last executing test programs: 33.142997237s ago: executing program 3 (id=4431): syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0) r1 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000201c1b100c00000000000109022d0001000060"], 0x0) syz_usb_ep_write(r1, 0x81, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) ioctl$HIDIOCGUSAGE(0xffffffffffffffff, 0xd01c4813, &(0x7f0000000100)={0x2, 0xffffffff, 0x2000, 0x2, 0x0, 0x42}) 31.612712062s ago: executing program 3 (id=4440): set_mempolicy(0x2, &(0x7f0000000140)=0x8001, 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x0) ioctl$KVM_HAS_DEVICE_ATTR_vm(r1, 0x4018aee3, &(0x7f0000000100)=@attr_other={0x0, 0xd, 0x5, 0x0}) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r2, 0x40045304, &(0x7f0000000540)={{}, 'port0\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r2, 0xc02c5341, &(0x7f0000000080)) mmap$IORING_OFF_CQ_RING(&(0x7f0000373000/0x2000)=nil, 0x2000, 0x2000000, 0x10, r1, 0x8000000) write$binfmt_script(r1, &(0x7f0000000240), 0x208e24b) 31.370919966s ago: executing program 3 (id=4442): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) close(r0) syz_emit_ethernet(0x42, &(0x7f0000002340)={@local, @random="d8be17d19221", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x24, 0x34, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x20, 0x2, 0x0, 0xe7, {[@timestamp={0x8, 0xa, 0x8, 0xaade0dc}]}}}}}}}, 0x0) 30.490675939s ago: executing program 3 (id=4444): creat(&(0x7f00000001c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000000200)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) open(&(0x7f00000000c0)='./file0\x00', 0x682, 0x32) write$FUSE_INIT(r0, &(0x7f0000002280)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0x110002, 0x10, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000007080)="f5201a6b6542be6cbad26e239346ffe3dbc7125e4eb0daba2e9ba73337e45b1a2c2828afbe1d99c856f2d7c9b91364a83e3c477d5e9569cf8787de2fd830003be5c3bbb4a246c4e13764c6e255ef511c263c70adb80380cc2b3247fb61ebddd2b945820fc646375953f1322be813b875bf64256ac7a8debe881f8352dc9fd70b9473bf07932110a5d1a94144b2ab0b4cd92458041eef085b29b5c115df0d7db2bea67006c66b64015fc980343e5ff451373afc63f2ae21d63cddeb3b0c53bbb4e0e31663f5b1b53de22517869df6114ac9047ee98a692b4f0e3e7cfc4e42368f217cc705f2bc5d10454ab30eda651c6ee29f0cc5a6ca7b384949955785844742121b5734a8cf3f3fe1d3e5c2085da26a028ba6c84d5cbce6afbe13cbb179d4c251e1d2d68e8c7d9c34eee698ceeb6e40aed55c62c45d8c7fcb2cfe95ce261238ca5c4458647ed7a001788e991e3d2ecfc77bedec164efda9e4a5d5f03043628fd8b5f906371c52e7de2e760b820dce5c3629610a48a036cd54f23ec3ef274f8da724f45c482505864c87359d4411cad79d7434c9a9d79323410b671880a344b933a47d735abd0e63308cf7f6e15790a50ccbcce072526952c763775066125af0fcde57ba3c514301aef17391c76adfc2419829a88e0d91b947d278cd03d94ce98ec639a6163eaa9755b1813685080ce588251fbd4240a7f65cdc1074503b0fe49b24996e52c6899ac90014d9a58566e841bcac357ed59f7e7274b6e94f7a526a5b420c5d6ababab7e7f8ba6ef6f3455a5aed80f4aaadb58fb38f725d524b4fd63238dc7936d62e81ef46bb7346d7f55c4fdbe7606b1053f6faf6d80612311823efe1e6522fd5bbb77c52c868362f263e56ea1447b612d681828561adefdd28fb855fd81f27e2698cc02bbcf7d653cf8dc9eea252f2b1f48c0d2ab70ece454daf9b5829d7106eb8ca8807eebd07d1bf6af6a4523577db893995778759e1be294aea8edb9226a9acbd44f98f60641f87195521491e621b10cc2032434f319e76743601a0bcc99fb3636389172a790e25260de7cb58961f9ad44d16c7604402bbca8cf82be528a64107c0dd114fd3458c0f1e97888c1c739dc678b43b202c603946cb5720a1e7331282a48afb12b461c41b6fd92b97c6960ac9f664f509b02c8267d722f372b007befada669d4cc36fb931763ffd8744b10e78cb849d40f88d190778a70f902faa4f34cae0b9e163b59b1bae96a933afecbc6a768f1d7ae20bf2771f28c1a3d333ae0b6f691d2f985e1ed6d0e1c29d7db36234b9bec18a1ee98b9ae90e4706d1c952f6059cc4d64bfc14152a88443f260d179c705df71e006a60981fefaa8a51c9c368680b830967b01b60734b9924335d7700b083bd7e87b3ad2f3d497e914368a15c5456d08861fb7513e96acb49935dc3f46fcaa297cdbdc759cb8a5a2515a482ca60440da8b7d5a8c79659d99e3892f9086b372d78622d3689267652c4dd60754cb8eb45028b0c237adff5ffaeaf78ed5a541c57feeb014a53e2a98042d5712d5f7a779b7a12bc120b8cf6df35b258fe1ad7ebdbee88d25355560fad504dce4bd878df5e43c55e765ac324dd8d65ce29c2a93f9e085bb51ff75dbbf314ed6aa3a36330fd146d28654c659f1c6c5089c3619be1c7707be835500fb15bf873ab35517b743207621346db75d16fb21624c04ceddda2d607642004f611db7414e1c593ef38c62e4d27a8b7833436609c284a46edc9b973e790aba0bf4c6bc0069ce9372c6c7b93d15740771ddf9c704338f4af870c649ecdaeab106b1242dbb74c284bfb5d87aa688d27befe1dc0d1019fde1842e89eee67e11f925672ebff47e4503e02fa989297e9461d540000b5e0ed2d957efc3b77a10181597c7fb2c94e62db50e46c46d10c1127573bae01166170467b7641d7e07dcd879f04b8dc08dcf460bef8e83aae33151a72eddf9ccac4eb95c48cb4008ba3fea542b2e3c6c4c07850cd4ca551536a20d18ed18852baaaf7339908583aae41f08f3c6f5811cd730e849dc8382e8bdf3519ab900d38a0a9822400d619b52a957b1bbe8384619e5d65588a2ca6bf068ca27fce9aa0448a60d04b3b230db3a939409ec7df45d70a944b34baaf0bf951d205667c8281e9e87468d1a2f6edf79a7d5df12a8564e56d3a952efa4c4be2b09be2c3d699b05268e8cfe998a9f37b8714c92647ada8a8129bc4084624c6f1059f834193deef961f5dbfe500c1bf781f45441984d52800d81d814a82ec4f859c7217146ac447c8462612574a1a8603148ed46bf3e195d417bbe43aa6bf83ea8fb525941ef8dd56149bd6fdcbf626609ddb699e40e83fa4792b39384eb0d1b78c97c6798537b192753caed3a5eaa4a33d54b473b43851cb282cd857ae11a4d34c6b53fc1c334f8ec42672295b88a326b65d338a70bb3d5d866ff55a9ce0345c7a890cd6dee36012c76d862802c9cbaf1abbab99dc898eb432f50474ae6c202121d19f8d0467fcb1279457accf9b777c75390756762dde795d94aaba4c1729f559adc33966fbf517fc91fae21bd8ef22e914bbe6bae774246749ad63d8d16f21c9aebc80a97be408443ae60af610dd3ad9964b2401e049b09dbb46f6126d3d534a7786bb3663719943111231d18e51ed534b1e28807c062280924e5d53a8a1316ca2b5936911a267d5b799fd7d8e5e725271d5b8eb90e3dd9ef9eb1400c68eb8f88622f548af7df4846758cfb74aeb48588d1820f504e97ae1d818feb7113175b04e7c0bae6239672c987253cdf0e9845119f3f200d40f586ab986312144c3525acb78a5784f5707217105bae651e0c000792f4e88c1a924d33fbe5474a71b1e193a8d3a6a65dc485f2a299e7d07a6cf621260dcfc5d79c9243618f57507ca025baa53b3e684667f33dfb8ab9065cc548ad5c881bceb5d937462ea850fc197f5ae8c9489815b2cff853895e987e684195a094d8460ee52ef9d8f6fa0ba01092f0cdffcc7a682ca3125058ce9ed0064d7d0a868b0419b49ded3d93f0c7e1d700288350ff4c130cf6e0b507ce6064623294536c8fc4011b9b40299bfe02144806411d5b36997db26033a5ddeecd6bf3faefd3ca0a6cb70b0561106b2dabb06cf88bb6fa283e43dcd2fa1f33063183e15450385ba6fed4436502211d3181351db793a76ae11ebde2b23f340b7522748a4602ec469b88eb7f3d1325baa536ab8096c58c6f2b4863a541f618112643e194a5873cdae4172bb3005743782d8af22dbf23ab60e7d0f4ceb3ef0c46e23e1ecee1839558bc5c146dd97aba7651dfd2401fb8aec4eda71b1b15a2570130f0f5ff489ad4355a708a6eafa9752eb5c9f7a83f43c3e3b317e7e68133573f585fc27c5cfc0d90016f5be8594e1cfac36b24570cebb5be46d3f5917441ccadc355536b8b9b455b87667edd802b77178251afdefe9a4b5f0ff7e59fa5cf9b449e18bc4bf8154f15913128a2584f7d60a3c09f467233783690df422d3d9982200eb604ec2ef50830bba6f82e8b91823808fac0b07bc0e51a671c32dea0f2f9aa2cfbbc91cdf54b719b6009ce750bab1680cac77398b2a619d550161fa70e7e8b86fb535f8797fca75708efba7f0d95da4ac235d9de68a50c998a72c0c2da90f511ea456f776c881b8416b894cd835ad13c62b035ef4d220a66c86c1c00de534690e42d064bf4fff946af98aec3f9490d6f0586e891d272a4bfb776ab84bd693af6526c4b09beab2460634d929bcc61cf75b041f067e7b503ecd6a80934e169ebb0ac926a85b53cb1d7b63eee6abcd9e250834da6e4da23b3b3d90c2f726861760ca14b78d5e895eb7fa2e8b39f724a0371412b1c94c6a42f1beeae2328e353971531bddcda730b6a0d90f7c58e3ce5953cf5a6c9e3fd657c92fe4b5b8b0b659353944afa5c69c309527d6d4039e78c675c8d2f527fbcb2b765864fed987f785221862bd7deb66e6676ddebdd19cf4cb26869f562928dc98088bb69281615fc6a2dafc466e70ff9ea1a411e1a3ba3f94ed7d429796afc9f0c95da19a4db691c36407985e5f08473dd8afd9de88b2c26b6ebd2ea35177238e18dfc36d579a80074c06f5cca60cf6d64d27eeb121c6c8e5e09aa3165c101068cb748694695e803540d947f33740d30616001448173ef57bbcb82fcb213348a2a58e2d14480b1ce1ad346729631b91f7e343e37abd8e787274ff4598acc99cc58f3578979e6e6a1926333bd8818a256b58e67c6f77145ee26f24998cab89021423e03326c175adaa8ea905122553948ece311cbcb770222e7f4f373398497c8c301480d031fc53c2a7018d91777cec253e89e28a82d15e01c12c0ccae1b56ecff35b90b19769bff4b786d4624679abe852780e9e4b9985e0564ee604027dc2a60f65d2fcf1d354e163a8465f77eb67e2a6c9fa89ea0768f9cf117fd1ea8969e592da11d34f6f9b7adb24f3261dd14199fea6da6b5d31f825b3706492b3305cbf6ef553fadfcad51a0484f09a8d2491c8a937fdd36d9e0b94fb6bdca6e80a6079739cc1d455fd735e89fe89938a7132dc0c9f181953dd9cf2d106a3f1478b46ddf35aae9bc6932227d79ac4f534967be2cbc30fa254658b61752b534257fc10bd8db219ec394b41e7fe541f9086ce19d28e13d2b3c384745fc88ed0cb5ef414e23e8782f99307c49121a733875e9fb9c8559d8ad6bab256dde2bfdee4286c1419b80acf55dd09da71116c0fa902d8e89465c313c311f272a11cd17417372dc74e01f3ba1a9afd8bcb9fad57cde63ad59a6999caaa359e6e5b4216dd3b0bc8d310e28c8a1232cefcbd5070d0537097e370433bc1017b7b1c4efa694a25b4385bccbdf79affb0b6d203b3cefe637fd6f7b51f5ec297471c874a57145b254bd14b89fe62709c94ca3cae304739294c7b4a871768e11cb7a2db0aaeff4abbd00c70b4d4e5e8f8c6d34afe3d619404e20ccf628f7902c17ab1200644fe465751587800d59acb3abd1f8ad9cbd8bfa64c94c44fb3086fd21c046d7430a1faadbd9b1625ee70c1071bede890f1c07113aed9b1a35ab0fb823e2cb38d2ee6376800f63d28326ec3be129333e1024d17c46198e329779a79f4ee69b56374268fefdd29995e411052bcc92318c636aa9fa634f3e537712f720a52cd95d5472cdd6b4eb66bd1ed2c41cb37c615eb486855671d964ba46ee44eb61ffcb0b22b20632ce3222e4c3037f348d5dec196f9e2bcc2335284f5529e4de9e6b4b84fc559de63357bc8ca0a00c16bdea79372b13abb251fd4bc52f1f732811b65b4c51715da133b20caba229244060fdec0ad4c47fdf1963b6aa1acf998585c59867b5afcd08958dceb9937a97e87b2153f45970ca77e5524c5160c69963717630795e3a4768e2521617bc211926e5cb08edea70cae99c6d7eff4c1e041c7ab0d3473d6ceb3cbc24a9f45c5818896463360490911b1fb77a24aa3b394e3ee1155ea2fbc6686db2c715670dc9187b33f3051b4b894b616bdf7fb287113c315413d83e0540676fe9a48d523bef3280611165fb77c7bb33c0a087fc06e7702fc7d8ea4f7aa264c7ed332af03ae3e392bc0f96ec11e3bca6604ccb7941043fb043b4880de676efaf3f0fba185e90db8e8e6718058fd1d26c49d0a163264d4aaf7094d02d6898f75c6edf2e49edf7b0a645018220535e8694baa1e910df6e493c0812c2cbb16966cb22af208279947f9490f2f5d3a49596050604f920af8fa41c5a339609659f331f24fa0aec3787d052a02541137dd1ccdc30970a879e4a42e491137bb3cddf2c87ea6368bc4d9aad9089af50b71d56bd296d891ac2fbec84303486739a44850680353efa2203d7fcfa00d9cd81433adcad3e6aac009784b63a3b7aca58155b24274b2d41de998321bdf0229ce74a0c61a24d74ceb30d4ba766632c4a48d9db4e3b3334830b12f3136158fb16fa745c2ebad16b65b279d28332894755de3e7ae2aa88f9e2af8a46200c427540eb68907152ee7d53212b55c170ab67c47c884db89757b09dc035ea59fe2be1f384b3edef6925c399753832d32296100ca4e2699154d6ed86bc145e92d699e43c2269ed359a004aee75ac5e730dffec87f239328bc95cc281a9c0bba661f6d36ac11d1151851c70cf39fbbabff2190b619294db73008e3d32acb0b29aa3d28d1e50784dbe35eb911d838bd710336612170666ea5f42b72c32be4d83c4ff61987acd1b1f0cebe281806af8ad4b6e7041c31bcb8a93cf0f44826821b0bb9c053468b4d8d034c084ba1c8dfcad9fac6ec379da5425492dc6f770000000050bd9a930ead9e4faf5b557eebe4461320476a7ae12b0dcc9d171f6d2737b824db7259e62915779dc5e8a08bc69c0c68784202aa3462bdff06af76bdf9f106dd6228211534c4433717947dfaca4b7b61a21d706217e3718b5ccac40c3c4692bd59f222d0c2e98af1ff1919256d7b0540ed69b11f212a9598c7499ba634d1677ecf17517e207d40baed5aa0e25b7e70b6b16f6d6f0c36a146db0644ababd31bc50f5039b3bc4f12b603da2675e121b09fe92c69548dfb9df18d0e50c1387280b7bb1366bf5bbabfcef5557a05ce24df1a02f22f791e06c5e3e21e5fd6db7f2c90ffb83b154b0fd9866c46609dc10b274954caf80e83693f5581f23fd765a18aa4e294bbf7a8721015ea6a6e1ba64f79f6609924d43757fd0752024af79e296415b42de3428f14d9d89f84c2e076a0821cc8921fff677ec7b91178bcbd755ece28477a6bd01fd429d824ddfb62edcdab7c4495edc5a3d27826ea4bddaeacfa7cb17632cee0095ca55d3973812033d96ec5e5ed6880b3a998b4998fb7441e11dd060515bdbfd5aa32aac6ae1fceb8e92d7e8985949946a458ca2f69637de6b92410986f8fa5ba4b1598d8383fdbff2e004dee71500302e3e9270371b39237260bde0888702c7b2bcff69192bd381cfe59b197b9dbe5e2eee27b64c17e95a1dade453a6f29dc8bef1bdd34a92a5275972a2cb18f6f553f99c6098f50198b68cd35d2877d9cdd15074422b43b03170f23138dda44b62b5e161705405d2e9a007f8cc9ec7920d1a6e947ccc57b1a51a728fe1afcb84115fe48be15c894cce96391ab3cdc1bd9aa4cf58213c15d1a849c3f38c8ee34b208766129bbb493558c139f2bfc39df29fc73422127823fc9c993f20d9df9e0acaf0b1729437458e0a857ebfe4a373fd491952a475e9c391b7ee02b79554807c0f12293aa385a3c6b18bfbfc690a7aa9bc85d8adb705eac642ec8611ac62d09d2a6892cd671629d457c2191eb5940114113ed8cd4e8411d96200d3d66f947baa7915610c396402d38f109837d29c8e937fb6223a9d0d605a3d91312908fb5a7df36122c35f7e47855d526915c3a7cea432ca4524fcae3b5c6fbad196c1efef0d129d9b3f9d23104fc3c8a90dbcea0400311e51de50c5abb62fcbedf998ebc1cf23fd76bcc2aea2451f6d0d3b8fdd337ce8d24d7ce2a5b29318df58adb0006d4295c138b4b03060134802626e31a5da92b5a7a8677132523affbdc8d958b955eb4615370497429cd3767f2f708c2cadc233bc3e5efc8c837385749da08c6dd573e3b105ce459d659f790dcaf53c1d0b4d8e0c64b6bce15559e59e66b3b0b2695703e9bd5b1c5bb3c5b1028441391f8fbeadc032e890fe5e3be78569056d147a891f4bc85406e78f962b532eb436b0e047a7d3c88bb89455ffbf1da360207af5d827e9fbbedd8393a828a92382329ff444d9a8128c40e302453550426de4babcdee45108e79533b9747fd21b8f775a76e1d4d54a8a98a65ee3c183be34172877c26e600c89949ced85004d69c24d4fee6f87d2ff24900d41577c78dfbff698d438c0e26ebe15d7b75b49a5b2a5c627da3b13f6458aeff3f0a1944a339b4be5e13d58a71928bb77053beaf7b68568205b62f5a4a9b3c0fef441ede90f012047b0cf2228481fab85d94219ce9f417e4e2b6018b319270a6b6f0de93d0147842f582bd4e41f00720626be2b2f9116875ea4f92e380bcfc33058505ee0336e10c71a5abf6f32c72fe68c68c166454db8e101b3a271f04e4dda8947743e0ac408c73cff69c10e7c015c6b078bab0a1c7aab14a26df087b2b4c859e684aebadff5033d1ebd6c6589a27ac75a075e6ef801f5dece0dbd1e477bb70d2b8553a88b13e304e00735e183feab89edf469cb90c0a5bbf778809a9996f4e72b16417672cd97bdd1c0baa64ea2d782aea9d58ea357b54d06f316076b5c413417061b3c7485b534fcc8bf25d2adf043b47a3d47f0755fe6225bba7569fe672d3507c8e15f7139ef7f606c616c52733413befb248eee53c4a9a16f952ac56e18e221626c4f51eb90c1314167c9677a7eb7004b9b42fd6ec21dd38d5b9032c441166be3f8e9dfed39fb0e654ca3126003decf8e50bf8ace994e16fdbe3f53a36a11ed6f06d1bb8e54f574a83035eba379f2453f2346d11414cafbde87cb5d66b650a5e25ebaced402188c1b4b941e788e1af908fff3ef84c1dadef0550687f0b6aeef6063dc1c8c8efe09d611253efb4d288ea407ef3c043aacc3dfc19a18449b38fb97d9fc0bb67de3e1744f782d3a9d1fc449c3a902b1ec8789e336f731a51cc7fefc43736e04942167fbfdac9f15c5b3f921aaa3df0c9709c21339ce890cd4054828615f18fd12548258440a06dbec3d72719b3e9f5f9967525f90f16993cab09c9eab2b27b29c959c002dbb028cc96297d40822772c16b4b786cc57cd581c02f143d6e728eeac1ab4eca6170748002c0e2269611a2b402f9fa8190d9216b1e1b7de8f81074b8dbb665f0d69c52cf573d07ca0752fd6fe7da88dcf4a915ab1533f5686b766393fe9bf1aeef9d17414d1803708e61973dd205097eb1ed466c8dcfb2c7710caf9df713a11c774fd0469880534ae2ccd1e40216ffa145f0fc832b166896810a678f3a47dd24bc2e6835c16e405a444971068dbd47926f430871121be8f19c8ac4fd0a9e3ff7cd961f90f24265de455694cc291de76437953ac314b1791acbe96d3fcae4fa397287a02eac86f13c931f4d4f49ad52cf1db0efdf7027ee8e468d64d316a2208ae33d8fc3274861b41f2e064c99fbba37b7a0c46a3df8dc4589de7ac28df63ed697a48011c863049345c371f10f7d53a56947e348d07e4ff71eaaaf9aaa09bf1147b80d62a60dcec6d7dd4cbf52f2b0b89d2c7de1f16d63ccc0260b0982fcf105736b50001c19eda998426284713670aab21ce128a80b57920d8c3436edb859d4afd7ed835985b5bec01df5447e66ee8511b28671646e71c0669ab2203c4c9a020000279ba87f089d04924cb33ff82f59da9399ce3f20932c073289938e4e7101d357cce920a2aae72f94d6e1aaf9a3905f4da18a7ee849a39f0d1e83adc67ffab826490d4bfff1f80e8c2c180b08e013daf6d054be660390fc4f872b8d60f14951f05ac0dcb4c4281f71ac2d4cb4d68ffdfe8f5c43160d99ea0077486219bb9400a8fc1faacf12878379a7ea5eae2adbbe2871c1664bea1985d594963935019446d605a61ff79802e114a34610d002cf27e0f4b96c6ff880785307161813f48b68c6f9130a6faee6f332e77755fb68b68248ec113030575b1c262c2430c000d11b269ce4e98a32eea3af403630e83aeaaed1420c9fd66eadcf34d6d1fbe457c5216481ddaf6b397912630999fbc5298eab15ab3cce9de7741367264a4e30a61ff7f1d5e7e64290218d9f6f5c9898cd23ee1ac35ab8d3691bf3df31cef54c161bdf3093390ad2322b6f71f22199ac68c5eab4aa7523b4957202751b675fe82c9d42432c92c2fec148da6e5514e9d5f2618d5a616cdbc4a560b3e36eb6cb8baca3251d8e819ea8f552f07ecca0664e7ef22a3a6c11d023eade70f1b872cf58e89c625f561e4858877e39d324dd448b041e4435b676ce0e86de9045e8b9e8305ae60cb7a41c01ce2318af7f9fa011d24aac2b2d31360ce7b437c46df5756d94d1005a0359b57534c49d1e8e173ba183666a19ff6e6c63388250985249eb40f0f981a2bc34e8196e9c468b1bf329c4ac9cf5f19e46734b1238f99f1e6d8c95ecca9cfafc15c756bb4780b675ec9781bfdb583bd91a7df33ed49daec1d65d14f26d7cfadb9e1de06e922939e924b034e4d128cd66a2f7a87c9399c622922e6e33af68c5115053f42c519a054e295b5f8e420630dc116bb2562ac87a6402e4635bd6c6b95943820f86acd5f48ac519b06f1b0bf1c7a70d69e84c95600e017a67e64536197447b810c21cf86a9d09c37aaf6cc39333b414844ce883cec0ffb23e36d5560e9ff6922a9237a6503c72346ebebf57e59c13e7320f670e1826c802b9cc674b55284ddb061e6e38b16c58532497709028ccc4c000604d4a72b3255170a217ac411ea68e64fb3b63653b985abc42bf21629775a05812ef159992320c3cb93805bbebb250e2f9f92b2c8795c388fea24de5e70d45f8ad1764a6e39a1d588191f77fd7bd0408252c784deef806464edc1b4d3de83df34f1b615e10ba20948ca9f28c4f435163e1f5a6fdd0bc8ef397c25b7d704e1ff1dca065022b99778c05ad39f806c3f7ae4278b768eac09b7d317ec5e07db3fc5579a29fb42658ba66c68afb3b8401b2e09c13bc0652309b26cfab2febc3e96a6da6341e6e860468aca74caf06bfc576124594c3f123d5e987319862b0700bd257cff3ea8abff23ebf1a62e575741db2902761578de5c72f4d37bf9186c2391dfff0fcdf2969df27ac0c34d3f07feb0d1887de871e96916add75c15ce2f795749ceadacca94df5808a1629ccd906b3776e7c2a9e94393243de87656432ec21be389731be9821fc035859fffd503f9c8279bd4a36f3be1e3ba0beecaaf6ee44203d8b76c4ca97da38f63fd07ed7812601ab9095a77d52397ecc31819b91d3c28f639bda94c46a5d527abe34bc579338a4db395c57dbeec31a37685ee8121284b63583e026783e47d58deaad78a17e9a946ae7a3db89d8d78d9f37ee5861de7ca92e7335dade99819ecfd63770413b17de97bf403a6d97e163f7eead7d8c182b77cc3d0e0f28f30839445ef751bcf4f21b5803a4e8754fd9a3addb2553ad1d81879addbdc2668e5f2e15926ed805ce7b4ae01be9677c322d59d619cfc806a4946f59010aac481e49d0a0b2ccd0fbd88abf07d4912a081c81633f4a6e0e68eceee686d58a43c45d3bec1046d3bb8d7fc727dda7cfe22af174219bc8e928ca15ff9ce2c707bcea190f8fdeb86a2dc99d7ca81b78efdb0062f1967bb66132164d227e149aa52f39af5e763705373c864323a5885dc6061b5a2ee5501d0b1aa465d93052f29d033a750b1b9cc85fddc0cf168ddc62fb2d1570458d246906fbb689bc8ee3864901eb43f96c19482a7ba7a52fe08b241a32aa9a2774359132b5e1905a08ba37244265070f6d69a428a5834f10d9ba45f476f9e88e856ac223d8cf6ff04894faa2590ecd0a3f6938d661d8aecf6223ae99c414962a86fdc1c2599cee39e9f0153a57ed809bd90023c8d688cc1aa7b5eec5fcd01d07d00100", 0x2000, &(0x7f0000006dc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006600)={0x20, 0x0, 0x0, {0x0, 0x7}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(r0, &(0x7f0000009080)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r4}, 0x10) syz_fuse_handle_req(r0, &(0x7f0000002380)="d37f438c8ff0a793bb0fd85e80a3add0f8f65f17e46f60227e8b09439e47ae441d91f7c50d52383be1a08cfa58969071ef9251774b2aa82db4b537beb0834e94c9f625097a9fd8ae5d86ccc28ae9a5fbf7a931329d6c0aa28650849abea29afd035f5eb12f8126d5b8c277c8c14f25965396c229226cf8b0c6da769454f1981c1b0a8180b80469005a03d24fee1d6f5543a43d7156a0da6f40f6e4344cdfe5f96f373459fabd8c1fb029f3cbb965f11e04c92468dc54884926996135312816573b5f052907705fb31ed724a8097b4eb9a547bd0a4f9c66421393b19fe59fbc07bc8c6319225509823784428ca5f20741130774b9090811966d1de850ef61c965ba07e2fe52380c4bee79f58db0931b3d0c06cfac96c9e8676eb0e10ddcecb47f17e8c4ea80d3f67a9e04f5edae06ec33863b9fb5edf40c87fbdc5a00936d260eb32c3df5a905d3041a54d0fade7b220027169911111af6142645e771ce84efdff5ef5f3fe5b1efdb67ba83dd9f94008f787ecee2ec9849c34a8699900b3151e799fb1704100f2075cf313f719efba77efdfdf5e37379232785af24729608cf1099a9eeb643813fe492fbd86788f43e231fe0a6f3f0bf302efeaffa32890b1e48818959d7d2aabb83f062e356a81605f55da96df097b11471c46947910bb3e5e40a5a5c92077231d68efaec50b848907d1e37e18d885f5bd95d939ade1852a5e2f516781e1868f0894c8c0872c84d9c80fcfe085ac88e2a8caf63b3444f6d5f63c4582e766f1fb06a204d7b8c266e29bb43e04f42dc241b0f6926ea4b0340f0b3ac232d92677f2ec099b17361d988b72311e5e93d6d93ca3bb711c5fb979684f67f6ba32901b8adb223fea467157c55e8d5540743af46d36e6670fe21254ed91e207044db3424d42a63d780f2269ca3417aeb73632fb93dd42b07eff0f5ed90707423066f834c2881ae5272af5b3c04c6b9cadb8b234d24c5341696960a23f242837d91d6751695e9f07577bb81aea171df43b27c44ca5b815e66f63848403320ffdf2926f500b16e7496b835ae7a09288847cbb232e2e271cd732e38309d41ffb55391dc4a157e0c02505f54430a70a9ac197f5573a0b11722aec13a9adea4d8e0022810ca28414964d40cbcbf9d2704aa82637e13d561c4fed2ed602be375e547a7fa7198e6a75293abb3903d0b8204ba21dd369a79159cdd810162c2a2ee722bf4e43b7679dfb8b4ac9e768fb3d391fc4f1839f2e91f1c62050b8154cafb6dd19a3f8716a5c072725c5dad281281605ac02632d041accf07bed8135f4cab566db7e01c6902be5728fb01cd6b17edb8870e3417897a604ec795c440334b1bf9b6180ac13d13298b80b8f4352b0bb36ac151607d6ebedae06f8a0582ecd3963a6df647c38c64402ab29ed79533efbe311df5c29d9f1928371e99094f3e7d8aa3d277fe0e3471c6746ca5dab72d6ec161e05b46829c7b437cbbfd82e8606153f23205f051002e23a17906056a50a0d402814df2bfc1de9906b2ab651770a482315e06146af144acf0beea22a5a9bc61931d293483d0f3bf04e62e89cce3e3ee781b3340f59f8a026228e6f3cab05f23ea71334eadcaa1068f1b67f1eee3ee1698e92bc68759a3534069de9132ef7d853f4e20dc1cac32b42a995da861ee19c52e8387528db1ff0245807a1fb19c1670bc3c56f44db0333d7568eef79964f00d6d242a3735cf372c844d6cfcd9bd8934f14dbd5cb907108190fb7ed919840429d4da052d95a242e93db7f07c2c1f8f141026e15a767cc9386b31a18ecc82c4603354236446e9c79ad6899049648b4244446dad02225c5837fb8b033ce4db1fb044df7131bc99316434f232b8049701d33235e581341c5bb08208703e4daa83c0d4e1ab73e8c0724d0e9d6be114927acd0b792ab9464dd3b67963ed235243ebbc16e6af057e984fffc2554582cdd6548d9a929a89b39650a12511ea208ea9553703ec994318d50cea6a632724b08b0af3c11a4ca9d95dba675112563fbd166463cde649917402548547d54cede66d711d805060beed06c79be0c682dde2548a899bb121926ac690ecf1220764874c37810abc3c64291fef538f8959ed50a4b9f6058b8c45735fc783f3ec592c022b066583950037fed74e12f0fc8f04db78cae682c706fdc3783a206167336ff9e4707ce741893beec04916626c4ed07db0a73bfa5d786e3f3585e4b7b37f3968f08f8971963fefa07b7311d4bef7b5a5d72d3c40297da80d995d866220e005713d69b5dec9a4481301e9aa6ba8a6bb1f911c1d9f827838edb81348231f3da450c1044c9c722d31a1fadccbbac0d82de32f2a46c0a083ec89e2baf21b2b1655702e7d58b950df5904f76f129d15c93f95550e3b52c72eb79a1e09aa253c35fce97977f881f61acc6268c2596b755f18d1c95be938b390565d780929c4c6ba4c8d417775facfffce5c0bcc1f075913f5477563d06b3583c3bdcc7330bd6d1a8bdcce29f8452668a9f2a613f21d5195ba1a1bf134e80be88ee8fdd994936b1b40a0f2e98723d8bc53aef7b5af884f5fccd3eaf2dda01278be0b26eccd63cf68278e06e59889b8b9327550b615df368d99bd6d19636477c4d592e365b0c8c43a23d434ec3d622184f325d6d1c8b704aeac87359d9c09012deb32db9bc034fbf10b4662d6618b4d849a9546f00ed3265c22807072482b0ea4eacad35e10bded78ddc4e4025c7ba521b709e4923cfa8b6964fff4ef513965c4c71a77447daf08f7ddd10f2319b57c8075046ed4820e135f883fd4358edf30fc9965b16885aeb0f82cef2556f67bd33c44edad1a2e3bafe648f5e3797a62