last executing test programs: 2.563209278s ago: executing program 0 (id=214): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000300)={0x1, 0x1000}, 0x4) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0x73220c8b}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000006b40)=[{{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000680)=""/248, 0xf8}], 0x1}, 0x7}, {{0x0, 0x0, 0x0}, 0x253}], 0x2, 0x0, 0x0) 1.70444239s ago: executing program 0 (id=232): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000004, 0x28011, r2, 0x0) ftruncate(r2, 0x796c) ioctl$VIDIOC_QBUF(r1, 0xc058ff0b, &(0x7f0000000200)=@mmap={0x1, 0x1, 0x4, 0x10, 0x200, {}, {0x3, 0x8, 0xe, 0x9f, 0x0, 0x7b, "c16599e2"}, 0xabdb, 0x1, {}, 0xbaa, 0x0, r2}) 1.643117933s ago: executing program 0 (id=235): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x60880, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd25, 0x6, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_FLAGS={0x8, 0x2f, 0xc}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20151}, 0x44010) 1.575465009s ago: executing program 3 (id=238): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440), 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) sendto$packet(r1, &(0x7f0000000600)="5f0efc", 0xfffffffffffffe4c, 0x44, 0x0, 0x0) 1.52708382s ago: executing program 3 (id=241): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0xdafbe5d6891b6e4) write$binfmt_elf32(r2, 0x0, 0x69) 1.523112965s ago: executing program 0 (id=242): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) process_vm_writev(r0, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 1.468393697s ago: executing program 3 (id=243): r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00', 0x0}) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000001780)=0x100000, 0x4) bind$xdp(r0, &(0x7f0000000240)={0x2c, 0x1, r2, 0x0, r3}, 0x10) 1.338288351s ago: executing program 3 (id=245): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) ioperm(0x0, 0x2, 0x7e) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000080)=[{&(0x7f0000000500)='|', 0x1}], 0x1, 0x0) 1.170349182s ago: executing program 0 (id=248): r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) close(r0) socket$inet6(0xa, 0x2, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000001c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) sendmmsg$inet6(r0, &(0x7f0000004540)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x81, @loopback, 0xd}, 0x1c, 0x0}}, {{&(0x7f0000001600)={0xa, 0x4e22, 0x9, @private1}, 0x1c, 0x0, 0x0, &(0x7f0000001940)=[@rthdr_2292={{0x18, 0x29, 0x39, {0x3b, 0x0, 0x1, 0x3}}}], 0x18}}], 0x2, 0x20010080) 654.741777ms ago: executing program 2 (id=255): r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x9) fchdir(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) lseek(r2, 0xfffffffffffffffd, 0x0) 653.172867ms ago: executing program 2 (id=257): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(ecb-aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="119b030e7deba3ec69da3c0cce0764c6baa1660000000000000000000000b8000000000000000000", 0x28) r1 = accept4(r0, 0x0, 0x0, 0x80000) readv(r1, &(0x7f0000000700)=[{&(0x7f00000002c0)=""/81, 0x51}, {&(0x7f0000000340)=""/174, 0xae}], 0x2) sendmmsg$alg(r1, &(0x7f0000004bc0)=[{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000180)="68a715ce02945ccb081f8a540e8bac70e607e594cafea6f7d24b10498c26de5ece1ea2814d46202bbaf9be96f9b0b4e5faaa7ef4b571ea666bec879d5eddeb0c3dda204166ebd2167df951ca315a44041af603a57f96c5382154e1e850c5b52a57c972f86c66b7f4261c22187af14049fab89a", 0x73}], 0x1, 0x0, 0x0, 0x240000c0}], 0x1, 0x844) 554.119012ms ago: executing program 1 (id=258): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newtaction={0x18, 0x30, 0x9, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000004000ffff0900010073797a30000000000900020073797a31000000001400038008"], 0x138}, 0x1, 0x0, 0x0, 0x20040855}, 0x4000000) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd0002800800"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) 446.443973ms ago: executing program 2 (id=259): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x10, 0x0, 0x7}]}) 446.114877ms ago: executing program 3 (id=260): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) read(r0, &(0x7f00000002c0)=""/153, 0x99) 445.466211ms ago: executing program 1 (id=261): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f00000005c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x40, r2, 0x1, 0x1070bd0c, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x2a8}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0xffffffffffff5d5b}]}, 0x40}, 0x1, 0x0, 0x0, 0x40811}, 0x20) 392.482986ms ago: executing program 2 (id=262): lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x1) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000180100002020692100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) 325.950558ms ago: executing program 1 (id=263): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x972, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ftruncate(r0, 0x81ff) 325.663152ms ago: executing program 2 (id=264): pipe(&(0x7f00000045c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000019c0)=[{&(0x7f0000001a00)="ce", 0x1}], 0x1, 0x1) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x80000) splice(r0, 0x0, r3, 0x0, 0x2, 0xe) 238.374653ms ago: executing program 0 (id=265): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x4c) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d05c164a534308", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$IPCTNL_MSG_EXP_GET(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[], 0xa8}, 0x1, 0x0, 0x0, 0x1}, 0x8000) recvfrom$rxrpc(r1, &(0x7f0000000000)=""/172, 0xac, 0x40010002, 0x0, 0x0) 238.005299ms ago: executing program 2 (id=266): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x60002) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000480)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0684113, &(0x7f0000000040)={0x1, 0xfffff800, 0x1000, 0x4000a, 0x8, 0xfffff082, 0x4, 0x6, 0x7, 0x40, 0xffffffff, 0x1}) 113.908882ms ago: executing program 1 (id=267): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1e0000006700000008000000ad00000008680100", @ANYRES32=0x1, @ANYBLOB="8100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0300000003000000040000000500"/24, @ANYRES32, @ANYBLOB="09307d6a0e148981ad707c8109465f716c65be6e8570487e585dcd7d60c83a6c4c8361062446f4f5bc5c58562c"], 0x50) mount$overlay(0x0, 0x0, 0x0, 0x800, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) 86.768024ms ago: executing program 3 (id=268): unshare(0x20000400) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r0, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) ppoll(&(0x7f00000000c0)=[{r0, 0x260}], 0x1, 0x0, 0x0, 0x0) 256.137µs ago: executing program 1 (id=269): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private0, 0x809}, {0xa, 0x8, 