last executing test programs: 8m43.374697233s ago: executing program 1 (id=15346): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x34, 0x2c, 0x6f14cf9ac61f9c9b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}}, 0x24000000) r0 = syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000740)={0x53, 0x0, 0xa, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000000)="28f8a81b133d", 0x0, 0x0, 0x0, 0x0, 0x0}) 8m43.313001253s ago: executing program 1 (id=15347): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) lgetxattr(0x0, 0x0, 0x0, 0x0) migrate_pages(0x0, 0x9, 0x0, &(0x7f0000000080)=0x3) 8m43.232242917s ago: executing program 1 (id=15349): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0xd, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfff}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}, @call={0x85, 0x0, 0x0, 0xa0}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) 8m43.152940183s ago: executing program 1 (id=15354): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0) umount2(&(0x7f0000000100)='./file0\x00', 0x8) 8m43.149942253s ago: executing program 1 (id=15355): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280), 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000180)={r0}, 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000890200000000000095"], &(0x7f0000000d40)='syzkaller\x00'}, 0x90) 8m42.909191997s ago: executing program 32 (id=15360): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/mdstat\x00', 0x0, 0x0) r1 = epoll_create(0x3) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x10000000}) 8m42.221843313s ago: executing program 1 (id=15363): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'sit0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, r1, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x1, 0xa}}]}}, @TCA_RATE={0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x48801}, 0x4) 8m42.141096976s ago: executing program 33 (id=15363): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'sit0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, r1, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x1, 0xa}}]}}, @TCA_RATE={0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x48801}, 0x4) 7m42.97922034s ago: executing program 3 (id=16730): syz_open_dev$MSR(&(0x7f0000000000), 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc02063a1, 0x0) 7m42.908396747s ago: executing program 3 (id=16731): r0 = msgget$private(0x0, 0x80) msgrcv(r0, &(0x7f0000000100)={0x0, ""/22}, 0x1e, 0x1, 0x2000) msgsnd(r0, &(0x7f00000036c0)={0x3}, 0x8, 0x0) 7m42.799726841s ago: executing program 3 (id=16734): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) close(r0) 7m42.753601057s ago: executing program 3 (id=16737): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1000, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pim6reg1\x00', 0x2}) ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x8b054c1ea4241377) 7m42.423946104s ago: executing program 3 (id=16743): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_GET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000400008000000180004801300010062726b616491bd476042636173742d"], 0x2c}}, 0x0) 7m37.68450482s ago: executing program 3 (id=16769): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000001080)={0xc, {"a2e3ad21ed0d30f91b5d310987f70e06d038e7ff7fc6e5539b3263298b089b0708356e090890e0878f0e1ac6e7049b3350959bfc9b240d2567f3988f7ef319520100ffe8d178708c523c921b1b9b31300d075d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a204f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c198045651cf4778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b54b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5e3728ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000004000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5182cff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec6800068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000681e6756", 0x1000}}, 0x1006) 7m37.508124441s ago: executing program 34 (id=16769): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000001080)={0xc, {"a2e3ad21ed0d30f91b5d310987f70e06d038e7ff7fc6e5539b3263298b089b0708356e090890e0878f0e1ac6e7049b3350959bfc9b240d2567f3988f7ef319520100ffe8d178708c523c921b1b9b31300d075d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a204f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c198045651cf4778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b54b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5e3728ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000004000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5182cff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec6800068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000681e6756", 0x1000}}, 0x1006) 6m41.54405264s ago: executing program 5 (id=18361): syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') writev(r0, &(0x7f0000000080)=[{&(0x7f0000000000)="ed", 0x1}], 0x1) 6m41.543461157s ago: executing program 5 (id=18363): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000001180)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x80000000, 0x25dfdbfb, {0xa, 0x80, 0x80}, [@RTA_DST={0x8, 0x1, @broadcast}]}, 0x24}}, 0x20000050) 6m41.503909111s ago: executing program 5 (id=18366): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0xc8902, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000040)=0x3) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000000)=0xa833) 6m41.322322591s ago: executing program 5 (id=18374): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r0, 0x8910, &(0x7f0000000000)={'vlan0\x00', @ifru_ivalue=0x6}) ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000)) 6m41.212980672s ago: executing program 5 (id=18379): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) fstat(r0, &(0x7f0000000300)) 6m41.146723975s ago: executing program 5 (id=18380): r0 = socket(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e) ioctl$SIOCRSGCAUSE(r0, 0x89e0, 0x0) 6m11.096284607s ago: executing program 35 (id=18380): r0 = socket(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e) ioctl$SIOCRSGCAUSE(r0, 0x89e0, 0x0) 6m8.715339762s ago: executing program 6 (id=18806): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0xeb, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) syz_emit_ethernet(0x6e, &(0x7f0000000340)={@multicast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "02adf7", 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "fd9063", 0x0, 0x3a, 0x0, @private0, @loopback={0x0, 0xffffac1414aa}, [], "1e520b4c951ee12e"}}}}}}}, 0x0) 6m8.624538601s ago: executing program 6 (id=18809): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f00000010c0)={0xc, {"a2e3ad21ed0d52f91b5d310987f70e06d038e7ff7fc6e5539b326d298b089b0708376d090890e0878f0e1ac6e7049b3350959bfc9a240d2567f3988f7ef319520100ffe8d178708c523c921b1b9b31070d074b0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c198045651cf4778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e248561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868f2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 6m8.455114915s ago: executing program 6 (id=18812): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) remap_file_pages(&(0x7f0000686000/0x1000)=nil, 0x1000, 0x0, 0x600, 0x40) 6m8.048251376s ago: executing program 6 (id=18824): r0 = socket$packet(0x11, 0x3, 0x300) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000001380)='ns/user\x00') open_by_handle_at(r1, &(0x7f0000000040)=ANY=[@ANYRES64=r0], 0x0) 6m7.957974309s ago: executing program 6 (id=18827): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x100) fcntl$notify(r0, 0x402, 0x8000000b) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x20) 6m7.872316265s ago: executing program 6 (id=18830): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x10, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@call={0x85, 0x0, 0x0, 0x7}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x16) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 5m45.097070031s ago: executing program 36 (id=18830): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x10, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@call={0x85, 0x0, 0x0, 0x7}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x16) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2m28.880642891s ago: executing program 8 (id=23752): socketpair$unix(0x1, 0x2, 0x0, 0x0) unshare(0x2c020400) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) fsync(r0) 2m28.614244067s ago: executing program 8 (id=23757): r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000300)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_SEC_PARAMS(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000b00)={0x40, r0, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_OUT_LEVEL={0x8}, @NL802154_ATTR_SEC_OUT_KEY_ID={0x1c, 0x2b, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x7}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x2004c015}, 0x810) 2m28.516389655s ago: executing program 8 (id=23758): r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000006c0)={0xb, 0x1, 0x2, 0x0, 0xf}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1) ppoll(&(0x7f0000000340)=[{r0, 0x433}], 0x1, 0x0, 0x0, 0x0) 2m28.398210499s ago: executing program 8 (id=23760): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@newtaction={0x194, 0x30, 0xc96f2b0dc02612b1, 0x71bd23, 0x25dfdbff, {}, [{0x180, 0x1, [@m_ife={0x5c, 0xb, 0x0, 0x0, {{0x8}, {0x4}, {0x31, 0x6, "ea24464decc1b2772ce0e9d802b5374a8d6638c9f5d62d73097ad328a4154dd4046c261a61dc99ee70038b3509"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_csum={0xc8, 0x14, 0x0, 0x0, {{0x9}, {0x4}, {0x99, 0x6, "576458eea52fd27eec92e713a172e757e1f62fe8475fa8817d9bd39d398251801f64d9b8e312b47b111ff094a2f452e1fd749b169123625c664a63e06baa8402c6b5fe34fbffaf329e5589fe1d00f704d8d13b0100000081ec7a1e9e21427be570631961812505684e260d3f73821a372961e6acf9f73f3ab3a6d19010c501877fc1573ff3fe388a502702c7e7d4eb99cd479f52be"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_bpf={0x58, 0x9, 0x0, 0x0, {{0x8}, {0x4}, {0x2d, 0x6, "a09e88b2fa7e2ad0dddad3cdaa9b380000006034293d9d0e7476f9878bc66aa46fe4468bd19b5780d1"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0x194}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x8804, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x9}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000880)=""/191, 0x41}, 0x2ad6}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 2m28.343795699s ago: executing program 8 (id=23761): sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4040090}, 0x2400c8c1) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x183) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40086602, &(0x7f0000000000)) linkat(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./file7\x00', 0x1000) 2m28.280887892s ago: executing program 8 (id=23762): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = socket$rxrpc(0x21, 0x2, 0x2) bind$rxrpc(r1, &(0x7f00000001c0)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1b}}}, 0x24) close_range(r0, 0xffffffffffffffff, 0x0) 2m12.214761328s ago: executing program 37 (id=23762): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = socket$rxrpc(0x21, 0x2, 0x2) bind$rxrpc(r1, &(0x7f00000001c0)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1b}}}, 0x24) close_range(r0, 0xffffffffffffffff, 0x0) 1m47.55125747s ago: executing program 0 (id=24499): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil}) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000c33000/0x4000)=nil}) 1m47.306100772s ago: executing program 0 (id=24506): syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x2) close_range(r0, 0xffffffffffffffff, 0x0) 1m47.229009227s ago: executing program 0 (id=24508): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000740)=@newtaction={0x98, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x84, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x80d, 0x0, 0x10000000, 0x5, 0x4}, 0x1, r2}}]}, {0x0, 0xa}, {0xc}, {0xc, 0x8, {0x2}}}}, @m_mpls={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x1}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x4008001}, 0x0) 1m47.177048947s ago: executing program 0 (id=24509): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0x2710, @local}, 0x10) listen(r0, 0x0) connect$vsock_stream(r0, 0x0, 0x0) 1m47.176645639s ago: executing program 0 (id=24510): r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x8]}, 0x8, 0x80000) read$FUSE(r0, &(0x7f0000000140)={0x2020}, 0x2020) unshare(0x4020400) signalfd4(r0, &(0x7f0000000040)={[0xffffffffffff0150]}, 0x8, 0x80800) 1m46.168979157s ago: executing program 0 (id=24527): r0 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x123081) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_DISCONNECT(r0, 0xab08) 1m30.082207845s ago: executing program 38 (id=24527): r0 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x123081) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_DISCONNECT(r0, 0xab08) 2.074117994s ago: executing program 9 (id=26482): syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f0000000040)=0x80000001, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x2c, &(0x7f0000000000)={0x0, 0x0}, 0x10) 2.069567671s ago: executing program 9 (id=26484): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000001240)={0xffffffffffffffff}, 0x111, 0xc}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0x6, @loopback}, {0xa, 0x4e24, 0x101, @mcast2, 0x7}, r1, 0x9}}, 0x48) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f00000000c0)={0x12, 0x10, 0xfa00, {&(0x7f0000000000), r1, r0}}, 0x18) 1.990812307s ago: executing program 9 (id=26486): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d40)=@newqdisc={0x14c, 0x24, 0x3fe3aa0262d8c783, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x11c, 0x2, [@TCA_CHOKE_STAB={0x104, 0x2, "dc542b4e237011fb04000000806571a8633206e26df63a43bbc516382325dedd79c1cf0a26379dfaf72cb5ab9ab7efe16f312ee9ab598d1ac0d7903ac69c51f1b6842ebecf00dec5deff737b59f0c1f0b57cc6c2b7b8c5b2c527aafa57222f4bd2355ccab39fa20d4033b6b687491532080101805feb9c6fa8a56a77186efcb394ce1a1cd7f2130835e3bf9e3ac25d0a102a808be13beb51f37da6d10046f131834545ee5013f43e41e91eb18a12c28540ab4106286e0f7568f6a9cd0c0da51df08e42848096b25d455ebec9adfd6e493d8c9725bc2d49bbbae0a5375b359f91d9dad20ed109ffbc52469cffd2cf5df7773f7a4c72ae167485315c326281efc4"}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x1f, 0x0, 0xffffffff}}]}}]}, 0x14c}}, 0x0) 1.836167527s ago: executing program 9 (id=26487): r0 = msgget$private(0x0, 0x1c0) msgsnd(r0, &(0x7f0000000240)={0x1}, 0x8, 0x0) msgsnd(r0, &(0x7f0000000300)={0x2}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) 1.771685536s ago: executing program 9 (id=26488): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 818.155387ms ago: executing program 9 (id=26502): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000400)=ANY=[@ANYBLOB="1201000009b768405e0483020b9901e40201090227000100000000090400fb015cc7aa00090509"], 0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x3, 0x101000) syz_usb_disconnect(r0) syz_usb_connect$printer(0x5, 0x36, &(0x7f0000000040)=ANY=[], &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x0, 0x0}, {0x0, 0x0}, {0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0xfcff}}]}) 817.668621ms ago: executing program 7 (id=26503): timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) setpgid(0x0, 0x0) 808.897223ms ago: executing program 2 (id=26504): mount$9p_unix(&(0x7f0000000240)='./cgroup.cpu/cpuset.cpus\x00', 0x0, 0x0, 0x12c9498, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x1a, &(0x7f0000000240)={0x1, 'veth0_to_team\x00'}, 0x18) 726.064381ms ago: executing program 2 (id=26505): r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000002c0)="ff", 0x1, 0xffffffffffffffff) r1 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000240)) keyctl$KEYCTL_MOVE(0x1e, r0, 0xffffffffffffffff, r1, 0x0) 711.326099ms ago: executing program 4 (id=26506): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x18, 0x10, 0x3}, @TCA_FQ_FLOW_MAX_RATE={0x2, 0x2}, @TCA_FQ_QUANTUM={0x2, 0x2}]}}]}, 0x48}}, 0x0) 648.100103ms ago: executing program 2 (id=26507): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r1, 0x1, 0x22, &(0x7f0000000100)=0xffff, 0x4) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000200)="c1", 0x1}], 0x1) recvmmsg(r1, &(0x7f0000000480)=[{{0x0, 0x0, 0x0}, 0x7fff}], 0x1, 0x0, 0x0) 569.636991ms ago: executing program 4 (id=26508): r0 = socket$inet(0x2, 0x802, 0x1) connect$inet(r0, &(0x7f0000002780)={0x2, 0x4e22, @remote}, 0x10) write(r0, &(0x7f0000000000)="08001800000020a3", 0x8) read(r0, &(0x7f0000000040)=""/14, 0xe) 569.184321ms ago: executing program 2 (id=26509): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) ioctl$PPPIOCGL2TPSTATS(r0, 0x80487436, 0x0) 566.112636ms ago: executing program 4 (id=26510): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x20008040}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x54, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0xfffff274}]}}}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x7c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) syz_emit_ethernet(0xd2, &(0x7f00000000c0)={@multicast, @random="fd137b07daa7", @void, {@ipv6={0x86dd, @udp={0x5, 0x6, '\x00', 0x9c, 0x11, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast2, {[], {0x4e20, 0x4e22, 0x9c, 0x0, @wg=@initiation={0x1, 0x1, "627101eacc10ca6d093bd4577d5d2ae087978621d37488ae86b19d606fa27133", "f3d48c2a6ff47404661725fffb72fab0704cd53365f4a6bf682a93433a6db658c01fe85934b1ad810abc525a7d95d97c", "0cadc8c751ed7ef36e3db46bb501bc122f9983a006facab04d9fd416", {"645c6bc6031b2570cdcd5f1d9c4c55ec", "153ce1c27a9aa07b66137c6249b87d42"}}}}}}}}, 0x0) 544.200245ms ago: executing program 7 (id=26511): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) fchown(0xffffffffffffffff, 0x0, 0x0) 477.832132ms ago: executing program 2 (id=26512): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 422.640877ms ago: executing program 2 (id=26513): r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(r1, 0x0, 0x0) setresuid(0x0, 0x0, 0xee00) 421.385586ms ago: executing program 4 (id=26514): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) acct(0x0) 231.492895ms ago: executing program 7 (id=26515): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002880)={0x28, r1, 0x625, 0xfffffffc, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES={0x5, 0x8, 0x9}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000004}, 