931218a468f637832f7ec481526824ebb8de5c207733c54313add8a24131f6de8eb8ddab462b5ac7693f7b278b38728449c9d595af99ba5b1548fd942b7b8538456a261a3ee3a7d18fb3e6180b6cfc9adc76a1defa797b57bcbcb9cb47fdeb2316fd2d913dd4aa0239638fc5c3d29df965aec2ade1f556ad58c9159c9f1b6e05691f476c5ff73230eb74a891f7b285de923d1cab7cf1fe2c82cc6ebcee9dd0be04bbc4d01b2ba8c2525fc4120ffae3df6bfe44663ee532ceb5a21db4f2204386f84e2f51666af55cda90dba169a9cd1adeadd7c90322af2656c3166fee2dc39b2db56e2e18b6f7a24bb7b0494320d2000d629e93427d224587dedb5c196b1796fec0c526a8a0355951045677733b33cb42ec170f137b934c4c6e141a8f8ebbeb1970797a29225901780f96521939b2edf85b1a456e9f97d02782104583757126159f264d9ed95e801561d63f0ca075543813c732e75deb01e585fb5b7bdbd7311d9f346e512b36e972489988f53f42118bbfefd3a52ff1fb97f47eaab7f8baa8e1f397bf877588c1c898690885273e47c1bdce3f220f80828fb7489283d5529756514842974a55cd95aa5a75a18627897836311486300bde4fec1c312c735e5ba3419028cbeeaef709d97752a12f83650aec7305232f22f90b8718113f06b3cf48cae0b365c456aa17610a78454fb81020c84ab51e27891dfe6e3820bb8c4ce0a5f72c72f2523b10be64a3c05f76e7bcb7b6c9aab9e49bc0c2b6044b66c475988f0a078f53912a9c442a40243da943376c8f75e74eac306c61004f6a88a818e3e992c0ccadf44e48c95472359c79f04462598dd467cc140e665e57b9b98702096750b82f291ee11b80a9064dc4a0c790107ac0aca2166e4a964aeadab9ec1ed1ca686b36ff00f75a3a131c09e3297d0471b689475941d09e09c62d94840a6083b1e8d80c22c9e10f3575cf53fe80702e0ef82f43bb13a1128a4f76a1728da93d86a5c86fe831334442deb1e003c96cc40a65ee721e219c06c01e75176d1035ec855258d3fc565f0d6eb31910c3c4e4450c65755ca563f0d877861df816160dbccce49865e0c6e9dc7cc281481b9f6bb8dee95d6a572421f1b2dc1995e0a3fde00ae6073015ae4176519e586ef434df534667d30ab103b7815f5a992e51004471ecdbbd8d9d464e7c24124a928b5aa925458825024ad03ad526a5b08ba1b30fef04288035749c266612bdd5caf4ed5245f67f5fccaabc6b2d8994c395dc7f8ce00089f4eacefb18e65a2d9d04136cd9172ce5aedad596d11fdd4b599f7f544f92a398042821b7c1e6ffdf053a35f95f9997791bbf6a0ecbc69531d14b2fd6b18dce4267816ef2fc135b24d76be1b59e35fd76796e9fd92dcb38c08968d9be724eb8a22575e7a7e2649f2a27fb3fac57f6aa53917ae27cd8efc4b6469de6155c3b9654a70ca7fa318682d1fbbf7e3e9f85f3fdf91f96eba538c899f3aebb79fa0ff96f122859061c2aca2a2fbac5640807cc7dec2a5f37a84cfe69af9775a703281d271a38ce08adcfe26ad3df7d0a1065393791dcb526634ceb5c33061fd83b4e1c72fa175585e0f839c9651002896fc7a6ced33919105de91d17083c8f6985e24ffd0fb35dd558af58cab9003e1fb7f87075704396ff677ae7a99725ac2c50c3a9edb15cce24de9a734f81f5187099b2ec316c6cf536c628445799bfc13803c6e94fa844de4b294b6f9b7f96ecf666c1088eee0997dc3d925e45fe9157ff86699e68ad786e973468de54ca6c9156c2e30541e97fb7b845ec2acdbfab05a03009de8260b444c48c0e64940a441d56446b33c698631f480dbcd6f8726e4c287c262bbb6de251c930e717797af777283e0575e8e1304af50cdc493f429dcbfa518e592550e980bf4516ff177a725c59ed0f8d9384bf9bbfe024560062eaf58bc6dd4ad29d71a39f02e00f6ca44ea68b9019387add513c767693d5535e46b3ff697aaeaeffe8e85b86ae877586fd706fbdcc492208c1b61556b80af1f80b018391a4d42e030d89e57c8c8c323c23805551954bcfeffb2c08f9043f24db22a9285f9edb6c66e1091b9dd8e51a228dac137df945491c53014a79b3e033305b1678d7664afc79bd04b0c397c0fb4a12fe3116b24e4d42830e3fb611b337f449c1e0e9667b09690b37789e45cc3007f4a56539c782fa41cbc30f8b213f36e03a1bcee413ae9b4706561c5c68e0ad645423eb5e799ca52a0cbb7e9468a7a0e253b5ea76f6a79a5dc9d72d5aab07703a814922f1fbe1eba0336659ae0acc46b46088b895846435a02bbacd4663f652c0e1289411bada43f1335d48d8ca7a021a60c8a19a8a894aa3375758a140bd040e24aabb0736f79ad95f2090a78418360cfba57398dbf3645bd6c964e53923ded0751512e8cadb650ab833ec3167e8bf385bfbbba46e0845e745810d0133cea434ddab18ef066caea680f16604baf0ee56b1f631f5ccf754fc79285af9d17d99346f7bcd7048dcbb3f0fbd6c2aaa415821f73e4ef5c09fffa911a7ecda2961342d0db95a92d597e8755e41fda1e39c65efc82ca82b22172b3e2017ec5bfbbdbecccc318190eca29ca4dfe393afbbaede3fbc53aa54fde14a1d98a3f0e673bd710d73a978cd7b37901915811c1a8478c61c4021792bd07d42a0e4f7f367139fd78ad1b6cc23c94bfc98bf73c8891c5c69c00c0aa4ba3d76472543fd8d2fef44f4fa928906a60f726a7aed2c6435ea80ffa1d91efc4a605b48845a1e66a7a79c92a869549383256e7724f796aa893c3a86c8c501dcef329d79d7ad5836cd41d48d0ddee68cd5dce8e59724bcf7a0d6872deae7dd15939db46b978fdb77158c3076ecc720b3fe3fefff15b28f7f1304c375a435f20c714576dfc8c9f53af9b6dd7d7ba14d8fe4408f8ffbd61aa0f1194e3c57d63519f96e42fdc97e7adfd686fdbef39bdca9a2716b337e406a909f3b2eed19e24408e8dbe91b5aa98fa62b6fb6f9f13dee6a5da24b24cd2cd859029aabb2bace5492de4985a19c508d2062e6b580bac1a55a41aecabf0d63f48315a6497f11a5a09bdfd1649203eedcd03069cac0bde4f7691e57e2a054e1c192f6d78f2647af7cfffc4daad033521b87103c5bbb81eafb0ff72c4cfc7beab3cd7074ed50f23021e917e85a0ea2dec4dd0d7f8efa68f15a1296ca768fac34f630014743eeeed57f80165e268c1cef7d5d385edb955195a3e44b8b388dcab72083fc2dc23d71913bb98ef2a34ad6df1675b936e294ebba47dbd74daa8098fcb627a1e17616d8775cf1fdec8676d57ce31bd4bfbe821a03ef251f651ce97dbae57f99c6755470e9cdd17699c568ada69a64621dd5625d95b0b550c596292b1816b9516cc7d8f02f8be32afda1f4357419b28363ced9bf7429e7687531fb00de4d2e03fe4ca448e66ad17c58d909df244f4f7ed265164b42273187816e0872e6818b8bdf48097d108f4c67ffa10038f7d2a705b4489c9af1284a7b34dec3e5b56f350c880277fca26427e0746eece173de1ae1104b7822a9fd45b262e5f3ce16a64dfa69e84f077296144f0c119bd2aac2251f463b3e8177dc259088c8a1794953b248b95e7c6e6f91ed45a7d3bce7e91ec72b98c06ba6c625bfdefc69c7416d89a0b1f3bcab5aed96370d74c6812ef0338368756f83f4be0331cde6d11d9a917483f25beda96af71882c3d4d1b3785932fa0bc93d611c919dcb116699db1a3d26ad6826937a984fa121fac7a45ff220520f702ee942793dbf7023b98c9cca4f150bccd29f26aff58e2255aa73fb7a7abd24b501bd403f24900d42e88c57494ab5ef8bacc07ff9904b100d709cc9b1018cacfa42d839476b7aeceeb2236e2c1151d441b167036bef84069401d67a1473d5d11cc109bd39a1fca5d5aa347c4fd5f6f3c12a8f5d1ec344dc1717f5e8e1aae6d7b7c42aa633ffdcb46c32ac667d933cb9fdaf6d83eefe77d8733a59fcf394d063efa474df67697f881991a34fa79bb78f3b19e9b29cc7b03ca7390b0ca6064a961f3fed249db4ff2c01840373b6242034cbac645d59743f1a90f372ee0c17efade2cef03e3f0edc640dfb629c6b98dc2f28ce06aff3574a2cbdb4b06fba31b2dfe34bba7e34e02a786fa4473d5ba847f4f1e644c1bad62ebd5ca9306219ad6beacb8a54ba299e1bad887293f1b65ff956ea2a562e290df607a608503afee3ae180d600f1d14a9459cd5a399c7e2c7bbde19c11ac869d34ea5e990a759e346c3d538108a277894d6ec7bc6fcd65862a2d9d0696551a4a37379feafb313a09f2575c52641db9f46f4cc5e851f67ce633572b6ffcea7b7c24b44b40d32e55e4f3b426e464c07741648f30d51fe3eb162cadcecf21b7182cc915ffd887e85c385b5989f87910c5c990d639f8d2cd9234c534400088ef49733c94f39131fd51d784a407a07eae6d5359acfa35994ec3760ca3866404a5faed0fb210ce1b849868a6007c8e839ac7518172928277bf2dc43d163d2a0f6146cca1738ec3526762e8e2caf69606a3980bd08fba42ec7cbf48d315e45b834bfb14221de8259250c4ae9590520288c73bfc7d8076d3fe46b772491173ea0daa76cb5cb40637a038ce734d72c0c020494062843715e762d71a8f8518fa7d837391c06b62c96efc17651158657db8ea9a57634b0b5628b06fd5d568fb02185a63a6beb56013cfb4fd1695b102fb58f39161232af39f6d87c5ff6af247df3d549b7f6f81cddf4e3cb12b18634e69df5af55127f72670a3104ce5aba7877c32ee4b0cfa076247a95750e830a240b092baec2f473e83581e5799d69593247f0e78ad8e44c0e0d09fc55888107c4badcdb20b2c82d5915b3b03060e53d199b20b29ad6742655bf62343421f826daf1a3c0c493c96bf719bdf0a8dc9a4fc3f75bcebec3aebfd898ef161cd4e2e33a142c36f673cd8da72edae4f691a4271881d326d77fca0af396bc1eaf9e9d2a047562f91f0e87972e3ae5abb75e352f28c81351c4be6a34e5a01b8ed8461f14e21d1afc9260d838b43e9e2ae078d64b6c718232bcd2b26d3c57beb3c605e00c6f9c1031a3bae4b1872ba5d6c23199253929f1cf57a2e961d798ca9d315fa6b9855c8e7efcc24ccde498a3f1ba23755360044f024753f886f97016bd45a56d802f3e9e040a84f6c46cd5aa99fd4471b97cdb0bd8d265853fb79c42b4cad7eda49ca08d3cefffee2d3f1b5f083a06ea4be4b0acf84ca27e5a8d579d3135f3e59bd5b823b2bef7708189f54c8f0d576e4c6bdbf932b55bc792bb302cddc5c555e4903eff45b493f9498f7bf184035335ad1ba1547795a443c9afb30f932e7d1b042fe1690cd34d98e2331cbe38108be26f8ed615590e8bd99fd01b700b21e6ed61de92297d8b447c723089cee359ccd4517328d54ebc43a3f9173698c4362a6130508c9a0ea57b9a8a74a997a21e3e2a7223ad3debd80f70aff2eba5a862aa667052462bf6635eca2dd3350ef70fda58f8492d34c5b819c802f97b8765680c39fcab3b92f8a8be88a93b5bfc1dbba3fbfd3051c4443e766f4cc6a9d0f96b66a081e9316a44efe5973479ae74bf13c18711218f75d7f4e6f70b0a34ff2a1aec8d1e3181a65b4d5f21f0c19789a2ff90ae5e1298e707628e97e6a5048ac29d916193577506a7f5a9cfb0c73d16a67a2e1f872c8026891e98df07579877460c845bf967f87d75295ed29ddf626340f313bb35a04f9304e34773eda19650f25a08b2bd603297d9edd7f7d1b88d0b18e7bc35b0593961e7403a03550a20a0eab83cb00e659f5fccc189d14b28f11b8f55db517ab124b3718e70868d2131c74640bc682ee785a75cf960a79fead7965d0798d98e386598efb5ce92b0ceeec4e63e2eee3a15642ac72691517c4197a667de3e57a56e2d6e4ecb5a2bc401f90ec2239baf6a9a418267fe2228f7776c7f932a048cd9aada01c2e6d9466ecc434ba61eb97a0d6eb00e719940b3dca3ae25b94e9040ee238184eeaf46e51b61d855ce476d10dd9cb09df18c585304bc4f9e88060e4bdd6e624dd90d7ae8874c0af1e17e67d3bb27babd15880cc61f22b6a0b24df6d03faa13f0c918a7b960f47d939934d9ae90edc40251fb53c9fde3ee255e49c8541d995a644d35b46ab202e56ad1de3da1c5ee587f167b398392d0fba4a43eedeaccb0ba16f571055381fe3885490c71e0805b1b3186bf2652b9a9df69d8d1232cf704fddfb5e7d3ff78ba5ae3b843f4f9b82161e223343240c33a9cd21eb312806163ebb2e60bc98b68b3d95bdd923f6ea831083c13ca65e4a06e999b2d014d0ed218d72c5b776fd21ae21d14e23e9074de20d6d16520b1061aa4db3b5b8077b1c43aa375c68a6243ad582a148dc6878ceb2ab6792cac38ef21765df51171436a412f60f5dc68fba51aae8c4909efa690340fd8a63cbfa4af6235c1c904a20578f54b9c91b1fb8017d05321e0bb9eda1502c1506f3d2939977af87d1f9329e237c129d5cb65e093396f016eb0c2f0aa5cab92a00259f6056532ef188be500fec4cd4614e29daf5b41da2b4742b02999e651c42d2f405344a232e36278785dc7a681d0ee2014ce3214f44ff9d2c3e083e18c299cd7cc8ddea4b805c673cb7479a553f28349235d37874ae3da878a5b6321e501c2b77470dd15b35ace69b1b8e3ba20cce47acb8350f206d136dfdcea697bf558bf3426bb1e0ebcf2797a1c7a181fad43b8c68633b361d40868c279896eb1c628656a9b57dcde8444ff92f2cc1d2dfa1998054487d8fcf11b852019ac21ae0582b1c8f4ff90f31d862e20740d7b803b0f109a8d1506137ca58167e8be1d13e6a5590e2bf2af5cbb7e79db2f4cdec83983463e1e830f54f8534e4c660039c0d372c7c757be3498f6be9ff6b6d13b88ca0ee07a0fd4df8cb13de0fa094cd3b9eb87032a6aaa757a6391ccf98fa7f9d99065b4f747e70ca497af77fbad520c589445d3401c67972ff7e274571b8c35a17ae78de90c81f791a69d70975208153f94ac7199c45de1ca5746887ec677452fd1a018b7287ac45e14ecdf1876229964153cfe6b39f1d50a9be63a0eb10016607ff338751cf9bb97c917d532be1174d0410e26dcfab873769b71db87758c0ad015b1db4b7565e244925ea0dc24313ac65f0355abcfa96c786b8ab7b32166bbf4c7ddae0d3f63d1aad63a9b105e05825aa012e075ba3e1c20b757e1dce75f6fe14e891a20988d365cb5e69206a1b7d8caf2effc73eb577330cb56495fbeaa6b7aef3467a32f53634e468208a8e55d626f98a2b51d39b48341c27306e59c0fc5c8058719b526eac245ce857288976abdfc9be1d4f220817f879c15cf0a258f89cd8269113821b0a1073165923748c6e8e0331ae9e7df11e62a80bf28559850cce385a98e0f48209ebcf69e8938a7605e96f4ffcf580b6c1df742766458763dc91b34035c12396b06ca5995b8feee35e1a3891cca0402fb9e739d8f8aa1a637b7c8c2c458493a323fbe5a76f866e2d9adf0d1d76950bc527a969f61c8519508eb5a93447d212e209c724aa16a949d8be1b14c8711d4c85e728e9d50b5b78b76242f9d59d866a86da0f129201a5b665611360ab3f4b678746cbba1b47884d2bfe4d3e38bf441fac354654c5077620cdf5870fda1fd5ca2bf4780d474a27cb660dd9d7ea83d423240c7ffe743dbefa3b922ac6d5f9544a7d5477dc44761a1d47633f67fe220f37630d678daeb62360b5f4f5d40493169f6554897c5d05c4909834fb2ef1494f8bbbf9e986761b931a26b0ab76b88d4f9b9bd9a024dc39819e0a139eefba8f617401811b4a7b97212aa82965e6008447979d19bfeacceedd48a24d65b8a1705d686fa8c44100d27dca9bc764b74345e1da71bfd9604e2f5bfdd28097f90e98f91ca81b08e827f7a3e742e6c019691afb612042a375985b01b94b3eb61a484fc2ece84f53ba5738273c80047663ec335d31f1ce43c6205a78fe7712626e8e6ff691b5bb9fe1a41909db60d8644d73936c4eb663bbfef030499c8c7d31f4eacae3cbf736a1eba6f85008139ba7eaf5f1ef8804f617e56c820c24f139b7036887f2ed2de32fd63574d0359ad4026e67c550b4ae960a2ce234a20e076da3f91a7ed60bd59a38e1acd7941a66bf3e755a431cead3f01600c6e47564167340f3f853efae37b036988bf4b30849d9dd5d0d09b1799bf9fadca76c497a1345018c8724065291bd8cc633e06359b72040a7673ffe5e86c240d043963bf2d76a0fbf50243a63d45d7f3358e1b9d1f3cbffd7e60429afee778f305e7d8f07c3e49a104f3a4e92118ce84cd11839f507656757d6e89ff296cf792ca2f1429aa80c8092b970d6f065eda3fb25b6b8a699561f8fe5236bbbc96f15860e29326a5a2671a88545a65e587d986615998a124a97820a65f81779b3101086e6f261177a66858d788c5c66521408a9e70238719614aa6232a3ef7a33e99d3b1dcdc20c33e8124b1dabe50ce9e4eadf34685560039e7d7e08f038f2004da7703bc4a30a28409719092e6640e743ee8a4e75dea106314a26ed5cae5d02bf9c8b0e96020a6b7941db7f0c311476f377a992caccff7f1919062f9db36ba72b29e9dc0880fb8eb24f41e0a6cbaa487058c6fbe6b062b372e0b84c9fcfd64d84724b6cda7fb3f582abaa6757782b20f9c1fad78f98273129caaa9496c1dbbbd167b52bae60dc327d1e18d82450ff9b6b108a0f20cbee5", 0x2000, &(0x7f0000004b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000045c0)={0x78, 0x0, 0x10006, {0x8, 0x7, 0x0, {0x3, 0x7fffffffffffffff, 0x1, 0x40000000000, 0x4, 0x100000000004, 0xe767, 0x8, 0x10000, 0x8000, 0xffffffff, r2, r3, 0x80000001}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 28.331479997s ago: executing program 3 (id=4454): r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3e, &(0x7f00000000c0)=0x7, 0x4) sendmmsg$inet(r0, &(0x7f0000000680)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10, 0x0}}, {{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000100)="5665b76d7dac896086125a9a11515df3842cddead15ee6220cf89aca9fbd349a029a5fe576031d4405b6be", 0x2b}], 0x1}}], 0x2, 0x4000095) 28.331195962s ago: executing program 3 (id=4456): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) rt_sigprocmask(0x0, &(0x7f0000000300)={[0xfffffffffffffff9]}, 0x0, 0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f00000000c0)='rpc_request\x00', r0, 0x0, 0x5}, 0x18) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001700)={&(0x7f0000001580)={0x14, 0x25, 0x1, 0x70bd2c, 0x25dfdbff, {0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x40080c0}, 0x24000100) 26.471135664s ago: executing program 0 (id=4466): r0 = syz_open_dev$sg(0x0, 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x9, 0x80, 0x0, 0xffffffff, 0x91b1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000400}, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/tcp_sack\x00', 0x1, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) sendfile(r5, r4, &(0x7f00000000c0)=0x8b, 0x100000500) r6 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) connect$inet(r6, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f0000000200)={@private0, 0x77, r3}) sendto$inet(r6, &(0x7f0000000000), 0xffffffffffffff94, 0x400000000000015, 0x0, 0x0) recvfrom$inet(r6, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) write$binfmt_register(0xffffffffffffffff, &(0x7f0000000040)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x5, 0x3a, '\\&{@[', 0x3a, '', 0x3a, './file0'}, 0x2c) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f00000056c0)={'\x00', 0x7, 0x4, 0xd, 0x1, 0x9}) socket(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a32000000006c000000060a010400000000000000000100000208000b400000000050000480340001800b000100657874686472000024000280080001"], 0xe0}}, 0x0) r7 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r7, 0x0, 0x4) 26.280746306s ago: executing program 0 (id=4468): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000140)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @remote}, {0x2, 0x0, @private}, 0xd0}) r1 = socket$inet(0x2b, 0x801, 0x0) connect$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) listen(r1, 0xffffffff) 26.280477551s ago: executing program 0 (id=4469): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x4, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000600)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000000401000006020202020202"], 0x36) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_ASSOCIATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)={0x3c, r4, 0x1, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x96c}], @NL80211_ATTR_MAC={0xa}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000815}, 0x850) 25.712682346s ago: executing program 0 (id=4471): syz_emit_vhci(&(0x7f0000000400)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0xb}, @hci_ev_le_remote_conn_param_req={{}, {0xc9, 0x8, 0x9, 0x0, 0xde}}}}, 0xe) 25.660900074s ago: executing program 0 (id=4472): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r1, 0x400455c8, 0x1) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000200)=0xff) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000240)) ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000001c0)) 23.641427385s ago: executing program 0 (id=4483): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='rpc_stats_latency\x00', r0, 0x0, 0x80000000}, 0x18) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000001580)={0x14, 0x25, 0x1, 0x70bd28, 0x25dfdbff, {0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x400c0c4}, 0x24040900) 13.320742917s ago: executing program 32 (id=4456): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) rt_sigprocmask(0x0, &(0x7f0000000300)={[0xfffffffffffffff9]}, 0x0, 0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f00000000c0)='rpc_request\x00', r0, 0x0, 0x5}, 0x18) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001700)={&(0x7f0000001580)={0x14, 0x25, 0x1, 0x70bd2c, 0x25dfdbff, {0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x40080c0}, 0x24000100) 8.57307211s ago: executing program 33 (id=4483): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='rpc_stats_latency\x00', r0, 0x0, 0x80000000}, 0x18) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000001580)={0x14, 0x25, 0x1, 0x70bd28, 0x25dfdbff, {0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x400c0c4}, 0x24040900) 3.319601677s ago: executing program 2 (id=4611): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000200)={0x40, 0x15, 0x1, 'w'}, 0x0, 0x0, 0x0, 0x0}) 3.251035873s ago: executing program 1 (id=4613): syz_emit_vhci(0x0, 0x0) 3.250878461s ago: executing program 1 (id=4614): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000fc0)={0x84, &(0x7f0000000c80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000780)={0x2c, &(0x7f0000000400)={0x20, 0x16}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) 2.722946347s ago: executing program 5 (id=4625): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'\x00', 0x1}) io_setup(0x1ff, &(0x7f0000001540)=0x0) io_submit(r1, 0x1, &(0x7f00000007c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x401, r0, &(0x7f0000000440)="96", 0x1}]) 2.651382545s ago: executing program 4 (id=4629): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe) sendmmsg$sock(r0, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0) shutdown(r0, 0x1) 2.541155859s ago: executing program 4 (id=4630): syz_open_dev$sg(0x0, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x9, 0x80, 0x0, 0xffffffff, 0x91b1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000400}, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/tcp_sack\x00', 0x1, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) sendfile(r3, r2, &(0x7f00000000c0)=0x8b, 0x100000500) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) 2.540943637s ago: executing program 4 (id=4631): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000300)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000440)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000001c0)={0x30, 0x30, 0x30}}}], 0x51, 0x0, &(0x7f0000000600)="4bb16fc96dcf827965e297e4bcdc4cc27c7f5cce42d3404ebf85cb80c1e0f1800190544fb4577f9c7b137beb432502670dac13efbd760cd34255de3bf80391ae67bfe4a9e6cef0df81e89597f675b813d1"}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000500)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) read$FUSE(r4, &(0x7f0000007fc0)={0x2020}, 0x2020) 2.49092552s ago: executing program 4 (id=4632): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0}) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x2, 0x6fba950d, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0xf, 0x3, 0x0, 0x5, 0x2c, 0x1, 0x7, 0x3c5b, 0x1, 0x24, 0x6, 0x1, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x5, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x407, 0x5, 0x3f, 0x8f, 0x4006, 0x6, 0x0, 0xffffffff, 0x4, 0x8, 0x400, 0x10000080, 0x0, 0x5, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xb, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x30f, 0x10, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0x401, 0x6, 0x0, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x2, 0x5, 0x3, 0x9, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x8], [0x4, 0x408, 0x8004, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x3, 0x0, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x9, 0x9, 0x4, 0x1ef, 0x8, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x5, 0x1, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x8005, 0x9, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xfffffffc, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x1ff], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x2, 0x3, 0x101, 0x10000, 0x5, 0xfffffff9, 0xffff, 0x2000a620, 0x2, 0x5, 0xfffffffd, 0x2, 0x5, 0xe7, 0x6, 0x16, 0xffffffff, 0x80000003, 0x5, 0x4, 0xc8, 0xa, 0x3, 0x10000, 0x7, 0x7e, 0x100, 0x7f, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0x4a1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fffffff, 0x2) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.420510288s ago: executing program 4 (id=4633): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000940)=ANY=[@ANYBLOB="58000000020601080000000000000000030000000900020073797a3100000000050001000700000005000500020000000c000780080006400000040111000300686173683a6e65742c6e657400000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4) sendmsg$IPSET_CMD_SAVE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x8, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4084) 2.419979159s ago: executing program 4 (id=4634): syz_usb_disconnect(0xffffffffffffffff) r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000600)={0x84, &(0x7f0000000940)=ANY=[@ANYBLOB="400f01"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000005c0)={0x2c, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000480)={0x44, &(0x7f00000006c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) 1.694203003s ago: executing program 5 (id=4635): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_ASSOCIATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)={0x3c, r4, 0x1, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x96c}], @NL80211_ATTR_MAC={0xa}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000815}, 0x850) 1.685760996s ago: executing program 2 (id=4636): r0 = syz_open_dev$sg(0x0, 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x9, 0x80, 0x0, 0xffffffff, 0x91b1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000400}, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/tcp_sack\x00', 