0x0, @empty}, 0x2, {[0x0, 0x1, 0xfffffffe, 0x0, 0xffffffff]}}, 0x5c) setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}, 0x0, {[0x1, 0x0, 0x0, 0x0, 0x9]}}, 0x5c) setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f00000001c0)={{0xa, 0x0, 0x0, @remote}, {0xa, 0x4e22, 0x0, @mcast1}}, 0x5c) setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private2}, {0xa, 0x0, 0x0, @empty}}, 0x5c) setsockopt$MRT6_FLUSH(r0, 0x29, 0xd4, &(0x7f00000000c0)=0x7, 0x4) 0s ago: executing program 1 (id=270): r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0xfffffffd, @empty}, 0x1c) r1 = dup(r0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x1298c2, 0x0) ftruncate(r2, 0x200004) sendfile(r1, r2, 0x0, 0x80001d00c0d1) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:22576' (ED25519) to the list of known hosts. [ 48.323731][ T5908] cgroup: Unknown subsys name 'net' [ 48.465748][ T5908] cgroup: Unknown subsys name 'cpuset' [ 48.469902][ T5908] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 49.335676][ T5908] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 52.879399][ T5304] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 52.883938][ T5953] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 52.886860][ T5953] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 52.889352][ T5950] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 52.889431][ T5953] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 52.889472][ T5954] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 52.890237][ T5954] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 52.890450][ T5954] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 52.890906][ T5954] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 52.891279][ T5954] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 52.892857][ T5954] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 52.892905][ T5950] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 52.893795][ T5950] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 52.894346][ T5955] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 52.894577][ T5953] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 52.894898][ T5953] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 52.900438][ T5953] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 52.901713][ T5955] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 52.905192][ T5953] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 52.926172][ T5955] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 53.178703][ T5946] chnl_net:caif_netlink_parms(): no params data found [ 53.186817][ T5940] chnl_net:caif_netlink_parms(): no params data found [ 53.215400][ T5951] chnl_net:caif_netlink_parms(): no params data found [ 53.301620][ T5941] chnl_net:caif_netlink_parms(): no params data found [ 53.375548][ T5946] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.379311][ T5946] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.382638][ T5946] bridge_slave_0: entered allmulticast mode [ 53.386741][ T5946] bridge_slave_0: entered promiscuous mode [ 53.417732][ T5946] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.420843][ T5946] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.424119][ T5946] bridge_slave_1: entered allmulticast mode [ 53.427804][ T5946] bridge_slave_1: entered promiscuous mode [ 53.446483][ T5951] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.449408][ T5951] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.451789][ T5951] bridge_slave_0: entered allmulticast mode [ 53.454569][ T5951] bridge_slave_0: entered promiscuous mode [ 53.457887][ T5951] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.460355][ T5951] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.462972][ T5951] bridge_slave_1: entered allmulticast mode [ 53.465645][ T5951] bridge_slave_1: entered promiscuous mode [ 53.492358][ T5946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.516067][ T5940] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.518423][ T5940] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.520908][ T5940] bridge_slave_0: entered allmulticast mode [ 53.524573][ T5940] bridge_slave_0: entered promiscuous mode [ 53.529294][ T5946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.557442][ T5940] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.560492][ T5940] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.564922][ T5940] bridge_slave_1: entered allmulticast mode [ 53.568801][ T5940] bridge_slave_1: entered promiscuous mode [ 53.573545][ T5951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.582655][ T5946] team0: Port device team_slave_0 added [ 53.593528][ T5941] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.595831][ T5941] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.598053][ T5941] bridge_slave_0: entered allmulticast mode [ 53.600911][ T5941] bridge_slave_0: entered promiscuous mode [ 53.604731][ T5951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.608637][ T5946] team0: Port device team_slave_1 added [ 53.627378][ T5941] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.629670][ T5941] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.631991][ T5941] bridge_slave_1: entered allmulticast mode [ 53.635194][ T5941] bridge_slave_1: entered promiscuous mode [ 53.650248][ T5940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.665302][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.667617][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.675860][ T5946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.681044][ T5940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.685073][ T5951] team0: Port device team_slave_0 added [ 53.688255][ T5941] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.697894][ T5941] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.701755][ T5951] team0: Port device team_slave_1 added [ 53.704100][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.706483][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.717372][ T5946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.762631][ T5940] team0: Port device team_slave_0 added [ 53.775515][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.777977][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.786101][ T5951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.791924][ T5940] team0: Port device team_slave_1 added [ 53.795525][ T5941] team0: Port device team_slave_0 added [ 53.798210][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.800441][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.809617][ T5951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.833611][ T5941] team0: Port device team_slave_1 added [ 53.877256][ T5946] hsr_slave_0: entered promiscuous mode [ 53.880053][ T5946] hsr_slave_1: entered promiscuous mode [ 53.892082][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.894933][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.903584][ T5940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.907817][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.910700][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.921695][ T5941] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.932971][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.935923][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.944529][ T5941] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.949513][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.951666][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.960607][ T5940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.967268][ T5951] hsr_slave_0: entered promiscuous mode [ 53.969632][ T5951] hsr_slave_1: entered promiscuous mode [ 53.971789][ T5951] debugfs: 'hsr0' already exists in 'hsr' [ 53.973886][ T5951] Cannot create hsr debugfs directory [ 54.046057][ T5941] hsr_slave_0: entered promiscuous mode [ 54.049318][ T5941] hsr_slave_1: entered promiscuous mode [ 54.052307][ T5941] debugfs: 'hsr0' already exists in 'hsr' [ 54.054913][ T5941] Cannot create hsr debugfs directory [ 54.065863][ T5940] hsr_slave_0: entered promiscuous mode [ 54.069061][ T5940] hsr_slave_1: entered promiscuous mode [ 54.072059][ T5940] debugfs: 'hsr0' already exists in 'hsr' [ 54.074575][ T5940] Cannot create hsr debugfs directory [ 54.401769][ T5946] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 54.408173][ T5946] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 54.418438][ T5946] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 54.425185][ T5946] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 54.464988][ T5951] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 54.470436][ T5951] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 54.482514][ T5951] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 54.492503][ T5951] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 54.532891][ T5941] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 54.544879][ T5941] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 54.552206][ T5941] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 54.563222][ T5941] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 54.629388][ T5940] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 54.634829][ T5940] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 54.641736][ T5940] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 54.649794][ T5940] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 54.688235][ T5946] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.717087][ T5946] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.732459][ T5951] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.737679][ T76] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.740125][ T76] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.750599][ T76] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.753772][ T76] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.784917][ T5941] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.801536][ T5951] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.819280][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.821605][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.827120][ T5941] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.834673][ T1142] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.836994][ T1142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.846559][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.848835][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.858247][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.861189][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.876857][ T5940] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.904254][ T5940] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.914596][ T76] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.916922][ T76] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.924178][ T5955] Bluetooth: hci2: command tx timeout [ 54.924468][ T5953] Bluetooth: hci1: command tx timeout [ 54.928898][ T5304] Bluetooth: hci0: command tx timeout [ 54.945299][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.947731][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.956954][ T5951] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.990805][ T5946] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.003405][ T5304] Bluetooth: hci3: command tx timeout [ 55.033089][ T5946] veth0_vlan: entered promiscuous mode [ 55.039102][ T5946] veth1_vlan: entered promiscuous mode [ 55.064082][ T5946] veth0_macvtap: entered promiscuous mode [ 55.068865][ T5946] veth1_macvtap: entered promiscuous mode [ 55.081778][ T5941] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.088947][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.098403][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.111049][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.115950][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.121536][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.125779][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.131562][ T5951] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.215423][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.218248][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.241547][ T5940] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.246101][ T5951] veth0_vlan: entered promiscuous mode [ 55.252167][ T5941] veth0_vlan: entered promiscuous mode [ 55.260327][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.263994][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.271857][ T5951] veth1_vlan: entered promiscuous mode [ 55.276265][ T5941] veth1_vlan: entered promiscuous mode [ 55.313352][ T5946] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 55.325562][ T5951] veth0_macvtap: entered promiscuous mode [ 55.331703][ T5940] veth0_vlan: entered promiscuous mode [ 55.335691][ T5941] veth0_macvtap: entered promiscuous mode [ 55.341280][ T5951] veth1_macvtap: entered promiscuous mode [ 55.356434][ T5941] veth1_macvtap: entered promiscuous mode [ 55.366564][ T5940] veth1_vlan: entered promiscuous mode [ 55.374326][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.396656][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.406330][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.423256][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.426181][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.431783][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.435605][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.439953][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.473631][ T62] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.484576][ T40] audit: type=1326 audit(1769165832.933:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6033 comm="syz.1.6" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf743d579 