0x240009c0) 133.561814ms ago: executing program 7 (id=26516): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7000010000000f000000080034000400000008000300", @ANYRES32=r2, @ANYBLOB="0500330081"], 0x2c}}, 0x80) 126.671893ms ago: executing program 4 (id=26517): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$hpet(0xffffffffffffff9c, &(0x7f0000002500), 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0x6804, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 125.919841ms ago: executing program 7 (id=26518): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f80)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}}, 0x0) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x14, 0x15, 0xa, 0x201}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x24040808) 2.609373ms ago: executing program 4 (id=26519): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)={0x50, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x1000, 0x3, 0x3, 0x0, {0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0x1, 0x1}, 0x1, 0x1, 0x6}}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98a}]]}, 0x50}, 0x1, 0x0, 0x0, 0x4008010}, 0x4800) 0s ago: executing program 7 (id=26520): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000000), r0) sendmsg$NLBL_MGMT_C_PROTOCOLS(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r1, 0x301}, 0x14}}, 0x0) syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), r0) kernel console output (not intermixed with test programs): 432][T13097] hub 5-1:0.0: probe with driver hub failed with error -5 [ 656.275301][T13097] usb 5-1: selecting invalid altsetting 0 [ 656.340608][T22566] bond1: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 656.388340][T22566] bond1 (unregistering): Released all slaves [ 656.600501][ T8925] usb 5-1: USB disconnect, device number 18 [ 656.739849][ T6140] Bluetooth: hci3: command 0x0c1a tx timeout [ 657.582997][T22627] input: syz1 as /devices/virtual/input/input62 [ 657.585992][T22627] input: failed to attach handler leds to device input62, error: -6 [ 658.525613][T22671] netlink: 31 bytes leftover after parsing attributes in process `syz.0.23081'. [ 658.529348][T22671] netlink: 208 bytes leftover after parsing attributes in process `syz.0.23081'. [ 658.532246][T22671] netlink: 31 bytes leftover after parsing attributes in process `syz.0.23081'. [ 658.802303][ T8951] hid_parser_main: 12 callbacks suppressed [ 658.802323][ T8951] hid-generic 0000:0000:0000.000A: unknown main item tag 0x7 [ 658.808678][ T8951] hid-generic 0000:0000:0000.000A: ignoring exceeding usage max [ 658.813280][ T8951] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 658.816469][ T8951] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 658.828612][ T8951] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 658.834575][ T8951] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 658.842748][ T8951] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 658.848672][ T8951] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 658.851863][ T8951] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 658.855024][ T8951] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 658.866738][ T8951] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 658.875849][ T8951] hid-generic 0000:0000:0000.000A: hidraw1: HID v0.00 Device [syz0] on syz0 [ 659.047839][T22693] fido_id[22693]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 659.077503][T22702] netlink: 'syz.7.23095': attribute type 3 has an invalid length. [ 659.087044][T22702] netlink: 'syz.7.23095': attribute type 1 has an invalid length. [ 659.105259][T22702] netlink: 212 bytes leftover after parsing attributes in process `syz.7.23095'. [ 659.114201][T22702] NCSI netlink: No device for ifindex 813332851 [ 659.181833][T22708] netlink: 'syz.4.23096': attribute type 3 has an invalid length. [ 659.185883][T22708] netlink: 8 bytes leftover after parsing attributes in process `syz.4.23096'. [ 659.282169][T22718] Bluetooth: MGMT ver 1.23 [ 660.192405][ T8951] usb 12-1: new high-speed USB device number 8 using dummy_hcd [ 660.353487][ T8951] usb 12-1: too many configurations: 9, using maximum allowed: 8 [ 660.357974][ T8951] usb 12-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 660.361802][ T8951] usb 12-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 660.366678][ T8951] usb 12-1: config 0 interface 0 has no altsetting 0 [ 660.370557][ T8951] usb 12-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 660.375007][ T8951] usb 12-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 660.379503][ T8951] usb 12-1: config 0 interface 0 has no altsetting 0 [ 660.383304][ T8951] usb 12-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 660.387831][ T8951] usb 12-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 660.392323][ T8951] usb 12-1: config 0 interface 0 has no altsetting 0 [ 660.396205][ T8951] usb 12-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 660.399884][ T8951] usb 12-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 660.404140][ T8951] usb 12-1: config 0 interface 0 has no altsetting 0 [ 660.408711][ T8951] usb 12-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 660.412673][ T8951] usb 12-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 660.417674][ T8951] usb 12-1: config 0 interface 0 has no altsetting 0 [ 660.425007][ T8951] usb 12-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 660.432326][ T8951] usb 12-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 660.437473][ T8951] usb 12-1: config 0 interface 0 has no altsetting 0 [ 660.446520][ T8951] usb 12-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 660.451999][ T8951] usb 12-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 660.457587][ T8951] usb 12-1: config 0 interface 0 has no altsetting 0 [ 660.463367][ T8951] usb 12-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 660.467563][ T8951] usb 12-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 660.473942][ T8951] usb 12-1: config 0 interface 0 has no altsetting 0 [ 660.478963][ T8951] usb 12-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 660.484873][ T8951] usb 12-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 660.488862][ T8951] usb 12-1: Product: syz [ 660.498631][ T8951] usb 12-1: Manufacturer: syz [ 660.500684][ T8951] usb 12-1: SerialNumber: syz [ 660.506193][ T8951] usb 12-1: config 0 descriptor?? [ 660.517377][ T8951] yurex 12-1:0.0: USB YUREX device now attached to Yurex #0 [ 660.742604][ T8951] usb 12-1: USB disconnect, device number 8 [ 660.752998][ T8951] yurex 12-1:0.0: USB YUREX #0 now disconnected [ 661.782858][T22815] loop5: detected capacity change from 0 to 7 [ 661.856277][T22815] Dev loop5: unable to read RDB block 7 [ 661.858780][T22815] loop5: unable to read partition table [ 661.861734][T22815] loop5: partition table beyond EOD, truncated [ 661.864473][T22815] loop_reread_partitions: partition scan of loop5 () failed (rc=-5) [ 662.481036][T22816] loop5: detected capacity change from 7 to 0 [ 663.372582][T22871] binder: 22870:22871 ioctl c0306201 80000640 returned -22 [ 664.660011][T22900] bridge1: entered promiscuous mode [ 664.666491][T22900] team0: Device bridge1 is up. Set it down before adding it as a team port [ 665.170616][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 665.170627][ T40] audit: type=1326 audit(885.746:25844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22921 comm="syz.0.23194" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 665.182520][ T40] audit: type=1326 audit(885.746:25845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22921 comm="syz.0.23194" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 665.192677][ T40] audit: type=1326 audit(885.746:25846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22921 comm="syz.0.23194" exe="/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 665.204460][ T40] audit: type=1326 audit(885.746:25847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22921 comm="syz.0.23194" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 665.214989][ T40] audit: type=1326 audit(885.746:25848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22921 comm="syz.0.23194" exe="/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 665.233061][ T40] audit: type=1326 audit(885.746:25849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22921 comm="syz.0.23194" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 665.242098][ T40] audit: type=1326 audit(885.746:25850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22921 comm="syz.0.23194" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 665.251295][ T40] audit: type=1326 audit(885.746:25851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22921 comm="syz.0.23194" exe="/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 665.261463][ T40] audit: type=1326 audit(885.746:25852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22921 comm="syz.0.23194" exe="/syz-executor" sig=0 arch=40000003 syscall=252 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 665.479301][ T40] audit: type=1326 audit(886.036:25853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22942 comm="syz.8.23204" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ad579 code=0x7ffc0000 [ 665.524846][T22947] lo: left promiscuous mode [ 665.539860][T22947] ip6_vti0 speed is unknown, defaulting to 1000 [ 665.543529][T22947] ip6_vti0 speed is unknown, defaulting to 1000 [ 665.546899][T22947] ip6_vti0 speed is unknown, defaulting to 1000 [ 665.677701][ T29] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 665.728735][T22947] infiniband syz2: set down [ 665.730662][ T8925] ip6_vti0 speed is unknown, defaulting to 1000 [ 665.733513][T22947] infiniband syz2: added ip6_vti0 [ 665.778353][T22947] RDS/IB: syz2: added [ 665.780105][T22947] smc: adding ib device syz2 with port count 1 [ 665.784786][T22947] smc: ib device syz2 port 1 has no pnetid [ 665.787201][T13097] ip6_vti0 speed is unknown, defaulting to 1000 [ 665.790442][T22947] ip6_vti0 speed is unknown, defaulting to 1000 [ 665.837932][ T29] usb 5-1: Using ep0 maxpacket: 8 [ 665.841579][ T29] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 665.846038][ T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 665.863852][ T29] pvrusb2: Hardware description: Terratec Grabster AV400 [ 665.866886][ T29] pvrusb2: ********** [ 665.868659][ T29] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 665.875049][ T29] pvrusb2: Important functionality might not be entirely working. [ 665.878491][ T29] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 665.885906][ T29] pvrusb2: ********** [ 665.982807][T22947] ip6_vti0 speed is unknown, defaulting to 1000 [ 665.998126][T22969] macvlan2: entered promiscuous mode [ 666.000489][T22969] bridge0: entered promiscuous mode [ 666.091096][ T2485] pvrusb2: Invalid write control endpoint [ 666.128606][ T2485] pvrusb2: Invalid write control endpoint [ 666.130515][ T2485] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 666.133955][ T2485] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 666.135422][T22947] ip6_vti0 speed is unknown, defaulting to 1000 [ 666.136892][ T2485] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 666.136903][ T2485] pvrusb2: Device being rendered inoperable [ 666.136952][ T2485] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 666.137016][ T2485] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 666.139408][ T2485] pvrusb2: Attached sub-driver cx25840 [ 666.158242][ T2485] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 666.163077][ T2485] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 666.280876][T22947] ip6_vti0 speed is unknown, defaulting to 1000 [ 666.301733][T22939] pvrusb2: Attempted to execute control transfer when device not ok [ 666.308853][ T29] usb 5-1: USB disconnect, device number 19 [ 666.451052][T22947] ip6_vti0 speed is unknown, defaulting to 1000 [ 666.888942][T22988] dlm: non-version read from control device 34 [ 666.923218][T22990] netlink: 8 bytes leftover after parsing attributes in process `syz.0.23226'. [ 666.927150][T22990] netlink: 'syz.0.23226': attribute type 18 has an invalid length. [ 666.930589][T22990] netlink: 4 bytes leftover after parsing attributes in process `syz.0.23226'. [ 668.314750][T23045] netlink: 4 bytes leftover after parsing attributes in process `syz.0.23252'. [ 668.470256][T23053] kvm: kvm [23052]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x11e) = 0x1 [ 669.068624][T23093] random: crng reseeded on system resumption [ 669.146272][T23097] netlink: 4 bytes leftover after parsing attributes in process `syz.7.23278'. [ 669.152564][T23097] netlink: 4 bytes leftover after parsing attributes in process `syz.7.23278'. [ 669.251564][T23104] trusted_key: encrypted_key: keyword 'upmate' not recognized [ 669.580814][T23124] netlink: 'syz.0.23290': attribute type 12 has an invalid length. [ 669.584584][T23124] netlink: 190972 bytes leftover after parsing attributes in process `syz.0.23290'. [ 670.887787][T23186] Attempt to restore checkpoint with obsolete wellknown handles [ 671.382822][T23205] syz_tun: entered allmulticast mode [ 671.386874][T23204] syz_tun: left allmulticast mode [ 671.579815][T23216] netlink: 16186 bytes leftover after parsing attributes in process `syz.7.23330'. [ 672.492758][T23262] netlink: 'syz.7.23351': attribute type 4 has an invalid length. [ 672.496541][T23262] netlink: 'syz.7.23351': attribute type 8 has an invalid length. [ 672.500280][T23262] netlink: 212 bytes leftover after parsing attributes in process `syz.7.23351'. [ 672.553126][T23267] netlink: 8 bytes leftover after parsing attributes in process `syz.8.23353'. [ 672.557567][T23267] netem: unknown loss type 0 [ 672.560507][T23267] netem: change failed [ 672.608535][T23269] netlink: 12 bytes leftover after parsing attributes in process `syz.7.23355'. [ 673.046654][T23285] loop9: detected capacity change from 0 to 7 [ 673.049851][T23285] Dev loop9: unable to read RDB block 7 [ 673.052148][T23285] loop9: unable to read partition table [ 673.056256][T23285] loop9: partition table beyond EOD, truncated [ 673.061062][T23285] loop_reread_partitions: partition scan of loop9 (被x ) failed (rc=-5) [ 673.356606][T23298] binder: Binderfs stats mode cannot be changed during a remount [ 673.642236][ T8951] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 673.812153][ T8951] usb 5-1: Using ep0 maxpacket: 16 [ 673.817349][ T8951] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 673.825620][ T8951] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 673.830973][ T8951] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 673.846526][ T8951] usb 5-1: Product: syz [ 673.848426][ T8951] usb 5-1: Manufacturer: syz [ 673.851562][ T8951] usb 5-1: SerialNumber: syz [ 673.866637][ T8951] usb 5-1: config 0 descriptor?? [ 673.899356][ T8951] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 673.905517][ T8951] em28xx 5-1:0.0: DVB interface 0 found: bulk [ 674.188389][ T8951] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 674.264002][ T8951] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 674.267160][ T8951] em28xx 5-1:0.0: board has no eeprom [ 674.338405][ T8951] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 674.344025][ T8951] em28xx 5-1:0.0: dvb set to bulk mode. [ 674.355174][T23300] em28xx 5-1:0.0: writing to i2c device at 0x0 failed (error=-5) [ 674.372787][ T8951] usb 5-1: USB disconnect, device number 20 [ 674.375804][T14398] em28xx 5-1:0.0: Binding DVB extension [ 674.382160][ T8951] em28xx 5-1:0.0: Disconnecting em28xx [ 674.443549][T14398] em28xx 5-1:0.0: Registering input extension [ 674.446130][ T8951] em28xx 5-1:0.0: Closing input extension [ 674.471200][ T8951] em28xx 5-1:0.0: Freeing device [ 674.950777][T23343] netlink: 8 bytes leftover after parsing attributes in process `syz.0.23388'. [ 674.954636][T23343] netlink: 24 bytes leftover after parsing attributes in process `syz.0.23388'. [ 675.375137][T23361] netlink: 24 bytes leftover after parsing attributes in process `syz.0.23398'. [ 675.846566][T23396] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 676.338165][T23420] netlink: 20 bytes leftover after parsing attributes in process `syz.4.23425'. [ 677.118618][ T29] kernel read not supported for file /dsp (pid: 29 comm: kworker/1:0) [ 677.187070][T23467] loop8: detected capacity change from 0 to 7 [ 677.196244][T15527] loop8: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2 [ 677.199313][T15527] loop8: partition table partially beyond EOD, truncated [ 677.211777][T15527] loop8: p1 size 3651402975 extends beyond EOD, truncated [ 677.220460][T15527] loop8: p2 start 956478 is beyond EOD, truncated [ 677.230687][T23467] loop8: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2 [ 677.234029][T23467] loop8: partition table partially beyond EOD, truncated [ 677.237083][T23467] loop8: p1 size 3651402975 extends beyond EOD, truncated [ 677.241035][T23467] loop8: p2 start 956478 is beyond EOD, truncated [ 677.291274][T15527] udevd[15527]: inotify_add_watch(7, /dev/loop8p1, 10) failed: No such file or directory [ 677.310183][T15527] udevd[15527]: inotify_add_watch(7, /dev/loop8p1, 10) failed: No such file or directory [ 677.694120][T23487] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 678.256529][T23532] misc userio: Begin command sent, but we're already running [ 678.740046][T23553] netlink: 'syz.4.23486': attribute type 1 has an invalid length. [ 678.743647][T23553] netlink: 'syz.4.23486': attribute type 7 has an invalid length. [ 678.747227][T23553] netlink: 'syz.4.23486': attribute type 8 has an invalid length. [ 678.750705][T23553] netlink: 208 bytes leftover after parsing attributes in process `syz.4.23486'. [ 678.754999][T23553] NCSI netlink: No device for ifindex 65584 [ 678.762534][ T8951] kernel read not supported for file /dsp1 (pid: 8951 comm: kworker/0:4) [ 678.916268][T23563] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 678.987330][T23561] nbd0: detected capacity change from 0 to 549764202496 [ 679.020513][ T6200] block nbd0: Receive control failed (result -104) [ 679.727893][T23596] nbd1: detected capacity change from 0 to 127 [ 679.751105][ T6200] block nbd1: Receive control failed (result -104) [ 680.857444][T23674] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.23548'. [ 681.392753][T23708] netlink: 8 bytes leftover after parsing attributes in process `syz.4.23554'. [ 682.611342][T23763] loop6: detected capacity change from 0 