last executing test programs: 14.729689368s ago: executing program 0 (id=2053): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x28}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r2, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r1, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) 13.861405282s ago: executing program 0 (id=2056): r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCSTI(r0, 0x541d, 0x0) 13.801232908s ago: executing program 0 (id=2057): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$audio1(0xffffff9c, &(0x7f0000000000), 0x101002, 0x0) r2 = dup(r1) r3 = open(&(0x7f0000000080)='./bus\x00', 0x105042, 0x0) r4 = open(&(0x7f0000000140)='./bus\x00', 0xc8942, 0x0) pwrite64(r4, &(0x7f0000000000)='+', 0x1, 0x4010000bffd) preadv2(r3, &(0x7f0000000580)=[{&(0x7f0000000180)=""/195, 0xc3}], 0x1, 0x0, 0x0, 0x19) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CAP_X86_DISABLE_EXITS(r1, 0x4068aea3, &(0x7f0000000800)={0x8f, 0x0, 0xa}) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000002640), 0x0, 0x0) ioctl$SNDCTL_TMR_TEMPO(r6, 0xc0045405, &(0x7f0000000000)) vmsplice(r6, &(0x7f0000000780)=[{&(0x7f0000000040)}, {&(0x7f0000000280)="910c4421f9ff9c0b691f9b5388e40931f4a0190ea7666046186052b5df62a3094ea1b423f238ccc65ebc2a8b9a29b731d279541cc958884a361afa8513d5aa946de7cdf5d47981394d03d43b09125f60de4855227e2ab2275e5bed4f88bf5fd479d298d0e06bd2e8db9c522e84edfcb3011eee41bd4277f2e13b0103b4bf88ecf0e60ab0ea1702d918aa823a37869f2303a6a0f7281bef3f611345f350b61ec839e6d99636eb2fb1e9bd239894a0b038fc1a0d2d9b5c8b1d89dadb07874c9c", 0xbf}, {&(0x7f0000000340)="bd79fd0d24b7a50b40097250ec169445b88553f57d4fe02efd3133a97aacfe0f7c6a233539f4b2904261b1fd138a0abd8937c97feff12cc2a1bf0f2a859b8413d97afee503f5a88f5845e311cd4e3b743b58170e719f0e04c1a1f52c7c98773b1466d62852fd8197efc0608e80ba164ac4d42008a1e3fc61b000904372993e3096a2369b9e4a32c667c1b0bdc2354dd2103f5a9f95b465c8ef305a7fdf4429d0a87faf1bee98373d43d02371ba4eec65dba06be627e6823eb714532d9528251356b753183e8230c4e701a2976ff9d4ee1bc063a7337f2d1444d94021", 0xdc}, {&(0x7f00000000c0)="5d9cfb8e46b9e4df5c253deff2826742ad9720f98482f7e93290c770ca83e65b015397e6aae05dd29c023b8ad4c14caca760144cc7dd9c8a22bf02f3621d2ce81b1431aa4458510db8b43e5f", 0x4c}, {&(0x7f0000000440)="f2a4e9c2ed58c77bf44c3006fcdf2217e14add45db313e8236787d84c0f357ec6b650c1cc97852a4f246f357643d8be6a8fb68910f7387abca282e45fad7a5e246680f1e115a8a112f4c51ea31aee10c4a0c07d61e43c4e18c23a400d4e67e496fd98a7afd842ffb8a274a7970637d544291f30a3ff7aafed3011c771564b1d4e443df50e50f6206f989f32332c77a09f0a188cdd937ad86a2acca513d0a5e67a17a301f0fdb62759d2b49fad64d2cdce1a1e4", 0xb3}, {&(0x7f00000005c0)="e1818201504eeba081d366a1801a26406d1740ccacadfd4fc6fc39da7e778ccc6d5d943c6114b56c7d85054a4211d95e9cc299d3a0b6fb12c0b233b7574b2b4ea1f6470d5cf788938620d289123d4d9a83ba6453ac05f57e43279acb3a20ad1c0ab13917e5c4a7ad181e32ef7879a1674ec75c118005d15cba00c929df0a29ee2ff8af324f65a85154202b6080bc868dc267dac85961ef7484a3f2c3d233534a4e3da172ae02e74438eccad343d0560e34f1a42de3b32a5981025c4953895f0179d88ae36c2e8a3db1b9c87dea0a18b096b90395a211a492fc2910f9aab578380de49ee9", 0xe4}, {&(0x7f00000006c0)="b3819153b475a9d67a1aaae753ac5b95b0a49d98371c66bbad25953b05edfab7998379aff1e13f8fcf9947497232aacecbe4aba40f212f3614d9a555849cd01eb79db362157be95eb3b2ef9c4b51b4414b94a3985b01952918e0cd8680d5434e6b0c95a14e78bbf35fcece0a8ce69c197eb1d37e6f84a083067e631689919cf778e585d432ec33a52f14f4e3c9df558f2a93731f86875f2381c421645e4d0ad992a867a7293d2bd1078bba1a6f3543c8c57e", 0xb2}, {&(0x7f0000000500)="922b01deded0208e06b9dcdc287648db85bf8c1bc5428ad178aae2095c1a37a7191f0194906a6a21b2a3a68146ec6869651d01b2a56c1f7d3bd16c16245ab4", 