0x1, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) sendfile(r5, r4, &(0x7f00000000c0)=0x8b, 0x100000500) r6 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) connect$inet(r6, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f0000000200)={@private0, 0x77, r3}) sendto$inet(r6, &(0x7f0000000000), 0xffffffffffffff94, 0x400000000000015, 0x0, 0x0) recvfrom$inet(r6, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) write$binfmt_register(0xffffffffffffffff, &(0x7f0000000040)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x5, 0x3a, '\\&{@[', 0x3a, '', 0x3a, './file0'}, 0x2c) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f00000056c0)={'\x00', 0x7, 0x4, 0xd, 0x1, 0x9}) socket(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a32000000006c000000060a010400000000000000000100000208000b400000000050000480340001800b000100657874686472000024000280080001"], 0xe0}}, 0x0) 1.609838567s ago: executing program 5 (id=4637): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) 1.609659195s ago: executing program 2 (id=4638): r0 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x400000000000015, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 986.953795ms ago: executing program 5 (id=4639): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) mprotect(&(0x7f000021f000/0x4000)=nil, 0x4000, 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, 0x0) 888.724832ms ago: executing program 1 (id=4640): syz_open_dev$sg(0x0, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x9, 0x80, 0x0, 0xffffffff, 0x91b1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000400}, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/tcp_sack\x00', 0x1, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) sendfile(r3, r2, &(0x7f00000000c0)=0x8b, 0x100000500) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) 888.48354ms ago: executing program 1 (id=4641): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0}) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x2, 0x6fba950d, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0xf, 0x3, 0x0, 0x5, 0x2c, 0x1, 0x7, 0x3c5b, 0x1, 0x24, 0x6, 0x1, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x5, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x407, 0x5, 0x3f, 0x8f, 0x4006, 0x6, 0x0, 0xffffffff, 0x4, 0x8, 0x400, 0x10000080, 0x0, 0x5, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xb, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x30f, 0x10, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0x401, 0x6, 0x0, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x2, 0x5, 0x3, 0x9, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x8], [0x4, 0x408, 0x8004, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x3, 0x0, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x9, 0x9, 0x4, 0x1ef, 0x8, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x5, 0x1, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x8005, 0x9, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xfffffffc, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x1ff], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x2, 0x3, 0x101, 0x10000, 0x5, 0xfffffff9, 0xffff, 0x2000a620, 0x2, 0x5, 0xfffffffd, 0x2, 0x5, 0xe7, 0x6, 0x16, 0xffffffff, 0x80000003, 0x5, 0x4, 0xc8, 0xa, 0x3, 0x10000, 0x7, 0x7e, 0x100, 0x7f, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0x4a1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fffffff, 0x2) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 792.308785ms ago: executing program 1 (id=4642): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000300)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000440)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000001c0)={0x30, 0x30, 0x30}}}], 0x51, 0x0, &(0x7f0000000600)="4bb16fc96dcf827965e297e4bcdc4cc27c7f5cce42d3404ebf85cb80c1e0f1800190544fb4577f9c7b137beb432502670dac13efbd760cd34255de3bf80391ae67bfe4a9e6cef0df81e89597f675b813d1"}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000500)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) read$FUSE(r4, &(0x7f0000007fc0)={0x2020}, 0x2020) 792.160511ms ago: executing program 5 (id=4643): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@newlink={0x30, 0x10, 0x1, 0x70bd21, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x48885, 0x3}, [@IFLA_GROUP={0x8}, @IFLA_TXQLEN={0x8, 0xd, 0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000) r1 = socket$inet6(0xa, 0x80002, 0x0) ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0x4) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xfff3}}}, 0x24}}, 0x0) syz_usb_connect(0x3, 0x36, 0x0, 0x0) 791.89006ms ago: executing program 1 (id=4644): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000000)={0x4, 0x5}, 0x2) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) 736.299545ms ago: executing program 2 (id=4645): syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_usb_disconnect(0xffffffffffffffff) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 271.709µs ago: executing program 2 (id=4646): socket$packet(0x11, 0x2, 0x300) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$int_in(r0, 0x5452, &(0x7f0000000100)=0x1) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000500)='.', 0x1}], 0x1}, 0x0) 128.906µs ago: executing program 2 (id=4647): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000200)={'c6xdigio\x00', [0x3, 0x2, 0x10000, 0x4, 0x3, 0x5, 0x8, 0x7, 0x2, 0x5, 0x1, 0x1, 0x401, 0x1, 0x6, 0x101, 0x6, 0x7f, 0x3, 0x9, 0xfff, 0xcaa3, 0x0, 0x20001e58, 0xb, 0xe62, 0x3, 0x2007f, 0x9, 0x5b, 0xdffffff8]}) 0s ago: executing program 5 (id=4648): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) close(r0) syz_emit_ethernet(0x42, &(0x7f0000002340)={@local, @random="d8be17d19221", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x24, 0x34, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x20, 0x2, 0x0, 0xe7, {[@timestamp={0x8, 0xa, 0x8, 0xaade0dc}]}}}}}}}, 0x0) kernel console output (not intermixed with test programs): .699145][T13361] veth1_macvtap: entered promiscuous mode [ 350.705239][T13361] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 350.710357][T13361] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 350.717445][ T100] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 350.721760][ T100] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 350.724655][ T100] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 350.729413][ T100] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 350.739223][ T100] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 350.741771][ T100] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 350.749587][ T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 350.752436][ T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 351.045750][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 351.205829][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 351.371521][T13409] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2256'. [ 351.525766][ C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 351.915877][ T5985] Bluetooth: hci1: command tx timeout [ 352.082796][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 352.308821][T13428] syzkaller0: entered promiscuous mode [ 352.310696][T13428] syzkaller0: entered allmulticast mode [ 353.383447][T13450] syzkaller0: entered promiscuous mode [ 353.385640][T13450] syzkaller0: entered allmulticast mode [ 353.958078][T13456] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2271'. [ 353.995805][ T5985] Bluetooth: hci1: command tx timeout [ 354.155875][ C0] net_ratelimit: 5 callbacks suppressed [ 354.155887][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 354.325826][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 354.645742][ C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 355.195824][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 355.356865][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 355.675760][ C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 355.689249][T13496] syzkaller0: entered promiscuous mode [ 355.691453][T13496] syzkaller0: entered allmulticast mode [ 356.075997][ T5985] Bluetooth: hci1: command tx timeout [ 356.235885][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 356.245658][T13507] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2288'. [ 356.395800][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 356.725779][ C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 357.275784][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 358.155864][ T5985] Bluetooth: hci1: command tx timeout [ 359.355795][ C0] net_ratelimit: 5 callbacks suppressed [ 359.355809][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 359.515832][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 359.845753][ C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 360.395978][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 360.555879][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 360.875813][ C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 361.445750][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 361.595844][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 361.915781][ C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 362.475928][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 364.526817][ T5334] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 364.529258][ T5334] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 364.531753][ T5334] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 364.534458][ T5334] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 364.537142][ T5334] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 364.555866][ C0] net_ratelimit: 5 callbacks suppressed [ 364.555878][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 364.635624][T13702] chnl_net:caif_netlink_parms(): no params data found [ 364.683565][T13702] bridge0: port 1(bridge_slave_0) entered blocking state [ 364.686106][T13702] bridge0: port 1(bridge_slave_0) entered disabled state [ 364.688378][T13702] bridge_slave_0: entered allmulticast mode [ 364.690750][T13702] bridge_slave_0: entered promiscuous mode [ 364.694155][T13702] bridge0: port 2(bridge_slave_1) entered blocking state [ 364.696697][T13702] bridge0: port 2(bridge_slave_1) entered disabled state [ 364.699020][T13702] bridge_slave_1: entered allmulticast mode [ 364.705984][T13702] bridge_slave_1: entered promiscuous mode [ 364.724568][T13702] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 364.727512][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 364.731569][T13702] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 364.749039][T13702] team0: Port device team_slave_0 added [ 364.751781][T13702] team0: Port device team_slave_1 added [ 364.768613][T13702] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 364.770876][T13702] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 364.779407][T13702] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 364.783650][T13702] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 364.785919][T13702] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 364.793887][T13702] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 364.844425][T13702] hsr_slave_0: entered promiscuous mode [ 364.846666][T13702] hsr_slave_1: entered promiscuous mode [ 364.848657][T13702] debugfs: 'hsr0' already exists in 'hsr' [ 364.850457][T13702] Cannot create hsr debugfs directory [ 364.888357][ T1139] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 364.958236][ T1139] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.018592][ T1139] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.035858][ C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 365.059525][ T1139] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.479192][ T1139] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 365.482808][ T1139] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 365.486122][ T1139] bond0 (unregistering): Released all slaves [ 365.582296][ T1139] tipc: Disabling bearer [ 365.585036][ T1139] tipc: Disabling bearer [ 365.588351][ T1139] tipc: Left network mode [ 365.605821][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 365.755781][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 366.031676][ T1139] hsr_slave_0: left promiscuous mode [ 366.033781][ T1139] hsr_slave_1: left promiscuous mode [ 366.035760][ T1139] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 366.038272][ T1139] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 366.040774][ T1139] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 366.043119][ T1139] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 366.049352][ T1139] veth1_macvtap: left promiscuous mode [ 366.051111][ T1139] veth0_macvtap: left promiscuous mode [ 366.052872][ T1139] veth1_vlan: left promiscuous mode [ 366.054534][ T1139] veth0_vlan: left promiscuous mode [ 366.115358][ T1139] team0 (unregistering): Port device team_slave_1 removed [ 366.121858][ T1139] team0 (unregistering): Port device team_slave_0 removed [ 366.180485][T13702] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 366.184037][T13702] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 366.187741][T13702] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 366.190955][T13702] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 366.216643][T13702] 8021q: adding VLAN 0 to HW filter on device bond0 [ 366.222684][T13702] 8021q: adding VLAN 0 to HW filter on device team0 [ 366.227863][ T75] bridge0: port 1(bridge_slave_0) entered blocking state [ 366.230516][ T75] bridge0: port 1(bridge_slave_0) entered forwarding state [ 366.235344][ T75] bridge0: port 2(bridge_slave_1) entered blocking state [ 366.237747][ T75] bridge0: port 2(bridge_slave_1) entered forwarding state [ 366.330120][T13702] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 366.342836][T13702] veth0_vlan: entered promiscuous mode [ 366.347046][T13702] veth1_vlan: entered promiscuous mode [ 366.357751][T13702] veth0_macvtap: entered promiscuous mode [ 366.360935][T13702] veth1_macvtap: entered promiscuous mode [ 366.367287][T13702] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 366.371605][T13702] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 366.376822][ T61] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 366.380387][ T61] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 366.387410][ T61] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 366.390631][ T61] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 366.407634][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 366.412299][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 366.419341][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 366.422081][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 366.550842][ T1139] IPVS: stop unused estimator thread 0... [ 366.555781][ T5985] Bluetooth: hci4: command tx timeout [ 366.635811][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 366.795781][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 367.675793][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 367.835881][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 368.290288][T13833] 9pnet_fd: Insufficient options for proto=fd [ 368.635851][ T5985] Bluetooth: hci4: command tx timeout [ 368.725759][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 369.287975][ T5985] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 369.290859][ T5985] CPU: 3 UID: 0 PID: 5985 Comm: kworker/u33:7 Not tainted 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT(full) [ 369.290876][ T5985] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 369.290884][ T5985] Workqueue: hci2 hci_rx_work [ 369.290900][ T5985] Call Trace: [ 369.290904][ T5985] [ 369.290908][ T5985] dump_stack_lvl+0x16c/0x1f0 [ 369.290923][ T5985] sysfs_warn_dup+0x7f/0xa0 [ 369.290936][ T5985] sysfs_create_dir_ns+0x24b/0x2b0 [ 369.290949][ T5985] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 369.290962][ T5985] ? kobject_add_internal+0x25b/0x9b0 [ 369.290977][ T5985] ? lock_release+0x201/0x2f0 [ 369.290991][ T5985] ? do_raw_spin_unlock+0x172/0x230 [ 369.291007][ T5985] kobject_add_internal+0x2c4/0x9b0 [ 369.291022][ T5985] kobject_add+0x16e/0x240 [ 369.291036][ T5985] ? __pfx_kobject_add+0x10/0x10 [ 369.291050][ T5985] ? lock_release+0x201/0x2f0 [ 369.291062][ T5985] ? do_raw_spin_unlock+0x172/0x230 [ 369.291077][ T5985] ? kobject_put+0xab/0x5a0 [ 369.291092][ T5985] device_add+0x288/0x1aa0 [ 369.291102][ T5985] ? __pfx_dev_set_name+0x10/0x10 [ 369.291112][ T5985] ? __pfx_device_add+0x10/0x10 [ 369.291121][ T5985] ? mgmt_send_event_skb+0x2fb/0x460 [ 369.291133][ T5985] hci_conn_add_sysfs+0x17e/0x230 [ 369.291146][ T5985] le_conn_complete_evt+0x1075/0x1d70 [ 369.291156][ T5985] ? preempt_count_sub+0xd0/0x160 [ 369.291168][ T5985] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 369.291178][ T5985] ? lock_release+0x201/0x2f0 [ 369.291191][ T5985] ? __mutex_unlock_slowpath+0x163/0x800 [ 369.291205][ T5985] hci_le_conn_complete_evt+0x23c/0x370 [ 369.291217][ T5985] hci_le_meta_evt+0x354/0x5e0 [ 369.291229][ T5985] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 369.291240][ T5985] hci_event_packet+0x685/0x11c0 [ 369.291250][ T5985] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 369.291266][ T5985] ? __pfx_hci_event_packet+0x10/0x10 [ 369.291275][ T5985] ? kcov_remote_start+0x36a/0x6d0 [ 369.291290][ T5985] ? rcu_watching_snap_stopped_since+0x100/0x110 [ 369.291302][ T5985] ? rcu_is_watching+0x12/0xc0 [ 369.291313][ T5985] hci_rx_work+0x2c5/0x16b0 [ 369.291325][ T5985] ? rcu_is_watching+0x12/0xc0 [ 369.291336][ T5985] process_one_work+0x9cc/0x1b70 [ 369.291355][ T5985] ? __pfx_rxrpc_peer_keepalive_worker+0x10/0x10 [ 369.291373][ T5985] ? __pfx_process_one_work+0x10/0x10 [ 369.291390][ T5985] ? assign_work+0x1a0/0x250 [ 369.291405][ T5985] worker_thread+0x6c8/0xf10 [ 369.291416][ T5985] ? __pfx_worker_thread+0x10/0x10 [ 369.291431][ T5985] kthread+0x3c2/0x780 [ 369.291453][ T5985] ? __pfx_kthread+0x10/0x10 [ 369.291467][ T5985] ? ret_from_fork+0x25/0x6f0 [ 369.291484][ T5985] ? rcu_is_watching+0x12/0xc0 [ 369.291495][ T5985] ? rcu_is_watching+0x12/0xc0 [ 369.291505][ T5985] ? __pfx_kthread+0x10/0x10 [ 369.291520][ T5985] ret_from_fork+0x5d4/0x6f0 [ 369.291536][ T5985] ? __pfx_kthread+0x10/0x10 [ 369.291551][ T5985] ret_from_fork_asm+0x1a/0x30 [ 369.291568][ T5985] [ 369.291578][ T5985] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 369.384352][ T5985] Bluetooth: hci2: failed to register connection device [ 369.755895][ C0] net_ratelimit: 1 callbacks suppressed [ 369.755921][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 369.915786][ C3] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 370.329413][ T1139] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 370.334372][ T1139] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 370.338966][ T1139] bond0 (unregistering): Released all slaves [ 370.390551][ T1139] tipc: Disabling bearer [ 370.392497][ T1139] tipc: Disabling bearer [ 370.394434][ T1139] tipc: Left network mode [ 370.716048][ T5985] Bluetooth: hci4: command tx timeout [ 370.739908][ T1139] hsr_slave_0: left promiscuous mode [ 370.745887][ T1139] hsr_slave_1: left promiscuous mode [ 370.749319][ T1139] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 370.754774][ T1139] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 370.766322][ T1139] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 370.768768][ T1139] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 370.789812][ T1139] veth1_macvtap: left promiscuous mode [ 370.791839][ T1139] veth0_macvtap: left promiscuous mode [ 370.797102][ T1139] veth1_vlan: left promiscuous mode [ 370.798811][ T1139] veth0_vlan: left promiscuous mode [ 370.805771][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 370.879292][ T1139] team0 (unregistering): Port device team_slave_1 removed [ 370.889016][ T1139] team0 (unregistering): Port device team_slave_0 removed [ 370.952900][ T5334] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 370.955347][ T5334] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 370.957878][ T5334] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 370.960600][ T5334] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 370.963185][ T5334] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 371.018333][T13922] chnl_net:caif_netlink_parms(): no params data found [ 371.061391][T13922] bridge0: port 1(bridge_slave_0) entered blocking state [ 371.064369][T13922] bridge0: port 1(bridge_slave_0) entered disabled state [ 371.067657][T13922] bridge_slave_0: entered allmulticast mode [ 371.070097][T13922] bridge_slave_0: entered promiscuous mode [ 371.073068][T13922] bridge0: port 2(bridge_slave_1) entered blocking state [ 371.075987][T13922] bridge0: port 2(bridge_slave_1) entered disabled state [ 371.078335][T13922] bridge_slave_1: entered allmulticast mode [ 371.080683][T13922] bridge_slave_1: entered promiscuous mode [ 371.098574][T13922] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 371.103924][T13922] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 371.125428][T13922] team0: Port device team_slave_0 added [ 371.129207][T13922] team0: Port device team_slave_1 added [ 371.152847][T13922] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 371.155802][T13922] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 371.164081][T13922] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 371.169091][T13922] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 371.171263][T13922] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 371.179961][T13922] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 371.204738][T13922] hsr_slave_0: entered promiscuous mode [ 371.207435][T13922] hsr_slave_1: entered promiscuous mode [ 371.209437][T13922] debugfs: 'hsr0' already exists in 'hsr' [ 371.211255][T13922] Cannot create hsr debugfs directory [ 371.254544][T13922] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.270661][ T1139] IPVS: stop unused estimator thread 0... [ 371.336869][T13922] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.459836][T13922] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.498800][T13922] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.568934][T13922] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 371.572426][T13922] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 