code=0x0 [ 55.492978][ T62] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.499229][ T62] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.503161][ T5940] veth0_macvtap: entered promiscuous mode [ 55.506301][ T62] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.527016][ T5940] veth1_macvtap: entered promiscuous mode [ 55.530888][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.535712][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.542864][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.558960][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.570047][ T1184] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.574472][ T1184] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.583506][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.586018][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.591880][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.595124][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.606498][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.609343][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.617101][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.619759][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.653770][ T1049] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.656561][ T1049] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.699676][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.706020][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.948437][ T6062] Bluetooth: MGMT ver 1.23 [ 55.994908][ T6064] macvlan2: entered promiscuous mode [ 55.997871][ T6064] macvlan2: entered allmulticast mode [ 55.999711][ T6064] gretap0: entered allmulticast mode [ 56.053442][ T24] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 56.225954][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 56.229777][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 56.233520][ T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 56.237728][ T24] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 56.240764][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 56.245493][ T24] usb 5-1: config 0 descriptor?? [ 56.382828][ T6076] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 64993 [ 56.459583][ T6079] netlink: 4 bytes leftover after parsing attributes in process `syz.2.19'. [ 56.473565][ T6079] vxlan0: entered promiscuous mode [ 56.476708][ T76] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 56.483456][ T76] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 56.486894][ T76] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 56.490132][ T76] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 56.515235][ T40] audit: type=1326 audit(1769165833.963:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6080 comm="syz.1.20" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf743d579 code=0x0 [ 56.666030][ T24] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x6 [ 56.675100][ T24] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 56.831732][ T6091] syz.3.23 uses obsolete (PF_INET,SOCK_PACKET) [ 56.873911][ T6093] input: syz0 as /devices/virtual/input/input5 [ 57.003457][ T5304] Bluetooth: hci1: command tx timeout [ 57.003478][ T5953] Bluetooth: hci0: command tx timeout [ 57.013473][ T5953] Bluetooth: hci2: command tx timeout [ 57.085228][ T5953] Bluetooth: hci3: command tx timeout [ 57.231497][ T6107] syzkaller1: entered promiscuous mode [ 57.233470][ T6107] syzkaller1: entered allmulticast mode [ 58.076110][ T6139] ptrace attach of "/syz-executor exec"[5946] was attempted by ""[6139] [ 58.272540][ T6143] netlink: 'syz.1.45': attribute type 1 has an invalid length. [ 58.643225][ T5962] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 58.669415][ T6082] libceph: connect (1)[c::]:6789 error -101 [ 58.671619][ T6082] libceph: mon0 (1)[c::]:6789 connect error [ 58.684713][ T6027] usb 5-1: USB disconnect, device number 2 [ 58.720812][ T6082] libceph: connect (1)[c::]:6789 error -101 [ 58.723670][ T6082] libceph: mon0 (1)[c::]:6789 connect error [ 58.793215][ T5962] usb 6-1: Using ep0 maxpacket: 16 [ 58.796919][ T5962] usb 6-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 58.800021][ T5962] usb 6-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 58.803541][ T5962] usb 6-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 58.807610][ T5962] usb 6-1: config 1 interface 0 has no altsetting 0 [ 58.811551][ T5962] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 58.814627][ T5962] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 58.817176][ T5962] usb 6-1: Product: syz [ 58.818588][ T5962] usb 6-1: Manufacturer: syz [ 58.820095][ T5962] usb 6-1: SerialNumber: syz [ 58.934176][ T6082] libceph: connect (1)[c::]:6789 error -101 [ 58.936676][ T6082] libceph: mon0 (1)[c::]:6789 connect error [ 58.983538][ T6082] libceph: connect (1)[c::]:6789 error -101 [ 58.985522][ T6082] libceph: mon0 (1)[c::]:6789 connect error [ 59.032986][ T5962] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 59.083992][ T5953] Bluetooth: hci2: command tx timeout [ 59.084057][ T5304] Bluetooth: hci0: command tx timeout [ 59.084075][ T5955] Bluetooth: hci1: command tx timeout [ 59.163681][ T5304] Bluetooth: hci3: command tx timeout [ 59.410659][ T6167] netlink: 12 bytes leftover after parsing attributes in process `syz.0.52'. [ 59.443403][ T6082] libceph: connect (1)[c::]:6789 error -101 [ 59.445519][ T6082] libceph: mon0 (1)[c::]:6789 connect error [ 59.492607][ T24] usb 6-1: USB disconnect, device number 2 [ 59.493387][ T6082] libceph: connect (1)[c::]:6789 error -101 [ 59.496252][ T6154] ceph: No mds server is up or the cluster is laggy [ 59.497918][ T6082] libceph: mon0 (1)[c::]:6789 connect error [ 59.499821][ T6157] ceph: No mds server is up or the cluster is laggy [ 59.499983][ T24] usblp0: removed [ 61.163711][ T5304] Bluetooth: hci2: command tx timeout [ 61.165081][ T5955] Bluetooth: hci0: command tx timeout [ 61.167943][ T5953] Bluetooth: hci1: command tx timeout [ 61.204379][ T6259] input: syz0 as /devices/virtual/input/input7 [ 61.244423][ T5953] Bluetooth: hci3: command tx timeout [ 61.246759][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 61.249821][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 61.255661][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 61.408459][ T6276] netfs: Couldn't get user pages (rc=-14) [ 61.410380][ T6276] netfs: Zero-sized read [R=2] [ 61.444425][ T6283] overlayfs: failed to verify upper (16/file0, ino=102, err=-116) [ 61.447163][ T6283] overlayfs: failed to verify index dir 'upper' xattr [ 61.450451][ T6283] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 61.623580][ T6304] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 61.645447][ T40] audit: type=1326 audit(1769165839.093:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6294 comm="syz.1.108" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf743d579 