0x3f}, {&(0x7f0000000880)="7ea05c61e132db9de9497543912017bb0f03493c30efd37b0194c0cc9d5a8b93ec9a5ba6ce8c53814114f9147623b119eaeba9b0bc867e5d5e35edc50ba2fb20363ace6d4865e9470f7f9fc9ee835f063f991bd32e48a7cf9798c18d54eae254200b39549c669d8fbfa0b2361dc87b11708c8d7ef8cf7aac917a48ed36853eb39fd4e151d05adad13c9a521875fe89abe1f11ebf2fc3378eebbe741f6053a978ff128da83145de95c20daf98bd619760bdc0445df50515491d9a45db1efe74697a72fdd2c77666bed64fe651c64d7ddfc585984324cd93fb371f03c34282fc33dc96ccff596f961f58fa278e09af21ba86505cec7cea2783ff60", 0xfa}, {&(0x7f0000000540)="48738f0c30aa549e6ee3e322c0374fba35ee94874008", 0x16}], 0xa, 0x2) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x0) r7 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCSTI(r7, 0x541d, 0x0) 13.201460413s ago: executing program 0 (id=2061): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b00090000000009040002010035040009058dff86"], 0x0) clock_getres(0x7, &(0x7f0000000080)) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)={0x34, r3, 0x1, 0x0, 0x0, {0x39}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0) syz_usb_disconnect(r0) write$binfmt_script(r1, &(0x7f0000000240)={'#! ', './file0'}, 0xb) 11.57152084s ago: executing program 0 (id=2068): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0) r2 = eventfd2(0x0, 0x0) ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000040)={0x0, r2}) r3 = openat$nvram(0xffffff9c, &(0x7f0000000080), 0x218001, 0x0) epoll_create(0x8001) fsetxattr$trusted_overlay_nlink(r0, &(0x7f00000000c0), &(0x7f0000000100)={'L-', 0x100000000}, 0x16, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f0000002200)='./file0\x00', 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = getpid() bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYRESHEX=r4], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x1f, 0x0, 0x0, 0xe, '\x00', 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0}, 0xd8) process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0xd, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000000000f2ffffff000000850000006100000018110000", @ANYRESHEX=0x0, @ANYRES32=r5], &(0x7f0000000080)='GPL\x00', 0x8000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200}, 0x90) socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x33, &(0x7f0000000040)=0x200007b, 0x4) syz_emit_vhci(&(0x7f0000000600)=ANY=[@ANYBLOB="040e04c114ab342c80b0976daa81df61b8407175064467d1964aef85eb41eab878ae63db285b147ee8075fb4409fbc5d13db07b9f56e5c01b50bfa7d7c0057df49da0f522bf810e148521905e32edcb18e1a6e0547a918246acaf65de37c70e393d3a15802000000107c6727fa046091ae0208de9271170ad63cf685b40472743586fa5743776d3bb9b0d4e711e76b528bd9011c87b3a4d650f9c8028ed94e17f2ee235d3b9f58f200c6a923066ac4df00000000000000000000000000000022583788d13366468c91b459edb71fa23a09a441a5a070bee77f913f967b6b5a9d2409e8514af05fd931c82795ba324971", @ANYRES64], 0x7) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) mkdirat(0xffffffffffffff9c, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a0000050000000000fc00ff00d87a970000100010000037ab7d818c7880beaf95677040357bab7d7a05c1bb0aa6aebef67ce4b0c51100f43ed1ed9f97ec6a859d46f82853825b67c84a908adca22e7266dfd4f239a3abbb98f982f6e8d4d652b4cc9d5fdab730c023e7cf262d889069e79c3ea45584d799dfdd019bf9611c91a31edc45c2f064bf78d886991b3c7941edf04673356b94520592b962a1dab9fa4c3c9d49d87496c1ce44b6"], 0x22) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000140)='./file1\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) bind$unix(r6, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) chown(&(0x7f0000000000)='./file0\x00', 0x0, 0xee01) r7 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) copy_file_range(r7, 0x0, r7, &(0x7f00000001c0), 0x0, 0x0) 10.083004997s ago: executing program 0 (id=2073): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000140)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042) r6 = syz_io_uring_setup(0x24b9, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r7, r8, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x1}) io_uring_enter(r6, 0x10a4, 0x0, 0x0, 0x0, 0x0) writev(r5, &(0x7f0000000000)=[{&(0x7f0000000640)='\"', 0x1}], 0x1) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000040)={0x10000000000000cf, 0x0, [{0x40000118}]}) r9 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x8, 0x4, 0x8, 0xb, 0x100, r5, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4}, 0x48) r11 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r12 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12', 0x2) ioctl$UDMABUF_CREATE(r11, 0x40187542, &(0x7f0000000140)={r12, 0x0, 0x0, 0x4000}) r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) dup(0xffffffffffffffff) unshare(0x20000400) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) r14 = openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x800, 0x0) r15 = syz_io_uring_setup(0x5169, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)=0x0) syz_io_uring_setup(0x5e2, &(0x7f0000000280), &(0x7f0000000040)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r17, r16, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r15, 0xb15, 0x0, 0x0, 0x0, 0x0) unshare(0x68020080) ftruncate(r13, 0x8001) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x14, &(0x7f0000000240)=ANY=[@ANYRES16=r10, @ANYRES16=r14, @ANYRES8=r9, @ANYRES32=r16, @ANYRESOCT=r10], &(0x7f0000000280)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$nl_route(0x10, 0x3, 0x0) 9.868139609s ago: executing program 3 (id=2074): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = dup2(r0, r0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000040)) 9.446090474s ago: executing program 3 (id=2075): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000"], 0x28}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r2, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r1, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) 9.189606326s ago: executing program 3 (id=2077): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f00000000c0), 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x2b) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000480)="fbd5f12f5572b12b42e9678b0030eff9f3ae62755a76395d72430000aebe2b108a87e865501a5f9e0383611afdd3f83ac3d5cfd7772a3ab48d0ba4b600731e357e38716c449fae7c28548a091405f44b8fd9b330babe36307b6041270ae01f1a1f5e3f650fc3b0756d481c364fca000000000000f76d", 0xffffffffffffffa3, 0x404c884, 0x0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0xd, &(0x7f0000000040), 0x4) 9.061116637s ago: executing program 3 (id=2078): socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6}]}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) r2 = epoll_create1(0x0) fcntl$dupfd(r2, 0x2, 0xffffffffffffffff) open(&(0x7f0000000040)='./file0\x00', 0x101000, 0x60) fanotify_init(0x20, 0x0) socket(0x25, 0x801, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) pipe2(&(0x7f0000000040), 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) r3 = openat$cdrom(0xffffff9c, &(0x7f0000000080), 0x84000, 0x0) ioctl$CDROM_TIMED_MEDIA_CHANGE(r3, 0x5396, &(0x7f0000000100)={0xae3}) 7.891376834s ago: executing program 3 (id=2080): r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="1400000035000b63d25a80648c2594f90624fc60", 0x14}], 0x1}, 0x0) 7.815854504s ago: executing program 3 (id=2081): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b09000000000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000009500000000000000e6c6c55ef296cea4209fd7efcbc594842d8d7c9709be1d50c0e1ecfe83da0d36c8902525775cb589ee18505b9727087de196747a134ae1ba0f6a8b536c4f7933657ee3e47b4f5360871898241646f4250573388b9bbdff7f68ec6bd28709775bf8e01ef8b07fbba69e67f0153c09f57619a1cf0ecba2fdf973962f82c4ebb60c87bc540933108f2211debab6c0e69a7190240db1be972bb7e51f081517bea6ae961cf489408a160aa0fc770536b1ee31906c44028a1e228755dfaf7ae33d"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r1, 0x40000000af01, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000240)) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x1, 0x0, 0x0, &(0x7f0000000700)=""/4096, &(0x7f0000001700)=""/256}) r3 = dup(r2) ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000000)={0x1, r3}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_CREATE_PIT2(r5, 0x4040ae77, &(0x7f0000000040)) add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xfffffffffffffffd) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_PIT(r5, 0x8048ae66, &(0x7f0000000080)={[{0x5}]}) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_TOL(r6, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000840)={0x30, 0x0, 0x1, 0x0, 0x0, {{}, {}, {0x14, 0x18, {0x0, @bearer=@l2={'ib', 0x3a, 'nicvf0\x00'}}}}}, 0x30}}, 0x0) ioctl$KVM_SET_PIT2(r5, 0x4070aea0, &(0x7f0000000240)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}]}) ptrace(0x10, r0) bpf$MAP_CREATE(0x0, &(0x7f0000000d40)=@base={0x5, 0x2, 0x5, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={0xffffffffffffffff, &(0x7f00000002c0)="549176c94de0d5f437d6f28d76dfc961aaa2b264aaa87ab2a9bddb2655491c2cd3354cf17a9fd0d79cf85392c021034a37e3ea4f1ec342ac5f3bf235d07336360803173b965ba72024cda646328499ac1394590f71731ee962f06706dbfa230922fc1e0f39c581164ceba7008a322a0811d67fbae1ef884af199b7bae9c372c3b50d3d36a812f4979410a52e790d05065c6029db00"/174, 0x0}, 0xfffffffffffffd29) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x2}, 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r8, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r9 = socket$inet6_sctp(0xa, 0x1, 0x84) tgkill(r0, r0, 0x3) setsockopt(r9, 0x84, 0x5, &(0x7f0000000040)="020000000980ffff", 0x8) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") 3.621269736s ago: executing program 1 (id=2091): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00') ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={0x84, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x42, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ibss_ssid}, @void, @void, @void, @val={0x6, 0x2}, @void, @val={0x25, 0x3}, @val={0x2a, 0x1}, @val={0x3c, 0x4}, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_HE_BSS_COLOR={0xc, 0x11b, 0x0, 0x1, [@NL80211_HE_BSS_COLOR_ATTR_COLOR={0x5, 0x1, 0x2b}]}]}, 0x84}}, 0x0) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r2) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$FS_IOC_GETFLAGS(r3, 0x80086601, &(0x7f0000000080)) sendmsg$IEEE802154_LLSEC_LIST_DEV(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x14, 0x0, 0x321}, 0x14}, 0x1, 0x0, 0x0, 0x40801}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000002c0)={{}, 0x0, 0x0, @inherit={0x48}, @devid}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=@ipv6_newnexthop={0x12, 0x15, 0x1, 0x0, 0x0, {}, [@NHA_FDB={0x4}]}, 0x1c}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000002090000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00'}, 0x10) r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00'}, 0x10) readv(r9, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0x940}], 0x1) ioctl$TIOCVHANGUP(r9, 0x5437, 0x0) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000080850000008200000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 3.486996057s ago: executing program 2 (id=2092): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000003c0)={'wpan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000380), 