371.575594][T13922] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 371.578910][T13922] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 371.617861][T13922] 8021q: adding VLAN 0 to HW filter on device bond0 [ 371.627294][T13922] 8021q: adding VLAN 0 to HW filter on device team0 [ 371.632825][ T75] bridge0: port 1(bridge_slave_0) entered blocking state [ 371.635081][ T75] bridge0: port 1(bridge_slave_0) entered forwarding state [ 371.640104][ T75] bridge0: port 2(bridge_slave_1) entered blocking state [ 371.642366][ T75] bridge0: port 2(bridge_slave_1) entered forwarding state [ 371.718004][T13922] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 371.733214][T13922] veth0_vlan: entered promiscuous mode [ 371.737053][T13922] veth1_vlan: entered promiscuous mode [ 371.747028][T13922] veth0_macvtap: entered promiscuous mode [ 371.750309][T13922] veth1_macvtap: entered promiscuous mode [ 371.757164][T13922] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 371.762381][T13922] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 371.767662][ T75] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.770607][ T75] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.773610][ T75] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.777167][ T75] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.793699][ T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 371.797095][ T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 371.803608][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 371.806122][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 371.835898][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 372.047400][T13963] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2411'. [ 372.709280][T13981] fuse: Bad value for 'fd' [ 372.805836][ T5334] Bluetooth: hci4: command tx timeout [ 372.875790][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 373.035900][ T5334] Bluetooth: hci0: command tx timeout [ 373.533121][T14004] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2435'. [ 373.915809][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 374.758920][T14040] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2450'. [ 374.965753][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 375.125886][ T5334] Bluetooth: hci0: command tx timeout [ 375.252898][ T5334] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 375.255955][ T5334] CPU: 3 UID: 0 PID: 5334 Comm: kworker/u33:1 Not tainted 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT(full) [ 375.255973][ T5334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 375.255981][ T5334] Workqueue: hci4 hci_rx_work [ 375.255998][ T5334] Call Trace: [ 375.256002][ T5334] [ 375.256006][ T5334] dump_stack_lvl+0x16c/0x1f0 [ 375.256021][ T5334] sysfs_warn_dup+0x7f/0xa0 [ 375.256034][ T5334] sysfs_create_dir_ns+0x24b/0x2b0 [ 375.256046][ T5334] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 375.256059][ T5334] ? kobject_add_internal+0x25b/0x9b0 [ 375.256075][ T5334] ? lock_release+0x201/0x2f0 [ 375.256088][ T5334] ? do_raw_spin_unlock+0x172/0x230 [ 375.256104][ T5334] kobject_add_internal+0x2c4/0x9b0 [ 375.256120][ T5334] kobject_add+0x16e/0x240 [ 375.256133][ T5334] ? __pfx_kobject_add+0x10/0x10 [ 375.256147][ T5334] ? lock_release+0x201/0x2f0 [ 375.256159][ T5334] ? do_raw_spin_unlock+0x172/0x230 [ 375.256174][ T5334] ? kobject_put+0xab/0x5a0 [ 375.256189][ T5334] device_add+0x288/0x1aa0 [ 375.256198][ T5334] ? __pfx_dev_set_name+0x10/0x10 [ 375.256209][ T5334] ? __pfx_device_add+0x10/0x10 [ 375.256217][ T5334] ? mgmt_send_event_skb+0x2fb/0x460 [ 375.256230][ T5334] hci_conn_add_sysfs+0x17e/0x230 [ 375.256242][ T5334] le_conn_complete_evt+0x1075/0x1d70 [ 375.256253][ T5334] ? preempt_count_sub+0xd0/0x160 [ 375.256264][ T5334] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 375.256274][ T5334] ? lock_release+0x201/0x2f0 [ 375.256287][ T5334] ? __mutex_unlock_slowpath+0x163/0x800 [ 375.256303][ T5334] hci_le_conn_complete_evt+0x23c/0x370 [ 375.256315][ T5334] hci_le_meta_evt+0x354/0x5e0 [ 375.256326][ T5334] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 375.256338][ T5334] hci_event_packet+0x685/0x11c0 [ 375.256347][ T5334] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 375.256360][ T5334] ? __pfx_hci_event_packet+0x10/0x10 [ 375.256369][ T5334] ? kcov_remote_start+0x36a/0x6d0 [ 375.256384][ T5334] ? rcu_watching_snap_stopped_since+0x100/0x110 [ 375.256396][ T5334] ? rcu_is_watching+0x12/0xc0 [ 375.256407][ T5334] hci_rx_work+0x2c5/0x16b0 [ 375.256419][ T5334] ? rcu_is_watching+0x12/0xc0 [ 375.256429][ T5334] process_one_work+0x9cc/0x1b70 [ 375.256446][ T5334] ? __pfx_hci_cmd_work+0x10/0x10 [ 375.256458][ T5334] ? __pfx_process_one_work+0x10/0x10 [ 375.256475][ T5334] ? assign_work+0x1a0/0x250 [ 375.256489][ T5334] worker_thread+0x6c8/0xf10 [ 375.256499][ T5334] ? __kthread_parkme+0x19e/0x250 [ 375.256512][ T5334] ? __pfx_worker_thread+0x10/0x10 [ 375.256527][ T5334] kthread+0x3c2/0x780 [ 375.256540][ T5334] ? __pfx_kthread+0x10/0x10 [ 375.256554][ T5334] ? ret_from_fork+0x25/0x6f0 [ 375.256570][ T5334] ? rcu_is_watching+0x12/0xc0 [ 375.256580][ T5334] ? rcu_is_watching+0x12/0xc0 [ 375.256589][ T5334] ? __pfx_kthread+0x10/0x10 [ 375.256604][ T5334] ret_from_fork+0x5d4/0x6f0 [ 375.256618][ T5334] ? __pfx_kthread+0x10/0x10 [ 375.256632][ T5334] ret_from_fork_asm+0x1a/0x30 [ 375.256647][ T5334] [ 375.256656][ T5334] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 375.352619][ T5334] Bluetooth: hci4: failed to register connection device [ 375.487468][ T24] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 375.490271][ T24] hid-generic 0000:0000:0000.000E: hidraw1: HID v0.00 Device [syz1] on syz0 [ 375.995773][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 376.287392][T14101] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2476'. [ 376.478815][T14104] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2478'. [ 377.035805][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 377.060701][ T5334] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 377.195855][ T5334] Bluetooth: hci0: command tx timeout [ 378.076089][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 378.078255][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.081273][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.472468][T14167] sch_tbf: burst 1023 is lower than device lo mtu (65550) ! [ 379.115794][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 379.176767][T14183] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2507'. [ 379.275855][ T5334] Bluetooth: hci0: command tx timeout [ 379.467943][T14202] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2510'. [ 379.755868][ T6086] usb 8-1: new high-speed USB device number 23 using dummy_hcd [ 379.926947][ T6086] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 379.929741][ T6086] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 379.932894][ T6086] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 379.936016][ T6086] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 379.939672][ T6086] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 379.944321][ T6086] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 379.947338][ T6086] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 379.949827][ T6086] usb 8-1: Product: syz [ 379.951152][ T6086] usb 8-1: Manufacturer: syz [ 379.954392][ T6086] cdc_wdm 8-1:1.0: skipping garbage [ 379.956302][ T6086] cdc_wdm 8-1:1.0: skipping garbage [ 379.958342][ T6086] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 379.960224][ T6086] cdc_wdm 8-1:1.0: Unknown control protocol [ 380.155805][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 380.159815][ T6023] usb 8-1: USB disconnect, device number 23 [ 380.205783][ T839] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 380.367080][ T839] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 380.370404][ T839] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 380.374429][ T839] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 380.378023][ T839] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 380.382287][ T839] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 380.387855][ T839] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 380.391370][ T839] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 380.394477][ T839] usb 7-1: Product: syz [ 380.396329][ T839] usb 7-1: Manufacturer: syz [ 380.399937][ T839] cdc_wdm 7-1:1.0: skipping garbage [ 380.402037][ T839] cdc_wdm 7-1:1.0: skipping garbage [ 380.404681][ T839] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 380.407057][ T839] cdc_wdm 7-1:1.0: Unknown control protocol [ 380.607519][ T839] usb 7-1: USB disconnect, device number 23 [ 381.195761][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 381.213517][T14254] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2530'. [ 381.853650][T14268] overlayfs: failed to resolve './file1': -2 [ 382.036190][ T5983] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 382.038871][ T5983] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 382.041263][ T5983] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 382.043847][ T5983] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 382.046322][ T5983] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 382.099553][T14284] chnl_net:caif_netlink_parms(): no params data found [ 382.134092][T14284] bridge0: port 1(bridge_slave_0) entered blocking state [ 382.136528][T14284] bridge0: port 1(bridge_slave_0) entered disabled state [ 382.138795][T14284] bridge_slave_0: entered allmulticast mode [ 382.141237][T14284] bridge_slave_0: entered promiscuous mode [ 382.143966][T14284] bridge0: port 2(bridge_slave_1) entered blocking state [ 382.147903][T14284] bridge0: port 2(bridge_slave_1) entered disabled state [ 382.150150][T14284] bridge_slave_1: entered allmulticast mode [ 382.152775][T14284] bridge_slave_1: entered promiscuous mode [ 382.175631][T14284] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 382.188433][T14284] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 382.206359][T14284] team0: Port device team_slave_0 added [ 382.209067][T14284] team0: Port device team_slave_1 added [ 382.225374][T14284] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 382.227762][T14284] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 382.235803][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 382.235970][ T5334] Bluetooth: hci4: command 0x0406 tx timeout [ 382.238017][T14284] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 382.243685][T14284] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 382.246684][T14284] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 382.254596][T14284] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 382.263510][ T1139] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.286939][T14284] hsr_slave_0: entered promiscuous mode [ 382.289069][T14284] hsr_slave_1: entered promiscuous mode [ 382.291024][T14284] debugfs: 'hsr0' already exists in 'hsr' [ 382.293069][T14284] Cannot create hsr debugfs directory [ 382.338593][ T1139] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.366780][T14300] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2545'. [ 382.408407][ T1139] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.469474][ T1139] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.546361][ T1139] team0: Port device bond0 removed [ 382.548906][ T1139] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 382.552525][ T1139] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 382.555831][ T1139] bond0 (unregistering): Released all slaves [ 382.887975][ T1139] hsr_slave_0: left promiscuous mode [ 382.890666][ T1139] hsr_slave_1: left promiscuous mode [ 382.892606][ T1139] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 382.895058][ T1139] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 382.900790][ T1139] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 382.903555][ T1139] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 382.909080][ T1139] veth1_macvtap: left promiscuous mode [ 382.910881][ T1139] veth0_macvtap: left promiscuous mode [ 382.912653][ T1139] veth1_vlan: left promiscuous mode [ 382.914338][ T1139] veth0_vlan: left promiscuous mode [ 383.017458][ T1139] team0 (unregistering): Port device team_slave_1 removed [ 383.048574][T14331] overlayfs: failed to resolve './file1': -2 [ 383.050690][ T1139] team0 (unregistering): Port device team_slave_0 removed [ 383.135522][T14329] netlink: 'syz.0.2546': attribute type 3 has an invalid length. [ 383.138467][T14329] netlink: 'syz.0.2546': attribute type 3 has an invalid length. [ 383.141551][T14329] netlink: 'syz.0.2546': attribute type 3 has an invalid length. [ 383.144647][T14329] netlink: 'syz.0.2546': attribute type 3 has an invalid length. [ 383.148736][T14329] netlink: 'syz.0.2546': attribute type 3 has an invalid length. [ 383.151518][T14329] netlink: 'syz.0.2546': attribute type 3 has an invalid length. [ 383.154023][T14329] netlink: 'syz.0.2546': attribute type 3 has an invalid length. [ 383.160540][T14329] netlink: 'syz.0.2546': attribute type 3 has an invalid length. [ 383.163319][T14329] netlink: 'syz.0.2546': attribute type 3 has an invalid length. [ 383.166221][T14329] netlink: 'syz.0.2546': attribute type 3 has an invalid length. [ 383.169505][T14337] sch_tbf: burst 1023 is lower than device lo mtu (65550) ! [ 383.270786][T14284] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 383.274765][T14284] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 383.275826][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 383.281730][T14284] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 383.286173][T14284] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 383.329223][T14353] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2553'. [ 383.335373][T14284] 8021q: adding VLAN 0 to HW filter on device bond0 [ 383.345368][T14284] 8021q: adding VLAN 0 to HW filter on device team0 [ 383.350479][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 383.352902][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 383.358297][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 383.360566][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 383.373602][T14284] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 383.379204][T14284] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 383.430713][ T1139] IPVS: stop unused estimator thread 0... [ 383.442839][T14284] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 383.458083][T14284] veth0_vlan: entered promiscuous mode [ 383.461586][T14284] veth1_vlan: entered promiscuous mode [ 383.473623][T14284] veth0_macvtap: entered promiscuous mode [ 383.477213][T14284] veth1_macvtap: entered promiscuous mode [ 383.482749][T14284] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 383.489248][T14284] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 383.493522][ T46] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 383.498357][ T46] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 383.501149][ T46] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 383.504208][ T46] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 383.523421][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 383.526464][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 383.534139][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 383.536947][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 383.673612][T14364] overlayfs: failed to resolve './file1': -2 [ 383.896825][T14376] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2557'. [ 384.085860][ T5334] Bluetooth: hci3: command tx timeout [ 384.141773][T14393] overlayfs: failed to resolve './file0': -2 [ 384.315816][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 385.356084][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 385.526049][ T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 385.530420][ T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 385.534182][ T61] bond0 (unregistering): Released all slaves [ 385.543658][T14428] sch_tbf: burst 1023 is lower than device lo mtu (65550) ! [ 385.622381][ T61] tipc: Disabling bearer [ 385.624124][ T61] tipc: Disabling bearer [ 385.626173][ T61] tipc: Left network mode [ 385.750671][T14439] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2580'. [ 385.824664][ T61] hsr_slave_0: left promiscuous mode [ 385.827986][ T61] hsr_slave_1: left promiscuous mode [ 385.828262][ T6058] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 385.830509][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 385.834421][ T61] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 385.836983][ T6058] hid-generic 0000:0000:0000.000F: hidraw1: HID v0.00 Device [syz1] on syz0 [ 385.844695][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 385.847584][ T61] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 385.852409][ T61] veth1_macvtap: left promiscuous mode [ 385.854395][ T61] veth0_macvtap: left promiscuous mode [ 385.856705][ T61] veth1_vlan: left promiscuous mode [ 385.858635][ T61] veth0_vlan: left promiscuous mode [ 386.003112][ T61] team0 (unregistering): Port device team_slave_1 removed [ 386.009416][ T61] team0 (unregistering): Port device team_slave_0 removed [ 386.082747][T14451] sch_tbf: burst 1023 is lower than device lo mtu (65550) ! [ 386.156323][ T5334] Bluetooth: hci3: command tx timeout [ 386.388896][ T61] IPVS: stop unused estimator thread 0... [ 387.297818][T14492] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2600'. [ 387.728439][T14521] sch_tbf: burst 1023 is lower than device lo mtu (65550) ! [ 387.931063][T14533] sch_tbf: burst 1023 is lower than device lo mtu (65550) ! [ 388.235821][ T5334] Bluetooth: hci3: command tx timeout [ 388.873343][T14560] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2627'. [ 389.249119][T14578] validate_nla: 260 callbacks suppressed [ 389.249189][T14578] netlink: 'syz.0.2633': attribute type 3 has an invalid length. [ 389.255340][T14578] netlink: 'syz.0.2633': attribute type 3 has an invalid length. [ 389.259857][T14578] netlink: 'syz.0.2633': attribute type 3 has an invalid length. [ 389.262412][T14578] netlink: 'syz.0.2633': attribute type 3 has an invalid length. [ 389.265194][T14578] netlink: 'syz.0.2633': attribute type 3 has an invalid length. [ 389.269952][T14578] netlink: 'syz.0.2633': attribute type 3 has an invalid length. [ 389.275014][T14578] netlink: 'syz.0.2633': attribute type 3 has an invalid length. [ 389.277792][T14578] netlink: 'syz.0.2633': attribute type 3 has an invalid length. [ 389.280507][T14578] netlink: 'syz.0.2633': attribute type 3 has an invalid length. [ 389.283061][T14578] netlink: 'syz.0.2633': attribute type 3 has an invalid length. [ 390.316551][ T5334] Bluetooth: hci3: command tx timeout [ 390.916737][T14615] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2647'. [ 391.232220][T14638] sch_tbf: burst 1023 is lower than device lo mtu (65550) ! [ 391.258566][T14625] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2659'. [ 392.247620][T14670] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2667'. [ 392.500437][T14689] sch_tbf: burst 1023 is lower than device lo mtu (65550) ! [ 393.892804][T14727] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2689'. [ 393.897605][T14727] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2689'. [ 394.543885][T14733] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2691'. [ 399.532027][T14785] validate_nla: 476 callbacks suppressed [ 399.532039][T14785] netlink: 'syz.3.2708': attribute type 3 has an invalid length. [ 399.536543][T14785] netlink: 'syz.3.2708': attribute type 3 has an invalid length. [ 399.539218][T14785] netlink: 'syz.3.2708': attribute type 3 has an invalid length. [ 399.541769][T14785] netlink: 'syz.3.2708': attribute type 3 has an invalid length. [ 399.544213][T14785] netlink: 'syz.3.2708': attribute type 3 has an invalid length. [ 399.546857][T14785] netlink: 'syz.3.2708': attribute type 3 has an invalid length. [ 399.549440][T14785] netlink: 'syz.3.2708': attribute type 3 has an invalid length. [ 399.551920][T14785] netlink: 'syz.3.2708': attribute type 3 has an invalid length. [ 399.554320][T14785] netlink: 'syz.3.2708': attribute type 3 has an invalid length. [ 399.556956][T14785] netlink: 'syz.3.2708': attribute type 3 has an invalid length. [ 414.357534][T14984] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2783'. [ 414.379095][T14987] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2784'. [ 414.399581][T14989] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2785'. [ 414.571908][T14995] Bluetooth: MGMT ver 1.23 [ 420.339587][T15100] binder: 15099:15100 ioctl c0306201 0 returned -14 [ 424.444636][ T5334] Bluetooth: hci4: unexpected event for opcode 0x0c05 [ 425.200366][T15193] tipc: Started in network mode [ 425.201997][T15193] tipc: Node identity 4, cluster identity 4711 [ 425.203941][T15193] tipc: Node number set to 4 [ 427.068172][T15223] tipc: Started in network mode [ 427.069760][T15223] tipc: Node identity 4, cluster identity 4711 [ 427.071705][T15223] tipc: Node number set to 4 [ 429.421798][T15259] tipc: Started in network mode [ 429.424048][T15259] tipc: Node identity 4, cluster identity 4711 [ 429.427399][T15259] tipc: Node number set to 4 [ 438.357193][T15403] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2906'. [ 439.467506][T15425] tipc: Started in network mode [ 439.469119][T15425] tipc: Node identity 4, cluster identity 4711 [ 439.471084][T15425] tipc: Node number set to 4 [ 439.527138][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.529174][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 452.352631][T15615] validate_nla: 44 callbacks suppressed [ 452.352643][T15615] netlink: 'syz.2.2961': attribute type 3 has an invalid length. [ 452.357094][T15615] netlink: 'syz.2.2961': attribute type 3 has an invalid length. [ 452.359561][T15615] netlink: 'syz.2.2961': attribute type 3 has an invalid length. [ 452.362117][T15615] netlink: 'syz.2.2961': attribute type 3 has an invalid length. [ 452.364589][T15615] netlink: 'syz.2.2961': attribute type 3 has an invalid length. [ 452.367228][T15615] netlink: 'syz.2.2961': attribute type 3 has an invalid length. [ 452.369768][T15615] netlink: 'syz.2.2961': attribute type 3 has an invalid length. [ 452.372300][T15615] netlink: 'syz.2.2961': attribute type 3 has an invalid length. [ 