last executing test programs: 1m20.008912073s ago: executing program 3 (id=4): read$FUSE(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(0x0, 0x0, 0x0) socket$unix(0x1, 0x5, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) write$uinput_user_dev(r0, &(0x7f0000000ec0)={'syz0\x00', {}, 0x0, [0x0, 0xe74, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0xb16, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffc, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], [0x88000001, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb19b, 0x100e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbcd5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4], [0x0, 0x0, 0x0, 0xc63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffd, 0x1000, 0x0, 0x0, 0x80000003, 0x0, 0x5]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f00000006c0)={'syz0\x00', {0x7, 0x7, 0x9, 0x1}, 0x48, [0x6, 0x2, 0x1ff, 0x5, 0x0, 0xbb7767c, 0x7, 0x7, 0xe, 0xb, 0x1, 0x5, 0xb, 0x50, 0x8, 0x0, 0x9, 0x7, 0x4, 0x106, 0x2, 0x400, 0x3, 0x8b, 0x100, 0x10000, 0x7, 0x8, 0x9, 0x83, 0x7, 0x6, 0x80000000, 0x1, 0x5, 0x78f2c64d, 0x4, 0x3, 0xffff144a, 0x10, 0x4, 0x8194ba6b, 0x40, 0x8, 0x7, 0x1000, 0x2, 0xd, 0xe10, 0x7fff, 0x3, 0x5, 0x6, 0x8, 0x7, 0x26, 0x11, 0x3, 0xd, 0x7, 0x2, 0x292, 0x93d, 0x40], [0xac, 0x8, 0x81, 0x7fffffff, 0x62, 0x6, 0x9, 0x0, 0x7, 0x5, 0x9, 0x1, 0x5, 0x9, 0x0, 0x2, 0xd5f, 0x9, 0x2, 0x3, 0x3, 0x9, 0x3, 0x1ff, 0xb913, 0x8001, 0x2, 0x0, 0x800, 0x2, 0xb88, 0x10001, 0x4, 0x8, 0x2, 0x4, 0x8, 0x8, 0x6, 0x9, 0x6, 0x40, 0x8001, 0x4, 0x3, 0x8, 0x10001, 0x8, 0xc695, 0x7, 0xb8, 0x7c, 0x9, 0x4aa, 0x7, 0x7, 0x7, 0x2, 0x4, 0x4, 0x9, 0x6, 0x5, 0x7], [0x7, 0x200, 0x5967940c, 0x4, 0x7ff, 0xa, 0x4, 0x6716, 0x10001, 0x5, 0x6, 0x80, 0xffff, 0x2, 0xc87, 0x6, 0x1, 0xffff, 0x9, 0xf, 0x3, 0x7fffffff, 0x6092, 0x8, 0x8, 0x7fffffff, 0x3, 0x8, 0x4c6ab4c9, 0x5, 0x2, 0xc, 0xffffffff, 0x9, 0x6, 0x48e0, 0x10, 0xe, 0x9, 0x6, 0xfff, 0x9, 0x0, 0x6, 0x200, 0xd0, 0x34, 0x7, 0xfffffffb, 0x7fffffff, 0x9, 0x9, 0x8157, 0x8000, 0x7, 0x2, 0x7ff, 0xffff, 0x5, 0x0, 0xff, 0x6, 0xffff333e, 0x63d9], [0x80000001, 0x200, 0x4, 0x40, 0x3, 0x0, 0x2, 0x76000000, 0x47b0, 0x0, 0x7, 0x0, 0xda6, 0x80000001, 0x6, 0xe619, 0xd533, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x9, 0x1, 0x5, 0xfffffff9, 0x412, 0x3, 0x0, 0x6, 0x8, 0x8, 0x589, 0x100, 0x291, 0x6, 0x5, 0xffffffff, 0xa, 0x9, 0x800, 0xa, 0x8, 0x10, 0x9, 0x3, 0x6, 0xf, 0x800, 0xfffff001, 0x6d5d800, 0xf3e3, 0x3, 0x2, 0x0, 0xa, 0x6, 0x5, 0x9, 0x8, 0x2, 0x800, 0x8]}, 0x45c) 1m19.92896234s ago: executing program 3 (id=8): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0) mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x80700a, 0x0) 1m19.766985935s ago: executing program 3 (id=11): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(0x0, 0x2, 0x141121) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_io_uring_setup(0x38fe, 0x0, &(0x7f0000000180), &(0x7f00000001c0)) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) io_uring_enter(r3, 0x2def, 0x4000, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1m18.64828031s ago: executing program 3 (id=17): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r5, 0x6, &(0x7f0000002000)={0x1, 0x0, 0x0, 0x1}) fcntl$lock(r5, 0x26, &(0x7f0000000080)={0x0, 0x1}) 1m18.583851521s ago: executing program 32 (id=17): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r5, 0x6, &(0x7f0000002000)={0x1, 0x0, 0x0, 0x1}) fcntl$lock(r5, 0x26, &(0x7f0000000080)={0x0, 0x1}) 6.419062458s ago: executing program 4 (id=321): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xe1) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = openat$fuse(0xffffff9c, &(0x7f0000000580), 0x2, 0x0) read$FUSE(r2, 0x0, 0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) r3 = syz_open_dev$cec(0x0, 0x0, 0x20000) ioctl$CEC_ADAP_G_CONNECTOR_INFO(r3, 0x8044610a, &(0x7f00000002c0)={0x0, @raw}) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffdd2) socket(0x10, 0x803, 0x0) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r7 = dup(r6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r7, 0x0) ioctl$BLKZEROOUT(r7, 0x127f, 0x0) 5.729550387s ago: executing program 4 (id=324): openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0) 5.645956556s ago: executing program 4 (id=325): r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x121301, 0x0) ioctl$TCSETS(r0, 0x40045431, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x5, &(0x7f0000002d40)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000ffffffd70700001000000095000000000000002ba72804605789bfbc7174159805d30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2681d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142fa9ea4318123f602000000000080de89e661168c1886d0d4d94f204e345c65c26e278ef5b915395b19284a1a4bc72fbc162619b3af8a4e825d922c65e3a2a2ad358061d0ae0209e6e83d15645aa818d92b21aa6459512f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa8666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bf3d6b2e28f90c52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340a1c8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e517232586872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d6acabd38a817bcd222614d1f62734d679039a97d2b74f9e8e997ccd314000f747f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d350100c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798abe646f738bebd69413afc9d8a5edd7aaa000000000600001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736dd19363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480e5aee9c9e5f2e5a56a6d920335c8e8726fd8329d9a733d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c50008a2b50025419dfc75c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047050d7296cd3856476a0ea49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64dc4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2ddf267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed186a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d36df524b760ab92efcce7dd1574a0730a9e015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbe4fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a7e008f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a903375dfb663a8d8ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d054c744fd06a57f7bcb8fb58c512d0884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c63fb9450dd03985d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921bd4d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a980010000fdf278218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9d3696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee5237ada986b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8596970d5254727e804fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8fabea9930952f5da9b909c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3138e2361c51cd1eab8a26b232acf6bf0ab829c26dab637c335892b420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d8549f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39389f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f21d9d5bc27d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072da00f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c30600a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce6459200000067c38a656d326cff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86da86b52f79a3f7306436762dd1a08ce023e07cebc7892ec6f9f696da38feed3d70001500e34ad2e1b2e64af4e37211b524e20f4ae1ba89a32bad2af9030f8add5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac3ffff1ac279a688f10a12105edebc5e3bbc394c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e90eb1fffffffffffffcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d0dbaec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c2615318bf813e788c84409dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f23d9eea2459f7844606e1202768d83c24cc791bde44a448022bbfa571fe029a7b2d5152639ee283894ab6168992ff0acc01b39a078f285ce615351f6eb9447bb3eaffd7b53d8f37ca6c5f1027dd5b7592996c8a7789ba108979cc9ad07ed86682843e2eaa855dd01443ee6ffde1811f10039d5d14458177096e15cc4d8f2582a1bea5cc98d992f3de7d1cdfb24384b9f11b615c87c441dc970ec896a5af6bf69b50a244bc138a1cae3d220bcff6bcb3058c6e0d1cc0da889710f33f5638f805ce602365492282863cc8092b16656dea03cd50182aabbac78a14506dcbf823bec4a5dad14c4d7353b6a55c28321647df3a85bf9fca4e18aeaf4867e6a3dbdd7a5dbe1a52bddae83fc368404a032bd2649cf74d7af8e9e3e43fad643ad3e8575a2bb0507531eac5e10b631575f1360803c8f556e07f292ab66b9bcea0c2f09db289a5934a4f2f5fe5cfc52b270a4a5fa2a8de62dcaf7ef52f1fd84c55e6a0c5a365a3b4e73c4ac6fc26367f3f6c07b06a0874c039622ba2bd369b105f57099f742a000a36c2f044a5de24604f82a1f197d9a70b5a62f794f57ec02df70d459fedd6125ae41479a2661360a79e175f0add2820018d5985183ee80f681403a7d08e0e2b88d0750c90b7ed5fed6f81ce797f3b60445ce811d2b4e45005a5ea06c1fe927af06433cd3885dc954e698a7a73416c73bfab7773a604e14338797ce9148cda4c0bf05fb67915aeb3661e755e4e1a0ceedfe8e91ee5361ff4c7c07b422e1443a6616b0104000000000000a4c0a1d44d9dfd82896f5623e1d37da4a9a9444485e9b1e3b6b548528989d2aecc1e7b6ee92ca19298801105ced8964e000000000000000000000000000000000000000000000000000000000003d1c031ee2fc25c7ad34283187545b1343f7ab862e66cf5bf4ba4dbf5fda31619c05ddb97199ad4d01471e9b3c7f485b1e74d0ed34201915e79d5ed229f0773ab6b38529c45b10d0796e005b6d663b942320339b9fe1d4e393b4bcb596898cde06955a345db3cb956b0e5da1c1dba7046f4d12fc65085302f330a5e05b59db781cf9cf33752836fff6fcbf379332357c47f3597e084d0779b3cbfb312925a8151e338eca2c80600000000ac5992a4c7ec0b741f117f628562c3b27483ad6d733ffcbfca0ba805af95f8985901b0b8f918efa139e984fe872f22f5f094e3fbdf45ec2076710d8c787156b3e05774ac977c3db6288d252b2a73c84a07d73f9721e52f5b5d331ebb7db0a03be93fd96d7355405e954b8d6d0efcd6c37d869086efe15e30b7b6b2b37647e265a62fccfeb16f12f109dc5e405b53d1737b7a2620943affaa2eb07585e23e0513df2f83218f9f3ed9ba3026bcfbe5e9b36ab5b052886227827b983c0fe8da495f1ea7b5c35e42ff83f6e5e5a71ba3000000000000000000f73ffcd0c92a30304d5142441978012e2e6e1c45c28713fa5354f1fd124598688dffa0890dc8c6b4d9732347896d17d4efe12c20c706dcd4601135c553713cc4000a6690a2eed2e680db50589a659a240afc2c1eaa381a4135933a8d7abff2a7882ff50eabbe493ae54f71473eb65fe8e850f36d096a9c7dfd8fd2a35234bef2ba4755e10489b2508e4a9d911135b6c802e16e23fc7a3c3c0f5939b842bca82db931e5ba180f1eed5f539371105aee1d06af045892e18eb5dfd361f6d89fff0b82da98fa7aa90fe92b59887fda0ed8d375ba13fe3f63e69e417c89e3"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) r3 = add_key$user(&(0x7f0000000080), &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)="35cb", 0x2, 0xfffffffffffffffd) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@updsa={0x134, 0x1a, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@empty, 0x0, 0x100}, {@in, 0x0, 0x6c}, @in6=@private1, {}, {0x0, 0x0, 0x0, 0x100}, {}, 0x0, 0x0, 0xa}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x134}}, 0x0) keyctl$KEYCTL_MOVE(0x1e, r3, 0xfffffffffffffffb, 0xffffffffffffffff, 0x1) r5 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r5, 0x47f9, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_IO_FLUSHER(0x43, 0x1) prctl$PR_SET_IO_FLUSHER(0x43, 0x0) 5.485506984s ago: executing program 2 (id=326): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xb3, &(0x7f0000000140)=""/179, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r0, &(0x7f0000002540)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff, 0x3c, 0x0, @void}, 0x10) r2 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000000)=0x1000) mmap$dsp(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x100000f, 0x11, r2, 0x0) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f00000000c0)=0x101) ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000000)=0x4000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x90}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 4.526944735s ago: executing program 2 (id=328): r0 = socket(0x2, 0x3, 0xff) bpf$PROG_LOAD(0x5, 0x0, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x19c5498e, 0x103902) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = syz_io_uring_setup(0x38fe, &(0x7f0000000300)={0x0, 0x1fffff, 0x10100, 0x0, 0x16e}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) r7 = socket$caif_stream(0x25, 0x1, 0x0) setsockopt$CAIFSO_LINK_SELECT(r7, 0x116, 0x7f, 0x0, 0x15) socket$inet6_sctp(0xa, 0x5, 0x84) io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x22, 0x0, 0x1) syz_io_uring_submit(r5, r6, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2}) io_uring_enter(r4, 0x3f80, 0x3697, 0x25, 0x0, 0x0) r8 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x1d2) fcntl$setlease(r8, 0x400, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x1000000) close_range(r1, 0xffffffffffffffff, 0x0) rt_sigprocmask(0x0, 0x0, 0x0, 0x0) timer_create(0x3, 0x0, 0x0) 4.526792372s ago: executing program 4 (id=330): r0 = socket$inet6(0xa, 0x6, 0x0) r1 = syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d240f0100000000000000000006241a0000000c241b4800050000050080050905810300020000000904010000020d00000904010102020d0000090582020004000000090503020002"], 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x40800) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f0000000a00)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) getgid() syz_usb_control_io(r1, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x100) close_range(r0, 0xffffffffffffffff, 0x0) 4.518099248s ago: executing program 0 (id=337): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000002780), 0x8000, 0x0) creat(&(0x7f0000000340)='./bus\x00', 0x0) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000b00)={0x4, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, 0x0) ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000180)=0x100) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103) chmod(&(0x7f0000000140)='./file0\x00', 0xfeff) chown(&(0x7f0000000240)='./file0\x00', 0xee00, 0x0) sendmsg$nl_xfrm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=ANY=[@ANYBLOB="24010000170001000000000000000000ac1414bb0000000000000000000000008b1fd040369557aaac141400000000000000000000000000ff010000000000000000000000000001ff02000000000000000000000000000100000000000000000000200000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc0200000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b66b6e00"/124], 