last executing test programs: 4m24.414414219s ago: executing program 2 (id=924): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000c40)=""/4096, 0x1000}], 0x7e) 4m24.320833121s ago: executing program 2 (id=926): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000140), 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000300)=ANY=[@ANYBLOB='+pids'], 0x6) 4m24.174044021s ago: executing program 2 (id=927): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}}]}, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 4m24.173749411s ago: executing program 2 (id=928): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 4m24.115606443s ago: executing program 2 (id=929): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="080000fa"], 0xdc) 4m23.875340141s ago: executing program 2 (id=930): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000400)={'batadv0\x00', 0x0}) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fbdbdf250f00000005002f000100000005002a0001000000050029000100000008000300", @ANYRES32=r2], 0x54}, 0x1, 0x0, 0x0, 0x24004040}, 0x24008824) 4m23.79038433s ago: executing program 32 (id=930): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000400)={'batadv0\x00', 0x0}) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fbdbdf250f00000005002f000100000005002a0001000000050029000100000008000300", @ANYRES32=r2], 0x54}, 0x1, 0x0, 0x0, 0x24004040}, 0x24008824) 2m59.043651801s ago: executing program 1 (id=2661): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="02000000040000000100000027bf00000005"], 0x50) mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x3, 0x13, r1, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000a40)={r1}, 0x4) 2m59.021980283s ago: executing program 1 (id=2662): r0 = syz_io_uring_setup(0x24f4, &(0x7f00000002c0)={0x0, 0x15ce, 0x10100, 0x2, 0x33a}, &(0x7f0000002bc0), &(0x7f0000002900)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000380)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r0, 0x1e, &(0x7f0000000240)={r1}, 0x1) 2m58.944259805s ago: executing program 1 (id=2663): mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@userxattr}]}) symlink(&(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)='./file1/file0\x00') 2m58.943977186s ago: executing program 1 (id=2664): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x48) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x227) 2m58.87353108s ago: executing program 1 (id=2665): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000004c0)=ANY=[@ANYBLOB="0100000000030000ce"]) 2m58.664922741s ago: executing program 1 (id=2666): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00) 2m58.611333297s ago: executing program 33 (id=2666): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00) 2m47.992293291s ago: executing program 5 (id=2844): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000900)={0x100000000001, 0x0, 0x1, r2, 0x1}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x1, 0x0, 0x0, r2}) 2m47.229709631s ago: executing program 5 (id=2850): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 2m47.195872544s ago: executing program 5 (id=2852): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r2, 0x0, 0x5}, 0x18) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x2c, r1, 0x1, 0x0, 0x25dfdbfc, {0x24}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}}, 0x0) 2m47.155579603s ago: executing program 5 (id=2856): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x3) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1edc01, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000180)='./file0/../file0\x00', 0x0, 0x887008, 0x0) 2m47.118171965s ago: executing program 5 (id=2859): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) bind$phonet(r0, &(0x7f0000000000)={0x23, 0x80, 0x2}, 0x10) r1 = socket$phonet_pipe(0x23, 0x5, 0x2) bind$phonet(r1, &(0x7f0000000000)={0x23, 0x20}, 0x10) close(r1) 2m46.77282039s ago: executing program 5 (id=2873): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000080)={0xffffffffffffffff}, 0x111, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r1, &(0x7f0000000340)={0x5, 0x10, 0xfa00, {&(0x7f0000000440), r2}}, 0x18) 2m46.732776766s ago: executing program 34 (id=2873): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000080)={0xffffffffffffffff}, 0x111, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r1, &(0x7f0000000340)={0x5, 0x10, 0xfa00, {&(0x7f0000000440), r2}}, 0x18) 1m27.263596559s ago: executing program 3 (id=4542): r0 = socket$unix(0x1, 0x1, 0x0) r1 = syz_io_uring_setup(0x114, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x7}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000300)=0xfffffffc, 0x0, 0x4) unshare(0x20000400) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x48, 0x0, r0, 0x0, 0x0}) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) 1m27.167028416s ago: executing program 3 (id=4544): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}], 0x1, 0x0) recvmsg$can_raw(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f000001a4c0)=[{&(0x7f00000192c0)=""/158, 0x9e}], 0x1}, 0x2) 1m27.16672258s ago: executing program 3 (id=4545): r0 = socket(0x200000000000011, 0x2, 0xd) r1 = socket(0x200000000000011, 0x2, 0x0) bind$packet(r1, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @random="518440db9de1"}, 0x14) bind$packet(r0, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) syz_emit_ethernet(0x32, &(0x7f0000000200)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x2, 0x10, 0x11, 0x0, @empty, @empty}, {0x4e22, 0x4e23, 0x10, 0x0, @gue={{0x2, 0x1, 0x3, 0x4, 0x0, @val=0x80}}}}}}}, 0x0) 1m27.103011123s ago: executing program 3 (id=4546): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffd98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) 1m27.102661894s ago: executing program 3 (id=4547): r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83) sendmmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB=' '], 0x40}}], 0x1, 0x40000) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40086602, &(0x7f0000000000)) r1 = syz_create_resource$binfmt(&(0x7f0000000400)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') openat$binfmt(0xffffffffffffff9c, r1, 0x41, 0x1ff) renameat2(0xffffffffffffff9c, &(0x7f0000000280)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) 1m27.073430823s ago: executing program 3 (id=4548): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x84}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xa7f10723c5e5444d}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r1, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x2, 0x29, 0x0, @empty=0xe000, @multicast1}, {0x0, 0x0, 0x8}}}}}, 0x0) 1m11.971454489s ago: executing program 35 (id=4548): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x84}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xa7f10723c5e5444d}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r1, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x2, 0x29, 0x0, @empty=0xe000, @multicast1}, {0x0, 0x0, 0x8}}}}}, 0x0) 49.822981711s ago: executing program 0 (id=5123): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f0000000000), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8002, &(0x7f0000000700)=ANY=[@ANYBLOB="56c78e3c733d76697274676f2c6e6f65bc33dbde548d51f5638173733d616e792c63616368653d66736361636865"]) chdir(&(0x7f0000000300)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, 0x0, 0x118) write$P9_RLOCK(r0, &(0x7f00000001c0)={0x8, 0x35, 0x2, 0x3}, 0x8) 49.761180937s ago: executing program 0 (id=5124): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000280)=@gcm_256={{0x304}, "38b1acb1812aceed", "be6be3349bf6781aa925736d4238a19268a4f736feceb0837781f81ad518bb6e", "05ba26bf", "e5c8a6a300"}, 0x38) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000080)=@gcm_256={{0x304}, "fb7faf0400", "0d35db0d4af1cbcce779bbc24b53fc4988c215118dd14cb837de56339a336a19", "46d93a3b", "8891ea13f18ef0be"}, 0x38) 49.565471233s ago: executing program 0 (id=5126): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000009500"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r2, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}}) 49.497996623s ago: executing program 0 (id=5130): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x260) 49.462420839s ago: executing program 0 (id=5131): r0 = gettid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000840), 0x0) read(r1, &(0x7f0000000200)=""/209, 0xd1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x335, @time={0x3}, 0x52}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f00000000c0)={0x3, 0x1, 'client1\x00', 0x0, "81cbf3dc07ade253", "c2382b4c6bb074dcb971c144adc7e6576c93d30263c40dbdd1b75d7917ca30cb", 0x5, 0x800}) tkill(r0, 0x7) 49.212882482s ago: executing program 0 (id=5135): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x1ff, 0x1, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0x4b564d03, 0x0, 0x1}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 49.149321141s ago: executing program 36 (id=5135): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x1ff, 0x1, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0x4b564d03, 0x0, 0x1}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5.650064104s ago: executing program 4 (id=6019): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={0xffffffffffffffff}, 0x2, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r1, 0x10, 0x0, @in={0x2, 0x4e23, @empty}}}, 0x90) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x8000000000000, &(0x7f0000000080)={0xffffffffffffffff}, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r2, &(0x7f0000000380)={0x14, 0x88, 0xfa00, {r3, 0x10, 0x0, @in={0x2, 0x4e23, @loopback}}}, 0x90) 5.58280416s ago: executing program 4 (id=6020): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x408, 0xcd, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x5, [@var={0x3, 0x0, 0x0, 0x11, 0x3}, @typedef={0x0, 0x0, 0x0, 0x4}, @struct={0x0, 0x1, 0x0, 0x4, 0x1, 0x0, [{0x0, 0x2}]}]}, {0x0, [0x0, 0x0, 0x2e]}}, 0x0, 0x51}, 0x20) 5.575599817s ago: executing program 4 (id=6021): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) syz_clone(0x20000, 0x0, 0x2c, 0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000cab000)) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) 5.442243399s ago: executing program 4 (id=6024): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x260) 5.407830254s ago: executing program 4 (id=6025): r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000440)='.\x00', 0x12000021) r1 = syz_io_uring_setup(0x1e1e, &(0x7f0000000380)={0x0, 0x86f7, 0x10100, 0x3, 0x38a}, &(0x7f0000002000)=0x0, &(0x7f0000000440)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, 0x22}) io_uring_enter(r1, 0x48e9, 0xf2bb, 0x2, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) 5.213400578s ago: executing program 4 (id=6027): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={0xffffffffffffffff}, 0x2, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r1, 0x10, 0x0, @in={0x2, 0x4e23, @empty}}}, 0x90) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={0xffffffffffffffff}, 0x2, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r2, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r3, 0x10, 0x0, @in={0x2, 0x4e23, @empty}}}, 0x90) 5.149688623s ago: executing program 37 (id=6027): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={0xffffffffffffffff}, 0x2, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r1, 0x10, 0x0, @in={0x2, 0x4e23, @empty}}}, 0x90) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={0xffffffffffffffff}, 0x2, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r2, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r3, 0x10, 0x0, @in={0x2, 0x4e23, @empty}}}, 0x90) 913.146193ms ago: executing program 9 (id=6150): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a44, 0x1700) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_int(r1, &(0x7f0000000000)=0x8, 0x12) close(r1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x7a05, 0x1700) splice(r0, 0x0, r1, &(0x7f00000002c0)=0x87ffffe, 0x6, 0x0) 846.21784ms ago: executing program 9 (id=6153): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000bc0)={0x4c, 0x12, 0x301, 0x0, 0x0, {0x0, 0x6, 0x0, 0x0, {0x4e23, 0x0, [0x0, 0x0, 0x81], [0x1, 0xfffffffd, 0x10000], 0x0, [0x0, 0x7fff]}, 0x7}}, 0x4c}, 0x1, 0x0, 0x0, 0x20044190}, 0x40000) 783.548566ms ago: executing program 9 (id=6154): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuacct.usage\x00', 0x2, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) bind$rds(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000040)=0x1000000000, 0x12) 783.140669ms ago: executing program 9 (id=6156): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001640)={0x11, 0x19, &(0x7f0000001740)=ANY=[@ANYBLOB="180800000600000000000000000000008510"], &(0x7f0000000000)='GPL\x00', 0xa, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x1}, 0x94) socket$inet6_sctp(0xa, 0x1, 0x84) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x18, &(0x7f0000001840)=ANY=[@ANYBLOB="180000009a010000000000000500000018110000d5903d0fe25ee49d69c127a073c160a2e47ba3c3e5dd5f4ef66aede2387e24f6a5867909d956a80475a81b48eb04a23fd18dec90db36f40eebdcd557a2323c2f6312963b330c7b2b762675577d309b6e97d5c60c2e7909bd1126fd0d8067883f546b874a3def588f8141dd1f7b18446fcef0f36c55ee16878fe632cb3ac4fab8b89cbc7caabe65831a1bedf5ee7f49416e9c2601b720b77b977da661a230b65c1782240b463b9e4aa74f783504234fd4da8e69fc24dcbfe03362320b4b1ab91d5cfa7b694fe192785f68592068", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000090000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000bf91000000000000b7020000010000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x8, 0x0, 0x0, 0x41100, 0x71, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x2, 0x8, 0x472, 0x5}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000040)=[0x1, 0xffffffffffffffff], &(0x7f0000001700)=[{0x4, 0x3, 0x5, 0x3}], 0x10, 0xb}, 0xe4) 749.56332ms ago: executing program 9 (id=6158): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) syz_open_procfs$namespace(r0, &(0x7f0000000140)='ns/time_for_children\x00') 551.337633ms ago: executing program 8 (id=6164): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='debugfs\x00', 0x0, 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f00000000c0)='./file0\x00', 0x60004ce) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002480), 0x0, &(0x7f0000000040)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xc000}}) 550.987779ms ago: executing program 8 (id=6166): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r0, 0x9362, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x20400, 0x20) 492.274023ms ago: executing program 8 (id=6168): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x5c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9, 0x1}, {0x4}, {0xe, 0xd}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x401}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}, @TCA_INGRESS_BLOCK={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x90}, 0x4000c00) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) 405.638672ms ago: executing program 8 (id=6171): syz_clone3(&(0x7f0000000080)={0x180801400, &(0x7f0000000000), 0x0, 0x0, {0x3d}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x45885, 0x80, 0x0, 0x8}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r0, 0x3596, 0x0, 0x49, 0x0, 0x0) wait4(0xffffffffffffffff, 0x0, 0x40000000, 0x0) 263.590733ms ago: executing program 6 (id=6172): r0 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000002040)='net/tcp\x00') read$FUSE(r1, &(0x7f0000000000)={0x2020}, 0x96) close(r0) read$FUSE(r1, &(0x7f0000004340)={0x2020}, 0x2020) 263.389188ms ago: executing program 6 (id=6173): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0) 182.502459ms ago: executing program 6 (id=6174): timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f00000000c0)='./file0\x00') move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x260) 182.346257ms ago: executing program 7 (id=6175): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0xb) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000100)=0xff) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000040)={0xfffffff8, 0x401, 0xfffffffd, 0xc4cf, 0x7, "0441920887e87fcb367800000000080100", 0x4, 0x200}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000140)=0x8) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0x1) 182.250292ms ago: executing program 7 (id=6176): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@mpls_getroute={0x1c, 0x1a, 0x9e8a232eead7ae69, 0x70bd26, 0x0, {0x1c, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x4}}, 0x1c}}, 0x0) r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f00000000c0)=0x1) readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/24, 0xfd90}], 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) write$sndseq(r1, &(0x7f00000003c0)=[{0x0, 0x0, 0x0, 0x0, @tick=0xb, {0x0, 0xb8}, {0x4, 0xb0}, @control={0x9, 0x0, 0xb}}, {0x0, 0x0, 0x0, 0x4, @time={0x10001, 0x3ff}, {0x6, 0x4}, {}, @note={0x4, 0x3, 0x5, 0x10, 0x9}}], 0x38) 113.212298ms ago: executing program 7 (id=6177): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000000), 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f0000000480)={&(0x7f0000000340)={0x1d, r1}, 0x10, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000d6fe682c6100000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000004"], 0x20000600}}, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) sendmsg$can_bcm(r0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x4044001) 112.982346ms ago: executing program 6 (id=6178): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x7000, 0xdddd1000, 0x0, 0x0, 0x8, 0x8, 0x9, 0x2, 0x0, 0x4, 0x9, 0x10}, {0x8080000, 0x0, 0xc, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7, 0x0, 0xfb}, {0x3000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x100000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xeeee8000, 0x3000, 0x9, 0x0, 0xff, 0x4, 0x0, 0xe, 0x0, 0x3c}, {0x0, 0x0, 0xd, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80}, {0x8080000, 0x0, 0xa, 0x6, 0x5, 0x0, 0x3}, {0x80a0000, 0xdddd0000, 0x0, 0x0, 0x0, 0x1, 0x0, 0xa, 0x26}, {0x80a0000}, {0xeeef0000}, 0xfdfcffdb, 0x0, 0x0, 0x28, 0xb, 0xf801, 0x0, [0x0, 0x0, 0x1]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 112.864692ms ago: executing program 7 (id=6179): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x11) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000480)={{}, 'syz0\x00'}) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/bus/input/devices\x00', 0x0, 0x0) read$FUSE(r1, &(0x7f0000000300)={0x2020}, 0x2020) 112.780953ms ago: executing program 7 (id=6180): r0 = socket(0xa, 0x80802, 0x0) r1 = epoll_create1(0x0) epoll_pwait2(r1, &(0x7f0000000040)=[{}], 0x1, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x10000001}) close(r1) shutdown(r0, 0x0) 92.960333ms ago: executing program 8 (id=6181): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007"], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200009b1aecb600000000000000008d0000007500000095"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 1.082673ms ago: executing program 8 (id=6182): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) r2 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r2, &(0x7f0000000080)={0x1d, r1, 0x0, {0x0, 0x0, 0x4}}, 0x18) sendmsg$can_j1939(r2, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee) sendmsg$can_j1939(r2, &(0x7f0000000580)={&(0x7f0000000000)={0x1d, r1, 0x2, {0x0, 0xff, 0x2}, 0xff}, 0x18, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0xb127e96bff6bb362}, 0x0) 691.894µs ago: executing program 6 (id=6183): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 388.331µs ago: executing program 7 (id=6184): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x25c, &(0x7f0000000440)=@framed={{0x18, 0x2}, [@printk={@ld}, @call={0x85, 0x0, 0x0, 0x7}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r1}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 279.016µs ago: executing program 6 (id=6185): syz_usb_connect(0x4, 0x0, 0x0, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0xf0ff}}]}) r0 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x5452, &(0x7f0000000240)=""/77) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x57, 0x0, 0x0, {0xfffe, 0x1}, {0x74, 0x2}, @const={0x6, {0x7f, 0x0, 0x8000, 