452.374769][T15615] netlink: 'syz.2.2961': attribute type 3 has an invalid length. [ 452.377387][T15615] netlink: 'syz.2.2961': attribute type 3 has an invalid length. [ 457.374997][T15701] validate_nla: 368 callbacks suppressed [ 457.375046][T15701] netlink: 'syz.0.2979': attribute type 3 has an invalid length. [ 457.381121][T15701] netlink: 'syz.0.2979': attribute type 3 has an invalid length. [ 457.384416][T15701] netlink: 'syz.0.2979': attribute type 3 has an invalid length. [ 457.387893][T15701] netlink: 'syz.0.2979': attribute type 3 has an invalid length. [ 457.417148][T15701] netlink: 'syz.0.2979': attribute type 3 has an invalid length. [ 457.419758][T15701] netlink: 'syz.0.2979': attribute type 3 has an invalid length. [ 457.422591][T15701] netlink: 'syz.0.2979': attribute type 3 has an invalid length. [ 457.425081][T15701] netlink: 'syz.0.2979': attribute type 3 has an invalid length. [ 457.427793][T15701] netlink: 'syz.0.2979': attribute type 3 has an invalid length. [ 457.430271][T15701] netlink: 'syz.0.2979': attribute type 3 has an invalid length. [ 459.645874][ T24] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 459.817799][ T24] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 459.820662][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 459.824010][ T24] usb 6-1: config 0 descriptor?? [ 459.827375][ T24] cp210x 6-1:0.0: cp210x converter detected [ 460.034047][ T24] cp210x 6-1:0.0: failed to get vendor val 0x370b size 1: -121 [ 460.038813][ T24] cp210x 6-1:0.0: querying part number failed [ 460.047389][ T24] usb 6-1: cp210x converter now attached to ttyUSB0 [ 460.236338][ T6086] usb 6-1: USB disconnect, device number 30 [ 460.238910][ T6086] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 460.241781][ T6086] cp210x 6-1:0.0: device disconnected [ 463.299419][T15805] validate_nla: 368 callbacks suppressed [ 463.299430][T15805] netlink: 'syz.1.3004': attribute type 3 has an invalid length. [ 463.303676][T15805] netlink: 'syz.1.3004': attribute type 3 has an invalid length. [ 463.306316][T15805] netlink: 'syz.1.3004': attribute type 3 has an invalid length. [ 463.308930][T15805] netlink: 'syz.1.3004': attribute type 3 has an invalid length. [ 463.311618][T15805] netlink: 'syz.1.3004': attribute type 3 has an invalid length. [ 463.314060][T15805] netlink: 'syz.1.3004': attribute type 3 has an invalid length. [ 463.316677][T15805] netlink: 'syz.1.3004': attribute type 3 has an invalid length. [ 463.319447][T15805] netlink: 'syz.1.3004': attribute type 3 has an invalid length. [ 463.321872][T15805] netlink: 'syz.1.3004': attribute type 3 has an invalid length. [ 463.324324][T15805] netlink: 'syz.1.3004': attribute type 3 has an invalid length. [ 468.402930][T15869] validate_nla: 746 callbacks suppressed [ 468.403027][T15869] netlink: 'syz.3.3021': attribute type 3 has an invalid length. [ 468.407388][T15869] netlink: 'syz.3.3021': attribute type 3 has an invalid length. [ 468.411190][T15869] netlink: 'syz.3.3021': attribute type 3 has an invalid length. [ 468.421650][T15869] netlink: 'syz.3.3021': attribute type 3 has an invalid length. [ 468.424060][T15869] netlink: 'syz.3.3021': attribute type 3 has an invalid length. [ 468.426976][T15869] netlink: 'syz.3.3021': attribute type 3 has an invalid length. [ 468.430017][T15869] netlink: 'syz.3.3021': attribute type 3 has an invalid length. [ 468.432648][T15869] netlink: 'syz.3.3021': attribute type 3 has an invalid length. [ 468.435683][T15869] netlink: 'syz.3.3021': attribute type 3 has an invalid length. [ 468.438912][T15869] netlink: 'syz.3.3021': attribute type 3 has an invalid length. [ 469.671234][T15888] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3030'. [ 472.315960][ T5983] Bluetooth: hci1: command 0x0406 tx timeout [ 473.518213][T15956] validate_nla: 638 callbacks suppressed [ 473.518225][T15956] netlink: 'syz.2.3044': attribute type 3 has an invalid length. [ 473.522602][T15956] netlink: 'syz.2.3044': attribute type 3 has an invalid length. [ 473.525174][T15956] netlink: 'syz.2.3044': attribute type 3 has an invalid length. [ 473.527827][T15956] netlink: 'syz.2.3044': attribute type 3 has an invalid length. [ 473.530313][T15956] netlink: 'syz.2.3044': attribute type 3 has an invalid length. [ 473.533183][T15956] netlink: 'syz.2.3044': attribute type 3 has an invalid length. [ 473.535880][T15956] netlink: 'syz.2.3044': attribute type 3 has an invalid length. [ 473.538362][T15956] netlink: 'syz.2.3044': attribute type 3 has an invalid length. [ 473.540787][T15956] netlink: 'syz.2.3044': attribute type 3 has an invalid length. [ 473.546466][T15956] netlink: 'syz.2.3044': attribute type 3 has an invalid length. [ 475.347267][T15993] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3056'. [ 477.616135][T16038] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3070'. [ 479.301870][T16073] validate_nla: 692 callbacks suppressed [ 479.301962][T16073] netlink: 'syz.2.3075': attribute type 3 has an invalid length. [ 479.306987][T16073] netlink: 'syz.2.3075': attribute type 3 has an invalid length. [ 479.309476][T16073] netlink: 'syz.2.3075': attribute type 3 has an invalid length. [ 479.311929][T16073] netlink: 'syz.2.3075': attribute type 3 has an invalid length. [ 479.314401][T16073] netlink: 'syz.2.3075': attribute type 3 has an invalid length. [ 479.317613][T16073] netlink: 'syz.2.3075': attribute type 3 has an invalid length. [ 479.320140][T16073] netlink: 'syz.2.3075': attribute type 3 has an invalid length. [ 479.322675][T16073] netlink: 'syz.2.3075': attribute type 3 has an invalid length. [ 479.325281][T16073] netlink: 'syz.2.3075': attribute type 3 has an invalid length. [ 479.330531][T16073] netlink: 'syz.2.3075': attribute type 3 has an invalid length. [ 483.947775][T16144] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3094'. [ 484.894986][T16160] validate_nla: 746 callbacks suppressed [ 484.895000][T16160] netlink: 'syz.1.3098': attribute type 3 has an invalid length. [ 484.900060][T16160] netlink: 'syz.1.3098': attribute type 3 has an invalid length. [ 484.903554][T16160] netlink: 'syz.1.3098': attribute type 3 has an invalid length. [ 484.906188][T16160] netlink: 'syz.1.3098': attribute type 3 has an invalid length. [ 484.910222][T16160] netlink: 'syz.1.3098': attribute type 3 has an invalid length. [ 484.912829][T16160] netlink: 'syz.1.3098': attribute type 3 has an invalid length. [ 484.915463][T16160] netlink: 'syz.1.3098': attribute type 3 has an invalid length. [ 484.925900][T16160] netlink: 'syz.1.3098': attribute type 3 has an invalid length. [ 484.928524][T16160] netlink: 'syz.1.3098': attribute type 3 has an invalid length. [ 484.930973][T16160] netlink: 'syz.1.3098': attribute type 3 has an invalid length. [ 487.675775][ T5334] Bluetooth: hci4: command 0x0406 tx timeout [ 490.200033][T16232] validate_nla: 746 callbacks suppressed [ 490.200047][T16232] netlink: 'syz.2.3120': attribute type 3 has an invalid length. [ 490.204612][T16232] netlink: 'syz.2.3120': attribute type 3 has an invalid length. [ 490.207275][T16232] netlink: 'syz.2.3120': attribute type 3 has an invalid length. [ 490.209685][T16232] netlink: 'syz.2.3120': attribute type 3 has an invalid length. [ 490.212265][T16232] netlink: 'syz.2.3120': attribute type 3 has an invalid length. [ 490.214953][T16232] netlink: 'syz.2.3120': attribute type 3 has an invalid length. [ 490.218003][T16232] netlink: 'syz.2.3120': attribute type 3 has an invalid length. [ 490.220516][T16232] netlink: 'syz.2.3120': attribute type 3 has an invalid length. [ 490.223236][T16232] netlink: 'syz.2.3120': attribute type 3 has an invalid length. [ 490.225600][T16232] netlink: 'syz.2.3120': attribute type 3 has an invalid length. [ 491.631314][T16258] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3127'. [ 494.016591][T16290] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3138'. [ 495.691468][T16313] validate_nla: 692 callbacks suppressed [ 495.691508][T16313] netlink: 'syz.2.3142': attribute type 3 has an invalid length. [ 495.695476][T16313] netlink: 'syz.2.3142': attribute type 3 has an invalid length. [ 495.697968][T16313] netlink: 'syz.2.3142': attribute type 3 has an invalid length. [ 495.700278][T16313] netlink: 'syz.2.3142': attribute type 3 has an invalid length. [ 495.702502][T16313] netlink: 'syz.2.3142': attribute type 3 has an invalid length. [ 495.704664][T16313] netlink: 'syz.2.3142': attribute type 3 has an invalid length. [ 495.706963][T16313] netlink: 'syz.2.3142': attribute type 3 has an invalid length. [ 495.709240][T16313] netlink: 'syz.2.3142': attribute type 3 has an invalid length. [ 495.711440][T16313] netlink: 'syz.2.3142': attribute type 3 has an invalid length. [ 495.713612][T16313] netlink: 'syz.2.3142': attribute type 3 has an invalid length. [ 497.672664][T16337] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3160'. [ 497.925786][ T5334] Bluetooth: hci0: command 0x0406 tx timeout [ 500.004072][T16378] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3163'. [ 500.977656][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 500.979540][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.325380][T16408] validate_nla: 584 callbacks suppressed [ 501.325393][T16408] netlink: 'syz.2.3168': attribute type 3 has an invalid length. [ 501.330535][T16408] netlink: 'syz.2.3168': attribute type 3 has an invalid length. [ 501.333114][T16408] netlink: 'syz.2.3168': attribute type 3 has an invalid length. [ 501.336852][T16408] netlink: 'syz.2.3168': attribute type 3 has an invalid length. [ 501.339347][T16408] netlink: 'syz.2.3168': attribute type 3 has an invalid length. [ 501.341986][T16408] netlink: 'syz.2.3168': attribute type 3 has an invalid length. [ 501.344714][T16408] netlink: 'syz.2.3168': attribute type 3 has an invalid length. [ 501.348097][T16408] netlink: 'syz.2.3168': attribute type 3 has an invalid length. [ 501.351039][T16408] netlink: 'syz.2.3168': attribute type 3 has an invalid length. [ 501.353786][T16408] netlink: 'syz.2.3168': attribute type 3 has an invalid length. [ 502.150681][T16417] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3172'. [ 504.184122][T16452] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3182'. [ 504.528788][T16461] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3184'. [ 506.311020][T16491] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3192'. [ 506.487008][T16498] validate_nla: 206 callbacks suppressed [ 506.487098][T16498] netlink: 'syz.0.3190': attribute type 3 has an invalid length. [ 506.492143][T16498] netlink: 'syz.0.3190': attribute type 3 has an invalid length. [ 506.494809][T16498] netlink: 'syz.0.3190': attribute type 3 has an invalid length. [ 506.499958][T16498] netlink: 'syz.0.3190': attribute type 3 has an invalid length. [ 506.502507][T16498] netlink: 'syz.0.3190': attribute type 3 has an invalid length. [ 506.525743][T16498] netlink: 'syz.0.3190': attribute type 3 has an invalid length. [ 506.528283][T16498] netlink: 'syz.0.3190': attribute type 3 has an invalid length. [ 506.530913][T16498] netlink: 'syz.0.3190': attribute type 3 has an invalid length. [ 506.534789][T16498] netlink: 'syz.0.3190': attribute type 3 has an invalid length. [ 506.538578][T16498] netlink: 'syz.0.3190': attribute type 3 has an invalid length. [ 506.642292][T16500] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3193'. [ 508.984639][T16532] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3201'. [ 509.584034][T16541] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3203'. [ 511.321629][T16577] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3210'. [ 512.437163][T16595] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3216'. [ 513.130614][T16610] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3221'. [ 513.346349][T16618] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3229'. [ 515.546015][T16644] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3230'. [ 515.892215][T16652] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3234'. [ 533.741629][T16903] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3294'. [ 536.557684][T16953] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3308'. [ 547.304486][ T5983] Bluetooth: hci4: unexpected event for opcode 0x0000 [ 548.918521][ T5983] Bluetooth: hci4: unexpected event for opcode 0x0000 [ 549.975568][ T5983] Bluetooth: hci3: link tx timeout [ 549.977378][ T5983] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 549.980991][ T5983] Bluetooth: hci3: link tx timeout [ 549.983207][ T5983] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 551.356159][ T5983] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 551.358914][ T5983] Bluetooth: hci4: Injecting HCI hardware error event [ 551.361776][ T5983] Bluetooth: hci4: hardware error 0x00 [ 551.995953][ T5985] Bluetooth: hci3: command 0x0406 tx timeout [ 553.236266][ T5985] Bluetooth: hci0: unexpected event for opcode 0x0005 [ 553.435841][ T5983] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 554.075798][ T5983] Bluetooth: hci3: command 0x0406 tx timeout [ 554.255136][ T5334] Bluetooth: hci0: unexpected event for opcode 0x0005 [ 556.122838][T17330] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3456'. [ 556.405841][ T5983] Bluetooth: hci3: command 0x0406 tx timeout [ 556.785184][T17352] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3465'. [ 558.104399][T17378] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3474'. [ 559.612964][T17405] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3484'. [ 559.841304][T17407] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3494'. [ 562.396973][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.399024][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 566.604983][T17520] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3532'. [ 566.618842][T17520] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3532'. [ 570.305945][ T6086] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 570.458967][ T6086] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 570.462385][ T6086] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 570.468147][ T6086] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 570.482792][ T6086] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 570.492515][ T6086] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.510667][ T6086] usb 7-1: config 0 descriptor?? [ 570.726522][T17582] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 570.732306][T17582] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 570.952264][ T6086] plantronics 0003:047F:FFFF.0010: reserved main item tag 0xd [ 570.963184][ T6086] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 571.151013][ T6086] usb 7-1: USB disconnect, device number 24 [ 572.972189][T17627] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3561'. [ 573.051778][T17631] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3562'. [ 573.068171][T17634] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3564'. [ 573.072028][T17634] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3564'. [ 575.359861][T17682] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3579'. [ 576.365770][ T6086] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 576.515883][ T6086] usb 6-1: Using ep0 maxpacket: 16 [ 576.518828][ T6086] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 576.521979][ T6086] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 576.526158][ T6086] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 576.528963][ T6086] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 576.532623][ T6086] usb 6-1: config 0 descriptor?? [ 576.535486][ T6086] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 577.265332][T17731] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3601'. [ 577.446257][T17733] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 577.451225][T17733] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 579.115397][T17774] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3614'. [ 579.152694][ T6019] usb 6-1: USB disconnect, device number 31 [ 581.374946][T17825] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3630'. [ 581.378107][ T839] usb 8-1: new high-speed USB device number 24 using dummy_hcd [ 581.537039][ T839] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 581.540708][ T839] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 581.544082][ T839] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 581.547379][ T839] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 581.551506][ T839] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 581.554600][ T839] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 581.557867][ T839] usb 8-1: config 0 descriptor?? [ 581.978254][ T839] plantronics 0003:047F:FFFF.0011: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 581.985768][ T54] usb 6-1: new full-speed USB device number 32 using dummy_hcd [ 582.168916][ T54] usb 6-1: config 0 has no interfaces? [ 582.170802][ T54] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 582.173611][ T54] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 582.181309][ T54] usb 6-1: config 0 descriptor?? [ 582.288992][T17843] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3644'. [ 582.419151][ T54] usb 6-1: USB disconnect, device number 32 [ 583.325809][ T6086] usb 5-1: new full-speed USB device number 28 using dummy_hcd [ 583.507104][ T6086] usb 5-1: config 0 has no interfaces? [ 583.509444][ T6086] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 583.512380][ T6086] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 583.517607][ T6086] usb 5-1: config 0 descriptor?? [ 583.763004][ T54] usb 5-1: USB disconnect, device number 28 [ 583.965833][ T6057] usb 8-1: reset high-speed USB device number 24 using dummy_hcd [ 584.105758][ T6057] usb 8-1: device descriptor read/64, error -32 [ 584.345770][ T6057] usb 8-1: reset high-speed USB device number 24 using dummy_hcd [ 584.475883][ T6057] usb 8-1: device descriptor read/64, error -32 [ 584.715882][ T6057] usb 8-1: reset high-speed USB device number 24 using dummy_hcd [ 584.736122][ T6057] usb 8-1: device descriptor read/8, error -32 [ 584.879221][T17887] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3650'. [ 585.069767][T17894] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3651'. [ 585.075174][T17895] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3649'. [ 585.091904][T17895] bridge_slave_1: left allmulticast mode [ 585.093719][T17895] bridge_slave_1: left promiscuous mode [ 585.095560][T17895] bridge0: port 2(bridge_slave_1) entered disabled state [ 585.293562][T17895] bridge_slave_0: left allmulticast mode [ 585.295540][T17895] bridge_slave_0: left promiscuous mode [ 585.297548][T17895] bridge0: port 1(bridge_slave_0) entered disabled state [ 585.616500][ T10] usb 8-1: USB disconnect, device number 24 [ 585.981194][T17913] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3655'. [ 585.984254][T17913] bridge_slave_1: left allmulticast mode [ 585.986375][T17913] bridge_slave_1: left promiscuous mode [ 585.988440][T17913] bridge0: port 2(bridge_slave_1) entered disabled state [ 585.992371][T17913] bridge_slave_0: left allmulticast mode [ 585.994507][T17913] bridge_slave_0: left promiscuous mode [ 585.997771][T17913] bridge0: port 1(bridge_slave_0) entered disabled state [ 586.130024][T17916] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3659'. [ 586.133809][T17916] bridge_slave_1: left allmulticast mode [ 586.136089][T17916] bridge_slave_1: left promiscuous mode [ 586.138450][T17916] bridge0: port 2(bridge_slave_1) entered disabled state [ 586.142297][T17916] bridge_slave_0: left allmulticast mode [ 586.144623][T17916] bridge_slave_0: left promiscuous mode [ 586.147278][T17916] bridge0: port 1(bridge_slave_0) entered disabled state [ 586.871269][T17928] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3661'. [ 587.269028][T17936] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3664'. [ 587.441655][T17943] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3665'. [ 588.188787][T17959] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3669'. [ 588.447868][T17964] bridge0: port 2(bridge_slave_1) entered disabled state [ 588.450405][T17964] bridge0: port 1(bridge_slave_0) entered disabled state [ 588.865861][T17970] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3672'. [ 589.645793][T17985] bridge_slave_1: left allmulticast mode [ 589.648220][T17985] bridge_slave_1: left promiscuous mode [ 589.650714][T17985] bridge0: port 2(bridge_slave_1) entered disabled state [ 589.665426][T17985] bridge_slave_0: left allmulticast mode [ 589.667816][T17985] bridge_slave_0: left promiscuous mode [ 589.670336][T17985] bridge0: port 1(bridge_slave_0) entered disabled state [ 590.147806][T18000] __nla_validate_parse: 2 callbacks suppressed [ 590.147834][T18000] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3680'. [ 590.186410][T17990] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3677'. [ 590.219275][T18003] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3679'. [ 592.175778][ T54] usb 6-1: new full-speed USB device number 33 using dummy_hcd [ 592.327150][ T54] usb 6-1: config 0 has no interfaces? [ 592.328961][ T54] usb 6-1: New USB device found, idVendor=056a, idProduct=033b, bcdDevice= 0.00 [ 592.331771][ T54] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 592.334843][ T54] usb 6-1: config 0 descriptor?? [ 592.626564][ T10] usb 6-1: USB disconnect, device number 33 [ 592.673275][T18056] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3697'. [ 594.848705][T18125] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3718'. [ 596.920184][T18164] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3740'. [ 598.793431][T18225] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3753'. [ 600.386583][T18257] 9pnet_fd: Insufficient options for proto=fd [ 614.484651][T18544] 9pnet_fd: Insufficient options for proto=fd [ 622.576727][T18664] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3900'. [ 622.580319][T18664] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3900'. [ 623.841617][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 623.843700][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 626.779053][T18728] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3922'. [ 626.783873][T18728] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3922'. [ 630.219772][T18788] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3943'. [ 