to 7 [ 682.618435][ C1] blk_print_req_error: 45 callbacks suppressed [ 682.618455][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 682.630897][ C1] buffer_io_error: 45 callbacks suppressed [ 682.630915][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 682.638868][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 682.643270][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 682.648552][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 682.653418][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 682.657853][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 682.662450][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 682.666418][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 682.671000][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 682.674989][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 682.679618][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 682.685341][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 682.690278][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 682.694360][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 682.698427][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 682.701868][T23763] ldm_validate_partition_table(): Disk read failed. [ 682.702441][T23727] comedi comedi2: reset error (fatal) [ 682.707174][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 682.711579][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 682.715991][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 682.720035][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 682.724132][T23763] Dev loop6: unable to read RDB block 0 [ 682.727668][T23763] loop6: unable to read partition table [ 682.730393][T23763] loop6: partition table beyond EOD, truncated [ 682.734381][T23763] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 683.137240][T23778] netlink: 1143 bytes leftover after parsing attributes in process `syz.7.23587'. [ 683.320593][ T2151] block nbd1: Connection timed out, retrying (0/1 alive) [ 683.326210][ T2151] block nbd1: Connection timed out, retrying (0/1 alive) [ 683.330266][ T2151] block nbd1: Connection timed out, retrying (0/1 alive) [ 683.334962][ T2151] block nbd1: Connection timed out, retrying (0/1 alive) [ 683.339545][ T2151] block nbd1: Dead connection, failed to find a fallback [ 683.345269][ T2151] block nbd1: shutting down sockets [ 683.351236][T14928] ldm_validate_partition_table(): Disk read failed. [ 683.354599][T14928] Dev nbd1: unable to read RDB block 0 [ 683.357207][T14928] nbd1: unable to read partition table [ 683.363479][T14928] ldm_validate_partition_table(): Disk read failed. [ 683.375041][T14928] Dev nbd1: unable to read RDB block 0 [ 683.377351][T14928] nbd1: unable to read partition table [ 683.409056][T23793] netlink: 92 bytes leftover after parsing attributes in process `syz.0.23594'. [ 683.437550][T23796] netlink: 212368 bytes leftover after parsing attributes in process `syz.7.23595'. [ 683.516239][T23800] netlink: 4 bytes leftover after parsing attributes in process `syz.7.23597'. [ 684.442545][T23856] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 684.446791][T23856] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 684.451280][T23856] overlayfs: failed to get uuid (2042/file0, err=-13); falling back to uuid=null. [ 684.761035][T23868] bridge0: port 3(syz_tun) entered blocking state [ 684.764013][T23868] bridge0: port 3(syz_tun) entered disabled state [ 684.767104][T23868] syz_tun: entered allmulticast mode [ 684.771305][T23868] syz_tun: entered promiscuous mode [ 685.099810][T23897] netlink: 8 bytes leftover after parsing attributes in process `syz.8.23640'. [ 685.104630][T23897] netlink: 4 bytes leftover after parsing attributes in process `syz.8.23640'. [ 685.109637][T23897] netlink: 'syz.8.23640': attribute type 13 has an invalid length. [ 685.112969][T23897] netlink: 'syz.8.23640': attribute type 12 has an invalid length. [ 686.294702][T23978] macvtap1: entered promiscuous mode [ 686.297235][T23978] macvtap1: entered allmulticast mode [ 686.299784][T23978] mac80211_hwsim hwsim45 wlan0: entered allmulticast mode [ 686.302729][T23978] mac80211_hwsim hwsim45 wlan0: entered promiscuous mode [ 686.306730][T23978] team0: Device macvtap1 failed to register rx_handler [ 686.345570][T23978] mac80211_hwsim hwsim45 wlan0: left allmulticast mode [ 686.348813][T23978] mac80211_hwsim hwsim45 wlan0: left promiscuous mode [ 686.572949][T23988] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 686.575841][T23988] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 686.581321][T23988] vhci_hcd vhci_hcd.0: Device attached [ 686.847108][T23999] netlink: 4 bytes leftover after parsing attributes in process `syz.8.23689'. [ 686.853162][ T6201] usb 37-1: new low-speed USB device number 2 using vhci_hcd [ 686.863523][ T6138] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 687.048609][ T6138] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 687.054292][ T6138] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 687.060807][ T6138] usb 5-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 687.064800][ T6138] usb 5-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 687.070280][ T6138] usb 5-1: Manufacturer: syz [ 687.075540][ T6138] usb 5-1: config 0 descriptor?? [ 687.083603][T24010] input: syz1 as /devices/virtual/input/input67 [ 687.297482][T23989] usb 37-1: recv xbuf, 0 [ 687.299452][ T6138] usb 5-1: USB disconnect, device number 21 [ 687.303842][ T61] vhci_hcd vhci_hcd.0: stop threads [ 687.306181][ T61] vhci_hcd vhci_hcd.0: release socket [ 687.308800][ T61] vhci_hcd vhci_hcd.0: disconnect device [ 687.388063][ T6201] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 687.629270][T24016] input: syz0 as /devices/virtual/input/input68 [ 687.819545][T24025] bridge0: port 2(syz_tun) entered blocking state [ 687.824659][T24025] bridge0: port 2(syz_tun) entered disabled state [ 687.829196][T24025] syz_tun: entered allmulticast mode [ 687.834185][T24025] syz_tun: entered promiscuous mode [ 688.453099][ T6138] hid_parser_main: 12 callbacks suppressed [ 688.453117][ T6138] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 688.461902][ T6138] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 688.465433][ T6138] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 688.468599][ T6138] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 688.472880][ T6138] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 688.476131][ T6138] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 688.479481][ T6138] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 688.482863][ T6138] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 688.486067][ T6138] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 688.489261][ T6138] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 688.494921][ T6138] hid-generic 0000:0000:0000.000B: hidraw1: HID v0.00 Device [Zw[ba|\rn)A#6oү?aIs5hV3(; [ 688.494921][ T6138] ѝP$zɷX$w[SRezxuSrl[5l'ZCz2] on tDKY縣Ϫ򞿹,UOp{"ixA[ewÒ}ZXA [ 688.607529][T24050] fido_id[24050]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 688.993405][ T6201] usb 12-1: new high-speed USB device number 9 using dummy_hcd [ 689.175883][ T6201] usb 12-1: Using ep0 maxpacket: 8 [ 689.179652][ T6201] usb 12-1: config 179 has an invalid interface number: 65 but max is 0 [ 689.182875][ T6201] usb 12-1: config 179 has no interface number 0 [ 689.185361][ T6201] usb 12-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 689.190832][ T6201] usb 12-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 689.195196][ T6201] usb 12-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 689.200586][ T6201] usb 12-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 689.207572][ T6201] usb 12-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 689.217090][ T6201] usb 12-1: New USB device found, idVendor=12ab, idProduct=909d, bcdDevice=1e.eb [ 689.225606][ T6201] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 689.230700][T24073] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 689.233836][T24060] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 689.315322][T24075] netlink: 24 bytes leftover after parsing attributes in process `syz.0.23723'. [ 689.456680][T24081] overlay: ./file0 is not a directory [ 689.490404][ T6201] input: Generic X-Box pad as /devices/platform/dummy_hcd.7/usb12/12-1/12-1:179.65/input/input69 [ 689.696085][ T8951] usb 12-1: USB disconnect, device number 9 [ 689.696131][ C2] xpad 12-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 689.702452][ C2] dummy_hcd dummy_hcd.7: timer fired with no URBs pending? [ 689.840721][ T1020] kernel write not supported for file /ppp (pid: 1020 comm: kworker/0:2) [ 691.877796][T24193] netlink: 'syz.4.23774': attribute type 10 has an invalid length. [ 691.884149][T24193] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 691.889705][T24193] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 691.899928][T24193] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 691.926795][T24193] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 692.076430][ T6200] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 692.194655][T24193] bond0: (slave batadv0): Releasing backup interface [ 692.297606][T24199] tun0: tun_chr_ioctl cmd 1074025675 [ 692.300077][T24199] tun0: persist enabled [ 692.684890][T24212] loop8: detected capacity change from 0 to 8 [ 692.690111][T24212] Dev loop8: unable to read RDB block 8 [ 692.693072][T24212] loop8: unable to read partition table [ 692.696078][T24212] loop8: partition table beyond EOD, truncated [ 692.698751][T24212] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 692.949611][T24222] netlink: 4 bytes leftover after parsing attributes in process `syz.4.23787'. [ 696.080055][T24303] netlink: 28 bytes leftover after parsing attributes in process `syz.4.23824'. [ 696.400104][ T29] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 696.561730][ T29] usb 5-1: config 0 has no interfaces? [ 696.566250][ T29] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 696.570997][ T29] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 696.574488][ T29] usb 5-1: Product: syz [ 696.576470][ T29] usb 5-1: Manufacturer: syz [ 696.581821][ T29] usb 5-1: config 0 descriptor?? [ 696.810491][ T29] usb 5-1: USB disconnect, device number 22 [ 697.257443][T24334] netlink: 52 bytes leftover after parsing attributes in process `syz.7.23837'. [ 698.015452][T13097] kernel read not supported for file /dsp1 (pid: 13097 comm: kworker/1:5) [ 699.077418][T24377] syz.7.23855: page allocation failure: order:2, mode:0xcc1(GFP_KERNEL|GFP_DMA), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 699.083044][T24377] CPU: 3 UID: 0 PID: 24377 Comm: syz.7.23855 Tainted: G L syzkaller #0 PREEMPT(full) [ 699.083076][T24377] Tainted: [L]=SOFTLOCKUP [ 699.083083][T24377] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 699.083094][T24377] Call Trace: [ 699.083102][T24377] [ 699.083110][T24377] dump_stack_lvl+0x100/0x190 [ 699.083138][T24377] warn_alloc.cold+0x95/0x1c1 [ 699.083169][T24377] ? __pfx_warn_alloc+0x10/0x10 [ 699.083190][T24377] ? __mutex_unlock_slowpath+0x15c/0x790 [ 699.083233][T24377] __alloc_frozen_pages_noprof+0x1442/0x2410 [ 699.083267][T24377] ? lockdep_hardirqs_on+0x78/0x100 [ 699.083290][T24377] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 699.083312][T24377] ? stack_depot_save_flags+0x3f8/0x9c0 [ 699.083351][T24377] ? comedi_isadma_alloc+0x10c/0x6e0 [ 699.083374][T24377] ? pcl816_attach+0x8fb/0xb20 [ 699.083392][T24377] ? comedi_device_attach+0x3d2/0x660 [ 699.083409][T24377] ? do_devconfig_ioctl+0x1b3/0x6d0 [ 699.083429][T24377] ? comedi_unlocked_ioctl+0x44c/0x2e70 [ 699.083468][T24377] __alloc_pages_noprof+0xb/0x1b0 [ 699.083490][T24377] __dma_direct_alloc_pages.isra.0+0x47c/0x8f0 [ 699.083519][T24377] ? __pfx___dma_direct_alloc_pages.isra.0+0x10/0x10 [ 699.083543][T24377] ? dma_alloc_from_dev_coherent+0x2e0/0x570 [ 699.083570][T24377] dma_direct_alloc+0x8f/0x590 [ 699.083593][T24377] dma_alloc_attrs+0x185/0x2b0 [ 699.083620][T24377] ? __pfx_dma_alloc_attrs+0x10/0x10 [ 699.083647][T24377] ? dma_direct_supported+0xca/0x220 [ 699.083673][T24377] comedi_isadma_alloc+0x3dc/0x6e0 [ 699.083702][T24377] ? __pfx_comedi_isadma_alloc+0x10/0x10 [ 699.083729][T24377] ? request_threaded_irq+0x27b/0x3e0 [ 699.083756][T24377] pcl816_attach+0x8fb/0xb20 [ 699.083779][T24377] comedi_device_attach+0x3d2/0x660 [ 699.083805][T24377] do_devconfig_ioctl+0x1b3/0x6d0 [ 699.083827][T24377] ? comedi_unlocked_ioctl+0x163/0x2e70 [ 699.083855][T24377] ? __pfx_do_devconfig_ioctl+0x10/0x10 [ 699.083913][T24377] ? kasan_save_stack+0x3f/0x50 [ 699.083935][T24377] ? kasan_save_stack+0x30/0x50 [ 699.083955][T24377] ? kasan_save_track+0x14/0x30 [ 699.083976][T24377] ? kasan_save_free_info+0x3b/0x70 [ 699.083992][T24377] ? __kasan_slab_free+0x5f/0x80 [ 699.084014][T24377] ? kfree+0x1c7/0x690 [ 699.084030][T24377] ? tomoyo_path_number_perm+0x46d/0x580 [ 699.084056][T24377] ? security_file_ioctl_compat+0xd3/0x230 [ 699.084089][T24377] comedi_unlocked_ioctl+0x44c/0x2e70 [ 699.084125][T24377] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 699.084171][T24377] ? kasan_quarantine_put+0x104/0x240 [ 699.084193][T24377] ? lockdep_hardirqs_on+0x78/0x100 [ 699.084219][T24377] ? find_held_lock+0x2b/0x80 [ 699.084237][T24377] ? tomoyo_path_number_perm+0x28f/0x580 [ 699.084262][T24377] ? tomoyo_path_number_perm+0x28f/0x580 [ 699.084294][T24377] ? tomoyo_path_number_perm+0x188/0x580 [ 699.084326][T24377] comedi_compat_ioctl+0x438/0xe20 [ 699.084354][T24377] ? __pfx_comedi_compat_ioctl+0x10/0x10 [ 699.084382][T24377] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 699.084404][T24377] ? do_vfs_ioctl+0x226/0x13e0 [ 699.084434][T24377] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 699.084471][T24377] ? find_held_lock+0x2b/0x80 [ 699.084488][T24377] ? hook_file_ioctl_common+0x146/0x410 [ 699.084522][T24377] ? __fget_files+0x21f/0x3d0 [ 699.084549][T24377] ? __pfx_comedi_compat_ioctl+0x10/0x10 [ 699.084576][T24377] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 699.084598][T24377] __do_fast_syscall_32+0xde/0x660 [ 699.084623][T24377] do_fast_syscall_32+0x32/0x70 [ 699.084646][T24377] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 699.084669][T24377] RIP: 0023:0xf749d579 [ 699.084683][T24377] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 [ 699.084701][T24377] RSP: 002b:00000000f54c650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 699.084719][T24377] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040946400 [ 699.084731][T24377] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 699.084742][T24377] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 699.084752][T24377] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 699.084763][T24377] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 699.084789][T24377] [ 699.286925][T24377] Mem-Info: [ 699.289378][T24377] active_anon:502 inactive_anon:925 isolated_anon:0 [ 699.289378][T24377] active_file:1356 inactive_file:6037 isolated_file:0 [ 699.289378][T24377] unevictable:1768 dirty:352 writeback:0 [ 699.289378][T24377] slab_reclaimable:6760 slab_unreclaimable:67541 [ 699.289378][T24377] mapped:22182 shmem:1772 pagetables:2590 [ 699.289378][T24377] sec_pagetables:344 bounce:0 [ 699.289378][T24377] kernel_misc_reclaimable:0 [ 699.289378][T24377] free:74936 free_pcp:0 free_cma:0 [ 699.310728][T24377] Node 0 active_anon:92kB inactive_anon:1392kB active_file:1600kB inactive_file:3136kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:2352kB dirty:228kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:10396kB pagetables:1984kB sec_pagetables:1184kB all_unreclaimable? no Balloon:0kB [ 699.324970][T24377] Node 0 DMA free:2556kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:4kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:20kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 699.337558][T24377] lowmem_reserve[]: 0 288 288 288 288 [ 699.340211][T24377] Node 0 DMA: 21*4kB (U) 19*8kB (U) 7*16kB (U) 13*32kB (U) 2*64kB (U) 3*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 2556kB [ 699.348196][T24377] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 699.353489][T24377] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 699.358007][T24377] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 699.362094][T24377] Node 1 hugepages_total=4 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 699.366106][T24377] 10174 total pagecache pages [ 699.368110][T24377] 990 pages in swap cache [ 699.369990][T24377] Free swap = 73768kB [ 699.371799][T24377] Total swap = 124996kB [ 699.374911][T24377] 524155 pages RAM [ 699.376676][T24377] 0 pages HighMem/MovableOnly [ 699.378471][T24377] 209485 pages reserved [ 699.379904][T24377] 0 pages cma reserved [ 699.506926][T24398] netlink: 8 bytes leftover after parsing attributes in process `syz.0.23864'. [ 700.122930][ T6201] usb 12-1: new high-speed USB device number 10 using dummy_hcd [ 700.298890][ T6201] usb 12-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 700.303130][ T6201] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 700.307551][ T6201] usb 12-1: Product: syz [ 700.309514][ T6201] usb 12-1: Manufacturer: syz [ 700.311739][ T6201] usb 12-1: SerialNumber: syz [ 700.561957][ T6201] lan78xx 12-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 700.567086][ T6201] lan78xx 12-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71 [ 700.571529][ T6201] lan78xx 12-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 700.595121][ T6201] lan78xx 12-1:1.0: probe with driver lan78xx failed with error -71 [ 700.615123][ T6201] usb 12-1: USB disconnect, device number 10 [ 701.306508][T24472] netlink: 4 bytes leftover after parsing attributes in process `syz.7.23896'. [ 701.499987][ T40] kauditd_printk_skb: 10 callbacks suppressed [ 701.500005][ T40] audit: type=1326 audit(1175.702:25864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24480 comm="syz.4.23899" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f73598 code=0x7ffc0000 [ 701.512325][ T40] audit: type=1326 audit(1175.702:25865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24480 comm="syz.4.23899" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f73598 code=0x7ffc0000 [ 701.526879][ T40] audit: type=1326 audit(1175.702:25866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24480 comm="syz.4.23899" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f73598 code=0x7ffc0000 [ 