0xfffd}}}) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x78, 0x822b01) write$char_usb(r1, &(0x7f0000000040)="e2", 0x1068) 0s ago: executing program 9 (id=6186): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{0x303}, "7817765dc5914c3d", "c0a9b92b592a8e91a6934cb6b7b18f7a7a6eaa9cbd8ef3b0fbc326100136e976", "58a190f0", "2a1e833e7af32011"}, 0x38) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000000)=@gcm_256={{0x304}, "9b00", "25110528444d684ad9c60100000000000100dd3600", "5cb6d254", "160000009a00"}, 0xba3f6f2771eade19) kernel console output (not intermixed with test programs): yz.4.3725" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf705e579 code=0x7fc00000 [ 226.309504][ T40] audit: type=1326 audit(1756479517.341:1078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14798 comm="syz.4.3725" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7fc00000 [ 226.319402][ T40] audit: type=1326 audit(1756479517.341:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14798 comm="syz.4.3725" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7fc00000 [ 226.328762][ T40] audit: type=1326 audit(1756479517.341:1080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14798 comm="syz.4.3725" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7fc00000 [ 226.337475][ T40] audit: type=1326 audit(1756479517.341:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14798 comm="syz.4.3725" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7fc00000 [ 226.344210][ T40] audit: type=1326 audit(1756479517.341:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14798 comm="syz.4.3725" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7fc00000 [ 226.351552][ T40] audit: type=1326 audit(1756479517.341:1083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14798 comm="syz.4.3725" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7fc00000 [ 226.358427][ T40] audit: type=1326 audit(1756479517.341:1084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14798 comm="syz.4.3725" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7fc00000 [ 226.366716][ T40] audit: type=1326 audit(1756479517.341:1085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14798 comm="syz.4.3725" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7fc00000 [ 226.381037][T14840] binder: 14839:14840 ioctl c0306201 800008c0 returned -14 [ 226.930100][T14889] binder: 14887:14889 ioctl c0306201 80000040 returned -14 [ 226.996622][T14882] lo speed is unknown, defaulting to 1000 [ 227.099060][T14903] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3767'. [ 227.519023][T14929] input: syz1 as /devices/virtual/input/input50 [ 227.521843][T14929] input: failed to attach handler leds to device input50, error: -6 [ 227.715901][ T6044] usb 9-1: new high-speed USB device number 17 using dummy_hcd [ 227.867305][ T6044] usb 9-1: Using ep0 maxpacket: 16 [ 227.870831][ T6044] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 227.874288][ T6044] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 227.878326][ T6044] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 227.882463][ T6044] usb 9-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 227.885415][ T6044] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.892637][ T6044] usb 9-1: config 0 descriptor?? [ 228.313498][ T6044] hid_parser_main: 13 callbacks suppressed [ 228.313512][ T6044] shield 0003:0955:7214.0021: unknown main item tag 0x0 [ 228.318652][ T6044] shield 0003:0955:7214.0021: unknown main item tag 0x0 [ 228.320908][ T6044] shield 0003:0955:7214.0021: unknown main item tag 0x0 [ 228.323342][ T6044] shield 0003:0955:7214.0021: unknown main item tag 0x0 [ 228.325609][ T6044] shield 0003:0955:7214.0021: unknown main item tag 0x0 [ 228.330233][ T6044] input: HID 0955:7214 Haptics as /devices/virtual/input/input51 [ 228.359508][ T6044] shield 0003:0955:7214.0021: Registered Thunderstrike controller [ 228.362099][ T6044] shield 0003:0955:7214.0021: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.4-1/input0 [ 228.410068][T15015] sctp: [Deprecated]: syz.3.3818 (pid 15015) Use of struct sctp_assoc_value in delayed_ack socket option. [ 228.410068][T15015] Use struct sctp_sack_info instead [ 228.510473][ T6044] usb 9-1: USB disconnect, device number 17 [ 228.512623][ T10] shield 0003:0955:7214.0021: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 228.523022][ T10] shield 0003:0955:7214.0021: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 228.531193][ T10] shield 0003:0955:7214.0021: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 228.539457][ T10] shield 0003:0955:7214.0021: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 228.761888][T15047] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3833'. [ 228.895981][ T10] usb 5-1: new full-speed USB device number 19 using dummy_hcd [ 229.057863][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 27750, setting to 64 [ 229.061724][T15072] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.3845'. [ 229.067867][ T10] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 229.071743][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.074975][ T10] usb 5-1: Product: syz [ 229.085758][ T10] usb 5-1: Manufacturer: syz [ 229.087957][ T10] usb 5-1: SerialNumber: syz [ 229.094541][ T10] usb 5-1: config 0 descriptor?? [ 229.177722][T15082] input: syz0 as /devices/virtual/input/input52 [ 229.356746][T15103] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3861'. [ 229.483272][T15114] input: syz0 as /devices/virtual/input/input53 [ 229.521157][ T9924] usb 5-1: USB disconnect, device number 19 [ 229.574704][T15122] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3870'. [ 229.642928][T15128] loop4: detected capacity change from 0 to 7 [ 229.651563][ T6279] Dev loop4: unable to read RDB block 7 [ 229.655748][ T6279] loop4: AHDI p1 [ 229.657046][ T6279] loop4: partition table partially beyond EOD, truncated [ 229.662321][T15128] Dev loop4: unable to read RDB block 7 [ 229.664650][T15128] loop4: AHDI p1 [ 229.667218][T15128] loop4: partition table partially beyond EOD, truncated [ 229.670828][T15130] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3874'. [ 229.674668][T15130] netlink: 43 bytes leftover after parsing attributes in process `syz.3.3874'. [ 229.681087][T15130] netlink: 'syz.3.3874': attribute type 6 has an invalid length. [ 229.684366][T15130] netlink: 'syz.3.3874': attribute type 5 has an invalid length. [ 229.688416][T15130] netlink: 43 bytes leftover after parsing attributes in process `syz.3.3874'. [ 230.675978][ T10] delete_channel: no stack [ 231.585842][ T10] usb 11-1: new high-speed USB device number 7 using dummy_hcd [ 231.755832][ T10] usb 11-1: Using ep0 maxpacket: 32 [ 231.759040][ T10] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 231.762542][ T10] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 231.765915][ T10] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 231.770118][ T10] usb 11-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 231.772946][ T10] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.778979][ T10] usb 11-1: config 0 descriptor?? [ 231.799329][T15261] input: syz0 as /devices/virtual/input/input54 [ 232.125840][ T5991] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 232.127324][ T5982] Bluetooth: hci4: command 0x1003 tx timeout [ 232.194741][ T10] input: HID 0458:5011 as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/0003:0458:5011.0022/input/input55 [ 232.270025][ T10] input: HID 0458:5011 as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/0003:0458:5011.0022/input/input56 [ 232.306090][T15290] binder: 15289:15290 ioctl c0306201 0 returned -14 [ 232.319472][ T10] kye 0003:0458:5011.0022: input,hiddev0,hidraw1: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.6-1/input0 [ 232.671134][T15301] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3948'. [ 232.714757][T15307] overlayfs: workdir and upperdir must reside under the same mount [ 232.782230][T15313] pim6reg1: entered promiscuous mode [ 232.784685][T15313] pim6reg1: entered allmulticast mode [ 233.041507][T15336] ptrace attach of "/syz-executor exec"[5974] was attempted by ""[15336] [ 233.327322][ C0] kye 0003:0458:5011.0022: usb_submit_urb(ctrl) failed: -1 [ 233.435200][T15371] lo speed is unknown, defaulting to 1000 [ 233.900171][T15385] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3987'. [ 233.906489][T15385] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3987'. [ 234.120716][ T6061] usb 11-1: USB disconnect, device number 7 [ 234.195626][T15415] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input57 [ 234.223281][T15416] pim6reg: entered allmulticast mode [ 234.226991][T15416] pim6reg: left allmulticast mode [ 235.325913][ T5982] Bluetooth: hci4: command 0x1003 tx timeout [ 235.325943][ T5991] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 235.335780][ T55] usb 11-1: new low-speed USB device number 8 using dummy_hcd [ 235.440634][T15464] 9pnet: p9_errstr2errno: server reported unknown error 18446 [ 235.487000][ T55] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 235.490622][ T55] usb 11-1: config 0 has no interfaces? [ 235.493415][ T55] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 235.498092][ T55] usb 11-1: config 0 has no interfaces? [ 235.501110][ T55] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 235.504294][ T55] usb 11-1: config 0 has no interfaces? [ 235.508850][ T55] usb 11-1: string descriptor 0 read error: -22 [ 235.510875][ T55] usb 11-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 235.513714][ T55] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.518184][ T55] usb 11-1: config 0 descriptor?? [ 235.635937][ T10] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 235.766164][ T6218] usb 11-1: USB disconnect, device number 8 [ 235.815908][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 235.819516][ T10] usb 5-1: config 0 has no interfaces? [ 235.823718][ T10] usb 5-1: New USB device found, idVendor=0458, idProduct=704a, bcdDevice=3a.55 [ 235.828651][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.831882][ T10] usb 5-1: Product: syz [ 235.833600][ T10] usb 5-1: Manufacturer: syz [ 235.835488][ T10] usb 5-1: SerialNumber: syz [ 235.839858][ T10] usb 5-1: config 0 descriptor?? [ 236.051646][ T6061] usb 5-1: USB disconnect, device number 20 [ 236.337679][T15479] can0: slcan on ptm0. [ 236.396554][T15478] can0 (unregistered): slcan off ptm0. [ 236.455741][T15489] loop7: detected capacity change from 0 to 7 [ 236.458340][T15489] Dev loop7: unable to read RDB block 7 [ 236.460210][T15489] loop7: unable to read partition table [ 236.462130][T15489] loop7: partition table beyond EOD, truncated [ 236.464411][T15489] loop_reread_partitions: partition scan of loop7 (被x ) failed (rc=-5) [ 237.068688][T15536] netlink: 83 bytes leftover after parsing attributes in process `syz.0.4042'. [ 237.302420][T15549] debugfs: Invalid gid '0x00000000ffffffff' [ 237.340372][T15551] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 237.343878][T15551] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=null. [ 237.350720][T15553] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4049'. [ 237.471945][T15567] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4056'. [ 237.677449][T15587] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0 [ 237.890780][ T40] kauditd_printk_skb: 78 callbacks suppressed [ 237.890791][ T40] audit: type=1326 audit(1756479528.931:1164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15601 comm="syz.0.4071" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f28579 code=0x0 [ 238.306477][ T34] usb 11-1: new high-speed USB device number 9 using dummy_hcd [ 238.456105][ T34] usb 11-1: Using ep0 maxpacket: 16 [ 238.459304][ T34] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 238.462640][ T34] usb 11-1: too many endpoints for config 0 interface 0 altsetting 0: 33, using maximum allowed: 30 [ 238.466539][ T34] usb 11-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 33 [ 238.470610][ T34] usb 11-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 238.473741][ T34] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.478624][ T34] usb 11-1: config 0 descriptor?? [ 238.483179][ T34] input: bcm5974 as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/input/input58 [ 238.745607][ T5373] bcm5974 11-1:0.0: could not read from device [ 238.754101][T15616] bcm5974 11-1:0.0: could not read from device [ 238.760002][ T5373] bcm5974 11-1:0.0: could not read from device [ 238.760115][ T34] usb 11-1: USB disconnect, device number 9 [ 239.135812][ T53] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 239.250983][T15698] Invalid ELF header magic: != ELF [ 239.298071][ T53] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 239.301654][ T53] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 239.304868][ T53] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 239.309188][ T53] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 239.312426][ T53] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.316501][ T53] usb 5-1: config 0 descriptor?? [ 239.387130][T15709] syzkaller1: entered promiscuous mode [ 239.389040][T15709] syzkaller1: entered allmulticast mode [ 239.529681][T15711] : renamed from wg2 (while UP) [ 239.545856][ T55] usb 11-1: new high-speed USB device number 10 using dummy_hcd [ 239.549267][T15713] kvm: kvm [15712]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0xffffffff00000005 [ 239.695725][ T55] usb 11-1: Using ep0 maxpacket: 8 [ 239.701928][ T55] usb 11-1: config 0 interface 0 has no altsetting 0 [ 239.704531][ T55] usb 11-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 239.708416][ T55] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.712328][ T55] usb 11-1: config 0 descriptor?? [ 239.727696][ T53] plantronics 0003:047F:FFFF.0023: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 239.988842][ T6218] usb 5-1: USB disconnect, device number 21 [ 240.127511][ T55] mcp2221 0003:04D8:00DD.0024: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.6-1/input0 [ 240.326929][ T53] usb 11-1: USB disconnect, device number 10 [ 241.150247][T15833] bridge0: port 3(syz_tun) entered blocking state [ 241.153162][T15833] bridge0: port 3(syz_tun) entered disabled state [ 241.155357][T15833] syz_tun: entered allmulticast mode [ 241.159317][T15833] syz_tun: entered promiscuous mode [ 241.162030][T15833] bridge0: port 3(syz_tun) entered blocking state [ 241.165148][T15833] bridge0: port 3(syz_tun) entered forwarding state [ 241.291567][T15841] netlink: 64 bytes leftover after parsing attributes in process `syz.4.4182'. [ 241.349999][T15845] netlink: 116 bytes leftover after parsing attributes in process `syz.4.4184'. [ 241.597165][ T40] audit: type=1326 audit(1756479532.641:1165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15857 comm="syz.6.4190" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf710e579 code=0x0 [ 241.913721][T15868] netlink: 44 bytes leftover after parsing attributes in process `syz.3.4194'. [ 241.919803][T15868] netlink: 43 bytes leftover after parsing attributes in process `syz.3.4194'. [ 241.923573][T15868] netlink: 'syz.3.4194': attribute type 6 has an invalid length. [ 241.927173][T15868] netlink: 'syz.3.4194': attribute type 5 has an invalid length. [ 241.929878][T15868] netlink: 43 bytes leftover after parsing attributes in process `syz.3.4194'. [ 241.957106][T15873] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4197'. [ 242.060214][T15885] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.4203'. [ 242.277770][T15902] overlayfs: failed lookup in lower (newroot/1063, name='file1', err=-40): overlapping layers [ 242.352272][T15906] netlink: 348 bytes leftover after parsing attributes in process `syz.0.4213'. [ 242.534928][ T40] audit: type=1326 audit(1756479533.571:1166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15925 comm="syz.3.4223" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000 [ 242.540394][T15926] dummy0: entered promiscuous mode [ 242.549585][ T40] audit: type=1326 audit(1756479533.571:1167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15925 comm="syz.3.4223" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000 [ 242.550134][T15926] bond0: entered promiscuous mode [ 242.559472][ T40] audit: type=1326 audit(1756479533.571:1168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15925 comm="syz.3.4223" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fd4579 code=0x7ffc0000 [ 242.559499][ T40] audit: type=1326 audit(1756479533.571:1169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15925 comm="syz.3.4223" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000 [ 242.559521][ T40] audit: type=1326 audit(1756479533.571:1170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15925 comm="syz.3.4223" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000 [ 242.569348][T15926] bond_slave_0: entered promiscuous mode [ 242.576803][ T40] audit: type=1326 audit(1756479533.571:1171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15925 comm="syz.3.4223" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fd4579 code=0x7ffc0000 [ 242.583031][T15926] bond_slave_1: entered promiscuous mode [ 242.584422][ T40] audit: type=1326 audit(1756479533.581:1172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15925 comm="syz.3.4223" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000 [ 242.594094][T15926] debugfs: 'hsr1' already exists in 'hsr' [ 242.603870][ T40] audit: type=1326 audit(1756479533.581:1173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15925 comm="syz.3.4223" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000 [ 242.606651][T15926] Cannot create hsr debugfs directory [ 242.614693][T15926] hsr1: entered allmulticast mode [ 242.617316][T15926] dummy0: entered allmulticast mode [ 242.618981][T15926] bond0: entered allmulticast mode [ 242.620582][T15926] bond_slave_0: entered allmulticast mode [ 242.625208][T15926] bond_slave_1: entered allmulticast mode [ 242.928930][T15963] overlayfs: failed lookup in lower (newroot/909, name='file1', err=-40): overlapping layers [ 242.997883][T15965] block nbd6: Send control failed (result -32) [ 243.000446][T15965] block nbd6: Request send failed, requeueing [ 243.005322][ T1202] block nbd6: Dead connection, failed to find a fallback [ 243.007872][ T1202] block nbd6: shutting down sockets [ 243.009863][ T1202] blk_print_req_error: 2 callbacks suppressed [ 243.009878][ T1202] I/O error, dev nbd6, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 243.015174][T15965] I/O error, dev nbd6, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 243.018532][T15965] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256 [ 243.021576][T15965] I/O error, dev nbd6, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 243.024463][T15965] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512 [ 243.027883][T15965] I/O error, dev nbd6, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 243.031238][T15965] I/O error, dev nbd6, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 243.034166][T15965] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256 [ 243.037410][T15965] I/O error, dev nbd6, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 243.040456][T15965] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512 [ 243.044244][T15965] I/O error, dev nbd6, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 243.048183][T15965] I/O error, dev nbd6, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 243.051958][T15965] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256 [ 243.055330][T15965] I/O error, dev nbd6, sector 4096 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 243.058859][T15965] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512 [ 243.062456][T15965] UDF-fs: warning (device nbd6): udf_fill_super: No partition found (1) [ 243.413839][T15991] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 243.500389][T16001] netlink: 44 bytes leftover after parsing attributes in process `syz.4.4252'. [ 243.503219][T16001] netlink: 43 bytes leftover after parsing attributes in process `syz.4.4252'. [ 243.506626][T16001] netlink: 'syz.4.4252': attribute type 6 has an invalid length. [ 243.509133][T16001] netlink: 'syz.4.4252': attribute type 5 has an invalid length. [ 244.492558][T16027] dummy0: entered promiscuous mode [ 