630.224243][T18788] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3943'. [ 635.285922][T18864] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3968'. [ 635.289628][T18864] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3968'. [ 648.538626][T19088] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4055'. [ 648.544681][T19088] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4055'. [ 651.070192][T19135] netlink: 72 bytes leftover after parsing attributes in process `syz.3.4062'. [ 651.073898][T19135] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4062'. [ 653.887256][T19177] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4075'. [ 654.681713][T19195] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4083'. [ 654.980212][ T6023] libceph: connect (1)[c::]:6789 error -101 [ 654.982151][ T6023] libceph: mon0 (1)[c::]:6789 connect error [ 655.236056][ T6023] libceph: connect (1)[c::]:6789 error -101 [ 655.238086][ T6023] libceph: mon0 (1)[c::]:6789 connect error [ 655.558309][T19203] ceph: No mds server is up or the cluster is laggy [ 655.606821][T19215] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4088'. [ 656.226571][T19235] netlink: 72 bytes leftover after parsing attributes in process `syz.3.4094'. [ 656.236792][T19235] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4094'. [ 656.442968][T19241] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4105'. [ 656.447426][T19241] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4105'. [ 657.981160][ T6019] libceph: connect (1)[c::]:6789 error -101 [ 657.983122][ T6019] libceph: mon0 (1)[c::]:6789 connect error [ 658.240658][ T6019] libceph: connect (1)[c::]:6789 error -101 [ 658.248677][ T6019] libceph: mon0 (1)[c::]:6789 connect error [ 658.374022][T19257] ceph: No mds server is up or the cluster is laggy [ 664.216941][T19338] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 665.179280][T19361] netlink: 72 bytes leftover after parsing attributes in process `syz.0.4129'. [ 665.184816][T19361] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4129'. [ 666.472586][T19383] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4138'. [ 667.505502][T19401] netlink: 72 bytes leftover after parsing attributes in process `syz.2.4143'. [ 667.511485][T19401] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4143'. [ 669.535013][T19425] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4150'. [ 682.027961][T19571] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4190'. [ 682.036586][T19571] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4190'. [ 685.277638][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.279705][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.098525][T19623] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4205'. [ 687.104624][T19623] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4205'. [ 693.150417][T19697] netlink: 72 bytes leftover after parsing attributes in process `syz.3.4231'. [ 693.154651][T19697] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4231'. [ 712.954049][T19966] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4322'. [ 712.957270][T19966] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4322'. [ 717.629537][T20047] 9pnet_fd: Insufficient options for proto=fd [ 724.305857][ T60] usb 5-1: new full-speed USB device number 29 using dummy_hcd [ 724.457353][ T60] usb 5-1: config 0 has no interfaces? [ 724.459126][ T60] usb 5-1: New USB device found, idVendor=056a, idProduct=033b, bcdDevice= 0.00 [ 724.461990][ T60] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 724.465490][ T60] usb 5-1: config 0 descriptor?? [ 724.747245][ T60] usb 5-1: USB disconnect, device number 29 [ 726.416325][ T10] usb 5-1: new full-speed USB device number 30 using dummy_hcd [ 726.587185][ T10] usb 5-1: config 0 has no interfaces? [ 726.588963][ T10] usb 5-1: New USB device found, idVendor=056a, idProduct=033b, bcdDevice= 0.00 [ 726.597855][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 726.601695][ T10] usb 5-1: config 0 descriptor?? [ 726.765815][ T60] usb 7-1: new full-speed USB device number 25 using dummy_hcd [ 726.867289][ T6023] usb 5-1: USB disconnect, device number 30 [ 726.926993][ T60] usb 7-1: config 0 has no interfaces? [ 726.928855][ T60] usb 7-1: New USB device found, idVendor=056a, idProduct=033b, bcdDevice= 0.00 [ 726.931758][ T60] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 726.937956][ T60] usb 7-1: config 0 descriptor?? [ 728.195779][ T60] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 728.346973][ T60] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 728.350423][ T60] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 728.354321][ T60] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 728.357901][ T60] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 728.363041][ T60] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 728.366357][ T60] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 728.369634][ T60] usb 5-1: Manufacturer: syz [ 728.371794][ T60] usb 5-1: config 0 descriptor?? [ 728.782747][ T60] appleir 0003:05AC:8243.0012: unknown main item tag 0x0 [ 728.786978][ T60] appleir 0003:05AC:8243.0012: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 729.527959][ T6023] usb 7-1: USB disconnect, device number 25 [ 730.681661][T20219] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4395'. [ 730.741862][T20220] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4388'. [ 730.759400][ T54] usb 5-1: USB disconnect, device number 31 [ 731.636683][T20235] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4390'. [ 731.637694][T20234] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4400'. [ 732.115540][T20241] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4391'. [ 732.521343][T20250] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4393'. [ 732.618888][T20252] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4392'. [ 733.065931][ T54] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 733.237010][ T54] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 733.240748][ T54] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 733.244257][ T54] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 733.248365][ T54] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 733.253239][ T54] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 733.256419][ T54] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 733.259010][ T54] usb 6-1: Manufacturer: syz [ 733.261634][ T54] usb 6-1: config 0 descriptor?? [ 733.496894][T20264] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4397'. [ 733.665862][ T6023] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 733.672383][ T54] appleir 0003:05AC:8243.0013: item fetching failed at offset 0/1 [ 733.675005][ T54] appleir 0003:05AC:8243.0013: parse failed [ 733.677266][ T54] appleir 0003:05AC:8243.0013: probe with driver appleir failed with error -22 [ 733.817355][ T6023] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 733.820775][ T6023] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 733.824235][ T6023] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 733.827326][ T6023] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 733.832376][ T6023] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 733.835252][ T6023] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 733.837885][ T6023] usb 7-1: Manufacturer: syz [ 733.840051][ T6023] usb 7-1: config 0 descriptor?? [ 733.873494][T20266] usb 6-1: USB disconnect, device number 34 [ 734.197008][T20269] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4399'. [ 734.250072][ T6023] appleir 0003:05AC:8243.0014: unknown main item tag 0x0 [ 734.253706][ T6023] appleir 0003:05AC:8243.0014: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 734.634081][T20290] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4403'. [ 734.637028][ T10] usb 8-1: new high-speed USB device number 25 using dummy_hcd [ 734.787677][ T10] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 734.792614][ T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 734.797236][ T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 734.801591][ T10] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 734.806686][ T10] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 734.809626][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 734.816421][ T10] usb 8-1: config 0 descriptor?? [ 735.228528][ T10] plantronics 0003:047F:FFFF.0015: hiddev1,hidraw2: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 736.355782][ T60] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 736.375979][ T10] usb 7-1: USB disconnect, device number 26 [ 736.517016][ T60] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 736.520889][ T60] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 736.524991][ T60] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 736.525831][ T10] usb 7-1: new full-speed USB device number 27 using dummy_hcd [ 736.528474][ T60] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 736.534926][ T60] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 736.537890][ T60] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 736.541336][ T60] usb 5-1: config 0 descriptor?? [ 736.687727][ T10] usb 7-1: config 0 has no interfaces? [ 736.690085][ T10] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 736.693777][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 736.697284][ T10] usb 7-1: config 0 descriptor?? [ 736.904580][T19958] usb 7-1: USB disconnect, device number 27 [ 736.953878][ T60] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 737.404055][ T54] usb 8-1: USB disconnect, device number 25 [ 737.675864][ T6023] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 737.826901][ T6023] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 737.830587][ T6023] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 737.834039][ T6023] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 737.837342][ T6023] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 737.841392][ T6023] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 737.844412][ T6023] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 737.848128][ T6023] usb 7-1: config 0 descriptor?? [ 738.264091][ T6023] plantronics 0003:047F:FFFF.0017: hiddev1,hidraw2: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 738.570302][ T6023] usb 7-1: USB disconnect, device number 28 [ 738.611546][T20330] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4416'. [ 738.771070][ T6023] usb 5-1: USB disconnect, device number 32 [ 739.545809][T19958] usb 7-1: new high-speed USB device number 29 using dummy_hcd [ 739.555774][ T54] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 739.566115][ T6023] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 739.697748][T19958] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 739.701321][T19958] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 739.704650][T19958] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 739.707077][ T54] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 739.707856][T19958] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 739.711285][ T54] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 739.715342][T19958] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 739.718725][ T54] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 739.718738][ T54] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 739.718757][ T54] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 739.718768][ T54] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 739.719343][ T6023] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 739.719391][ T6023] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 739.719413][ T6023] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 739.719430][ T6023] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 739.720313][ T6023] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 739.720333][ T6023] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 739.720348][ T6023] usb 6-1: Manufacturer: syz [ 739.721341][ T6023] usb 6-1: config 0 descriptor?? [ 739.722425][T19958] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 739.726092][ T54] usb 5-1: config 0 descriptor?? [ 739.732688][T19958] usb 7-1: config 0 descriptor?? [ 740.130131][ T6023] appleir 0003:05AC:8243.0018: unknown main item tag 0x0 [ 740.133387][ T6023] appleir 0003:05AC:8243.0018: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 740.143943][ T54] plantronics 0003:047F:FFFF.0019: hiddev1,hidraw2: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 740.187734][T19958] plantronics 0003:047F:FFFF.001A: hiddev2,hidraw3: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 742.196238][ T6057] usb 6-1: USB disconnect, device number 35 [ 742.323296][T19958] usb 7-1: USB disconnect, device number 29 [ 743.213175][T19958] usb 5-1: USB disconnect, device number 33 [ 743.545880][T19958] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 743.697333][T19958] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 743.700951][T19958] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 743.704324][T19958] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 743.707578][T19958] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 743.711566][T19958] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 743.714356][T19958] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 743.719975][T19958] usb 5-1: config 0 descriptor?? [ 744.133208][T19958] plantronics 0003:047F:FFFF.001B: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 745.566209][ T6057] usb 5-1: reset high-speed USB device number 34 using dummy_hcd [ 745.695811][ T6057] usb 5-1: device descriptor read/64, error -32 [ 745.936115][ T6057] usb 5-1: reset high-speed USB device number 34 using dummy_hcd [ 746.065823][ T6057] usb 5-1: device descriptor read/64, error -32 [ 746.315753][ T6057] usb 5-1: reset high-speed USB device number 34 using dummy_hcd [ 746.335982][ T6057] usb 5-1: device descriptor read/8, error -32 [ 746.726916][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 746.728772][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 746.995806][ T54] usb 8-1: new high-speed USB device number 26 using dummy_hcd [ 747.156971][ T54] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 747.160367][ T54] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 747.163424][ T54] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 747.167469][ T54] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 747.170259][ T54] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 747.173554][ T54] usb 8-1: config 0 descriptor?? [ 747.246410][ T10] usb 5-1: USB disconnect, device number 34 [ 747.381564][T20400] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 747.384469][T20400] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 747.455745][ T839] usb 7-1: new high-speed USB device number 30 using dummy_hcd [ 747.592270][ T54] plantronics 0003:047F:FFFF.001C: reserved main item tag 0xd [ 747.599494][ T54] plantronics 0003:047F:FFFF.001C: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 747.615780][ T839] usb 7-1: Using ep0 maxpacket: 8 [ 747.618779][ T839] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 747.621350][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 747.625094][ T839] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 747.629084][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 747.632492][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 747.636883][ T839] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 747.639195][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 747.642739][ T839] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 747.646586][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 747.650068][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 747.654275][ T839] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 747.659347][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 747.662868][ T839] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 747.666550][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 747.670091][ T839] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 747.675977][ T839] usb 7-1: string descriptor 0 read error: -22 [ 747.677946][ T839] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 747.680816][ T839] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 747.686139][ T839] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 747.791801][ T839] usb 8-1: USB disconnect, device number 26 [ 748.283556][ T75] bond0: (slave bond_slave_0): interface is now down [ 748.286972][ T75] bond0: (slave bond_slave_1): interface is now down [ 748.289771][ T75] bond0: now running without any active interface! [ 748.323984][T20420] infiniband syz0: set down [ 748.325494][ T6023] syz0: Port: 1 Link DOWN [ 748.325840][T20420] infiniband syz0: added bond0 [ 748.338214][T20420] RDS/IB: syz0: added [ 748.340306][T20420] smc: adding ib device syz0 with port count 1 [ 748.342762][T20420] smc: ib device syz0 port 1 has pnetid [ 748.519919][T20425] bond0: (slave rose0): Enslaving as an active interface with an up link [ 749.450420][T20435] fuse: Bad value for 'fd' [ 750.153605][T19958] usb 7-1: USB disconnect, device number 30 [ 750.565903][T20427] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 750.715892][T20430] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 750.715929][ T5334] Bluetooth: hci1: command 0x0406 tx timeout [ 750.721202][T20430] Bluetooth: hci1: Opcode 0x0406 failed: -110 [ 751.541862][T20430] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 751.543809][T20430] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 751.594825][T20463] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 751.600376][T20463] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 751.630969][ T75] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 751.633866][ T75] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 751.637250][ T75] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 751.640100][ T75] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 751.795791][T19958] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 751.959363][T19958] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 751.962355][T19958] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 751.964994][T19958] usb 5-1: Product: syz [ 751.966826][T19958] usb 5-1: Manufacturer: syz [ 751.968397][T19958] usb 5-1: SerialNumber: syz [ 751.971530][T19958] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 751.986861][T19958] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 752.016032][T20471] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 752.046782][ T60] wlan1: No basic rates, using min rate instead [ 752.049837][ T60] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 752.052724][ T60] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 752.070371][T17411] wlan1: authenticated [ 752.070770][T20471] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 752.071805][ T6057] wlan1: associating to AP 08:02:11:00:00:00 with corrupt probe response [ 752.076955][T20471] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 752.077790][T17411] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0xa004 status=0 aid=12) [ 752.082719][T20471] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4458'. [ 752.083626][T17411] wlan1: No basic rates, using min rate instead [ 752.089109][T17411] wlan1: associated [ 752.191099][ T6023] usb 5-1: USB disconnect, device number 35 [ 752.512058][T20473] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 752.566825][T20473] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 752.571285][T20473] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 752.576139][T20473] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4459'. [ 752.795861][ T5334] Bluetooth: hci1: command 0x0406 tx timeout [ 753.045812][T19958] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 753.048199][T19958] ath9k_htc: Failed to initialize the device [ 753.050482][ T6023] usb 5-1: ath9k_htc: USB layer deinitialized [ 753.126130][T20482] validate_nla: 44 callbacks suppressed [ 753.126144][T20482] netlink: 'syz.1.4463': attribute type 12 has an invalid length. [ 753.131146][T20482] netlink: 'syz.1.4463': attribute type 4 has an invalid length. [ 753.345811][ T6023] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 753.605795][ T5334] Bluetooth: hci3: command 0x0406 tx timeout [ 753.635324][T20496] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 753.692623][T20496] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 754.286819][T20490] Set syz1 is full, maxelem 65536 reached [ 754.880989][T20508] infiniband syz1: set down [ 754.882505][T20508] infiniband syz1: added syz_tun [ 754.893209][T20508] RDS/IB: syz1: added [ 754.894544][T20508] smc: adding ib device syz1 with port count 1 [ 754.897323][T20508] smc: ib device syz1 port 1 has pnetid [ 755.115912][ T5983] Bluetooth: hci1: command 0x0406 tx timeout [ 755.129028][T20515] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 755.608849][T20524] netem: change failed [ 755.976459][T20530] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 756.031952][T20530] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 756.235850][ T5334] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 756.867695][T20554] rdma_rxe: rxe_newlink: failed to add syz_tun [ 756.990101][T20554] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 756.994030][T20554] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 757.021674][T20554] wlan1: deauthenticating from 08:02:11:00:00:00 by local choice (Reason: 3=DEAUTH_LEAVING) [ 757.030131][T17411] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 757.033154][T17411] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 757.035985][T17411] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 757.038786][T17411] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 757.179174][T20561] tipc: Enabled bearer , priority 0 [ 757.468422][T20566] binder_alloc: 20565: pid 20565 spamming oneway? 