701.537717][ T40] audit: type=1326 audit(1175.702:25867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24480 comm="syz.4.23899" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f73598 code=0x7ffc0000 [ 701.548632][ T40] audit: type=1326 audit(1175.702:25868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24480 comm="syz.4.23899" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f73598 code=0x7ffc0000 [ 701.560194][ T40] audit: type=1326 audit(1175.702:25869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24480 comm="syz.4.23899" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f73598 code=0x7ffc0000 [ 701.579817][ T40] audit: type=1326 audit(1175.702:25870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24480 comm="syz.4.23899" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f73598 code=0x7ffc0000 [ 701.594897][ T40] audit: type=1326 audit(1175.702:25871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24480 comm="syz.4.23899" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f73598 code=0x7ffc0000 [ 701.600823][T24487] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(3) [ 701.604451][ T40] audit: type=1326 audit(1175.702:25872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24480 comm="syz.4.23899" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f73598 code=0x7ffc0000 [ 701.606984][T24487] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 701.617125][ T40] audit: type=1326 audit(1175.702:25873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24480 comm="syz.4.23899" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f73598 code=0x7ffc0000 [ 701.624042][T24487] vhci_hcd vhci_hcd.0: Device attached [ 701.900272][ T29] usb 12-1: new high-speed USB device number 11 using dummy_hcd [ 701.902367][ T1020] usb 51-1: new high-speed USB device number 2 using vhci_hcd [ 702.069232][ T29] usb 12-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 702.080484][ T29] usb 12-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 702.103084][ T29] usb 12-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 702.114443][ T29] usb 12-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 702.117482][ T29] usb 12-1: Manufacturer: syz [ 702.125083][ T29] usb 12-1: config 0 descriptor?? [ 702.389362][ T29] usb 12-1: USB disconnect, device number 11 [ 702.393782][T24489] usb 51-1: recv xbuf, 0 [ 702.398650][ T61] vhci_hcd vhci_hcd.7: stop threads [ 702.400966][ T61] vhci_hcd vhci_hcd.7: release socket [ 702.405527][ T61] vhci_hcd vhci_hcd.7: disconnect device [ 702.477102][ T1020] vhci_hcd vhci_hcd.7: vhci_device speed not set [ 702.625195][T24531] netlink: 52 bytes leftover after parsing attributes in process `syz.0.23921'. [ 702.711560][T24533] : renamed from vlan0 [ 702.757316][T24533] tipc: Disabling bearer [ 702.918230][T24536] can0: slcan on ttyS3. [ 703.066477][T24536] can0 (unregistered): slcan off ttyS3. [ 703.754615][T24574] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.23941'. [ 703.790523][T24577] netlink: 'syz.7.23942': attribute type 2 has an invalid length. [ 706.729088][T24642] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 706.732268][T24642] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 706.739595][T24642] vhci_hcd vhci_hcd.0: Device attached [ 707.013842][ T5696] usb 45-1: new low-speed USB device number 3 using vhci_hcd [ 707.380382][ T6140] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 707.388352][ T6140] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 707.396158][ T6140] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 707.400247][ T6140] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 707.410388][ T6140] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 707.460354][T24661] ip6_vti0 speed is unknown, defaulting to 1000 [ 707.882835][T24686] can0: slcan on ttyS3. [ 708.022378][T24686] can0 (unregistered): slcan off ttyS3. [ 708.064575][T24661] chnl_net:caif_netlink_parms(): no params data found [ 708.306736][T24661] bridge0: port 1(bridge_slave_0) entered blocking state [ 708.309859][T24661] bridge0: port 1(bridge_slave_0) entered disabled state [ 708.312128][T24661] bridge_slave_0: entered allmulticast mode [ 708.315175][T24661] bridge_slave_0: entered promiscuous mode [ 708.319889][T24661] bridge0: port 2(bridge_slave_1) entered blocking state [ 708.324001][T24661] bridge0: port 2(bridge_slave_1) entered disabled state [ 708.327961][T24661] bridge_slave_1: entered allmulticast mode [ 708.335269][T24661] bridge_slave_1: entered promiscuous mode [ 708.367576][T24661] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 708.378045][T24661] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 708.410318][T24661] team0: Port device team_slave_0 added [ 708.415092][T24661] team0: Port device team_slave_1 added [ 708.436621][T24661] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 708.441077][T24661] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 708.452094][T24661] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 708.458671][T24661] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 708.462138][T24661] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 708.472773][T24661] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 708.509527][T24661] hsr_slave_0: entered promiscuous mode [ 708.514339][T24661] hsr_slave_1: entered promiscuous mode [ 708.518418][T24661] debugfs: 'hsr0' already exists in 'hsr' [ 708.521039][T24661] Cannot create hsr debugfs directory [ 708.700744][T24661] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 708.734243][T24661] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 708.783231][T24661] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 708.826704][T24661] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 708.902562][T24661] bridge0: port 2(bridge_slave_1) entered blocking state [ 708.907226][T24661] bridge0: port 2(bridge_slave_1) entered forwarding state [ 708.910866][T24661] bridge0: port 1(bridge_slave_0) entered blocking state [ 708.914088][T24661] bridge0: port 1(bridge_slave_0) entered forwarding state [ 708.991326][T24661] 8021q: adding VLAN 0 to HW filter on device bond0 [ 708.998896][T24720] netlink: 24 bytes leftover after parsing attributes in process `syz.0.23999'. [ 709.081747][ T5775] bridge0: port 1(bridge_slave_0) entered disabled state [ 709.113634][ T5775] bridge0: port 2(bridge_slave_1) entered disabled state [ 709.292183][T24728] netlink: 'syz.0.24003': attribute type 1 has an invalid length. [ 709.295687][T24728] netlink: 'syz.0.24003': attribute type 2 has an invalid length. [ 709.298764][T24728] netlink: 'syz.0.24003': attribute type 1 has an invalid length. [ 709.302299][T24728] netlink: 'syz.0.24003': attribute type 3 has an invalid length. [ 709.305967][T24728] netlink: 4 bytes leftover after parsing attributes in process `syz.0.24003'. [ 709.396992][T24661] 8021q: adding VLAN 0 to HW filter on device team0 [ 709.407396][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 709.411738][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 709.423524][ T5775] bridge0: port 2(bridge_slave_1) entered blocking state [ 709.426769][ T5775] bridge0: port 2(bridge_slave_1) entered forwarding state [ 709.637173][ T6140] Bluetooth: hci4: command tx timeout [ 709.661184][T24661] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 709.909760][T24661] veth0_vlan: entered promiscuous mode [ 709.924883][T24661] veth1_vlan: entered promiscuous mode [ 709.949849][T24643] vhci_hcd: connection reset by peer [ 709.952742][ T46] vhci_hcd vhci_hcd.4: stop threads [ 709.955049][ T46] vhci_hcd vhci_hcd.4: release socket [ 709.956695][T24661] veth0_macvtap: entered promiscuous mode [ 709.957502][ T46] vhci_hcd vhci_hcd.4: disconnect device [ 709.969014][T24661] veth1_macvtap: entered promiscuous mode [ 709.984410][T24661] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 709.995688][T24661] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 710.006029][ T61] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 710.061402][ T61] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 710.075238][ T61] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 710.121252][ T61] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 710.261967][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 710.265438][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 710.284701][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 710.288480][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 710.849728][T24784] loop6: detected capacity change from 0 to 7 [ 710.855560][ C3] blk_print_req_error: 159 callbacks suppressed [ 710.855580][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 710.862362][ C3] buffer_io_error: 159 callbacks suppressed [ 710.862381][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 710.870930][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 710.874877][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 710.878854][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 710.882774][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 710.885865][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 710.889703][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 710.893183][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 710.897374][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 710.901755][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 710.905252][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 710.908202][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 710.911783][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 710.915173][T14928] ldm_validate_partition_table(): Disk read failed. [ 710.917805][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 710.921619][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 710.925690][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 710.934608][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 710.939167][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 710.944433][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 710.950479][T14928] Dev loop6: unable to read RDB block 0 [ 710.955861][T14928] loop6: unable to read partition table [ 710.959840][T14928] loop6: partition table beyond EOD, truncated [ 710.971418][T24784] ldm_validate_partition_table(): Disk read failed. [ 710.984460][T24784] Dev loop6: unable to read RDB block 0 [ 710.988125][T24784] loop6: unable to read partition table [ 710.995470][T24784] loop6: partition table beyond EOD, truncated [ 710.998626][T24784] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 711.305644][ T2151] block nbd0: Possible stuck request ffff888026870000: control (read@0,4096B). Runtime 30 seconds [ 711.631136][T24800] netlink: 4 bytes leftover after parsing attributes in process `syz.9.24027'. [ 711.760192][T24811] Bluetooth: hci0: load_link_keys: expected 3 bytes, got 7 bytes [ 711.862185][ T6140] Bluetooth: hci4: command tx timeout [ 712.456213][T24836] netlink: 8 bytes leftover after parsing attributes in process `syz.4.24043'. [ 712.461031][T24836] netlink: 12 bytes leftover after parsing attributes in process `syz.4.24043'. [ 712.538647][ T5696] vhci_hcd vhci_hcd.4: vhci_device speed not set [ 712.784272][T24855] netlink: 8 bytes leftover after parsing attributes in process `syz.9.24052'. [ 712.788157][T24855] netlink: 56 bytes leftover after parsing attributes in process `syz.9.24052'. [ 712.810722][T24855] netlink: 8 bytes leftover after parsing attributes in process `syz.9.24052'. [ 712.878211][T24863] netlink: 758 bytes leftover after parsing attributes in process `syz.9.24056'. [ 713.053189][T24871] IPv6: NLM_F_CREATE should be specified when creating new route [ 713.703453][ T6287] kernel read not supported for file /dsp1 (pid: 6287 comm: kworker/1:3) [ 714.077248][ T6140] Bluetooth: hci4: command tx timeout [ 714.603151][T24940] netlink: 'syz.7.24091': attribute type 10 has an invalid length. [ 714.611728][T24940] team0: Port device dummy0 added [ 714.890345][ T40] kauditd_printk_skb: 90 callbacks suppressed [ 714.890364][ T40] audit: type=1326 audit(1188.214:25964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24912 comm="syz.9.24079" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x7fc00000 [ 715.231622][T24978] bond1: (slave bond0): Device is not bonding slave [ 715.236287][T24978] bond1: option active_slave: invalid value (bond0) [ 715.258391][T24978] bond1 (unregistering): Released all slaves [ 715.297748][T24979] : renamed from vlan0 [ 715.451125][ T40] audit: type=1326 audit(1188.747:25965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24990 comm="syz.7.24114" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf749d579 code=0x0 [ 715.803112][ T40] audit: type=1326 audit(1189.065:25966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25014 comm="syz.0.24125" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x0 [ 715.857280][T25017] netlink: 8 bytes leftover after parsing attributes in process `syz.4.24126'. [ 716.303891][ T6140] Bluetooth: hci4: command tx timeout [ 716.611464][T25043] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 716.874201][T25059] netlink: 164 bytes leftover after parsing attributes in process `syz.9.24146'. [ 716.991210][ T9129] kernel read not supported for file /bluetooth/6lowpan_control (pid: 9129 comm: kworker/0:5) [ 717.084164][T25071] input: syz0 as /devices/virtual/input/input73 [ 717.351185][T25095] netlink: 8 bytes leftover after parsing attributes in process `syz.0.24163'. [ 717.571597][ T8925] kernel write not supported for file /uinput (pid: 8925 comm: kworker/3:5) [ 718.754694][T25189] netlink: 8 bytes leftover after parsing attributes in process `syz.7.24209'. [ 718.845135][ T40] audit: type=1326 audit(1191.915:25967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25194 comm="syz.7.24211" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 718.853457][ T40] audit: type=1326 audit(1191.915:25968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25194 comm="syz.7.24211" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 718.861999][ T40] audit: type=1326 audit(1191.915:25969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25194 comm="syz.7.24211" exe="/syz-executor" sig=0 arch=40000003 syscall=298 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 718.871427][ T40] audit: type=1326 audit(1191.915:25970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25194 comm="syz.7.24211" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 718.880298][ T40] audit: type=1326 audit(1191.915:25971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25194 comm="syz.7.24211" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 720.496499][T25269] netlink: 4 bytes leftover after parsing attributes in process `syz.4.24243'. [ 720.503399][T25269] netlink: 4 bytes leftover after parsing attributes in process `syz.4.24243'. [ 720.630533][T25281] loop7: detected capacity change from 0 to 7 [ 720.634594][ C1] blk_print_req_error: 26 callbacks suppressed [ 720.634612][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 720.641746][ C1] buffer_io_error: 25 callbacks suppressed [ 720.641763][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 720.647956][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 720.652593][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 720.657927][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 720.661955][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 720.665773][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 720.670557][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 720.674718][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 720.679163][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 720.682776][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 720.686828][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 720.724159][T25284] support for cryptoloop has been removed. Use dm-crypt instead. [ 720.738648][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 720.745677][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 720.749278][T14928] ldm_validate_partition_table(): Disk read failed. [ 720.754388][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 720.758195][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 720.764121][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 720.767889][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 720.771406][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 720.776545][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 720.780388][T14928] Dev loop7: unable to read RDB block 0 [ 720.783652][T14928] loop7: unable to read partition table [ 720.786403][T14928] loop7: partition table beyond EOD, truncated [ 720.798580][T25281] ldm_validate_partition_table(): Disk read failed. [ 720.802278][T25281] Dev loop7: unable to read RDB block 0 [ 720.805260][T25281] loop7: unable to read partition table [ 720.807895][T25281] loop7: partition table beyond EOD, truncated [ 720.812792][T25281] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 720.908973][T25289] binder: BINDER_SET_CONTEXT_MGR already set [ 720.913621][T25289] binder: 25288:25289 ioctl 4018620d 80000040 returned -16 [ 721.678083][T25343] bond0: entered promiscuous mode [ 721.679993][T25343] bond_slave_0: entered promiscuous mode [ 721.686719][T25343] bond_slave_1: entered promiscuous mode [ 721.689940][T25343] bond2: entered promiscuous mode [ 721.693294][T25343] bond0: left promiscuous mode [ 721.695479][T25343] bond_slave_0: left promiscuous mode [ 721.698525][T25343] bond_slave_1: left promiscuous mode [ 721.701029][T25343] bond2: left promiscuous mode [ 722.109038][T25364] netlink: 'syz.0.24288': attribute type 10 has an invalid length. [ 722.136057][T25364] bond0: (slave dummy0): Releasing backup interface [ 722.138902][T25364] bond0: (slave dummy0): the permanent HWaddr of slave - aa:aa:aa:aa:aa:24 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 722.200649][T25364] team0: Device dummy0 is of different type [ 722.575503][T25395] netlink: 'syz.4.24302': attribute type 10 has an invalid length. [ 722.583088][T25395] team0: Port device dummy0 added [ 722.902116][T25415] netlink: 8 bytes leftover after parsing attributes in process `syz.4.24311'. [ 723.072258][T25427] netlink: 4 bytes leftover after parsing attributes in process `syz.4.24316'. [ 723.507256][T25452] netlink: 'syz.9.24328': attribute type 1 has an invalid length. [ 723.834803][T25462] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 