x10/0x10 [ 118.298118][ T7607] ? getname_flags.part.0+0x1c5/0x550 [ 118.299549][ T7607] __ia32_sys_mkdirat+0x82/0xb0 [ 118.300824][ T7607] __do_fast_syscall_32+0x73/0x120 [ 118.302151][ T7607] do_fast_syscall_32+0x32/0x80 [ 118.303445][ T7607] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 118.305103][ T7607] RIP: 0023:0xf7f42579 [ 118.306170][ T7607] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 118.311147][ T7607] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000128 [ 118.313332][ T7607] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000020000340 [ 118.315414][ T7607] RDX: 0000000000000140 RSI: 0000000000000000 RDI: 0000000000000000 [ 118.317462][ T7607] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 118.319510][ T7607] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 118.321568][ T7607] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 118.323548][ T7607] [ 118.324482][ C0] vkms_vblank_simulate: vblank timer overrun [ 118.484714][ T7609] FAULT_INJECTION: forcing a failure. [ 118.484714][ T7609] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 118.488415][ T7609] CPU: 0 UID: 0 PID: 7609 Comm: syz.0.404 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 [ 118.491295][ T7609] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 118.494285][ T7609] Call Trace: [ 118.495214][ T7609] [ 118.496159][ T7609] dump_stack_lvl+0x16c/0x1f0 [ 118.497613][ T7609] should_fail_ex+0x497/0x5b0 [ 118.498832][ T7609] _copy_from_user+0x2e/0xd0 [ 118.500061][ T7609] copy_from_buffer+0x86/0xb0 [ 118.501376][ T7609] copy_uabi_to_xstate+0x26e/0x670 [ 118.502732][ T7609] ? __pfx_copy_uabi_to_xstate+0x10/0x10 [ 118.504186][ T7609] ? __pfx_lock_release+0x10/0x10 [ 118.505511][ T7609] ? trace_lock_acquire+0x14e/0x1f0 [ 118.506883][ T7609] ? __local_bh_enable_ip+0xa4/0x120 [ 118.508282][ T7609] __fpu_restore_sig+0x1062/0x1430 [ 118.509637][ T7609] ? __pfx___fpu_restore_sig+0x10/0x10 [ 118.511165][ T7609] ? lock_acquire+0x2f/0xb0 [ 118.512411][ T7609] ? __might_fault+0xe3/0x190 [ 118.513662][ T7609] fpu__restore_sig+0x113/0x190 [ 118.514939][ T7609] ia32_restore_sigcontext+0x40f/0x5d0 [ 118.516454][ T7609] ? __pfx_ia32_restore_sigcontext+0x10/0x10 [ 118.518075][ T7609] ? __pfx_lock_release+0x10/0x10 [ 118.519360][ T7609] ? _raw_spin_unlock_irq+0x23/0x50 [ 118.520986][ T7609] ? lockdep_hardirqs_on+0x7c/0x110 [ 118.522550][ T7609] __do_compat_sys_rt_sigreturn+0x121/0x1f0 [ 118.524551][ T7609] ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10 [ 118.526550][ T7609] do_int80_emulation+0x104/0x200 [ 118.528145][ T7609] asm_int80_emulation+0x1a/0x20 [ 118.529619][ T7609] RIP: 0023:0xf7f42577 [ 118.530833][ T7609] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 [ 118.536367][ T7609] RSP: 002b:00000000f509655c EFLAGS: 00000296 [ 118.538123][ T7609] RAX: 0000000000000091 RBX: 0000000000000003 RCX: 0000000020000180 [ 118.540400][ T7609] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 118.542728][ T7609] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 118.544964][ T7609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 118.547226][ T7609] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 118.549507][ T7609] [ 118.550482][ C0] vkms_vblank_simulate: vblank timer overrun [ 118.807751][ T7613] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 118.810385][ T7613] overlayfs: missing 'lowerdir' [ 119.094738][ T7617] [ 119.095461][ T7617] ============================= [ 119.096849][ T7617] [ BUG: Invalid wait context ] [ 119.098202][ T7617] 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 Not tainted [ 119.100402][ T7617] ----------------------------- [ 119.102793][ T7617] syz.2.407/7617 is trying to lock: [ 119.104970][ T7617] ffff8880229e2518 (&sighand->siglock){-.-.}-{3:3}, at: __lock_task_sighand+0xc2/0x340 [ 119.108419][ T7617] other info that might help us debug this: [ 119.110719][ T7617] context-{5:5} [ 119.112095][ T7617] 4 locks held by syz.2.407/7617: [ 119.113803][ T7617] #0: ffff88805d1180a8 (&ctx->uring_lock){+.+.}-{4:4}, at: __do_sys_io_uring_enter+0xd38/0x1620 [ 119.116749][ T7617] #1: ffff8880658d98c0 (&acct->lock){+.