1 buffers allocated for a total size of 4096 [ 758.625881][ T6057] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 758.775912][ T6057] usb 6-1: Using ep0 maxpacket: 16 [ 758.780586][ T6057] usb 6-1: New USB device found, idVendor=0403, idProduct=b8d8, bcdDevice=30.bb [ 758.783757][ T6057] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 758.786378][ T6057] usb 6-1: Product: syz [ 758.787857][ T6057] usb 6-1: Manufacturer: syz [ 758.789485][ T6057] usb 6-1: SerialNumber: syz [ 759.003651][ T6057] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 759.011875][ T6057] snd-usb-audio 6-1:222.0: probe with driver snd-usb-audio failed with error -71 [ 759.016004][ T6057] usb 6-1: USB disconnect, device number 36 [ 759.022887][T20125] udevd[20125]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:222.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 759.465931][ T54] usb 7-1: new high-speed USB device number 31 using dummy_hcd [ 759.635768][ T54] usb 7-1: Using ep0 maxpacket: 16 [ 759.640422][ T54] usb 7-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 759.643987][ T54] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 759.647688][ T54] usb 7-1: Product: syz [ 759.649435][ T54] usb 7-1: Manufacturer: syz [ 759.651418][ T54] usb 7-1: SerialNumber: syz [ 759.654464][ T54] usb 7-1: config 0 descriptor?? [ 760.060933][ T54] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 760.064282][ T54] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 760.067611][ T54] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 760.070078][ T54] usb 7-1: media controller created [ 760.075795][ T54] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 760.261853][ T54] zl10353_read_register: readreg error (reg=127, ret==0) [ 760.264709][ T54] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 760.267538][ T54] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 760.271106][ T54] usb 7-1: USB disconnect, device number 31 [ 760.279869][ T54] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 766.640320][T20607] comedi comedi3: c6xdigio: I/O port conflict (0x3,3) [ 766.684624][ T5334] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 766.689464][ T5334] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 766.692520][ T5334] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 766.696098][ T5334] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 766.699316][ T5334] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 766.818654][T20615] chnl_net:caif_netlink_parms(): no params data found [ 766.858875][T20615] bridge0: port 1(bridge_slave_0) entered blocking state [ 766.861106][T20615] bridge0: port 1(bridge_slave_0) entered disabled state [ 766.863368][T20615] bridge_slave_0: entered allmulticast mode [ 766.865803][T20615] bridge_slave_0: entered promiscuous mode [ 766.868472][T20615] bridge0: port 2(bridge_slave_1) entered blocking state [ 766.870694][T20615] bridge0: port 2(bridge_slave_1) entered disabled state [ 766.872934][T20615] bridge_slave_1: entered allmulticast mode [ 766.875188][T20615] bridge_slave_1: entered promiscuous mode [ 766.893216][T20615] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 766.895803][ T54] usb 7-1: new high-speed USB device number 32 using dummy_hcd [ 766.898501][T20615] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 766.916258][T20615] team0: Port device team_slave_0 added [ 766.918927][T20615] team0: Port device team_slave_1 added [ 766.935310][T20615] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 766.937551][T20615] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 766.945314][T20615] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 766.950143][T20615] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 766.952305][T20615] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 766.960220][T20615] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 766.981862][T20615] hsr_slave_0: entered promiscuous mode [ 766.983952][T20615] hsr_slave_1: entered promiscuous mode [ 767.037462][T20615] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 767.041228][T20615] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 767.044808][T20615] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 767.046166][ T54] usb 7-1: Using ep0 maxpacket: 32 [ 767.049710][ T54] usb 7-1: config 0 has an invalid interface number: 51 but max is 0 [ 767.052241][ T54] usb 7-1: config 0 has no interface number 0 [ 767.053268][T20615] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 767.055526][ T54] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 767.059108][ T54] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 767.061571][ T54] usb 7-1: Product: syz [ 767.062891][ T54] usb 7-1: Manufacturer: syz [ 767.064364][ T54] usb 7-1: SerialNumber: syz [ 767.067342][ T54] usb 7-1: config 0 descriptor?? [ 767.068257][T20615] bridge0: port 2(bridge_slave_1) entered blocking state [ 767.071271][T20615] bridge0: port 2(bridge_slave_1) entered forwarding state [ 767.071612][ T54] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 767.073609][T20615] bridge0: port 1(bridge_slave_0) entered blocking state [ 767.078513][T20615] bridge0: port 1(bridge_slave_0) entered forwarding state [ 767.096216][T20615] 8021q: adding VLAN 0 to HW filter on device bond0 [ 767.102622][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 767.105161][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 767.110988][T20615] 8021q: adding VLAN 0 to HW filter on device team0 [ 767.115900][ T1235] bridge0: port 1(bridge_slave_0) entered blocking state [ 767.118226][ T1235] bridge0: port 1(bridge_slave_0) entered forwarding state [ 767.122892][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 767.125118][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 767.208486][T20615] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 767.275641][ T54] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 767.281431][ T54] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 767.314188][T20615] veth0_vlan: entered promiscuous mode [ 767.319007][T20615] veth1_vlan: entered promiscuous mode [ 767.329115][T20615] veth0_macvtap: entered promiscuous mode [ 767.332193][T20615] veth1_macvtap: entered promiscuous mode [ 767.338946][T20615] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 767.344769][T20615] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 767.350135][ T46] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.353001][ T46] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.357415][ T46] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.360250][ T46] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.396675][T17576] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 767.399183][T17576] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 767.424305][T17576] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 767.426957][T17576] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 767.474897][T20611] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 767.478213][T20611] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 767.481298][ C1] quatech-serial ttyUSB0: qt2_process_read_urb - status message too short [ 767.681622][ C1] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 767.684708][ T54] usb 7-1: USB disconnect, device number 32 [ 767.688486][ T54] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 767.693230][ T54] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 767.697183][ T54] quatech2 7-1:0.51: device disconnected [ 768.356990][T20647] Set syz1 is full, maxelem 65536 reached [ 768.520258][T20671] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 768.557336][ T839] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 768.560219][ T839] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 768.575025][T20671] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 768.665863][T17576] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 768.715839][ T5983] Bluetooth: hci2: command tx timeout [ 768.745808][ T54] usb 7-1: new high-speed USB device number 33 using dummy_hcd [ 768.776424][T17576] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 768.895863][ T46] wlan1: authentication with 08:02:11:00:00:00 timed out [ 768.925773][ T54] usb 7-1: Using ep0 maxpacket: 32 [ 768.928657][ T54] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 768.931294][ T54] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 768.933975][ T54] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 768.937513][ T54] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 768.940512][ T54] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 768.943586][ T54] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 768.946776][ T54] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 768.949792][ T54] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 768.953826][ T54] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 768.957068][ T54] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 768.960435][ T54] usb 7-1: config 0 descriptor?? [ 769.167503][ T54] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 33 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 769.171881][ T54] usb 7-1: USB disconnect, device number 33 [ 769.174885][ T54] usblp0: removed [ 769.605823][ T6057] usb 7-1: new high-speed USB device number 34 using dummy_hcd [ 769.765824][ T6057] usb 7-1: Using ep0 maxpacket: 32 [ 769.769188][ T6057] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 769.771776][ T6057] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 769.774517][ T6057] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 769.778297][ T6057] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 769.781268][ T6057] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 769.784255][ T6057] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 769.787407][ T6057] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 769.790930][ T6057] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 769.796061][ T6057] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 769.799226][ T6057] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 769.803260][ T6057] usb 7-1: config 0 descriptor?? [ 770.007817][ T6057] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 34 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 770.209509][ T6057] usb 7-1: USB disconnect, device number 34 [ 770.213242][ T6057] usblp0: removed [ 770.750526][T20687] binder_alloc: 20686: pid 20686 spamming oneway? 1 buffers allocated for a total size of 4096 [ 770.778401][T20694] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 770.795776][ T5983] Bluetooth: hci2: command tx timeout [ 770.832743][T20694] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 771.183241][T20716] binder_alloc: 20715: pid 20715 spamming oneway? 1 buffers allocated for a total size of 4096 [ 771.434747][ T5334] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 771.437536][ T5334] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 771.443573][ T5334] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 771.446340][ T5334] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 771.448941][ T5334] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 771.613869][T20728] chnl_net:caif_netlink_parms(): no params data found [ 771.656725][T20728] bridge0: port 1(bridge_slave_0) entered blocking state [ 771.658995][T20728] bridge0: port 1(bridge_slave_0) entered disabled state [ 771.661265][T20728] bridge_slave_0: entered allmulticast mode [ 771.663570][T20728] bridge_slave_0: entered promiscuous mode [ 771.667859][T20728] bridge0: port 2(bridge_slave_1) entered blocking state [ 771.670321][T20728] bridge0: port 2(bridge_slave_1) entered disabled state [ 771.672749][T20728] bridge_slave_1: entered allmulticast mode [ 771.675042][T20728] bridge_slave_1: entered promiscuous mode [ 771.694003][T20728] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 771.699008][T20728] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 771.726961][T20728] team0: Port device team_slave_0 added [ 771.730376][T20728] team0: Port device team_slave_1 added [ 771.752734][T20728] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 771.754964][T20728] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 771.763434][T20728] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 771.767452][T20728] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 771.769636][T20728] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 771.778471][T20728] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 771.801248][T20728] hsr_slave_0: entered promiscuous mode [ 771.803417][T20728] hsr_slave_1: entered promiscuous mode [ 771.805381][T20728] debugfs: 'hsr0' already exists in 'hsr' [ 771.807692][T20728] Cannot create hsr debugfs directory [ 771.883275][T20728] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 771.889498][T20728] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 771.893050][T20728] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 771.896908][T20728] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 771.925762][T20728] 8021q: adding VLAN 0 to HW filter on device bond0 [ 771.933176][T20728] 8021q: adding VLAN 0 to HW filter on device team0 [ 771.939467][T17576] bridge0: port 1(bridge_slave_0) entered blocking state [ 771.941729][T17576] bridge0: port 1(bridge_slave_0) entered forwarding state [ 771.944854][T17576] bridge0: port 2(bridge_slave_1) entered blocking state [ 771.947239][T17576] bridge0: port 2(bridge_slave_1) entered forwarding state [ 771.967220][T20751] binder_alloc: 20750: pid 20750 spamming oneway? 1 buffers allocated for a total size of 4096 [ 772.015371][ T40] kauditd_printk_skb: 29 callbacks suppressed [ 772.015383][ T40] audit: type=1800 audit(1755424300.720:109): pid=20760 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.4559" name="bus" dev="overlay" ino=107 res=0 errno=0 [ 772.025307][T20728] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 772.044815][T20764] wlan1: No legacy rates in association response [ 772.048025][T20764] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 772.102472][T20764] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 772.115983][T20728] veth0_vlan: entered promiscuous mode [ 772.119866][T20728] veth1_vlan: entered promiscuous mode [ 772.130038][T20728] veth0_macvtap: entered promiscuous mode [ 772.133143][T20728] veth1_macvtap: entered promiscuous mode [ 772.139568][T20728] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 772.144489][T20728] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 772.149343][ T1235] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 772.152127][ T1235] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 772.155140][ T1235] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 772.158627][ T1235] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 772.199570][T17576] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 772.204251][T17576] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 772.232378][ T1235] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 772.234860][ T1235] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 772.876695][ T5334] Bluetooth: hci2: command tx timeout [ 773.010397][T20773] Set syz1 is full, maxelem 65536 reached [ 773.345835][T20380] usb 7-1: new high-speed USB device number 35 using dummy_hcd [ 773.496028][T20380] usb 7-1: Using ep0 maxpacket: 16 [ 773.500436][T20380] usb 7-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 773.503333][T20380] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 773.506532][T20380] usb 7-1: Product: syz [ 773.507864][T20380] usb 7-1: Manufacturer: syz [ 773.509342][T20380] usb 7-1: SerialNumber: syz [ 773.511413][T20380] usb 7-1: config 0 descriptor?? [ 773.515779][ T5334] Bluetooth: hci5: command tx timeout [ 773.565751][T20798] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 773.620686][T20798] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 773.917235][T20380] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 773.920914][T20380] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 773.924204][T20380] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 773.926859][T20380] usb 7-1: media controller created [ 773.932960][T20380] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 773.944010][T20800] vim2m vim2m.0: Fourcc format (0x47425247) invalid. [ 774.120839][T20380] zl10353_read_register: readreg error (reg=127, ret==0) [ 774.123120][T20380] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 774.131033][T20380] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 774.139158][T20380] usb 7-1: USB disconnect, device number 35 [ 774.147123][T20380] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 774.204278][T20819] wlan1: No legacy rates in association response [ 774.208456][T20819] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 774.264135][T20819] wlan1: associating to AP 50:50:50:50:50:50 with corrupt probe response [ 774.266950][T20819] wlan1: No legacy rates in association response [ 774.275913][ T60] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 774.435836][ T60] usb 10-1: Using ep0 maxpacket: 32 [ 774.438686][ T60] usb 10-1: config 0 has no interfaces? [ 774.440478][ T60] usb 10-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 774.443373][ T60] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 774.446984][ T60] usb 10-1: config 0 descriptor?? [ 774.652252][ T53] usb 10-1: USB disconnect, device number 2 [ 774.955885][ T5334] Bluetooth: hci2: command tx timeout [ 775.025902][ T6057] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 775.175759][ T6057] usb 9-1: Using ep0 maxpacket: 32 [ 775.178560][ T6057] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 775.181986][ T6057] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 775.184993][ T6057] usb 9-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 775.187882][ T6057] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 775.191000][ T6057] usb 9-1: config 0 descriptor?? [ 775.281805][ T13] smc: removing ib device syz1 [ 775.294289][ T5983] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 775.297068][ T5983] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 775.299834][ T5983] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 775.302499][ T5983] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 775.305255][ T5983] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 775.333055][T20842] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 775.368089][ T10] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 775.370970][ T10] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 775.476163][T17411] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 775.512009][T20839] chnl_net:caif_netlink_parms(): no params data found [ 775.553713][T20839] bridge0: port 1(bridge_slave_0) entered blocking state [ 775.556098][T20839] bridge0: port 1(bridge_slave_0) entered disabled state [ 775.558455][T20839] bridge_slave_0: entered allmulticast mode [ 775.561141][T20839] bridge_slave_0: entered promiscuous mode [ 775.563841][T20839] bridge0: port 2(bridge_slave_1) entered blocking state [ 775.566775][T20839] bridge0: port 2(bridge_slave_1) entered disabled state [ 775.569217][T20839] bridge_slave_1: entered allmulticast mode [ 775.571586][T20839] bridge_slave_1: entered promiscuous mode [ 775.587258][T17411] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 775.595885][ T5983] Bluetooth: hci5: command tx timeout [ 775.600950][ T6057] ft260 0003:0403:6030.001D: unknown main item tag 0x7 [ 775.608227][T20839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 775.612562][T20839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 775.637917][T20839] team0: Port device team_slave_0 added [ 775.640857][T20839] team0: Port device team_slave_1 added [ 775.660349][T20839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 775.662645][T20839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 775.670894][T20839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 775.675250][T20839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 775.677779][T20839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 775.686731][T20839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 775.705957][T17576] wlan1: authentication with 08:02:11:00:00:00 timed out [ 775.710654][T20839] hsr_slave_0: entered promiscuous mode [ 775.712782][T20839] hsr_slave_1: entered promiscuous mode [ 775.714991][T20839] debugfs: 'hsr0' already exists in 'hsr' [ 775.716937][T20839] Cannot create hsr debugfs directory [ 775.799608][ T6057] ft260 0003:0403:6030.001D: chip code: 6424 8183 [ 776.000368][ T6057] ft260 0003:0403:6030.001D: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.4-1/input0 [ 776.021429][T20839] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 776.024909][T20839] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 776.028505][T20839] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 776.031880][T20839] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 776.042853][T20839] bridge0: port 2(bridge_slave_1) entered blocking state [ 776.045102][T20839] bridge0: port 2(bridge_slave_1) entered forwarding state [ 776.047501][T20839] bridge0: port 1(bridge_slave_0) entered blocking state [ 776.049735][T20839] bridge0: port 1(bridge_slave_0) entered forwarding state [ 776.068878][T20839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 776.075607][T17411] bridge0: port 1(bridge_slave_0) entered disabled state [ 776.079665][T17411] bridge0: port 2(bridge_slave_1) entered disabled state [ 776.088257][T20839] 8021q: adding VLAN 0 to HW filter on device team0 [ 776.092478][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 776.095348][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 776.101533][T17411] bridge0: port 2(bridge_slave_1) entered blocking state [ 776.103760][T17411] bridge0: port 2(bridge_slave_1) entered forwarding state [ 776.200791][ T6057] ft260 0003:0403:6030.001D: failed to retrieve status: -32, no wakeup [ 776.221900][T20839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 776.241343][T20839] veth0_vlan: entered promiscuous mode [ 776.245284][T20839] veth1_vlan: entered promiscuous mode [ 776.256358][T20839] veth0_macvtap: entered promiscuous mode [ 776.259644][T20839] veth1_macvtap: entered promiscuous mode [ 776.266107][T20839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 776.271259][T20839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 776.276587][T17411] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 776.279350][T17411] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 776.282548][T17411] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 776.285268][T17411] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 776.334999][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 776.342121][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 776.364333][T17411] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 776.366817][T17411] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 776.415255][ T839] usb 9-1: USB disconnect, device number 2 [ 776.845768][ T60] usb 7-1: new high-speed USB device number 36 using dummy_hcd [ 776.905930][ T53] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 776.951917][T20906] tipc: Started in network mode [ 776.953878][T20906] tipc: Node identity 2, cluster identity 4711 [ 776.956938][T20906] tipc: Node number set to 2 [ 777.010088][ T60] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 777.013294][ T60] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 777.016830][ T60] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 777.022187][ T60] usb 7-1: config 0 descriptor?? [ 777.029947][ T60] pwc: Askey VC010 type 2 USB webcam detected. [ 777.076477][ T53] usb 6-1: Using ep0 maxpacket: 8 [ 777.082607][ T53] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 777.085499][ T53] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 777.088370][ T53] usb 6-1: Product: syz [ 777.089730][ T53] usb 6-1: Manufacturer: syz [ 777.091224][ T53] usb 6-1: SerialNumber: syz [ 777.104132][ T53] usb 6-1: config 0 descriptor?? [ 777.141648][T20928] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4624'. [ 777.195547][T20932] wlan1: No legacy rates in association response [ 777.199850][T20932] wlan1: associating to AP 50:50:50:50:50:50 with corrupt probe response [ 777.202583][T20932] wlan1: No legacy rates in association response [ 777.317595][ T53] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 777.365780][ T5983] Bluetooth: hci1: command tx timeout [ 777.380094][T20944] binder_alloc: 20943: pid 20943 spamming oneway? 