last executing test programs: 10m45.661573573s ago: executing program 32 (id=276): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000480), r0) sendmsg$TIPC_NL_LINK_GET(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010b2c650833fadbdf2508000000180004801300010062726fd0cf2db191b91622029e4922"], 0x2c}, 0x1, 0x0, 0x0, 0x844}, 0x4000000) 8m38.636950707s ago: executing program 33 (id=5651): r0 = syz_usbip_server_init(0x4) syz_usb_connect(0x1, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c00712152230000000010902"], 0x0) write$usbip_server(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="000000030000000100"], 0x60) 7m48.740348019s ago: executing program 1 (id=6768): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x10, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'wg1\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000000)={'ip6tnl0\x00', &(0x7f0000000080)={'syztnl2\x00', r2, 0x0, 0x7d, 0x9, 0x3, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @loopback={0x2000000000000000, 0x460c6}, 0x7800, 0x40, 0x1, 0x80000806}}) 7m48.733528996s ago: executing program 1 (id=6770): r0 = socket(0x10, 0x3, 0x6) r1 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newqdisc={0x8c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0xf}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0xb, 0x2, {{0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4]}, [@TCA_MQPRIO_MIN_RATE64={0x4}]}}}]}, 0x8c}}, 0x0) 7m48.658278897s ago: executing program 1 (id=6772): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.self_freezing\x00', 0x275a, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x200c8084, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) close(0x4) 7m48.607148774s ago: executing program 1 (id=6781): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x225) 7m48.532810359s ago: executing program 1 (id=6774): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) pselect6(0x40, &(0x7f0000000180)={0x0, 0x0, 0x3539, 0x7fffffffffffffff, 0xa5d, 0x7fff, 0x3, 0x72}, &(0x7f00000001c0)={0x7, 0x4, 0x2, 0x100, 0x80000000, 0x6, 0x2, 0x4}, 0x0, 0x0, 0x0) 7m48.243227184s ago: executing program 1 (id=6780): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a5"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x74) sendmmsg$unix(r0, &(0x7f0000000b00)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000e80)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x2, 0x0) 7m48.172494521s ago: executing program 34 (id=6780): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a5"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x74) sendmmsg$unix(r0, &(0x7f0000000b00)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000e80)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x2, 0x0) 5m11.508889882s ago: executing program 5 (id=10744): r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x4, 0x400}, &(0x7f00000001c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd, 0x0, 0x0, 0x40000, 0x4}) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) 5m11.448899987s ago: executing program 5 (id=10746): timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = msgget$private(0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0xda72ed5a9dc29567, 0x2000) 5m11.448382223s ago: executing program 5 (id=10748): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet6(r1, &(0x7f0000007bc0)=[{{0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000001900)="a9cff3", 0x3}, {&(0x7f0000001980)="5fb3450effde69bf04e3e44a973930e0b6f397ee7a964d6dbf627acb2d9426f6a9b00bee1bf4eb68838680", 0x2b}, {&(0x7f00000019c0)="48c2c8557113f61ff1aafba9c7e66173164c8ca0c15cbff5683fb4ddb6394595afbcbaaa377a4a5f830744e047edf851d62a66716dd1b4267d5ed18eb9f5c4f88793e82590b71922e22ef06265309b871cba49e7299e2c090c02bd10630588bdc3466f4f5bb8578a26c37021bbb564f50e373543dbd71abbcbe8e6e7bb3b26a9dd2f5ed56323a0055e2e30ed595dea33087b6392a8cabc9e5a07b064e79c7528a81ab8d7ee7aa5ff27ab7c51", 0xac}, {&(0x7f0000001a80)='Tq', 0x2}, {&(0x7f0000001b00)="696c6a7b5ea3afd7819ee415dbdde5557921387803db572c10968b2e1fcb5d68baa44bba", 0x24}, {&(0x7f0000001c00)="5ca5b1dabcc26ad25d615b05179a9fd11e6653791ad22b90c11d51d82c5339db07573325f2a50b1f39be84a4ded40063e6538f23fbbb6e35546898cd11f3aed21d065dae1ca8fe6f98feeab1efe708ae36e99ef9540324c582f7f497944e4d88c571328536fa3082092fe0866359247a8cc4fa868e328224411de12869db981383d403e97e958db40152d168b100a3220ec4a243377a0dc1be323e588ac346ed86498d1878e5c8dcc063812c", 0x7fffef00}, {&(0x7f0000001d00)="40a39684f731a649fe952deb2eff7fae7af9f2e92ddb69833700fafb1c2de6f1b92ec4a5299ce1da382c", 0x2a}], 0x7}}], 0x1, 0x0) 5m11.257712205s ago: executing program 5 (id=10750): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x84000, 0x0) 5m11.256076529s ago: executing program 5 (id=10751): mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x50}}, 0x4008840) r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x0, 0x60, &(0x7f0000000040), 0x50) 5m11.080521047s ago: executing program 5 (id=10753): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xea) 5m11.049119585s ago: executing program 35 (id=10753): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xea) 4m56.625800491s ago: executing program 6 (id=11159): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x1d000}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000240)={0x0, 0x2000}) 4m56.567141893s ago: executing program 6 (id=11162): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)=0x3) io_setup(0x19, &(0x7f00000009c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000500)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) 4m56.396362841s ago: executing program 6 (id=11166): rseq(&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x3}, 0x20, 0x0, 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x4206, r0) waitid(0x0, r0, 0x0, 0x8, 0x0) 4m56.217561981s ago: executing program 6 (id=11171): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x84000, 0x0) 4m56.137570853s ago: executing program 6 (id=11172): r0 = io_uring_setup(0x310f, &(0x7f0000000240)={0x0, 0x5f98, 0x80, 0xffffffff, 0x2000}) r1 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private}}, 0x80, 0x0, 0x0, &(0x7f0000000100)=[{0x10, 0x110, 0x1}], 0x10}, 0x8000) close_range(r0, 0xffffffffffffffff, 0x0) 4m55.186732845s ago: executing program 6 (id=11179): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000800)=@newqdisc={0x148, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8}, {0x11c, 0x2, [@TCA_RED_PARMS={0x14}, @TCA_RED_STAB={0x104, 0x2, "17d924ce73eb01afed6f4b3872f6f7d2ad76640342132cb8f3349d70985c1c69a9467def24eb1634a0e05a0154d5f902f30ffb3d607d697278109a141885dc225b053a0e92a593873c07860fd2be484416c84fce073f53cf67ca1ae8febdde9553c6347ef890953c46e38948cc4d54cf638b1317cf136559fae5bbd603f63763062c9bcd8715afeeb4c236554c890276b5b88de90f2e4a2464e869742a5b2ee6968dc8212e5b9ff3eba09ab9f42efaeb14b479c003e517c44c38fe3198540b9fe222ed2f8d0a78c6ba169719d69126dc57150020a5367cd3b781fd6fd9b8dca55427c2dfdf7ca5b9d1616b5bf2b4bbb627308e7eb58ce727046ddde0c629c2da"}]}}]}, 0x148}}, 0x0) 4m55.070459945s ago: executing program 36 (id=11179): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000800)=@newqdisc={0x148, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8}, {0x11c, 0x2, [@TCA_RED_PARMS={0x14}, @TCA_RED_STAB={0x104, 0x2, "17d924ce73eb01afed6f4b3872f6f7d2ad76640342132cb8f3349d70985c1c69a9467def24eb1634a0e05a0154d5f902f30ffb3d607d697278109a141885dc225b053a0e92a593873c07860fd2be484416c84fce073f53cf67ca1ae8febdde9553c6347ef890953c46e38948cc4d54cf638b1317cf136559fae5bbd603f63763062c9bcd8715afeeb4c236554c890276b5b88de90f2e4a2464e869742a5b2ee6968dc8212e5b9ff3eba09ab9f42efaeb14b479c003e517c44c38fe3198540b9fe222ed2f8d0a78c6ba169719d69126dc57150020a5367cd3b781fd6fd9b8dca55427c2dfdf7ca5b9d1616b5bf2b4bbb627308e7eb58ce727046ddde0c629c2da"}]}}]}, 0x148}}, 0x0) 1m57.89429254s ago: executing program 7 (id=14891): writev(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006", 0x30}], 0x1) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="600000000206050000000000000000000000000005000400000000000900020073797a32000000"], 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0}) 1m57.797994117s ago: executing program 7 (id=14894): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@multicast, @link_local, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {0x22, 0x0, 0x0, @empty}}}}}, 0x0) r1 = socket$nl_generic(0x11, 0x3, 0x10) sendmsg(r1, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) 1m57.797235308s ago: executing program 7 (id=14896): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x0, 0x0, 0xffffffff}, 0x1c) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f80)=ANY=[@ANYBLOB="b70200000b000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f7a80d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001e8c76bbe7ff988a28ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f757036303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4522bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b9fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabfd50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd1389a0963de85dd2b189774450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f326df86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c39b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa525235da0000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000000000646174b55d251f7f8ca5ccc32a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2a434b9048ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b4783d66661a92f174f8293cf83bceaf6c9eda1f83166aa1e2093d626870510e6cd176d501fe01e4a752fc30134073188e3f826f695e4e14fca6596943467c7df154493023f77c107b3db20ea75b493b4b38dc43986d94748cbfab954edae20982b6d212a44f4b40387876bc9eb73900"/3112], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0x26, 0x0, &(0x7f00000002c0)="b9ff0b072859268cb89e14f088a8473fb9d3536d02ee61d79c7bdc0645372e083d7df19de099", 0x0, 0xf00, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 1m57.637869892s ago: executing program 7 (id=14905): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) umount2(&(0x7f0000000400)='./file0/../file0\x00', 0x1) 1m57.589196185s ago: executing program 7 (id=14908): r0 = socket$packet(0x11, 0x2, 0x300) r1 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x707b, 0x0, 0x1, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, r0, 0x0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x0, 0x20, 0x4aa52520f215cfe4, {0x2}}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) 1m56.94861176s ago: executing program 7 (id=14923): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)={0x24, r1, 0x200, 0x70bd2b, 0x0, {}, [@NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r1, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r2}, @void}}}, 0x28}}, 0x0) 1m56.900816772s ago: executing program 37 (id=14923): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)={0x24, r1, 0x200, 0x70bd2b, 0x0, {}, [@NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r1, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r2}, @void}}}, 0x28}}, 0x0) 1m37.420497138s ago: executing program 8 (id=15302): r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f00000000c0)=0x7) r1 = syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x0, 0x0) close(r1) 1m37.326004224s ago: executing program 8 (id=15307): r0 = syz_open_dev$swradio(&(0x7f0000000140), 0x0, 0x2) r1 = dup(r0) read(r1, &(0x7f0000000040), 0x0) ioctl$VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000000)={0xf0f046}) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) 1m37.203067922s ago: executing program 8 (id=15318): r0 = syz_io_uring_setup(0x10d, &(0x7f0000000000)={0x0, 0x5887, 0x400, 0x2}, &(0x7f0000000340), &(0x7f0000000280)) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000042c0)='fdinfo/3\x00') read$FUSE(r1, &(0x7f0000004300)={0x2020}, 0x2020) 1m37.124097302s ago: executing program 8 (id=15320): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) umount2(&(0x7f0000000400)='./file0/../file0\x00', 0x1) 1m36.953041673s ago: executing program 8 (id=15324): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00') mkdirat(0xffffffffffffffff, 0x0, 0x100) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0) 1m34.514649183s ago: executing program 8 (id=15336): io_setup(0x7d, &(0x7f0000001440)=0x0) r1 = syz_io_uring_setup(0x672b, &(0x7f0000000380)={0x0, 0x0, 0x13090, 0xfffffffc}, &(0x7f0000000100), &(0x7f00000000c0)) io_pgetevents(r0, 0x2, 0x2, &(0x7f0000000000)=[{}, {}], &(0x7f0000000040)={0x77359400}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x13f}}, 0x20) io_submit(r0, 0x1, &(0x7f00000008c0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 1m34.392170626s ago: executing program 38 (id=15336): io_setup(0x7d, &(0x7f0000001440)=0x0) r1 = syz_io_uring_setup(0x672b, &(0x7f0000000380)={0x0, 0x0, 0x13090, 0xfffffffc}, &(0x7f0000000100), &(0x7f00000000c0)) io_pgetevents(r0, 0x2, 0x2, &(0x7f0000000000)=[{}, {}], &(0x7f0000000040)={0x77359400}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x13f}}, 0x20) io_submit(r0, 0x1, &(0x7f00000008c0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 1m15.343139378s ago: executing program 3 (id=15642): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0xfffffffe, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) socketpair(0x18, 0x0, 0x2, &(0x7f0000000000)) 1m15.228947609s ago: executing program 3 (id=15643): sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000000, &(0x7f0000000000)={0xa, 0x4e21, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}}, 0x1c) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000040)={r2, 0x5}, 0x8) 1m15.179836953s ago: executing program 3 (id=15644): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000011c0)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000001200)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000080)={0x1d, r1}, 0x18) writev(r0, &(0x7f0000000240)=[{&(0x7f0000000000)='h', 0xfdef}], 0x1) 1m14.604737985s ago: executing program 3 (id=15649): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x30109d, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 1m14.554896005s ago: executing program 3 (id=15650): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='io_uring_create\x00', r1}, 0x18) io_uring_setup(0x1de0, &(0x7f00000000c0)={0x0, 0x45d6, 0x0, 0x0, 0x0, 0x0, r1}) 1m14.249661025s ago: executing program 3 (id=15656): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x39cb, 0x4) sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0) recvfrom(r0, 0x0, 0x49, 0x12142, 0x0, 0x0) 1m14.182956176s ago: executing program 39 (id=15656): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x39cb, 0x4) sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0) recvfrom(r0, 0x0, 0x49, 0x12142, 0x0, 0x0) 41.819590668s ago: executing program 0 (id=16330): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000500)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="02"], 0x10) socket$inet6_sctp(0xa, 0x1, 0x84) 41.723165038s ago: executing program 0 (id=16332): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='autofs\x00', 0x0, &(0x7f0000000100)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0, 0x3f46137792f68265) ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0xc0049364, &(0x7f00000001c0)) 41.437884891s ago: executing program 0 (id=16338): r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') preadv(r0, &(0x7f00000000c0)=[{&(0x7f0000000580)=""/128, 0x5b}], 0x1, 0xb6, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000740)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r0, &(0x7f0000000100)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000008c0)={0x0, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x4000) 32.932195585s ago: executing program 0 (id=16338): r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') preadv(r0, &(0x7f00000000c0)=[{&(0x7f0000000580)=""/128, 0x5b}], 0x1, 0xb6, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000740)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r0, &(0x7f0000000100)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000008c0)={0x0, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x4000) 23.597693831s ago: executing program 0 (id=16338): r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') preadv(r0, &(0x7f00000000c0)=[{&(0x7f0000000580)=""/128, 0x5b}], 0x1, 0xb6, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000740)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r0, &(0x7f0000000100)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000008c0)={0x0, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x4000) 20.002934503s ago: executing program 2 (id=16549): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000001580), r0) sendmsg$NFC_CMD_DEP_LINK_DOWN(r0, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000001680)={0x1c, r2, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000c0}, 0x90) 19.846061176s ago: executing program 2 (id=16550): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000140), 0x4) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x11a, 0x4, 0x0, 0x0) 19.845718168s ago: executing program 2 (id=16551): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2, 0x2, 0x0, @void, @value}, 0x10) socket$l2tp(0x2, 0x2, 0x73) 19.786185398s ago: executing program 2 (id=16552): r0 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x101502) r1 = dup2(r0, r0) ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000001c0)={0x14000000}) poll(&(0x7f0000000340)=[{r1, 0x5002}], 0x1, 0xe86) read$eventfd(r1, 0x0, 0x2000) 16.723441133s ago: executing program 2 (id=16558): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000100060000000077f2ab26850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='kfree\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=@newqdisc={0x38, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_NON_HH_WEIGHT={0x8}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 11.098604536s ago: executing program 0 (id=16338): r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') preadv(r0, &(0x7f00000000c0)=[{&(0x7f0000000580)=""/128, 0x5b}], 0x1, 0xb6, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000740)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r0, &(0x7f0000000100)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000008c0)={0x0, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x4000) 8.584653233s ago: executing program 2 (id=16558): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000100060000000077f2ab26850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='kfree\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=@newqdisc={0x38, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_NON_HH_WEIGHT={0x8}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 