+.}-{2:2}, at: io_wq_enqueue+0x20a/0xb30 [ 119.119317][ T7617] #2: ffffffff8ddbad40 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run2+0x1c2/0x590 [ 119.122474][ T7617] #3: ffffffff8ddbad40 (rcu_read_lock){....}-{1:3}, at: __lock_task_sighand+0x3f/0x340 [ 119.126186][ T7617] stack backtrace: [ 119.127275][ T7617] CPU: 0 UID: 0 PID: 7617 Comm: syz.2.407 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 [ 119.130213][ T7617] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 119.133267][ T7617] Call Trace: [ 119.134212][ T7617] [ 119.135067][ T7617] dump_stack_lvl+0x116/0x1f0 [ 119.136416][ T7617] __lock_acquire+0x878/0x3c40 [ 119.137781][ T7617] ? __pfx___lock_acquire+0x10/0x10 [ 119.139210][ T7617] ? __pfx___lock_acquire+0x10/0x10 [ 119.140707][ T7617] lock_acquire.part.0+0x11b/0x380 [ 119.142037][ T7617] ? __lock_task_sighand+0xc2/0x340 [ 119.143371][ T7617] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 119.144826][ T7617] ? rcu_is_watching+0x12/0xc0 [ 119.146172][ T7617] ? trace_lock_acquire+0x14e/0x1f0 [ 119.147638][ T7617] ? trace_lock_acquire+0x14e/0x1f0 [ 119.149195][ T7617] ? __lock_task_sighand+0xc2/0x340 [ 119.151105][ T7617] ? lock_acquire+0x2f/0xb0 [ 119.152654][ T7617] ? __lock_task_sighand+0xc2/0x340 [ 119.154538][ T7617] _raw_spin_lock_irqsave+0x3a/0x60 [ 119.156461][ T7617] ? __lock_task_sighand+0xc2/0x340 [ 119.158302][ T7617] __lock_task_sighand+0xc2/0x340 [ 119.160118][ T7617] group_send_sig_info+0x290/0x300 [ 119.162181][ T7617] ? __pfx_group_send_sig_info+0x10/0x10 [ 119.164317][ T7617] ? __pfx___lock_acquire+0x10/0x10 [ 119.166437][ T7617] ? __pfx_lock_release+0x10/0x10 [ 119.168316][ T7617] ? trace_lock_acquire+0x14e/0x1f0 [ 119.170184][ T7617] bpf_send_signal_common+0x415/0x520 [ 119.171749][ T7617] ? __pfx_bpf_send_signal_common+0x10/0x10 [ 119.173916][ T7617] ? trace_lock_acquire+0x14e/0x1f0 [ 119.175890][ T7617] ? __pfx_mark_lock+0x10/0x10 [ 119.177714][ T7617] ? bpf_trace_run2+0x1c2/0x590 [ 119.179502][ T7617] bpf_send_signal+0x1d/0x30 [ 119.181260][ T7617] bpf_prog_631417f49dd64198+0x25/0x48 [ 119.183328][ T7617] bpf_trace_run2+0x231/0x590 [ 119.185015][ T7617] ? __pfx_bpf_trace_run2+0x10/0x10 [ 119.186775][ T7617] ? hlock_class+0x4e/0x130 [ 119.188074][ T7617] trace_contention_end.constprop.0+0xf0/0x170 [ 119.189792][ T7617] __pv_queued_spin_lock_slowpath+0x27e/0xc90 [ 119.191837][ T7617] ? __pfx___lock_acquire+0x10/0x10 [ 119.193462][ T7617] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 119.195288][ T7617] ? lock_acquire.part.0+0x11b/0x380 [ 119.196792][ T7617] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 119.198357][ T7617] do_raw_spin_lock+0x210/0x2c0 [ 119.199687][ T7617] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 119.201468][ T7617] ? lock_acquire+0x2f/0xb0 [ 119.202920][ T7617] ? io_wq_enqueue+0x20a/0xb30 [ 119.204271][ T7617] io_wq_enqueue+0x20a/0xb30 [ 119.205570][ T7617] ? __pfx_io_wq_enqueue+0x10/0x10 [ 119.207000][ T7617] ? __phys_addr_symbol+0x30/0x80 [ 119.208419][ T7617] ? __pfx_io_wq_work_match_item+0x10/0x10 [ 119.210034][ T7617] ? io_prep_async_work+0x3c3/0x770 [ 119.211476][ T7617] io_queue_iowq+0x28b/0x5c0 [ 119.212814][ T7617] io_queue_sqe_fallback+0xcd/0x9f0 [ 119.214303][ T7617] ? io_linkat_prep+0x2c1/0x3f0 [ 119.215718][ T7617] io_submit_sqes+0x15fe/0x25f0 [ 119.217105][ T7617] __do_sys_io_uring_enter+0xd43/0x1620 [ 119.218646][ T7617] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 119.220340][ T7617] ? __ia32_sys_futex_time32+0x1da/0x460 [ 119.222077][ T7617] ? __ia32_sys_futex_time32+0x2fd/0x460 [ 119.223632][ T7617] ? xfd_validate_state+0x5d/0x180 [ 119.225072][ T7617] ? rcu_is_watching+0x12/0xc0 [ 119.226403][ T7617] __do_fast_syscall_32+0x73/0x120 [ 119.227862][ T7617] do_fast_syscall_32+0x32/0x80 [ 119.229219][ T7617] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 119.230952][ T7617] RIP: 0023:0xf7f67579 [ 119.232006][ T7617] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 119.237342][ T7617] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa [ 119.239662][ T7617] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000003f70 [ 