0x124}}, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r5, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000080)="a3", 0xff4b) r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r8 = dup(r7) write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c) socket$packet(0x11, 0x2, 0x300) ioctl$TIOCVHANGUP(r4, 0x5453, 0x2) 4.26427634s ago: executing program 0 (id=332): pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b0000"], 0x15) r1 = dup(r0) write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18, 0x0, 0x0, {0xfffffffffffffffe}}, 0x18) write$FUSE_DIRENTPLUS(r1, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$dsp1(0xffffff9c, 0x0, 0x30002, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) io_uring_setup(0x29d5, &(0x7f0000000100)={0x0, 0x9255, 0x0, 0x0, 0x28d}) r5 = socket$inet_smc(0x2b, 0x1, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r7, 0x4068aea3, &(0x7f0000000080)) ioctl$KVM_SET_GSI_ROUTING(r7, 0x4008ae6a, &(0x7f0000000200)=ANY=[@ANYBLOB="010000000000000000000000050000000000000000000000030000000000f100ffffffff"]) ioctl$KVM_IRQ_LINE_STATUS(r7, 0xc008ae67, &(0x7f0000000000)) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e2b, @local}, 0x10) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="10"], 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000010140)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000003b810000850000007d000000850000005000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 3.567951053s ago: executing program 1 (id=333): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x0, 0x2b4}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, 0x0, 0x1) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0) io_setup(0x4, &(0x7f0000000280)=0x0) r6 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r6, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) io_pgetevents(r5, 0x2, 0x2, &(0x7f00000000c0)=[{}, {}], 0x0, 0x0) 3.563954188s ago: executing program 2 (id=342): r0 = getpid() uname(0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f00000001c0)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x6, 0x13, r5, 0x0) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x0, 0x0, 0x1, 0x7, 0x40000, 0x2, 0x0, 0x0, 0x0, 0x2, 0x4, 0x5, 0x6, 0x2], 0x1}) ioctl$KVM_RUN(r5, 0xae80, 0x0) 3.289935527s ago: executing program 0 (id=334): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x10, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0xd}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xfa7e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r3, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x20}}}, 0x1c) setsockopt$sock_linger(r3, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 2.561624137s ago: executing program 2 (id=335): syz_open_dev$usbfs(0x0, 0x800000001fe, 0x82) socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x23, 0x0, 0x0) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000200)=0x3, 0x4) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) lsm_set_self_attr(0x68, 0x0, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc0205649, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4001}, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) write$binfmt_aout(r1, 0x0, 0xffffffdb) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 2.521977068s ago: executing program 1 (id=336): openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0) 2.398916183s ago: executing program 0 (id=338): r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x121301, 0x0) ioctl$TCSETS(r0, 0x40045431, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x5, &(0x7f0000002d40)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000ffffffd70700001000000095000000000000002ba72804605789bfbc7174159805d30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2681d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142fa9ea4318123f602000000000080de89e661168c1886d0d4d94f204e345c65c26e278ef5b915395b19284a1a4bc72fbc162619b3af8a4e825d922c65e3a2a2ad358061d0ae0209e6e83d15645aa818d92b21aa6459512f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa8666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bf3d6b2e28f90c52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340a1c8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e517232586872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d6acabd38a817bcd222614d1f62734d679039a97d2b74f9e8e997ccd314000f747f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d350100c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798abe646f738bebd69413afc9d8a5edd7aaa000000000600001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736dd19363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480e5aee9c9e5f2e5a56a6d920335c8e8726fd8329d9a733d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c50008a2b50025419dfc75c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047050d7296cd3856476a0ea49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64dc4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2ddf267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed186a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d36df524b760ab92efcce7dd1574a0730a9e015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbe4fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a7e008f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a903375dfb663a8d8ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d054c744fd06a57f7bcb8fb58c512d0884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c63fb9450dd03985d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921bd4d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a980010000fdf278218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9d3696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee5237ada986b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8596970d5254727e804fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8fabea9930952f5da9b909c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3138e2361c51cd1eab8a26b232acf6bf0ab829c26dab637c335892b420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d8549f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39389f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f21d9d5bc27d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072da00f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c30600a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce6459200000067c38a656d326cff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86da86b52f79a3f7306436762dd1a08ce023e07cebc7892ec6f9f696da38feed3d70001500e34ad2e1b2e64af4e37211b524e20f4ae1ba89a32bad2af9030f8add5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac3ffff1ac279a688f10a12105edebc5e3bbc394c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e90eb1fffffffffffffcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d0dbaec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c2615318bf813e788c84409dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f23d9eea2459f7844606e1202768d83c24cc791bde44a448022bbfa571fe029a7b2d5152639ee283894ab6168992ff0acc01b39a078f285ce615351f6eb9447bb3eaffd7b53d8f37ca6c5f1027dd5b7592996c8a7789ba108979cc9ad07ed86682843e2eaa855dd01443ee6ffde1811f10039d5d14458177096e15cc4d8f2582a1bea5cc98d992f3de7d1cdfb24384b9f11b615c87c441dc970ec896a5af6bf69b50a244bc138a1cae3d220bcff6bcb3058c6e0d1cc0da889710f33f5638f805ce602365492282863cc8092b16656dea03cd50182aabbac78a14506dcbf823bec4a5dad14c4d7353b6a55c28321647df3a85bf9fca4e18aeaf4867e6a3dbdd7a5dbe1a52bddae83fc368404a032bd2649cf74d7af8e9e3e43fad643ad3e8575a2bb0507531eac5e10b631575f1360803c8f556e07f292ab66b9bcea0c2f09db289a5934a4f2f5fe5cfc52b270a4a5fa2a8de62dcaf7ef52f1fd84c55e6a0c5a365a3b4e73c4ac6fc26367f3f6c07b06a0874c039622ba2bd369b105f57099f742a000a36c2f044a5de24604f82a1f197d9a70b5a62f794f57ec02df70d459fedd6125ae41479a2661360a79e175f0add2820018d5985183ee80f681403a7d08e0e2b88d0750c90b7ed5fed6f81ce797f3b60445ce811d2b4e45005a5ea06c1fe927af06433cd3885dc954e698a7a73416c73bfab7773a604e14338797ce9148cda4c0bf05fb67915aeb3661e755e4e1a0ceedfe8e91ee5361ff4c7c07b422e1443a6616b0104000000000000a4c0a1d44d9dfd82896f5623e1d37da4a9a9444485e9b1e3b6b548528989d2aecc1e7b6ee92ca19298801105ced8964e000000000000000000000000000000000000000000000000000000000003d1c031ee2fc25c7ad34283187545b1343f7ab862e66cf5bf4ba4dbf5fda31619c05ddb97199ad4d01471e9b3c7f485b1e74d0ed34201915e79d5ed229f0773ab6b38529c45b10d0796e005b6d663b942320339b9fe1d4e393b4bcb596898cde06955a345db3cb956b0e5da1c1dba7046f4d12fc65085302f330a5e05b59db781cf9cf33752836fff6fcbf379332357c47f3597e084d0779b3cbfb312925a8151e338eca2c80600000000ac5992a4c7ec0b741f117f628562c3b27483ad6d733ffcbfca0ba805af95f8985901b0b8f918efa139e984fe872f22f5f094e3fbdf45ec2076710d8c787156b3e05774ac977c3db6288d252b2a73c84a07d73f9721e52f5b5d331ebb7db0a03be93fd96d7355405e954b8d6d0efcd6c37d869086efe15e30b7b6b2b37647e265a62fccfeb16f12f109dc5e405b53d1737b7a2620943affaa2eb07585e23e0513df2f83218f9f3ed9ba3026bcfbe5e9b36ab5b052886227827b983c0fe8da495f1ea7b5c35e42ff83f6e5e5a71ba3000000000000000000f73ffcd0c92a30304d5142441978012e2e6e1c45c28713fa5354f1fd124598688dffa0890dc8c6b4d9732347896d17d4efe12c20c706dcd4601135c553713cc4000a6690a2eed2e680db50589a659a240afc2c1eaa381a4135933a8d7abff2a7882ff50eabbe493ae54f71473eb65fe8e850f36d096a9c7dfd8fd2a35234bef2ba4755e10489b2508e4a9d911135b6c802e16e23fc7a3c3c0f5939b842bca82db931e5ba180f1eed5f539371105aee1d06af045892e18eb5dfd361f6d89fff0b82da98fa7aa90fe92b59887fda0ed8d375ba13fe3f63e69e417c89e3"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) r3 = add_key$user(&(0x7f0000000080), &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)="35cb", 0x2, 0xfffffffffffffffd) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@updsa={0x134, 0x1a, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@empty, 0x0, 0x100}, {@in, 0x0, 0x6c}, @in6=@private1, {}, {0x0, 0x0, 0x0, 0x100}, {}, 0x0, 0x0, 0xa}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x134}}, 0x0) keyctl$KEYCTL_MOVE(0x1e, r3, 0xfffffffffffffffb, 0xffffffffffffffff, 0x1) r5 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r5, 0x47f9, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_IO_FLUSHER(0x43, 0x1) prctl$PR_SET_IO_FLUSHER(0x43, 0x0) 2.398763349s ago: executing program 1 (id=339): r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) bind$llc(r0, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x54}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) sendfile(r0, r1, 0x0, 0xffffffff000) 2.037470422s ago: executing program 4 (id=340): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xb3, &(0x7f0000000140)=""/179, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r0, &(0x7f0000002540)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff, 0x3c, 0x0, @void}, 0x10) r2 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000000)=0x1000) mmap$dsp(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x100000f, 0x11, r2, 0x0) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f00000000c0)=0x101) ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000000)=0x4000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x90}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 2.036353942s ago: executing program 2 (id=349): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) sendto$inet(r3, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) 1.707889822s ago: executing program 1 (id=341): setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x7, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = creat(0x0, 0x0) rt_sigaction(0x19, 0x0, 0x0, 0x0, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x10, &(0x7f0000000080)=0xf3e, 0x4) ftruncate(r0, 0x3292e291) socket$inet_tcp(0x2, 0x1, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_opts(r2, 0x0, 0x4, 0x0, 0x0) getsockopt$inet_opts(r2, 0x0, 0x4, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0) sendmsg$NL80211_CMD_NEW_STATION(r1, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r3, 0x90004) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) r4 = accept4(r3, 0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) sendmsg$FOU_CMD_GET(r4, 0x0, 0x1004) 1.48219856s ago: executing program 0 (id=343): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x1e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x1, 0x0, 0x0, 0x2}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_emit_ethernet(0x9e, &(0x7f00000003c0)=ANY=[@ANYBLOB="ff00ffffffff0180c200000086dd6000030800683a00fc010000000000000000000000000000634404fef6360f2ba0fe8000000000000000000000000000aa0200907800000000605b52ab00002b00fc0000000000e3a04f89f490625e0000fc0000000000000000000000000000000004040201000000fc020000000000000000000000000000fe88000000000000000000000000000188000000000000000401090000000000"], 0x0) lsm_list_modules(&(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) syz_open_dev$vcsu(&(0x7f0000000000), 0x800, 0x40) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r3 = syz_io_uring_setup(0x117, &(0x7f0000000300), &(0x7f0000000280)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, 0xc}) io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0) 1.481882607s ago: executing program 1 (id=344): ioprio_set$pid(0x2, 0x0, 0x6000) openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1d, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xc, 0x0, 0x7ffc1ffb}]}) timerfd_create(0x0, 0x0) r3 = socket$inet6(0xa, 0x80002, 0x88) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000006c0)={0x55, 0x5, 0xfffc, {0x7, 0x1}, {0xad, 0x2}, @cond=[{0x3, 0x6a, 0x19, 0x2, 0xd, 0xc6}, {0x2, 0x7f, 0x9, 0xa4ed, 0xc7, 0x7}]}) r4 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x8c2b01) write$char_usb(r4, &(0x7f0000000040)="e2", 0x12d8) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) socket$inet6_udplite(0xa, 0x2, 0x88) 1.028070421s ago: executing program 2 (id=345): semget(0x1, 0x3, 0x319) r0 = socket$inet_udp(0x2, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffdc5, &(0x7f00000002c0)=0x800002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x600, 0x60}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_ID={0x8, 0x1, 0x2}]}}}]}, 0x3c}, 0x1, 0x2}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_xfrm(0x10, 0x3, 0x6) memfd_create(0x0, 0x4) setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f00000003c0)='wg1\x00', 0x4) ioperm(0x0, 0x1, 0x1bf4) quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @rand_addr=0x64010100}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 633.251333ms ago: executing program 4 (id=346): socket$l2tp6(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x3, 0x300) socket$nl_route(0x10, 0x3, 0x0) socket$key(0xf, 0x3, 0x2) syz_usb_connect$cdc_ecm(0x3, 0x4d, &(0x7f0000001240)=ANY=[@ANYBLOB="12010000020000102505a1a44000010203010902"], 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') openat$sndseq(0xffffffffffffff9c, &(0x7f0000000800), 0x20801) userfaultfd(0x801) syz_open_dev$sndctrl(&(0x7f0000000240), 0x0, 0x2a8600) openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000380), 0x2, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) socket$inet6(0xa, 0x2, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x40000012}) mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x103) open$dir(&(0x7f0000000100)='./file0\x00', 0x8802, 0x0) open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0) socket(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x201, 0x1, &(0x7f0000000540)=[r1], &(0x7f0000000500)=[0x1], &(0x7f0000000200), &(0x7f0000000580), 0x0, 0x7f}) 507.655897ms ago: executing program 1 (id=347): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x5, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x2001, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) listen(0xffffffffffffffff, 0x0) getsockopt$ARPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000340)={'filter\x00', 0x0, [0xd, 0x3a5e]}, &(0x7f0000000280)=0x44) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) chdir(&(0x7f0000000300)='./file0\x00') r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x408) write$binfmt_script(r3, &(0x7f0000000100), 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) ioctl$VIDIOC_S_SELECTION(r3, 0xc040565f, &(0x7f0000000180)={0x0, 0x0, 0x5, {0x80000004, 0xfffffff8, 0x7ffb, 0x2}}) ioctl$TIOCL_GETMOUSEREPORTING(0xffffffffffffffff, 0x5412, 0x0) unshare(0x62040211) 0s ago: executing program 0 (id=348): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x0, 0x2b4}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, 0x0, 0x1) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0) io_setup(0x4, &(0x7f0000000280)=0x0) r6 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r6, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) io_pgetevents(r5, 0x2, 0x2, &(0x7f00000000c0)=[{}, {}], 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:56479' (ED25519) to the list of known hosts. [ 42.131254][ T5934] cgroup: Unknown subsys name 'net' [ 42.278840][ T5934] cgroup: Unknown subsys name 'cpuset' [ 42.282607][ T5934] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 43.221261][ T5934] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 46.234180][ T5954] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 46.244509][ T5957] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 46.247043][ T5961] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 46.248120][ T5957] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 46.250056][ T5961] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 46.251312][ T5957] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 46.253385][ T5961] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 46.255560][ T5957] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 46.258575][ T5961] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 46.259469][ T5957] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 46.261531][ T5961] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 46.263420][ T5957] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 46.265669][ T5961] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 46.267779][ T5957] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 46.269410][ T5961] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 46.271251][ T5957] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 46.281122][ T5964] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 46.283602][ T5964] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 46.296490][ T5966] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 46.300012][ T5966] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 46.565247][ T5951] chnl_net:caif_netlink_parms(): no params data found [ 46.573366][ T5950] chnl_net:caif_netlink_parms(): no params data found [ 46.701597][ T5962] chnl_net:caif_netlink_parms(): no params data found [ 46.719370][ T5959] chnl_net:caif_netlink_parms(): no params data found [ 46.823507][ T5951] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.826828][ T5951] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.829234][ T5951] bridge_slave_0: entered allmulticast mode [ 46.832752][ T5951] bridge_slave_0: entered promiscuous mode [ 46.840957][ T5951] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.843750][ T5951] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.846465][ T5951] bridge_slave_1: entered allmulticast mode [ 46.849332][ T5951] bridge_slave_1: entered promiscuous mode [ 46.869565][ T5950] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.871614][ T5950] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.873615][ T5950] bridge_slave_0: entered allmulticast mode [ 46.875958][ T5950] bridge_slave_0: entered promiscuous mode [ 46.960177][ T5950] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.962017][ T5950] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.964271][ T5950] bridge_slave_1: entered allmulticast mode [ 46.966970][ T5950] bridge_slave_1: entered promiscuous mode [ 46.997982][ T5951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.001389][ T5962] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.004173][ T5962] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.007803][ T5962] bridge_slave_0: entered allmulticast mode [ 47.011262][ T5962] bridge_slave_0: entered promiscuous mode [ 47.053946][ T5951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.085170][ T5962] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.088111][ T5962] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.092157][ T5962] bridge_slave_1: entered allmulticast mode [ 47.096304][ T5962] bridge_slave_1: entered promiscuous mode [ 47.101531][ T5950] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.151064][ T5950] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.197474][ T5951] team0: Port device team_slave_0 added [ 47.224578][ T5962] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.274717][ T5959] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.277625][ T5959] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.280482][ T5959] bridge_slave_0: entered allmulticast mode [ 47.284089][ T5959] bridge_slave_0: entered promiscuous mode [ 47.290223][ T5951] team0: Port device team_slave_1 added [ 47.293158][ T5962] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.298075][ T5950] team0: Port device team_slave_0 added [ 47.300669][ T5959] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.302943][ T5959] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.305457][ T5959] bridge_slave_1: entered allmulticast mode [ 47.309315][ T5959] bridge_slave_1: entered promiscuous mode [ 47.386015][ T5950] team0: Port device team_slave_1 added [ 47.421308][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.423272][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.431106][ T5951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.469369][ T5959] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.472371][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.474491][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.481487][ T5951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.487379][ T5962] team0: Port device team_slave_0 added [ 47.490682][ T5962] team0: Port device team_slave_1 added [ 47.508075][ T5959] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.529879][ T5950] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.531853][ T5950] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.539358][ T5950] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.593214][ T5950] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.595884][ T5950] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.605521][ T5950] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.620000][ T5959] team0: Port device team_slave_0 added [ 47.622701][ T5962] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.624758][ T5962] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.633008][ T5962] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.680580][ T5959] team0: Port device team_slave_1 added [ 47.682684][ T5962] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.685343][ T5962] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.693011][ T5962] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.729734][ T5951] hsr_slave_0: entered promiscuous mode [ 47.732762][ T5951] hsr_slave_1: entered promiscuous mode [ 47.763434][ T5959] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.765453][ T5959] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.772482][ T5959] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.800901][ T5959] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.802821][ T5959] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.811032][ T5959] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.872438][ T5950] hsr_slave_0: entered promiscuous mode [ 47.874446][ T5950] hsr_slave_1: entered promiscuous mode [ 47.876549][ T5950] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.878692][ T5950] Cannot create hsr debugfs directory [ 47.917462][ T5962] hsr_slave_0: entered promiscuous mode [ 47.920454][ T5962] hsr_slave_1: entered promiscuous mode [ 47.923153][ T5962] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.925372][ T5962] Cannot create hsr debugfs directory [ 47.981132][ T5959] hsr_slave_0: entered promiscuous mode [ 47.983154][ T5959] hsr_slave_1: entered promiscuous mode [ 47.984999][ T5959] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.987234][ T5959] Cannot create hsr debugfs directory [ 48.337366][ T5966] Bluetooth: hci2: command tx timeout [ 48.338464][ T68] Bluetooth: hci0: command tx timeout [ 48.339303][ T5966] Bluetooth: hci3: command tx timeout [ 48.340996][ T5954] Bluetooth: hci1: command tx timeout [ 48.342798][ T5951] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 48.351904][ T5951] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 48.367030][ T5951] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 48.371001][ T5951] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 48.408491][ T5950] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 48.414010][ T5950] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 48.431656][ T5950] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 48.447134][ T5950] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 48.465150][ T5959] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 48.473260][ T5959] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 48.479278][ T5959] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 48.483887][ T5959] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 48.523811][ T5962] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 48.529119][ T5962] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 48.533500][ T5962] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 48.537795][ T5962] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 48.554677][ T5951] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.586656][ T5951] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.611519][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.613712][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.625006][ T1136] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.627025][ T1136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.651452][ T5950] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.664738][ T5959] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.692509][ T5950] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.700396][ T5959] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.706541][ T66] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.709325][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.713909][ T66] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.716061][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.725413][ T5962] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.732641][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.734611][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.738989][ T1136] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.740997][ T1136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.767010][ T5962] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.780903][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.782997][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.792073][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.795043][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.830697][ T5962] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 48.833538][ T5962] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 48.871070][ T5951] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.908731][ T5951] veth0_vlan: entered promiscuous mode [ 48.914439][ T5951] veth1_vlan: entered promiscuous mode [ 48.924262][ T5950] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.947787][ T5959] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.956902][ T5951] veth0_macvtap: entered promiscuous mode [ 48.964625][ T5951] veth1_macvtap: entered promiscuous mode [ 48.971305][ T5962] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.981380][ T5950] veth0_vlan: entered promiscuous mode [ 48.993478][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.002141][ T5950] veth1_vlan: entered promiscuous mode [ 49.019464][ T5959] veth0_vlan: entered promiscuous mode [ 49.022751][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.035720][ T5950] veth0_macvtap: entered promiscuous mode [ 49.041556][ T5951] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.044898][ T5951] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.050615][ T5951] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.054191][ T5951] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.064066][ T5950] veth1_macvtap: entered promiscuous mode [ 49.069009][ T5959] veth1_vlan: entered promiscuous mode [ 49.098849][ T5950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.102061][ T5950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.105435][ T5950] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.114362][ T5950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.117641][ T5950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.121077][ T5950] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.123718][ T5962] veth0_vlan: entered promiscuous mode [ 49.133200][ T5962] veth1_vlan: entered promiscuous mode [ 49.135733][ T5950] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.138512][ T5950] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.140884][ T5950] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.143254][ T5950] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.171531][ T5959] veth0_macvtap: entered promiscuous mode [ 49.174750][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.177198][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.185094][ T5959] veth1_macvtap: entered promiscuous mode [ 49.203952][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.206823][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.210964][ T5962] veth0_macvtap: entered promiscuous mode [ 49.215620][ T5962] veth1_macvtap: entered promiscuous mode [ 49.223684][ T5959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.227152][ T5959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.229925][ T5959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.232906][ T5959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.239701][ T5959] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.258824][ T5959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.262421][ T5959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.265397][ T5959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.268625][ T5959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.272629][ T5959] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.277597][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.278974][ T5951] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 49.279985][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.288724][ T5959] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.291073][ T5959] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.293353][ T5959] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.295567][ T5959] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.301992][ T5962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.304830][ T5962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.307759][ T5962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.311135][ T5962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.314157][ T5962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.317761][ T5962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.321188][ T5962] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.340755][ T5962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.343674][ T5962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.346606][ T5962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.349460][ T5962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.352074][ T5962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.354762][ T5962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.358700][ T5962] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.362209][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.362654][ T5962] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.364457][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.366775][ T5962] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.370983][ T5962] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.373316][ T5962] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.412151][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.414356][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.434279][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.439921][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.447508][ T6017] warning: `syz.0.5' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 49.455644][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.463580][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.476718][ T6020] netlink: 272 bytes leftover after parsing attributes in process `syz.2.3'. [ 49.480133][ T6020] netlink: 272 bytes leftover after parsing attributes in process `syz.2.3'. [ 49.487208][ T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.491021][ T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.605321][ T6030] input: syz0 as /devices/virtual/input/input5 [ 49.715409][ T6033] vlan0: entered promiscuous mode [ 49.720806][ T6034] ======================================================= [ 49.720806][ T6034] WARNING: The mand mount option has been deprecated and [ 49.720806][ T6034] and is ignored by this kernel. Remove the mand [ 49.720806][ T6034] option from the mount to silence this warning. [ 49.720806][ T6034] ======================================================= [ 49.733687][ T6033] team0: Port device vlan0 added [ 49.755127][ T6033] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9'. [ 49.815749][ T6033] team0 (unregistering): Port device team_slave_0 removed [ 49.821604][ T6033] team0 (unregistering): Port device team_slave_1 removed [ 49.827903][ T6033] team0 (unregistering): Port device vlan0 removed [ 50.416354][ T5954] Bluetooth: hci1: command tx timeout [ 50.416385][ T5964] Bluetooth: hci0: command tx timeout [ 50.418403][ T5954] Bluetooth: hci2: command tx timeout [ 50.915235][ T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.975934][ T6010] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 51.129171][ T6010] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 51.136477][ T6010] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 51.139833][ T6010] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 51.142626][ T6010] usb 7-1: Product: syz [ 51.144121][ T6010] usb 7-1: Manufacturer: syz [ 51.146509][ T5966] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 51.149185][ T6010] usb 7-1: SerialNumber: syz [ 51.149754][ T5966] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 51.153704][ T5966] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 51.157010][ T5966] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 51.159766][ T5966] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 51.368025][ T6051] chnl_net:caif_netlink_parms(): no params data found [ 51.376549][ T6010] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 51.532494][ T6051] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.536125][ T6051] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.538874][ T6051] bridge_slave_0: entered allmulticast mode [ 51.541434][ T6051] bridge_slave_0: entered promiscuous mode [ 51.545434][ T6051] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.548539][ T6051] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.551340][ T6051] bridge_slave_1: entered allmulticast mode [ 51.555515][ T6051] bridge_slave_1: entered promiscuous mode [ 51.599880][ T6071] netlink: 28 bytes leftover after parsing attributes in process `syz.0.23'. [ 51.608498][ T6051] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 51.619259][ T6051] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 51.626475][ T24] usb 7-1: USB disconnect, device number 2 [ 51.658348][ T6075] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 51.685702][ T6075] batman_adv: batadv0: Adding interface: ip6gretap1 [ 51.688247][ T6075] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 51.695000][ T6075] batman_adv: batadv0: Interface activated: ip6gretap1 [ 51.700857][ T6051] team0: Port device team_slave_0 added [ 51.711677][ T6051] team0: Port device team_slave_1 added [ 51.749442][ T6077] Bluetooth: MGMT ver 1.23 [ 51.764763][ T6051] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 51.770287][ T6051] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 51.781505][ T6051] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 51.787493][ T6051] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 51.790545][ T6051] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 51.801875][ T6051] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 51.828857][ T6048] usblp0: removed [ 51.857078][ T6051] hsr_slave_0: entered promiscuous mode [ 51.859220][ T6051] hsr_slave_1: entered promiscuous mode [ 51.861085][ T6051] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 51.863558][ T6051] Cannot create hsr debugfs directory [ 52.104506][ T6051] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 52.113465][ T6051] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 52.132926][ T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.144428][ T6051] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 52.158528][ T6051] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 52.211073][ T6051] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.243422][ T6051] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.251914][ T66] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.254273][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.266966][ T66] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.269002][ T66] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.276350][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 52.389964][ T6051] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.476097][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 52.507368][ T5954] Bluetooth: hci0: command tx timeout [ 52.507415][ T5966] Bluetooth: hci2: command tx timeout [ 52.517891][ T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.604039][ T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.638827][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 52.683809][ T6051] veth0_vlan: entered promiscuous mode [ 52.694646][ T6051] veth1_vlan: entered promiscuous mode [ 52.774571][ T13] bridge_slave_1: left allmulticast mode [ 52.777478][ T13] bridge_slave_1: left promiscuous mode [ 52.780869][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.791546][ T13] bridge_slave_0: left allmulticast mode [ 52.793731][ T13] bridge_slave_0: left promiscuous mode [ 52.796301][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.988285][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 53.045755][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 53.046264][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 53.053334][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 53.056903][ T13] bond0 (unregistering): Released all slaves [ 53.080843][ T6051] veth0_macvtap: entered promiscuous mode [ 53.099407][ T6051] veth1_macvtap: entered promiscuous mode [ 53.134731][ T6051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 53.138286][ T6051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.142339][ T6051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 53.145113][ T6051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.148238][ T6051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 53.152707][ T6051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.156603][ T6051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 53.159943][ T6051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.163835][ T6051] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 53.179855][ T6051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 53.183834][ T6051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.189148][ T6051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 53.192212][ T6051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.194924][ T6051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 53.198928][ T6051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.201576][ T6051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 53.204376][ T6051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.208969][ T6051] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 53.228078][ T5966] Bluetooth: hci3: command tx timeout [ 53.291960][ T6051] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.295530][ T6051] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.299040][ T6051] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.301893][ T6051] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.403948][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 53.409055][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 53.422688][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 53.426399][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 53.472808][ T13] hsr_slave_0: left promiscuous mode [ 53.475637][ T13] hsr_slave_1: left promiscuous mode [ 53.478700][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 53.480830][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 53.483799][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 53.487759][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 53.505387][ T13] veth1_macvtap: left promiscuous mode [ 53.508267][ T13] veth0_macvtap: left promiscuous mode [ 53.509871][ T13] veth1_vlan: left promiscuous mode [ 53.511399][ T13] veth0_vlan: left promiscuous mode [ 53.728502][ T6157] x_tables: ip_tables: bpf.1 match: invalid size 528 (kernel) != (user) 536 [ 53.980166][ T13] team0 (unregistering): Port device team_slave_1 removed [ 54.038833][ T13] team0 (unregistering): Port device team_slave_0 removed [ 54.575923][ T5954] Bluetooth: hci2: command tx timeout [ 54.586262][ T5954] Bluetooth: hci0: command tx timeout [ 54.816429][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 54.818964][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 54.821287][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 54.997880][ T6191] netlink: 4 bytes leftover after parsing attributes in process `syz.4.49'. [ 55.000937][ T6191] netlink: 28 bytes leftover after parsing attributes in process `syz.4.49'. [ 55.018757][ T6191] netlink: 'syz.4.49': attribute type 1 has an invalid length. [ 55.096212][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 55.216016][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 55.306687][ T5954] Bluetooth: hci3: command tx timeout [ 55.617114][ T5954] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 55.619593][ T5954] Bluetooth: hci1: Injecting HCI hardware error event [ 55.622495][ T5964] Bluetooth: hci1: hardware error 0x00 [ 56.057981][ T6245] Bluetooth: MGMT ver 1.23 [ 56.064436][ T6240] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 56.321341][ T6259] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 56.324228][ T6259] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 56.327790][ T6259] overlayfs: missing 'lowerdir' [ 56.434365][ T68] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 56.437284][ T68] CPU: 3 UID: 0 PID: 68 Comm: kworker/u33:0 Not tainted 6.14.0-syzkaller-13408-g9f867ba24d36 #0 PREEMPT(full) [ 56.437300][ T68] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 56.437307][ T68] Workqueue: hci2 hci_rx_work [ 56.437323][ T68] Call Trace: [ 56.437327][ T68] [ 56.437331][ T68] dump_stack_lvl+0x16c/0x1f0 [ 56.437349][ T68] sysfs_warn_dup+0x7f/0xa0 [ 56.437364][ T68] sysfs_create_dir_ns+0x24b/0x2b0 [ 56.437379][ T68] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 56.437394][ T68] ? find_held_lock+0x2b/0x80 [ 56.437409][ T68] ? do_raw_spin_unlock+0x172/0x230 [ 56.437421][ T68] kobject_add_internal+0x2c4/0x9b0 [ 56.437438][ T68] kobject_add+0x16e/0x240 [ 56.437446][ T68] ? __pfx_kobject_add+0x10/0x10 [ 56.437456][ T68] ? do_raw_spin_unlock+0x172/0x230 [ 56.437467][ T68] ? kobject_put+0xab/0x5a0 [ 56.437492][ T68] device_add+0x288/0x1a70 [ 56.437505][ T68] ? __pfx_dev_set_name+0x10/0x10 [ 56.437518][ T68] ? __pfx_device_add+0x10/0x10 [ 56.437528][ T68] ? mgmt_send_event_skb+0x2fb/0x460 [ 56.437544][ T68] hci_conn_add_sysfs+0x17e/0x230 [ 56.437558][ T68] le_conn_complete_evt+0x1075/0x1d70 [ 56.437572][ T68] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 56.437582][ T68] ? hci_event_packet+0x43c/0x1190 [ 56.437596][ T68] hci_le_conn_complete_evt+0x23c/0x370 [ 56.437609][ T68] hci_le_meta_evt+0x2f3/0x5e0 [ 56.437619][ T68] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 56.437631][ T68] hci_event_packet+0x669/0x1190 [ 56.437641][ T68] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 56.437652][ T68] ? __pfx_hci_event_packet+0x10/0x10 [ 56.437663][ T68] ? kcov_remote_start+0x3c9/0x6d0 [ 56.437673][ T68] ? lockdep_hardirqs_on+0x7c/0x110 [ 56.437689][ T68] hci_rx_work+0x2c5/0x16b0 [ 56.437700][ T68] ? rcu_is_watching+0x12/0xc0 [ 56.437714][ T68] process_one_work+0x9cc/0x1b70 [ 56.437731][ T68] ? __pfx_process_one_work+0x10/0x10 [ 56.437746][ T68] ? assign_work+0x1a0/0x250 [ 56.437757][ T68] worker_thread+0x6c8/0xf10 [ 56.437773][ T68] ? __pfx_worker_thread+0x10/0x10 [ 56.437783][ T68] kthread+0x3c2/0x780 [ 56.437793][ T68] ? __pfx_kthread+0x10/0x10 [ 56.437801][ T68] ? __pfx_kthread+0x10/0x10 [ 56.437810][ T68] ? __pfx_kthread+0x10/0x10 [ 56.437818][ T68] ? __pfx_kthread+0x10/0x10 [ 56.437827][ T68] ? rcu_is_watching+0x12/0xc0 [ 56.437838][ T68] ? __pfx_kthread+0x10/0x10 [ 56.437860][ T68] ret_from_fork+0x45/0x80 [ 56.437871][ T68] ? __pfx_kthread+0x10/0x10 [ 56.437881][ T68] ret_from_fork_asm+0x1a/0x30 [ 56.437904][ T68] [ 56.438280][ T68] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 56.512943][ T68] Bluetooth: hci2: failed to register connection device [ 57.375921][ T5306] Bluetooth: hci3: command 0x040f tx timeout [ 57.696068][ T5964] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 58.025882][ T5964] Bluetooth: hci0: command 0x0401 tx timeout [ 58.033793][ T5954] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 58.305864][ T6220] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 58.457174][ T6220] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 58.460754][ T6220] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 58.463527][ T6220] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 58.466336][ T6220] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 58.471434][ T6319] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 58.477981][ T6220] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 58.763520][ T5991] usb 5-1: USB disconnect, device number 2 [ 58.769192][ T6319] Zero length message leads to an empty skb [ 59.455898][ T5964] Bluetooth: hci3: command 0x040f tx timeout [ 60.095896][ T5964] Bluetooth: hci0: command 0x0401 tx timeout [ 60.146451][ T6342] syz.4.81: attempt to access beyond end of device [ 60.146451][ T6342] nbd4: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 60.150766][ T6342] XFS (nbd4): SB validate failed with error -5. [ 61.108623][ T6355] netlink: 'syz.4.83': attribute type 3 has an invalid length. [ 61.112138][ T6355] netlink: 'syz.4.83': attribute type 3 has an invalid length. [ 61.179607][ T6359] kvm: kvm [6358]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x11e) = 0x3 [ 61.235820][ T6362] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 61.258747][ T6359] mmap: syz.0.85 (6359) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 61.535979][ T5964] Bluetooth: hci3: command 0x040f tx timeout [ 61.646063][ T5991] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 61.795890][ T5991] usb 5-1: Using ep0 maxpacket: 16 [ 61.799191][ T5991] usb 5-1: config 0 has an invalid interface number: 132 but max is 0 [ 61.801585][ T5991] usb 5-1: config 0 has no interface number 0 [ 61.838993][ T5991] usb 5-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 61.841769][ T5991] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 61.843983][ T5991] usb 5-1: Product: syz [ 61.845148][ T5991] usb 5-1: Manufacturer: syz [ 61.846997][ T5991] usb 5-1: SerialNumber: syz [ 61.851792][ T5991] usb 5-1: config 0 descriptor?? [ 61.856328][ T5991] hub 5-1:0.132: bad descriptor, ignoring hub [ 61.858567][ T5991] hub 5-1:0.132: probe with driver hub failed with error -5 [ 61.862591][ T5991] input: bcm5974 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.132/input/input6 [ 62.005125][ T6388] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 62.127377][ T835] usb 5-1: USB disconnect, device number 3 [ 62.635884][ T6154] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 62.666007][ T5964] Bluetooth: hci2: command 0x0406 tx timeout [ 62.666056][ T835] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 62.745872][ T5991] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 62.798306][ T6154] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 62.801188][ T6154] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 62.806041][ T6154] usb 9-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=e5.38 [ 62.808673][ T6154] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 62.812181][ T6154] usb 9-1: Product: syz [ 62.813562][ T6154] usb 9-1: Manufacturer: syz [ 62.814949][ T6154] usb 9-1: SerialNumber: syz [ 62.816378][ T835] usb 5-1: Using ep0 maxpacket: 16 [ 62.819562][ T6154] usb 9-1: config 0 descriptor?? [ 62.822809][ T835] usb 5-1: config 0 has an invalid interface number: 132 but max is 0 [ 62.828940][ T835] usb 5-1: config 0 has no interface number 0 [ 62.832992][ T835] usb 5-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 62.836568][ T835] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 62.838752][ T835] usb 5-1: Product: syz [ 62.839932][ T835] usb 5-1: Manufacturer: syz [ 62.841219][ T835] usb 5-1: SerialNumber: syz [ 62.844021][ T835] usb 5-1: config 0 descriptor?? [ 62.846663][ T835] hub 5-1:0.132: bad descriptor, ignoring hub [ 62.848362][ T835] hub 5-1:0.132: probe with driver hub failed with error -5 [ 62.852535][ T835] input: bcm5974 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.132/input/input7 [ 62.876534][ T835] usb 5-1: USB disconnect, device number 4 [ 62.897114][ T5991] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 62.900165][ T5991] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 62.904783][ T5991] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 62.907817][ T5991] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 62.910032][ T5991] usb 6-1: Product: syz [ 62.911601][ T5991] usb 6-1: Manufacturer: syz [ 62.913108][ T5991] usb 6-1: SerialNumber: syz [ 63.016027][ T835] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 63.032108][ T6154] usb 9-1: USB disconnect, device number 2 [ 63.122928][ T6400] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 63.729975][ T6400] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 63.933508][ T5991] cdc_mbim 6-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 63.935431][ T5991] cdc_mbim 6-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 63.937703][ T5991] cdc_mbim 6-1:1.0: setting rx_max = 2048 [ 64.107619][ T6412] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 64.134827][ T5991] cdc_mbim 6-1:1.0: setting tx_max = 184 [ 64.138322][ T5991] cdc_mbim 6-1:1.0: cdc-wdm0: USB WDM device [ 64.142814][ T5991] wwan wwan0: port wwan0mbim0 attached [ 64.150776][ T5991] cdc_mbim 6-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.1-1, CDC MBIM, 42:42:42:42:42:42 [ 64.304131][ T5666] 8021q: adding VLAN 0 to HW filter on device wwan0 [ 64.339504][ C0] cdc_mbim 6-1:1.0: nonzero urb status received: -71 [ 64.341424][ C0] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes [ 64.343207][ C0] cdc_mbim 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 64.348547][ T5991] usb 6-1: USB disconnect, device number 2 [ 64.350661][ T5991] cdc_mbim 6-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.1-1, CDC MBIM [ 64.424340][ T5991] wwan wwan0: port wwan0mbim0 disconnected [ 64.736311][ T835] usb 5-1: device descriptor read/64, error -71 [ 64.976871][ T835] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 65.135035][ T835] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 65.148225][ T835] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 65.150670][ T835] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 65.153615][ T835] usb 5-1: config 0 interface 0 has no altsetting 0 [ 65.156622][ T835] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 65.159079][ T835] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 65.162019][ T835] usb 5-1: config 0 interface 0 has no altsetting 0 [ 65.176646][ T835] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 65.179175][ T835] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 65.182148][ T835] usb 5-1: config 0 interface 0 has no altsetting 0 [ 65.196909][ T835] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 65.199416][ T835] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 65.202360][ T835] usb 5-1: config 0 interface 0 has no altsetting 0 [ 65.208122][ T835] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 65.210615][ T835] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 65.213588][ T835] usb 5-1: config 0 interface 0 has no altsetting 0 [ 65.226600][ T835] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 65.229055][ T835] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 65.232001][ T835] usb 5-1: config 0 interface 0 has no altsetting 0 [ 65.236770][ T835] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 65.239225][ T835] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 65.242168][ T835] usb 5-1: config 0 interface 0 has no altsetting 0 [ 65.244765][ T835] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 65.247480][ T835] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 65.250461][ T835] usb 5-1: config 0 interface 0 has no altsetting 0 [ 65.253751][ T835] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 65.256489][ T835] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 65.258783][ T835] usb 5-1: Product: syz [ 65.259967][ T835] usb 5-1: Manufacturer: syz [ 65.261258][ T835] usb 5-1: SerialNumber: syz [ 65.264534][ T835] usb 5-1: config 0 descriptor?? [ 65.269545][ T835] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 65.522157][ C2] usb 5-1: yurex_control_callback - control failed: -71 [ 65.522820][ T5991] usb 5-1: USB disconnect, device number 6 [ 65.529869][ T5991] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 68.262192][ T6565] netlink: 8 bytes leftover after parsing attributes in process `syz.2.121'. [ 68.264772][ T6565] netlink: 8 bytes leftover after parsing attributes in process `syz.2.121'. [ 70.175893][ T5954] Bluetooth: hci3: command 0x040f tx timeout [ 70.453931][ T6597] syz.0.128: attempt to access beyond end of device [ 70.453931][ T6597] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 70.457914][ T6597] XFS (nbd0): SB validate failed with error -5. [ 70.738704][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.740702][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.325265][ T6620] netlink: 168 bytes leftover after parsing attributes in process `syz.1.131'. [ 71.806364][ T835] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 73.213293][ T6651] overlayfs: missing 'lowerdir' [ 73.233120][ T6646] syz.0.140: attempt to access beyond end of device [ 73.233120][ T6646] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 73.236970][ T6646] XFS (nbd0): SB validate failed with error -5. [ 74.661496][ T40] audit: type=1326 audit(1743831623.474:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6673 comm="syz.4.147" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 74.667366][ T40] audit: type=1326 audit(1743831623.474:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6673 comm="syz.4.147" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 74.673145][ T40] audit: type=1326 audit(1743831623.484:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6673 comm="syz.4.147" exe="/syz-executor" sig=0 arch=40000003 syscall=242 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 74.679137][ T40] audit: type=1326 audit(1743831623.484:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6673 comm="syz.4.147" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 74.684898][ T40] audit: type=1326 audit(1743831623.484:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6673 comm="syz.4.147" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 74.690769][ T40] audit: type=1326 audit(1743831623.484:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6673 comm="syz.4.147" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 74.779119][ T6681] netlink: 116 bytes leftover after parsing attributes in process `syz.2.149'. [ 75.065850][ T6220] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 75.159107][ T40] audit: type=1326 audit(1743831623.974:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6673 comm="syz.4.147" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 75.165054][ T40] audit: type=1326 audit(1743831623.974:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6673 comm="syz.4.147" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 75.215904][ T6220] usb 7-1: Using ep0 maxpacket: 8 [ 75.219642][ T6220] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 75.222639][ T6220] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 75.225146][ T6220] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.228986][ T6220] usb 7-1: config 0 descriptor?? [ 75.434598][ T6220] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 75.851193][ T6710] syz.1.155: attempt to access beyond end of device [ 75.851193][ T6710] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 75.855423][ T6710] XFS (nbd1): SB validate failed with error -5. [ 75.903900][ T6686] IPVS: length: 231 != 17784 [ 75.909488][ T10] usb 7-1: USB disconnect, device number 3 [ 76.865892][ T835] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 77.015893][ T835] usb 6-1: Using ep0 maxpacket: 32 [ 77.019586][ T835] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 77.022665][ T835] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 77.025724][ T835] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 77.029042][ T835] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 77.032455][ T835] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 77.035915][ T835] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 77.040496][ T835] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 77.043746][ T835] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.048786][ T835] usb 6-1: config 0 descriptor?? [ 77.408806][ T835] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 77.416657][ T835] usb 6-1: USB disconnect, device number 3 [ 77.420950][ T835] usblp0: removed [ 77.786296][ T835] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 77.957283][ T835] usb 6-1: Using ep0 maxpacket: 32 [ 77.959954][ T835] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 77.962267][ T835] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 77.964650][ T835] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 77.967495][ T835] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 77.970139][ T835] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 77.973153][ T835] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 77.977031][ T835] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 77.979974][ T835] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.983783][ T835] usb 6-1: config 0 descriptor?? [ 78.191336][ T835] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 78.649247][ T835] usb 6-1: USB disconnect, device number 4 [ 78.652897][ T835] usblp0: removed [ 79.464170][ T6768] netlink: 36 bytes leftover after parsing attributes in process `syz.1.168'. [ 80.254642][ T6763] syz.0.167: attempt to access beyond end of device [ 80.254642][ T6763] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 80.261741][ T6763] XFS (nbd0): SB validate failed with error -5. [ 80.283398][ T40] audit: type=1800 audit(1743831629.094:10): pid=6778 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.169" name="blkio.throttle.io_service_bytes_recursive" dev="9p" ino=37617831 res=0 errno=0 [ 80.352255][ T6778] syz.2.169 (6778) used greatest stack depth: 20616 bytes left [ 80.660442][ T6780] ISOFS: Unable to identify CD-ROM format. [ 80.981251][ T3322] cfg80211: failed to load regulatory.db [ 81.573184][ T6817] sg_read: process 161 (syz.4.176) changed security contexts after opening file descriptor, this is not allowed. [ 82.090770][ T6824] tipc: Started in network mode [ 82.092344][ T6824] tipc: Node identity ac14140f, cluster identity 4711 [ 82.095451][ T6824] tipc: New replicast peer: 255.255.255.255 [ 82.098685][ T6824] tipc: Enabled bearer , priority 10 [ 82.107756][ T6824] netlink: 'syz.1.177': attribute type 1 has an invalid length. [ 83.157469][ T29] tipc: Node number set to 2886997007 [ 84.393905][ T40] audit: type=1326 audit(1743831633.204:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6834 comm="syz.1.182" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x0 [ 84.712408][ T6847] block device autoloading is deprecated and will be removed. [ 84.717203][ T6847] syz.0.183: attempt to access beyond end of device [ 84.717203][ T6847] md2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 85.683611][ T6862] netlink: 'syz.4.185': attribute type 2 has an invalid length. [ 87.876741][ T6905] syz.2.196: attempt to access beyond end of device [ 87.876741][ T6905] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 87.880355][ T6905] XFS (nbd2): SB validate failed with error -5. [ 87.948229][ T6913] netlink: 4388 bytes leftover after parsing attributes in process `syz.0.198'. [ 88.025845][ T6220] IPVS: starting estimator thread 0... [ 88.027986][ T6916] netlink: 32 bytes leftover after parsing attributes in process `syz.0.198'. [ 88.116854][ T6917] IPVS: using max 45 ests per chain, 108000 per kthread [ 88.348159][ T835] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 88.499600][ T835] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 88.503747][ T835] usb 9-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 88.509308][ T835] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 88.515956][ T835] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 88.519414][ T835] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 88.528561][ T835] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 88.531485][ T835] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 88.534120][ T835] usb 9-1: Product: syz [ 88.535960][ T835] usb 9-1: Manufacturer: syz [ 88.548313][ T835] cdc_wdm 9-1:1.0: skipping garbage [ 88.550220][ T835] cdc_wdm 9-1:1.0: skipping garbage [ 88.735542][ T835] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device [ 88.737231][ T835] cdc_wdm 9-1:1.0: Unknown control protocol [ 89.320273][ T6949] syz.0.207 uses obsolete (PF_INET,SOCK_PACKET) [ 90.480601][ T6964] netlink: 'syz.2.210': attribute type 1 has an invalid length. [ 90.489294][ T6964] netlink: 'syz.2.210': attribute type 2 has an invalid length. [ 90.766981][ T6969] overlayfs: missing 'lowerdir' [ 91.144267][ T6972] syz.0.212: attempt to access beyond end of device [ 91.144267][ T6972] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 91.149092][ T6972] XFS (nbd0): SB validate failed with error -5. [ 91.748935][ T29] usb 9-1: USB disconnect, device number 3 [ 93.289922][ T7006] netlink: 4 bytes leftover after parsing attributes in process `syz.0.216'. [ 94.857600][ T7058] syz.0.224: attempt to access beyond end of device [ 94.857600][ T7058] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 94.865923][ T7058] XFS (nbd0): SB validate failed with error -5. [ 95.005890][ T1019] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 95.181163][ T1019] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 95.184363][ T1019] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 95.187717][ T1019] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 95.190274][ T1019] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.195382][ T7053] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 95.200804][ T1019] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 97.327301][ T29] usb 7-1: USB disconnect, device number 4 [ 97.654936][ T7097] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 97.656932][ T7097] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 97.666123][ T7097] vhci_hcd vhci_hcd.0: Device attached [ 97.771540][ T7101] bridge_slave_0: left allmulticast mode [ 97.773189][ T7101] bridge_slave_0: left promiscuous mode [ 97.775311][ T7101] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.877746][ T7101] bridge_slave_1: left allmulticast mode [ 97.884009][ T7101] bridge_slave_1: left promiscuous mode [ 97.886600][ T7101] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.909639][ T7101] bond0: (slave bond_slave_0): Releasing backup interface [ 97.925949][ T6220] usb 45-1: new low-speed USB device number 2 using vhci_hcd [ 97.931614][ T7101] bond0: (slave bond_slave_1): Releasing backup interface [ 97.982701][ T7101] team0: Port device team_slave_0 removed [ 97.994416][ T7104] netlink: 4 bytes leftover after parsing attributes in process `syz.4.234'. [ 98.237434][ T7101] team0: Port device team_slave_1 removed [ 98.240971][ T7101] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 98.243217][ T7101] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 98.283389][ T7101] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 98.292179][ T7101] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 98.473271][ T7098] vhci_hcd: connection reset by peer [ 98.477485][ T66] vhci_hcd: stop threads [ 98.479415][ T66] vhci_hcd: release socket [ 98.481194][ T66] vhci_hcd: disconnect device [ 98.678849][ T7114] netlink: 16 bytes leftover after parsing attributes in process `syz.1.236'. [ 98.743373][ T7117] geneve1: entered promiscuous mode [ 102.883742][ T7166] syz.2.249: attempt to access beyond end of device [ 102.883742][ T7166] md2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 102.949543][ T5964] Bluetooth: hci0: ACL packet too small [ 103.046601][ T6220] vhci_hcd: vhci_device speed not set [ 104.455997][ T6018] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 104.605912][ T6018] usb 5-1: Using ep0 maxpacket: 32 [ 104.609842][ T6018] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 104.612221][ T6018] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 104.614568][ T6018] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 104.617109][ T6018] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 104.619823][ T6018] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 104.622521][ T6018] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 104.626083][ T6018] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 104.628543][ T6018] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.631919][ T6018] usb 5-1: config 0 descriptor?? [ 104.846120][ T6018] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 7 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 104.862932][ T6018] usb 5-1: USB disconnect, device number 7 [ 104.871428][ T6018] usblp0: removed [ 105.356015][ T6018] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 105.435472][ T7206] syz.4.257: attempt to access beyond end of device [ 105.435472][ T7206] nbd4: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 105.440502][ T7206] XFS (nbd4): SB validate failed with error -5. [ 105.515920][ T6018] usb 5-1: Using ep0 maxpacket: 32 [ 105.519129][ T6018] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 105.521442][ T6018] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 105.523810][ T6018] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 105.526587][ T6018] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 105.529284][ T6018] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 105.531881][ T6018] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 105.535361][ T6018] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 105.538220][ T6018] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.541869][ T6018] usb 5-1: config 0 descriptor?? [ 105.751962][ T6018] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 8 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 106.014656][ T7218] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 106.256152][ T6018] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 106.306603][ T1019] usb 5-1: USB disconnect, device number 8 [ 106.309695][ T1019] usblp0: removed [ 106.405876][ T6018] usb 6-1: Using ep0 maxpacket: 8 [ 106.411439][ T6018] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 106.415864][ T6018] usb 6-1: New USB device found, idVendor=17ef, idProduct=6062, bcdDevice= 0.00 [ 106.418985][ T6018] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.426582][ T6018] usb 6-1: config 0 descriptor?? [ 106.646515][ T7217] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 106.649729][ T6018] usbhid 6-1:0.0: can't add hid device: -71 [ 106.651407][ T6018] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 106.665022][ T6018] usb 6-1: USB disconnect, device number 5 [ 107.365871][ T6018] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 107.515876][ T6018] usb 5-1: Using ep0 maxpacket: 32 [ 107.519187][ T6018] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 107.524503][ T6018] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 107.527455][ T6018] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 107.529716][ T6018] usb 5-1: Product: syz [ 107.531047][ T6018] usb 5-1: Manufacturer: syz [ 107.532813][ T6018] usb 5-1: SerialNumber: syz [ 107.536684][ T6018] usb 5-1: config 0 descriptor?? [ 107.538851][ T7238] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 107.851899][ T7249] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 107.855069][ T7249] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 108.060592][ T6018] usb 5-1: USB disconnect, device number 9 [ 108.073064][ T7250] syz.4.269: attempt to access beyond end of device [ 108.073064][ T7250] nbd4: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 108.076796][ T7250] XFS (nbd4): SB validate failed with error -5. [ 108.123458][ T7258] netlink: 'syz.1.268': attribute type 3 has an invalid length. [ 108.125981][ T7258] netlink: 'syz.1.268': attribute type 3 has an invalid length. [ 108.716484][ T7263] syz.4.271: attempt to access beyond end of device [ 108.716484][ T7263] nbd4: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 108.721452][ T7263] XFS (nbd4): SB validate failed with error -5. [ 109.037542][ T7274] input: syz0 as /devices/virtual/input/input8 [ 110.669211][ T7295] syz.2.281: attempt to access beyond end of device [ 110.669211][ T7295] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 110.672870][ T7295] XFS (nbd2): SB validate failed with error -5. [ 111.200312][ T7324] "syz.4.282" (7324) uses obsolete ecb(arc4) skcipher [ 112.141816][ T7336] netlink: 'syz.0.286': attribute type 3 has an invalid length. [ 112.144122][ T7336] netlink: 'syz.0.286': attribute type 3 has an invalid length. [ 112.332905][ T7342] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 112.340224][ T7342] CIFS mount error: No usable UNC path provided in device string! [ 112.340224][ T7342] [ 112.343060][ T7342] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 112.865639][ T7340] cifs: Unknown parameter 'mode' [ 113.145933][ T7352] bridge_slave_0: left allmulticast mode [ 113.147581][ T7352] bridge_slave_0: left promiscuous mode [ 113.149773][ T7352] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.159883][ T7352] bridge_slave_1: left allmulticast mode [ 113.161508][ T7352] bridge_slave_1: left promiscuous mode [ 113.163383][ T7352] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.196192][ T7352] bond0: (slave bond_slave_0): Releasing backup interface [ 113.203508][ T7352] bond0: (slave bond_slave_1): Releasing backup interface [ 113.224867][ T7352] team0: Port device team_slave_0 removed [ 113.241235][ T7352] team0: Port device team_slave_1 removed [ 113.244321][ T7352] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 113.247133][ T7352] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 113.252147][ T7352] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 113.254386][ T7352] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 113.345518][ T7352] batman_adv: batadv0: Interface deactivated: ip6gretap1 [ 113.347686][ T7352] batman_adv: batadv0: Removing interface: ip6gretap1 [ 114.424572][ T7368] overlayfs: missing 'lowerdir' [ 115.256695][ T7381] netlink: 36 bytes leftover after parsing attributes in process `syz.4.297'. [ 115.259208][ T7381] netlink: 16 bytes leftover after parsing attributes in process `syz.4.297'. [ 115.262050][ T7381] netlink: 36 bytes leftover after parsing attributes in process `syz.4.297'. [ 115.264522][ T7381] netlink: 36 bytes leftover after parsing attributes in process `syz.4.297'. [ 115.429031][ T7384] gtp0: entered promiscuous mode [ 115.430539][ T7384] gtp0: entered allmulticast mode [ 116.477449][ T7391] overlayfs: failed to resolve './file0': -2 [ 117.477193][ T6220] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 117.625923][ T6220] usb 6-1: Using ep0 maxpacket: 32 [ 117.629962][ T6220] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 117.641717][ T6220] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 117.644520][ T6220] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 117.656797][ T6220] usb 6-1: Product: syz [ 117.658839][ T6220] usb 6-1: Manufacturer: syz [ 117.660152][ T6220] usb 6-1: SerialNumber: syz [ 117.663110][ T6220] usb 6-1: config 0 descriptor?? [ 117.666013][ T7407] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 117.726140][ T1019] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 117.962415][ T1019] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 117.966626][ T1019] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 117.970166][ T1019] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 117.973427][ T1019] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.987928][ T7409] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 117.993145][ T1019] usb 9-1: Quirk or no altset; falling back to MIDI 1.0 [ 118.005926][ T7417] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 118.009063][ T7417] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 118.215003][ T6401] usb 6-1: USB disconnect, device number 6 [ 118.556983][ T10] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 118.755904][ T10] usb 7-1: Using ep0 maxpacket: 8 [ 118.759150][ T10] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 118.761568][ T10] usb 7-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 118.764403][ T10] usb 7-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 118.767486][ T10] usb 7-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 118.771011][ T10] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 118.773507][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.778924][ T10] usbtmc 7-1:16.0: bulk endpoints not found [ 118.948274][ T7427] /dev/sr0: Can't open blockdev [ 119.745073][ T7438] cifs: Unknown parameter 'mode' [ 120.116038][ T1019] usb 9-1: USB disconnect, device number 4 [ 121.706538][ C2] hpet: Lost 2 RTC interrupts [ 122.087100][ T6018] usb 7-1: USB disconnect, device number 5 [ 122.378170][ T7488] syz.1.316: attempt to access beyond end of device [ 122.378170][ T7488] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 122.381571][ T7488] XFS (nbd1): SB validate failed with error -5. [ 122.851392][ T7492] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 123.215728][ T7504] x_tables: ip_tables: bpf.1 match: invalid size 528 (kernel) != (user) 536 [ 123.316139][ T7505] syz.1.329: attempt to access beyond end of device [ 123.316139][ T7505] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 123.320487][ T7505] XFS (nbd1): SB validate failed with error -5. [ 125.295902][ T6018] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 125.467708][ T6018] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 125.472971][ T6018] usb 9-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 125.481262][ T6018] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 125.490144][ T6018] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.497236][ T6018] usb 9-1: Product: syz [ 125.498471][ T6018] usb 9-1: Manufacturer: syz [ 125.499906][ T6018] usb 9-1: SerialNumber: syz [ 125.733509][ T7535] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 126.342828][ T7535] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 126.398227][ T7565] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 126.550387][ T6018] cdc_mbim 9-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 126.553414][ T6018] cdc_mbim 9-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 126.559355][ T6018] cdc_mbim 9-1:1.0: setting rx_max = 2048 [ 126.753564][ T6018] cdc_mbim 9-1:1.0: setting tx_max = 184 [ 126.757712][ T6018] cdc_mbim 9-1:1.0: cdc-wdm0: USB WDM device [ 126.764387][ T6018] wwan wwan0: port wwan0mbim0 attached [ 126.772430][ T6018] cdc_mbim 9-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.4-1, CDC MBIM, 42:42:42:42:42:42 [ 126.952053][ T5666] 8021q: adding VLAN 0 to HW filter on device wwan0 [ 126.954196][ C3] cdc_mbim 9-1:1.0: nonzero urb status received: -71 [ 126.956503][ C3] cdc_mbim 9-1:1.0: wdm_int_callback - 0 bytes [ 126.958473][ C3] cdc_mbim 9-1:1.0: nonzero urb status received: -71 [ 126.960337][ C3] cdc_mbim 9-1:1.0: wdm_int_callback - 0 bytes [ 126.962203][ C3] cdc_mbim 9-1:1.0: nonzero urb status received: -71 [ 126.964043][ C3] cdc_mbim 9-1:1.0: wdm_int_callback - 0 bytes [ 126.965860][ C3] cdc_mbim 9-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 126.970607][ T1019] usb 9-1: USB disconnect, device number 5 [ 126.972900][ T1019] cdc_mbim 9-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.4-1, CDC MBIM [ 127.126570][ T1019] wwan wwan0: port wwan0mbim0 disconnected [ 127.922602][ T5964] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 127.925398][ T5964] CPU: 1 UID: 0 PID: 5964 Comm: kworker/u33:6 Not tainted 6.14.0-syzkaller-13408-g9f867ba24d36 #0 PREEMPT(full) [ 127.925421][ T5964] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 127.925428][ T5964] Workqueue: hci2 hci_rx_work [ 127.925444][ T5964] Call Trace: [ 127.925449][ T5964] [ 127.925454][ T5964] dump_stack_lvl+0x16c/0x1f0 [ 127.925470][ T5964] sysfs_warn_dup+0x7f/0xa0 [ 127.925487][ T5964] sysfs_create_dir_ns+0x24b/0x2b0 [ 127.925501][ T5964] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 127.925514][ T5964] ? find_held_lock+0x2b/0x80 [ 127.925529][ T5964] ? do_raw_spin_unlock+0x172/0x230 [ 127.925540][ T5964] kobject_add_internal+0x2c4/0x9b0 [ 127.925559][ T5964] kobject_add+0x16e/0x240 [ 127.925568][ T5964] ? __pfx_kobject_add+0x10/0x10 [ 127.925578][ T5964] ? kobject_put+0xab/0x5a0 [ 127.925597][ T5964] device_add+0x288/0x1a70 [ 127.925608][ T5964] ? __pfx_dev_set_name+0x10/0x10 [ 127.925618][ T5964] ? mgmt_send_event_skb+0x2fb/0x460 [ 127.925633][ T5964] ? __pfx_device_add+0x10/0x10 [ 127.925643][ T5964] ? mgmt_send_event_skb+0x2fb/0x460 [ 127.925657][ T5964] hci_conn_add_sysfs+0x17e/0x230 [ 127.925670][ T5964] le_conn_complete_evt+0x1075/0x1d70 [ 127.925684][ T5964] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 127.925694][ T5964] ? hci_event_packet+0x43c/0x1190 [ 127.925707][ T5964] hci_le_conn_complete_evt+0x23c/0x370 [ 127.925720][ T5964] hci_le_meta_evt+0x2f3/0x5e0 [ 127.925731][ T5964] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 127.925744][ T5964] hci_event_packet+0x669/0x1190 [ 127.925755][ T5964] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 127.925778][ T5964] ? __pfx_hci_event_packet+0x10/0x10 [ 127.925791][ T5964] ? kcov_remote_start+0x3d9/0x6d0 [ 127.925805][ T5964] hci_rx_work+0x2c5/0x16b0 [ 127.925816][ T5964] ? rcu_is_watching+0x12/0xc0 [ 127.925830][ T5964] process_one_work+0x9cc/0x1b70 [ 127.925847][ T5964] ? __pfx_process_one_work+0x10/0x10 [ 127.925862][ T5964] ? assign_work+0x1a0/0x250 [ 127.925874][ T5964] worker_thread+0x6c8/0xf10 [ 127.925893][ T5964] ? __pfx_worker_thread+0x10/0x10 [ 127.925904][ T5964] kthread+0x3c2/0x780 [ 127.925913][ T5964] ? __pfx_kthread+0x10/0x10 [ 127.925922][ T5964] ? __pfx_kthread+0x10/0x10 [ 127.925930][ T5964] ? __pfx_kthread+0x10/0x10 [ 127.925939][ T5964] ? __pfx_kthread+0x10/0x10 [ 127.925948][ T5964] ? rcu_is_watching+0x12/0xc0 [ 127.925968][ T5964] ? __pfx_kthread+0x10/0x10 [ 127.925978][ T5964] ret_from_fork+0x45/0x80 [ 127.925989][ T5964] ? __pfx_kthread+0x10/0x10 [ 127.925999][ T5964] ret_from_fork_asm+0x1a/0x30 [ 127.926022][ T5964] [ 128.005920][ T5964] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 128.009856][ T5964] Bluetooth: hci2: failed to register connection device [ 128.012587][ T5964] Bluetooth: hci2: link tx timeout [ 128.014215][ T5964] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa [ 128.017900][ T5964] Bluetooth: hci2: link tx timeout [ 128.022213][ T5964] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 128.025526][ T5964] Bluetooth: hci2: killing stalled connection 00:00:00:00:00:00 [ 128.316540][ T40] audit: type=1326 audit(1743831677.134:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7612 comm="syz.1.344" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 128.322765][ T40] audit: type=1326 audit(1743831677.134:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7612 comm="syz.1.344" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 128.332210][ T40] audit: type=1326 audit(1743831677.134:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7612 comm="syz.1.344" exe="/syz-executor" sig=0 arch=40000003 syscall=322 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 128.340560][ T40] audit: type=1326 audit(1743831677.134:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7612 comm="syz.1.344" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 128.346591][ T40] audit: type=1326 audit(1743831677.134:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7612 comm="syz.1.344" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 128.346622][ T40] audit: type=1326 audit(1743831677.134:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7612 comm="syz.1.344" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 128.346652][ T40] audit: type=1326 audit(1743831677.134:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7612 comm="syz.1.344" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 128.346682][ T40] audit: type=1326 audit(1743831677.134:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7612 comm="syz.1.344" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 128.346716][ T40] audit: type=1326 audit(1743831677.134:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7612 comm="syz.1.344" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 128.346749][ T40] audit: type=1326 audit(1743831677.134:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7612 comm="syz.1.344" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 129.205916][ T6018] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 129.525909][ T6018] usb 9-1: Using ep0 maxpacket: 16 [ 129.529367][ T6018] usb 