2.989783502s ago: executing program 4 (id=16638): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f00000000c0)=0xc4, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x73, &(0x7f0000000300)={@local, @link_local, @val={@void, {0x8100, 0x0, 0x0, 0x4}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x4d, 0x0, @opaque="d83f3f2540d86d9700e4d9e352b2e4ca103f60f21e9ff1ddcafdb8f6a73362ac21b66b3dc0d8aebdc2537cbde3dce51f0b345d57d123506ffa69e50e480756098210de7f00"}}}}}, 0x0) recvmmsg(r0, &(0x7f0000003100), 0x35, 0x2, 0x0) 2.937966525s ago: executing program 4 (id=16639): rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) r0 = gettid() rt_sigtimedwait(&(0x7f0000000040)={[0xffffffff]}, 0x0, 0x0, 0x8) timer_create(0x2, &(0x7f0000000180)={0x0, 0x4, 0x4, @tid=r0}, &(0x7f0000000140)) timer_settime(0x0, 0xe54aef35e9c2845d, &(0x7f000006b000)={{}, {0x0, 0x9}}, 0x0) 2.838369262s ago: executing program 4 (id=16640): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB="820000000200000070000040"]) 2.64840142s ago: executing program 4 (id=16643): bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58) write$sndseq(0xffffffffffffffff, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x5) ioctl$PTP_EXTTS_REQUEST2(r0, 0x40103d0b, &(0x7f0000000000)={0x1, 0x1}) 2.648048196s ago: executing program 4 (id=16644): mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) open$dir(&(0x7f0000000180)='./file0\x00', 0x607e, 0x0) 2.588288239s ago: executing program 4 (id=16645): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000007d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10) unshare(0x42000000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000010900010073797a310000000048000000030a01010000000000000000010000000900030073797a3100000000080007006e6174000900010073797a310000000014000480080002407c40280f080001"], 0xb8}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) 2.218813551s ago: executing program 9 (id=16651): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000700)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-clmulni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$sock(r1, &(0x7f00000002c0)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)="444904b75920a54b748fe57ac0cf864dd7436f94c071c05873c664328b7c692052b43035ba8d09a4c771cafcfc907db2f53314b6ce97b3d6f7768c386cc31cb464ba9e269e117e9fa929fa0ea2c0783907d9e6be2112b32c403751adb7df16559491ac015cc3e81a3e814547bfc8c5b2ce2e28c039b4a129b272cc3d189eee8ff0c431f804af00c2e77eb373bb86693dcfa2a845f95f04297c6b4438cccd94bd", 0xa0}], 0x1}}, {{&(0x7f0000000100)=@ethernet={0x306, @random="61cb00fb0276"}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000180)="872f6142d5966a0c5b85af53afb2449297d9f1851ab757d44a255b5e2612bc28bff989eb14a18b311e036dfbfabc9a1c536a61d12828e7da3a3238c70a7dd7588c6aaee1522261962cec5705418ba7631c15763f5a4afad3c365d80db845676ea983756efc8410a22bc82f4a5550052e7ea55e1c47ee04b08c64a54e9a461131ae08467eda827bfb1130de1eef9070e379cd8288971ba41aced3f5cf74ccaa5d4397f63a4b0160007eace44ae68c3b68ac9daa15bce5a86b6a49c8c89124b2f13c75a9314f4e", 0xc6}, {&(0x7f0000000340)="030f082ec8146a6e053f44f2068f7ab81c8865d332e1dfa888430d835b7a547916f877ba821d9e7ed34ae4a3b6aa412268cdd13733c06e3d29fab990d4b2f672bf6cfd44b758df70c1613e3be7659692c3bfc898996df71e4f1ca18eef78cde12ccbc6792f439c664f4bae1836282e2758f2fcf1ef9f71397a2b05fc4f1813ab687920ad7ed2db15eef1b76deb81b6eabea5660f7994ecc501562ad3a39c81ff4afb827e04f7e61a55f29e9413642b6ea80471fc9f0a9275b7299d040c380f3b3b2ab1ed85521b8897b58686bd98207bc508915f67e2334f4a9623cce01f5c73ef78414304b2", 0xe6}], 0x2, 0x0, 0xfffffffffffffd93}}], 0x2, 0x0) 2.216191103s ago: executing program 9 (id=16652): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0xfffffffffffffe8b, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 2.118726152s ago: executing program 9 (id=16653): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close(r0) socket$nl_rdma(0x10, 0x3, 0x14) ioctl$SIOCSIFHWADDR(r0, 0x8b1a, &(0x7f0000000000)={'virt_wifi0\x00', @random="0200002000"}) 61.885053ms ago: executing program 9 (id=16654): r0 = io_uring_setup(0x3c92, &(0x7f0000000100)={0x0, 0x3, 0x0, 0xffffffff}) r1 = syz_open_dev$vim2m(&(0x7f0000000080), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000140)={0x8000, 0x1, 0x4}) ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000040)=0x1) close_range(r0, 0xffffffffffffffff, 0x0) 3.300812ms ago: executing program 9 (id=16655): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000300)={0x700, 0x1, &(0x7f0000000340)=[r1], &(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe}) 0s ago: executing program 9 (id=16656): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x4, 0x8, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, [@call={0x85, 0x0, 0x0, 0x23}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) r2 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r2, 0x0) kernel console output (not intermixed with test programs): , idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 601.621232][ T63] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 601.829820][ T63] usb 9-1: GET_CAPABILITIES returned 0 [ 601.832065][ T63] usbtmc 9-1:16.0: can't read capabilities [ 602.035519][ T63] usb 9-1: USB disconnect, device number 25 [ 602.396117][ T6805] netlink: 48 bytes leftover after parsing attributes in process `syz.9.15017'. [ 602.627619][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 602.794713][ T6827] netlink: 28 bytes leftover after parsing attributes in process `syz.4.15028'. [ 602.797440][ T6827] netlink: 'syz.4.15028': attribute type 7 has an invalid length. [ 602.800368][ T6827] netlink: 'syz.4.15028': attribute type 8 has an invalid length. [ 602.803137][ T6827] netlink: 4 bytes leftover after parsing attributes in process `syz.4.15028'. [ 603.170720][ T6860] input: syz0 as /devices/virtual/input/input75 [ 603.203819][ T5949] Bluetooth: hci2: command tx timeout [ 603.364314][ T6875] could not open pipe file descriptor [ 603.667585][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 603.683815][ T6907] loop9: detected capacity change from 0 to 7 [ 603.689908][ T6907] Dev loop9: unable to read RDB block 7 [ 603.694094][ T6907] loop9: unable to read partition table [ 603.696551][ T6907] loop9: partition table beyond EOD, truncated [ 603.699202][ T6907] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5) [ 604.003308][ T6933] (unnamed net_device) (uninitialized): ARP target 1.0.0.0 is already present [ 604.006711][ T6933] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (1) [ 604.707666][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 604.941151][ T6967] tun0: tun_chr_ioctl cmd 1074025675 [ 604.941233][ T6967] tun0: persist disabled [ 605.111382][ T6981] netlink: 952 bytes leftover after parsing attributes in process `syz.8.15099'. [ 605.480700][ T7027] vivid-004: disconnect [ 605.484248][ T7023] vivid-004: reconnect [ 605.595260][ T7038] netlink: 'syz.4.15124': attribute type 1 has an invalid length. [ 605.604072][ T7038] netlink: 20 bytes leftover after parsing attributes in process `syz.4.15124'. [ 605.747592][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 605.783488][ T7033] veth0_vlan: left promiscuous mode [ 605.786400][ T7033] veth0_vlan: entered promiscuous mode [ 605.980429][ T7066] vivid-002: disconnect [ 605.988799][ T7059] vivid-002: reconnect [ 606.053498][ T7069] netlink: 4 bytes leftover after parsing attributes in process `syz.8.15136'. [ 606.060085][ T7069] netlink: 4 bytes leftover after parsing attributes in process `syz.8.15136'. [ 606.787618][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 607.220353][ T7132] netlink: 'syz.8.15161': attribute type 1 has an invalid length. [ 607.223494][ T7132] netlink: 20 bytes leftover after parsing attributes in process `syz.8.15161'. [ 607.837626][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 607.931018][ T7156] veth0_vlan: left promiscuous mode [ 607.933374][ T7156] veth0_vlan: entered promiscuous mode [ 607.988853][ T63] usb 14-1: new high-speed USB device number 2 using dummy_hcd [ 608.168923][ T63] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 608.168951][ T63] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 608.168968][ T63] usb 14-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 608.181294][ T63] usb 14-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 608.181310][ T63] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 608.182504][ T63] usb 14-1: config 0 descriptor?? [ 608.604271][ T63] plantronics 0003:047F:FFFF.0016: unknown main item tag 0xd [ 608.605567][ T63] plantronics 0003:047F:FFFF.0016: No inputs registered, leaving [ 608.619143][ T63] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.9-1/input0 [ 608.659375][ T7191] netlink: 3 bytes leftover after parsing attributes in process `syz.8.15188'. [ 608.660788][ T7191] 0ªX¹¦À: renamed from caif0 [ 608.665358][ T7191] 0ªX¹¦À: entered allmulticast mode [ 608.665368][ T7191] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 608.877590][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 608.881114][ T63] usb 14-1: USB disconnect, device number 2 [ 608.934846][ T7196] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 609.340593][ T7205] veth0_vlan: left promiscuous mode [ 609.344170][ T7205] veth0_vlan: entered promiscuous mode [ 609.350655][ T7218] netlink: 'syz.3.15200': attribute type 29 has an invalid length. [ 609.361278][ T7218] netlink: 'syz.3.15200': attribute type 29 has an invalid length. [ 609.552694][ T7230] loop5: detected capacity change from 0 to 10799 [ 609.556917][ T7230] loop5: detected capacity change from 10799 to 11495 [ 609.673640][T20401] tipc: Disabling bearer [ 609.907611][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 610.017327][ T7258] netlink: 48 bytes leftover after parsing attributes in process `syz.8.15217'. [ 610.336379][ T7284] (syz.9.15227,7284,1):dlmfs_mkdir:421 ERROR: invalid domain name for directory. [ 610.870959][ T7306] veth0_vlan: left promiscuous mode [ 610.873006][ T7306] veth0_vlan: entered promiscuous mode [ 610.947605][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 611.004227][ T7318] loop5: detected capacity change from 0 to 10415 [ 611.021909][ T7318] loop5: detected capacity change from 10415 to 15055 [ 611.029434][ T7320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.15243'. [ 611.033009][ T7320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.15243'. [ 611.943754][ T7380] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 611.946566][ T7380] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 611.989876][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 612.001753][ T7381] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 612.083345][ T7381] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 612.159663][ T7381] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 612.186159][ T7392] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 612.193296][ T7392] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 612.242538][ T7381] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 612.363638][ T7381] netdevsim netdevsim9 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 612.372758][ T7381] netdevsim netdevsim9 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 612.380471][ T7381] netdevsim netdevsim9 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 612.389394][ T7381] netdevsim netdevsim9 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 612.602419][ T6009] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0 [ 612.605445][ T6009] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0 [ 612.608284][ T6009] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0 [ 612.611037][ T6009] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0 [ 612.613734][ T6009] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0 [ 612.615972][ T6009] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0 [ 612.618741][ T6009] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0 [ 612.621053][ T6009] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0 [ 612.623768][ T6009] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0 [ 612.626599][ T6009] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0 [ 612.630157][ T6009] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0 [ 612.633095][ T6009] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0 [ 612.635388][ T6009] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0 [ 612.637558][ T6009] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0 [ 612.639982][ T6009] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0 [ 612.643395][ T6009] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0 [ 612.646367][ T6009] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0 [ 612.650723][ T6009] hid-generic 0000:0000:0000.0017: hidraw0: HID v0.00 Device [syz0] on syz0 [ 613.027700][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 613.380239][ T7429] netdevsim netdevsim8 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 613.385108][ T7429] netdevsim netdevsim8 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.394975][ T78] kernel write not supported for file /snd/seq (pid: 78 comm: kworker/0:2) [ 613.450962][ T7429] netdevsim netdevsim8 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 613.454834][ T7429] netdevsim netdevsim8 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.522015][ T7429] netdevsim netdevsim8 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 613.525935][ T7429] netdevsim netdevsim8 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.583948][ T7429] netdevsim netdevsim8 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 613.588304][ T7429] netdevsim netdevsim8 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.596256][ T7441] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 613.605357][ T7441] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 613.664210][ T7429] netdevsim netdevsim8 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 613.667264][ T7429] netdevsim netdevsim8 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.672330][ T7429] netdevsim netdevsim8 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 613.675185][ T7429] netdevsim netdevsim8 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.682042][ T7429] netdevsim netdevsim8 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 613.685237][ T7429] netdevsim netdevsim8 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.692979][ T7429] netdevsim netdevsim8 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 613.695994][ T7429] netdevsim netdevsim8 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.987347][ T7457] batadv_slave_1: entered promiscuous mode [ 613.991385][ T7456] batadv_slave_1: left promiscuous mode [ 614.067673][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 614.157888][ T7464] netlink: 3 bytes leftover after parsing attributes in process `syz.9.15301'. [ 614.161662][ T7464] 0ªX¹¦À: renamed from caif0 [ 614.165141][ T7464] 0ªX¹¦À: entered allmulticast mode [ 614.167267][ T7464] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 614.252512][ T7469] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.337318][ T7469] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.395436][ T7482] batadv_slave_1: entered promiscuous mode [ 614.400619][ T7481] batadv_slave_1: left promiscuous mode [ 614.436911][ T7469] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.470993][ T6009] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0 [ 614.473759][ T6009] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0 [ 614.476115][ T6009] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0 [ 614.478890][ T6009] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0 [ 614.480996][ T6009] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0 [ 614.487556][ T6009] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0 [ 614.496327][ T6009] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0 [ 614.498525][ T6009] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0 [ 614.501482][ T6009] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0 [ 614.504310][ T6009] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0 [ 614.507175][ T6009] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0 [ 614.510012][ T6009] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0 [ 614.512881][ T6009] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0 [ 614.515678][ T6009] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0 [ 614.518264][ T6009] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0 [ 614.520965][ T6009] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0 [ 614.523914][ T6009] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0 [ 614.524192][ T7469] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.527134][ T6009] hid-generic 0000:0000:0000.0018: hidraw0: HID v0.00 Device [syz0] on syz0 [ 614.647793][ T7469] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 614.654891][ T7469] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 614.664566][ T7469] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 614.672985][ T7469] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 615.118176][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 615.180497][ T7506] netlink: 32 bytes leftover after parsing attributes in process `syz.3.15322'. [ 615.185736][ T7506] netlink: 32 bytes leftover after parsing attributes in process `syz.3.15322'. [ 615.578671][ T7518] input: syz0 as /devices/virtual/input/input77 [ 616.147700][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 616.447857][ T7524] input: syz1 as /devices/virtual/input/input78 [ 617.057897][T20369] netdevsim netdevsim8 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 617.061768][T20369] netdevsim netdevsim8 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 617.150497][T20369] netdevsim netdevsim8 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 617.153404][T20369] netdevsim netdevsim8 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 617.187573][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 617.235593][T20369] netdevsim netdevsim8 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 617.247142][T20369] netdevsim netdevsim8 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 617.271576][ T5961] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 617.282099][ T5961] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 617.286725][ T5961] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 617.295783][ T5961] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 617.299384][ T5961] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 617.302406][ T5961] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 617.357856][T20369] netdevsim netdevsim8 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 617.363907][T20369] netdevsim netdevsim8 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 617.496178][ T7558] chnl_net:caif_netlink_parms(): no params data found [ 617.539149][ T7574] input: syz0 as /devices/virtual/input/input79 [ 617.750192][ T7583] loop9: detected capacity change from 0 to 7 [ 617.753924][ T7583] Dev loop9: unable to read RDB block 7 [ 617.756003][ T7583] loop9: unable to read partition table [ 617.758507][ T7583] loop9: partition table beyond EOD, truncated [ 617.759284][ T7583] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5) [ 618.059082][ T7596] Bluetooth: MGMT ver 1.23 [ 618.202324][T20369] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 618.210070][T20369] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 618.215290][T20369] bond0 (unregistering): Released all slaves [ 618.225190][ T7558] bridge0: port 1(bridge_slave_0) entered blocking state [ 618.227286][ T7558] bridge0: port 1(bridge_slave_0) entered disabled state [ 618.230183][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 618.233381][ T7558] bridge_slave_0: entered allmulticast mode [ 618.236817][ T7558] bridge_slave_0: entered promiscuous mode [ 618.243068][ T7558] bridge0: port 2(bridge_slave_1) entered blocking state [ 618.245997][ T7558] bridge0: port 2(bridge_slave_1) entered disabled state [ 618.250047][ T7558] bridge_slave_1: entered allmulticast mode [ 618.253701][ T7558] bridge_slave_1: entered promiscuous mode [ 618.323090][ T7558] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 618.326998][T20369] tipc: Disabling bearer [ 618.333590][T20369] tipc: Left network mode [ 618.335160][ T7558] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 618.389468][ T7558] team0: Port device team_slave_0 added [ 618.393913][ T7558] team0: Port device team_slave_1 added [ 618.429842][ T7558] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 618.432571][ T7558] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 618.442305][ T7558] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 618.451051][ T7558] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 618.454016][ T7558] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 618.463168][ T7558] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 618.513968][ T7558] hsr_slave_0: entered promiscuous mode [ 618.516825][ T7558] hsr_slave_1: entered promiscuous mode [ 618.518892][ T7558] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 618.521001][ T7558] Cannot create hsr debugfs directory [ 618.671893][T20369] hsr_slave_0: left promiscuous mode [ 618.674685][T20369] hsr_slave_1: left promiscuous mode [ 619.352393][ T5961] Bluetooth: hci0: command tx timeout [ 619.763391][T20369] team_slave_1 (unregistering): left allmulticast mode [ 619.777146][T20369] team0 (unregistering): Port device team_slave_1 removed [ 619.968400][T20369] team_slave_0 (unregistering): left allmulticast mode [ 619.976470][T20369] team0 (unregistering): Port device team_slave_0 removed [ 620.151476][ T5949] Bluetooth: hci0: Opcode 0x1407 failed: -110 [ 621.386907][ T7558] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 621.392498][ T7558] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 621.396336][ T7558] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 621.400992][ T7558] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 621.437676][ T5949] Bluetooth: hci0: command 0x041b tx timeout [ 621.441955][ T7558] 8021q: adding VLAN 0 to HW filter on device bond0 [ 621.452619][ T7558] 8021q: adding VLAN 0 to HW filter on device team0 [ 621.456787][T20382] bridge0: port 1(bridge_slave_0) entered blocking state [ 621.459845][T20382] bridge0: port 1(bridge_slave_0) entered forwarding state [ 621.469060][T20382] bridge0: port 2(bridge_slave_1) entered blocking state [ 621.471936][T20382] bridge0: port 2(bridge_slave_1) entered forwarding state [ 621.584468][ T7558] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 621.609903][ T7558] veth0_vlan: entered promiscuous mode [ 621.616774][ T7558] veth1_vlan: entered promiscuous mode [ 621.642585][ T7558] veth0_macvtap: entered promiscuous mode [ 621.648275][ T7558] veth1_macvtap: entered promiscuous mode [ 621.659248][ T7558] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 621.663334][ T7558] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 621.668924][ T7558] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 621.676870][ T7558] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 621.680914][ T7558] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 621.685511][ T7558] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 621.691417][ T7558] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 621.695000][ T7558] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 621.699379][ T7558] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 621.703323][ T7558] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 621.745805][T24351] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 621.750144][T24351] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 621.767093][T21563] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 621.770630][T21563] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 621.842943][ T7603] sctp: [Deprecated]: syz.9.15367 (pid 7603) Use of int in maxseg socket option. [ 621.842943][ T7603] Use struct sctp_assoc_value instead [ 622.713949][ T7613] tun0: tun_chr_ioctl cmd 1074025675 [ 622.715698][ T7613] tun0: persist disabled [ 622.773394][ T7617] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 622.914859][T20369] IPVS: stop unused estimator thread 0... [ 623.123133][ T7642] team_slave_0: entered promiscuous mode [ 623.126306][ T7642] team_slave_1: entered promiscuous mode [ 623.129147][ T7642] macsec1: entered promiscuous mode [ 623.131012][ T7642] team0: entered promiscuous mode [ 623.137028][ T7642] macsec1: entered allmulticast mode [ 623.139422][ T7642] team0: entered allmulticast mode [ 623.148204][ T7642] team_slave_0: entered allmulticast mode [ 623.150624][ T7642] team_slave_1: entered allmulticast mode [ 623.154255][ T7642] team0: Device macsec1 is already an upper device of the team interface [ 623.163200][ T7642] team0: left allmulticast mode [ 623.165199][ T7642] team_slave_0: left allmulticast mode [ 623.167423][ T7642] team_slave_1: left allmulticast mode [ 623.170516][ T7642] team0: left promiscuous mode [ 623.173024][ T7642] team_slave_0: left promiscuous mode [ 623.175236][ T7642] team_slave_1: left promiscuous mode [ 623.519545][ T5949] Bluetooth: hci0: command 0x041b tx timeout [ 623.592914][ T7676] x86/PAT: syz.3.15389:7676 freeing invalid memtype [mem 0xfed00000-0xfed00fff] [ 623.601352][ T7674] x86/PAT: syz.3.15389:7674 freeing invalid memtype [mem 0xfed00000-0xfed00fff] [ 625.292864][ T7782] vxcan0: tx drop: invalid sa for name 0x0000000000000003 [ 625.408174][ T7796] mkiss: ax0: crc mode is auto. [ 625.473137][ T40] audit: type=1326 audit(1743878834.917:10927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7799 comm="syz.4.15446" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf744e579 code=0x0 [ 625.587661][ T5949] Bluetooth: hci0: command 0x041b tx timeout [ 625.657916][ T7808] syzkaller1: entered promiscuous mode [ 625.660103][ T7808] syzkaller1: entered allmulticast mode [ 625.781317][ T7812] syzkaller1: entered promiscuous mode [ 625.783495][ T7812] syzkaller1: entered allmulticast mode [ 626.237070][ T7835] vxcan0: tx drop: invalid sa for name 0x0000000000000003 [ 626.337371][ T7843] overlayfs: invalid origin (0000) [ 626.897825][ T7889] block device autoloading is deprecated and will be removed. [ 626.903780][ T7889] syz.4.15485: attempt to access beyond end of device [ 626.903780][ T7889] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 627.349915][ T7897] tun0: tun_chr_ioctl cmd 1074025675 [ 627.351712][ T7897] tun0: persist disabled [ 627.424345][ T7901] syzkaller1: entered promiscuous mode [ 627.425936][ T7901] syzkaller1: entered allmulticast mode [ 627.667623][ T5949] Bluetooth: hci0: command 0x041b tx timeout [ 627.805971][ T7921] netlink: 'syz.3.15500': attribute type 5 has an invalid length. [ 628.347726][ T6009] usb 9-1: new high-speed USB device number 26 using dummy_hcd [ 628.501361][ T6009] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 628.505388][ T6009] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 628.509136][ T6009] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 628.514477][ T6009] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 628.520401][ T6009] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 628.524713][ T6009] usb 9-1: config 0 descriptor?? [ 628.590800][ T7961] syzkaller1: entered promiscuous mode [ 628.592818][ T7961] syzkaller1: entered allmulticast mode [ 628.941907][ T6009] plantronics 0003:047F:FFFF.0019: unknown main item tag 0xd [ 628.946299][ T6009] plantronics 0003:047F:FFFF.0019: No inputs registered, leaving [ 628.956267][ T6009] plantronics 0003:047F:FFFF.0019: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 629.199653][ T6009] usb 9-1: USB disconnect, device number 26 [ 630.359860][ T8003] loop8: detected capacity change from 0 to 2 [ 630.366430][ T8003] Dev loop8: unable to read RDB block 2 [ 630.370014][ T8003] loop8: unable to read partition table [ 630.372478][ T8003] loop8: partition table beyond EOD, truncated [ 630.374986][ T8003] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 631.027633][ T5949] Bluetooth: hci2: command 0x0c1a tx timeout [ 631.027660][ T7975] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 631.032709][ T7975] Bluetooth: hci2: Opcode 0x0406 failed: -110 [ 631.919125][ T7975] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 631.921697][ T7975] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 631.923773][ T7975] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 631.926062][ T7975] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 631.991114][ T8016] syzkaller1: entered promiscuous mode [ 631.992802][ T8016] syzkaller1: entered allmulticast mode [ 632.035200][ T8018] syzkaller1: entered promiscuous mode [ 632.036825][ T8018] syzkaller1: entered allmulticast mode [ 632.066580][ T8023] syz.3.15545: attempt to access beyond end of device [ 632.066580][ T8023] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 632.190767][ T40] audit: type=1326 audit(1743878841.637:10928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8035 comm="syz.3.15553" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f45579 code=0x0 [ 633.056177][ T40] audit: type=1326 audit(1743878842.497:10929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8039 comm="syz.2.15554" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x7fc00000 [ 633.113317][ T5949] Bluetooth: hci2: command 0x0c1a tx timeout [ 633.383727][ T8091] block nbd2: shutting down sockets [ 633.565734][ T8115] netlink: 11 bytes leftover after parsing attributes in process `syz.4.15587'. [ 633.689881][ T8125] input: syz1 as /devices/virtual/input/input82 [ 633.987701][ T5949] Bluetooth: hci0: command 0x041b tx timeout [ 634.956885][ T6009] kernel read not supported for file /video37 (pid: 6009 comm: kworker/0:4) [ 635.187640][ T5949] Bluetooth: hci2: command 0x0c1a tx timeout [ 635.761173][ T6009] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 635.919218][ T6009] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 635.922362][ T6009] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 635.925248][ T6009] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 635.929753][ T6009] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 635.933233][ T6009] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 635.937662][ T6009] usb 7-1: config 0 descriptor?? [ 636.068163][ T5949] Bluetooth: hci0: command 0x041b tx timeout [ 636.351211][ T6009] plantronics 0003:047F:FFFF.001A: ignoring exceeding usage max [ 636.355007][ T6009] plantronics 0003:047F:FFFF.001A: No inputs registered, leaving [ 636.359544][ T6009] plantronics 0003:047F:FFFF.001A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 636.455030][ T8264] netlink: 188 bytes leftover after parsing attributes in process `syz.4.15646'. [ 636.459468][ T8264] netlink: 'syz.4.15646': attribute type 1 has an invalid length. [ 636.609907][ T31] usb 7-1: USB disconnect, device number 2 [ 636.747625][ T5989] usb 9-1: new high-speed USB device number 27 using dummy_hcd [ 636.927605][ T5989] usb 9-1: Using ep0 maxpacket: 8 [ 636.933689][ T5989] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 636.936069][ T5989] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 636.939273][ T5989] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 636.942469][ T5989] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 636.945489][ T5989] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 636.949999][ T5989] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 636.952442][ T5989] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 636.956291][ T5989] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 636.960896][ T5989] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 636.963998][ T5989] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 636.969541][ T5989] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 636.972413][ T5989] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 636.976471][ T5989] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 636.981776][ T5989] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 636.986729][ T5989] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 636.999410][ T5989] usb 9-1: string descriptor 0 read error: -22 [ 637.001928][ T5989] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 637.005695][ T5989] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 637.012913][ T5989] adutux 9-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 637.216879][ T6009] usb 9-1: USB disconnect, device number 27 [ 637.262735][T20378] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 637.433137][T20378] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 637.524519][ T5961] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 637.531481][ T5961] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 637.533881][T20378] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 637.536223][ T5961] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 637.546583][ T5961] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 637.550155][ T5961] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 637.558329][ T5961] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 637.621100][T20378] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 637.716982][ T8290] chnl_net:caif_netlink_parms(): no params data found [ 637.890103][ T8300] netlink: 12 bytes leftover after parsing attributes in process `syz.2.15662'. [ 638.157674][ T5961] Bluetooth: hci0: command 0x041b tx timeout [ 638.273193][T20378] bond0 (unregistering): Released all slaves [ 638.422519][ T8290] bridge0: port 1(bridge_slave_0) entered blocking state [ 638.425507][ T8290] bridge0: port 1(bridge_slave_0) entered disabled state [ 638.428626][ T8290] bridge_slave_0: entered allmulticast mode [ 638.431084][ T8290] bridge_slave_0: entered promiscuous mode [ 638.433680][ T8290] bridge0: port 2(bridge_slave_1) entered blocking state [ 638.435781][ T8290] bridge0: port 2(bridge_slave_1) entered disabled state [ 638.438004][ T8290] bridge_slave_1: entered allmulticast mode [ 638.440995][ T8290] bridge_slave_1: entered promiscuous mode [ 638.520694][ T8290] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 638.526323][ T8290] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 638.606794][ T8290] team0: Port device team_slave_0 added [ 638.631470][ T8290] team0: Port device team_slave_1 added [ 638.700700][ T8290] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 638.703402][ T8290] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 638.713660][ T8290] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 638.719000][ T8290] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 638.721636][ T8290] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 638.731407][ T8290] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 638.736380][ T8335] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 638.739109][ T8335] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 638.741714][ T8335] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 638.744377][ T8335] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 638.747905][ T8335] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 638.751378][ T8335] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 638.754851][ T8335] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 638.758386][ T8335] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 638.761786][ T8335] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 638.765123][ T8335] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 638.939211][T20378] hsr_slave_0: left promiscuous mode [ 638.941911][T20378] hsr_slave_1: left promiscuous mode [ 638.970799][T20378] veth1_macvtap: left promiscuous mode [ 638.973059][T20378] veth0_macvtap: left promiscuous mode [ 639.074291][ T5961] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 639.377596][T32314] usb 14-1: new high-speed USB device number 3 using dummy_hcd [ 639.533420][T32314] usb 14-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 639.537882][T32314] usb 14-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 639.542135][T32314] usb 14-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 639.545893][T32314] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 639.555034][ T8357] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 639.559889][T32314] usb 14-1: Quirk or no altset; falling back to MIDI 1.0 [ 639.600808][ T5961] Bluetooth: hci3: command tx timeout [ 639.775044][T29395] usb 14-1: USB disconnect, device number 3 [ 639.977812][ T8359] cgroup: fork rejected by pids controller in /syz4 [ 640.163041][ T8378] Bluetooth: hci0: expected 2 bytes, got 7 bytes [ 641.674998][ T5961] Bluetooth: hci3: command tx timeout [ 642.251837][ T8290] hsr_slave_0: entered promiscuous mode [ 642.254542][ T8290] hsr_slave_1: entered promiscuous mode [ 642.256654][ T8290] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 