119.242032][ T7617] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 119.244893][ T7617] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 119.247749][ T7617] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 119.250647][ T7617] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 119.253327][ T7617] [ 119.254341][ C0] vkms_vblank_simulate: vblank timer overrun SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 119.642085][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.713293][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): left allmulticast mode [ 119.717034][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.782529][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.838228][ T12] bond0: (slave netdevsim0): Releasing backup interface [ 119.841068][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.094988][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 120.099433][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 120.103382][ T12] bond0 (unregistering): Released all slaves [ 120.359681][ T12] hsr_slave_0: left promiscuous mode [ 120.362943][ T12] hsr_slave_1: left promiscuous mode [ 120.365398][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 120.368285][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 120.371718][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 120.374643][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 120.379049][ T12] veth1_macvtap: left promiscuous mode [ 120.381143][ T12] veth0_macvtap: left promiscuous mode [ 120.382913][ T12] veth1_vlan: left promiscuous mode [ 120.384457][ T12] veth0_vlan: left promiscuous mode [ 120.593473][ T12] team0 (unregistering): Port device team_slave_1 removed [ 120.624304][ T12] team0 (unregistering): Port device team_slave_0 removed [ 121.086414][ T12] IPVS: stop unused estimator thread 0... [ 121.159453][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.223270][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.292680][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.369046][ T12] bond0: (slave netdevsim0): Releasing backup interface [ 121.371218][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): left promiscuous mode [ 121.374385][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.451815][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.512358][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.562545][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.700402][ T12] bond0: (slave netdevsim0): Releasing backup interface [ 121.703307][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.771707][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.822728][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.902681][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.962973][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.035420][ T12] bridge_slave_1: left allmulticast mode [ 122.037095][ T12] bridge_slave_1: left promiscuous mode [ 122.038737][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.042031][ T12] bridge_slave_0: left allmulticast mode [ 122.043686][ T12] bridge_slave_0: left promiscuous mode [ 122.045331][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.636133][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 122.638693][ T12] bond_slave_0: left promiscuous mode [ 122.641495][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 122.644106][ T12] bond_slave_1: left promiscuous mode [ 122.646067][ T12] bond0 (unregistering): Released all slaves [ 122.705996][ T12] bond1 (unregistering): Released all slaves [ 122.712929][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 122.716884][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 122.720904][ T12] bond0 (unregistering): Released all slaves [ 122.728057][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 122.731391][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 122.734703][ T12] bond0 (unregistering): Released all slaves [ 123.272671][ T12] hsr_slave_0: left promiscuous mode [ 123.274562][ T12] hsr_slave_1: left promiscuous mode [ 123.276405][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 