1 buffers allocated for a total size of 4096 [ 777.447980][ T60] pwc: recv_control_msg error -32 req 02 val 2b00 [ 777.450767][ T60] pwc: recv_control_msg error -32 req 02 val 2700 [ 777.453468][ T60] pwc: recv_control_msg error -32 req 02 val 2c00 [ 777.456315][ T60] pwc: recv_control_msg error -32 req 04 val 1000 [ 777.459092][ T60] pwc: recv_control_msg error -32 req 04 val 1300 [ 777.461887][ T60] pwc: recv_control_msg error -32 req 04 val 1400 [ 777.465011][ T60] pwc: recv_control_msg error -32 req 02 val 2000 [ 777.676359][ T5983] Bluetooth: hci5: command tx timeout [ 777.685300][ T60] pwc: recv_control_msg error -71 req 04 val 1500 [ 777.687624][ T60] pwc: recv_control_msg error -71 req 02 val 2500 [ 777.690050][ T60] pwc: recv_control_msg error -71 req 02 val 2400 [ 777.692308][ T60] pwc: recv_control_msg error -71 req 02 val 2600 [ 777.694569][ T60] pwc: recv_control_msg error -71 req 02 val 2900 [ 777.696984][ T60] pwc: recv_control_msg error -71 req 02 val 2800 [ 777.699278][ T60] pwc: recv_control_msg error -71 req 04 val 1100 [ 777.701501][ T60] pwc: recv_control_msg error -71 req 04 val 1200 [ 777.703991][ T60] pwc: Registered as video103. [ 777.705940][ T60] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb7/7-1/input/input23 [ 777.711417][ T60] usb 7-1: USB disconnect, device number 36 [ 777.985852][ T839] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 778.135838][ T839] usb 9-1: Using ep0 maxpacket: 16 [ 778.140310][ T839] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 778.143854][ T839] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 778.149668][ T839] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 778.152722][ T839] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 778.155393][ T839] usb 9-1: Product: syz [ 778.157151][ T839] usb 9-1: Manufacturer: syz [ 778.158614][ T839] usb 9-1: SerialNumber: syz [ 778.161035][ T839] usb 9-1: config 0 descriptor?? [ 778.164674][ T839] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 778.167779][ T839] em28xx 9-1:0.0: Audio interface 0 found (Vendor Class) [ 778.467464][ T53] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 778.476783][ T53] usb 6-1: USB disconnect, device number 37 [ 778.893151][ T839] em28xx 9-1:0.0: unknown em28xx chip ID (0) [ 778.925746][ T839] em28xx 9-1:0.0: Config register raw data: 0xfffffffb [ 779.104687][T20975] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 779.146677][T20975] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4643'. [ 779.435904][ T5983] Bluetooth: hci1: command tx timeout [ 779.584824][ T839] em28xx 9-1:0.0: Unknown AC97 audio processor detected! [ 779.587759][ T839] em28xx 9-1:0.0: couldn't setup AC97 register 2 [ 779.590165][ T839] em28xx 9-1:0.0: couldn't setup AC97 register 4 [ 779.592513][ T839] em28xx 9-1:0.0: couldn't setup AC97 register 6 [ 779.756104][ T5983] Bluetooth: hci5: command tx timeout [ 779.922989][T20984] comedi comedi3: c6xdigio: I/O port conflict (0x3,3) [ 779.925299][T20984] ================================================================== [ 779.928145][T20984] BUG: KASAN: slab-use-after-free in sysfs_remove_file_ns+0x63/0x70 [ 779.930859][T20984] Read of size 8 at addr ffff88805f363230 by task syz.2.4647/20984 [ 779.935116][T20984] [ 779.936203][T20984] CPU: 0 UID: 0 PID: 20984 Comm: syz.2.4647 Not tainted 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT(full) [ 779.936222][T20984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 779.936229][T20984] Call Trace: [ 779.936233][T20984] [ 779.936238][T20984] dump_stack_lvl+0x116/0x1f0 SYZFAIL: failed to recv rpc [ 779.936255][T20984] print_report+0xcd/0x630 fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 779.936273][T20984] ? __virt_addr_valid+0x81/0x610 [ 779.936288][T20984] ? __phys_addr+0xe8/0x180 [ 779.936300][T20984] ? sysfs_remove_file_ns+0x63/0x70 [ 779.936311][T20984] kasan_report+0xe0/0x110 [ 779.936325][T20984] ? sysfs_remove_file_ns+0x63/0x70 [ 779.936339][T20984] sysfs_remove_file_ns+0x63/0x70 [ 779.936350][T20984] driver_remove_file+0x4a/0x60 [ 779.936367][T20984] bus_remove_driver+0x224/0x2c0 [ 779.936380][T20984] driver_unregister+0x76/0xb0 [ 779.936396][T20984] comedi_device_detach_locked+0x12c/0xa50 [ 779.936413][T20984] comedi_device_detach+0x67/0xb0 [ 779.936426][T20984] comedi_device_attach+0x43d/0x900 [ 779.936441][T20984] do_devconfig_ioctl+0x1b1/0x710 [ 779.936452][T20984] ? __mutex_lock+0x1c4/0x10b0 [ 779.936466][T20984] ? __pfx_do_devconfig_ioctl+0x10/0x10 [ 779.936478][T20984] ? kasan_save_stack+0x42/0x60 [ 779.936490][T20984] ? kasan_save_stack+0x33/0x60 [ 779.936501][T20984] ? kasan_save_track+0x14/0x30 [ 779.936512][T20984] ? kasan_save_free_info+0x3b/0x60 [ 779.936532][T20984] ? __kasan_slab_free+0x60/0x70 [ 779.936543][T20984] ? kfree+0x2b4/0x4d0 [ 779.936553][T20984] ? tomoyo_path_number_perm+0x470/0x580 [ 779.936568][T20984] comedi_unlocked_ioctl+0x165d/0x2f00 [ 779.936582][T20984] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 779.936598][T20984] ? rcu_is_watching+0x12/0xc0 [ 779.936610][T20984] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 779.936628][T20984] ? tomoyo_path_number_perm+0x295/0x580 [ 779.936640][T20984] ? rcu_is_watching+0x12/0xc0 [ 779.936650][T20984] ? lock_release+0x201/0x2f0 [ 779.936664][T20984] ? tomoyo_path_number_perm+0x18d/0x580 [ 779.936677][T20984] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 779.936691][T20984] comedi_compat_ioctl+0x1d0/0x990 [ 779.936702][T20984] ? __pfx_comedi_compat_ioctl+0x10/0x10 [ 779.936714][T20984] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 779.936730][T20984] ? do_vfs_ioctl+0x128/0x14f0 [ 779.936746][T20984] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 779.936762][T20984] ? rcu_is_watching+0x12/0xc0 [ 779.936772][T20984] ? __fget_files+0x204/0x3c0 [ 779.936783][T20984] ? hook_file_ioctl_common+0x145/0x410 [ 779.936798][T20984] ? __fget_files+0x20e/0x3c0 [ 779.936807][T20984] ? __ia32_compat_sys_openat+0xf0/0x210 [ 779.936819][T20984] ? __pfx_comedi_compat_ioctl+0x10/0x10 [ 779.936830][T20984] __ia32_compat_sys_ioctl+0x23f/0x370 [ 779.936847][T20984] __do_fast_syscall_32+0x7c/0x3a0 [ 779.936862][T20984] do_fast_syscall_32+0x32/0x80 [ 779.936875][T20984] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 779.936888][T20984] RIP: 0023:0xf708e579 [ 779.936898][T20984] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 779.936909][T20984] RSP: 002b:00000000f547e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 779.936920][T20984] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040946400 [ 779.936927][T20984] RDX: 0000000080000200 RSI: 0000000000000000 RDI: 0000000000000000 [ 779.936933][T20984] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 779.936939][T20984] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 779.936945][T20984] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 779.936954][T20984] [ 779.936958][T20984] [ 780.049426][T20984] Allocated by task 20852: [ 780.050828][T20984] kasan_save_stack+0x33/0x60 [ 780.052331][T20984] kasan_save_track+0x14/0x30 [ 780.053804][T20984] __kasan_kmalloc+0xaa/0xb0 [ 780.055265][T20984] __kmalloc_node_noprof+0x21e/0x500 [ 780.056934][T20984] alloc_slab_obj_exts+0x41/0xa0 [ 780.058506][T20984] new_slab+0x27d/0x330 [ 780.059843][T20984] ___slab_alloc+0xcf2/0x1740 [ 780.061329][T20984] kmem_cache_alloc_bulk_noprof+0x24e/0xbc0 [ 780.063184][T20984] __io_alloc_req_refill+0x98/0x500 [ 780.064819][T20984] io_submit_sqes+0xde5/0x2590 [ 780.066329][T20984] __do_sys_io_uring_enter+0xd6a/0x1630 [ 780.068124][T20984] __do_fast_syscall_32+0x7c/0x3a0 [ 780.069805][T20984] do_fast_syscall_32+0x32/0x80 [ 780.071338][T20984] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 780.073276][T20984] [ 780.074052][T20984] Freed by task 14284: [ 780.075350][T20984] kasan_save_stack+0x33/0x60 [ 780.076858][T20984] kasan_save_track+0x14/0x30 [ 780.078351][T20984] kasan_save_free_info+0x3b/0x60 [ 780.079965][T20984] __kasan_slab_free+0x60/0x70 [ 780.081492][T20984] kfree+0x2b4/0x4d0 [ 780.082734][T20984] __free_slab+0x12c/0x190 [ 780.084152][T20984] rcu_core+0x799/0x1530 [ 780.085486][T20984] handle_softirqs+0x219/0x8e0 [ 780.086985][T20984] __irq_exit_rcu+0x109/0x170 [ 780.088473][T20984] irq_exit_rcu+0x9/0x30 [ 780.089806][T20984] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 780.091537][T20984] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 780.093386][T20984] [ 780.094153][T20984] The buggy address belongs to the object at ffff88805f363200 [ 780.094153][T20984] which belongs to the cache kmalloc-256 of size 256 [ 780.098436][T20984] The buggy address is located 48 bytes inside of [ 780.098436][T20984] freed 256-byte region [ffff88805f363200, ffff88805f363300) [ 780.102581][T20984] [ 780.103345][T20984] The buggy address belongs to the physical page: [ 780.105307][T20984] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805f362600 pfn:0x5f362 [ 780.108357][T20984] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 780.110929][T20984] flags: 0x4fff00000000240(workingset|head|node=1|zone=1|lastcpupid=0x7ff) [ 780.113591][T20984] page_type: f5(slab) [ 780.114853][T20984] raw: 04fff00000000240 ffff88801b842b40 ffffea00012e6290 ffffea0001308b10 [ 780.117510][T20984] raw: ffff88805f362600 0000000000100007 00000000f5000000 0000000000000000 [ 780.120177][T20984] head: 04fff00000000240 ffff88801b842b40 ffffea00012e6290 ffffea0001308b10 [ 780.122831][T20984] head: ffff88805f362600 0000000000100007 00000000f5000000 0000000000000000 [ 780.125499][T20984] head: 04fff00000000001 ffffea00017cd881 00000000ffffffff 00000000ffffffff [ 780.128188][T20984] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 780.130856][T20984] page dumped because: kasan: bad access detected [ 780.132853][T20984] page_owner tracks the page as allocated [ 780.134629][T20984] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6245, tgid 6244 (syz.0.60), ts 55508284889, free_ts 44714737603 [ 780.141147][T20984] post_alloc_hook+0x1c0/0x230 [ 780.142676][T20984] get_page_from_freelist+0x132b/0x38e0 [ 780.144433][T20984] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 780.146306][T20984] alloc_pages_mpol+0x1fb/0x550 [ 780.147869][T20984] new_slab+0x247/0x330 [ 780.149202][T20984] ___slab_alloc+0xcf2/0x1740 [ 780.150699][T20984] __slab_alloc.constprop.0+0x56/0xb0 [ 780.152402][T20984] __kmalloc_noprof+0x2f2/0x510 [ 780.153953][T20984] io_cache_alloc_new+0x45/0xf0 [ 780.155512][T20984] __io_prep_rw+0x21d/0x1090 [ 780.156995][T20984] io_prep_rw+0x24/0x220 [ 780.158317][T20984] io_prep_readv+0x20/0xa0 [ 780.159753][T20984] io_submit_sqes+0x832/0x2590 [ 780.161267][T20984] __do_sys_io_uring_enter+0xd6a/0x1630 [ 780.163032][T20984] __do_fast_syscall_32+0x7c/0x3a0 [ 780.164665][T20984] do_fast_syscall_32+0x32/0x80 [ 780.166216][T20984] page last free pid 5973 tgid 5973 stack trace: [ 780.168209][T20984] __free_frozen_pages+0x7d5/0x10f0 [ 780.169872][T20984] __put_partials+0x165/0x1c0 [ 780.171381][T20984] qlist_free_all+0x4d/0x120 [ 780.172857][T20984] kasan_quarantine_reduce+0x195/0x1e0 [ 780.174581][T20984] __kasan_slab_alloc+0x69/0x90 [ 780.176149][T20984] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 780.177849][T20984] ref_tracker_alloc+0x18e/0x5b0 [ 780.179436][T20984] netdev_queue_update_kobjects+0x2db/0x720 [ 780.181311][T20984] netdev_register_kobject+0x2b3/0x3d0 [ 780.183053][T20984] register_netdevice+0x13dc/0x2270 [ 780.184715][T20984] veth_newlink+0x30f/0xa00 [ 780.186165][T20984] rtnl_newlink+0xc45/0x2000 [ 780.187651][T20984] rtnetlink_rcv_msg+0x95b/0xe90 [ 780.189252][T20984] netlink_rcv_skb+0x155/0x420 [ 780.190781][T20984] netlink_unicast+0x5aa/0x870 [ 780.192306][T20984] netlink_sendmsg+0x8d1/0xdd0 [ 780.193822][T20984] [ 780.194598][T20984] Memory state around the buggy address: [ 780.196383][T20984] ffff88805f363100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 780.197021][ T839] em28xx 9-1:0.0: couldn't setup AC97 register 56 [ 780.198924][T20984] ffff88805f363180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 780.203521][T20984] >ffff88805f363200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 780.206055][T20984] ^ [ 780.206297][ T839] usb 9-1: USB disconnect, device number 3 [ 780.207850][T20984] ffff88805f363280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 780.212263][T20984] ffff88805f363300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 780.214769][T20984] ================================================================== [ 780.221412][T20984] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 780.223729][T20984] CPU: 0 UID: 0 PID: 20984 Comm: syz.2.4647 Not tainted 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT(full) [ 780.227473][T20984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 780.231012][T20984] Call Trace: [ 780.232083][T20984] [ 780.233034][T20984] dump_stack_lvl+0x3d/0x1f0 [ 780.234575][T20984] vpanic+0x6e8/0x7a0 [ 780.235890][T20984] ? __pfx_vpanic+0x10/0x10 [ 780.237340][T20984] ? __pfx_vprintk_emit+0x10/0x10 [ 780.238941][T20984] ? sysfs_remove_file_ns+0x63/0x70 [ 780.240590][T20984] panic+0xca/0xd0 [ 780.241787][T20984] ? __pfx_panic+0x10/0x10 [ 780.243247][T20984] ? sysfs_remove_file_ns+0x63/0x70 [ 780.245161][T20984] ? preempt_schedule_common+0x44/0xc0 [ 780.246912][T20984] ? preempt_schedule_thunk+0x16/0x30 [ 780.248580][T20984] check_panic_on_warn+0xab/0xb0 [ 780.250144][T20984] end_report+0x107/0x170 [ 780.251525][T20984] kasan_report+0xee/0x110 [ 780.252942][T20984] ? sysfs_remove_file_ns+0x63/0x70 [ 780.254544][T20984] sysfs_remove_file_ns+0x63/0x70 [ 780.256157][T20984] driver_remove_file+0x4a/0x60 [ 780.257686][T20984] bus_remove_driver+0x224/0x2c0 [ 780.259251][T20984] driver_unregister+0x76/0xb0 [ 780.260762][T20984] comedi_device_detach_locked+0x12c/0xa50 [ 780.262566][T20984] comedi_device_detach+0x67/0xb0 [ 780.264141][T20984] comedi_device_attach+0x43d/0x900 [ 780.265744][T20984] do_devconfig_ioctl+0x1b1/0x710 [ 780.267383][T20984] ? __mutex_lock+0x1c4/0x10b0 [ 780.268879][T20984] ? __pfx_do_devconfig_ioctl+0x10/0x10 [ 780.270581][T20984] ? kasan_save_stack+0x42/0x60 [ 780.272089][T20984] ? kasan_save_stack+0x33/0x60 [ 780.273789][T20984] ? kasan_save_track+0x14/0x30 [ 780.275426][T20984] ? kasan_save_free_info+0x3b/0x60 [ 780.277113][T20984] ? __kasan_slab_free+0x60/0x70 [ 780.278742][T20984] ? kfree+0x2b4/0x4d0 [ 780.280031][T20984] ? tomoyo_path_number_perm+0x470/0x580 [ 780.281907][T20984] comedi_unlocked_ioctl+0x165d/0x2f00 [ 780.283725][T20984] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 780.285536][T20984] ? rcu_is_watching+0x12/0xc0 [ 780.287111][T20984] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 780.288971][T20984] ? tomoyo_path_number_perm+0x295/0x580 [ 780.290708][T20984] ? rcu_is_watching+0x12/0xc0 [ 780.292213][T20984] ? lock_release+0x201/0x2f0 [ 780.293697][T20984] ? tomoyo_path_number_perm+0x18d/0x580 [ 780.295460][T20984] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 780.297329][T20984] comedi_compat_ioctl+0x1d0/0x990 [ 780.298932][T20984] ? __pfx_comedi_compat_ioctl+0x10/0x10 [ 780.300681][T20984] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 780.302613][T20984] ? do_vfs_ioctl+0x128/0x14f0 [ 780.304220][T20984] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 780.305793][T20984] ? rcu_is_watching+0x12/0xc0 [ 780.307287][T20984] ? __fget_files+0x204/0x3c0 [ 780.308751][T20984] ? hook_file_ioctl_common+0x145/0x410 [ 780.310464][T20984] ? __fget_files+0x20e/0x3c0 [ 780.311948][T20984] ? __ia32_compat_sys_openat+0xf0/0x210 [ 780.313695][T20984] ? __pfx_comedi_compat_ioctl+0x10/0x10 [ 780.315442][T20984] __ia32_compat_sys_ioctl+0x23f/0x370 [ 780.317176][T20984] __do_fast_syscall_32+0x7c/0x3a0 [ 780.318785][T20984] do_fast_syscall_32+0x32/0x80 [ 780.320291][T20984] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 780.322246][T20984] RIP: 0023:0xf708e579 [ 780.323526][T20984] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 780.329432][T20984] RSP: 002b:00000000f547e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 780.332025][T20984] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040946400 [ 780.334460][T20984] RDX: 0000000080000200 RSI: 0000000000000000 RDI: 0000000000000000 [ 780.336929][T20984] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 780.339390][T20984] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 780.341841][T20984] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 780.344314][T20984] [ 780.345878][T20984] Kernel Offset: disabled [ 780.347250][T20984] Rebooting in 86400 seconds.. VM DIAGNOSIS: 09:51:48 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000066 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85614bc5 RDI=ffffffff9b0f8680 RBP=ffffffff9b0f8640 RSP=ffffc90004437178 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3530383838666666 R12=0000000000000000 R13=0000000000000066 R14=ffffffff9b0f8640 R15=ffffffff85614b60 RIP=ffffffff85614bef RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880974c4000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f73473fc CR3=0000000074cd2000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=0000000000000000 RCX=ffffffff84e15414 RDX=ffff888024d8c880 RSI=0000000000000000 RDI=0000000000000007 RBP=ffff88807642803e RSP=ffffc90003ef71b0 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000fc2 R11=0000000000000012 R12=dffffc0000000000 R13=0000000000000fc1 R14=0000000000000fc1 R15=ffffc90003ef7430 RIP=ffffffff81bb0fe0 RFL=00000213 [----A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007ff2465e9880 ffffffff 00c00000 GS =0000 ffff8880975c4000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00005582255d6e10 CR3=000000004b3f0000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000c0ffc0e0 Opmask01=0000000000000000 Opmask02=00000000fffffdff Opmask03=0000000020400004 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005582253abff8 00005582253abff8 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0035706f6f6c2f6b 636f6c622f6c6175 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055822539f900 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005582253abff8 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff245ff1b20 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000ff00 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7265706f204d4554 5359534255532064 696c61766e69004d 4554535953425553 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2fc2809743b0b400 006b636f6c622f73 73616c632f2e2e2f 2e2e2f2e2e2f2e2e ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 fcb09c912d1fa918 000055877d189d3b 0000000000000131 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff245ff1b30 0048544150564544 0000000000000021 000000000000302e ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 fcb09c912d1fa918 000055877d184579 0000000000000171 0000003177617264 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 342c332c322c312c 3061722c4533312c 4433312c4333312c 4233312c4133312c ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3733312c3633312c 3433312c3333312c 3133312c3033316b 2c35312c332c312c ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 30652d3836313365 4332383570463645 307633303030623a 7475706e693d5341 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 323032302c313032 302c394631302c32 4331302c38423130 2c464131302c4541 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f415f4400000054 53495300302f3032 0000000000010044 0000503255004f54 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=0000000000000001 RCX=0000000000000002 RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff8df57e70 RBP=ffffc900042fef78 RSP=ffffc900042feeb0 R8 =0000000000000000 R9 =0000000000000000 R10=ffffc900042fef30 R11=000000000001066b R12=ffffffff81a67670 R13=ffffc900042fef30 R14=0000000000000000 R15=ffff8880265cc880 RIP=ffffffff8b906130 RFL=00000292 [--S-A--] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880976c4000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f741d9d8 CR3=0000000051d2b000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=dffffc0000000000 RBX=ffff88807595f580 RCX=000000010000bb5c RDX=1ffffffff1c42240 RSI=1ffffffff2156ece RDI=ffff88807595f2e0 RBP=ffffffffffffffff RSP=ffffc90003eaf4f0 R8 =0000000000000001 R9 =0000000000000019 R10=ffff88807595f2df R11=0000000000000000 R12=ffff88802b539300 R13=ffffffff8e211200 R14=ffff88807595eb80 R15=1ffff920007d5ea9 RIP=ffffffff816cb905 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977c4000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080002340 CR3=0000000051d2b000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000