642.265029][ T8290] Cannot create hsr debugfs directory [ 642.505756][T20378] IPVS: stop unused estimator thread 0... [ 642.881662][ T8290] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 642.886238][ T8290] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 642.892100][ T8290] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 642.897170][ T8290] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 642.987657][ T8290] 8021q: adding VLAN 0 to HW filter on device bond0 [ 643.007920][ T8290] 8021q: adding VLAN 0 to HW filter on device team0 [ 643.013965][T20378] bridge0: port 1(bridge_slave_0) entered blocking state [ 643.016047][T20378] bridge0: port 1(bridge_slave_0) entered forwarding state [ 643.022950][T24351] bridge0: port 2(bridge_slave_1) entered blocking state [ 643.025111][T24351] bridge0: port 2(bridge_slave_1) entered forwarding state [ 643.044796][ T8290] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 643.048692][ T8290] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 643.136865][ T8290] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 643.160235][ T8290] veth0_vlan: entered promiscuous mode [ 643.170611][ T8290] veth1_vlan: entered promiscuous mode [ 643.191512][ T8290] veth0_macvtap: entered promiscuous mode [ 643.196692][ T8290] veth1_macvtap: entered promiscuous mode [ 643.207185][ T8290] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 643.212012][ T8290] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 643.215825][ T8290] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 643.221767][ T8290] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 643.228173][ T8290] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 643.235044][ T8290] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 643.240849][ T8290] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 643.244879][ T8290] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 643.248880][ T8290] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 643.254227][ T8290] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 643.260344][ T8290] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 643.264178][ T8290] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 643.269721][ T8290] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 643.273100][ T8290] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 643.351187][T21556] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 643.354831][T21556] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 643.407794][T20378] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 643.410129][T20378] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 643.521245][ T8485] netlink: 12 bytes leftover after parsing attributes in process `syz.4.15732'. [ 643.757676][T29299] usb 14-1: new low-speed USB device number 4 using dummy_hcd [ 643.757729][ T5961] Bluetooth: hci3: command tx timeout [ 643.926562][T29299] usb 14-1: config index 0 descriptor too short (expected 1307, got 27) [ 643.929508][T29299] usb 14-1: config 0 has an invalid interface number: 0 but max is -1 [ 643.932102][T29299] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 643.935313][T29299] usb 14-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 643.941102][T29299] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 643.944450][T29299] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 643.947440][T29299] usb 14-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 643.954007][T29299] usb 14-1: string descriptor 0 read error: -22 [ 643.955798][T29299] usb 14-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 643.958528][T29299] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 643.965100][T29299] usb 14-1: config 0 descriptor?? [ 643.970673][T29299] hub 14-1:0.0: bad descriptor, ignoring hub [ 643.973159][T29299] hub 14-1:0.0: probe with driver hub failed with error -5 [ 643.978094][T29299] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.9/usb14/14-1/14-1:0.0/input/input83 [ 644.045503][ T8525] syzkaller1: entered promiscuous mode [ 644.047551][ T8525] syzkaller1: entered allmulticast mode [ 644.175137][ T5921] usb 14-1: USB disconnect, device number 4 [ 644.292614][ T8531] netlink: 8 bytes leftover after parsing attributes in process `syz.4.15753'. [ 644.338491][ T8533] netlink: 4 bytes leftover after parsing attributes in process `syz.4.15754'. [ 645.827646][ T5961] Bluetooth: hci3: command tx timeout [ 645.865873][ T8608] overlay: filesystem on ./bus not supported as upperdir [ 645.877394][ T8610] netlink: 20 bytes leftover after parsing attributes in process `syz.9.15789'. [ 645.887639][ T36] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 646.038370][ T36] usb 7-1: Using ep0 maxpacket: 8 [ 646.041667][ T36] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 646.045511][ T36] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 646.048173][ T36] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 646.051707][ T36] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 646.055994][ T36] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 646.059827][ T36] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 646.065217][ T36] hub 7-1:1.0: bad descriptor, ignoring hub [ 646.067259][ T36] hub 7-1:1.0: probe with driver hub failed with error -5 [ 646.070205][ T36] cdc_wdm 7-1:1.0: skipping garbage [ 646.072256][ T36] cdc_wdm 7-1:1.0: skipping garbage [ 646.075336][ T36] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 646.077942][ T36] cdc_wdm 7-1:1.0: Unknown control protocol [ 646.354445][ T5961] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 646.387877][ T5921] usb 7-1: USB disconnect, device number 3 [ 646.727936][ T5921] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 646.797640][ T5989] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 646.887745][ T5921] usb 7-1: Using ep0 maxpacket: 8 [ 646.891678][ T5921] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 646.895899][ T5921] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 646.900593][ T5921] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 646.905019][ T5921] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 646.909604][ T5921] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 646.913369][ T5921] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 646.929934][ T5921] hub 7-1:1.0: bad descriptor, ignoring hub [ 646.934996][ T5921] hub 7-1:1.0: probe with driver hub failed with error -5 [ 646.938346][ T5921] cdc_wdm 7-1:1.0: skipping garbage [ 646.940919][ T5921] cdc_wdm 7-1:1.0: skipping garbage [ 646.946658][ T5921] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 646.950992][ T5921] cdc_wdm 7-1:1.0: Unknown control protocol [ 646.987815][ T5989] usb 5-1: Using ep0 maxpacket: 8 [ 646.995551][ T5989] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 647.004743][ T5989] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 647.009001][ T5989] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 647.012801][ T5989] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 647.016589][ T5989] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 647.022176][ T5989] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 647.025728][ T5989] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 647.237682][ T36] usb 9-1: new high-speed USB device number 28 using dummy_hcd [ 647.237805][T29299] usb 7-1: USB disconnect, device number 4 [ 647.245876][ T5989] usb 5-1: usb_control_msg returned -32 [ 647.247527][ T5989] usbtmc 5-1:16.0: can't read capabilities [ 647.401168][ T36] usb 9-1: config index 0 descriptor too short (expected 45, got 36) [ 647.404251][ T36] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 647.408403][ T36] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 647.412327][ T36] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 647.416998][ T36] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 647.422608][ T36] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 647.426950][ T36] usb 9-1: config 0 descriptor?? [ 647.429717][ T8650] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 647.870226][ T36] plantronics 0003:047F:FFFF.001B: unknown main item tag 0xd [ 647.874199][ T36] plantronics 0003:047F:FFFF.001B: No inputs registered, leaving [ 647.881460][ T36] plantronics 0003:047F:FFFF.001B: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 647.990433][ T8679] netlink: 8 bytes leftover after parsing attributes in process `syz.2.15817'. [ 647.998876][ T8679] netlink: 'syz.2.15817': attribute type 1 has an invalid length. [ 648.002505][ T8679] netlink: 'syz.2.15817': attribute type 2 has an invalid length. [ 648.081859][ T36] usb 9-1: USB disconnect, device number 28 [ 648.180984][ T8691] ÿÿÿÿ: renamed from bridge_slave_0 (while UP) [ 648.231845][ T8695] netlink: 8 bytes leftover after parsing attributes in process `syz.2.15825'. [ 648.235522][ T8695] netlink: 4 bytes leftover after parsing attributes in process `syz.2.15825'. [ 648.239105][ T8695] netlink: 'syz.2.15825': attribute type 1 has an invalid length. [ 648.241957][ T8695] nbd: error processing sock list [ 648.321083][ T8699] netlink: 8 bytes leftover after parsing attributes in process `syz.9.15827'. [ 648.651572][ T8717] overlay: filesystem on ./bus not supported as upperdir [ 648.759967][ T8732] block nbd9: NBD_DISCONNECT [ 648.762886][ T8726] block nbd9: Disconnected due to user request. [ 648.766357][ T8726] block nbd9: shutting down sockets [ 649.568358][ T36] usb 5-1: USB disconnect, device number 6 [ 649.590020][ T8788] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes [ 649.773433][ T8811] pim6reg: entered allmulticast mode [ 649.777357][ T8811] pim6reg: left allmulticast mode [ 650.572334][ T8843] overlay: Unknown parameter '/' [ 650.687249][ T8849] syzkaller1: entered promiscuous mode [ 650.694013][ T8849] syzkaller1: entered allmulticast mode [ 651.327384][ T8879] netlink: 16 bytes leftover after parsing attributes in process `syz.9.15905'. [ 651.329223][ T8880] netlink: 4 bytes leftover after parsing attributes in process `syz.0.15906'. [ 651.503689][ T8890] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 651.522308][ T8892] syzkaller1: entered promiscuous mode [ 651.524989][ T8892] syzkaller1: entered allmulticast mode [ 652.462205][ T8947] syzkaller1: entered promiscuous mode [ 652.463946][ T8947] syzkaller1: entered allmulticast mode [ 653.099209][ T8975] smc: adding net device rose0 with user defined pnetid SYZ1 [ 653.110963][ T8974] smc: removing net device rose0 with user defined pnetid SYZ1 [ 653.137617][ T5921] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 653.303776][ T5921] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 653.309484][ T5921] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 653.313484][ T5921] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 653.321192][ T5921] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 653.325207][ T5921] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 653.330778][ T5921] usb 7-1: config 0 descriptor?? [ 653.745389][ T5921] plantronics 0003:047F:FFFF.001C: No inputs registered, leaving [ 653.751217][ T5921] plantronics 0003:047F:FFFF.001C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 653.947834][ T9020] netlink: 8 bytes leftover after parsing attributes in process `syz.4.15970'. [ 653.957771][ T8669] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 654.008990][ T9] usb 7-1: USB disconnect, device number 5 [ 654.107610][ T8669] usb 5-1: Using ep0 maxpacket: 8 [ 654.111704][ T8669] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 654.115942][ T8669] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 654.119937][ T8669] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 654.123829][ T8669] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 654.129005][ T8669] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 654.132696][ T8669] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 654.342327][ T8669] usb 5-1: GET_CAPABILITIES returned 0 [ 654.344786][ T8669] usbtmc 5-1:16.0: can't read capabilities [ 654.387782][ T5921] usb 14-1: new full-speed USB device number 5 using dummy_hcd [ 654.541741][ T5921] usb 14-1: unable to get BOS descriptor or descriptor too short [ 654.545114][ T5921] usb 14-1: no configurations [ 654.546610][ T5921] usb 14-1: can't read configurations, error -22 [ 654.550075][ T8669] usb 5-1: USB disconnect, device number 7 [ 654.556583][ T9034] netlink: 4 bytes leftover after parsing attributes in process `syz.2.15976'. [ 654.560438][ T9034] bridge_slave_1: left allmulticast mode [ 654.562563][ T9034] bridge_slave_1: left promiscuous mode [ 654.564835][ T9034] bridge0: port 2(bridge_slave_1) entered disabled state [ 654.568806][ T9034] ÿÿÿÿ: left allmulticast mode [ 654.570878][ T9034] ÿÿÿÿ: left promiscuous mode [ 654.572584][ T9034] bridge0: port 1(ÿÿÿÿ) entered disabled state [ 654.845951][ T40] audit: type=1326 audit(1743878864.287:10930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9035 comm="syz.4.15977" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf744e579 code=0x0 [ 655.112800][ T9053] syzkaller1: entered promiscuous mode [ 655.115393][ T9053] syzkaller1: entered allmulticast mode [ 655.724718][ T9091] netlink: 24 bytes leftover after parsing attributes in process `syz.0.16001'. [ 655.747864][T29299] hid-generic 0000:0000:0000.001D: unknown main item tag 0x0 [ 655.756346][T29299] hid-generic 0000:0000:0000.001D: hidraw0: HID v0.00 Device [syz1] on syz0 [ 656.133829][ T9111] vlan2: entered allmulticast mode [ 656.135436][ T9111] macsec0: entered allmulticast mode [ 656.136969][ T9111] veth1_macvtap: entered allmulticast mode [ 656.143810][ T9111] bridge0: port 3(vlan2) entered blocking state [ 656.145670][ T9111] bridge0: port 3(vlan2) entered disabled state [ 656.149452][ T9111] vlan2: entered promiscuous mode [ 656.151396][ T9111] macsec0: entered promiscuous mode [ 656.156035][ T9111] bridge0: port 3(vlan2) entered blocking state [ 656.158504][ T9111] bridge0: port 3(vlan2) entered forwarding state [ 656.227162][ T9119] netlink: 'syz.4.16014': attribute type 3 has an invalid length. [ 656.371412][ T9127] sctp: [Deprecated]: syz.0.16016 (pid 9127) Use of struct sctp_assoc_value in delayed_ack socket option. [ 656.371412][ T9127] Use struct sctp_sack_info instead [ 656.437320][ T9131] netlink: 'syz.2.16019': attribute type 27 has an invalid length. [ 656.964490][ T9161] kvm: kvm [9160]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0xc00000008 [ 657.117389][ T9165] netlink: 8 bytes leftover after parsing attributes in process `syz.2.16033'. [ 657.350119][ T9183] netlink: 168 bytes leftover after parsing attributes in process `syz.2.16042'. [ 657.407239][ T9189] netlink: 80 bytes leftover after parsing attributes in process `syz.4.16045'. [ 657.414353][ T9189] netlink: 80 bytes leftover after parsing attributes in process `syz.4.16045'. [ 657.767760][ T5921] usb 14-1: new high-speed USB device number 7 using dummy_hcd [ 657.937767][ T5921] usb 14-1: Using ep0 maxpacket: 16 [ 657.941723][ T5921] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 657.946203][ T5921] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 657.950188][ T9] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 657.950519][ T5921] usb 14-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 657.958733][ T5921] usb 14-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 657.962441][ T5921] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 657.967177][ T5921] usb 14-1: config 0 descriptor?? [ 658.107662][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 658.111313][ T9] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD5, changing to 0x85 [ 658.115818][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 658.121403][ T9226] netlink: 4 bytes leftover after parsing attributes in process `syz.4.16060'. [ 658.122572][ T9] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 658.128738][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 658.132008][ T9] usb 5-1: Product: syz [ 658.133826][ T9] usb 5-1: Manufacturer: syz [ 658.135775][ T9] usb 5-1: SerialNumber: syz [ 658.139290][ T9] usb 5-1: config 0 descriptor?? [ 658.142546][ T9] hub 5-1:0.0: bad descriptor, ignoring hub [ 658.144983][ T9] hub 5-1:0.0: probe with driver hub failed with error -5 [ 658.149821][ T9] input: syz syz as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input85 [ 658.387105][ T5921] shield 0003:0955:7214.001E: unknown main item tag 0x0 [ 658.392581][ T5921] shield 0003:0955:7214.001E: unknown main item tag 0x0 [ 658.396474][ T5921] shield 0003:0955:7214.001E: unknown main item tag 0x0 [ 658.399539][ T5921] shield 0003:0955:7214.001E: unknown main item tag 0x0 [ 658.402305][ T5921] shield 0003:0955:7214.001E: unknown main item tag 0x0 [ 658.407233][ T5921] input: HID 0955:7214 Haptics as /devices/virtual/input/input86 [ 658.446409][ T5921] shield 0003:0955:7214.001E: Registered Thunderstrike controller [ 658.450030][ T5921] shield 0003:0955:7214.001E: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.9-1/input0 [ 658.507941][T29395] usb 5-1: USB disconnect, device number 8 [ 658.589387][T32314] shield 0003:0955:7214.001E: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 658.589623][ T36] usb 14-1: USB disconnect, device number 7 [ 658.595916][T32314] shield 0003:0955:7214.001E: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 658.601532][T32314] shield 0003:0955:7214.001E: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 658.606543][T32314] shield 0003:0955:7214.001E: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 658.991358][T20386] tipc: Subscription rejected, illegal request [ 659.654732][ T9335] netlink: 4 bytes leftover after parsing attributes in process `syz.9.16106'. [ 661.267785][ T8669] usb 14-1: new high-speed USB device number 8 using dummy_hcd [ 661.447405][ T8669] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 661.451954][ T8669] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 661.455148][ T8669] usb 14-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 661.461298][ T8669] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 661.469818][ T8669] usb 14-1: config 0 descriptor?? [ 661.549569][ T9449] input: syz0 as /devices/virtual/input/input88 [ 661.886894][ T8669] keytouch 0003:0926:3333.001F: fixing up Keytouch IEC report descriptor [ 661.894808][ T8669] input: HID 0926:3333 as /devices/platform/dummy_hcd.9/usb14/14-1/14-1:0.0/0003:0926:3333.001F/input/input89 [ 661.973430][ T8669] keytouch 0003:0926:3333.001F: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.9-1/input0 [ 662.092471][ T9] usb 14-1: USB disconnect, device number 8 [ 662.347590][T29299] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 662.413807][ T9491] hub 6-0:1.0: USB hub found [ 662.415354][ T9491] hub 6-0:1.0: 1 port detected [ 662.500626][T29299] usb 5-1: Using ep0 maxpacket: 8 [ 662.503872][T29299] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 56832, setting to 1024 [ 662.508207][T29299] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1024 [ 662.512015][T29299] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 662.515700][T29299] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 662.520517][T29299] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 662.523776][T29299] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 662.736867][T29299] usb 5-1: GET_CAPABILITIES returned 0 [ 662.739090][T29299] usbtmc 5-1:16.0: can't read capabilities [ 662.786274][ T9510] netlink: 24 bytes leftover after parsing attributes in process `syz.4.16188'. [ 662.939704][ T8669] usb 5-1: USB disconnect, device number 9 [ 663.486749][ T9546] loop6: detected capacity change from 0 to 524287999 [ 663.491606][ C0] blk_print_req_error: 5 callbacks suppressed [ 663.491625][ C0] I/O error, dev loop6, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 663.500459][ C3] I/O error, dev loop6, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 663.504585][T20386] loop: Write error at byte offset 1, length 4096. [ 663.509161][ C3] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 663.513225][ C3] buffer_io_error: 5 callbacks suppressed [ 663.513237][ C3] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 664.386430][ T9595] vivid-004: disconnect [ 664.391534][ T9595] vivid-004: reconnect [ 664.781954][ T9621] netlink: 4 bytes leftover after parsing attributes in process `syz.9.16237'. [ 664.843314][ T9627] netlink: 36 bytes leftover after parsing attributes in process `syz.4.16239'. [ 666.141435][ T9672] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 666.860939][ T9696] netlink: 4 bytes leftover after parsing attributes in process `syz.4.16266'. [ 667.000247][ T9704] ISOFS: Unable to identify CD-ROM format. [ 667.045785][ T9712] netlink: 'syz.4.16272': attribute type 1 has an invalid length. [ 667.049108][ T9712] netlink: 134708 bytes leftover after parsing attributes in process `syz.4.16272'. [ 667.297700][ T36] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 667.476103][ T36] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 667.483032][ T36] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 667.485664][ T36] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 667.488023][ T36] usb 7-1: Product: syz [ 667.489208][ T36] usb 7-1: Manufacturer: syz [ 667.490515][ T36] usb 7-1: SerialNumber: syz [ 667.710396][ T36] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 6 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 667.715041][ T36] usb 7-1: USB disconnect, device number 6 [ 667.718642][ T36] usblp0: removed [ 667.997397][ T9744] netlink: 4 bytes leftover after parsing attributes in process `syz.0.16289'. [ 668.002677][ T9744] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16289'. [ 668.107132][ T9750] syzkaller1: entered promiscuous mode [ 668.109701][ T9750] syzkaller1: entered allmulticast mode [ 668.237710][ T5949] Bluetooth: hci3: command 0x0405 tx timeout [ 668.543742][ T9774] random: crng reseeded on system resumption [ 668.619115][ T9780] GUP no longer grows the stack in syz.0.16303 (9780): 80004000-8000a000 (80002000) [ 668.622531][ T9780] CPU: 1 UID: 0 PID: 9780 Comm: syz.0.16303 Not tainted 6.14.0-syzkaller #0 [ 668.622567][ T9780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 668.622578][ T9780] Call Trace: [ 668.622585][ T9780] [ 668.622593][ T9780] dump_stack_lvl+0x16c/0x1f0 [ 668.622677][ T9780] gup_vma_lookup+0x1d2/0x220 [ 668.622693][ T9780] __get_user_pages+0x236/0x36f0 [ 668.622709][ T9780] ? find_held_lock+0x2d/0x110 [ 668.622723][ T9780] ? mtree_load+0x30a/0xa40 [ 668.622737][ T9780] ? __pfx_lock_release+0x10/0x10 [ 668.622751][ T9780] ? __pfx___get_user_pages+0x10/0x10 [ 668.622770][ T9780] get_user_pages_remote+0x25e/0xb30 [ 668.622788][ T9780] ? __pfx_get_user_pages_remote+0x10/0x10 [ 668.622810][ T9780] __access_remote_vm+0x235/0x7a0 [ 668.622825][ T9780] ? __pfx___access_remote_vm+0x10/0x10 [ 668.622836][ T9780] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 668.622850][ T9780] proc_pid_cmdline_read+0x4f5/0x900 [ 668.622865][ T9780] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 668.622878][ T9780] ? rw_verify_area+0xcf/0x680 [ 668.622892][ T9780] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 668.622905][ T9780] vfs_readv+0x6c2/0x8a0 [ 668.622917][ T9780] ? __pfx___lock_acquire+0x10/0x10 [ 668.622934][ T9780] ? __pfx_vfs_readv+0x10/0x10 [ 668.622949][ T9780] ? __fget_files+0x1fc/0x3a0 [ 668.622963][ T9780] ? __pfx_lock_release+0x10/0x10 [ 668.622982][ T9780] ? __fget_files+0x206/0x3a0 [ 668.622999][ T9780] ? do_preadv+0x1b1/0x270 [ 668.623011][ T9780] do_preadv+0x1b1/0x270 [ 668.623024][ T9780] ? __pfx_do_preadv+0x10/0x10 [ 668.623041][ T9780] __do_fast_syscall_32+0x73/0x120 [ 668.623057][ T9780] do_fast_syscall_32+0x32/0x80 [ 668.623072][ T9780] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 668.623088][ T9780] RIP: 0023:0xf743e579 [ 668.623098][ T9780] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 668.623108][ T9780] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 000000000000014d [ 668.623119][ T9780] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 668.623125][ T9780] RDX: 0000000000000001 RSI: 0000000000000300 RDI: 0000000000000000 [ 668.623131][ T9780] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 668.623137][ T9780] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 668.623143][ T9780] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 668.623155][ T9780] [ 669.097705][T32314] usb 9-1: new high-speed USB device number 29 using dummy_hcd [ 669.254148][T32314] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 669.264508][T32314] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 669.268830][T32314] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 669.274091][T32314] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 669.276815][T32314] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 669.281945][T32314] usb 9-1: config 0 descriptor?? [ 669.588647][ T9828] netlink: 5 bytes leftover after parsing attributes in process `syz.0.16324'. [ 669.594434][ T9828] 0ªX¹¦D: renamed from gretap0 (while UP) [ 669.602570][ T9828] 0ªX¹¦D: entered allmulticast mode [ 669.604888][ T9828] net_ratelimit: 3319 callbacks suppressed [ 669.604902][ T9828] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 669.694583][T32314] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 669.696699][T32314] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 669.707771][T32314] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 669.719701][T32314] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 669.722766][T32314] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 669.725296][T32314] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 669.737645][T32314] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 669.740279][T32314] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 669.743418][T32314] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 669.745831][T32314] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 669.748170][T32314] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 669.750396][T32314] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 669.752803][T32314] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 669.754995][T32314] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 669.758923][T32314] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 669.762389][T32314] plantronics 0003:047F:FFFF.0020: No inputs registered, leaving [ 669.768892][T32314] plantronics 0003:047F:FFFF.0020: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 669.970036][T32314] usb 9-1: USB disconnect, device number 29 [ 670.012364][ T40] audit: type=1326 audit(1743878880.456:10931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9845 comm="syz.9.16335" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x0 [ 670.114509][T20369] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 670.236812][T20369] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 670.302407][ T5961] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 670.309825][ T5961] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 670.315684][ T5961] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 670.321183][ T5961] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 670.324419][ T5961] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 670.339514][ T5961] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 670.348371][T20369] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 670.427086][T20369] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 670.511272][ T9857] chnl_net:caif_netlink_parms(): no params data found [ 670.641864][T20369] vlan2: left promiscuous mode [ 670.643752][T20369] macsec0: left promiscuous mode [ 670.646044][T20369] bridge0: port 3(vlan2) entered disabled state [ 670.652183][T20369] bridge_slave_1: left allmulticast mode [ 670.654335][T20369] bridge_slave_1: left promiscuous mode [ 670.656561][T20369] bridge0: port 2(bridge_slave_1) entered disabled state [ 670.661395][T20369] bridge_slave_0: left allmulticast mode [ 670.663484][T20369] bridge_slave_0: left promiscuous mode [ 670.665733][T20369] bridge0: port 1(bridge_slave_0) entered disabled state [ 671.088967][T29395] usb 14-1: new high-speed USB device number 9 using dummy_hcd [ 671.196277][T20369] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 671.202765][T20369] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 671.208176][T20369] bond0 (unregistering): Released all slaves [ 671.239152][T29395] usb 14-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 671.242598][T29395] usb 14-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 671.243634][ T9857] bridge0: port 1(bridge_slave_0) entered blocking state [ 671.246545][T29395] usb 14-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 671.251419][ T9857] bridge0: port 1(bridge_slave_0) entered disabled state [ 671.253931][T29395] usb 14-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 671.257688][ T9857] bridge_slave_0: entered allmulticast mode [ 671.260610][T29395] usb 14-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 671.263595][ T9857] bridge_slave_0: entered promiscuous mode [ 671.269307][T29395] usb 14-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 671.269330][T29395] usb 14-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 671.269343][T29395] usb 14-1: Product: syz [ 671.269353][T29395] usb 14-1: Manufacturer: syz [ 671.272021][T29395] cdc_wdm 14-1:1.0: skipping garbage [ 671.277162][ T9857] bridge0: port 2(bridge_slave_1) entered blocking state [ 671.277691][T29395] cdc_wdm 14-1:1.0: skipping garbage [ 671.279717][ T9857] bridge0: port 2(bridge_slave_1) entered disabled state [ 671.282464][T29395] cdc_wdm 14-1:1.0: cdc-wdm0: USB WDM device [ 671.284609][ T9857] bridge_slave_1: entered allmulticast mode [ 671.286334][T29395] cdc_wdm 14-1:1.0: Unknown control protocol [ 671.292586][ T9857] bridge_slave_1: entered promiscuous mode [ 671.363115][ T9857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 671.398537][ T9857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 671.491749][ T9857] team0: Port device team_slave_0 added [ 671.561726][ T9857] team0: Port device team_slave_1 added [ 671.615821][ T9857] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 671.621796][ T9857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 671.632547][ T9857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 671.639075][ T9857] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 671.641724][ T9857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 671.653667][ T9857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 671.691081][T20369] hsr_slave_0: left promiscuous mode [ 671.695095][T20369] hsr_slave_1: left promiscuous mode [ 671.697759][T20369] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 671.700589][T20369] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 671.704065][T20369] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 671.706798][T20369] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 671.749666][T20369] macsec0: left allmulticast mode [ 671.751267][T20369] veth1_macvtap: left allmulticast mode [ 671.753105][T20369] veth1_macvtap: left promiscuous mode [ 671.755183][T20369] veth0_macvtap: left promiscuous mode [ 671.757286][T20369] veth1_vlan: left promiscuous mode [ 671.759443][T20369] veth0_vlan: left promiscuous mode [ 671.984503][ T36] usb 14-1: USB disconnect, device number 9 [ 672.412873][ T5949] Bluetooth: hci3: command tx timeout [ 673.614245][T20369] team0 (unregistering): Port device team_slave_1 removed [ 673.621755][ T40] audit: type=1804 audit(1743878884.066:10932): pid=9913 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.9.16359" name="/" dev="pidfs" ino=42164 res=1 errno=0 [ 673.826562][T20369] team0 (unregistering): Port device team_slave_0 removed [ 674.467757][ T5949] Bluetooth: hci3: command tx timeout [ 674.633912][ T40] audit: type=1326 audit(1743878885.076:10933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9914 comm="syz.9.16360" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7fc00000 [ 674.642045][ T40] audit: type=1326 audit(1743878885.076:10934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9914 comm="syz.9.16360" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7ff7579 code=0x7fc00000 [ 674.650141][ T40] audit: type=1326 audit(1743878885.076:10935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9914 comm="syz.9.16360" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7fc00000 [ 674.656719][ T40] audit: type=1326 audit(1743878885.076:10936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9914 comm="syz.9.16360" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7fc00000 [ 674.663442][ T40] audit: type=1326 audit(1743878885.076:10937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9914 comm="syz.9.16360" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7fc00000 [ 674.670016][ T40] audit: type=1326 audit(1743878885.076:10938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9914 comm="syz.9.16360" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7fc00000 [ 674.675936][ T40] audit: type=1326 audit(1743878885.076:10939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9914 comm="syz.9.16360" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7fc00000 [ 674.682033][ T40] audit: type=1326 audit(1743878885.076:10940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9914 comm="syz.9.16360" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7fc00000 [ 675.037650][T32314] usb 14-1: new high-speed USB device number 10 using dummy_hcd [ 675.179780][T32314] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 675.183318][T32314] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 675.186574][T32314] usb 14-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 675.191748][T32314] usb 14-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 675.195266][T32314] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 675.199412][T32314] usb 14-1: config 0 descriptor?? [ 675.219230][ T9857] hsr_slave_0: entered promiscuous mode [ 675.221650][ T9857] hsr_slave_1: entered promiscuous mode [ 675.224304][ T9857] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 675.227297][ T9857] Cannot create hsr debugfs directory [ 675.635573][T32314] plantronics 0003:047F:FFFF.0021: No inputs registered, leaving [ 675.642736][T32314] plantronics 0003:047F:FFFF.0021: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.9-1/input0 [ 675.771967][ T9857] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 675.780241][ T9857] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 675.786782][ T9857] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 675.792721][ T9857] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 675.875372][ T9857] 8021q: adding VLAN 0 to HW filter on device bond0 [ 675.886453][ T9857] 8021q: adding VLAN 0 to HW filter on device team0 [ 675.891650][ T8669] usb 14-1: USB disconnect, device number 10 [ 675.901396][T20401] bridge0: port 1(bridge_slave_0) entered blocking state [ 675.904103][T20401] bridge0: port 1(bridge_slave_0) entered forwarding state [ 675.911273][T24351] bridge0: port 2(bridge_slave_1) entered blocking state [ 675.913371][T24351] bridge0: port 2(bridge_slave_1) entered forwarding state [ 676.033650][ T9857] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 676.058876][ T9857] veth0_vlan: entered promiscuous mode [ 676.064907][ T9857] veth1_vlan: entered promiscuous mode [ 676.084130][ T9857] veth0_macvtap: entered promiscuous mode [ 676.089154][ T9857] veth1_macvtap: entered promiscuous mode [ 676.104252][ T9857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 676.109022][ T9857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.112771][ T9857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 676.116754][ T9857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.121695][ T9857] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 676.127966][ T9857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 676.132139][ T9857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.135825][ T9857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 676.140703][ T9857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.145145][ T9857] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 676.152094][ T9857] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 676.159959][ T9857] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 676.163395][ T9857] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 676.166730][ T9857] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 676.227738][T21563] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 676.230978][T21563] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 676.244574][T24351] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 676.252254][T24351] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 676.611937][ T9971] netlink: 16 bytes leftover after parsing attributes in process `syz.2.16382'. [ 676.799884][ T40] kauditd_printk_skb: 58 callbacks suppressed [ 676.799900][ T40] audit: type=1804 