123.278756][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 123.282223][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 123.284437][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 123.287982][ T12] hsr_slave_0: left promiscuous mode [ 123.289963][ T12] hsr_slave_1: left promiscuous mode [ 123.292335][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 123.295030][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 123.298575][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 123.301722][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 123.306012][ T12] hsr_slave_0: left promiscuous mode [ 123.308360][ T12] hsr_slave_1: left promiscuous mode [ 123.311578][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 123.314264][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 123.318263][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 123.321164][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 123.327318][ T12] veth1_macvtap: left promiscuous mode [ 123.330187][ T12] veth0_macvtap: left promiscuous mode [ 123.331914][ T12] veth1_vlan: left promiscuous mode [ 123.333486][ T12] veth0_vlan: left promiscuous mode [ 123.335180][ T12] veth1_macvtap: left promiscuous mode [ 123.336789][ T12] veth0_macvtap: left promiscuous mode [ 123.338521][ T12] veth1_vlan: left promiscuous mode [ 123.341289][ T12] veth0_vlan: left promiscuous mode [ 123.344158][ T12] veth1_macvtap: left promiscuous mode [ 123.346192][ T12] veth0_macvtap: left promiscuous mode [ 123.348449][ T12] veth1_vlan: left promiscuous mode [ 123.351285][ T12] veth0_vlan: left promiscuous mode [ 123.642879][ T12] team0 (unregistering): Port device team_slave_1 removed [ 123.679512][ T12] team0 (unregistering): Port device team_slave_0 removed [ 124.018444][ T12] team0 (unregistering): Port device team_slave_1 removed [ 124.055518][ T12] team0 (unregistering): Port device team_slave_0 removed [ 124.320637][ T12] team0 (unregistering): Port device team_slave_1 removed [ 124.364286][ T12] team0 (unregistering): Port device team_slave_0 removed VM DIAGNOSIS: 18:15:06 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000039 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85142d25 RDI=ffffffff9a667240 RBP=ffffffff9a667200 RSP=ffffc90004736fe0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=0000000000000039 R14=ffffffff85142cc0 R15=0000000000000000 RIP=ffffffff85142d4f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b400000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002f417ffc CR3=000000007291e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=0000000000000003 RCX=1ffffffff203a2da RDX=ffff888024244880 RSI=ffffffff81484a34 RDI=ffffffff81484a21 RBP=ffff8880658d98a8 RSP=ffffc90006b37b28 R8 =0000000000000000 R9 =0000000000000000 R10=ffffffff901ce3d7 R11=0000000000000b8f R12=0000000000000003 R13=0000000000000003 R14=ffff88802b53fc40 R15=ffffed100cb1b315 RIP=ffffffff81484a36 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000000c2a2659 CR3=000000007291e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000128954 RBX=0000000000000002 RCX=ffffffff8b1a3819 RDX=ffffed10056c6fee RSI=ffffffff8bb16f80 RDI=ffffffff81702e79 RBP=ffffed1003a51000 RSP=ffffc9000048fe08 R8 =0000000000000000 R9 =ffffed10056c6fed R10=ffff88802b637f6b R11=0000000000000001 R12=0000000000000002 R13=ffff88801d288000 R14=ffffffff901ce3d0 R15=0000000000000000 RIP=ffffffff8b1a4bff RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000568824c0 CR3=000000005002a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=0000000000000001 RCX=1ffffffff203a2da RDX=ffff888024242440 RSI=ffffffff81484a34 RDI=ffffffff81484a21 RBP=ffff88802b73fc54 RSP=ffffc90006b27b28 R8 =0000000000000000 R9 =0000000000000000 R10=ffffffff901ce3d7 R11=0000000000000b8f R12=0000000000000001 R13=0000000000000001 R14=ffff88802b73fc40 R15=0000000000100000 RIP=ffffffff81484a36 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b700000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f2109cb4 CR3=000000007291e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000018800000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000