9-1: config 0 has no interfaces? [ 129.532396][ T6018] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 129.534948][ T6018] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.537330][ T6018] usb 9-1: Product: syz [ 129.538709][ T6018] usb 9-1: Manufacturer: syz [ 129.540378][ T6018] usb 9-1: SerialNumber: syz [ 129.544422][ T6018] usb 9-1: config 0 descriptor?? [ 129.763133][ T835] usb 9-1: USB disconnect, device number 6 [ 129.765934][ T1139] ================================================================== [ 129.769064][ T1139] BUG: KASAN: slab-use-after-free in drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0 [ 129.772326][ T1139] Read of size 1 at addr ffff8880210a3c09 by task kworker/u32:7/1139 [ 129.776811][ T1139] [ 129.777772][ T1139] CPU: 2 UID: 0 PID: 1139 Comm: kworker/u32:7 Not tainted 6.14.0-syzkaller-13408-g9f867ba24d36 #0 PREEMPT(full) [ 129.777793][ T1139] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 129.777803][ T1139] Workqueue: events_unbound commit_work [ 129.777828][ T1139] Call Trace: [ 129.777833][ T1139] [ 129.777840][ T1139] dump_stack_lvl+0x116/0x1f0 [ 129.777869][ T1139] print_report+0xc3/0x670 [ 129.777884][ T1139] ? __virt_addr_valid+0x5e/0x590 [ 129.777906][ T1139] ? __phys_addr+0xc6/0x150 [ 129.777929][ T1139] ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0 [ 129.777952][ T1139] kasan_report+0xe0/0x110 [ 129.777967][ T1139] ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0 [ 129.777993][ T1139] drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0 [ 129.778019][ T1139] ? preempt_schedule_thunk+0x16/0x30 [ 129.778036][ T1139] ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10 [ 129.778061][ T1139] ? _raw_spin_unlock_irqrestore+0x61/0x80 [ 129.778081][ T1139] ? drm_atomic_helper_commit_hw_done+0x330/0x490 [ 129.778106][ T1139] drm_atomic_helper_commit_tail+0xcb/0xf0 [ 129.778128][ T1139] commit_tail+0x35b/0x400 [ 129.778151][ T1139] process_one_work+0x9cc/0x1b70 [ 129.778172][ T1139] ? __pfx_batadv_nc_worker+0x10/0x10 [ 129.778192][ T1139] ? __pfx_process_one_work+0x10/0x10 [ 129.778212][ T1139] ? assign_work+0x1a0/0x250 [ 129.778228][ T1139] worker_thread+0x6c8/0xf10 [ 129.778250][ T1139] ? __pfx_worker_thread+0x10/0x10 [ 129.778268][ T1139] kthread+0x3c2/0x780 [ 129.778284][ T1139] ? __pfx_kthread+0x10/0x10 [ 129.778298][ T1139] ? __pfx_kthread+0x10/0x10 [ 129.778313][ T1139] ? __pfx_kthread+0x10/0x10 [ 129.778327][ T1139] ? __pfx_kthread+0x10/0x10 [ 129.778341][ T1139] ? rcu_is_watching+0x12/0xc0 [ 129.778361][ T1139] ? __pfx_kthread+0x10/0x10 [ 129.778377][ T1139] ret_from_fork+0x45/0x80 [ 129.778393][ T1139] ? __pfx_kthread+0x10/0x10 [ 129.778408][ T1139] ret_from_fork_asm+0x1a/0x30 [ 129.778436][ T1139] [ 129.778442][ T1139] [ 129.846262][ T1139] Allocated by task 7624: [ 129.847901][ T1139] kasan_save_stack+0x33/0x60 [ 129.849726][ T1139] kasan_save_track+0x14/0x30 [ 129.851249][ T1139] __kasan_kmalloc+0xaa/0xb0 [ 129.852548][ T1139] drm_atomic_helper_crtc_duplicate_state+0x70/0xd0 [ 129.854909][ T1139] drm_atomic_get_crtc_state+0x16e/0x450 [ 129.857088][ T1139] drm_atomic_get_plane_state+0x436/0x590 [ 129.859328][ T1139] drm_atomic_set_property+0xa29/0x34e0 [ 129.861525][ T1139] drm_mode_atomic_ioctl+0x66f/0x25f0 [ 129.863656][ T1139] drm_ioctl_kernel+0x1f1/0x3e0 [ 129.865558][ T1139] drm_ioctl+0x5c9/0xc30 [ 129.867022][ T1139] drm_compat_ioctl+0x327/0x460 [ 129.868330][ T1139] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 129.869805][ T1139] __do_fast_syscall_32+0x73/0x120 [ 129.871627][ T1139] do_fast_syscall_32+0x32/0x80 [ 129.873458][ T1139] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 129.875886][ T1139] [ 129.876829][ T1139] Freed by task 7623: [ 129.878226][ T1139] kasan_save_stack+0x33/0x60 [ 129.879920][ T1139] kasan_save_track+0x14/0x30 [ 129.881381][ T1139] kasan_save_free_info+0x3b/0x60 [ 129.882790][ T1139] __kasan_slab_free+0x51/0x70 [ 129.884209][ T1139] kfree+0x2b6/0x4d0 [ 129.885321][ T1139] drm_atomic_state_default_clear+0x455/0xe40 [ 129.887286][ T1139] __drm_atomic_state_free+0x185/0x2b0 [ 129.889419][ T1139] drm_client_modeset_commit_atomic+0x6b2/0x7e0 [ 129.891616][ T1139] drm_client_modeset_commit_locked+0x14d/0x580 [ 129.893824][ T1139] drm_client_modeset_commit+0x4f/0x80 [ 129.895748][ T1139] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 129.897861][ T1139] drm_fbdev_client_restore+0x2c/0x40 [ 129.899382][ T1139] drm_client_dev_restore+0x1f3/0x2a0 [ 129.901333][ T1139] drm_release+0x2c4/0x360 [ 129.903096][ T1139] __fput+0x3ff/0xb70 [ 129.904621][ T1139] task_work_run+0x14d/0x240 [ 129.906427][ T1139] syscall_exit_to_user_mode+0x27b/0x2a0 [ 129.908604][ T1139] __do_fast_syscall_32+0x80/0x120 [ 129.910606][ T1139] do_fast_syscall_32+0x32/0x80 [ 129.912567][ T1139] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 129.914868][ T1139] [ 129.915633][ T1139] The buggy address belongs to the object at ffff8880210a3c00 [ 129.915633][ T1139] which belongs to the cache kmalloc-512 of size 512 [ 129.919485][ T1139] The buggy address is located 9 bytes inside of [ 129.919485][ T1139] freed 512-byte region [ffff8880210a3c00, ffff8880210a3e00) [ 129.923275][ T1139] [ 129.924241][ T1139] The buggy address belongs to the physical page: [ 129.926701][ T1139] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x210a0 [ 129.930033][ T1139] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 129.932672][ T1139] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 129.935453][ T1139] page_type: f5(slab) [ 129.936588][ T1139] raw: 00fff00000000040 ffff88801b442c80 ffffea000089b700 dead000000000002 [ 129.939287][ T1139] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 129.942483][ T1139] head: 00fff00000000040 ffff88801b442c80 ffffea000089b700 dead000000000002 [ 129.945789][ T1139] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 129.948813][ T1139] head: 00fff00000000002 ffffea0000842801 00000000ffffffff 00000000ffffffff [ 129.951248][ T1139] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 129.953905][ T1139] page dumped because: kasan: bad access detected [ 129.956344][ T1139] page_owner tracks the page as allocated [ 129.958500][ T1139] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 6589, tgid 6585 (syz.1.126), ts 70043123461, free_ts 66720379387 [ 129.965221][ T1139] post_alloc_hook+0x181/0x1b0 [ 129.966626][ T1139] get_page_from_freelist+0x1193/0x39b0 [ 129.968210][ T1139] __alloc_frozen_pages_noprof+0x5a8/0x23a0 [ 129.969829][ T1139] new_slab+0x94/0x330 [ 129.970941][ T1139] ___slab_alloc+0xd9c/0x1940 [ 129.972519][ T1139] __slab_alloc.constprop.0+0x56/0xb0 [ 129.974538][ T1139] __kmalloc_node_noprof+0x2ed/0x500 [ 129.976659][ T1139] alloc_slab_obj_exts+0x41/0xa0 [ 129.978564][ T1139] __memcg_slab_post_alloc_hook+0x27b/0x940 [ 129.980800][ T1139] __kmalloc_cache_noprof+0x33b/0x3e0 [ 129.982799][ T1139] kvm_dev_ioctl+0x15b8/0x1ad0 [ 129.984199][ T1139] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 129.985671][ T1139] __do_fast_syscall_32+0x73/0x120 [ 129.987120][ T1139] do_fast_syscall_32+0x32/0x80 [ 129.988514][ T1139] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 129.990282][ T1139] page last free pid 6051 tgid 6051 stack trace: [ 129.992046][ T1139] __free_frozen_pages+0x69d/0xff0 [ 129.993655][ T1139] qlist_free_all+0x4e/0x120 [ 129.995463][ T1139] kasan_quarantine_reduce+0x195/0x1e0 [ 129.997582][ T1139] __kasan_slab_alloc+0x69/0x90 [ 129.999390][ T1139] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 130.001255][ T1139] getname_flags.part.0+0x48/0x540 [ 130.002917][ T1139] getname_flags+0x93/0xf0 [ 130.004203][ T1139] __ia32_sys_statx+0x1ab/0x1f0 [ 130.005561][ T1139] __do_fast_syscall_32+0x73/0x120 [ 130.006896][ T1139] do_fast_syscall_32+0x32/0x80 [ 130.008201][ T1139] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 130.010321][ T1139] [ 130.011195][ T1139] Memory state around the buggy address: [ 130.012868][ T1139] ffff8880210a3b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 130.015980][ T1139] ffff8880210a3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 130.019066][ T1139] >ffff8880210a3c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 130.022135][ T1139] ^ [ 130.023824][ T1139] ffff8880210a3c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 130.026543][ T1139] ffff8880210a3d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 130.029316][ T1139] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 130.051721][ T1139] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 130.053870][ T1139] CPU: 3 UID: 0 PID: 1139 Comm: kworker/u32:7 Not tainted 6.14.0-syzkaller-13408-g9f867ba24d36 #0 PREEMPT(full) [ 130.057118][ T1139] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 130.060229][ T1139] Workqueue: events_unbound commit_work [ 130.061746][ T1139] Call Trace: [ 130.062685][ T1139] [ 130.063524][ T1139] dump_stack_lvl+0x3d/0x1f0 [ 130.064849][ T1139] panic+0x71c/0x800 [ 130.065950][ T1139] ? __pfx_panic+0x10/0x10 [ 130.067197][ T1139] ? irqentry_exit+0x3b/0x90 [ 130.068451][ T1139] ? lockdep_hardirqs_on+0x7c/0x110 [ 130.069900][ T1139] ? preempt_schedule_thunk+0x16/0x30 [ 130.071389][ T1139] ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0 [ 130.073392][ T1139] ? preempt_schedule_common+0x44/0xc0 [ 130.074949][ T1139] ? check_panic_on_warn+0x1f/0xb0 [ 130.076415][ T1139] ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0 [ 130.078398][ T1139] check_panic_on_warn+0xab/0xb0 [ 130.079779][ T1139] end_report+0x107/0x170 [ 130.080982][ T1139] kasan_report+0xee/0x110 [ 130.082223][ T1139] ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0 [ 130.084211][ T1139] drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0 [ 130.086210][ T1139] ? preempt_schedule_thunk+0x16/0x30 [ 130.087756][ T1139] ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10 [ 130.089851][ T1139] ? _raw_spin_unlock_irqrestore+0x61/0x80 [ 130.091475][ T1139] ? drm_atomic_helper_commit_hw_done+0x330/0x490 [ 130.093205][ T1139] drm_atomic_helper_commit_tail+0xcb/0xf0 [ 130.094836][ T1139] commit_tail+0x35b/0x400 [ 130.096117][ T1139] process_one_work+0x9cc/0x1b70 [ 130.097513][ T1139] ? __pfx_batadv_nc_worker+0x10/0x10 [ 130.099032][ T1139] ? __pfx_process_one_work+0x10/0x10 [ 130.100527][ T1139] ? assign_work+0x1a0/0x250 [ 130.101821][ T1139] worker_thread+0x6c8/0xf10 [ 130.103127][ T1139] ? __pfx_worker_thread+0x10/0x10 [ 130.104548][ T1139] kthread+0x3c2/0x780 [ 130.105741][ T1139] ? __pfx_kthread+0x10/0x10 [ 130.107120][ T1139] ? __pfx_kthread+0x10/0x10 [ 130.108419][ T1139] ? __pfx_kthread+0x10/0x10 [ 130.109717][ T1139] ? __pfx_kthread+0x10/0x10 [ 130.111034][ T1139] ? rcu_is_watching+0x12/0xc0 [ 130.112375][ T1139] ? __pfx_kthread+0x10/0x10 [ 130.113666][ T1139] ret_from_fork+0x45/0x80 [ 130.114932][ T1139] ? __pfx_kthread+0x10/0x10 [ 130.116232][ T1139] ret_from_fork_asm+0x1a/0x30 [ 130.117587][ T1139] [ 130.119033][ T1139] Kernel Offset: disabled [ 130.120231][ T1139] Rebooting in 86400 seconds.. VM DIAGNOSIS: 05:41:18 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=fffffbfff1c02240 RCX=ffffffff81ac972a RDX=ffffffff8e097740 RSI=ffffffff81ac9739 RDI=0000000000000007 RBP=fffffbfff1c02250 RSP=ffffffff8e007c70 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=ffffffff8e007cd8 R13=0000000000000000 R14=ffffffff90867310 R15=0000000000000000 RIP=ffffffff81ac9749 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977b9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080a87000 CR3=0000000069ece000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000014400000000 0000000300000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000001 RBX=ffff888052a92758 RCX=ffffc9000d381000 RDX=0000000000080000 RSI=ffffffff8183b285 RDI=ffffffff8183b28a RBP=0000000000000200 RSP=ffffc900073afad8 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000200 R11=0000000000000000 R12=0000000000000008 R13=ffff88801b489000 R14=0000000000000001 R15=ffff888023946d00 RIP=ffffffff81c302b0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880978b9000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080a9d000 CR3=0000000069ece000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000014400000000 0000000300000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000063 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff854bd545 RDI=ffffffff9ae12bc0 RBP=ffffffff9ae12b80 RSP=ffffc90006a7f508 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3031323038386552 R12=0000000000000000 R13=0000000000000063 R14=ffffffff9ae12b80 R15=ffffffff854bd4e0 RIP=ffffffff854bd56f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880979b9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000008089f000 CR3=000000004e4f8000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000155a93 RBX=0000000000000003 RCX=ffffffff8b700439 RDX=0000000000000000 RSI=ffffffff8dbeaaf3 RDI=ffffffff8bf45180 RBP=ffffed1003b58000 RSP=ffffc9000048fdf8 R8 =0000000000000001 R9 =ffffed10056a65bd R10=ffff88802b532deb R11=0000000000000000 R12=0000000000000003 R13=ffff88801dac0000 R14=ffffffff90867310 R15=0000000000000000 RIP=ffffffff8b6feccf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097ab9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002e3f7ffc CR3=000000002493e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000200000 Opmask01=0000000000000002 Opmask02=0000000002000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff48026610 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6565656565656565 6565656565656565 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffff0000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f6e3a6d5e007325 2e73250064252e73 2500656c6f736e6f 632f7665642f000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4b1f485e005600 0b56000041000b56 000040494a564b4a 460a5340410a000a ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 30342e3020206463 6969654464636220 2c31613461203539 323736393439000a ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000