244.495417][T16027] bond0: entered promiscuous mode [ 244.497293][T16027] bond_slave_0: entered promiscuous mode [ 244.499240][T16027] bond_slave_1: entered promiscuous mode [ 244.501980][T16027] debugfs: 'hsr1' already exists in 'hsr' [ 244.503843][T16027] Cannot create hsr debugfs directory [ 244.505833][T16027] hsr1: entered allmulticast mode [ 244.508481][T16027] dummy0: entered allmulticast mode [ 244.809390][T16042] netlink: zone id is out of range [ 244.811053][T16042] netlink: zone id is out of range [ 244.812730][T16042] netlink: zone id is out of range [ 244.814374][T16042] netlink: zone id is out of range [ 244.816494][T16042] netlink: zone id is out of range [ 244.829052][T16042] netlink: set zone limit has 4 unknown bytes [ 244.837663][T16042] netlink: del zone limit has 4 unknown bytes [ 244.972312][T16052] dummy0: entered promiscuous mode [ 244.975827][T16052] bond0: entered promiscuous mode [ 244.978740][T16052] bond_slave_0: entered promiscuous mode [ 244.981305][T16052] bond_slave_1: entered promiscuous mode [ 244.985133][T16052] debugfs: 'hsr1' already exists in 'hsr' [ 244.987851][T16052] Cannot create hsr debugfs directory [ 244.989816][T16052] hsr1: entered allmulticast mode [ 244.991495][T16052] dummy0: entered allmulticast mode [ 244.993234][T16052] bond0: entered allmulticast mode [ 244.994857][T16052] bond_slave_0: entered allmulticast mode [ 244.998203][T16052] bond_slave_1: entered allmulticast mode [ 245.786665][T16068] kvm: apic: phys broadcast and lowest prio [ 246.225807][ T53] usb 11-1: new high-speed USB device number 11 using dummy_hcd [ 246.375995][ T53] usb 11-1: Using ep0 maxpacket: 8 [ 246.381121][ T53] usb 11-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 246.384669][ T53] usb 11-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 246.388018][ T53] usb 11-1: config 0 interface 0 has no altsetting 0 [ 246.390115][ T53] usb 11-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 246.398584][ T53] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.402864][ T53] usb 11-1: config 0 descriptor?? [ 246.815990][ T53] mcp2221 0003:04D8:00DD.0025: unknown main item tag 0x0 [ 246.819023][ T53] mcp2221 0003:04D8:00DD.0025: unknown main item tag 0x0 [ 246.821971][ T53] mcp2221 0003:04D8:00DD.0025: unknown main item tag 0x0 [ 246.825000][ T53] mcp2221 0003:04D8:00DD.0025: unknown main item tag 0x0 [ 246.828275][ T53] mcp2221 0003:04D8:00DD.0025: unknown main item tag 0x0 [ 246.831856][ T53] mcp2221 0003:04D8:00DD.0025: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.6-1/input0 [ 246.895606][T16113] bridge_slave_0: left allmulticast mode [ 246.897506][T16113] bridge_slave_0: left promiscuous mode [ 246.899373][T16113] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.903918][T16113] bridge_slave_1: left allmulticast mode [ 246.906120][T16113] bridge_slave_1: left promiscuous mode [ 246.908623][T16113] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.916666][T16113] bond0: (slave bond_slave_0): Releasing backup interface [ 246.926360][T16113] bond0: (slave bond_slave_1): Releasing backup interface [ 246.934843][T16113] team0: Port device team_slave_0 removed [ 246.942651][T16113] team0: Port device team_slave_1 removed [ 246.945650][T16113] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 246.949069][T16113] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 246.951882][T16113] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 247.017441][ T54] usb 11-1: USB disconnect, device number 11 [ 247.492016][T16140] ptrace attach of "/syz-executor exec"[8248] was attempted by ""[16140] [ 247.823936][T16175] __nla_validate_parse: 1 callbacks suppressed [ 247.823952][T16175] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.4326'. [ 247.906557][T16182] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.4335'. [ 248.005775][ T6218] usb 11-1: new high-speed USB device number 12 using dummy_hcd [ 248.157533][ T6218] usb 11-1: config index 0 descriptor too short (expected 39, got 27) [ 248.161165][ T6218] usb 11-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 248.165420][ T6218] usb 11-1: config 0 interface 0 has no altsetting 0 [ 248.170330][ T6218] usb 11-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 248.174178][ T6218] usb 11-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 248.177916][ T6218] usb 11-1: Product: syz [ 248.179804][ T6218] usb 11-1: Manufacturer: syz [ 248.181829][ T6218] usb 11-1: SerialNumber: syz [ 248.185931][ T6218] usb 11-1: config 0 descriptor?? [ 248.189628][ T6218] hub 11-1:0.0: bad descriptor, ignoring hub [ 248.192247][ T6218] hub 11-1:0.0: probe with driver hub failed with error -5 [ 248.197740][ T6218] usb 11-1: selecting invalid altsetting 0 [ 248.705802][T16203] bridge_slave_0: left allmulticast mode [ 248.708047][T16203] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.715199][T16203] bridge_slave_1: left allmulticast mode [ 248.717936][T16203] bridge_slave_1: left promiscuous mode [ 248.720570][T16203] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.727440][T16203] bond0: (slave bond_slave_0): Releasing backup interface [ 248.730096][T16203] bond_slave_0: left promiscuous mode [ 248.731988][T16203] bond_slave_0: left allmulticast mode [ 248.738225][T16203] bond0: (slave bond_slave_1): Releasing backup interface [ 248.742228][T16203] bond_slave_1: left promiscuous mode [ 248.744626][T16203] bond_slave_1: left allmulticast mode [ 248.754219][T16203] team0: Port device team_slave_0 removed [ 248.761439][T16203] team0: Port device team_slave_1 removed [ 248.763746][T16203] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 248.798811][T16168] usb 11-1: reset high-speed USB device number 12 using dummy_hcd [ 248.848717][T16214] lo speed is unknown, defaulting to 1000 [ 248.881451][T16218] netlink: 52 bytes leftover after parsing attributes in process `syz.4.4342'. [ 249.168672][T16168] usb 11-1: failed to restore interface 0 altsetting 251 (error=-71) [ 249.172173][ T54] usb 11-1: USB disconnect, device number 12 [ 249.241610][T16243] netlink: 52 bytes leftover after parsing attributes in process `syz.0.4355'. [ 249.882620][T16250] lo speed is unknown, defaulting to 1000 [ 250.204643][T16270] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input60 [ 250.230906][ T5991] Bluetooth: hci2: link tx timeout [ 250.233449][ T6031] libceph: connect (1)[c::]:6789 error -101 [ 250.233721][ T5991] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 250.237988][ T6031] libceph: mon0 (1)[c::]:6789 connect error [ 250.249455][ T6031] libceph: connect (1)[c::]:6789 error -101 [ 250.251396][ T6031] libceph: mon0 (1)[c::]:6789 connect error [ 250.281401][ T53] libceph: connect (1)[b::]:6789 error -101 [ 250.283858][ T53] libceph: mon0 (1)[b::]:6789 connect error [ 250.314703][T16282] lo speed is unknown, defaulting to 1000 [ 250.528099][ T55] libceph: connect (1)[c::]:6789 error -101 [ 250.530629][ T55] libceph: mon0 (1)[c::]:6789 connect error [ 250.547688][ T53] libceph: connect (1)[b::]:6789 error -101 [ 250.549722][ T53] libceph: mon0 (1)[b::]:6789 connect error [ 250.584156][T16291] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.664587][T16291] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.758191][T16291] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.766150][ T6031] usb 9-1: new high-speed USB device number 18 using dummy_hcd [ 250.844994][T16291] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.927746][ T6031] usb 9-1: config index 0 descriptor too short (expected 39, got 27) [ 250.931327][ T6031] usb 9-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 250.933039][ T6436] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 250.935885][ T6031] usb 9-1: config 0 interface 0 has no altsetting 0 [ 250.942903][ T6031] usb 9-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 250.946779][ T6031] usb 9-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 250.948027][ T6436] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 250.950182][ T6031] usb 9-1: Product: syz [ 250.952804][ T6436] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 250.954363][ T6031] usb 9-1: Manufacturer: syz [ 250.958859][ T6031] usb 9-1: SerialNumber: syz [ 250.966333][ T6447] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 250.967062][ T6031] usb 9-1: config 0 descriptor?? [ 250.972968][ T6031] hub 9-1:0.0: bad descriptor, ignoring hub [ 250.975465][ T6031] hub 9-1:0.0: probe with driver hub failed with error -5 [ 250.980945][ T6031] usb 9-1: selecting invalid altsetting 0 [ 251.036487][ T6031] libceph: connect (1)[c::]:6789 error -101 [ 251.039085][ T6031] libceph: mon0 (1)[c::]:6789 connect error [ 251.048504][T16274] ceph: No mds server is up or the cluster is laggy [ 251.048548][T16278] ceph: No mds server is up or the cluster is laggy [ 251.070004][ T53] libceph: connect (1)[b::]:6789 error -101 [ 251.075392][ T53] libceph: mon0 (1)[b::]:6789 connect error [ 251.135079][T16300] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4377'. [ 251.187134][T16304] lo speed is unknown, defaulting to 1000 [ 251.298589][T16302] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4378'. [ 251.303639][T16302] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4378'. [ 251.308358][T16309] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input61 [ 251.340723][ T5987] Bluetooth: hci2: link tx timeout [ 251.343509][ T5987] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 251.875916][T16289] usb 9-1: reset high-speed USB device number 18 using dummy_hcd [ 252.252452][T16289] usb 9-1: failed to restore interface 0 altsetting 251 (error=-71) [ 252.256937][ T10] usb 9-1: USB disconnect, device number 18 [ 252.295818][ T5982] Bluetooth: hci2: command 0x0405 tx timeout [ 253.085883][ T5982] Bluetooth: hci4: command 0x1003 tx timeout [ 253.085909][ T5991] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 253.086188][T16348] pim6reg: entered allmulticast mode [ 253.105489][T16348] pim6reg: left allmulticast mode [ 253.159198][T16354] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4400'. [ 253.461132][T16368] netlink: 83 bytes leftover after parsing attributes in process `syz.6.4407'. [ 253.526314][ T6061] usb 9-1: new high-speed USB device number 19 using dummy_hcd [ 253.526687][ T34] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 253.675784][ T6061] usb 9-1: Using ep0 maxpacket: 16 [ 253.677912][ T34] usb 5-1: config index 0 descriptor too short (expected 39, got 27) [ 253.680410][ T34] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 253.683376][ T34] usb 5-1: config 0 interface 0 has no altsetting 0 [ 253.686282][ T6061] usb 9-1: config 0 has no interfaces? [ 253.687487][ T34] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 253.690729][ T6061] usb 9-1: New USB device found, idVendor=0458, idProduct=704a, bcdDevice=3a.55 [ 253.691395][ T34] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 253.695164][ T6061] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.698044][ T34] usb 5-1: Product: syz [ 253.700424][ T6061] usb 9-1: Product: syz [ 253.701701][ T34] usb 5-1: Manufacturer: syz [ 253.703113][ T6061] usb 9-1: Manufacturer: syz [ 253.704789][ T34] usb 5-1: SerialNumber: syz [ 253.707456][ T34] usb 5-1: config 0 descriptor?? [ 253.710935][ T6061] usb 9-1: SerialNumber: syz [ 253.713327][ T34] hub 5-1:0.0: bad descriptor, ignoring hub [ 253.713736][ T6061] usb 9-1: config 0 descriptor?? [ 253.715392][ T34] hub 5-1:0.0: probe with driver hub failed with error -5 [ 253.721634][ T34] usb 5-1: selecting invalid altsetting 0 [ 253.971820][ T34] usb 9-1: USB disconnect, device number 19 [ 254.010354][T16382] netlink: 48 bytes leftover after parsing attributes in process `syz.6.4412'. [ 254.325822][T16361] usb 5-1: reset high-speed USB device number 22 using dummy_hcd [ 254.511316][T16391] netlink: 83 bytes leftover after parsing attributes in process `syz.4.4416'. [ 254.694008][T16361] usb 5-1: failed to restore interface 0 altsetting 251 (error=-71) [ 254.698168][ T6218] usb 5-1: USB disconnect, device number 22 [ 254.791213][T16420] Set syz1 is full, maxelem 65536 reached [ 255.035938][ T5989] usb 9-1: new low-speed USB device number 20 using dummy_hcd [ 255.197030][ T5989] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 255.200064][ T5989] usb 9-1: config 0 has no interfaces? [ 255.202460][ T5989] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 255.205591][ T5989] usb 9-1: config 0 has no interfaces? [ 255.208170][ T5989] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 255.211271][ T5989] usb 9-1: config 0 has no interfaces? [ 255.215145][ T5989] usb 9-1: string descriptor 0 read error: -22 [ 255.217220][ T5989] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 255.219927][ T5989] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 255.223932][ T5989] usb 9-1: config 0 descriptor?? [ 255.249385][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.251453][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.440666][ T6218] usb 9-1: USB disconnect, device number 20 [ 255.466815][T16429] netlink: 164 bytes leftover after parsing attributes in process `syz.0.4431'. [ 255.537099][T16432] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 255.541412][T16432] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.628292][T16432] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 255.632463][T16432] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.691759][T16432] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 255.696285][T16432] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.757394][T16432] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 255.761185][T16432] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.848268][ T6432] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 255.851626][ T6432] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.862615][ T6432] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 255.866486][ T6432] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.881579][ T6432] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 255.884964][ T6432] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.895184][ T1140] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 255.898356][ T1140] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.675842][ T6218] usb 11-1: new full-speed USB device number 13 using dummy_hcd [ 256.833435][ T6218] usb 11-1: unable to get BOS descriptor or descriptor too short [ 256.838078][ T6218] usb 11-1: unable to read config index 0 descriptor/start: -71 [ 256.840475][ T6218] usb 11-1: can't read configurations, error -71 [ 257.310432][T16477] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4450'. [ 257.459701][T16486] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 257.465226][T16486] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.581626][T16486] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 257.586085][T16486] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.699284][T16486] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 257.704539][T16486] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.776952][T16486] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 257.780254][T16486] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.806571][T16501] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4459'. [ 257.810153][T16501] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4459'. [ 257.888862][ T6438] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 257.892293][ T6438] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 257.901349][ T6436] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 257.903912][ T6436] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 257.912746][ T6421] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 257.915476][ T6421] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 257.927558][ T6436] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 257.930439][ T6436] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.695841][ T54] usb 5-1: new low-speed USB device number 23 using dummy_hcd [ 258.857485][ T54] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 258.861670][ T54] usb 5-1: config 0 has no interfaces? [ 258.865106][ T54] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 258.869578][ T54] usb 5-1: config 0 has no interfaces? [ 258.873460][ T54] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 258.877114][ T54] usb 5-1: config 0 has no interfaces? [ 258.880918][ T54] usb 5-1: string descriptor 0 read error: -22 [ 258.882839][ T54] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 258.885817][ T54] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 258.892772][ T54] usb 5-1: config 0 descriptor?? [ 259.126394][ T6218] usb 5-1: USB disconnect, device number 23 [ 260.930727][T16535] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 260.934774][T16535] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.042865][T16535] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 261.046472][T16535] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.170097][T16535] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 261.173337][T16535] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.255851][ T6218] usb 11-1: new high-speed USB device number 15 using dummy_hcd [ 261.302495][T16535] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 261.306045][T16535] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.429069][ T6436] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 261.431592][ T6436] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.435835][ T6218] usb 11-1: Using ep0 maxpacket: 8 [ 261.437493][ T6436] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 261.438938][ T6218] usb 11-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 261.440160][ T6436] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.443690][ T6218] usb 11-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 261.449647][ T6218] usb 11-1: config 0 interface 0 has no altsetting 0 [ 261.451839][ T6218] usb 11-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 261.452654][ T6436] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 261.455190][ T6218] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.457896][ T6436] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.462082][ T6218] usb 11-1: config 0 descriptor?? [ 261.485245][ T6436] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 261.489252][ T6436] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.499492][T16589] syzkaller1: entered promiscuous mode [ 261.501751][T16589] syzkaller1: entered allmulticast mode [ 261.574346][T16592] binder: 16590:16592 ioctl c0185649 0 returned -22 [ 261.875998][ T6218] mcp2221 0003:04D8:00DD.0026: unknown main item tag 0x0 [ 261.878284][ T6218] mcp2221 0003:04D8:00DD.0026: unknown main item tag 0x0 [ 261.880586][ T6218] mcp2221 0003:04D8:00DD.0026: unknown main item tag 0x0 [ 261.882848][ T6218] mcp2221 0003:04D8:00DD.0026: unknown main item tag 0x0 [ 261.885612][ T6218] mcp2221 0003:04D8:00DD.0026: unknown main item tag 0x0 [ 261.888344][ T6218] mcp2221 0003:04D8:00DD.0026: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.6-1/input0 [ 262.077029][ T9924] usb 11-1: USB disconnect, device number 15 [ 262.455572][T16610] netlink: 'syz.0.4508': attribute type 10 has an invalid length. [ 262.459595][T16610] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4508'. [ 262.487185][T16615] input: syz1 as /devices/virtual/input/input62 [ 262.573043][T16624] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4515'. [ 262.575882][T16624] bridge: RTM_NEWNEIGH with invalid ether address [ 262.860202][T16638] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 262.862773][T16638] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 262.920204][T16645] input: syz0 as /devices/virtual/input/input63 [ 263.039093][T16652] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.118119][T16652] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.161330][T16652] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.205852][ T55] usb 9-1: new high-speed USB device number 21 using dummy_hcd [ 263.232385][T16652] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.300203][ T6438] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.307836][ T6438] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.314395][ T6438] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.323069][ T6438] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.375891][ T55] usb 9-1: Using ep0 maxpacket: 8 [ 263.380675][ T55] usb 9-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 263.383827][ T55] usb 9-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 263.386677][ T55] usb 9-1: config 0 interface 0 has no altsetting 0 [ 263.388527][ T55] usb 9-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 263.391044][ T55] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.394409][ T55] usb 9-1: config 0 descriptor?? [ 263.808431][ T55] mcp2221 0003:04D8:00DD.0027: unknown main item tag 0x0 [ 263.810463][ T55] mcp2221 0003:04D8:00DD.0027: unknown main item tag 0x0 [ 263.812442][ T55] mcp2221 0003:04D8:00DD.0027: unknown main item tag 0x0 [ 263.814405][ T55] mcp2221 0003:04D8:00DD.0027: unknown main item tag 0x0 [ 263.816526][ T55] mcp2221 0003:04D8:00DD.0027: unknown main item tag 0x0 [ 263.818815][ T55] mcp2221 0003:04D8:00DD.0027: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0 [ 264.005447][ T9924] usb 9-1: USB disconnect, device number 21 [ 264.846383][ T5982] Bluetooth: hci2: command 0x0405 tx timeout [ 264.851159][ T34] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 264.853056][ T34] Bluetooth: hci2: Error when powering off device on rfkill (-110) [ 265.048450][T16693] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 266.251240][T16733] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4566'. [ 267.118362][T16739] hsr0: entered allmulticast mode [ 267.119976][T16739] hsr_slave_0: entered allmulticast mode [ 267.121686][T16739] hsr_slave_1: entered allmulticast mode [ 267.124711][T16739] hsr_slave_0: left promiscuous mode [ 267.127461][T16739] hsr_slave_1: left promiscuous mode [ 267.140228][T16739] hsr0 (unregistering): left allmulticast mode [ 267.451244][T16763] hsr0: entered allmulticast mode [ 267.452901][T16763] hsr_slave_0: entered allmulticast mode [ 267.454902][T16763] hsr_slave_1: entered allmulticast mode [ 267.460998][T16763] hsr_slave_0: left promiscuous mode [ 267.463381][T16763] hsr_slave_1: left promiscuous mode [ 267.476711][T16763] hsr0 (unregistering): left allmulticast mode [ 269.005374][ T6061] syz1: Port: 1 Link DOWN [ 269.005951][ T6432] netdevsim netdevsim0 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 269.009488][ T6432] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 269.012144][ T6432] netdevsim netdevsim0 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 269.015071][ T6432] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 269.020130][ T6432] netdevsim netdevsim0 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 269.022878][ T6432] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 269.025619][ T6432] netdevsim netdevsim0 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 269.028500][ T6432] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 269.584292][T16840] netlink: 24 bytes leftover after parsing attributes in process `syz.6.4612'. [ 269.979270][T16850] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4616'. [ 269.982144][T16850] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4616'. [ 270.431300][T16871] loop3: detected capacity change from 0 to 7 [ 270.434034][T16871] Dev loop3: unable to read RDB block 7 [ 270.435934][T16871] loop3: unable to read partition table [ 270.437882][T16871] loop3: partition table beyond EOD, truncated [ 270.439941][T16871] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 270.530582][T16875] overlayfs: invalid origin (00000000d1d3e81a820eee8a94416592a5356da96db48150eae08457fbc30ece5e7e7e318cb2b4b2f8bddb73e65c239a40942f00000000000000000000000000) [ 280.311223][ T5991] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 280.317516][ T5991] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 280.323198][ T5991] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 280.327150][ T5991] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 280.330955][ T5991] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 280.346779][ T5982] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 280.352527][ T5982] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 280.355337][ T5982] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 280.364412][ T5982] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 280.367486][ T5982] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 280.393833][T16878] lo speed is unknown, defaulting to 1000 [ 280.491097][T16878] chnl_net:caif_netlink_parms(): no params data found [ 280.572635][T16878] bridge0: port 1(bridge_slave_0) entered blocking state [ 280.575174][T16878] bridge0: port 1(bridge_slave_0) entered disabled state [ 280.577944][T16878] bridge_slave_0: entered allmulticast mode [ 280.580616][T16878] bridge_slave_0: entered promiscuous mode [ 280.585412][T16878] bridge0: port 2(bridge_slave_1) entered blocking state [ 280.588351][T16878] bridge0: port 2(bridge_slave_1) entered disabled state [ 280.590689][T16878] bridge_slave_1: entered allmulticast mode [ 280.593309][T16878] bridge_slave_1: entered promiscuous mode [ 280.632893][T16890] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4628'. [ 280.638869][T16878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 280.646776][T16878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 280.714352][T16878] team0: Port device team_slave_0 added [ 280.721436][T16878] team0: Port device team_slave_1 added [ 280.760296][T16878] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 280.762575][T16878] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 280.771434][T16878] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 280.775622][T16878] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 280.778075][T16878] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 280.786547][T16878] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 280.822683][T16878] hsr_slave_0: entered promiscuous mode [ 280.824939][T16878] hsr_slave_1: entered promiscuous mode [ 280.827290][T16878] debugfs: 'hsr0' already exists in 'hsr' [ 280.829106][T16878] Cannot create hsr debugfs directory [ 280.939178][T16878] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 280.943408][T16878] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 280.947763][T16878] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 280.951973][T16878] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 280.968435][T16878] bridge0: port 2(bridge_slave_1) entered blocking state [ 280.970678][T16878] bridge0: port 2(bridge_slave_1) entered forwarding state [ 280.973017][T16878] bridge0: port 1(bridge_slave_0) entered blocking state [ 280.975229][T16878] bridge0: port 1(bridge_slave_0) entered forwarding state [ 281.001912][T16878] 8021q: adding VLAN 0 to HW filter on device bond0 [ 281.012238][ T6421] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.015719][ T6421] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.028888][T16878] 8021q: adding VLAN 0 to HW filter on device team0 [ 281.037054][ T6438] bridge0: port 1(bridge_slave_0) entered blocking state [ 281.039303][ T6438] bridge0: port 1(bridge_slave_0) entered forwarding state [ 281.044819][ T6436] bridge0: port 2(bridge_slave_1) entered blocking state [ 281.047187][ T6436] bridge0: port 2(bridge_slave_1) entered forwarding state [ 281.156214][T16878] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 281.293171][T16878] veth0_vlan: entered promiscuous mode [ 281.298586][T16878] veth1_vlan: entered promiscuous mode [ 281.314384][T16878] veth0_macvtap: entered promiscuous mode [ 281.319941][T16878] veth1_macvtap: entered promiscuous mode [ 281.329258][T16878] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 281.336371][T16878] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 281.342404][ T6447] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.348185][ T6447] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.352717][ T6447] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.357150][ T6447] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.392536][ T6447] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 281.396312][ T6447] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 281.410525][ T6447] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 281.413159][ T6447] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 282.455878][ T5982] Bluetooth: hci1: command tx timeout [ 282.535458][T16974] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.540139][T16974] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.554023][T16978] netlink: 'syz.0.4662': attribute type 4 has an invalid length. [ 282.605545][T16981] netlink: 'syz.0.4662': attribute type 4 has an invalid length. [ 282.648148][T16974] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 282.662818][T16974] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 282.744672][T16974] team0: left allmulticast mode [ 282.746832][T16974] team_slave_0: left allmulticast mode [ 282.748838][T16974] team_slave_1: left allmulticast mode [ 282.750928][T16974] team0: left promiscuous mode [ 282.752592][T16974] team_slave_0: left promiscuous mode [ 282.754634][T16974] team_slave_1: left promiscuous mode [ 282.763988][T16974] batman_adv: batadv0: Interface deactivated: macvlan2 [ 282.780246][ T6421] netdevsim netdevsim4 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 282.782927][ T6421] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.785980][ T6421] netdevsim netdevsim4 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 282.788959][ T6421] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.792098][ T6421] netdevsim netdevsim4 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 282.794818][ T6421] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.801787][ T6421] netdevsim netdevsim4 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 282.804513][ T6421] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.896506][ T6018] usb 11-1: new high-speed USB device number 16 using dummy_hcd [ 282.928361][T17008] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4668'. [ 282.958224][T17010] veth0_to_bridge: entered promiscuous mode [ 282.962481][T17009] veth0_to_bridge: left promiscuous mode [ 283.068183][ T6018] usb 11-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 283.072759][ T6018] usb 11-1: config 0 interface 0 has no altsetting 0 [ 283.077665][ T6018] usb 11-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 283.080960][ T6018] usb 11-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 283.083653][ T6018] usb 11-1: Product: syz [ 283.085032][ T6018] usb 11-1: Manufacturer: syz [ 283.086918][ T6018] usb 11-1: SerialNumber: syz [ 283.090320][ T6018] usb 11-1: config 0 descriptor?? [ 283.098927][ T6018] usb 11-1: selecting invalid altsetting 0 [ 283.297533][ T29] usb 11-1: USB disconnect, device number 16 [ 283.731787][T17023] netlink: 'syz.4.4673': attribute type 4 has an invalid length. [ 283.734462][T17023] netlink: 'syz.4.4673': attribute type 4 has an invalid length. [ 283.769036][T17024] bridge0: port 2(bridge_slave_1) entered disabled state [ 283.771709][T17024] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.828415][T17030] Bluetooth: hci0: invalid len left 7, exp >= 175 [ 283.841456][T17024] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 283.852348][T17024] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 283.951814][ T6447] netdevsim netdevsim7 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.955900][ T6447] netdevsim netdevsim7 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.959667][ T6447] netdevsim netdevsim7 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.963341][ T6447] netdevsim netdevsim7 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.967510][ T5989] lo speed is unknown, defaulting to 1000 [ 283.969926][ T5989] syz0: Port: 1 Link ACTIVE [ 284.078653][T17038] random: crng reseeded on system resumption [ 284.193197][T17058] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4687'. [ 284.525753][ T5982] Bluetooth: hci1: command tx timeout [ 284.558900][T17075] loop7: detected capacity change from 0 to 7 [ 284.561468][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 284.565211][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 284.568507][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 284.571284][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 284.573889][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 284.576797][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 284.582789][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 284.585948][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 284.588763][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 284.592316][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 284.595332][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 284.598333][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 284.601199][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 284.604245][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 284.606845][T17020] ldm_validate_partition_table(): Disk read failed. [ 284.609775][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 284.613365][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 284.617971][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 284.620876][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 284.675891][T17078] support for the xor transformation has been removed. [ 284.680858][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 284.683773][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 284.686727][T17020] Dev loop7: unable to read RDB block 0 [ 284.688870][T17020] loop7: unable to read partition table [ 284.690794][T17020] loop7: partition table beyond EOD, truncated [ 284.694115][T17075] ldm_validate_partition_table(): Disk read failed. [ 284.697736][T17075] Dev loop7: unable to read RDB block 0 [ 284.700076][T17075] loop7: unable to read partition table [ 284.702032][T17075] loop7: partition table beyond EOD, truncated [ 284.704180][T17075] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 284.795705][T17083] netlink: 'syz.6.4700': attribute type 4 has an invalid length. [ 284.807935][T17083] netlink: 'syz.6.4700': attribute type 4 has an invalid length. [ 285.045799][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 285.048954][ T40] kauditd_printk_skb: 19 callbacks suppressed [ 285.048964][ T40] audit: type=1326 audit(1756479576.091:1193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.7.4706" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e598 code=0x7ffc0000 [ 285.062563][ T40] audit: type=1326 audit(1756479576.091:1194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.7.4706" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e598 code=0x7ffc0000 [ 285.070804][ T40] audit: type=1326 audit(1756479576.091:1195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.7.4706" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e598 code=0x7ffc0000 [ 285.075968][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 285.077770][ T40] audit: type=1326 audit(1756479576.091:1196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.7.4706" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e598 code=0x7ffc0000 [ 285.088655][ T40] audit: type=1326 audit(1756479576.091:1197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.7.4706" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e598 code=0x7ffc0000 [ 285.095642][ T40] audit: type=1326 audit(1756479576.091:1198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.7.4706" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e598 code=0x7ffc0000 [ 285.095960][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 285.113441][ T40] audit: type=1326 audit(1756479576.091:1199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.7.4706" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e598 code=0x7ffc0000 [ 285.120624][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 285.124325][ T40] audit: type=1326 audit(1756479576.091:1200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.7.4706" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e598 code=0x7ffc0000 [ 285.136693][ T40] audit: type=1326 audit(1756479576.091:1201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.7.4706" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e598 code=0x7ffc0000 [ 285.143675][ T40] audit: type=1326 audit(1756479576.091:1202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.7.4706" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e598 code=0x7ffc0000 [ 285.150582][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 285.192028][T17113] netlink: 'syz.7.4711': attribute type 4 has an invalid length. [ 285.198177][T17113] netlink: 'syz.7.4711': attribute type 4 has an invalid length. [ 285.266137][ T24] usb 11-1: new high-speed USB device number 17 using dummy_hcd [ 285.435778][ T24] usb 11-1: Using ep0 maxpacket: 16 [ 285.439020][ T24] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 285.444383][ T24] usb 11-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 285.447964][ T24] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 285.450765][ T24] usb 11-1: Product: syz [ 285.452194][ T24] usb 11-1: Manufacturer: syz [ 285.453799][ T24] usb 11-1: SerialNumber: syz [ 285.457773][ T24] usb 11-1: config 0 descriptor?? [ 285.460602][ T24] hub 11-1:0.0: bad descriptor, ignoring hub [ 285.462487][ T24] hub 11-1:0.0: probe with driver hub failed with error -5 [ 285.468451][ T24] input: syz syz as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/input/input64 [ 285.667529][ T0] NOHZ tick-stop error: local softirq work is pending, handler #41!!! [ 285.936136][ T34] usb 11-1: USB disconnect, device number 17 [ 286.226488][T17137] random: crng reseeded on system resumption [ 286.605855][ T5982] Bluetooth: hci1: command tx timeout [ 286.756150][T17180] bridge0: port 3(syz_tun) entered disabled state [ 286.762722][T17180] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.765718][T17180] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.852350][T17180] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 286.863336][T17180] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 286.951024][ T6432] netdevsim netdevsim6 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 286.956047][ T6432] netdevsim netdevsim6 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 286.959226][ T6432] netdevsim netdevsim6 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 286.961953][ T6432] netdevsim netdevsim6 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.063653][T17198] mkiss: ax0: crc mode is auto. [ 287.278273][T17215] "syz.0.4748" (17215) uses obsolete ecb(arc4) skcipher [ 287.387004][T17230] netfs: Couldn't get user pages (rc=-14) [ 287.472314][T17249] "syz.6.4760" (17249) uses obsolete ecb(arc4) skcipher [ 287.599107][T17271] "syz.4.4771" (17271) uses obsolete ecb(arc4) skcipher [ 287.654564][T17276] mkiss: ax0: crc mode is auto. [ 287.727362][T17290] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4778'. [ 287.759426][T17290] vlan2: entered allmulticast mode [ 287.761201][T17290] hsr0: entered allmulticast mode [ 287.762814][T17290] hsr_slave_0: entered allmulticast mode [ 287.764682][T17290] hsr_slave_1: entered allmulticast mode [ 287.789001][T17298] tls_set_device_offload: netdev not found [ 287.800903][T17300] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4782'. [ 287.830322][T17308] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4785'. [ 287.901843][T17317] mkiss: ax0: crc mode is auto. [ 288.208360][T17353] netlink: 60 bytes leftover after parsing attributes in process `syz.7.4798'. [ 288.675115][T17368] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4804'. [ 288.696029][ T5982] Bluetooth: hci1: command tx timeout [ 288.769379][T17368] bridge_slave_0 (unregistering): left allmulticast mode [ 288.771545][T17368] bridge_slave_0 (unregistering): left promiscuous mode [ 288.773725][T17368] bridge0: port 1(bridge_slave_0) entered disabled state [ 288.779615][T17370] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4805'. [ 289.198527][T17398] serio: Serial port ptm0 [ 289.994060][T17439] netlink: 'syz.4.4835': attribute type 1 has an invalid length. [ 289.997322][T17439] netlink: 'syz.4.4835': attribute type 2 has an invalid length. [ 290.000433][T17439] netlink: 244 bytes leftover