audit(1743878887.246:10999): pid=9979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.16385" name="/" dev="pidfs" ino=42229 res=1 errno=0 [ 677.333231][T10008] delete_channel: no stack [ 677.548512][T29395] usb 9-1: new high-speed USB device number 30 using dummy_hcd [ 677.565389][T10025] netlink: 32 bytes leftover after parsing attributes in process `syz.9.16408'. [ 677.569058][T10025] veth0_virt_wifi: entered promiscuous mode [ 677.580023][T10025] netlink: 32 bytes leftover after parsing attributes in process `syz.9.16408'. [ 677.697602][T29395] usb 9-1: Using ep0 maxpacket: 16 [ 677.707394][T29395] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 677.712013][T29395] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 677.715475][T29395] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 677.720135][T29395] usb 9-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 677.723420][T29395] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 677.729397][T29395] usb 9-1: config 0 descriptor?? [ 678.140819][T29395] microsoft 0003:045E:07DA.0022: unknown main item tag 0x1 [ 678.145788][T29395] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/0003:045E:07DA.0022/input/input91 [ 678.219583][T29395] microsoft 0003:045E:07DA.0022: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 678.345855][T29395] usb 9-1: USB disconnect, device number 30 [ 678.656696][T20401] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 678.864844][ T5961] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 678.884424][ T5961] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 678.890789][ T5961] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 678.895089][ T5961] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 678.901629][ T5961] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 678.904853][ T5961] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 678.905123][T10055] input: syz0 as /devices/virtual/input/input92 [ 679.040587][T10052] chnl_net:caif_netlink_parms(): no params data found [ 679.101700][T10052] bridge0: port 1(bridge_slave_0) entered blocking state [ 679.103862][T10052] bridge0: port 1(bridge_slave_0) entered disabled state [ 679.106042][T10052] bridge_slave_0: entered allmulticast mode [ 679.108720][T10052] bridge_slave_0: entered promiscuous mode [ 679.112049][T10052] bridge0: port 2(bridge_slave_1) entered blocking state [ 679.114201][T10052] bridge0: port 2(bridge_slave_1) entered disabled state [ 679.116353][T10052] bridge_slave_1: entered allmulticast mode [ 679.120587][T10052] bridge_slave_1: entered promiscuous mode [ 679.144743][T10052] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 679.148700][T10052] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 679.174999][T10052] team0: Port device team_slave_0 added [ 679.178638][T10052] team0: Port device team_slave_1 added [ 679.200260][T10052] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 679.202632][T10052] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 679.210982][T10052] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 679.214958][T10052] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 679.216940][T10052] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 679.224823][T10052] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 679.251632][T10052] hsr_slave_0: entered promiscuous mode [ 679.253517][T10052] hsr_slave_1: entered promiscuous mode [ 679.255250][T10052] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 679.257366][T10052] Cannot create hsr debugfs directory [ 679.747309][T10078] netlink: 28 bytes leftover after parsing attributes in process `syz.9.16428'. [ 679.750371][T10078] netlink: 'syz.9.16428': attribute type 7 has an invalid length. [ 679.752627][T10078] netlink: 'syz.9.16428': attribute type 8 has an invalid length. [ 679.754870][T10078] netlink: 4 bytes leftover after parsing attributes in process `syz.9.16428'. [ 679.759766][T10078] gretap0: entered promiscuous mode [ 679.762632][T10078] batadv_slave_1: entered promiscuous mode [ 679.768430][T10078] gretap0: left promiscuous mode [ 679.772478][T10078] batadv_slave_1: left promiscuous mode [ 679.858657][T10080] netlink: 4 bytes leftover after parsing attributes in process `syz.4.16429'. [ 679.861917][T10080] hsr_slave_0: left promiscuous mode [ 679.864048][T10080] hsr_slave_1: left promiscuous mode [ 680.363534][T20401] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 680.463699][T20401] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 680.599943][T20401] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 680.767056][T20401] bridge_slave_1: left allmulticast mode [ 680.769751][T20401] bridge_slave_1: left promiscuous mode [ 680.772207][T20401] bridge0: port 2(bridge_slave_1) entered disabled state [ 680.776799][T20401] bridge_slave_0: left allmulticast mode [ 680.779484][T20401] bridge_slave_0: left promiscuous mode [ 680.781741][T20401] bridge0: port 1(bridge_slave_0) entered disabled state [ 680.953404][ T5961] Bluetooth: hci3: command tx timeout [ 681.282472][T20401] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 681.288572][T20401] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 681.295248][T20401] bond0 (unregistering): Released all slaves [ 681.643372][T20401] hsr_slave_0: left promiscuous mode [ 681.646842][T20401] hsr_slave_1: left promiscuous mode [ 681.650135][T20401] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 681.652987][T20401] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 681.656388][T20401] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 681.659329][T20401] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 681.702031][T20401] veth1_macvtap: left promiscuous mode [ 681.704121][T20401] veth0_macvtap: left promiscuous mode [ 681.706204][T20401] veth1_vlan: left promiscuous mode [ 681.708321][T20401] veth0_vlan: left promiscuous mode [ 683.037762][ T5961] Bluetooth: hci3: command tx timeout [ 683.232154][T10095] sctp: [Deprecated]: syz.2.16435 (pid 10095) Use of struct sctp_assoc_value in delayed_ack socket option. [ 683.232154][T10095] Use struct sctp_sack_info instead [ 683.455314][T20401] team0 (unregistering): Port device team_slave_1 removed [ 683.707807][T20401] team0 (unregistering): Port device team_slave_0 removed [ 685.107850][ T5961] Bluetooth: hci3: command tx timeout [ 685.258844][T10052] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 685.264060][ T5961] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 685.265893][T10052] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 685.278351][T10052] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 685.287198][T10052] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 685.401566][T10141] netlink: 4 bytes leftover after parsing attributes in process `syz.9.16452'. [ 685.441207][T10052] 8021q: adding VLAN 0 to HW filter on device bond0 [ 685.448792][T10052] 8021q: adding VLAN 0 to HW filter on device team0 [ 685.462664][T21556] bridge0: port 1(bridge_slave_0) entered blocking state [ 685.466113][T21556] bridge0: port 1(bridge_slave_0) entered forwarding state [ 685.478830][T21556] bridge0: port 2(bridge_slave_1) entered blocking state [ 685.480925][T21556] bridge0: port 2(bridge_slave_1) entered forwarding state [ 685.628654][T10052] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 685.652564][T10052] veth0_vlan: entered promiscuous mode [ 685.661463][T10052] veth1_vlan: entered promiscuous mode [ 685.683755][T10052] veth0_macvtap: entered promiscuous mode [ 685.691411][T10052] veth1_macvtap: entered promiscuous mode [ 685.701607][T10052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 685.705848][T10052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 685.709879][T10052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 685.713981][T10052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 685.719083][T10052] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 685.726461][T10052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 685.731644][T10052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 685.735648][T10052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 685.739648][T10052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 685.744546][T10052] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 685.751760][T10052] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 685.755281][T10052] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 685.758812][T10052] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 685.762270][T10052] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 685.822205][T20401] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 685.825548][T20401] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 685.842832][T24351] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 685.845852][T24351] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 685.909077][T10176] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 685.912236][T10176] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 685.915919][T10176] overlayfs: failed to set uuid (334/file1, err=-13); falling back to uuid=null. [ 686.011182][ T5921] usb 14-1: new high-speed USB device number 11 using dummy_hcd [ 686.157670][ T5921] usb 14-1: Using ep0 maxpacket: 8 [ 686.161597][ T5921] usb 14-1: config 168 descriptor has 1 excess byte, ignoring [ 686.164837][ T5921] usb 14-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 686.169412][ T5921] usb 14-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 686.173984][ T5921] usb 14-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 686.179297][ T5921] usb 14-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 686.184727][ T5921] usb 14-1: config 168 descriptor has 1 excess byte, ignoring [ 686.187962][ T5921] usb 14-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 686.192574][ T5921] usb 14-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 686.197172][ T5921] usb 14-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 686.201464][ T5921] usb 14-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 686.206671][ T5921] usb 14-1: config 168 descriptor has 1 excess byte, ignoring [ 686.209865][ T5921] usb 14-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 686.214209][ T5921] usb 14-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 686.218854][ T5921] usb 14-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 686.223331][ T5921] usb 14-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 686.230547][ T5921] usb 14-1: string descriptor 0 read error: -22 [ 686.233066][ T5921] usb 14-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 686.236722][ T5921] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 686.243974][ T5921] adutux 14-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 686.454689][T29395] usb 14-1: USB disconnect, device number 11 [ 686.596766][T10195] netlink: 24 bytes leftover after parsing attributes in process `syz.4.16478'. [ 687.148010][ T5955] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 687.317751][ T5955] usb 7-1: Using ep0 maxpacket: 8 [ 687.323301][ T5955] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 687.327315][ T5955] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 687.331082][ T5955] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 687.334638][ T5955] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 687.339191][ T5955] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 687.343607][ T5955] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 687.357668][ T5921] usb 9-1: new high-speed USB device number 31 using dummy_hcd [ 687.416839][T10225] input: syz0 as /devices/virtual/input/input93 [ 687.527689][ T5921] usb 9-1: Using ep0 maxpacket: 8 [ 687.531743][ T5921] usb 9-1: config index 0 descriptor too short (expected 301, got 45) [ 687.535029][ T5921] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 687.539106][ T5921] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 687.542772][ T5921] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 687.549622][ T5921] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 687.554435][ T5921] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 687.555313][ T5955] usb 7-1: GET_CAPABILITIES returned 0 [ 687.558134][ T5921] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 687.559821][ T5955] usbtmc 7-1:16.0: can't read capabilities [ 687.761728][T32314] usb 7-1: USB disconnect, device number 7 [ 687.773400][ T5921] usb 9-1: usb_control_msg returned -32 [ 687.773428][ T5921] usbtmc 9-1:16.0: can't read capabilities [ 687.995957][T21563] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 688.187307][ T5949] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 688.195117][ T5949] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 688.196284][ T5949] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 688.208393][ T5949] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 688.209216][ T5949] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 688.209586][ T5949] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 688.354698][T10238] chnl_net:caif_netlink_parms(): no params data found [ 688.460514][T10238] bridge0: port 1(bridge_slave_0) entered blocking state [ 688.460595][T10238] bridge0: port 1(bridge_slave_0) entered disabled state [ 688.460710][T10238] bridge_slave_0: entered allmulticast mode [ 688.461644][T10238] bridge_slave_0: entered promiscuous mode [ 688.463263][T10238] bridge0: port 2(bridge_slave_1) entered blocking state [ 688.463343][T10238] bridge0: port 2(bridge_slave_1) entered disabled state [ 688.463448][T10238] bridge_slave_1: entered allmulticast mode [ 688.464281][T10238] bridge_slave_1: entered promiscuous mode [ 688.503887][T10238] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 688.506470][T10238] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 688.552363][T10238] team0: Port device team_slave_0 added [ 688.555502][T10238] team0: Port device team_slave_1 added [ 688.593395][T10238] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 688.596799][T10238] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 688.596826][T10238] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 688.608843][T10238] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 688.608859][T10238] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 688.608880][T10238] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 688.656827][T10238] hsr_slave_0: entered promiscuous mode [ 688.660130][T10238] hsr_slave_1: entered promiscuous mode [ 688.662859][T10238] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 688.666480][T10238] Cannot create hsr debugfs directory [ 688.747201][ T40] audit: type=1326 audit(1743878899.186:11000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10255 comm="syz.9.16501" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 688.756964][ T40] audit: type=1326 audit(1743878899.186:11001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10255 comm="syz.9.16501" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 688.766693][ T40] audit: type=1326 audit(1743878899.196:11002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10255 comm="syz.9.16501" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 688.776008][ T40] audit: type=1326 audit(1743878899.196:11003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10255 comm="syz.9.16501" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 688.785192][ T40] audit: type=1326 audit(1743878899.196:11004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10255 comm="syz.9.16501" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 688.795916][ T40] audit: type=1326 audit(1743878899.196:11005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10255 comm="syz.9.16501" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 688.803856][ T40] audit: type=1326 audit(1743878899.196:11006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10255 comm="syz.9.16501" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 688.811425][ T40] audit: type=1326 audit(1743878899.196:11007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10255 comm="syz.9.16501" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 688.819089][ T40] audit: type=1326 audit(1743878899.206:11008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10255 comm="syz.9.16501" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 688.827033][ T40] audit: type=1326 audit(1743878899.206:11009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10255 comm="syz.9.16501" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 689.357830][T29299] usb 14-1: new high-speed USB device number 12 using dummy_hcd [ 689.529370][T29299] usb 14-1: config index 0 descriptor too short (expected 45, got 36) [ 689.532599][T29299] usb 14-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 689.537158][T29299] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 689.541756][T29299] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 689.545760][T29299] usb 14-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 689.550612][T29299] usb 14-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 689.553903][T29299] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 689.557163][T29299] usb 14-1: config 0 descriptor?? [ 689.559193][T10268] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 689.673348][T21563] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 689.744424][T21563] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 689.789099][T10282] hub 1-0:1.0: USB hub found [ 689.790723][T10282] hub 1-0:1.0: 2 ports detected [ 689.846822][T21563] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 689.948614][T21563] bridge_slave_1: left allmulticast mode [ 689.950873][T21563] bridge_slave_1: left promiscuous mode [ 689.953167][T21563] bridge0: port 2(bridge_slave_1) entered disabled state [ 689.963610][T21563] bridge_slave_0: left allmulticast mode [ 689.965850][T21563] bridge_slave_0: left promiscuous mode [ 689.968338][T21563] bridge0: port 1(bridge_slave_0) entered disabled state [ 689.970427][T29299] plantronics 0003:047F:FFFF.0023: unknown main item tag 0xe [ 689.974288][T29299] plantronics 0003:047F:FFFF.0023: No inputs registered, leaving [ 689.979309][T29299] plantronics 0003:047F:FFFF.0023: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.9-1/input0 [ 690.146505][T29299] usb 9-1: USB disconnect, device number 31 [ 690.172257][ T5955] kernel write not supported for file /uhid (pid: 5955 comm: kworker/0:3) [ 690.194272][ T5955] usb 14-1: USB disconnect, device number 12 [ 690.307819][ T5961] Bluetooth: hci3: command tx timeout [ 