723.938528][T25466] raw_sendmsg: syz.9.24335 forgot to set AF_INET. Fix it! [ 724.422449][T25490] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 724.422921][T25491] netlink: 12 bytes leftover after parsing attributes in process `syz.9.24346'. [ 724.428002][T25490] overlayfs: NFS export requires an index dir, falling back to nfs_export=off. [ 724.597098][T25497] macvlan0: entered promiscuous mode [ 724.599333][T25497] netlink: 'syz.7.24350': attribute type 1 has an invalid length. [ 724.611867][T25497] netlink: 'syz.7.24350': attribute type 2 has an invalid length. [ 725.510337][T25537] netlink: 24 bytes leftover after parsing attributes in process `syz.9.24369'. [ 725.562217][T25539] netlink: 4 bytes leftover after parsing attributes in process `syz.9.24370'. [ 726.545183][T25596] binder: 25595:25596 ioctl 4018620d 0 returned -22 [ 728.465874][T25662] netlink: 4 bytes leftover after parsing attributes in process `syz.9.24429'. [ 728.614929][T25672] input: syz0 as /devices/virtual/input/input74 [ 729.209364][T25695] bond14: (slave bond0): Device is not bonding slave [ 729.212923][T25695] bond14: option active_slave: invalid value (bond0) [ 729.366520][T25695] bond14 (unregistering): Released all slaves [ 730.193401][ T40] audit: type=1326 audit(1202.522:25972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25724 comm="syz.0.24458" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 730.206719][ T40] audit: type=1326 audit(1202.522:25973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25724 comm="syz.0.24458" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 730.215947][ T40] audit: type=1326 audit(1202.522:25974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25724 comm="syz.0.24458" exe="/syz-executor" sig=0 arch=40000003 syscall=242 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 730.226590][ T40] audit: type=1326 audit(1202.522:25975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25724 comm="syz.0.24458" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 732.191845][T25832] netlink: 28 bytes leftover after parsing attributes in process `syz.0.24508'. [ 732.195703][T25832] netlink: 32 bytes leftover after parsing attributes in process `syz.0.24508'. [ 732.199496][T25832] netlink: 28 bytes leftover after parsing attributes in process `syz.0.24508'. [ 732.203627][T25832] netlink: 32 bytes leftover after parsing attributes in process `syz.0.24508'. [ 734.291123][ T9129] usb 12-1: new high-speed USB device number 12 using dummy_hcd [ 734.456718][ T9129] usb 12-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 734.460596][ T9129] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 734.464111][ T9129] usb 12-1: Product: syz [ 734.465780][ T9129] usb 12-1: Manufacturer: syz [ 734.467572][ T9129] usb 12-1: SerialNumber: syz [ 734.478025][ T9129] usb 12-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 734.527196][ T9129] usb 12-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 735.343631][T25948] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 735.348907][T25948] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 735.660934][ T9129] ath9k_htc 12-1:1.0: ath9k_htc: Target is unresponsive [ 735.667325][ T9129] ath9k_htc: Failed to initialize the device [ 735.702214][ T9129] usb 12-1: ath9k_htc: USB layer deinitialized [ 735.722519][ T8951] usb 12-1: USB disconnect, device number 12 [ 735.957926][T25975] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 737.649841][T26041] loop5: detected capacity change from 0 to 7 [ 737.659565][ C1] blk_print_req_error: 25 callbacks suppressed [ 737.659582][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x880700 phys_seg 1 prio class 2 [ 737.667144][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 737.671082][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 737.675194][ C0] buffer_io_error: 25 callbacks suppressed [ 737.675209][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 737.682175][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 737.686254][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 737.690310][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 737.694657][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 737.700198][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 737.704929][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 737.709148][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 737.713206][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 738.081412][T26063] loop5: detected capacity change from 0 to 7 [ 738.088725][ C3] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 738.093313][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 738.097463][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 738.101630][ C2] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 738.105719][ C2] Buffer I/O error on dev loop5, logical block 0, async page read [ 738.110248][ C2] Buffer I/O error on dev loop5, logical block 0, async page read [ 738.123521][ C3] Buffer I/O error on dev loop5, logical block 0, async page read [ 738.129123][ C3] Buffer I/O error on dev loop5, logical block 0, async page read [ 739.417100][ T6200] Bluetooth: hci4: command 0x0405 tx timeout [ 740.347751][ T8951] usb 14-1: new high-speed USB device number 2 using dummy_hcd [ 740.529672][ T8951] usb 14-1: Using ep0 maxpacket: 8 [ 740.534071][ T8951] usb 14-1: config index 0 descriptor too short (expected 301, got 45) [ 740.537589][ T8951] usb 14-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 740.542113][ T8951] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 740.546392][ T8951] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 740.550635][ T8951] usb 14-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 740.556289][ T8951] usb 14-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 740.559965][ T8951] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 740.797889][ T8951] usb 14-1: GET_CAPABILITIES returned 0 [ 740.800270][ T8951] usbtmc 14-1:16.0: can't read capabilities [ 741.019557][ T8951] usb 14-1: USB disconnect, device number 2 [ 741.155653][ T40] audit: type=1326 audit(1212.764:25976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26144 comm="syz.7.24650" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf749d579 code=0x0 [ 741.763036][T26151] block nbd2: server does not support multiple connections per device. [ 741.766864][T26151] block nbd2: shutting down sockets [ 742.281497][T26170] netdevsim netdevsim9 netdevsim0: entered promiscuous mode [ 742.736790][T26193] vivid-007: disconnect [ 742.739269][T26193] vivid-007: reconnect [ 743.200077][T26207] netlink: 4 bytes leftover after parsing attributes in process `syz.9.24676'. [ 743.483020][ T2151] block nbd0: Possible stuck request ffff888026870000: control (read@0,4096B). Runtime 60 seconds [ 743.837059][ T5696] usb 14-1: new high-speed USB device number 3 using dummy_hcd [ 743.998647][ T5696] usb 14-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 744.002523][ T5696] usb 14-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 744.006469][ T5696] usb 14-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 744.016507][ T5696] usb 14-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 744.021608][ T5696] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 744.025212][ T5696] usb 14-1: Product: syz [ 744.026996][ T5696] usb 14-1: Manufacturer: syz [ 744.030035][ T5696] usb 14-1: SerialNumber: syz [ 744.259800][ T5696] usblp 14-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 744.483905][ T5696] usb 14-1: USB disconnect, device number 3 [ 744.488230][ T5696] usblp0: removed [ 745.280718][ T8925] kernel read not supported for file /adsp1 (pid: 8925 comm: kworker/3:5) [ 745.845836][T26265] pimreg: entered allmulticast mode [ 746.742046][T26303] netem: incorrect ge model size [ 746.745652][T26303] netem: change failed [ 747.720404][T26317] netlink: 'syz.9.24727': attribute type 7 has an invalid length. [ 747.729871][ T46] netdevsim netdevsim9 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 747.734066][ T46] netdevsim netdevsim9 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 747.737727][ T46] netdevsim netdevsim9 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 747.740731][ T46] netdevsim netdevsim9 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 747.816332][T26321] overlayfs: upper fs does not support file handles, falling back to index=off. [ 747.821699][T26321] overlayfs: NFS export requires "index=on", falling back to nfs_export=off. [ 748.037465][T26329] netlink: 8 bytes leftover after parsing attributes in process `syz.9.24733'. [ 748.055090][T26331] netlink: 12 bytes leftover after parsing attributes in process `syz.7.24734'. [ 748.159131][T26339] input: syz0 as /devices/virtual/input/input75 [ 748.328433][T26343] netlink: 32 bytes leftover after parsing attributes in process `syz.9.24740'. [ 748.975516][T26368] trusted_key: encrypted_key: keyword 'load' not allowed when called from .update method [ 749.029655][T26370] netlink: 'syz.7.24752': attribute type 6 has an invalid length. [ 749.038209][T26370] netlink: 'syz.7.24752': attribute type 6 has an invalid length. [ 749.560443][ T6200] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 749.572501][ T6200] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 749.578803][ T6200] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 749.588255][ T6200] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 749.592042][ T6200] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 749.666527][T26378] ip6_vti0 speed is unknown, defaulting to 1000 [ 750.081948][T26378] chnl_net:caif_netlink_parms(): no params data found [ 750.168924][T26378] bridge0: port 1(bridge_slave_0) entered blocking state [ 750.173243][T26378] bridge0: port 1(bridge_slave_0) entered disabled state [ 750.177787][T26378] bridge_slave_0: entered allmulticast mode [ 750.189557][T26378] bridge_slave_0: entered promiscuous mode [ 750.195157][T26378] bridge0: port 2(bridge_slave_1) entered blocking state [ 750.198999][T26378] bridge0: port 2(bridge_slave_1) entered disabled state [ 750.202249][T26378] bridge_slave_1: entered allmulticast mode [ 750.202942][ T8951] usb 12-1: new full-speed USB device number 13 using dummy_hcd [ 750.206463][T26378] bridge_slave_1: entered promiscuous mode [ 750.237717][T26378] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 750.244579][T26378] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 750.272797][T26378] team0: Port device team_slave_0 added [ 750.277960][T26378] team0: Port device team_slave_1 added [ 750.301339][T26378] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 750.304336][T26378] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 750.316502][T26378] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 750.326253][T26378] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 750.329398][T26378] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 750.340909][T26378] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 750.366587][ T8951] usb 12-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 750.373284][ T8951] usb 12-1: config 0 interface 0 has no altsetting 0 [ 750.379245][ T8951] usb 12-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 750.383173][ T8951] usb 12-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 750.387303][ T8951] usb 12-1: Product: syz [ 750.389158][ T8951] usb 12-1: Manufacturer: syz [ 750.391205][ T8951] usb 12-1: SerialNumber: syz [ 750.394043][T26378] hsr_slave_0: entered promiscuous mode [ 750.397730][ T8951] usb 12-1: config 0 descriptor?? [ 750.397986][T26378] hsr_slave_1: entered promiscuous mode [ 750.404431][T26378] debugfs: 'hsr0' already exists in 'hsr' [ 750.406803][ T8951] usb 12-1: selecting invalid altsetting 0 [ 750.407117][T26378] Cannot create hsr debugfs directory [ 750.414393][T26413] netlink: 'syz.9.24769': attribute type 4 has an invalid length. [ 750.633855][ T6287] usb 12-1: USB disconnect, device number 13 [ 750.817737][T26429] netlink: 4 bytes leftover after parsing attributes in process `syz.4.24775'. [ 751.362188][T26455] IPVS: rr: FWM 3 0x00000003 - no destination available [ 751.370174][ T6287] IPVS: starting estimator thread 0... [ 751.476812][T26456] IPVS: using max 23 ests per chain, 55200 per kthread [ 751.840345][ T6140] Bluetooth: hci3: command tx timeout [ 752.494025][T26497] netlink: 8 bytes leftover after parsing attributes in process `syz.7.24801'. [ 752.692707][T26378] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 752.774137][T26378] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 752.826956][T26378] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 752.875870][T26378] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 753.054267][T26378] 8021q: adding VLAN 0 to HW filter on device bond0 [ 753.072208][T26378] 8021q: adding VLAN 0 to HW filter on device team0 [ 753.080336][ T1153] bridge0: port 1(bridge_slave_0) entered blocking state [ 753.084639][ T1153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 753.115379][ T5775] bridge0: port 2(bridge_slave_1) entered blocking state [ 753.118635][ T5775] bridge0: port 2(bridge_slave_1) entered forwarding state [ 753.490926][T26378] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 753.555197][T26378] veth0_vlan: entered promiscuous mode [ 753.575726][T26378] veth1_vlan: entered promiscuous mode [ 753.618529][T26378] veth0_macvtap: entered promiscuous mode [ 753.624250][T26378] veth1_macvtap: entered promiscuous mode [ 753.662917][T26378] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 753.683134][T26378] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 753.706081][ T1153] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 753.714102][ T1153] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 753.722338][ T1153] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 753.734573][ T1153] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 753.959465][ T74] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 753.963012][ T74] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 753.987426][T26573] sctp: [Deprecated]: syz.7.24817 (pid 26573) Use of int in maxseg socket option. [ 753.987426][T26573] Use struct sctp_assoc_value instead [ 754.008877][ T1153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 754.013558][ T1153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 754.055427][ T6140] Bluetooth: hci3: command tx timeout [ 754.205042][T26588] tipc: Started in network mode [ 754.207299][T26588] tipc: Node identity ac14140f, cluster identity 4711 [ 754.214981][T26588] tipc: New replicast peer: 255.255.255.255 [ 754.219566][T26588] tipc: Enabled bearer , priority 10 [ 754.263371][T26595] CUSE: info not properly terminated [ 754.935449][T26635] tipc: Started in network mode [ 754.938180][T26635] tipc: Node identity ac14140f, cluster identity 4711 [ 754.941508][T26635] tipc: New replicast peer: 255.255.255.255 [ 754.945378][T26635] tipc: Enabled bearer , priority 10 [ 755.743983][T26657] netlink: 48 bytes leftover after parsing attributes in process `syz.7.24845'. [ 755.750576][T26657] netlink: 48 bytes leftover after parsing attributes in process `syz.7.24845'. [ 755.758742][ T9] tipc: Node number set to 2886997007 [ 755.783429][T26645] mkiss: ax0: crc mode is auto. [ 756.142571][ T5696] tipc: Node number set to 2886997007 [ 756.156060][T26676] kernel read not supported for file /eth0 (pid: 26676 comm: syz.9.24855) [ 756.161835][ T40] audit: type=1800 audit(1226.782:25977): pid=26676 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.9.24855" name="eth0" dev="mqueue" ino=226498 res=0 errno=0 [ 756.291685][ T6140] Bluetooth: hci3: command tx timeout [ 756.700442][ T1020] kernel read not supported for file /dsp (pid: 1020 comm: kworker/0:2) [ 756.820538][T26699] netlink: 8 bytes leftover after parsing attributes in process `syz.4.24864'. [ 756.824476][T26699] netlink: 'syz.4.24864': attribute type 21 has an invalid length. [ 757.247009][ T5696] kernel write not supported for file /uhid (pid: 5696 comm: kworker/1:4) [ 757.811570][T26743] netlink: 8 bytes leftover after parsing attributes in process `syz.2.24885'. [ 758.251985][T26753] sp0: Synchronizing with TNC [ 758.507099][ T6140] Bluetooth: hci3: command tx timeout [ 758.524829][T26763] bridge_slave_0: invalid flags given to default FDB implementation [ 758.731257][T26781] netlink: 'syz.7.24902': attribute type 1 has an invalid length. [ 758.734517][T26781] netlink: 'syz.7.24902': attribute type 7 has an invalid length. [ 758.737759][T26781] netlink: 'syz.7.24902': attribute type 8 has an invalid length. [ 758.743985][T26781] netlink: 208 bytes leftover after parsing attributes in process `syz.7.24902'. [ 759.446755][T26834] netlink: 4 bytes leftover after parsing attributes in process `syz.9.24928'. [ 759.454599][T26834] netlink: 72 bytes leftover after parsing attributes in process `syz.9.24928'. [ 760.655196][T26895] overlayfs: workdir and upperdir must reside under the same mount [ 760.660973][T26897] netlink: 36 bytes leftover after parsing attributes in process `syz.4.24957'. [ 761.129264][T26920] netlink: 4 bytes leftover after parsing attributes in process `syz.9.24967'. [ 761.507837][T26931] netlink: zone id is out of range [ 762.279632][T26960] netlink: 4 bytes leftover after parsing attributes in process `syz.4.24986'. [ 762.299090][T26960] netlink: 4 bytes leftover after parsing attributes in process `syz.4.24986'. [ 762.499255][T26971] bridge0: port 3(syz_tun) entered blocking state [ 762.502333][T26971] bridge0: port 3(syz_tun) entered disabled state [ 762.505582][T26971] syz_tun: entered allmulticast mode [ 762.509862][T26971] syz_tun: entered promiscuous mode [ 762.515358][T26971] bridge0: port 3(syz_tun) entered blocking state [ 762.518855][T26971] bridge0: port 3(syz_tun) entered forwarding state [ 762.766563][ T40] audit: type=1326 audit(1232.969:25978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26982 comm="syz.9.24998" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fa3579 code=0x0 [ 762.799708][T26985] netlink: 32 bytes leftover after parsing attributes in process `syz.4.24996'. [ 762.884484][T26995] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 762.911664][T26997] o2cb: This node has not been configured. [ 762.915118][T26997] o2cb: Cluster check failed. Fix errors before retrying. [ 762.919771][T26997] (syz.2.25003,26997,3):user_dlm_register:674 ERROR: status = -22 [ 