after parsing attributes in process `syz.4.4835'. [ 290.004110][T17439] netlink: 'syz.4.4835': attribute type 1 has an invalid length. [ 290.007295][T17439] netlink: 'syz.4.4835': attribute type 2 has an invalid length. [ 290.010445][T17439] netlink: 244 bytes leftover after parsing attributes in process `syz.4.4835'. [ 290.141919][T17443] netlink: 156 bytes leftover after parsing attributes in process `syz.7.4837'. [ 290.503633][T17471] Bluetooth: hci0: unsupported parameter 542 [ 290.505961][T17471] Bluetooth: hci0: unsupported parameter 32768 [ 290.508055][T17471] Bluetooth: hci0: unsupported parameter 542 [ 290.510080][T17471] Bluetooth: hci0: unsupported parameter 32768 [ 290.632694][T17483] netlink: 'syz.7.4854': attribute type 30 has an invalid length. [ 290.898618][T17505] loop2: detected capacity change from 0 to 7 [ 290.904635][T17464] Dev loop2: unable to read RDB block 7 [ 290.906858][T17464] loop2: AHDI p1 p2 p3 [ 290.908766][T17464] loop2: partition table partially beyond EOD, truncated [ 290.911919][T17464] loop2: p1 start 1601398130 is beyond EOD, truncated [ 290.914052][T17464] loop2: p2 start 1702059890 is beyond EOD, truncated [ 290.918048][T17505] Dev loop2: unable to read RDB block 7 [ 290.919849][T17505] loop2: AHDI p1 p2 p3 [ 290.921194][T17505] loop2: partition table partially beyond EOD, truncated [ 290.923635][T17505] loop2: p1 start 1601398130 is beyond EOD, truncated [ 290.927708][T17505] loop2: p2 start 1702059890 is beyond EOD, truncated [ 291.045854][ T6044] usb 12-1: new high-speed USB device number 2 using dummy_hcd [ 291.049287][T17514] block nbd6: shutting down sockets [ 291.197099][ T6044] usb 12-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 291.200859][ T6044] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 291.200877][ T6044] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 291.200891][ T6044] usb 12-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 291.200914][ T6044] usb 12-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 291.216121][ T6044] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.220290][ T6044] usb 12-1: config 0 descriptor?? [ 291.222320][T17496] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 291.277024][T17531] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 291.632810][ T6044] plantronics 0003:047F:FFFF.0028: reserved main item tag 0xd [ 291.645969][ T6044] plantronics 0003:047F:FFFF.0028: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0 [ 291.897094][ T6044] usb 12-1: USB disconnect, device number 2 [ 293.596137][T17181] usb 12-1: new high-speed USB device number 3 using dummy_hcd [ 293.747246][T17181] usb 12-1: Using ep0 maxpacket: 16 [ 293.758817][T17181] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 293.769046][T17181] usb 12-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 293.773278][T17181] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.777186][T17181] usb 12-1: Product: syz [ 293.779113][T17181] usb 12-1: Manufacturer: syz [ 293.781211][T17181] usb 12-1: SerialNumber: syz [ 293.786732][T17181] usb 12-1: config 0 descriptor?? [ 293.790866][T17181] hub 12-1:0.0: bad descriptor, ignoring hub [ 293.793593][T17181] hub 12-1:0.0: probe with driver hub failed with error -5 [ 293.801478][T17181] input: syz syz as /devices/platform/dummy_hcd.7/usb12/12-1/12-1:0.0/input/input66 [ 294.865948][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 295.425900][ T40] kauditd_printk_skb: 136 callbacks suppressed [ 295.425917][ T40] audit: type=1326 audit(1756479586.461:1339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17742 comm="syz.4.4971" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 295.444523][ T40] audit: type=1326 audit(1756479586.461:1340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17742 comm="syz.4.4971" exe="/syz-executor" sig=0 arch=40000003 syscall=432 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 295.454516][ T40] audit: type=1326 audit(1756479586.461:1341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17742 comm="syz.4.4971" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 295.467556][ T40] audit: type=1326 audit(1756479586.461:1342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17742 comm="syz.4.4971" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 295.476065][ T40] audit: type=1326 audit(1756479586.461:1343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17742 comm="syz.4.4971" exe="/syz-executor" sig=0 arch=40000003 syscall=304 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 295.488132][ T40] audit: type=1326 audit(1756479586.461:1344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17742 comm="syz.4.4971" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 295.496658][ T40] audit: type=1326 audit(1756479586.461:1345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17742 comm="syz.4.4971" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 295.503809][ T40] audit: type=1326 audit(1756479586.461:1346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17742 comm="syz.4.4971" exe="/syz-executor" sig=0 arch=40000003 syscall=305 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 295.511328][ T40] audit: type=1326 audit(1756479586.461:1347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17742 comm="syz.4.4971" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 295.520976][ T40] audit: type=1326 audit(1756479586.461:1348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17742 comm="syz.4.4971" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 295.600038][ T5373] usb 12-1: reset high-speed USB device number 3 using dummy_hcd [ 295.607631][ T5373] usb 12-1: device reset changed ep0 maxpacket size! [ 295.612458][ T34] usb 12-1: USB disconnect, device number 3 [ 295.765863][ T34] usb 12-1: new high-speed USB device number 4 using dummy_hcd [ 295.928939][ T34] usb 12-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 295.932900][ T34] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 295.937116][ T34] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 295.940477][ T34] usb 12-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 295.948035][ T34] usb 12-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 295.951909][ T34] usb 12-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 295.954655][ T34] usb 12-1: Manufacturer: syz [ 295.959243][ T34] usb 12-1: config 0 descriptor?? [ 296.007139][T17759] syzkaller1: entered promiscuous mode [ 296.009527][T17759] syzkaller1: entered allmulticast mode [ 296.338063][T17771] binder: 17770:17771 ioctl c0306201 800003c0 returned -14 [ 296.370326][ T34] appleir 0003:05AC:8243.0029: unknown main item tag 0x0 [ 296.377539][ T34] appleir 0003:05AC:8243.0029: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.7-1/input0 [ 296.624056][T17787] kernel read not supported for file /eth0 (pid: 17787 comm: syz.6.4991) [ 296.628947][ T34] usb 12-1: USB disconnect, device number 4 [ 296.745924][ T54] usb 9-1: new high-speed USB device number 22 using dummy_hcd [ 296.897449][ T54] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 296.900947][ T54] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 296.903991][ T54] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 296.909120][ T54] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 296.912571][ T54] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 296.924142][ T54] usb 9-1: config 0 descriptor?? [ 297.306951][T17808] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 297.341636][ T54] plantronics 0003:047F:FFFF.002A: unknown main item tag 0x0 [ 297.344102][ T54] plantronics 0003:047F:FFFF.002A: unknown main item tag 0x0 [ 297.346572][ T54] plantronics 0003:047F:FFFF.002A: unknown main item tag 0x0 [ 297.348891][ T54] plantronics 0003:047F:FFFF.002A: unknown main item tag 0x0 [ 297.351246][ T54] plantronics 0003:047F:FFFF.002A: unknown main item tag 0x0 [ 297.353536][ T54] plantronics 0003:047F:FFFF.002A: unknown main item tag 0x0 [ 297.356864][ T54] plantronics 0003:047F:FFFF.002A: unknown main item tag 0x0 [ 297.359247][ T54] plantronics 0003:047F:FFFF.002A: unknown main item tag 0x0 [ 297.361626][ T54] plantronics 0003:047F:FFFF.002A: unknown main item tag 0x0 [ 297.369490][ T54] plantronics 0003:047F:FFFF.002A: hiddev0,hidraw1: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 297.599024][ T6018] usb 9-1: USB disconnect, device number 22 [ 297.828012][T17823] kvm: vcpu 512: requested lapic timer restore with starting count register 0x390=1814518830 (232258410240 ns) > initial count (2458284544 ns). Using initial count to start timer. [ 299.050560][T17890] netlink: 'syz.7.5034': attribute type 10 has an invalid length. [ 299.053155][T17890] netlink: 40 bytes leftover after parsing attributes in process `syz.7.5034'. [ 299.057438][T17890] dummy0: entered promiscuous mode [ 299.064415][T17890] bridge0: port 1(dummy0) entered blocking state [ 299.067154][T17890] bridge0: port 1(dummy0) entered disabled state [ 299.070181][T17890] dummy0: entered allmulticast mode [ 299.552814][T17942] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5056'. [ 299.678785][T17967] overlayfs: failed to set uuid (572/file0, err=-1); falling back to uuid=null. [ 299.682459][T17967] overlayfs: failed to verify upper root origin [ 300.333362][T18014] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(3) [ 300.335482][T18014] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 300.338019][T18014] vhci_hcd vhci_hcd.0: Device attached [ 300.458109][T18020] netlink: 'syz.4.5089': attribute type 10 has an invalid length. [ 300.483175][T18020] bond0 (unregistering): left promiscuous mode [ 300.485303][T18020] bond_slave_0: left promiscuous mode [ 300.487584][T18020] bond_slave_1: left promiscuous mode [ 300.490190][T18020] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 300.493158][T18020] bond_slave_0: left allmulticast mode [ 300.496618][T18020] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 300.499805][T18020] bond_slave_1: left allmulticast mode [ 300.501808][T18020] bond0 (unregistering): Released all slaves [ 300.517289][T18022] netlink: 96 bytes leftover after parsing attributes in process `syz.0.5090'. [ 300.595951][ T10] usb 12-1: new high-speed USB device number 5 using dummy_hcd [ 300.598709][ T6018] usb 51-1: new low-speed USB device number 2 using vhci_hcd [ 300.765881][ T10] usb 12-1: Using ep0 maxpacket: 16 [ 300.769530][ T10] usb 12-1: config 0 has no interfaces? [ 300.772419][ T10] usb 12-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 300.775589][ T10] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.780189][ T10] usb 12-1: config 0 descriptor?? [ 300.916865][ T6044] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 300.984759][T18015] usb 51-1: recv xbuf, 0 [ 300.988426][T17183] usb 12-1: USB disconnect, device number 5 [ 300.988703][ T6432] vhci_hcd: stop threads [ 300.992297][ T6432] vhci_hcd: release socket [ 300.994877][ T6432] vhci_hcd: disconnect device [ 301.065815][ T6018] vhci_hcd: vhci_device speed not set [ 301.085924][ T6044] usb 5-1: Using ep0 maxpacket: 16 [ 301.089328][ T6044] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 301.095248][ T6044] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 301.098925][ T6044] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 301.101985][ T6044] usb 5-1: Product: syz [ 301.103372][ T6044] usb 5-1: Manufacturer: syz [ 301.104868][ T6044] usb 5-1: SerialNumber: syz [ 301.109540][ T6044] usb 5-1: config 0 descriptor?? [ 301.113850][ T6044] hub 5-1:0.0: bad descriptor, ignoring hub [ 301.116587][ T6044] hub 5-1:0.0: probe with driver hub failed with error -5 [ 301.120804][ T6044] input: syz syz as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input67 [ 301.517522][T17183] usb 5-1: USB disconnect, device number 24 [ 301.553199][T18048] netlink: 'syz.4.5110': attribute type 30 has an invalid length. [ 301.698495][T18064] netlink: 60 bytes leftover after parsing attributes in process `syz.6.5108'. [ 301.808522][T18074] loop2: detected capacity change from 0 to 7 [ 301.811826][T18074] Dev loop2: unable to read RDB block 7 [ 301.814151][T18074] loop2: AHDI p1 p2 p3 [ 301.816069][T18074] loop2: partition table partially beyond EOD, truncated [ 301.818617][T18074] loop2: p1 start 1601398130 is beyond EOD, truncated [ 301.820885][T18074] loop2: p2 start 1702059890 is beyond EOD, truncated [ 301.960549][T18081] serio: Serial port ptm0 [ 302.132059][T18095] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5120'. [ 302.278373][T18101] netfs: Couldn't get user pages (rc=-14) [ 302.342462][T18095] bridge_slave_0 (unregistering): left allmulticast mode [ 302.345072][T18095] bridge_slave_0 (unregistering): left promiscuous mode [ 302.348385][T18095] bridge0: port 1(bridge_slave_0) entered disabled state [ 302.532644][T18109] loop2: detected capacity change from 0 to 7 [ 302.543179][T18109] Dev loop2: unable to read RDB block 7 [ 302.545315][T18109] loop2: AHDI p1 p2 p3 [ 302.549438][T18109] loop2: partition table partially beyond EOD, truncated [ 302.552185][T18109] loop2: p1 start 1601398130 is beyond EOD, truncated [ 302.555031][T18109] loop2: p2 start 1702059890 is beyond EOD, truncated [ 302.970038][ T5984] usb 9-1: new high-speed USB device number 23 using dummy_hcd [ 303.018596][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 303.080708][ T5991] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 303.088309][ T5991] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 303.091784][ T5991] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 303.094817][ T5991] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 303.100381][ T5991] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 303.128808][T18128] lo speed is unknown, defaulting to 1000 [ 303.175905][ T5984] usb 9-1: Using ep0 maxpacket: 16 [ 303.186219][ T5984] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 303.192717][ T5984] usb 9-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 303.195555][ T5984] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.201407][ T5984] usb 9-1: Product: syz [ 303.202745][ T5984] usb 9-1: Manufacturer: syz [ 303.204226][ T5984] usb 9-1: SerialNumber: syz [ 303.209277][ T5984] usb 9-1: config 0 descriptor?? [ 303.213423][ T5984] hub 9-1:0.0: bad descriptor, ignoring hub [ 303.215314][ T5984] hub 9-1:0.0: probe with driver hub failed with error -5 [ 303.228812][ T5984] input: syz syz as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/input/input68 [ 303.267789][T18128] chnl_net:caif_netlink_parms(): no params data found [ 303.336044][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 303.372272][T18076] Set syz1 is full, maxelem 65536 reached [ 303.379610][T18140] loop2: detected capacity change from 0 to 7 [ 303.388411][T17464] Dev loop2: unable to read RDB block 7 [ 303.388668][T18128] bridge0: port 1(bridge_slave_0) entered blocking state [ 303.390775][T17464] loop2: AHDI p1 p2 p3 [ 303.393485][T18128] bridge0: port 1(bridge_slave_0) entered disabled state [ 303.395066][T17464] loop2: partition table partially beyond EOD, [ 303.397843][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 303.399605][T18128] bridge_slave_0: entered allmulticast mode [ 303.400669][T17464] truncated [ 303.403431][T18128] bridge_slave_0: entered promiscuous mode [ 303.405264][T17464] loop2: p1 start 1601398130 is beyond EOD, truncated [ 303.409533][T18128] bridge0: port 2(bridge_slave_1) entered blocking state [ 303.410315][T17464] loop2: p2 start 1702059890 is beyond EOD, truncated [ 303.412609][T18128] bridge0: port 2(bridge_slave_1) entered disabled state [ 303.412696][T18128] bridge_slave_1: entered allmulticast mode [ 303.421015][T18128] bridge_slave_1: entered promiscuous mode [ 303.427941][T18140] Dev loop2: unable to read RDB block 7 [ 303.430393][T18140] loop2: AHDI p1 p2 p3 [ 303.432145][T18140] loop2: partition table partially beyond EOD, truncated [ 303.435434][T18140] loop2: p1 start 1601398130 is beyond EOD, truncated [ 303.442963][T18140] loop2: p2 start 1702059890 is beyond EOD, truncated [ 303.516857][T18128] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 303.523273][T18128] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 303.567368][T18128] team0: Port device team_slave_0 added [ 303.573145][T18128] team0: Port device team_slave_1 added [ 303.617764][T18128] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 303.619984][T18128] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 303.628483][T18128] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 303.637248][T18128] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 303.640301][T18128] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 303.651303][T18128] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 303.715527][T18128] hsr_slave_0: entered promiscuous mode [ 303.718977][T18128] hsr_slave_1: entered promiscuous mode [ 303.721888][T18128] debugfs: 'hsr0' already exists in 'hsr' [ 303.724240][T18128] Cannot create hsr debugfs directory [ 303.850844][T18128] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 303.855498][T18128] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 303.860197][T18128] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 303.864369][T18128] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 303.908359][T18128] 8021q: adding VLAN 0 to HW filter on device bond0 [ 303.926407][T18128] 8021q: adding VLAN 0 to HW filter on device team0 [ 303.936189][ T6447] bridge0: port 1(bridge_slave_0) entered blocking state [ 303.938486][ T6447] bridge0: port 1(bridge_slave_0) entered forwarding state [ 303.947072][ T6421] bridge0: port 2(bridge_slave_1) entered blocking state [ 303.949359][ T6421] bridge0: port 2(bridge_slave_1) entered forwarding state [ 304.087724][T18128] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 304.201248][T18174] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5147'. [ 304.284059][T18128] veth0_vlan: entered promiscuous mode [ 304.294075][T18128] veth1_vlan: entered promiscuous mode [ 304.327002][T18128] veth0_macvtap: entered promiscuous mode [ 304.332415][T18128] veth1_macvtap: entered promiscuous mode [ 304.345623][T18128] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 304.364945][T18128] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 304.371020][ T6436] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 304.373810][ T6436] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 304.379752][ T6436] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 304.382638][ T6436] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 304.431843][ T6432] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 304.434776][ T6432] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 304.451832][ T6436] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 304.454393][ T6436] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 304.831568][T18227] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5169'. [ 304.841510][T18227] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.981476][T18227] bridge_slave_0 (unregistering): left allmulticast mode [ 304.984642][T18227] bridge_slave_0 (unregistering): left promiscuous mode [ 304.987256][T18227] bridge0: port 1(bridge_slave_0) entered disabled state [ 305.074898][T18240] dvmrp0: entered allmulticast mode [ 305.105825][T17183] usb 12-1: new high-speed USB device number 6 using dummy_hcd [ 305.165994][ T5982] Bluetooth: hci0: command tx timeout [ 305.257081][T17183] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 305.261340][T17183] usb 12-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 305.264571][T17183] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.268826][T17183] usb 12-1: config 0 descriptor?? [ 305.504136][T17183] usbhid 12-1:0.0: can't add hid device: -71 [ 305.507003][T17183] usbhid 12-1:0.0: probe with driver usbhid failed with error -71 [ 305.513774][T17183] usb 12-1: USB disconnect, device number 6 [ 305.550198][T18252] Bluetooth: MGMT ver 1.23 [ 306.854804][T18312] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5204'. [ 306.936118][ T10] usb 13-1: new high-speed USB device number 2 using dummy_hcd [ 307.010029][ T6018] usb 9-1: USB disconnect, device number 23 [ 307.085408][T18324] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491 [ 307.089672][ T10] usb 13-1: Using ep0 maxpacket: 16 [ 307.107500][ T10] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 307.129152][ T10] usb 13-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 307.132747][ T10] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 307.136860][ T10] usb 13-1: Product: syz [ 307.138850][ T10] usb 13-1: Manufacturer: syz [ 307.141027][ T10] usb 13-1: SerialNumber: syz [ 307.148659][ T10] usb 13-1: config 0 descriptor?? [ 307.152722][ T10] hub 13-1:0.0: bad descriptor, ignoring hub [ 307.154886][ T10] hub 13-1:0.0: probe with driver hub failed with error -5 [ 307.160813][ T10] input: syz syz as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:0.0/input/input69 [ 307.242699][T18336] dvmrp0: entered allmulticast mode [ 307.332304][T18342] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.5217'. [ 307.607172][ T55] usb 13-1: USB disconnect, device number 2 [ 307.811970][T18376] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(3) [ 307.814299][T18376] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 307.816985][T18376] vhci_hcd vhci_hcd.0: Device attached [ 307.869838][T18380] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 307.872760][T18380] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 308.055934][ T34] usb 11-1: new high-speed USB device number 18 using dummy_hcd [ 308.059568][ T55] usb 49-1: new high-speed USB device number 2 using vhci_hcd [ 308.206017][ T34] usb 11-1: Using ep0 maxpacket: 16 [ 308.209628][ T34] usb 11-1: config 0 has no interfaces? [ 308.211548][ T34] usb 11-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 308.214724][ T34] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 308.219113][ T34] usb 11-1: config 0 descriptor?? [ 308.426063][T18377] usb 49-1: recv xbuf, 0 [ 308.429298][ T6447] vhci_hcd: stop threads [ 308.431164][ T6447] vhci_hcd: release socket [ 308.432174][T17183] usb 11-1: USB disconnect, device number 18 [ 308.435222][ T6447] vhci_hcd: disconnect device [ 308.496609][ T55] vhci_hcd: vhci_device speed not set [ 309.166232][ T5982] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 309.166248][ T5991] Bluetooth: hci4: command 0x1003 tx timeout [ 310.101660][T18475] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5276'. [ 310.403959][T18498] "syz.8.5285" (18498) uses obsolete ecb(arc4) skcipher [ 310.561762][T18506] "syz.7.5290" (18506) uses obsolete ecb(arc4) skcipher [ 310.731059][T18515] input: syz1 as /devices/virtual/input/input70 [ 310.749589][ T5984] libceph: connect (1)[c::]:6789 error -101 [ 310.752056][ T5984] libceph: mon0 (1)[c::]:6789 connect error [ 310.803023][ T5984] libceph: connect (1)[c::]:6789 error -101 [ 310.805862][ T5984] libceph: mon0 (1)[c::]:6789 connect error [ 311.006244][ T5984] libceph: connect (1)[c::]:6789 error -101 [ 311.009722][ T5984] libceph: mon0 (1)[c::]:6789 connect error [ 311.066133][ T5984] libceph: connect (1)[c::]:6789 error -101 [ 311.068400][ T5984] libceph: mon0 (1)[c::]:6789 connect error [ 311.517983][ T55] libceph: connect (1)[c::]:6789 error -101 [ 311.520891][ T55] libceph: mon0 (1)[c::]:6789 connect error [ 311.576610][T18517] ceph: No mds server is up or the cluster is laggy [ 311.576968][T18522] ceph: No mds server is up or the cluster is laggy [ 311.600960][ T5984] libceph: connect (1)[c::]:6789 error -101 [ 311.604091][ T5984] libceph: mon0 (1)[c::]:6789 connect error [ 312.042308][T18546] input: syz0 as /devices/virtual/input/input71 [ 312.464721][T18563] macsec1: entered promiscuous mode [ 312.470966][T18563] mac80211_hwsim hwsim19 wlan0: entered promiscuous mode [ 312.475210][T18563] macsec1: entered allmulticast mode [ 312.477738][T18563] mac80211_hwsim hwsim19 wlan0: entered allmulticast mode [ 312.844650][T18580] lo speed is unknown, defaulting to 1000 [ 312.955546][T18593] netlink: 'syz.4.5325': attribute type 4 has an invalid length. [ 312.963315][T17183] lo speed is unknown, defaulting to 1000 [ 312.963366][T18595] hsr0: entered promiscuous mode [ 312.968639][T18593] netlink: 'syz.4.5325': attribute type 4 has an invalid length. [ 312.972273][T17183] syz0: Port: 1 Link DOWN [ 312.972632][T18595] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5326'. [ 312.977417][ T5984] lo speed is unknown, defaulting to 1000 [ 312.977449][ T5984] syz0: Port: 1 Link ACTIVE [ 312.981886][T18595] hsr_slave_0: left promiscuous mode [ 312.984177][T18595] hsr_slave_1: left promiscuous mode [ 313.003488][T18599] Invalid/unusable pipe [ 313.007047][T18595] hsr0 (unregistering): left promiscuous mode [ 313.325789][ T54] usb 9-1: new high-speed USB device number 24 using dummy_hcd [ 313.486047][ T54] usb 9-1: Using ep0 maxpacket: 8 [ 313.489562][T18571] overlayfs: statfs failed on './file0' [ 313.490315][ T54] usb 9-1: config index 0 descriptor too short (expected 301, got 45) [ 313.494957][ T54] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 313.499481][ T54] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 313.503515][ T54] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 313.507773][ T54] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 313.513575][ T54] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 313.517949][ T54] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 313.577553][T18641] block nbd7: shutting down sockets [ 313.727045][ T54] usb 9-1: usb_control_msg returned -32 [ 313.729100][ T54] usbtmc 9-1:16.0: can't read capabilities [ 314.081179][ T55] usb 9-1: USB disconnect, device number 24 [ 315.020106][T18660] netlink: 'syz.6.5352': attribute type 4 has an invalid length. [ 315.025915][T18660] netlink: 'syz.6.5352': attribute type 4 has an invalid length. [ 315.072553][T18663] veth0: entered promiscuous mode [ 315.075218][T18663] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5354'. [ 315.139672][T18663] veth0 (unregistering): left promiscuous mode [ 315.221213][T18667] batman_adv: batadv0: Adding interface: macsec2 [ 315.223951][T18667] batman_adv: batadv0: Interface activated: macsec2 [ 315.576093][T17183] usb 11-1: new high-speed USB device number 19 using dummy_hcd [ 315.646111][ T5991] Bluetooth: hci4: command 0x1003 tx timeout [ 315.646185][ T5982] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 315.758639][T17183] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 315.763619][T17183] usb 11-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 315.767364][T17183] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 315.772487][T17183] usb 11-1: config 0 descriptor?? [ 315.861632][T18703] input: syz0 as /devices/virtual/input/input72 [ 315.981209][T17183] usbhid 11-1:0.0: can't add hid device: -71 [ 315.983864][T17183] usbhid 11-1:0.0: probe with driver usbhid failed with error -71 [ 315.987254][T17183] usb 11-1: USB disconnect, device number 19 [ 316.435959][ T54] usb 11-1: new high-speed USB device number 20 using dummy_hcd [ 316.607427][ T54] usb 11-1: Using ep0 maxpacket: 32 [ 316.617802][ T54] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 316.622037][ T54] usb 11-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 316.625150][ T54] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.629192][ T54] usb 11-1: config 0 descriptor?? [ 316.633109][ T54] ldusb 11-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 316.639132][ T54] ldusb 11-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 316.700301][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.703042][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.811708][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 316.811720][ T40] audit: type=1326 audit(1756479607.851:1351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18778 comm="syz.4.5409" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705e598 code=0x7ffc0000 [ 316.829008][ T40] audit: type=1326 audit(1756479607.861:1352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18778 comm="syz.4.5409" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705e598 code=0x7ffc0000 [ 316.837764][ T40] audit: type=1326 audit(1756479607.861:1353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18778 comm="syz.4.5409" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705e598 code=0x7ffc0000 [ 316.845713][ T40] audit: type=1326 audit(1756479607.861:1354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18778 comm="syz.4.5409" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705e598 code=0x7ffc0000 [ 316.853221][ T40] audit: type=1326 audit(1756479607.861:1355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18778 comm="syz.4.5409" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705e598 code=0x7ffc0000 [ 316.863403][ T40] audit: type=1326 audit(1756479607.861:1356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18778 comm="syz.4.5409" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705e598 code=0x7ffc0000 [ 316.872491][ T40] audit: type=1326 audit(1756479607.861:1357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18778 comm="syz.4.5409" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705e598 code=0x7ffc0000 [ 316.881643][ T40] audit: type=1326 audit(1756479607.861:1358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18778 comm="syz.4.5409" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705e598 code=0x7ffc0000 [ 316.890854][ T40] audit: type=1326 audit(1756479607.861:1359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18778 comm="syz.4.5409" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705e598 code=0x7ffc0000 [ 316.900242][ T40] audit: type=1326 audit(1756479607.861:1360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18778 comm="syz.4.5409" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705e598 code=0x7ffc0000 [ 316.972164][ T55] IPVS: starting estimator thread 0... [ 317.038664][ T6018] usb 11-1: USB disconnect, device number 20 [ 317.043902][ T6018] ldusb 11-1:0.0: LD USB Device #0 now disconnected [ 317.055927][T18791] IPVS: using max 43 ests per chain, 103200 per kthread [ 317.187703][T17181] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 317.966605][ T6018] usb 12-1: new high-speed USB device number 7 using dummy_hcd [ 318.381809][ T6018] usb 12-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 318.385524][ T6018] usb 12-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 318.389056][ T6018] usb 12-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 318.392882][ T6018] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 318.405326][T18815] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 318.411508][ T6018] usb 12-1: Quirk or no altset; falling back to MIDI 1.0 [ 318.624040][ T6018] usb 12-1: USB disconnect, device number 7 [ 318.814695][T18785] syz.8.5403 (18785) used greatest stack depth: 19576 bytes left [ 319.117056][T18852] input: syz0 as /devices/virtual/input/input73 [ 320.061292][T18910] netlink: 212376 bytes leftover after parsing attributes in process `syz.8.5463'. [ 320.235995][T17181] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 320.254862][T18920] veth0: entered promiscuous mode [ 320.259222][T18920] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5465'. [ 320.327166][T18920] veth0 (unregistering): left promiscuous mode [ 321.311351][T18945] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 321.315408][T18945] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 321.324841][T18947] block nbd1: Unsupported socket: shutdown callout must be supported. [ 321.494216][ T6018] IPVS: starting estimator thread 0... [ 321.495560][T18962] tipc: Started in network mode [ 321.496174][T17181] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 321.502216][T18962] tipc: Node identity ac1414aa, cluster identity 4711 [ 321.504658][T18962] tipc: Enabled bearer , priority 10 [ 321.619228][T18963] IPVS: using max 43 ests per chain, 103200 per kthread [ 322.617178][ T55] tipc: Node number set to 2886997162 [ 322.896011][ T54] usb 11-1: new high-speed USB device number 21 using dummy_hcd [ 322.936076][T19029] 9pnet: p9_errstr2errno: server reported unknown error 184467 [ 323.047824][ T54] usb 11-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 323.051594][ T54] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 323.055613][ T54] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 323.059018][ T54] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 323.064378][ T54] usb 11-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 323.067387][ T54] usb 11-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 323.070408][ T54] usb 11-1: Manufacturer: syz [ 323.074266][ T54] usb 11-1: config 0 descriptor?? [ 323.157570][T19053] netlink: 'syz.4.5522': attribute type 1 has an invalid length. [ 323.189491][T19053] 8021q: adding VLAN 0 to HW filter on device bond1 [ 323.193595][T19053] bond0: (slave bond1): making interface the new active one [ 323.196711][T19053] bond0: (slave bond1): Enslaving as an active interface with an up link [ 323.238876][ T40] kauditd_printk_skb: 348 callbacks suppressed [ 323.238893][ T40] audit: type=1326 audit(1756479614.281:1709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19059 comm="syz.4.5524" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf705e579 code=0x0 [ 323.495374][ T54] hid_parser_main: 29 callbacks suppressed [ 323.495387][ T54] appleir 0003:05AC:8243.002B: unknown main item tag 0x0 [ 323.503851][ T54] appleir 0003:05AC:8243.002B: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.6-1/input0 [ 325.384618][T19126] netlink: 96 bytes leftover after parsing attributes in process `syz.7.5551'. [ 325.586776][ T55] usb 11-1: USB disconnect, device number 21 [ 325.639961][ T5982] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 325.852301][ T5991] Bluetooth: hci4: sending frame failed (-49) [ 325.857997][ T5982] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 326.115745][ T55] usb 12-1: new high-speed USB device number 8 using dummy_hcd [ 326.267632][ T55] usb 12-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 326.271294][ T55] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 326.274740][ T55] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 326.277935][ T55] usb 12-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 326.283097][ T55] usb 12-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 326.288020][ T55] usb 12-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 326.290676][ T55] usb 12-1: Manufacturer: syz [ 326.293418][ T55] usb 12-1: config 0 descriptor?? [ 326.387502][ T10] IPVS: starting estimator thread 0... [ 326.390934][T19149] tipc: Enabled bearer , priority 10 [ 326.475777][T19150] IPVS: using max 22 ests per chain, 52800 per kthread [ 326.695380][T19172] netlink: 'syz.6.5567': attribute type 1 has an invalid length. [ 326.698546][T19172] netlink: 168864 bytes leftover after parsing attributes in process `syz.6.5567'. [ 326.709799][ T55] appleir 0003:05AC:8243.002C: unknown main item tag 0x0 [ 326.713794][ T55] appleir 0003:05AC:8243.002C: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.7-1/input0 [ 326.755953][T17181] usb 9-1: new high-speed USB device number 25 using dummy_hcd [ 326.825916][ T10] usb 13-1: new high-speed USB device number 3 using dummy_hcd [ 326.927744][T17181] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 326.932651][T17181] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 326.937086][T17181] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 326.941562][T17181] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 326.950820][T19161] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 326.957103][T17181] usb 9-1: Quirk or no altset; falling back to MIDI 1.0 [ 326.999581][ T10] usb 13-1: unable to get BOS descriptor or descriptor too short [ 327.002875][ T10] usb 13-1: no configurations [ 327.005141][ T10] usb 13-1: can't read configurations, error -22 [ 327.165497][T17181] usb 9-1: USB disconnect, device number 25 [ 327.505785][ T6044] tipc: Node number set to 2886997179 [ 327.904310][T19202] netlink: 'syz.4.5579': attribute type 2 has an invalid length. [ 327.908068][T19202] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5579'. [ 328.458713][T17181] usb 11-1: new high-speed USB device number 22 using dummy_hcd [ 328.578620][ T5991] Bluetooth: hci4: sending frame failed (-49) [ 328.582321][ T5982] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 328.618636][T17181] usb 11-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 328.622137][T17181] usb 11-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 328.625209][T17181] usb 11-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 328.629341][T17181] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 328.636936][T19214] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 328.642846][T17181] usb 11-1: Quirk or no altset; falling back to MIDI 1.0 [ 328.700803][T19242] unknown channel width for channel at 909000KHz? [ 328.702986][T19242] unknown channel width for channel at 909000KHz? [ 328.817020][ T10] usb 12-1: USB disconnect, device number 8 [ 328.846676][T17183] usb 11-1: USB disconnect, device number 22 [ 329.507191][T19256] binder: 19255:19256 ioctl c0306201 80000380 returned -14 [ 329.705953][ T54] usb 13-1: new high-speed USB device number 5 using dummy_hcd [ 329.826472][T19283] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5615'. [ 329.867668][ T54] usb 13-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 329.872135][ T54] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 329.876953][ T54] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 329.880603][ T54] usb 13-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 329.885529][ T54] usb 13-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 329.888562][ T54] usb 13-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 329.891044][ T54] usb 13-1: Manufacturer: syz [ 329.893617][ T54] usb 13-1: config 0 descriptor?? [ 330.190409][T19303] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5624'. [ 330.309116][ T54] appleir 0003:05AC:8243.002D: unknown main item tag 0x0 [ 330.313337][ T54] appleir 0003:05AC:8243.002D: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.8-1/input0 [ 330.441280][T19324] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5631'. [ 331.447569][T19347] tipc: Enabling of bearer rejected, already enabled [ 332.199250][T19380] netlink: 212376 bytes leftover after parsing attributes in process `syz.7.5656'. [ 332.264748][T19394] input input74: cannot allocate more than FF_MAX_EFFECTS effects [ 332.376479][ T54] usb 13-1: USB disconnect, device number 5 [ 332.539328][T19425] netlink: 212376 bytes leftover after parsing attributes in process `syz.7.5678'. [ 333.006278][T17181] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 334.250739][T19502] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 335.005868][ T55] libceph: connect (1)[c::]:6789 error -101 [ 335.007832][ T55] libceph: mon0 (1)[c::]:6789 connect error [ 335.267026][ T55] libceph: connect (1)[c::]:6789 error -101 [ 335.269559][ T55] libceph: mon0 (1)[c::]:6789 connect error [ 335.662561][T19553] 8021q: adding VLAN 0 to HW filter on device bond1 [ 335.786123][ T55] libceph: connect (1)[c::]:6789 error -101 [ 335.791479][ T55] libceph: mon0 (1)[c::]:6789 connect error [ 335.838166][T19510] ceph: No mds server is up or the cluster is laggy [ 335.885079][T19575] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5741'. [ 335.909954][T19575] vxlan0: entered promiscuous mode [ 335.915005][ T6421] netdevsim netdevsim6 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 335.918793][ T6421] netdevsim netdevsim6 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 335.921513][ T6421] netdevsim netdevsim6 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 335.924224][ T6421] netdevsim netdevsim6 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 336.517065][T19608] block nbd7: Attempted send on invalid socket [ 336.520052][T19608] blk_print_req_error: 30 callbacks suppressed [ 336.520068][T19608] I/O error, dev nbd7, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 336.528645][T19608] ADFS-fs (nbd7): error: unable to read block 3, try 0 [ 336.807651][ T40] audit: type=1326 audit(1756479627.851:1710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19584 comm="syz.8.5748" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7fc00000 [ 336.818105][ T40] audit: type=1326 audit(1756479627.851:1711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19584 comm="syz.8.5748" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7fc00000 [ 336.828353][ T40] audit: type=1326 audit(1756479627.851:1712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19584 comm="syz.8.5748" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7fc00000 [ 336.837139][ T40] audit: type=1326 audit(1756479627.851:1713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19584 comm="syz.8.5748" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7fc00000 [ 336.846799][ T40] audit: type=1326 audit(1756479627.851:1714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19584 comm="syz.8.5748" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7fc00000 [ 336.856126][ T40] audit: type=1326 audit(1756479627.851:1715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19584 comm="syz.8.5748" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7fc00000 [ 336.864898][ T40] audit: type=1326 audit(1756479627.851:1716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19584 comm="syz.8.5748" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7fc00000 [ 336.873886][ T40] audit: type=1326 audit(1756479627.851:1717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19584 comm="syz.8.5748" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7fc00000 [ 336.882653][ T40] audit: type=1326 audit(1756479627.851:1718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19584 comm="syz.8.5748" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7fc00000 [ 336.891493][ T40] audit: type=1326 audit(1756479627.851:1719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19584 comm="syz.8.5748" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7fc00000 [ 336.982151][T19620] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5762'. [ 337.989439][T19666] netlink: 212376 bytes leftover after parsing attributes in process `syz.7.5783'. [ 338.137336][T19674] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5787'. [ 338.730477][T19719] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 338.761962][T19724] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5808'. [ 338.843114][T19731] netlink: 56 bytes leftover after parsing attributes in process `syz.8.5811'. [ 339.158730][T19771] fuse: Bad value for 'fd' [ 339.499722][T19817] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5848'. [ 339.630648][T19831] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 339.946422][T19849] loop2: detected capacity change from 0 to 7 [ 339.955938][T19849] Dev loop2: unable to read RDB block 7 [ 339.958368][T19849] loop2: AHDI p1 p2 p3 [ 339.960273][T19849] loop2: partition table partially beyond EOD, truncated [ 339.963401][T19849] loop2: p3 start 335544320 is beyond EOD, truncated [ 340.150277][T19864] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5868'. [ 340.195981][T17181] usb 13-1: new high-speed USB device number 6 using dummy_hcd [ 340.201325][ T54] hid-generic 0000:0003:0000.002E: unknown main item tag 0x0 [ 340.203779][ T54] hid-generic 0000:0003:0000.002E: unknown main item tag 0x0 [ 340.207388][ T54] hid-generic 0000:0003:0000.002E: hidraw1: HID v0.03 Device [syz0] on syz0 [ 340.358758][T17181] usb 13-1: Using ep0 maxpacket: 32 [ 340.362687][T17181] usb 13-1: config 0 has an invalid interface number: 12 but max is 0 [ 340.370771][T17181] usb 13-1: config 0 has no interface number 0 [ 340.375875][T17181] usb 13-1: config 0 interface 12 has no altsetting 0 [ 340.382970][T17181] usb 13-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 340.386153][T17181] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 340.388739][T17181] usb 13-1: Product: syz [ 340.390105][T17181] usb 13-1: Manufacturer: syz [ 340.391768][T17181] usb 13-1: SerialNumber: syz [ 340.395016][T17181] usb 13-1: config 0 descriptor?? [ 340.398155][T17181] f81534 13-1:0.12: required endpoints missing [ 340.617351][ T54] usb 13-1: USB disconnect, device number 6 [ 341.138777][T19886] netlink: 212376 bytes leftover after parsing attributes in process `syz.7.5877'. [ 341.550730][T19943] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5901'. [ 341.634678][T19953] binder: 19952:19953 ioctl c0306201 800001c0 returned -22 [ 341.849138][T19978] input: syz1 as /devices/virtual/input/input75 [ 342.058908][T19996] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5924'. [ 342.071749][T19996] vxlan1: entered promiscuous mode [ 342.313144][T20016] netlink: 84 bytes leftover after parsing attributes in process `syz.8.5934'. [ 343.108816][T20047] 9pnet: p9_errstr2errno: server reported unknown error n$[ [ 343.108816][T20047] Q&|xXX 1 [ 347.162328][ T5982] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 347.167910][ T5982] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 347.174297][ T5982] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 347.180547][ T5982] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 347.214101][T20251] lo speed is unknown, defaulting to 1000 [ 347.342329][T20265] netlink: 'syz.6.6039': attribute type 13 has an invalid length. [ 347.368287][T20251] chnl_net:caif_netlink_parms(): no params data found [ 347.473761][T20251] bridge0: port 1(bridge_slave_0) entered blocking state [ 347.476196][T20251] bridge0: port 1(bridge_slave_0) entered disabled state [ 347.478491][T20251] bridge_slave_0: entered allmulticast mode [ 347.481280][T20251] bridge_slave_0: entered promiscuous mode [ 347.484850][T20251] bridge0: port 2(bridge_slave_1) entered blocking state [ 347.488147][T20251] bridge0: port 2(bridge_slave_1) entered disabled state [ 347.490615][T20251] bridge_slave_1: entered allmulticast mode [ 347.493358][T20251] bridge_slave_1: entered promiscuous mode [ 347.531366][T20251] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 347.540599][T20251] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 347.609435][T20251] team0: Port device team_slave_0 added [ 347.613531][T20251] team0: Port device team_slave_1 added [ 347.661601][T20251] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 347.664796][T20251] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 347.676391][T20251] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 347.682600][T20251] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 347.685881][T20251] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 347.694396][T20251] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 347.751987][T20251] hsr_slave_0: entered promiscuous mode [ 347.754636][T20251] hsr_slave_1: entered promiscuous mode [ 347.757316][T20251] debugfs: 'hsr0' already exists in 'hsr' [ 347.759080][T20251] Cannot create hsr debugfs directory [ 347.960941][T20251] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 347.966272][T20251] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 347.972350][T20251] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 347.979538][T20251] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 348.046680][T20251] 8021q: adding VLAN 0 to HW filter on device bond0 [ 348.069805][T20251] 8021q: adding VLAN 0 to HW filter on device team0 [ 348.075959][ T1150] bridge0: port 1(bridge_slave_0) entered blocking state [ 348.078295][ T1150] bridge0: port 1(bridge_slave_0) entered forwarding state [ 348.089602][ T1150] bridge0: port 2(bridge_slave_1) entered blocking state [ 348.092113][ T1150] bridge0: port 2(bridge_slave_1) entered forwarding state [ 348.144271][T20314] netlink: 'syz.7.6055': attribute type 1 has an invalid length. [ 348.160646][T20314] bond1: entered promiscuous mode [ 348.162162][T20314] bond1: entered allmulticast mode [ 348.182253][T20314] bond1: (slave erspan1): making interface the new active one [ 348.184391][T20314] erspan1: entered promiscuous mode [ 348.187093][T20314] erspan1: entered allmulticast mode [ 348.189143][T20314] bond1: (slave erspan1): Enslaving as an active interface with an up link [ 348.253303][T20324] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 348.262704][T20324] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 348.281634][T20251] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 348.442444][T20251] veth0_vlan: entered promiscuous mode [ 348.452250][T20251] veth1_vlan: entered promiscuous mode [ 348.471889][T20251] veth0_macvtap: entered promiscuous mode [ 348.476407][T20251] veth1_macvtap: entered promiscuous mode [ 348.486462][T20251] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 348.493111][T20251] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 348.500658][ T6436] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 348.503906][ T6436] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 348.514786][ T6436] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 348.518356][ T6436] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 348.593380][ T6436] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 348.597231][ T6436] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 348.620158][ T6421] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 348.623146][ T6421] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 348.640981][T20358] lo speed is unknown, defaulting to 1000 [ 349.042996][T20384] netlink: 'syz.8.6079': attribute type 13 has an invalid length. [ 349.246736][ T5991] Bluetooth: hci3: command tx timeout [ 349.605847][ T54] usb 13-1: new high-speed USB device number 7 using dummy_hcd [ 349.680952][T20409] netlink: 12 bytes leftover after parsing attributes in process `syz.9.6087'. [ 349.684295][T20409] netlink: 'syz.9.6087': attribute type 15 has an invalid length. [ 349.694859][T20409] vxlan0: entered promiscuous mode [ 349.699378][ T6436] netdevsim netdevsim9 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 349.702450][ T6436] netdevsim netdevsim9 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 349.706245][ T6436] netdevsim netdevsim9 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 349.709435][ T6436] netdevsim netdevsim9 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 349.768769][ T54] usb 13-1: config 0 has no interfaces? [ 349.770842][ T54] usb 13-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 349.774015][ T54] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.778353][ T54] usb 13-1: config 0 descriptor?? [ 349.988690][ T6018] usb 13-1: USB disconnect, device number 7 [ 349.997551][ T40] kauditd_printk_skb: 58 callbacks suppressed [ 349.997566][ T40] audit: type=1326 audit(1756479641.041:1778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20432 comm="syz.7.6100" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf703e579 code=0x0 [ 350.130179][T20445] netlink: 212376 bytes leftover after parsing attributes in process `syz.6.6104'. [ 350.180620][T20447] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 350.373589][T20454] pim6reg1: entered promiscuous mode [ 350.375774][T20454] pim6reg1: entered allmulticast mode [ 350.498745][T20456] netlink: 'syz.9.6109': attribute type 13 has an invalid length. [ 350.520884][ T54] libceph: connect (1)[c::]:6789 error -101 [ 350.522899][ T54] libceph: mon0 (1)[c::]:6789 connect error [ 350.620924][T20458] ceph: No mds server is up or the cluster is laggy [ 350.816773][T20483] netlink: 'syz.9.6119': attribute type 10 has an invalid length. [ 350.819537][T20483] netlink: 40 bytes leftover after parsing attributes in process `syz.9.6119'. [ 350.828801][T20483] team0: Port device geneve0 added [ 351.079410][T20532] netlink: 'syz.6.6141': attribute type 4 has an invalid length. [ 351.089020][T20532] netlink: 'syz.6.6141': attribute type 4 has an invalid length. [ 351.146207][T20543] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6147'. [ 351.297454][T20543] hsr_slave_0 (unregistering): left promiscuous mode [ 351.336129][ T5991] Bluetooth: hci3: command tx timeout [ 351.341436][T20565] netlink: 24 bytes leftover after parsing attributes in process `syz.6.6157'. [ 351.980902][T20618] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 352.094397][T20634] [ 352.095643][T20634] ===================================================== [ 352.097966][T20634] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 352.100396][T20634] syzkaller #0 Not tainted [ 352.101948][T20634] ----------------------------------------------------- [ 352.106384][T20634] syz.6.6185/20634 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 352.108936][T20634] ffff88806e6c6558 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510 [ 352.112057][T20634] [ 352.112057][T20634] and this task is already holding: [ 352.114963][T20634] ffff88804f14c028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 352.118085][T20634] which would create a new lock dependency: [ 352.118275][T20640] 9pnet_fd: Insufficient options for proto=fd [ 352.120048][T20634] (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 352.124617][T20634] [ 352.124617][T20634] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 352.127563][T20634] (&dev->event_lock#2){..-.}-{3:3} [ 352.127586][T20634] [ 352.127586][T20634] ... which became SOFTIRQ-irq-safe at: [ 352.132606][T20634] lock_acquire+0x179/0x350 [ 352.134523][T20634] _raw_spin_lock_irqsave+0x3a/0x60 [ 352.136399][T20634] input_inject_event+0x9f/0x3b0 [ 352.137923][T20634] led_set_brightness+0x217/0x290 [ 352.139498][T20634] led_trigger_event+0xda/0x270 [ 352.141062][T20634] kbd_bh+0x21b/0x300 [ 352.142361][T20634] tasklet_action_common+0x284/0x400 [ 352.144112][T20634] handle_softirqs+0x219/0x8e0 [ 352.145600][T20634] run_ksoftirqd+0x3a/0x60 [ 352.147034][T20634] smpboot_thread_fn+0x3f4/0xae0 [ 352.148591][T20634] kthread+0x3c5/0x780 [ 352.149972][T20634] ret_from_fork+0x5d4/0x6f0 [ 352.151451][T20634] ret_from_fork_asm+0x1a/0x30 [ 352.153020][T20634] [ 352.153020][T20634] to a SOFTIRQ-irq-unsafe lock: [ 352.155321][T20634] (tasklist_lock){.+.+}-{3:3} [ 352.155339][T20634] [ 352.155339][T20634] ... which became SOFTIRQ-irq-unsafe at: [ 352.159966][T20634] ... [ 352.159974][T20634] lock_acquire+0x179/0x350 [ 352.162685][T20634] _raw_read_lock+0x5f/0x70 [ 352.164504][T20634] __do_wait+0x105/0x890 [ 352.166375][T20634] do_wait+0x21e/0x5a0 [ 352.168111][T20634] kernel_wait+0x9f/0x160 [ 352.169665][T20634] call_usermodehelper_exec_work+0xf1/0x170 [ 352.171694][T20634] process_one_work+0x9cf/0x1b70 [ 352.173364][T20634] worker_thread+0x6c8/0xf10 [ 352.174883][T20634] kthread+0x3c5/0x780 [ 352.176338][T20634] ret_from_fork+0x5d4/0x6f0 [ 352.177882][T20634] ret_from_fork_asm+0x1a/0x30 [ 352.179515][T20634] [ 352.179515][T20634] other info that might help us debug this: [ 352.179515][T20634] [ 352.182927][T20634] Chain exists of: [ 352.182927][T20634] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 352.182927][T20634] [ 352.188190][T20634] Possible interrupt unsafe locking scenario: [ 352.188190][T20634] [ 352.190806][T20634] CPU0 CPU1 [ 352.192553][T20634] ---- ---- [ 352.194625][T20634] lock(tasklist_lock); [ 352.196389][T20634] local_irq_disable(); [ 352.199095][T20634] lock(&dev->event_lock#2); [ 352.201335][T20634] lock(&client->buffer_lock); [ 352.203627][T20634] [ 352.204770][T20634] lock(&dev->event_lock#2); [ 352.206492][T20634] [ 352.206492][T20634] *** DEADLOCK *** [ 352.206492][T20634] [ 352.209057][T20634] 7 locks held by syz.6.6185/20634: [ 352.210699][T20634] #0: ffff888044516118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x184/0x440 [ 352.213603][T20634] #1: ffff888042d25230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0x9f/0x3b0 [ 352.217104][T20634] #2: ffffffff8e5c10a0 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbb/0x3b0 [ 352.220158][T20634] #3: ffffffff8e5c10a0 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x80/0x880 [ 352.223148][T20634] #4: ffffffff8e5c10a0 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x7b/0x390 [ 352.226083][T20634] #5: ffff88804f14c028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 352.229379][T20634] #6: ffffffff8e5c10a0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x62/0x510 [ 352.232602][T20634] [ 352.232602][T20634] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 352.235968][T20634] -> (&dev->event_lock#2){..-.}-{3:3} { [ 352.237717][T20634] IN-SOFTIRQ-W at: [ 352.238974][T20634] lock_acquire+0x179/0x350 [ 352.241401][T20634] _raw_spin_lock_irqsave+0x3a/0x60 [ 352.243739][T20634] input_inject_event+0x9f/0x3b0 [ 352.245950][T20634] led_set_brightness+0x217/0x290 [ 352.248357][T20634] led_trigger_event+0xda/0x270 [ 352.250819][T20634] kbd_bh+0x21b/0x300 [ 352.252896][T20634] tasklet_action_common+0x284/0x400 [ 352.255959][T20634] handle_softirqs+0x219/0x8e0 [ 352.258228][T20634] run_ksoftirqd+0x3a/0x60 [ 352.260604][T20634] smpboot_thread_fn+0x3f4/0xae0 [ 352.263036][T20634] kthread+0x3c5/0x780 [ 352.265037][T20634] ret_from_fork+0x5d4/0x6f0 [ 352.267456][T20634] ret_from_fork_asm+0x1a/0x30 [ 352.269638][T20634] INITIAL USE at: [ 352.270889][T20634] lock_acquire+0x179/0x350 [ 352.272958][T20634] _raw_spin_lock_irqsave+0x3a/0x60 [ 352.275342][T20634] input_inject_event+0x9f/0x3b0 [ 352.277560][T20634] led_set_brightness+0x217/0x290 [ 352.279911][T20634] kbd_led_trigger_activate+0xcb/0x110 [ 352.282290][T20634] led_trigger_set+0x59a/0xc50 [ 352.284343][T20634] led_trigger_set_default+0x1e0/0x2e0 [ 352.286607][T20634] led_classdev_register_ext+0x7b8/0xa10 [ 352.288889][T20634] input_leds_connect+0x552/0x8e0 [ 352.290961][T20634] input_attach_handler.isra.0+0x173/0x250 [ 352.293792][T20634] input_register_device+0xab9/0x1180 [ 352.296140][T20634] atkbd_connect+0x5f8/0xa40 [ 352.298127][T20634] serio_driver_probe+0x7f/0xd0 [ 352.300199][T20634] really_probe+0x241/0xa90 [ 352.302106][T20634] __driver_probe_device+0x1de/0x440 [ 352.304281][T20634] driver_probe_device+0x4c/0x1b0 [ 352.306393][T20634] __driver_attach+0x283/0x580 [ 352.308396][T20634] bus_for_each_dev+0x13e/0x1d0 [ 352.310365][T20634] serio_handle_event+0x335/0xc30 [ 352.312441][T20634] process_one_work+0x9cf/0x1b70 [ 352.314473][T20634] worker_thread+0x6c8/0xf10 [ 352.316617][T20634] kthread+0x3c5/0x780 [ 352.318576][T20634] ret_from_fork+0x5d4/0x6f0 [ 352.320552][T20634] ret_from_fork_asm+0x1a/0x30 [ 352.322571][T20634] } [ 352.323424][T20634] ... key at: [] __key.7+0x0/0x40 [ 352.325708][T20634] -> (&client->buffer_lock){....}-{3:3} { [ 352.327575][T20634] INITIAL USE at: [ 352.328828][T20634] lock_acquire+0x179/0x350 [ 352.330725][T20634] _raw_spin_lock+0x2e/0x40 [ 352.332701][T20634] evdev_pass_values+0x10e/0x9b0 [ 352.334769][T20634] evdev_events+0x1bb/0x390 [ 352.336789][T20634] input_pass_values+0x74b/0x880 [ 352.338759][T20634] input_handle_event+0xf00/0x14d0 [ 352.340734][T20634] input_inject_event+0x1e8/0x3b0 [ 352.342719][T20634] evdev_write+0x2e1/0x440 [ 352.344605][T20634] vfs_write+0x2a0/0x11d0 [ 352.346391][T20634] ksys_write+0x1f8/0x250 [ 352.348342][T20634] __do_fast_syscall_32+0x7c/0x3a0 [ 352.350402][T20634] do_fast_syscall_32+0x32/0x80 [ 352.353440][T20634] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 352.355969][T20634] } [ 352.356787][T20634] ... key at: [] __key.1+0x0/0x40 [ 352.359222][T20634] ... acquired at: [ 352.360476][T20634] _raw_spin_lock+0x2e/0x40 [ 352.361948][T20634] evdev_pass_values+0x10e/0x9b0 [ 352.363440][T20634] evdev_events+0x1bb/0x390 [ 352.364901][T20634] input_pass_values+0x74b/0x880 [ 352.366584][T20634] input_handle_event+0xf00/0x14d0 [ 352.368359][T20634] input_inject_event+0x1e8/0x3b0 [ 352.370272][T20634] evdev_write+0x2e1/0x440 [ 352.371949][T20634] vfs_write+0x2a0/0x11d0 [ 352.373502][T20634] ksys_write+0x1f8/0x250 [ 352.375072][T20634] __do_fast_syscall_32+0x7c/0x3a0 [ 352.376798][T20634] do_fast_syscall_32+0x32/0x80 [ 352.378406][T20634] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 352.380463][T20634] [ 352.381236][T20634] [ 352.381236][T20634] the dependencies between the lock to be acquired [ 352.381243][T20634] and SOFTIRQ-irq-unsafe lock: [ 352.385527][T20634] -> (tasklist_lock){.+.