690.559584][T21563] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 690.566264][T21563] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 690.571945][T21563] bond0 (unregistering): Released all slaves [ 690.589655][T10314] netlink: 'syz.4.16530': attribute type 1 has an invalid length. [ 690.965460][T21563] hsr_slave_0: left promiscuous mode [ 690.971753][T21563] hsr_slave_1: left promiscuous mode [ 690.974520][T21563] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 690.977975][T21563] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 690.981450][T21563] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 690.984225][T21563] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 691.022972][T21563] veth1_macvtap: left promiscuous mode [ 691.025280][T21563] veth0_macvtap: left promiscuous mode [ 691.027452][T21563] veth1_vlan: left promiscuous mode [ 691.030120][T21563] veth0_vlan: left promiscuous mode [ 692.035799][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 692.395596][ T5961] Bluetooth: hci3: command tx timeout [ 692.814893][T21563] team0 (unregistering): Port device team_slave_1 removed [ 693.013059][T21563] team0 (unregistering): Port device team_slave_0 removed [ 694.467802][ T5961] Bluetooth: hci3: command tx timeout [ 694.480185][T10350] syzkaller1: entered promiscuous mode [ 694.482347][T10350] syzkaller1: entered allmulticast mode [ 694.631643][T10238] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 694.636241][T10238] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 694.653644][T10238] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 694.658364][T10238] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 694.726667][T10238] 8021q: adding VLAN 0 to HW filter on device bond0 [ 694.737296][T10238] 8021q: adding VLAN 0 to HW filter on device team0 [ 694.743318][T24351] bridge0: port 1(bridge_slave_0) entered blocking state [ 694.745386][T24351] bridge0: port 1(bridge_slave_0) entered forwarding state [ 694.750889][T24351] bridge0: port 2(bridge_slave_1) entered blocking state [ 694.752998][T24351] bridge0: port 2(bridge_slave_1) entered forwarding state [ 694.907233][T10238] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 694.958712][T10238] veth0_vlan: entered promiscuous mode [ 694.973588][T10238] veth1_vlan: entered promiscuous mode [ 694.995716][T10238] veth0_macvtap: entered promiscuous mode [ 695.004142][T10238] veth1_macvtap: entered promiscuous mode [ 695.016998][T10238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 695.021171][T10238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 695.024988][T10238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 695.032886][T10238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 695.038061][T10238] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 695.045092][T10238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 695.050355][T10238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 695.054260][T10238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 695.058295][T10238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 695.062742][T10238] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 695.082859][ T5949] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 695.091144][T10238] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.092120][ T5949] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 695.094611][T10238] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.100314][ T5949] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 695.104348][T10238] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.107899][T10238] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.108269][ T5949] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 695.115211][ T5949] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 695.118443][ T5949] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 695.169185][T21563] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.224543][T20378] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 695.226830][T20378] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 695.253317][T20382] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 695.255581][T20382] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 695.266047][T10392] netlink: 24 bytes leftover after parsing attributes in process `syz.9.16562'. [ 695.282703][T10392] team0: entered promiscuous mode [ 695.284215][T10392] team_slave_0: entered promiscuous mode [ 695.285982][T10392] team_slave_1: entered promiscuous mode [ 695.289829][T10392] batadv_slave_1: entered promiscuous mode [ 695.367817][T21563] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.411621][T10383] chnl_net:caif_netlink_parms(): no params data found [ 695.462884][T10399] tun0: tun_chr_ioctl cmd 1074025675 [ 695.464508][T10399] tun0: persist enabled [ 695.472448][T10399] tun0: tun_chr_ioctl cmd 1074025675 [ 695.474379][T10399] tun0: persist enabled [ 695.532621][T21563] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.543240][T10383] bridge0: port 1(bridge_slave_0) entered blocking state [ 695.545324][T10383] bridge0: port 1(bridge_slave_0) entered disabled state [ 695.547519][T10383] bridge_slave_0: entered allmulticast mode [ 695.549709][T10383] bridge_slave_0: entered promiscuous mode [ 695.556313][T10383] bridge0: port 2(bridge_slave_1) entered blocking state [ 695.558931][T10383] bridge0: port 2(bridge_slave_1) entered disabled state [ 695.561103][T10383] bridge_slave_1: entered allmulticast mode [ 695.563395][T10383] bridge_slave_1: entered promiscuous mode [ 695.598879][T10383] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 695.604375][T10383] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 695.640646][T10383] team0: Port device team_slave_0 added [ 695.661784][T21563] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.675773][T10383] team0: Port device team_slave_1 added [ 695.709424][T10383] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 695.712251][T10383] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 695.722254][T10383] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 695.728147][T10383] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 695.730980][T10383] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 695.742978][T10383] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 695.790913][T10383] hsr_slave_0: entered promiscuous mode [ 695.793869][T10383] hsr_slave_1: entered promiscuous mode [ 695.796487][T10383] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 695.799531][T10383] Cannot create hsr debugfs directory [ 696.079939][T21563] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 696.085648][T21563] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 696.090898][T21563] bond0 (unregistering): Released all slaves [ 696.145561][T10413] input: syz1 as /devices/virtual/input/input94 [ 696.505572][T21563] hsr_slave_0: left promiscuous mode [ 696.518765][T21563] hsr_slave_1: left promiscuous mode [ 696.521311][T21563] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 696.524287][T21563] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 696.528729][T21563] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 696.531397][T21563] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 696.578982][T21563] veth1_macvtap: left promiscuous mode [ 696.580843][T21563] veth0_macvtap: left promiscuous mode [ 696.582520][T21563] veth1_vlan: left promiscuous mode [ 696.584273][T21563] veth0_vlan: left promiscuous mode [ 697.196220][ T5961] Bluetooth: hci0: command tx timeout [ 698.277965][T21563] team0 (unregistering): Port device team_slave_1 removed [ 698.509798][T21563] team0 (unregistering): Port device team_slave_0 removed [ 699.277616][ T5961] Bluetooth: hci0: command tx timeout [ 700.204609][T10383] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 700.209709][T10383] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 700.236373][T10383] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 700.252596][T10383] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 700.289216][T10383] 8021q: adding VLAN 0 to HW filter on device bond0 [ 700.297377][T10383] 8021q: adding VLAN 0 to HW filter on device team0 [ 700.310728][ T8387] bridge0: port 1(bridge_slave_0) entered blocking state [ 700.313798][ T8387] bridge0: port 1(bridge_slave_0) entered forwarding state [ 700.324831][T20369] bridge0: port 2(bridge_slave_1) entered blocking state [ 700.327531][T20369] bridge0: port 2(bridge_slave_1) entered forwarding state [ 700.477944][T21563] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 700.495572][T10383] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 700.521604][T10383] veth0_vlan: entered promiscuous mode [ 700.526688][T10383] veth1_vlan: entered promiscuous mode [ 700.539146][T10383] veth0_macvtap: entered promiscuous mode [ 700.543733][T10383] veth1_macvtap: entered promiscuous mode [ 700.554236][T10383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 700.557146][T10383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 700.559967][T10383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 700.562824][T10383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 700.566831][T10383] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 700.572729][T10383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 700.576458][T10383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 700.579662][T10383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 700.582809][T10383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 700.587429][T10383] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 700.592992][T10383] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 700.596350][T10383] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 700.600089][T10383] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 700.602455][T10383] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 700.652851][T20401] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 700.655579][T20401] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 700.667688][T20382] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 700.670088][T20382] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 700.792403][T21563] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 700.913387][T21563] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 700.975810][T10465] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(3) [ 700.977717][T10465] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 700.980668][T10465] vhci_hcd vhci_hcd.0: Device attached [ 701.059945][ T5949] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 701.061998][T21563] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 701.066797][ T5949] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 701.073060][ T5949] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 701.079914][ T5949] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 701.083053][ T5949] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 701.085936][ T5949] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 701.184035][T10466] vhci_hcd: connection closed [ 701.184248][T20382] vhci_hcd: stop threads [ 701.191469][T20382] vhci_hcd: release socket [ 701.197028][T20382] vhci_hcd: disconnect device [ 701.219410][ T31] usb 55-1: new low-speed USB device number 2 using vhci_hcd [ 701.221788][ T31] usb 55-1: enqueue for inactive port 0 [ 701.222276][T21563] bridge_slave_1: left allmulticast mode [ 701.225957][T21563] bridge_slave_1: left promiscuous mode [ 701.229169][T21563] bridge0: port 2(bridge_slave_1) entered disabled state [ 701.235791][T21563] bridge_slave_0: left allmulticast mode [ 701.238313][T21563] bridge_slave_0: left promiscuous mode [ 701.240513][T21563] bridge0: port 1(bridge_slave_0) entered disabled state [ 701.288137][ T31] vhci_hcd: vhci_device speed not set [ 701.863727][T21563] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 701.872508][T21563] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 701.881440][T21563] bond0 (unregistering): Released all slaves [ 701.894376][T10468] chnl_net:caif_netlink_parms(): no params data found [ 702.132084][T10468] bridge0: port 1(bridge_slave_0) entered blocking state [ 702.137683][T10468] bridge0: port 1(bridge_slave_0) entered disabled state [ 702.140676][T10468] bridge_slave_0: entered allmulticast mode [ 702.147636][T10468] bridge_slave_0: entered promiscuous mode [ 702.153999][T10468] bridge0: port 2(bridge_slave_1) entered blocking state [ 702.156932][T10468] bridge0: port 2(bridge_slave_1) entered disabled state [ 702.160625][T10468] bridge_slave_1: entered allmulticast mode [ 702.163859][T10468] bridge_slave_1: entered promiscuous mode [ 702.225902][T10468] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 702.240366][T10468] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 702.280714][T10468] team0: Port device team_slave_0 added [ 702.283914][T10468] team0: Port device team_slave_1 added [ 702.311537][T10468] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 702.313653][T10468] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 702.326020][T10468] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 702.330805][T10468] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 702.333128][T10468] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 702.341993][T10468] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 702.348626][ T36] usb 14-1: new high-speed USB device number 13 using dummy_hcd [ 702.366318][T21563] hsr_slave_0: left promiscuous mode [ 702.368992][T21563] hsr_slave_1: left promiscuous mode [ 702.370901][T21563] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 702.373158][T21563] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 702.376131][T21563] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 702.378953][T21563] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 702.409322][T21563] veth1_macvtap: left promiscuous mode [ 702.411495][T21563] veth0_macvtap: left promiscuous mode [ 702.413647][T21563] veth1_vlan: left promiscuous mode [ 702.415701][T21563] veth0_vlan: left promiscuous mode [ 702.500069][ T36] usb 14-1: Using ep0 maxpacket: 16 [ 702.503082][ T36] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 702.506199][ T36] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 702.509249][ T36] usb 14-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 702.512360][ T36] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 702.523667][ T36] usb 14-1: config 0 descriptor?? [ 702.956867][ T36] input: HID 05ac:8241 as /devices/platform/dummy_hcd.9/usb14/14-1/14-1:0.0/0003:05AC:8241.0024/input/input95 [ 703.032167][ T36] appleir 0003:05AC:8241.0024: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.9-1/input0 [ 703.112739][ T5961] Bluetooth: hci0: command tx timeout [ 703.253419][ T5949] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 703.280024][ T5949] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 703.285986][ T5949] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 703.340861][ T5949] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 703.344429][ T5949] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 703.347961][ T5949] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 704.272597][T21563] team0 (unregistering): Port device team_slave_1 removed [ 704.476236][T21563] team0 (unregistering): Port device team_slave_0 removed [ 704.758415][ T5921] usb 14-1: USB disconnect, device number 13 [ 705.187683][ T5949] Bluetooth: hci0: command tx timeout [ 705.593434][ T5949] Bluetooth: hci3: command tx timeout [ 706.100908][T10468] hsr_slave_0: entered promiscuous mode [ 706.105355][T10468] hsr_slave_1: entered promiscuous mode [ 706.108915][T10468] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 706.111840][T10468] Cannot create hsr debugfs directory [ 706.382642][T10533] chnl_net:caif_netlink_parms(): no params data found [ 706.477343][T10533] bridge0: port 1(bridge_slave_0) entered blocking state [ 706.479467][T10533] bridge0: port 1(bridge_slave_0) entered disabled state [ 706.481889][T10533] bridge_slave_0: entered allmulticast mode [ 706.484683][T10533] bridge_slave_0: entered promiscuous mode [ 706.487731][T10533] bridge0: port 2(bridge_slave_1) entered blocking state [ 706.490463][T10533] bridge0: port 2(bridge_slave_1) entered disabled state [ 706.493362][T10533] bridge_slave_1: entered allmulticast mode [ 706.495974][T10533] bridge_slave_1: entered promiscuous mode [ 706.520984][ T5949] block nbd9: Receive control failed (result -104) [ 706.522733][T10552] block nbd9: shutting down sockets [ 706.525742][T10533] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 706.539537][T10533] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 706.570922][T10533] team0: Port device team_slave_0 added [ 706.574585][T10533] team0: Port device team_slave_1 added [ 706.659478][T21563] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 706.672274][T10533] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 706.674910][T10533] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 706.683147][T10533] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 706.691448][T10533] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 706.694053][T10533] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 706.701786][T10533] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 706.731400][T10533] hsr_slave_0: entered promiscuous mode [ 706.734450][T10533] hsr_slave_1: entered promiscuous mode [ 706.737252][T10533] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 706.740543][T10533] Cannot create hsr debugfs directory [ 706.780676][T21563] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 706.899528][T21563] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 706.946321][T10468] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 706.954304][T10468] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 706.959042][T10468] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 706.968745][T10468] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 706.992687][T21563] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 707.050065][T10468] 8021q: adding VLAN 0 to HW filter on device bond0 [ 707.096984][T10468] 8021q: adding VLAN 0 to HW filter on device team0 [ 707.119039][T20378] bridge0: port 1(bridge_slave_0) entered blocking state [ 707.121091][T20378] bridge0: port 1(bridge_slave_0) entered forwarding state [ 707.129331][T21563] bridge_slave_1: left allmulticast mode [ 707.131577][T21563] bridge_slave_1: left promiscuous mode [ 707.133934][T21563] bridge0: port 2(bridge_slave_1) entered disabled state [ 