762.923486][T26997] (syz.2.25003,26997,3):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "file0" [ 763.189838][T27013] input: syz0 as /devices/virtual/input/input76 [ 763.367210][T27023] netlink: 'syz.7.25015': attribute type 9 has an invalid length. [ 763.370841][T27023] netlink: 212368 bytes leftover after parsing attributes in process `syz.7.25015'. [ 765.247653][T27100] netlink: 'syz.2.25050': attribute type 2 has an invalid length. [ 765.480737][T27113] batman_adv: batadv0: Adding interface: ipvlan2 [ 765.485154][T27113] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 765.499656][T27113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 765.505780][T27113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.517019][T27113] batman_adv: batadv0: Interface activated: ipvlan2 [ 765.890609][T27133] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.25065'. [ 766.398038][T27159] netlink: 27 bytes leftover after parsing attributes in process `syz.7.25077'. [ 766.505980][T13576] kernel write not supported for file /sg0 (pid: 13576 comm: kworker/2:4) [ 767.089178][T27196] kvm: apic: phys broadcast and lowest prio [ 767.770764][ T40] audit: type=1326 audit(1237.632:25979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27213 comm="syz.9.25100" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x7ffc0000 [ 767.782859][ T40] audit: type=1326 audit(1237.632:25980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27213 comm="syz.9.25100" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x7ffc0000 [ 767.791996][ T40] audit: type=1326 audit(1237.632:25981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27213 comm="syz.9.25100" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fa3598 code=0x7ffc0000 [ 767.828380][ T40] audit: type=1326 audit(1237.632:25982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27213 comm="syz.9.25100" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x7ffc0000 [ 767.839323][ T40] audit: type=1326 audit(1237.632:25983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27213 comm="syz.9.25100" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fa3598 code=0x7ffc0000 [ 767.850180][ T40] audit: type=1326 audit(1237.632:25984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27213 comm="syz.9.25100" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x7ffc0000 [ 767.861815][ T40] audit: type=1326 audit(1237.632:25985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27213 comm="syz.9.25100" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fa3598 code=0x7ffc0000 [ 767.871421][ T40] audit: type=1326 audit(1237.632:25986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27213 comm="syz.9.25100" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x7ffc0000 [ 767.879003][ T40] audit: type=1326 audit(1237.632:25987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27213 comm="syz.9.25100" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fa3598 code=0x7ffc0000 [ 767.917415][T27218] netlink: 212340 bytes leftover after parsing attributes in process `syz.4.25102'. [ 767.922564][T27218] openvswitch: netlink: Port 167772160 exceeds max allowable 65535 [ 769.007671][T27273] ip6_vti0 speed is unknown, defaulting to 1000 [ 769.981921][T27308] netlink: 12 bytes leftover after parsing attributes in process `syz.4.25139'. [ 771.145246][T27362] autofs4:pid:27362:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(2097154.2097155), cmd(0xc0189379) [ 771.161501][T27362] autofs4:pid:27362:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189379) [ 771.515442][T27379] debugfs: 'ttyS3' already exists in 'caif_serial' [ 771.716827][T27389] netlink: 16 bytes leftover after parsing attributes in process `syz.9.25174'. [ 771.728820][ T1145] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 771.732722][ T1145] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 771.758059][ T8951] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 771.881579][ T8951] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 772.549661][T14398] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 772.722451][T27427] netlink: 4 bytes leftover after parsing attributes in process `syz.2.25186'. [ 772.729234][T27427] netlink: 4 bytes leftover after parsing attributes in process `syz.2.25186'. [ 772.766060][T27430] netlink: 4 bytes leftover after parsing attributes in process `syz.9.25187'. [ 772.973226][T27438] ref_ctr_offset mismatch. inode: 0x6f9 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x30656c69662f2e [ 773.649197][T27480] netlink: 12 bytes leftover after parsing attributes in process `syz.2.25211'. [ 773.766328][T27486] misc userio: Can't change port type on an already running userio instance [ 773.925345][ T6200] Bluetooth: hci3: command 0x0405 tx timeout [ 775.565224][T27527] vxcan0: tx address claim with dest, not broadcast [ 775.680094][ T2151] block nbd0: Possible stuck request ffff888026870000: control (read@0,4096B). Runtime 90 seconds [ 775.713986][T27539] loop5: detected capacity change from 0 to 7 [ 775.863922][T27543] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 775.900798][ C1] blk_print_req_error: 3 callbacks suppressed [ 775.900818][ C1] invalid error, dev loop5, sector 0 op 0x1:(WRITE) flags 0x800800 phys_seg 1 prio class 2 [ 775.907487][ C1] Buffer I/O error on dev loop5, logical block 0, lost async page write [ 776.054578][T27555] netlink: 8 bytes leftover after parsing attributes in process `syz.9.25247'. [ 776.218047][T27567] binder: 27566:27567 ioctl c0306201 0 returned -14 [ 776.322278][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 776.870617][ T40] kauditd_printk_skb: 73 callbacks suppressed [ 776.870637][ T40] audit: type=1800 audit(1246.146:26061): pid=27613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.25274" name="file0" dev="9p" ino=77856833 res=0 errno=0 [ 777.240509][T27634] input: syz0 as /devices/virtual/input/input78 [ 777.609275][T27651] netlink: 12 bytes leftover after parsing attributes in process `syz.2.25291'. [ 777.827166][T27664] tmpfs: Cannot retroactively limit size [ 778.173697][T27683] netlink: 12 bytes leftover after parsing attributes in process `syz.4.25306'. [ 778.402478][T27696] pim6reg: entered allmulticast mode [ 778.411585][T27696] team0: entered allmulticast mode [ 778.413929][T27696] team_slave_0: entered allmulticast mode [ 778.416826][T27696] team_slave_1: entered allmulticast mode [ 778.420893][T27696] dummy0: entered allmulticast mode [ 779.312357][ T40] audit: type=1326 audit(1248.427:26062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27753 comm="syz.2.25338" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7ff3579 code=0x0 [ 779.329269][ T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 779.599769][ T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 780.675036][ T6287] kernel write not supported for file [eventfd] (pid: 6287 comm: kworker/1:3) [ 780.877544][T27801] netlink: 64 bytes leftover after parsing attributes in process `syz.2.25354'. [ 780.892994][T27801] vlan2: entered promiscuous mode [ 780.895333][T27801] bond0: entered promiscuous mode [ 780.897662][T27801] bond_slave_0: entered promiscuous mode [ 780.900442][T27801] bond_slave_1: entered promiscuous mode [ 781.776872][T27850] sctp: [Deprecated]: syz.9.25374 (pid 27850) Use of struct sctp_assoc_value in delayed_ack socket option. [ 781.776872][T27850] Use struct sctp_sack_info instead [ 782.416397][T27876] kvm: kvm [27875]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0x7ff [ 782.584891][T27884] loop7: detected capacity change from 0 to 7 [ 782.588075][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 782.593696][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 782.597650][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 782.610722][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 782.614368][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 782.618349][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 782.621997][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 782.626555][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 782.642920][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 782.646613][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 782.650963][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 782.654947][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 782.688518][T27886] support for the xor transformation has been removed. [ 782.692157][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 782.696517][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 782.700555][T27884] ldm_validate_partition_table(): Disk read failed. [ 782.705428][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 782.709796][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 782.716758][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 782.719944][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 782.724188][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 782.728328][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 782.733067][T27884] Dev loop7: unable to read RDB block 0 [ 782.749239][T27884] loop7: unable to read partition table [ 782.754485][T27884] loop7: partition table beyond EOD, truncated [ 782.757299][T27884] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 782.785295][ T5345] ldm_validate_partition_table(): Disk read failed. [ 782.788747][ T5345] Dev loop7: unable to read RDB block 0 [ 782.792224][ T5345] loop7: unable to read partition table [ 782.794157][ T5345] loop7: partition table beyond EOD, truncated [ 782.842779][T27890] netlink: 27 bytes leftover after parsing attributes in process `syz.9.25390'. [ 784.294972][T27862] syz.9.25378 (27862) used greatest stack depth: 18648 bytes left [ 784.836431][ T40] audit: type=1326 audit(1253.576:26063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27944 comm="syz.2.25415" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff3579 code=0x7ffc0000 [ 784.854429][ T40] audit: type=1326 audit(1253.576:26064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27944 comm="syz.2.25415" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff3579 code=0x7ffc0000 [ 784.863514][ T40] audit: type=1326 audit(1253.576:26065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27944 comm="syz.2.25415" exe="/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf7ff3579 code=0x7ffc0000 [ 784.872323][ T40] audit: type=1326 audit(1253.576:26066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27944 comm="syz.2.25415" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7ff3579 code=0x7ffc0000 [ 784.880693][ T40] audit: type=1326 audit(1253.576:26067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27944 comm="syz.2.25415" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7ff3579 code=0x7ffc0000 [ 784.889401][ T40] audit: type=1326 audit(1253.576:26068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27944 comm="syz.2.25415" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff3579 code=0x7ffc0000 [ 784.901680][ T40] audit: type=1326 audit(1253.576:26069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27944 comm="syz.2.25415" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff3579 code=0x7ffc0000 [ 784.910575][ T40] audit: type=1326 audit(1253.586:26070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27944 comm="syz.2.25415" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf71f572b code=0x7ffc0000 [ 784.923163][ T40] audit: type=1326 audit(1253.586:26071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27944 comm="syz.2.25415" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff3579 code=0x7ffc0000 [ 784.931299][ T40] audit: type=1326 audit(1253.586:26072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27944 comm="syz.2.25415" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff3579 code=0x7ffc0000 [ 785.213687][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 785.473098][T27974] netlink: 16 bytes leftover after parsing attributes in process `syz.4.25429'. [ 786.425366][T28013] netlink: 4 bytes leftover after parsing attributes in process `syz.9.25448'. [ 786.500847][T28017] netlink: 28 bytes leftover after parsing attributes in process `syz.7.25449'. [ 786.564912][T28021] input: syz1 as /devices/virtual/input/input79 [ 787.455747][T28029] : renamed from vlan0 [ 788.524380][T28068] af_packet: tpacket_rcv: packet too big, clamped from 145 to 4294967272. macoff=96 [ 788.774939][T28079] netlink: 20 bytes leftover after parsing attributes in process `syz.2.25477'. [ 788.831575][T28085] netlink: 4 bytes leftover after parsing attributes in process `syz.9.25480'. [ 789.122001][T28091] Falling back ldisc for ttyS3. [ 789.216566][T28105] loop7: detected capacity change from 0 to 7 [ 789.220844][ C0] blk_print_req_error: 25 callbacks suppressed [ 789.220862][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 789.228093][ C0] buffer_io_error: 25 callbacks suppressed [ 789.228110][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 789.234286][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 789.238572][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 789.243693][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 789.247474][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 789.251029][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 789.255007][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 789.259407][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 789.263172][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 789.267622][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 789.271922][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 789.276075][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 789.280259][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 789.283581][T14928] ldm_validate_partition_table(): Disk read failed. [ 789.315123][T28107] support for the xor transformation has been removed. [ 789.318492][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 789.324717][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 789.333454][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 789.337903][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 789.344137][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 789.348738][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 789.353013][T14928] Dev loop7: unable to read RDB block 0 [ 789.358376][T14928] loop7: unable to read partition table [ 789.360892][T14928] loop7: partition table beyond EOD, truncated [ 789.367612][T28105] ldm_validate_partition_table(): Disk read failed. [ 789.371036][T28105] Dev loop7: unable to read RDB block 0 [ 789.373954][T28105] loop7: unable to read partition table [ 789.376415][T28105] loop7: partition table beyond EOD, truncated [ 789.378819][T28105] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 789.642554][T28130] netlink: 8 bytes leftover after parsing attributes in process `syz.7.25496'. [ 789.734081][T28134] ref_ctr_offset mismatch. inode: 0x122d offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x30656c69662f2e [ 789.913431][T28150] misc userio: Can't change port type on an already running userio instance [ 791.328192][T28182] vxcan0: tx address claim with dest, not broadcast [ 791.909651][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 791.909669][ T40] audit: type=1800 audit(1260.193:26076): pid=28217 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.25538" name="nullb0" dev="devtmpfs" ino=3299 res=0 errno=0 [ 791.949759][ T40] audit: type=1326 audit(1260.221:26077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28208 comm="syz.9.25532" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x7fc00000 [ 792.341497][T28243] netlink: 4 bytes leftover after parsing attributes in process `syz.4.25550'. [ 792.710068][ T40] audit: type=1326 audit(1260.941:26078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28208 comm="syz.9.25532" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fa3579 code=0x7fc00000 [ 793.003305][ T6140] Bluetooth: hci3: command 0x0405 tx timeout [ 793.781403][T28321] netlink: 28 bytes leftover after parsing attributes in process `syz.7.25587'. [ 793.785160][T28321] netlink: 28 bytes leftover after parsing attributes in process `syz.7.25587'. [ 793.865979][ T40] audit: type=1326 audit(1262.025:26079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28327 comm="syz.7.25590" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf749d598 code=0x7ffc0000 [ 793.882229][ T40] audit: type=1326 audit(1262.025:26080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28327 comm="syz.7.25590" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf749d598 code=0x7ffc0000 [ 793.893341][ T40] audit: type=1326 audit(1262.025:26081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28327 comm="syz.7.25590" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf749d598 code=0x7ffc0000 [ 793.914194][ T40] audit: type=1326 audit(1262.025:26082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28327 comm="syz.7.25590" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf749d598 code=0x7ffc0000 [ 793.933852][ T40] audit: type=1326 audit(1262.025:26083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28327 comm="syz.7.25590" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 793.955503][ T40] audit: type=1326 audit(1262.025:26084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28327 comm="syz.7.25590" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf749d598 code=0x7ffc0000 [ 793.976707][ T40] audit: type=1326 audit(1262.025:26085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28327 comm="syz.7.25590" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf749d598 code=0x7ffc0000 [ 794.047012][T28338] binder: 28337:28338 ioctl c0306201 80000b80 returned -14 [ 794.299141][T28352] netlink: 'syz.7.25602': attribute type 8 has an invalid length. [ 794.303191][T28354] netlink: 12 bytes leftover after parsing attributes in process `syz.4.25599'. [ 794.885034][T13576] usb 12-1: new high-speed USB device number 14 using dummy_hcd [ 795.047067][T13576] usb 12-1: Using ep0 maxpacket: 8 [ 795.050947][T13576] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 795.056101][T13576] usb 12-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 795.064934][T13576] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 795.072346][T13576] usb 12-1: config 0 descriptor?? [ 795.314668][T13576] iowarrior 12-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 795.528365][ T1020] usb 