code=0x0 [ 61.650477][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 61.813852][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 62.157650][ T6330] netlink: 4 bytes leftover after parsing attributes in process `syz.0.121'. [ 62.166426][ T6330] netlink: 4 bytes leftover after parsing attributes in process `syz.0.121'. [ 62.283468][ T6009] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 62.344736][ T6339] netlink: 'syz.2.125': attribute type 1 has an invalid length. [ 62.358753][ T6339] 8021q: adding VLAN 0 to HW filter on device bond1 [ 62.380003][ T6339] bond1: (slave geneve2): making interface the new active one [ 62.383159][ T6339] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 62.385887][ T6339] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 62.388759][ T6339] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 62.409500][ T1184] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 62.416210][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 62.737002][ T6357] sch_tbf: peakrate 8549945181820996323 is lower than or equals to rate 17957804990220743361 ! [ 62.801569][ T6361] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 64.773618][ T6487] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 64.776080][ T6487] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 64.780589][ T6487] vhci_hcd vhci_hcd.0: Device attached [ 64.952582][ T6499] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.190'. [ 65.004241][ T40] audit: type=1326 audit(1769165842.443:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6500 comm="syz.0.191" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fb6579 code=0x0 [ 65.063364][ T6027] usb 44-1: SetAddress Request (2) to port 0 [ 65.066090][ T6027] usb 44-1: new SuperSpeed USB device number 2 using vhci_hcd [ 65.088573][ T6488] vhci_hcd: connection closed [ 65.089628][ T13] vhci_hcd vhci_hcd.3: stop threads [ 65.094792][ T13] vhci_hcd vhci_hcd.3: release socket [ 65.097890][ T13] vhci_hcd vhci_hcd.3: disconnect device [ 65.702580][ T6513] loop7: detected capacity change from 0 to 7 [ 65.709879][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 65.713023][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 65.716610][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 65.719776][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 65.722613][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 65.726482][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 65.729730][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 65.733251][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 65.736193][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 65.739266][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 65.742571][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 65.745743][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 65.748534][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 65.751850][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 65.754525][ T5945] ldm_validate_partition_table(): Disk read failed. [ 65.757954][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 65.761043][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 65.764352][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 65.767616][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 65.770328][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 65.773543][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 65.776683][ T5945] Dev loop7: unable to read RDB block 0 [ 65.779117][ T5945] loop7: unable to read partition table [ 65.781131][ T5945] loop7: partition table beyond EOD, truncated [ 65.788411][ T6513] ldm_validate_partition_table(): Disk read failed. [ 65.791277][ T6513] Dev loop7: unable to read RDB block 0 [ 65.794342][ T6513] loop7: unable to read partition table [ 65.796826][ T6513] loop7: partition table beyond EOD, truncated [ 65.800387][ T6513] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 65.911090][ T6517] netlink: 4 bytes leftover after parsing attributes in process `syz.0.197'. [ 65.921978][ T6517] vxlan0: entered promiscuous mode [ 65.927573][ T13] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 65.931702][ T13] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 65.935577][ T13] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 65.938933][ T13] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 65.993290][ T1022] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 66.143283][ T1022] usb 8-1: Using ep0 maxpacket: 32 [ 66.147082][ T1022] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 66.150467][ T1022] usb 8-1: config 0 has no interface number 0 [ 66.155301][ T1022] usb 8-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 66.159168][ T1022] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 66.173287][ T1022] usb 8-1: Product: syz [ 66.175037][ T1022] usb 8-1: Manufacturer: syz [ 66.176941][ T1022] usb 8-1: SerialNumber: syz [ 66.185746][ T1022] usb 8-1: config 0 descriptor?? [ 66.192772][ T1022] usb 8-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 66.198173][ T1022] usb 8-1: selecting invalid altsetting 1 [ 66.200102][ T1022] usb 8-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 66.206734][ T1022] usb 8-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 66.210219][ T1022] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 66.213244][ T1022] usb 8-1: media controller created [ 66.220070][ T1022] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 66.265570][ T6523] net_ratelimit: 14 callbacks suppressed [ 66.265582][ T6523] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 66.328398][ T6525] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2799626000 (89588032000 ns) > initial count (68918506848 ns). Using initial count to start timer. [ 66.399956][ T1022] usb 8-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 66.402364][ T1022] zl10353_read_register: readreg error (reg=127, ret==-71) [ 66.406154][ T1022] usb 8-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 66.432365][ T1022] usb 8-1: USB disconnect, device number 2 [ 66.443926][ T5962] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 66.741247][ T6531] netlink: 'syz.0.203': attribute type 9 has an invalid length. [ 66.744589][ T6531] netlink: 'syz.0.203': attribute type 11 has an invalid length. [ 66.747369][ T6531] netlink: 'syz.0.203': attribute type 12 has an invalid length. [ 66.749895][ T6531] netlink: 210020 bytes leftover after parsing attributes in process `syz.0.203'. [ 66.753018][ T6531] netlink: 4 bytes leftover after parsing attributes in process `syz.0.203'. [ 66.754732][ C1] vcan0: j1939_tp_rxtimer: 0xffff888012642000: rx timeout, send abort [ 66.760108][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888012642000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 66.863801][ T1049] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 66.965270][ T6540] bond1: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 66.978085][ T6540] bond1 (unregistering): Released all slaves [ 67.001765][ T6547] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 67.016082][ T6549] loop9: detected capacity change from 0 to 7 [ 67.139479][ T5945] Dev loop9: unable to read RDB block 7 [ 67.141319][ T5945] loop9: unable to read partition table [ 67.143534][ T5945] loop9: partition table beyond EOD, truncated [ 67.143737][ T6553] Invalid logical block size (1) [ 67.210813][ T6559] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.281169][ T6549] Dev loop9: unable to read RDB block 7 [ 67.284332][ T6549] loop9: unable to read partition table [ 67.286550][ T6549] loop9: partition table beyond EOD, truncated [ 67.296825][ T6549] loop_reread_partitions: partition scan of loop9 () failed (rc=-5) [ 67.296984][ T6559] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.369945][ T6559] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.484661][ T5962] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 67.499554][ T6559] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.667755][ T13] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.681427][ T13] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.695173][ T13] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.707253][ T13] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.884384][ T6578] netlink: 28 bytes leftover after parsing attributes in process `syz.3.220'. [ 67.984457][ T1142] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 68.200999][ T6599] netlink: 28 bytes leftover after parsing attributes in process `syz.2.230'. [ 68.284828][ T873] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 68.287815][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 68.296778][ T6008] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 68.433786][ T6631] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 68.474694][ T6625] Zero length message leads to an empty skb [ 68.534757][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 69.298013][ T40] audit: type=1804 audit(1769165846.743:6): pid=6660 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.256" name="/newroot/50/file0/file0" dev="9p" ino=72614083 res=1 errno=0 [ 69.432521][ T6670] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.258'. [ 69.828836][ T6692] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.267'. [ 69.839041][ T5953] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 69.843042][ T5953] CPU: 0 UID: 0 PID: 5953 Comm: kworker/u33:5 Not tainted syzkaller #0 PREEMPT(full) [ 69.843059][ T5953] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 69.843066][ T5953] Workqueue: hci3 hci_rx_work [ 69.843083][ T5953] Call Trace: [ 69.843088][ T5953] [ 69.843093][ T5953] dump_stack_lvl+0x100/0x190 [ 69.843121][ T5953] sysfs_warn_dup.cold+0x1c/0x28 [ 69.843137][ T5953] sysfs_create_dir_ns+0x24b/0x2b0 [ 69.843153][ T5953] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 69.843166][ T5953] ? find_held_lock+0x2b/0x80 [ 69.843177][ T5953] ? kobject_add_internal+0x25f/0x930 [ 69.843192][ T5953] ? kobject_add_internal+0x25f/0x930 [ 69.843207][ T5953] ? do_raw_spin_unlock+0x145/0x1e0 [ 69.843225][ T5953] kobject_add_internal+0x2c8/0x930 [ 69.843243][ T5953] kobject_add+0x16a/0x1e0 [ 69.843257][ T5953] ? __pfx_kobject_add+0x10/0x10 [ 69.843271][ T5953] ? class_to_subsys+0x10f/0x150 [ 69.843288][ T5953] ? kobject_put+0xb9/0x640 [ 69.843300][ T5953] ? _raw_spin_unlock+0x28/0x50 [ 69.843314][ T5953] device_add+0x294/0x1950 [ 69.843329][ T5953] ? __pfx_dev_set_name+0x10/0x10 [ 69.843346][ T5953] ? __pfx_device_add+0x10/0x10 [ 69.843360][ T5953] ? mgmt_send_event_skb+0x2fb/0x460 [ 69.843378][ T5953] hci_conn_add_sysfs+0x1a3/0x260 [ 69.843395][ T5953] le_conn_complete_evt+0x11cb/0x1f40 [ 69.843411][ T5953] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 69.843428][ T5953] hci_le_conn_complete_evt+0x23c/0x3a0 [ 69.843442][ T5953] ? skb_pull_data+0x15f/0x1e0 [ 69.843456][ T5953] hci_le_meta_evt+0x34a/0x5f0 [ 69.843471][ T5953] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 69.843486][ T5953] hci_event_packet+0x682/0x11c0 [ 69.843499][ T5953] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 69.843513][ T5953] ? __pfx_hci_event_packet+0x10/0x10 [ 69.843527][ T5953] ? kcov_remote_start+0x374/0x660 [ 69.843539][ T5953] ? lockdep_hardirqs_on+0x78/0x100 [ 69.843554][ T5953] hci_rx_work+0x451/0xfc0 [ 69.843570][ T5953] process_one_work+0x9c2/0x1840 [ 69.843593][ T5953] ? __pfx_process_one_work+0x10/0x10 [ 69.843613][ T5953] ? assign_work+0x19c/0x250 [ 69.843630][ T5953] worker_thread+0x5da/0xe40 [ 69.843652][ T5953] ? kthread+0x17d/0x730 [ 69.843665][ T5953] ? __pfx_worker_thread+0x10/0x10 [ 69.843680][ T5953] kthread+0x3b3/0x730 [ 69.843696][ T5953] ? __pfx_kthread+0x10/0x10 [ 69.843710][ T5953] ? ret_from_fork+0x79/0xaf0 [ 69.843720][ T5953] ? ret_from_fork+0x79/0xaf0 [ 69.843730][ T5953] ? rcu_is_watching+0x12/0xc0 [ 69.843740][ T5953] ? __pfx_kthread+0x10/0x10 [ 69.843755][ T5953] ret_from_fork+0x754/0xaf0 [ 69.843766][ T5953] ? __pfx_ret_from_fork+0x10/0x10 [ 69.843777][ T5953] ? __switch_to+0x7b9/0x10c0 [ 69.843791][ T5953] ? __pfx_kthread+0x10/0x10 [ 69.843806][ T5953] ret_from_fork_asm+0x1a/0x30 [ 69.843829][ T5953] [ 69.936896][ T5953] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 69.941381][ T5953] Bluetooth: hci3: failed to register connection device [ 69.971297][ T5953] ================================================================== [ 69.974715][ T5953] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0xe75/0x1010 [ 69.978130][ T5953] Read of size 8 at addr ffff888025d93480 by task kworker/u33:5/5953 [ 69.982885][ T5953] [ 69.984226][ T5953] CPU: 0 UID: 0 PID: 5953 Comm: kworker/u33:5 Not tainted syzkaller #0 PREEMPT(full) [ 69.984251][ T5953] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 69.984264][ T5953] Workqueue: hci3 hci_rx_work [ 69.984289][ T5953] Call Trace: [ 69.984296][ T5953] [ 69.984303][ T5953] dump_stack_lvl+0x100/0x190 [ 69.984327][ T5953] print_report+0x156/0x4c9 [ 69.984354][ T5953] ? __virt_addr_valid+0x81/0x620 [ 69.984380][ T5953] ? __phys_addr+0xe8/0x180 [ 69.984404][ T5953] ? l2cap_connect_cfm+0xe75/0x1010 [ 69.984425][ T5953] kasan_report+0xdf/0x1a0 [ 69.984450][ T5953] ? l2cap_connect_cfm+0xe75/0x1010 [ 69.984473][ T5953] l2cap_connect_cfm+0xe75/0x1010 [ 69.984497][ T5953] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 69.984519][ T5953] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 69.984540][ T5953] le_conn_complete_evt+0x195c/0x1f40 [ 69.984565][ T5953] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 69.984590][ T5953] hci_le_conn_complete_evt+0x23c/0x3a0 [ 69.984612][ T5953] ? skb_pull_data+0x15f/0x1e0 [ 69.984633][ T5953] hci_le_meta_evt+0x34a/0x5f0 [ 69.984656][ T5953] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 69.984679][ T5953] hci_event_packet+0x682/0x11c0 [ 