707.140611][T21563] bridge_slave_0: left allmulticast mode [ 707.142838][T21563] bridge_slave_0: left promiscuous mode [ 707.145074][T21563] bridge0: port 1(bridge_slave_0) entered disabled state [ 707.267722][ T5949] Bluetooth: hci0: command tx timeout [ 707.555859][T21563] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 707.559781][T21563] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 707.563162][T21563] bond0 (unregistering): Released all slaves [ 707.590228][ T8387] bridge0: port 2(bridge_slave_1) entered blocking state [ 707.592924][ T8387] bridge0: port 2(bridge_slave_1) entered forwarding state [ 707.667704][ T5949] Bluetooth: hci3: command tx timeout [ 707.829794][T10468] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 707.854068][T10468] veth0_vlan: entered promiscuous mode [ 707.864119][T10468] veth1_vlan: entered promiscuous mode [ 707.888459][T21563] hsr_slave_0: left promiscuous mode [ 707.891183][T21563] hsr_slave_1: left promiscuous mode [ 707.893761][T21563] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 707.896706][T21563] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 707.900809][T21563] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 707.903563][T21563] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 707.937807][T21563] veth1_macvtap: left promiscuous mode [ 707.939422][T21563] veth0_macvtap: left promiscuous mode [ 707.941000][T21563] veth1_vlan: left promiscuous mode [ 707.942481][T21563] veth0_vlan: left promiscuous mode [ 709.347751][ T5949] Bluetooth: hci0: command tx timeout [ 709.749537][T21563] team0 (unregistering): Port device team_slave_1 removed [ 709.757681][ T5949] Bluetooth: hci3: command tx timeout [ 709.978303][T21563] team0 (unregistering): Port device team_slave_0 removed [ 711.451341][T10468] veth0_macvtap: entered promiscuous mode [ 711.459153][T10468] veth1_macvtap: entered promiscuous mode [ 711.494426][T10468] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 711.499042][T10468] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 711.503925][T10468] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 711.511028][T10468] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 711.515122][T10468] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 711.521382][T10468] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 711.536928][T10468] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.540819][T10468] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.544550][T10468] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.548211][T10468] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.626986][ T113] ================================================================== [ 711.629253][ T113] BUG: KASAN: slab-use-after-free in folio_evictable+0x7b/0x270 [ 711.631465][ T113] Read of size 8 at addr ffff8880230ad328 by task kswapd0/113 [ 711.635132][ T113] [ 711.636972][ T113] CPU: 2 UID: 0 PID: 113 Comm: kswapd0 Not tainted 6.14.0-syzkaller #0 [ 711.636993][ T113] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 711.637003][ T113] Call Trace: [ 711.637012][ T113] [ 711.637020][ T113] dump_stack_lvl+0x116/0x1f0 [ 711.637047][ T113] print_report+0xc3/0x670 [ 711.637062][ T113] ? __virt_addr_valid+0x5e/0x590 [ 711.637078][ T113] ? __phys_addr+0xc6/0x150 [ 711.637094][ T113] kasan_report+0xd9/0x110 [ 711.637108][ T113] ? folio_evictable+0x7b/0x270 [ 711.637132][ T113] ? folio_evictable+0x7b/0x270 [ 711.637157][ T113] kasan_check_range+0xef/0x1a0 [ 711.637174][ T113] folio_evictable+0x7b/0x270 [ 711.637197][ T113] isolate_folios+0x6cf/0x2f20 [ 711.637220][ T113] ? __pfx_isolate_folios+0x10/0x10 [ 711.637237][ T113] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 711.637260][ T113] ? rcu_is_watching+0x12/0xc0 [ 711.637278][ T113] ? do_raw_spin_lock+0x12d/0x2c0 [ 711.637293][ T113] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 711.637308][ T113] ? lock_acquire+0x2f/0xb0 [ 711.637327][ T113] ? evict_folios+0x171/0x1ab0 [ 711.637343][ T113] evict_folios+0x190/0x1ab0 [ 711.637359][ T113] ? hlock_class+0x4e/0x130 [ 711.637374][ T113] ? mark_lock+0xb5/0xc60 [ 711.637394][ T113] ? __pfx_mark_lock+0x10/0x10 [ 711.637414][ T113] ? __pfx_mark_lock+0x10/0x10 [ 711.637434][ T113] ? hlock_class+0x4e/0x130 [ 711.637449][ T113] ? __lock_acquire+0x15a9/0x3c40 [ 711.637469][ T113] ? __pfx_evict_folios+0x10/0x10 [ 711.637487][ T113] ? hlock_class+0x4e/0x130 [ 711.637504][ T113] ? mem_cgroup_get_nr_swap_pages+0x20/0x120 [ 711.637521][ T113] ? sc_swappiness+0xd4/0x190 [ 711.637545][ T113] try_to_shrink_lruvec+0x5a2/0x9a0 [ 711.637565][ T113] ? find_held_lock+0x2d/0x110 [ 711.637581][ T113] ? __pfx_try_to_shrink_lruvec+0x10/0x10 [ 711.637599][ T113] ? shrink_node+0x2741/0x3e60 [ 711.637618][ T113] shrink_one+0x3e3/0x7b0 [ 711.637634][ T113] ? shrink_node+0x2741/0x3e60 [ 711.637651][ T113] shrink_node+0x2761/0x3e60 [ 711.637670][ T113] ? shrink_node+0x24b0/0x3e60 [ 711.637689][ T113] ? __pfx_shrink_node+0x10/0x10 [ 711.637705][ T113] ? percpu_ref_put_many.constprop.0+0x1b/0x150 [ 711.637730][ T113] ? balance_pgdat+0xbab/0x19c0 [ 711.637746][ T113] balance_pgdat+0xbab/0x19c0 [ 711.637769][ T113] ? __pfx_balance_pgdat+0x10/0x10 [ 711.637786][ T113] ? __pfx___lock_acquire+0x10/0x10 [ 711.637805][ T113] ? __schedule+0xf4b/0x5890 [ 711.637825][ T113] ? __pfx___lock_acquire+0x10/0x10 [ 711.637856][ T113] ? cgroup_freezing+0x155/0x3d0 [ 711.637881][ T113] kswapd+0x590/0xb70 [ 711.637899][ T113] ? __pfx_kswapd+0x10/0x10 [ 711.637915][ T113] ? __pfx_autoremove_wake_function+0x10/0x10 [ 711.637934][ T113] ? lockdep_hardirqs_on+0x7c/0x110 [ 711.637966][ T113] ? __kthread_parkme+0x148/0x220 [ 711.637984][ T113] ? __pfx_kswapd+0x10/0x10 [ 711.638000][ T113] kthread+0x3af/0x750 [ 711.638018][ T113] ? __pfx_kthread+0x10/0x10 [ 711.638039][ T113] ? __pfx_kthread+0x10/0x10 [ 711.638056][ T113] ret_from_fork+0x45/0x80 [ 711.638077][ T113] ? __pfx_kthread+0x10/0x10 [ 711.638095][ T113] ret_from_fork_asm+0x1a/0x30 [ 711.638117][ T113] [ 711.638124][ T113] [ 711.745638][ T113] Allocated by task 10624: [ 711.747012][ T113] kasan_save_stack+0x33/0x60 [ 711.748313][ T113] kasan_save_track+0x14/0x30 [ 711.749655][ T113] __kasan_slab_alloc+0x89/0x90 [ 711.751085][ T113] kmem_cache_alloc_lru_noprof+0x226/0x3d0 [ 711.752768][ T113] shmem_alloc_inode+0x25/0x50 [ 711.754590][ T113] alloc_inode+0x5d/0x230 [ 711.755835][ T113] new_inode+0x22/0x210 [ 711.757019][ T113] shmem_get_inode+0x194/0xf00 [ 711.758756][ T113] shmem_symlink+0xfe/0x890 [ 711.760060][ T113] vfs_symlink+0x3e8/0x660 [ 711.761503][ T113] do_symlinkat+0x263/0x310 [ 711.763146][ T113] __ia32_sys_symlinkat+0x93/0xc0 [ 711.764689][ T113] __do_fast_syscall_32+0x73/0x120 [ 711.766539][ T113] do_fast_syscall_32+0x32/0x80 [ 711.768299][ T113] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 711.770632][ T113] [ 711.771559][ T113] Freed by task 17: [ 711.773022][ T113] kasan_save_stack+0x33/0x60 [ 711.774855][ T113] kasan_save_track+0x14/0x30 [ 711.776665][ T113] kasan_save_free_info+0x3b/0x60 [ 711.778659][ T113] __kasan_slab_free+0x51/0x70 [ 711.780441][ T113] kmem_cache_free+0x2e2/0x4d0 [ 711.782127][ T113] i_callback+0x43/0x70 [ 711.783362][ T113] rcu_core+0x79d/0x14d0 [ 711.784550][ T113] handle_softirqs+0x213/0x8f0 [ 711.785903][ T113] run_ksoftirqd+0x3a/0x60 [ 711.787191][ T113] smpboot_thread_fn+0x661/0xa30 [ 711.788751][ T113] kthread+0x3af/0x750 [ 711.789940][ T113] ret_from_fork+0x45/0x80 [ 711.791279][ T113] ret_from_fork_asm+0x1a/0x30 [ 711.792865][ T113] [ 711.793830][ T113] Last potentially related work creation: [ 711.795873][ T113] kasan_save_stack+0x33/0x60 [ 711.797703][ T113] kasan_record_aux_stack+0xb8/0xd0 [ 711.799656][ T113] __call_rcu_common.constprop.0+0x9a/0x870 [ 711.801878][ T113] destroy_inode+0x12c/0x1b0 [ 711.803339][ T113] evict+0x5ed/0x960 [ 711.804464][ T113] iput+0x52a/0x890 [ 711.805498][ T113] do_unlinkat+0x5c3/0x760 [ 711.806974][ T113] __ia32_sys_unlink+0xc4/0x110 [ 711.808615][ T113] __do_fast_syscall_32+0x73/0x120 [ 711.810355][ T113] do_fast_syscall_32+0x32/0x80 [ 711.812210][ T113] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 711.814427][ T113] [ 711.815297][ T113] The buggy address belongs to the object at ffff8880230ace60 [ 711.815297][ T113] which belongs to the cache shmem_inode_cache of size 1544 [ 711.820269][ T113] The buggy address is located 1224 bytes inside of [ 711.820269][ T113] freed 1544-byte region [ffff8880230ace60, ffff8880230ad468) [ 711.824284][ T113] [ 711.825176][ T113] The buggy address belongs to the physical page: [ 711.827622][ T113] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x230a8 [ 711.830625][ T113] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 711.833448][ T113] memcg:ffff888012725801 [ 711.834927][ T113] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 711.837620][ T5949] Bluetooth: hci3: command tx timeout [ 711.837742][ T113] page_type: f5(slab) [ 711.837759][ T113] raw: 00fff00000000040 ffff8880404c5cc0 0000000000000000 dead000000000001 [ 711.844462][ T113] raw: 0000000000000000 0000000000130013 00000000f5000000 ffff888012725801 [ 711.847453][ T113] head: 00fff00000000040 ffff8880404c5cc0 0000000000000000 dead000000000001 [ 711.850579][ T113] head: 0000000000000000 0000000000130013 00000000f5000000 ffff888012725801 [ 711.853508][ T113] head: 00fff00000000003 ffffea00008c2a01 ffffffffffffffff 0000000000000000 [ 711.856728][ T113] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 711.860079][ T113] page dumped because: kasan: bad access detected [ 711.862552][ T113] page_owner tracks the page as allocated [ 711.864603][ T113] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 38, tgid 38 (kdevtmpfs), ts 6257235429, free_ts 0 [ 711.871292][ T113] post_alloc_hook+0x181/0x1b0 [ 711.873134][ T113] get_page_from_freelist+0xfce/0x2f80 [ 711.875182][ T113] __alloc_frozen_pages_noprof+0x221/0x2470 [ 711.877425][ T113] alloc_pages_mpol+0x1fc/0x540 [ 711.879265][ T113] new_slab+0x23d/0x330 [ 711.880873][ T113] ___slab_alloc+0xc5d/0x1720 [ 711.882682][ T113] __slab_alloc.constprop.0+0x56/0xb0 [ 711.884756][ T113] kmem_cache_alloc_lru_noprof+0xff/0x3d0 [ 711.886914][ T113] shmem_alloc_inode+0x25/0x50 [ 711.888739][ T113] alloc_inode+0x5d/0x230 [ 711.890419][ T113] new_inode+0x22/0x210 [ 711.891520][ T113] shmem_get_inode+0x194/0xf00 [ 711.892845][ T113] shmem_mknod+0x1a8/0x450 [ 711.894228][ T113] vfs_mknod+0x5d7/0x8e0 [ 711.895727][ T113] devtmpfs_work_loop+0x1a8/0x7d0 [ 711.897678][ T113] devtmpfsd+0x4c/0x50 [ 711.899248][ T113] page_owner free stack trace missing [ 711.901174][ T113] [ 711.902142][ T113] Memory state around the buggy address: [ 711.904203][ T113] ffff8880230ad200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 711.907151][ T113] ffff8880230ad280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 711.909998][ T113] >ffff8880230ad300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 711.912766][ T113] ^ [ 711.914593][ T113] ffff8880230ad380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 711.917595][ T113] ffff8880230ad400: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 711.920608][ T113] ================================================================== [ 711.923684][ T113] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 711.926226][ T113] CPU: 2 UID: 0 PID: 113 Comm: kswapd0 Not tainted 6.14.0-syzkaller #0 [ 711.928509][ T113] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 711.932299][ T113] Call Trace: [ 711.933560][ T113] [ 711.934728][ T113] dump_stack_lvl+0x3d/0x1f0 [ 711.936433][ T113] panic+0x71d/0x800 [ 711.937879][ T113] ? __pfx_panic+0x10/0x10 [ 711.939429][ T113] ? rcu_is_watching+0x12/0xc0 [ 711.941032][ T113] ? __pfx_lock_release+0x10/0x10 [ 711.942798][ T113] ? check_panic_on_warn+0x1f/0xb0 [ 711.944613][ T113] check_panic_on_warn+0xab/0xb0 [ 711.946535][ T113] end_report+0x117/0x180 [ 711.948212][ T113] kasan_report+0xe9/0x110 [ 711.949828][ T113] ? folio_evictable+0x7b/0x270 [ 711.951570][ T113] ? folio_evictable+0x7b/0x270 [ 711.953252][ T113] kasan_check_range+0xef/0x1a0 [ 711.955047][ T113] folio_evictable+0x7b/0x270 [ 711.956529][ T113] isolate_folios+0x6cf/0x2f20 [ 711.957898][ T113] ? __pfx_isolate_folios+0x10/0x10 [ 711.959381][ T113] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 711.960963][ T113] ? rcu_is_watching+0x12/0xc0 [ 711.962303][ T113] ? do_raw_spin_lock+0x12d/0x2c0 [ 711.963693][ T113] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 711.965207][ T113] ? lock_acquire+0x2f/0xb0 [ 711.966493][ T113] ? evict_folios+0x171/0x1ab0 [ 711.967840][ T113] evict_folios+0x190/0x1ab0 [ 711.969128][ T113] ? hlock_class+0x4e/0x130 [ 711.970354][ T113] ? mark_lock+0xb5/0xc60 [ 711.971580][ T113] ? __pfx_mark_lock+0x10/0x10 [ 711.972914][ T113] ? __pfx_mark_lock+0x10/0x10 [ 711.974256][ T113] ? hlock_class+0x4e/0x130 [ 711.975832][ T113] ? __lock_acquire+0x15a9/0x3c40 [ 711.977257][ T113] ? __pfx_evict_folios+0x10/0x10 [ 711.978664][ T113] ? hlock_class+0x4e/0x130 [ 711.979922][ T113] ? mem_cgroup_get_nr_swap_pages+0x20/0x120 [ 711.981551][ T113] ? sc_swappiness+0xd4/0x190 [ 711.982855][ T113] try_to_shrink_lruvec+0x5a2/0x9a0 [ 711.984242][ T113] ? find_held_lock+0x2d/0x110 [ 711.986027][ T113] ? __pfx_try_to_shrink_lruvec+0x10/0x10 [ 711.987843][ T113] ? shrink_node+0x2741/0x3e60 [ 711.989180][ T113] shrink_one+0x3e3/0x7b0 [ 711.990351][ T113] ? shrink_node+0x2741/0x3e60 [ 711.991883][ T113] shrink_node+0x2761/0x3e60 [ 711.993269][ T113] ? shrink_node+0x24b0/0x3e60 [ 711.994683][ T113] ? __pfx_shrink_node+0x10/0x10 [ 711.996601][ T113] ? percpu_ref_put_many.constprop.0+0x1b/0x150 [ 711.998948][ T113] ? balance_pgdat+0xbab/0x19c0 [ 712.000445][ T113] balance_pgdat+0xbab/0x19c0 [ 712.002182][ T113] ? __pfx_balance_pgdat+0x10/0x10 [ 712.003979][ T113] ? __pfx___lock_acquire+0x10/0x10 [ 712.005515][ T113] ? __schedule+0xf4b/0x5890 [ 712.006873][ T113] ? __pfx___lock_acquire+0x10/0x10 [ 712.008517][ T113] ? cgroup_freezing+0x155/0x3d0 [ 712.010297][ T113] kswapd+0x590/0xb70 [ 712.011873][ T113] ? __pfx_kswapd+0x10/0x10 [ 712.013640][ T113] ? __pfx_autoremove_wake_function+0x10/0x10 [ 712.016004][ T113] ? lockdep_hardirqs_on+0x7c/0x110 [ 712.018033][ T113] ? __kthread_parkme+0x148/0x220 [ 712.020141][ T113] ? __pfx_kswapd+0x10/0x10 [ 712.021911][ T113] kthread+0x3af/0x750 [ 712.023533][ T113] ? __pfx_kthread+0x10/0x10 [ 712.025072][ T113] ? __pfx_kthread+0x10/0x10 [ 712.026395][ T113] ret_from_fork+0x45/0x80 [ 712.027672][ T113] ? __pfx_kthread+0x10/0x10 [ 712.028973][ T113] ret_from_fork_asm+0x1a/0x30 [ 712.030328][ T113] [ 712.032387][ T113] Kernel Offset: disabled [ 712.034059][ T113] Rebooting in 86400 seconds.. VM DIAGNOSIS: 15:08:08 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=0000000000000003 RCX=ffffffff8168943e RDX=ffff888022c48000 RSI=ffffffff8168945b RDI=0000000000000000 RBP=ffffffff9a87b2e0 RSP=ffffc9000394f738 R8 =0000000000000000 R9 =0000000000000003 R10=0000000000000003 R11=ffffffff96f7bac8 R12=0000000000000003 R13=0000000000000003 R14=ffff88802b43fc80 R15=fffffbfff350f65c RIP=ffffffff8168945c RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002e412ff8 CR3=000000001ff98000 CR4=00352ef0 DR0=0000000000000680 DR1=0000000000000003 DR2=0000000000000007 DR3=0000000000000004 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000010 RBX=ffffffff96ea2c98 RCX=ffffffff8195e5ec RDX=0000000000000f82 RSI=0000000000000e85 RDI=0000000000000000 RBP=ffffffff944f4920 RSP=ffffc90000157cf8 R8 =ffffffff938d7352 R9 =00000000000524e9 R10=ffffffff96ea5f17 R11=0000000000000000 R12=ffffffff96c53398 R13=00000000000524e7 R14=ffffffff944e37a8 R15=dffffc0000000000 RIP=ffffffff8195e427 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b500000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002e417ffc CR3=0000000057158000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0639cd133317a316 0ab38dc8b5657930 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 dab062dbdbf342d5 82fb5e2f8e5a786d ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 e2aa75a6057b78a9 ca93a4da11246684 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 49d774d6e5f1af50 3f12c546bd297fd9 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ffffffff 0000000000000060 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000020 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f4afa1a30b70a094 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b13678b200000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 204bcc7667df35d6 35c00e6758b74e71 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000041dce974 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 384833f06267ad13 5a30b468331714d1 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6db32198d547a77e b3b6c1567fd01a40 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000033 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff853eaad5 RDI=ffffffff9ab72ea0 RBP=ffffffff9ab72e60 RSP=ffffc900021e6cf0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000033313154 R12=0000000000000000 R13=0000000000000033 R14=ffffffff9ab72e60 R15=0000000000000000 RIP=ffffffff853eaaff RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c2fd108 CR3=0000000057b84000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 13d1a8e6730ec061 04f7ff5eaed1bf75 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 9c96446489798db8 b8f4c105dbc6b114 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 757f683d704f8822 e92ba243c4f80dc7 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 372a4f1db44690d4 5140b1f52eee262e ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000003180 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 01afe6f378f441aa 01afe7b201afe987 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 41aaaaaa5ab40000 f87f00003a0a0000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001afaaaaaaaa e6fab37eaaaa0000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 01afece001afed4f b1fe000029100000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0906ff4a3380c5ff 7d129fe6f467f958 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a1f7561247041266 1514338b422fcfd4 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=ffff88802b646780 RCX=ffffffff81ade0da RDX=ffff888012290000 RSI=ffffffff81ade0b4 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc900065af920 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000008 R12=ffffed10056c8cf1 R13=0000000000000001 R14=ffff88802b73ffc0 R15=ffff88802b646788 RIP=ffffffff81b9f036 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7480048 CR3=000000000df80000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000