+}-{3:3} { [ 352.387154][T20634] HARDIRQ-ON-R at: [ 352.388507][T20634] lock_acquire+0x179/0x350 [ 352.390499][T20634] _raw_read_lock+0x5f/0x70 [ 352.392545][T20634] __do_wait+0x105/0x890 [ 352.394441][T20634] do_wait+0x21e/0x5a0 [ 352.396402][T20634] kernel_wait+0x9f/0x160 [ 352.398370][T20634] call_usermodehelper_exec_work+0xf1/0x170 [ 352.400756][T20634] process_one_work+0x9cf/0x1b70 [ 352.403009][T20634] worker_thread+0x6c8/0xf10 [ 352.405104][T20634] kthread+0x3c5/0x780 [ 352.406958][T20634] ret_from_fork+0x5d4/0x6f0 [ 352.409172][T20634] ret_from_fork_asm+0x1a/0x30 [ 352.411298][T20634] SOFTIRQ-ON-R at: [ 352.412701][T20634] lock_acquire+0x179/0x350 [ 352.414860][T20634] _raw_read_lock+0x5f/0x70 [ 352.416854][T20634] __do_wait+0x105/0x890 [ 352.418771][T20634] do_wait+0x21e/0x5a0 [ 352.420655][T20634] kernel_wait+0x9f/0x160 [ 352.422596][T20634] call_usermodehelper_exec_work+0xf1/0x170 [ 352.424976][T20634] process_one_work+0x9cf/0x1b70 [ 352.427110][T20634] worker_thread+0x6c8/0xf10 [ 352.429084][T20634] kthread+0x3c5/0x780 [ 352.430917][T20634] ret_from_fork+0x5d4/0x6f0 [ 352.432945][T20634] ret_from_fork_asm+0x1a/0x30 [ 352.434975][T20634] INITIAL USE at: [ 352.436229][T20634] lock_acquire+0x179/0x350 [ 352.438131][T20634] _raw_write_lock_irq+0x36/0x50 [ 352.440190][T20634] copy_process+0x4caf/0x7690 [ 352.442130][T20634] kernel_clone+0xfc/0x930 [ 352.444067][T20634] user_mode_thread+0xc7/0x110 [ 352.446110][T20634] rest_init+0x23/0x2b0 [ 352.448208][T20634] start_kernel+0x3ee/0x4d0 [ 352.450163][T20634] x86_64_start_reservations+0x18/0x30 [ 352.452429][T20634] x86_64_start_kernel+0x130/0x190 [ 352.454657][T20634] common_startup_64+0x13e/0x148 [ 352.457091][T20634] INITIAL READ USE at: [ 352.458641][T20634] lock_acquire+0x179/0x350 [ 352.460935][T20634] _raw_read_lock+0x5f/0x70 [ 352.463231][T20634] __do_wait+0x105/0x890 [ 352.465328][T20634] do_wait+0x21e/0x5a0 [ 352.467338][T20634] kernel_wait+0x9f/0x160 [ 352.469467][T20634] call_usermodehelper_exec_work+0xf1/0x170 [ 352.472004][T20634] process_one_work+0x9cf/0x1b70 [ 352.474251][T20634] worker_thread+0x6c8/0xf10 [ 352.476438][T20634] kthread+0x3c5/0x780 [ 352.478429][T20634] ret_from_fork+0x5d4/0x6f0 [ 352.480599][T20634] ret_from_fork_asm+0x1a/0x30 [ 352.482787][T20634] } [ 352.483643][T20634] ... key at: [] tasklist_lock+0x18/0x40 [ 352.486112][T20634] ... acquired at: [ 352.487381][T20634] _raw_read_lock+0x5f/0x70 [ 352.488847][T20634] send_sigurg+0xed/0xc80 [ 352.490270][T20634] sk_send_sigurg+0x76/0x360 [ 352.491754][T20634] unix_stream_sendmsg+0xfa5/0x1340 [ 352.493438][T20634] ____sys_sendmsg+0xa95/0xc70 [ 352.494988][T20634] ___sys_sendmsg+0x134/0x1d0 [ 352.496551][T20634] __sys_sendmmsg+0x2f9/0x420 [ 352.498063][T20634] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 352.499893][T20634] __do_fast_syscall_32+0x7c/0x3a0 [ 352.501531][T20634] do_fast_syscall_32+0x32/0x80 [ 352.503223][T20634] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 352.505200][T20634] [ 352.505965][T20634] -> (&f_owner->lock){....}-{3:3} { [ 352.507607][T20634] INITIAL USE at: [ 352.508804][T20634] lock_acquire+0x179/0x350 [ 352.510732][T20634] _raw_write_lock_irq+0x36/0x50 [ 352.512813][T20634] __f_setown+0x61/0x3c0 [ 352.514663][T20634] fcntl_dirnotify+0x7b1/0xb60 [ 352.516701][T20634] do_fcntl+0xe62/0x15a0 [ 352.518576][T20634] do_compat_fcntl64+0x367/0x710 [ 352.520586][T20634] __do_fast_syscall_32+0x7c/0x3a0 [ 352.522654][T20634] do_fast_syscall_32+0x32/0x80 [ 352.524677][T20634] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 352.527244][T20634] INITIAL READ USE at: [ 352.528752][T20634] lock_acquire+0x179/0x350 [ 352.530827][T20634] _raw_read_lock_irqsave+0x74/0x90 [ 352.533072][T20634] send_sigio+0x31/0x3e0 [ 352.535073][T20634] dnotify_handle_event+0x15e/0x2b0 [ 352.537316][T20634] fsnotify_handle_inode_event.isra.0+0x1e2/0x3f0 [ 352.539984][T20634] fsnotify+0x13d6/0x1dc0 [ 352.542077][T20634] path_openat+0x1b50/0x2cb0 [ 352.544233][T20634] do_filp_open+0x20b/0x470 [ 352.546356][T20634] do_sys_openat2+0x11b/0x1d0 [ 352.548506][T20634] __ia32_compat_sys_open+0x146/0x1e0 [ 352.550852][T20634] __do_fast_syscall_32+0x7c/0x3a0 [ 352.553183][T20634] do_fast_syscall_32+0x32/0x80 [ 352.555528][T20634] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 352.558172][T20634] } [ 352.559036][T20634] ... key at: [] __key.1+0x0/0x40 [ 352.561299][T20634] ... acquired at: [ 352.562542][T20634] _raw_read_lock_irqsave+0x74/0x90 [ 352.564252][T20634] send_sigio+0x31/0x3e0 [ 352.565698][T20634] kill_fasync+0x214/0x510 [ 352.567164][T20634] lease_break_callback+0x23/0x30 [ 352.568791][T20634] __break_lease+0x671/0x1810 [ 352.570327][T20634] do_dentry_open+0x91f/0x1530 [ 352.572017][T20634] vfs_open+0x82/0x3f0 [ 352.573365][T20634] path_openat+0x1de4/0x2cb0 [ 352.574872][T20634] do_filp_open+0x20b/0x470 [ 352.576388][T20634] do_sys_openat2+0x11b/0x1d0 [ 352.577951][T20634] __ia32_compat_sys_openat+0x16d/0x210 [ 352.579752][T20634] __do_fast_syscall_32+0x7c/0x3a0 [ 352.581411][T20634] do_fast_syscall_32+0x32/0x80 [ 352.583025][T20634] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 352.585099][T20634] [ 352.585856][T20634] -> (&new->fa_lock){....}-{3:3} { [ 352.587462][T20634] INITIAL USE at: [ 352.588690][T20634] lock_acquire+0x179/0x350 [ 352.590606][T20634] _raw_write_lock_irq+0x36/0x50 [ 352.592563][T20634] fasync_remove_entry+0xb2/0x1e0 [ 352.594699][T20634] fasync_helper+0xaf/0xd0 [ 352.596603][T20634] sock_fasync+0x92/0x140 [ 352.598467][T20634] __fput+0x968/0xb70 [ 352.600253][T20634] task_work_run+0x14d/0x240 [ 352.602158][T20634] exit_to_user_mode_loop+0xeb/0x110 [ 352.604345][T20634] __do_fast_syscall_32+0x2ac/0x3a0 [ 352.606481][T20634] do_fast_syscall_32+0x32/0x80 [ 352.608497][T20634] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 352.610967][T20634] INITIAL READ USE at: [ 352.612313][T20634] lock_acquire+0x179/0x350 [ 352.614316][T20634] _raw_read_lock_irqsave+0x74/0x90 [ 352.616564][T20634] kill_fasync+0x138/0x510 [ 352.618538][T20634] sock_wake_async+0x132/0x160 [ 352.620643][T20634] mptcp_close_wake_up+0x2eb/0x600 [ 352.622837][T20634] __mptcp_close_ssk+0xd54/0x14d0 [ 352.625196][T20634] mptcp_destroy_common+0x65a/0xaf0 [ 352.627577][T20634] mptcp_disconnect+0x228/0x870 [ 352.629685][T20634] inet_shutdown+0x26c/0x440 [ 352.631735][T20634] __sys_shutdown+0x116/0x1b0 [ 352.633804][T20634] __ia32_sys_shutdown+0x53/0x80 [ 352.635970][T20634] __do_fast_syscall_32+0x7c/0x3a0 [ 352.638241][T20634] do_fast_syscall_32+0x32/0x80 [ 352.640376][T20634] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 352.642945][T20634] } [ 352.643775][T20634] ... key at: [] __key.0+0x0/0x40 [ 352.646035][T20634] ... acquired at: [ 352.647260][T20634] lock_acquire+0x179/0x350 [ 352.648746][T20634] _raw_read_lock_irqsave+0x74/0x90 [ 352.650637][T20634] kill_fasync+0x138/0x510 [ 352.652128][T20634] evdev_pass_values+0x619/0x9b0 [ 352.653952][T20634] evdev_events+0x1bb/0x390 [ 352.655685][T20634] input_pass_values+0x74b/0x880 [ 352.657341][T20634] input_handle_event+0xf00/0x14d0 [ 352.659028][T20634] input_inject_event+0x1e8/0x3b0 [ 352.660681][T20634] evdev_write+0x2e1/0x440 [ 352.662154][T20634] vfs_write+0x2a0/0x11d0 [ 352.663622][T20634] ksys_write+0x1f8/0x250 [ 352.665124][T20634] __do_fast_syscall_32+0x7c/0x3a0 [ 352.667155][T20634] do_fast_syscall_32+0x32/0x80 [ 352.669436][T20634] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 352.672267][T20634] [ 352.673249][T20634] [ 352.673249][T20634] stack backtrace: [ 352.675279][T20634] CPU: 2 UID: 0 PID: 20634 Comm: syz.6.6185 Not tainted syzkaller #0 PREEMPT(full) [ 352.675295][T20634] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 352.675302][T20634] Call Trace: [ 352.675310][T20634] [ 352.675317][T20634] dump_stack_lvl+0x116/0x1f0 [ 352.675342][T20634] check_irq_usage+0x7dc/0x920 [ 352.675364][T20634] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 352.675393][T20634] ? check_path.constprop.0+0x24/0x50 [ 352.675415][T20634] ? __lock_acquire+0x12bc/0x1ce0 [ 352.675434][T20634] __lock_acquire+0x12bc/0x1ce0 [ 352.675459][T20634] lock_acquire+0x179/0x350 [ 352.675485][T20634] ? kill_fasync+0x138/0x510 [ 352.675512][T20634] _raw_read_lock_irqsave+0x74/0x90 [ 352.675531][T20634] ? kill_fasync+0x138/0x510 [ 352.675553][T20634] kill_fasync+0x138/0x510 [ 352.675578][T20634] evdev_pass_values+0x619/0x9b0 [ 352.675598][T20634] evdev_events+0x1bb/0x390 [ 352.675615][T20634] input_pass_values+0x74b/0x880 [ 352.675632][T20634] input_handle_event+0xf00/0x14d0 [ 352.675649][T20634] ? _copy_from_user+0x59/0xd0 [ 352.675677][T20634] input_inject_event+0x1e8/0x3b0 [ 352.675694][T20634] evdev_write+0x2e1/0x440 [ 352.675711][T20634] ? __pfx_evdev_write+0x10/0x10 [ 352.675726][T20634] ? common_file_perm+0x1a9/0x340 [ 352.675747][T20634] ? bpf_lsm_file_permission+0x9/0x10 [ 352.675770][T20634] ? security_file_permission+0x71/0x210 [ 352.675794][T20634] ? rw_verify_area+0xcf/0x6c0 [ 352.675811][T20634] ? __pfx_evdev_write+0x10/0x10 [ 352.675826][T20634] vfs_write+0x2a0/0x11d0 [ 352.675846][T20634] ? __pfx_vfs_write+0x10/0x10 [ 352.675863][T20634] ? find_held_lock+0x2b/0x80 [ 352.675878][T20634] ? __fget_files+0x204/0x3c0 [ 352.675897][T20634] ? __fget_files+0x20e/0x3c0 [ 352.675917][T20634] ksys_write+0x1f8/0x250 [ 352.675935][T20634] ? __pfx_ksys_write+0x10/0x10 [ 352.675954][T20634] ? rcu_is_watching+0x12/0xc0 [ 352.675973][T20634] __do_fast_syscall_32+0x7c/0x3a0 [ 352.675997][T20634] do_fast_syscall_32+0x32/0x80 [ 352.676019][T20634] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 352.676038][T20634] RIP: 0023:0xf710e579 [ 352.676050][T20634] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 352.676066][T20634] RSP: 002b:00000000f54fe55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 352.676081][T20634] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040 [ 352.676091][T20634] RDX: 0000000000001068 RSI: 0000000000000000 RDI: 0000000000000000 [ 352.676101][T20634] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 352.676110][T20634] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 352.676120][T20634] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 352.676135][T20634] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 352.927703][T20633] syz_tun (unregistering): left allmulticast mode [ 352.929703][T20633] syz_tun (unregistering): left promiscuous mode [ 352.931599][T20633] bridge0: port 3(syz_tun) entered disabled state [ 353.069055][ T6421] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.154817][ T6421] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.176613][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880123fe800: rx timeout, send abort [ 353.254790][ T6421] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.326595][ T6421] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.415793][ T6421] bridge_slave_1: left allmulticast mode [ 353.417595][ T6421] bridge_slave_1: left promiscuous mode [ 353.419735][ T6421] bridge0: port 2(bridge_slave_1) entered disabled state [ 353.680070][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880123fe800: abort rx timeout. Force session deactivation [ 353.774512][ T6421] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 353.779698][ T6421] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 353.783371][ T6421] bond0 (unregistering): Released all slaves [ 354.069431][ T6421] hsr_slave_1: left promiscuous mode [ 354.071356][ T6421] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 354.073662][ T6421] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 354.076392][ T6421] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 354.078823][ T6421] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 354.083363][ T6421] veth1_macvtap: left promiscuous mode [ 354.085210][ T6421] veth0_macvtap: left promiscuous mode [ 354.087270][ T6421] veth1_vlan: left promiscuous mode [ 354.089115][ T6421] veth0_vlan: left promiscuous mode [ 354.772280][ T6421] team0 (unregistering): Port device team_slave_1 removed [ 354.882770][ T6421] team0 (unregistering): Port device team_slave_0 removed [ 355.801622][ T6421] IPVS: stop unused estimator thread 0... [ 356.174490][ T6421] netdevsim netdevsim9 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 356.177832][ T6421] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.245034][ T6421] netdevsim netdevsim9 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 356.249407][ T6421] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.344372][ T6421] netdevsim netdevsim9 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 356.348130][ T6421] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.436658][ T6421] netdevsim netdevsim9 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 356.439923][ T6421] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.517979][ T6421] dummy0: left allmulticast mode [ 356.519693][ T6421] bridge0: port 1(dummy0) entered disabled state [ 356.522403][ T6421] bridge_slave_1: left allmulticast mode [ 356.524328][ T6421] bridge_slave_1: left promiscuous mode [ 356.526342][ T6421] bridge0: port 2(bridge_slave_1) entered disabled state [ 356.529882][ T6421] bridge_slave_1: left allmulticast mode [ 356.531695][ T6421] bridge_slave_1: left promiscuous mode [ 356.533521][ T6421] bridge0: port 2(bridge_slave_1) entered disabled state [ 356.536990][ T6421] bridge_slave_0: left allmulticast mode [ 356.538753][ T6421] bridge_slave_0: left promiscuous mode [ 356.540628][ T6421] bridge0: port 1(bridge_slave_0) entered disabled state [ 356.628640][ T6421] bond1 (unregistering): (slave erspan1): Releasing active interface [ 356.631179][ T6421] erspan1 (unregistering): left promiscuous mode [ 356.633120][ T6421] erspan1 (unregistering): left allmulticast mode [ 356.804787][ T6421] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 356.808621][ T6421] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 356.811810][ T6421] bond0 (unregistering): Released all slaves [ 356.815581][ T6421] bond1 (unregistering): Released all slaves [ 356.902985][ T6421] team0: Port device geneve0 removed [ 357.076472][ T6421] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 357.080133][ T6421] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 357.083430][ T6421] bond0 (unregistering): Released all slaves [ 358.750012][ T6421] mac80211_hwsim hwsim19 wlan0 (unregistering): left allmulticast mode [ 358.752615][ T6421] mac80211_hwsim hwsim19 wlan0 (unregistering): left promiscuous mode [ 358.974984][ T6421] hsr_slave_0: left promiscuous mode [ 358.978008][ T6421] hsr_slave_1: left promiscuous mode [ 358.979956][ T6421] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 358.982536][ T6421] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 358.987018][ T6421] hsr_slave_0: left promiscuous mode [ 358.989043][ T6421] hsr_slave_1: left promiscuous mode [ 358.991039][ T6421] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 358.993796][ T6421] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 358.996766][ T6421] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 358.999192][ T6421] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 359.004155][ T6421] veth1_macvtap: left promiscuous mode [ 359.006083][ T6421] veth0_macvtap: left promiscuous mode [ 359.007860][ T6421] veth1_vlan: left promiscuous mode [ 359.009627][ T6421] veth0_vlan: left promiscuous mode [ 359.839251][ T6421] team0 (unregistering): Port device team_slave_1 removed [ 359.946363][ T6421] team0 (unregistering): Port device team_slave_0 removed [ 361.134299][ T6421] team0 (unregistering): Port device team_slave_1 removed [ 361.242268][ T6421] team0 (unregistering): Port device team_slave_0 removed VM DIAGNOSIS: 13:58:49 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff913b56ba RDX=1ffff92000083ebd RSI=0000000000000000 RDI=ffffffff90b8e858 RBP=0000000000000000 RSP=ffffc9000041f570 R8 =ffffffff913b56e4 R9 =0000000000000000 R10=ffffc9000041f5e8 R11=0000000000002c10 R12=ffffc9000041f638 R13=ffffc9000041f5e8 R14=ffffc9000041f61d R15=ffffffff913b56bf RIP=ffffffff8b90a130 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880974c3000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000031f20ffc CR3=000000004ab75000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 f85dffffffff8220 f83effffffff8220 f822ffffffff821d 851affffffff821d ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 f8feffffffff8220 f8ddffffffff8220 f8adffffffff8220 f893ffffffff8220 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8d8dffffffff8227 8c7dffffffff8227 8c3bffffffff8227 8c05ffffffff8220 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 92b6ffffffff8227 93f2ffffffff8227 93e7ffffffff8227 93d3ffffffff8227 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 9222ffffffff8227 9131ffffffff8227 90e0ffffffff8227 90b8ffffffff8227 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 907bffffffff8227 905cffffffff8227 8fe2ffffffff8227 8e98ffffffff8227 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8e71ffffffff8227 8decffffffff8227 8de0ffffffff8227 8dccffffffff8227 ZMM24=48972ab048972ab0 48972ab048972ab0 48972ab048972ab0 48972ab048972ab0 48972ab048972ab0 48972ab048972ab0 48972ab048972ab0 48972ab048972ab0 ZMM25=ed0957bced0957bc ed0957bced0957bc ed0957bced0957bc ed0957bced0957bc ed0957bced0957bc ed0957bced0957bc ed0957bced0957bc ed0957bced0957bc ZMM26=2d70b7362d70b736 2d70b7362d70b736 2d70b7362d70b736 2d70b7362d70b736 2d70b7362d70b736 2d70b7362d70b736 2d70b7362d70b736 2d70b7362d70b736 ZMM27=70078b8d70078b8d 70078b8d70078b8d 70078b8d70078b8d 70078b8d70078b8d 70078b8d70078b8d 70078b8d70078b8d 70078b8d70078b8d 70078b8d70078b8d ZMM28=000001400000013f 0000013e0000013d 0000013c0000013b 0000013a00000139 0000013800000137 0000013600000135 0000013400000133 0000013200000131 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=7134000071340000 7134000071340000 7134000071340000 7134000071340000 7134000071340000 7134000071340000 7134000071340000 7134000071340000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=ffff88802b33b440 RCX=ffffffff81a15aff RDX=0000000000000000 RSI=ffffffff8baeca20 RDI=ffff88806ce70448 RBP=ffff88802b33b451 RSP=ffffc9000d2bfaf0 R8 =0000000000000000 R9 =fffffbfff2157052 R10=ffffffff90ab8297 R11=0000000000000001 R12=0000000000000001 R13=ffff88806ce70000 R14=ffffffff90abb434 R15=0000000000000001 RIP=ffffffff81a047f6 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880975c3000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c332745 CR3=000000004c7c7000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85617045 RDI=ffffffff9b0f9700 RBP=ffffffff9b0f96c0 RSP=ffffc900033bf2f0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=000000000000002d R14=ffffffff9b0f96c0 R15=ffffffff85616fe0 RIP=ffffffff8561706f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880976c3000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f746d6f0 CR3=0000000070cff000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffff00 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=0000000000000008 RCX=1ffff920005f5ebb RDX=ffff888022ac0000 RSI=ffffffff82077a70 RDI=ffff888022ac0444 RBP=0000000000001000 RSP=ffffc90002faf668 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=000000000000001e R12=0000000000000008 R13=dffffc0000000000 R14=ffffea000189d540 R15=ffffea000189d540 RIP=ffffffff81bb0906 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880977c3000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7f055c0 CR3=000000004da71000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=67361fd9fab218ee 1f350daf4139e5b3 67361fd9fab218ee 1f350daf4139e5b3 67361fd9fab218ee 1f350daf4139e5b3 67361fd9fab218ee 1f350daf4139e5b3 ZMM18=70078b8d2d70b736 ed0957bc48972ab0 70078b8d2d70b736 ed0957bc48972ab0 70078b8d2d70b736 ed0957bc48972ab0 70078b8d2d70b736 ed0957bc48972ab0 ZMM19=7634000000000000 0000000000000005 7634000000000000 0000000000000004 7634000000000000 0000000000000003 7634000000000000 0000000000000002 ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 29e3ffffffff8a27 2386ffffffff8a27 11cd000000040300 0000000000100000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000c0000000a0004 0008000f0010000a 0000000003e60000 000800040000000a ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0008000000200000 0058000000a40000 00e80000027c0000 02a8000000060000 ZMM24=48972ab048972ab0 48972ab048972ab0 48972ab048972ab0 48972ab048972ab0 48972ab048972ab0 48972ab048972ab0 48972ab048972ab0 48972ab048972ab0 ZMM25=ed0957bced0957bc ed0957bced0957bc ed0957bced0957bc ed0957bced0957bc ed0957bced0957bc ed0957bced0957bc ed0957bced0957bc ed0957bced0957bc ZMM26=2d70b7362d70b736 2d70b7362d70b736 2d70b7362d70b736 2d70b7362d70b736 2d70b7362d70b736 2d70b7362d70b736 2d70b7362d70b736 2d70b7362d70b736 ZMM27=70078b8d70078b8d 70078b8d70078b8d 70078b8d70078b8d 70078b8d70078b8d 70078b8d70078b8d 70078b8d70078b8d 70078b8d70078b8d 70078b8d70078b8d ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=7534000075340000 7534000075340000 7534000075340000 7534000075340000 7534000075340000 7534000075340000 7534000075340000 7534000075340000