69.984700][ T5953] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 69.984724][ T5953] ? __pfx_hci_event_packet+0x10/0x10 [ 69.984745][ T5953] ? kcov_remote_start+0x374/0x660 [ 69.984764][ T5953] ? lockdep_hardirqs_on+0x78/0x100 [ 69.984786][ T5953] hci_rx_work+0x451/0xfc0 [ 69.984809][ T5953] process_one_work+0x9c2/0x1840 [ 69.984841][ T5953] ? __pfx_process_one_work+0x10/0x10 [ 69.984871][ T5953] ? assign_work+0x19c/0x250 [ 69.984896][ T5953] worker_thread+0x5da/0xe40 [ 69.984926][ T5953] ? kthread+0x17d/0x730 [ 69.984950][ T5953] ? __pfx_worker_thread+0x10/0x10 [ 69.984974][ T5953] kthread+0x3b3/0x730 [ 69.984999][ T5953] ? __pfx_kthread+0x10/0x10 [ 69.985022][ T5953] ? ret_from_fork+0x79/0xaf0 [ 69.985038][ T5953] ? ret_from_fork+0x79/0xaf0 [ 69.985055][ T5953] ? rcu_is_watching+0x12/0xc0 [ 69.985071][ T5953] ? __pfx_kthread+0x10/0x10 [ 69.985096][ T5953] ret_from_fork+0x754/0xaf0 [ 69.985113][ T5953] ? __pfx_ret_from_fork+0x10/0x10 [ 69.985131][ T5953] ? __switch_to+0x7b9/0x10c0 [ 69.985153][ T5953] ? __pfx_kthread+0x10/0x10 [ 69.985178][ T5953] ret_from_fork_asm+0x1a/0x30 [ 69.985211][ T5953] [ 69.985217][ T5953] [ 70.027163][ T6703] netlink: 4 bytes leftover after parsing attributes in process `syz.3.272'. [ 70.028640][ T5953] Allocated by task 5953: [ 70.028651][ T5953] kasan_save_stack+0x30/0x50 [ 70.028668][ T5953] kasan_save_track+0x14/0x30 [ 70.028681][ T5953] __kasan_kmalloc+0xaa/0xb0 [ 70.028693][ T5953] l2cap_chan_create+0x44/0x940 [ 70.038839][ T6703] vxlan0: entered promiscuous mode [ 70.040119][ T5953] l2cap_sock_alloc.constprop.0+0xf5/0x1e0 [ 70.040141][ T5953] l2cap_sock_new_connection_cb+0x101/0x260 [ 70.040156][ T5953] l2cap_connect_cfm+0x4e2/0x1010 [ 70.043229][ T62] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 70.043568][ T5953] le_conn_complete_evt+0x195c/0x1f40 [ 70.045655][ T62] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 70.046954][ T5953] hci_le_conn_complete_evt+0x23c/0x3a0 [ 70.046978][ T5953] hci_le_meta_evt+0x34a/0x5f0 [ 70.046992][ T5953] hci_event_packet+0x682/0x11c0 [ 70.048696][ T62] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 70.050150][ T5953] hci_rx_work+0x451/0xfc0 [ 70.050166][ T5953] process_one_work+0x9c2/0x1840 [ 70.050183][ T5953] worker_thread+0x5da/0xe40 [ 70.050199][ T5953] kthread+0x3b3/0x730 [ 70.052329][ T62] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 70.053945][ T5953] ret_from_fork+0x754/0xaf0 [ 70.053967][ T5953] ret_from_fork_asm+0x1a/0x30 [ 70.053995][ T5953] [ 70.054000][ T5953] Freed by task 6694: [ 70.054011][ T5953] kasan_save_stack+0x30/0x50 [ 70.122757][ T5953] kasan_save_track+0x14/0x30 [ 70.124256][ T5953] kasan_save_free_info+0x3b/0x70 [ 70.126035][ T5953] __kasan_slab_free+0x5f/0x80 [ 70.127948][ T5953] kfree+0x1c7/0x690 [ 70.129445][ T5953] l2cap_chan_put+0x235/0x300 [ 70.131287][ T5953] l2cap_sock_cleanup_listen+0x4d/0x2d0 [ 70.133041][ T5953] l2cap_sock_release+0x69/0x280 [ 70.134618][ T5953] __sock_release+0xb3/0x260 [ 70.136139][ T5953] sock_close+0x1c/0x30 [ 70.137470][ T5953] __fput+0x3ff/0xb40 [ 70.138865][ T5953] task_work_run+0x150/0x240 [ 70.140417][ T5953] do_exit+0x829/0x2a30 [ 70.141849][ T5953] do_group_exit+0xd5/0x2a0 [ 70.143350][ T5953] get_signal+0x1ec7/0x21e0 [ 70.144826][ T5953] arch_do_signal_or_restart+0x91/0x770 [ 70.146656][ T5953] exit_to_user_mode_loop+0x86/0x4b0 [ 70.148453][ T5953] __do_fast_syscall_32+0x4b6/0x660 [ 70.150440][ T5953] do_fast_syscall_32+0x32/0x70 [ 70.152425][ T5953] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 70.155017][ T5953] [ 70.156072][ T5953] The buggy address belongs to the object at ffff888025d93000 [ 70.156072][ T5953] which belongs to the cache kmalloc-2k of size 2048 [ 70.161558][ T5953] The buggy address is located 1152 bytes inside of [ 70.161558][ T5953] freed 2048-byte region [ffff888025d93000, ffff888025d93800) [ 70.165896][ T5953] [ 70.166647][ T5953] The buggy address belongs to the physical page: [ 70.168679][ T5953] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25d90 [ 70.171506][ T5953] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 70.174201][ T5953] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 70.176594][ T5953] page_type: f5(slab) [ 70.177868][ T5953] raw: 00fff00000000040 ffff88801b842f00 dead000000000100 dead000000000122 [ 70.180570][ T5953] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 70.183349][ T5953] head: 00fff00000000040 ffff88801b842f00 dead000000000100 dead000000000122 [ 70.186254][ T5953] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 70.189086][ T5953] head: 00fff00000000003 ffffea0000976401 00000000ffffffff 00000000ffffffff [ 70.191993][ T5953] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 70.194872][ T5953] page dumped because: kasan: bad access detected [ 70.197035][ T5953] page_owner tracks the page as allocated [ 70.198886][ T5953] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 29, tgid 29 (kworker/1:0), ts 53103225757, free_ts 51458466432 [ 70.205598][ T5953] post_alloc_hook+0x1e1/0x250 [ 70.207156][ T5953] get_page_from_freelist+0xe3d/0x2e10 [ 70.208893][ T5953] __alloc_frozen_pages_noprof+0x26c/0x2410 [ 70.210751][ T5953] alloc_pages_mpol+0x1fb/0x550 [ 70.212306][ T5953] new_slab+0x2c4/0x440 [ 70.213896][ T5953] ___slab_alloc+0xda3/0x1ca0 [ 70.215664][ T5953] __slab_alloc.isra.0+0x63/0x110 [ 70.217281][ T5953] __kmalloc_node_track_caller_noprof+0x629/0x9d0 [ 70.219293][ T5953] kmalloc_reserve+0xef/0x2c0 [ 70.220834][ T5953] __alloc_skb+0x186/0x410 [ 70.222241][ T5953] mld_newpack.isra.0+0x18e/0xa20 [ 70.223932][ T5953] add_grhead+0x299/0x340 [ 70.225547][ T5953] add_grec+0x1380/0x1920 [ 70.227045][ T5953] mld_ifc_work+0x3c5/0xc10 [ 70.228579][ T5953] process_one_work+0x9c2/0x1840 [ 70.230158][ T5953] worker_thread+0x5da/0xe40 [ 70.231660][ T5953] page last free pid 5906 tgid 5906 stack trace: [ 70.233632][ T5953] __free_frozen_pages+0x822/0x1130 [ 70.235462][ T5953] __folio_put+0x3b4/0x540 [ 70.236972][ T5953] put_netmem+0x294/0x320 [ 70.238374][ T5953] skb_release_data+0x4b2/0x700 [ 70.239950][ T5953] skb_attempt_defer_free+0x1f5/0x700 [ 70.241641][ T5953] tcp_recvmsg_locked+0x1189/0x28e0 [ 70.243239][ T5953] tcp_recvmsg+0x138/0x630 [ 70.244672][ T5953] inet_recvmsg+0x129/0x6a0 [ 70.246273][ T5953] sock_recvmsg+0x1b2/0x250 [ 70.247806][ T5953] sock_read_iter+0x2c6/0x3c0 [ 70.249328][ T5953] vfs_read+0x957/0xb30 [ 70.250645][ T5953] ksys_read+0x1f8/0x250 [ 70.251990][ T5953] do_syscall_64+0xc9/0xf80 [ 70.253386][ T5953] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.255270][ T5953] [ 70.256190][ T5953] Memory state around the buggy address: [ 70.258535][ T5953] ffff888025d93380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.261808][ T5953] ffff888025d93400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.264939][ T5953] >ffff888025d93480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.268238][ T5953] ^ [ 70.269934][ T5953] ffff888025d93500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.272937][ T5953] ffff888025d93580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.275474][ T5953] ================================================================== [ 70.278968][ T5953] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 70.281345][ T5953] CPU: 1 UID: 0 PID: 5953 Comm: kworker/u33:5 Not tainted syzkaller #0 PREEMPT(full) [ 70.284430][ T5953] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 70.287777][ T5953] Workqueue: hci3 hci_rx_work [ 70.289380][ T5953] Call Trace: [ 70.290483][ T5953] [ 70.291484][ T5953] dump_stack_lvl+0x100/0x190 [ 70.292992][ T5953] vpanic+0x20d/0x630 [ 70.294300][ T5953] panic+0xd1/0xd1 [ 70.295545][ T5953] ? __pfx_panic+0x10/0x10 [ 70.297081][ T5953] ? l2cap_connect_cfm+0xe75/0x1010 [ 70.298957][ T5953] ? preempt_schedule_common+0x42/0xc0 [ 70.300686][ T5953] check_panic_on_warn.cold+0x19/0x34 [ 70.302381][ T5953] end_report.part.0+0x3a/0x90 [ 70.303901][ T5953] kasan_report.cold+0xe/0x18 [ 70.305352][ T5953] ? l2cap_connect_cfm+0xe75/0x1010 [ 70.307051][ T5953] l2cap_connect_cfm+0xe75/0x1010 [ 70.308802][ T5953] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 70.310597][ T5953] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 70.312332][ T5953] le_conn_complete_evt+0x195c/0x1f40 [ 70.314025][ T5953] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 70.315843][ T5953] hci_le_conn_complete_evt+0x23c/0x3a0 [ 70.317582][ T5953] ? skb_pull_data+0x15f/0x1e0 [ 70.319234][ T5953] hci_le_meta_evt+0x34a/0x5f0 [ 70.320934][ T5953] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 70.322849][ T5953] hci_event_packet+0x682/0x11c0 [ 70.324449][ T5953] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 70.326215][ T5953] ? __pfx_hci_event_packet+0x10/0x10 [ 70.327939][ T5953] ? kcov_remote_start+0x374/0x660 [ 70.329596][ T5953] ? lockdep_hardirqs_on+0x78/0x100 [ 70.331319][ T5953] hci_rx_work+0x451/0xfc0 [ 70.332744][ T5953] process_one_work+0x9c2/0x1840 [ 70.334327][ T5953] ? __pfx_process_one_work+0x10/0x10 [ 70.336068][ T5953] ? assign_work+0x19c/0x250 [ 70.337524][ T5953] worker_thread+0x5da/0xe40 [ 70.338955][ T5953] ? kthread+0x17d/0x730 [ 70.340388][ T5953] ? __pfx_worker_thread+0x10/0x10 [ 70.342282][ T5953] kthread+0x3b3/0x730 [ 70.343608][ T5953] ? __pfx_kthread+0x10/0x10 [ 70.345036][ T5953] ? ret_from_fork+0x79/0xaf0 [ 70.346569][ T5953] ? ret_from_fork+0x79/0xaf0 [ 70.348005][ T5953] ? rcu_is_watching+0x12/0xc0 [ 70.349502][ T5953] ? __pfx_kthread+0x10/0x10 [ 70.350997][ T5953] ret_from_fork+0x754/0xaf0 [ 70.352734][ T5953] ? __pfx_ret_from_fork+0x10/0x10 [ 70.354361][ T5953] ? __switch_to+0x7b9/0x10c0 [ 70.355897][ T5953] ? __pfx_kthread+0x10/0x10 [ 70.357352][ T5953] ret_from_fork_asm+0x1a/0x30 [ 70.358828][ T5953] [ 70.360378][ T5953] Kernel Offset: disabled [ 70.361857][ T5953] Rebooting in 86400 seconds.. VM DIAGNOSIS: 10:57:27 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000061 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85672855 RDI=ffffffff9b1f0260 RBP=ffffffff9b1f0220 RSP=ffffc900068771e8 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=6435323038386552 R12=0000000000000000 R13=0000000000000061 R14=0000000000000010 R15=ffffffff856727f0 RIP=ffffffff8567287f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880973e5000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7f5a190 CR3=000000004b330000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=ffffffff9af33280 RBX=0000000000000001 RCX=0000000000000001 RDX=0000002b00000000 RSI=ffffffff8bfa3220 RDI=0000000000000001 RBP=0000002b89f7c17a RSP=ffffc90000577a50 R8 =0000000000000000 R9 =0000000000003df3 R10=ffff88807ef43087 R11=0000000000000000 R12=0000000000000001 R13=00000000000032c9 R14=ffffffff9af69180 R15=dffffc0000000000 RIP=ffffffff81d3280e RFL=00000297 [--S-APC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880974e5000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000576461fc CR3=00000000286e6000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000100001 Opmask01=000000000000001f Opmask02=00000000ffff7fdf Opmask03=0000000020400004 Opmask04=00000000ffffefff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f68637461772f76 6564752f6e75722f ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f68637461772f76 6564752f6e75722f ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055bdec7efcb0 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055bdec7f5460 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe238bf1b20 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe238b52c80 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 772f766564752f6e 75722f00646c6f2e 68637461772f7665 64752f6e75722f00 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 520a534041500a4b 50570a0041494a0b 4d465144520a5340 41500a4b50570a00 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe238bf1f60 00007fe238bf1f60 0000000000000541 000000000000312e ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 77231e50f2b7453c 000055b8b7a0e15a 0000000000000171 0000003177617264 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a302e30312d3533 712d63707276703a 29393030322c3948 43492b3533512843 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 50647261646e6174 536e703a554d4551 6e76733a302e3072 623a343130322f31 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 302f343064623a32 2d332e36312e312d 6e61696265642d33 2e36312e31727662 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 323032302c313032 302c394631302c32 4331302c38423130 2c464131302c4541 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=000000000008a23f RBX=ffff88801de8c980 RCX=ffffffff8b73f4b5 RDX=0000000000000000 RSI=ffffffff8dc4123d RDI=ffffffff8bfa32a0 RBP=0000000000000002 RSP=ffffc9000047fdf0 R8 =0000000000000001 R9 =ffffed100568673d R10=ffff88802b4339eb R11=0000000000000000 R12=ffffed1003bd1930 R13=0000000000000002 R14=ffffffff90b75dd0 R15=0000000000000000 RIP=ffffffff8b73de1f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880975e5000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000008000f000 CR3=000000006ac43000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 00c800a400000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000100000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=ffffed1008147229 RBX=ffffed100814722a RCX=ffffffff827c392f RDX=ffffed100814722a RSI=0000000000000004 RDI=ffff888040a39148 RBP=ffffed1008147229 RSP=ffffc90003f5f4d0 R8 =0000000000000000 R9 =ffffed1008147229 R10=ffff888040a3914b R11=0000000000000000 R12=ffff888040a39100 R13=0000000000000001 R14=0000000000000000 R15=000000004f1d0025 RIP=ffffffff826f9f90 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880976e5000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f728acd2 CR3=000000004cd7e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0020000000000000 0000002000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000