12-1: USB disconnect, device number 14 [ 795.973501][T28452] netlink: 4 bytes leftover after parsing attributes in process `syz.2.25649'. [ 799.435715][T28640] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 799.841879][T28655] : renamed from vlan0 (while UP) [ 799.980600][T28663] netlink: 24 bytes leftover after parsing attributes in process `syz.9.25738'. [ 799.984399][T28663] netlink: 24 bytes leftover after parsing attributes in process `syz.9.25738'. [ 800.674065][T28696] netlink: 4 bytes leftover after parsing attributes in process `syz.9.25754'. [ 800.878783][T13576] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 802.004747][T28731] tap0: tun_chr_ioctl cmd 1074025676 [ 802.007491][T28731] tap0: owner set to 0 [ 802.172341][T28741] netlink: 8 bytes leftover after parsing attributes in process `syz.7.25772'. [ 802.176617][T28741] netlink: 'syz.7.25772': attribute type 5 has an invalid length. [ 802.506882][T28761] bond1 (unregistering): Released all slaves [ 802.752388][T28776] comedi comedi3: comedi_test: 10 microvolt, 2046 microsecond waveform attached [ 803.017930][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 803.408132][T28830] kvm: kvm [28829]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x40600 [ 804.623628][T28902] binder: 28900:28902 ioctl c0306201 80000b80 returned -14 [ 804.748899][T28912] netlink: 27 bytes leftover after parsing attributes in process `syz.9.25842'. [ 805.188528][T13576] hid_parser_main: 6 callbacks suppressed [ 805.188549][T13576] hid-generic 0005:0C45:0C6E.000C: unknown main item tag 0x0 [ 805.214889][T13576] hid-generic 0005:0C45:0C6E.000C: hidraw1: BLUETOOTH HID v0.09 Device [syz1] on aa:aa:aa:aa:aa:aa [ 805.394313][T28958] netlink: 'syz.9.25861': attribute type 8 has an invalid length. [ 805.507395][T13576] kernel write not supported for file /uinput (pid: 13576 comm: kworker/2:4) [ 805.695112][T28980] netlink: 'syz.4.25871': attribute type 8 has an invalid length. [ 806.064225][T29000] netlink: 4 bytes leftover after parsing attributes in process `syz.4.25879'. [ 806.071518][T29000] netlink: 4 bytes leftover after parsing attributes in process `syz.4.25879'. [ 806.099803][ T40] kauditd_printk_skb: 211 callbacks suppressed [ 806.099821][ T40] audit: type=1800 audit(1273.465:26297): pid=29002 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.25881" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 806.315373][ T1020] usb 14-1: new high-speed USB device number 4 using dummy_hcd [ 806.387742][T29024] netlink: 104 bytes leftover after parsing attributes in process `syz.2.25890'. [ 806.475832][ T1020] usb 14-1: Using ep0 maxpacket: 8 [ 806.485653][ T1020] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 806.490436][ T1020] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 51017, setting to 1024 [ 806.495824][ T1020] usb 14-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 806.499680][ T1020] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 806.517026][ T1020] usb 14-1: config 0 descriptor?? [ 806.527336][T28998] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 806.756597][ T1020] iowarrior 14-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 806.782608][ T40] audit: type=1800 audit(1274.091:26298): pid=29033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.25894" name="cgroup.controllers" dev="tmpfs" ino=1317 res=0 errno=0 [ 806.901361][ T5696] kernel write not supported for file /dsp (pid: 5696 comm: kworker/1:4) [ 806.973935][ T1020] usb 14-1: USB disconnect, device number 4 [ 807.730414][T29092] netlink: 44 bytes leftover after parsing attributes in process `syz.4.25922'. [ 807.737463][T29092] 8021q: adding VLAN 0 to HW filter on device bond0 [ 807.760446][ T5775] bond0: (slave bond_slave_0): link status definitely down, disabling slave [ 807.765638][ T5775] bond0: (slave bond_slave_1): link status definitely down, disabling slave [ 807.772745][ T5775] bond0: (slave netdevsim0): link status definitely down, disabling slave [ 807.776578][ T5775] bond0: (slave bond2): link status definitely down, disabling slave [ 807.785125][ T5775] bond0: now running without any active interface! [ 807.864752][ T2151] block nbd0: Possible stuck request ffff888026870000: control (read@0,4096B). Runtime 120 seconds [ 808.449997][ T40] audit: type=1326 audit(1275.652:26299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29124 comm="syz.7.25936" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 808.465461][ T40] audit: type=1326 audit(1275.661:26300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29124 comm="syz.7.25936" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf749d598 code=0x7ffc0000 [ 808.480429][ T40] audit: type=1326 audit(1275.661:26301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29124 comm="syz.7.25936" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf749d598 code=0x7ffc0000 [ 808.491174][ T40] audit: type=1326 audit(1275.661:26302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29124 comm="syz.7.25936" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf749d598 code=0x7ffc0000 [ 808.501518][ T40] audit: type=1326 audit(1275.661:26303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29124 comm="syz.7.25936" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf749d598 code=0x7ffc0000 [ 808.512651][ T40] audit: type=1326 audit(1275.661:26304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29124 comm="syz.7.25936" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf749d598 code=0x7ffc0000 [ 808.521645][ T40] audit: type=1326 audit(1275.661:26305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29124 comm="syz.7.25936" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 808.532341][ T40] audit: type=1326 audit(1275.661:26306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29124 comm="syz.7.25936" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 808.826554][T29143] siw: device registration error -23 [ 809.038816][T29152] netlink: 'syz.4.25949': attribute type 9 has an invalid length. [ 809.948989][T29178] pim6reg1: tun_chr_ioctl cmd 1074025677 [ 809.952620][T29178] pim6reg1: linktype set to 780 [ 810.036781][ T6140] Bluetooth: hci2: command 0x0406 tx timeout [ 810.163859][ T6287] kernel read not supported for file /vcs (pid: 6287 comm: kworker/1:3) [ 810.860834][T29195] kvm_intel: kvm [29194]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x3 [ 812.244062][T29243] netlink: 8 bytes leftover after parsing attributes in process `syz.9.25990'. [ 812.548445][T29263] netlink: 4 bytes leftover after parsing attributes in process `syz.2.25999'. [ 813.149550][T29291] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 813.165674][T29291] overlayfs: fs on './cgroup' does not support file handles, falling back to index=off,nfs_export=off. [ 813.174428][T29291] overlayfs: fs on './cgroup' does not support file handles, falling back to xino=off. [ 813.247734][T29295] bond0: entered promiscuous mode [ 813.250101][T29295] bond_slave_0: entered promiscuous mode [ 813.252934][T29295] bond_slave_1: entered promiscuous mode [ 813.258472][T29295] batadv0: entered promiscuous mode [ 813.262741][T29295] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network [ 813.267009][T29295] hsr1: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network [ 813.272290][T29295] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 814.300471][T29346] ALSA: seq fatal error: cannot create timer (-19) [ 814.743395][T29378] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 814.749835][T29378] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 815.342913][T29405] netlink: 8 bytes leftover after parsing attributes in process `syz.2.26061'. [ 815.485056][T14398] kernel write not supported for file /vcsa (pid: 14398 comm: kworker/0:6) [ 815.557233][T29417] netlink: 16 bytes leftover after parsing attributes in process `syz.9.26067'. [ 815.690523][T29421] (syz.9.26070,29421,3):dlmfs_mkdir:421 ERROR: invalid domain name for directory. [ 816.098993][T29442] netlink: 4 bytes leftover after parsing attributes in process `syz.2.26079'. [ 818.216176][T29558] netlink: 4 bytes leftover after parsing attributes in process `syz.4.26132'. [ 818.338280][ T1020] kernel read not supported for file /mdstat (pid: 1020 comm: kworker/0:2) [ 818.693281][T29591] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 819.948226][T29631] GUP no longer grows the stack in syz.7.26166 (29631): 80004000-80005000 (80001000) [ 819.953614][T29631] CPU: 2 UID: 0 PID: 29631 Comm: syz.7.26166 Tainted: G L syzkaller #0 PREEMPT(full) [ 819.953643][T29631] Tainted: [L]=SOFTLOCKUP [ 819.953649][T29631] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 819.953659][T29631] Call Trace: [ 819.953665][T29631] [ 819.953673][T29631] dump_stack_lvl+0x100/0x190 [ 819.953701][T29631] gup_vma_lookup.cold+0x83/0x96 [ 819.953726][T29631] __get_user_pages+0x241/0x34d0 [ 819.953756][T29631] ? register_lock_class+0x40/0x560 [ 819.953777][T29631] ? do_fast_syscall_32+0x32/0x70 [ 819.953798][T29631] ? __pfx___get_user_pages+0x10/0x10 [ 819.953829][T29631] __gup_longterm_locked+0x87d/0x16f0 [ 819.953855][T29631] ? __lock_acquire+0x4a5/0x2630 [ 819.953880][T29631] ? __pfx___gup_longterm_locked+0x10/0x10 [ 819.953937][T29631] pin_user_pages_remote+0xed/0x140 [ 819.953969][T29631] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 819.954003][T29631] process_vm_rw_core.constprop.0+0x412/0x950 [ 819.954031][T29631] ? trace_kmalloc+0x83/0xb0 [ 819.954053][T29631] ? __kmalloc_noprof+0x365/0x9c0 [ 819.954075][T29631] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 819.954101][T29631] ? iovec_from_user+0xbb/0x140 [ 819.954137][T29631] ? iovec_from_user+0xbb/0x140 [ 819.954163][T29631] process_vm_rw+0x226/0x2d0 [ 819.954186][T29631] ? __pfx_process_vm_rw+0x10/0x10 [ 819.954214][T29631] ? __pfx___mm_populate+0x10/0x10 [ 819.954262][T29631] ? __pfx___ia32_sys_futex_time32+0x10/0x10 [ 819.954286][T29631] ? __task_pid_nr_ns+0x1f5/0x500 [ 819.954308][T29631] ? __task_pid_nr_ns+0x1f5/0x500 [ 819.954334][T29631] __ia32_sys_process_vm_writev+0xdf/0x1b0 [ 819.954357][T29631] ? __do_fast_syscall_32+0x97/0x660 [ 819.954379][T29631] ? lockdep_hardirqs_on+0x78/0x100 [ 819.954401][T29631] __do_fast_syscall_32+0xde/0x660 [ 819.954426][T29631] do_fast_syscall_32+0x32/0x70 [ 819.954447][T29631] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 819.954464][T29631] RIP: 0023:0xf749d579 [ 819.954479][T29631] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 [ 819.954496][T29631] RSP: 002b:00000000f54c650c EFLAGS: 00000292 ORIG_RAX: 000000000000015c [ 819.954514][T29631] RAX: ffffffffffffffda RBX: 0000000000000928 RCX: 0000000080c22000 [ 819.954525][T29631] RDX: 000000000000002b RSI: 0000000080c22fa0 RDI: 0000000000000001 [ 819.954536][T29631] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 819.954545][T29631] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 819.954565][T29631] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 819.954589][T29631] [ 820.015640][ T1020] hid-generic 0103:0004:0000.000D: unknown main item tag 0x0 [ 820.077285][ T1020] hid-generic 0103:0004:0000.000D: unknown main item tag 0x0 [ 820.080622][ T1020] hid-generic 0103:0004:0000.000D: unknown main item tag 0x0 [ 820.084297][ T1020] hid-generic 0103:0004:0000.000D: unknown main item tag 0x0 [ 820.087670][ T1020] hid-generic 0103:0004:0000.000D: unknown main item tag 0x0 [ 820.091091][ T1020] hid-generic 0103:0004:0000.000D: unknown main item tag 0x0 [ 820.095035][ T1020] hid-generic 0103:0004:0000.000D: unknown main item tag 0x0 [ 820.098384][ T1020] hid-generic 0103:0004:0000.000D: unknown main item tag 0x0 [ 820.101816][ T1020] hid-generic 0103:0004:0000.000D: unknown main item tag 0x0 [ 820.108103][ T1020] hid-generic 0103:0004:0000.000D: unknown main item tag 0x0 [ 820.118107][ T1020] hid-generic 0103:0004:0000.000D: hidraw1: HID v0.02 Device [syz0] on syz1 [ 820.234099][T29641] fido_id[29641]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 821.795532][T29702] vivid-007: disconnect [ 821.799431][T29701] vivid-007: reconnect [ 821.973554][ T6201] usb 14-1: new full-speed USB device number 5 using dummy_hcd [ 822.069277][T29706] Falling back ldisc for ttyS3. [ 822.177834][ T6201] usb 14-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x36, changing to 0x6 [ 822.199051][ T6201] usb 14-1: config 0 interface 0 has no altsetting 0 [ 822.210145][ T6201] usb 14-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 822.217199][ T6201] usb 14-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 822.228018][ T6201] usb 14-1: Product: syz [ 822.229992][ T6201] usb 14-1: Manufacturer: syz [ 822.232064][ T6201] usb 14-1: SerialNumber: syz [ 822.246018][ T6201] usb 14-1: config 0 descriptor?? [ 822.254804][ T6201] usb 14-1: selecting invalid altsetting 0 [ 822.501504][ T6201] usb 14-1: USB disconnect, device number 5 [ 822.956561][T29751] Context (ID=0x1) not attached to queue pair (handle=0x1:0x81) [ 823.045302][T29755] netlink: 36 bytes leftover after parsing attributes in process `syz.2.26217'. [ 824.664413][T29854] netlink: 'syz.2.26262': attribute type 14 has an invalid length. [ 824.861350][ T40] kauditd_printk_skb: 264 callbacks suppressed [ 824.861367][ T40] audit: type=1326 audit(1290.999:26571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29858 comm="syz.7.26264" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 824.875745][ T40] audit: type=1326 audit(1290.999:26572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29858 comm="syz.7.26264" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 824.887104][ T40] audit: type=1326 audit(1291.008:26573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29858 comm="syz.7.26264" exe="/syz-executor" sig=0 arch=40000003 syscall=39 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 824.896632][ T40] audit: type=1326 audit(1291.008:26574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29858 comm="syz.7.26264" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 824.906645][ T40] audit: type=1326 audit(1291.008:26575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29858 comm="syz.7.26264" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 824.916160][ T40] audit: type=1326 audit(1291.027:26576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29858 comm="syz.7.26264" exe="/syz-executor" sig=0 arch=40000003 syscall=226 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 824.925595][ T40] audit: type=1326 audit(1291.027:26577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29858 comm="syz.7.26264" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 824.934445][ T40] audit: type=1326 audit(1291.027:26578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29858 comm="syz.7.26264" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 824.957639][ T40] audit: type=1326 audit(1291.027:26579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29858 comm="syz.7.26264" exe="/syz-executor" sig=0 arch=40000003 syscall=230 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 824.975921][ T40] audit: type=1326 audit(1291.027:26580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29858 comm="syz.7.26264" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 825.669991][T29907] netlink: 'syz.7.26284': attribute type 8 has an invalid length. [ 826.269528][ T1020] usb 14-1: new high-speed USB device number 6 using dummy_hcd [ 826.449473][ T1020] usb 14-1: Using ep0 maxpacket: 16 [ 826.454797][ T1020] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 826.456662][T29930] netlink: 16 bytes leftover after parsing attributes in process `syz.7.26294'. [ 826.458890][ T1020] usb 14-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 826.458934][ T1020] usb 14-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 826.465127][T29930] netlink: 12 bytes leftover after parsing attributes in process `syz.7.26294'. [ 826.468155][ T1020] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 826.472535][T29930] netlink: 12 bytes leftover after parsing attributes in process `syz.7.26294'. [ 826.482366][ T1020] usb 14-1: config 0 descriptor?? [ 827.155312][ T8925] hid_parser_main: 1 callbacks suppressed [ 827.155331][ T8925] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 827.165236][ T8925] hid-generic 0000:0000:0000.000E: hidraw1: HID v0.00 Device [syz1] on syz0 [ 827.188808][ T29] hid-generic 0005:0B57:0000.000F: item fetching failed at offset 0/1 [ 827.194787][ T29] hid-generic 0005:0B57:0000.000F: probe with driver hid-generic failed with error -22 [ 829.058745][T30019] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 829.250466][ T1020] usbhid 14-1:0.0: can't add hid device: -71 [ 829.253413][ T1020] usbhid 14-1:0.0: probe with driver usbhid failed with error -71 [ 829.261493][ T1020] usb 14-1: USB disconnect, device number 6 [ 829.388272][T30034] tun0: tun_chr_ioctl cmd 1074025678 [ 829.391384][T30034] tun0: group set to 0 [ 829.992546][T30067] random: crng reseeded on system resumption [ 830.073643][T30073] netlink: 120 bytes leftover after parsing attributes in process `syz.7.26353'. [ 830.077920][T30073] netlink: 12 bytes leftover after parsing attributes in process `syz.7.26353'. [ 830.299494][T30097] netlink: 4 bytes leftover after parsing attributes in process `syz.2.26367'. [ 830.316172][T30097] netlink: 4 bytes leftover after parsing attributes in process `syz.2.26367'. [ 830.901081][ T6201] usb 12-1: new low-speed USB device number 15 using dummy_hcd [ 831.073594][ T6201] usb 12-1: config 0 has no interfaces? [ 831.076463][ T6201] usb 12-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 831.080750][ T6201] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 831.088955][ T6201] usb 12-1: config 0 descriptor?? [ 831.323889][ T841] usb 12-1: USB disconnect, device number 15 [ 831.909987][T30145] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 831.912859][T30145] IPv6: NLM_F_CREATE should be set when creating new route [ 831.920519][T30145] IPv6: NLM_F_CREATE should be set when creating new route [ 832.068122][T30152] netlink: 12 bytes leftover after parsing attributes in process `syz.9.26392'. [ 832.193486][T30154] kAFS: No cell specified [ 833.896886][T30191] loop9: detected capacity change from 0 to 7 [ 833.901494][T30191] Dev loop9: unable to read RDB block 7 [ 833.904562][T30191] loop9: unable to read partition table [ 833.907877][T30191] loop9: partition table beyond EOD, truncated [ 833.911751][T30191] loop_reread_partitions: partition scan of loop9 (被x ) failed (rc=-5) [ 835.443789][T30259] binder: 30258:30259 ioctl c0306201 0 returned -14 [ 835.755387][T30266] sch_fq: defrate 0 ignored. [ 836.038102][T30280] netlink: 16 bytes leftover after parsing attributes in process `syz.7.26447'. [ 836.041963][T30280] netlink: 56 bytes leftover after parsing attributes in process `syz.7.26447'. [ 836.045930][T30280] netlink: 16 bytes leftover after parsing attributes in process `syz.7.26447'. [ 836.626936][T30309] netlink: 32 bytes leftover after parsing attributes in process `syz.9.26461'. [ 836.799528][T30319] netlink: 20 bytes leftover after parsing attributes in process `syz.7.26467'. [ 837.095924][T30337] netlink: 8 bytes leftover after parsing attributes in process `syz.7.26472'. [ 837.100236][T30337] netlink: 12 bytes leftover after parsing attributes in process `syz.7.26472'. [ 837.195867][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 837.195883][ T40] audit: type=1326 audit(1302.523:26582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30340 comm="syz.7.26477" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x0 [ 837.423802][T30358] 9pnet_virtio: no channels available for device ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 837.493609][T30362] @0: renamed from bond_slave_1 [ 837.940224][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 838.670635][ T40] audit: type=1326 audit(1303.906:26583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30397 comm="syz.7.26503" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf749d598 code=0x7ffc0000 [ 838.695994][ T40] audit: type=1326 audit(1303.906:26584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30397 comm="syz.7.26503" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf749d598 code=0x7ffc0000 [ 838.721127][ T40] audit: type=1326 audit(1303.906:26585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30397 comm="syz.7.26503" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf749d598 code=0x7ffc0000 [ 838.730095][ T40] audit: type=1326 audit(1303.906:26586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30397 comm="syz.7.26503" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 838.753796][ T40] audit: type=1326 audit(1303.906:26587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30397 comm="syz.7.26503" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 838.762922][ T40] audit: type=1326 audit(1303.906:26588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30397 comm="syz.7.26503" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 838.774826][ T40] audit: type=1326 audit(1303.906:26589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30397 comm="syz.7.26503" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf749d598 code=0x7ffc0000 [ 838.785449][ T40] audit: type=1326 audit(1303.906:26590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30397 comm="syz.7.26503" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf749d598 code=0x7ffc0000 [ 838.799443][ T40] audit: type=1326 audit(1303.906:26591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30397 comm="syz.7.26503" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000 [ 838.871015][ T8951] usb 14-1: new high-speed USB device number 7 using dummy_hcd [ 839.057764][ T8951] usb 14-1: config index 0 descriptor too short (expected 39, got 27) [ 839.061289][ T8951] usb 14-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 839.065826][ T8951] usb 14-1: config 0 interface 0 has no altsetting 0 [ 839.086428][ T8951] usb 14-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 839.090283][ T8951] usb 14-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 839.094338][ T8951] usb 14-1: Product: syz [ 839.097160][ T8951] usb 14-1: Manufacturer: syz [ 839.098837][ T8951] usb 14-1: SerialNumber: syz [ 839.102796][ T8951] usb 14-1: config 0 descriptor?? [ 839.112694][ T8951] hub 14-1:0.0: bad descriptor, ignoring hub [ 839.115061][ T8951] hub 14-1:0.0: probe with driver hub failed with error -5 [ 839.119313][ T8951] usb 14-1: selecting invalid altsetting 0 [ 839.375189][T30428] netlink: 4 bytes leftover after parsing attributes in process `syz.7.26518'. [ 839.439433][T29959] ================================================================== [ 839.443932][T29959] BUG: KASAN: use-after-free in __mutex_lock+0x1861/0x1b90 [ 839.447570][T29959] Read of size 8 at addr ffff88806e7780a8 by task khidpd_0b570000/29959 [ 839.452065][T29959] [ 839.454045][T29959] CPU: 3 UID: 0 PID: 29959 Comm: khidpd_0b570000 Tainted: G L syzkaller #0 PREEMPT(full) [ 839.454073][T29959] Tainted: [L]=SOFTLOCKUP [ 839.454080][T29959] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 839.454091][T29959] Call Trace: [ 839.454098][T29959] [ 839.454106][T29959] dump_stack_lvl+0x100/0x190 [ 839.454132][T29959] print_report+0x156/0x4c9 [ 839.454154][T29959] ? __virt_addr_valid+0x81/0x620 [ 839.454177][T29959] ? __phys_addr+0xe8/0x180 [ 839.454200][T29959] ? __mutex_lock+0x1861/0x1b90 [ 839.454220][T29959] kasan_report+0xdf/0x1a0 [ 839.454243][T29959] ? __mutex_lock+0x1861/0x1b90 [ 839.454264][T29959] __mutex_lock+0x1861/0x1b90 [ 839.454284][T29959] ? __pfx_debug_object_deactivate+0x10/0x10 [ 839.454307][T29959] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 839.454334][T29959] ? l2cap_unregister_user+0x71/0x240 [ 839.454375][T29959] ? __pfx___mutex_lock+0x10/0x10 [ 839.454395][T29959] ? __try_to_del_timer_sync+0x107/0x160 [ 839.454416][T29959] ? __try_to_del_timer_sync+0x107/0x160 [ 839.454434][T29959] ? rcu_is_watching+0x12/0xc0 [ 839.454452][T29959] ? lockdep_hardirqs_on+0x78/0x100 [ 839.454473][T29959] ? __try_to_del_timer_sync+0x107/0x160 [ 839.454493][T29959] ? __pfx___try_to_del_timer_sync+0x10/0x10 [ 839.454514][T29959] ? __timer_delete_sync+0x151/0x1c0 [ 839.454534][T29959] ? l2cap_unregister_user+0x71/0x240 [ 839.454559][T29959] l2cap_unregister_user+0x71/0x240 [ 839.454587][T29959] hidp_session_thread+0x459/0x680 [ 839.454633][T29959] ? __pfx_hidp_session_thread+0x10/0x10 [ 839.454655][T29959] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 839.454675][T29959] ? __kthread_parkme+0xbb/0x230 [ 839.454695][T29959] ? rcu_is_watching+0x12/0xc0 [ 839.454711][T29959] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 839.454732][T29959] ? __kthread_parkme+0x18c/0x230 [ 839.454753][T29959] ? __pfx_hidp_session_thread+0x10/0x10 [ 839.454773][T29959] kthread+0x3b3/0x730 [ 839.454796][T29959] ? __pfx_kthread+0x10/0x10 [ 839.454815][T29959] ? ret_from_fork+0x79/0xaf0 [ 839.454830][T29959] ? ret_from_fork+0x79/0xaf0 [ 839.454846][T29959] ? rcu_is_watching+0x12/0xc0 [ 839.454862][T29959] ? __pfx_kthread+0x10/0x10 [ 839.454886][T29959] ret_from_fork+0x754/0xaf0 [ 839.454902][T29959] ? __pfx_ret_from_fork+0x10/0x10 [ 839.454919][T29959] ? __switch_to+0x7b9/0x10c0 [ 839.454939][T29959] ? __pfx_kthread+0x10/0x10 [ 839.454963][T29959] ret_from_fork_asm+0x1a/0x30 [ 839.454994][T29959] [ 839.455001][T29959] [ 839.543909][T29959] The buggy address belongs to the physical page: [ 839.546431][T29959] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88806e77a700 pfn:0x6e778 [ 839.549916][T29959] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 839.552696][T29959] page_type: f0(buddy) [ 839.554286][T29959] raw: 04fff00000000000 ffffea000141b508 ffffea0001bb2208 0000000000000000 [ 839.557592][T29959] raw: ffff88806e77a700 0000000000000002 00000000f0000000 0000000000000000 [ 839.561034][T29959] page dumped because: kasan: bad access detected [ 839.563702][T29959] page_owner tracks the page as freed [ 839.565951][T29959] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_ZERO|__GFP_COMP), pid 26378, tgid 26378 (syz-executor), ts 749523812796, free_ts 839438903799 [ 839.573254][T29959] post_alloc_hook+0x1e1/0x250 [ 839.575271][T29959] get_page_from_freelist+0xe3d/0x2e10 [ 839.577787][T29959] __alloc_frozen_pages_noprof+0x26c/0x2410 [ 839.580231][T29959] alloc_pages_mpol+0x1fb/0x550 [ 839.582361][T29959] ___kmalloc_large_node+0x104/0x150 [ 839.584751][T29959] __kmalloc_large_node_noprof+0x1c/0x70 [ 839.587142][T29959] __kmalloc_noprof+0x6b1/0x9c0 [ 839.589237][T29959] hci_alloc_dev_priv+0x1d/0x28a0 [ 839.591364][T29959] __vhci_create_device+0xf0/0x880 [ 839.593439][T29959] vhci_write+0x2c4/0x490 [ 839.595063][T29959] vfs_write+0x6ac/0x1070 [ 839.596684][T29959] ksys_write+0x12a/0x250 [ 839.598303][T29959] __do_fast_syscall_32+0xde/0x660 [ 839.600218][T29959] do_fast_syscall_32+0x32/0x70 [ 839.602062][T29959] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 839.605299][T29959] page last free pid 27997 tgid 27997 stack trace: [ 839.607923][T29959] __free_frozen_pages+0x822/0x1130 [ 839.610111][T29959] hci_release_dev+0x4ef/0x630 [ 839.612144][T29959] bt_host_release+0x6a/0xb0 [ 839.613989][T29959] device_release+0xa4/0x240 [ 839.615682][T29959] kobject_put+0x1f7/0x640 [ 839.617293][T29959] put_device+0x1f/0x30 [ 839.618806][T29959] vhci_release+0x185/0x230 [ 839.620608][T29959] __fput+0x3ff/0xb40 [ 839.622265][T29959] task_work_run+0x150/0x240 [ 839.624205][T29959] do_exit+0x829/0x2a30 [ 839.625978][T29959] do_group_exit+0xd5/0x2a0 [ 839.627821][T29959] get_signal+0x1ec7/0x21e0 [ 839.629770][T29959] arch_do_signal_or_restart+0x91/0x770 [ 839.632027][T29959] exit_to_user_mode_loop+0x86/0x4b0 [ 839.634494][T29959] do_int80_emulation+0x39b/0x470 [ 839.636565][T29959] asm_int80_emulation+0x1a/0x20 [ 839.638591][T29959] [ 839.639600][T29959] Memory state around the buggy address: [ 839.641924][T29959] ffff88806e777f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 839.645150][T29959] ffff88806e778000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 839.648363][T29959] >ffff88806e778080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 839.651650][T29959] ^ [ 839.653835][T29959] ffff88806e778100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 839.657104][T29959] ffff88806e778180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 839.660485][T29959] ================================================================== [ 839.664358][T29959] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 839.667053][T29959] CPU: 3 UID: 0 PID: 29959 Comm: khidpd_0b570000 Tainted: G L syzkaller #0 PREEMPT(full) [ 839.675511][T29959] Tainted: [L]=SOFTLOCKUP [ 839.678219][T29959] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 839.682480][T29959] Call Trace: [ 839.683923][T29959] [ 839.685184][T29959] dump_stack_lvl+0x100/0x190 [ 839.687153][T29959] vpanic+0x20d/0x630 [ 839.688863][T29959] panic+0xd1/0xd1 [ 839.690436][T29959] ? __pfx_panic+0x10/0x10 [ 839.692150][T29959] ? check_panic_on_warn+0x1f/0x90 [ 839.694132][T29959] check_panic_on_warn.cold+0x19/0x34 [ 839.696157][T29959] end_report.part.0+0x3a/0x90 [ 839.697982][T29959] kasan_report.cold+0xe/0x18 [ 839.699875][T29959] ? __mutex_lock+0x1861/0x1b90 [ 839.701975][T29959] __mutex_lock+0x1861/0x1b90 [ 839.704008][T29959] ? __pfx_debug_object_deactivate+0x10/0x10 [ 839.706557][T29959] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 839.708830][T29959] ? l2cap_unregister_user+0x71/0x240 [ 839.711138][T29959] ? __pfx___mutex_lock+0x10/0x10 [ 839.713456][T29959] ? __try_to_del_timer_sync+0x107/0x160 [ 839.715831][T29959] ? __try_to_del_timer_sync+0x107/0x160 [ 839.718229][T29959] ? rcu_is_watching+0x12/0xc0 [ 839.720326][T29959] ? lockdep_hardirqs_on+0x78/0x100 [ 839.722502][T29959] ? __try_to_del_timer_sync+0x107/0x160 [ 839.724898][T29959] ? __pfx___try_to_del_timer_sync+0x10/0x10 [ 839.727438][T29959] ? __timer_delete_sync+0x151/0x1c0 [ 839.729725][T29959] ? l2cap_unregister_user+0x71/0x240 [ 839.732020][T29959] l2cap_unregister_user+0x71/0x240 [ 839.734233][T29959] hidp_session_thread+0x459/0x680 [ 839.736152][T29959] ? __pfx_hidp_session_thread+0x10/0x10 [ 839.738255][T29959] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 839.740977][T29959] ? __kthread_parkme+0xbb/0x230 [ 839.743104][T29959] ? rcu_is_watching+0x12/0xc0 [ 839.745172][T29959] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 839.747775][T29959] ? __kthread_parkme+0x18c/0x230 [ 839.749739][T29959] ? __pfx_hidp_session_thread+0x10/0x10 [ 839.751842][T29959] kthread+0x3b3/0x730 [ 839.753434][T29959] ? __pfx_kthread+0x10/0x10 [ 839.755180][T29959] ? ret_from_fork+0x79/0xaf0 [ 839.757395][T29959] ? ret_from_fork+0x79/0xaf0 [ 839.759424][T29959] ? rcu_is_watching+0x12/0xc0 [ 839.761455][T29959] ? __pfx_kthread+0x10/0x10 [ 839.763389][T29959] ret_from_fork+0x754/0xaf0 [ 839.765334][T29959] ? __pfx_ret_from_fork+0x10/0x10 [ 839.767550][T29959] ? __switch_to+0x7b9/0x10c0 [ 839.769605][T29959] ? __pfx_kthread+0x10/0x10 [ 839.771511][T29959] ret_from_fork_asm+0x1a/0x30 [ 839.773666][T29959] [ 839.776616][T29959] Kernel Offset: disabled [ 839.779331][T29959] Rebooting in 86400 seconds.. VM DIAGNOSIS: 10:55:53 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=800000005f083007 RCX=ffffffff82539bf1 RDX=ffff888020e2a4c0 RSI=ffffffff825529fa RDI=ffff888020e2a4c0 RBP=0000000000000001 RSP=ffffc9000cca7638 R8 =0000000000000006 R9 =ffffffffffffffff R10=000000000005f000 R11=0000000000000000 R12=ffffea00017c20c0 R13=0000000000000000 R14=00000000f6600000 R15=0000000000000001 RIP=ffffffff825529fa RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880973e2000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7f655b8 CR3=000000004de8a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000600 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000045bd13 RBX=ffff88801daea4c0 RCX=ffffffff8b7414b5 RDX=0000000000000000 RSI=ffffffff8dc41a8e RDI=ffffffff8bfa3320 RBP=0000000000000001 RSP=ffffc9000046fdf0 R8 =0000000000000001 R9 =ffffed100566673d R10=ffff88802b3339eb R11=0000000000000000 R12=ffffed1003b5d498 R13=0000000000000001 R14=ffffffff90b76fd0 R15=0000000000000000 RIP=ffffffff8b73fe1f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880974e2000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f74c6288 CR3=000000005262a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000585858585858 2e7a797300000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=0000000000000003 RCX=ffffffff81f9fafa RDX=ffff888027f44980 RSI=ffffffff81f9fad4 RDI=ffff888027f44980 RBP=ffff88802b542ea0 RSP=ffffc9000425f518 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=0000000000000003 R13=ffffed10056a85d5 R14=0000000000000001 R15=ffff88802b43c040 RIP=ffffffff82064aea RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f5ffc3e7300 ffffffff 00c00000 GS =0000 ffff8880975e2000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f71b9df0 CR3=000000004fadf000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0004000000100008 0000000000000004 000c001a00100000 0014010000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000c000000080004 001c000e00000000 0000000000000000 6797000000200000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0ad9000000000384 44c0000000140000 001c0000000e0014 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 d81affffffff893e 40b7ffffffff893e 4bb3ffffffff8283 3534ffffffff893e ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4eb3ffffffff81ac 489fffffffff81ac 411effffffff81ac 4ed6ffffffff81ac ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4231ffffffff81ac 4206000002d30300 000000000008ffff a392000003e60000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0008000400000008 0008000000140000 16c00000215c0000 5c98000000040000 ZMM24=8c6f3ea48c6f3ea4 8c6f3ea48c6f3ea4 8c6f3ea48c6f3ea4 8c6f3ea48c6f3ea4 8c6f3ea48c6f3ea4 8c6f3ea48c6f3ea4 8c6f3ea48c6f3ea4 8c6f3ea48c6f3ea4 ZMM25=4ad4d3534ad4d353 4ad4d3534ad4d353 4ad4d3534ad4d353 4ad4d3534ad4d353 4ad4d3534ad4d353 4ad4d3534ad4d353 4ad4d3534ad4d353 4ad4d3534ad4d353 ZMM26=95cda3d695cda3d6 95cda3d695cda3d6 95cda3d695cda3d6 95cda3d695cda3d6 95cda3d695cda3d6 95cda3d695cda3d6 95cda3d695cda3d6 95cda3d695cda3d6 ZMM27=071a05fb071a05fb 071a05fb071a05fb 071a05fb071a05fb 071a05fb071a05fb 071a05fb071a05fb 071a05fb071a05fb 071a05fb071a05fb 071a05fb071a05fb ZMM28=000001b0000001af 000001ae000001ad 000001ac000001ab 000001aa000001a9 000001a8000001a7 000001a6000001a5 000001a4000001a3 000001a2000001a1 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=8295000082950000 8295000082950000 8295000082950000 8295000082950000 8295000082950000 8295000082950000 8295000082950000 8295000082950000 info registers vcpu 3 CPU#3 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff85673cf0 RDI=ffffffff9b1f3260 RBP=ffffffff9b1f3220 RSP=ffffc9000c83f4c0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000064616552 R12=0000000000000000 R13=0000000000000020 R14=fffffbfff363e69e R15=dffffc0000000000 RIP=ffffffff85673d17 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880976e2000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002e61dff8 CR3=000000004d2be000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000600 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000e0fe81 Opmask01=0000000000410101 Opmask02=00000000ffffffff Opmask03=0000000001041000 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000561e62801550 0000561e62801550 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000561e627e3f90 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000561e627f8c00 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe3c03f1b20 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0000 ffffffffffffffff ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1c1f115c435d4316 10120300161e121d ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5c431d1c1a141601 5c43000611171d5c ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 37706f6f6c2f6b63 6f6c622f6c617574 7269762f73656369 7665642f7379732f ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 37706f6f6c2f6b63 6f6c622f6c617574 7269762f73656369 7665642f7379732f ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 616c702f73656369 7665642f7379732f 0000000000000041 0000000000000039 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 0065636172007974 00736576616c7300 306d656d702f6b63 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 342c332c322c312c 3061722c4533312c 4433312c4333312c 4233312c4133312c ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3733312c3633312c 3433312c3333312c 3133312c3033316b 2c35312c332c312c ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 30652d4245453165 3141323070424132 317633303030623a 7475706e693d5341 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe3c03f1b30 00004d5500304530 0000000000000021 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000551e622e0a30 0000000500301b30 0000000000000021 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000