0xffffffffffffffff) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00'}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) r4 = syz_open_dev$vcsu(0x0, 0x0, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="290a0000000800000000010000000c00020000000000007afd000c0006000600000000000000040007"], 0x30}}, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r5, 0x4040534e, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000900)=@base={0x12, 0xff, 0x4, 0xfff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48) openat$sequencer2(0xffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r4, 0x89fb, &(0x7f00000002c0)={'sit0\x00', &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @empty}, @multicast2, 0x1, 0x3}}) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) r8 = syz_io_uring_setup(0xd2, &(0x7f0000000480), &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r9, r10, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r8, 0x47ba, 0x0, 0x0, 0x0, 0x0) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYRES16=r2, @ANYRES16=r2, @ANYRES16=r2, @ANYRESHEX=r1], 0x40}}, 0x0) 3.321190406s ago: executing program 1 (id=2093): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000680), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000a80)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000000)={0x1c, r1, 0x1, 0x0, 0x0, {0x27}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x1c}}, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f0000000300)=0x100000001, 0x4) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @sack_perm, @mss={0x2, 0xfff}, @timestamp, @window], 0x6) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000001c0), 0xc7) sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002040)=[{{&(0x7f0000000100)=@qipcrtr, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000540)=""/227, 0xe3}, {&(0x7f00000006c0)=""/151, 0x97}], 0x2, &(0x7f0000000780)=""/166, 0xa6}, 0x3}, {{&(0x7f0000000840)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, &(0x7f0000000a00)=[{&(0x7f00000008c0)=""/150, 0x96}, {&(0x7f0000000980)=""/118, 0x76}, {&(0x7f0000000640)=""/18, 0x12}, {&(0x7f0000001d40)=""/228, 0xe4}], 0x4, &(0x7f0000001e40)=""/65, 0x41}, 0x2}, {{&(0x7f0000001ec0)=@nfc, 0x80, &(0x7f0000000a40), 0x0, &(0x7f0000001f40)=""/207, 0xcf}, 0x10001}], 0x3, 0x2, 0x0) recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x0, 0x0, 0xfffffffffffffd25) r4 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2) r5 = dup(r4) ioctl$USBDEVFS_CONTROL(r5, 0xc0185500, &(0x7f0000000080)={0x20, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) 3.001298214s ago: executing program 1 (id=2094): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000"], 0x28}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r2, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r1, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) 2.82095616s ago: executing program 1 (id=2095): msync(&(0x7f0000ffb000/0x1000)=nil, 0xffffffffdf004fff, 0xb) 2.671586227s ago: executing program 1 (id=2096): ioctl$BTRFS_IOC_INO_PATHS(0xffffffffffffffff, 0xc0389423, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @loopback, 0x0, 0x0, 'wrr\x00', 0x1}, 0x2c) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_MPP(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, r2, 0x301, 0x0, 0x0, {{0x11}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x2, 0x8, 0x8}, 0x48) r4 = openat2$dir(0xffffff9c, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000400)={0x2080, 0x141, 0x1}, 0x18) getdents64(r4, &(0x7f0000000340)=""/144, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xbc}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r5}, 0xc) socket$inet_sctp(0x2, 0x1, 0x84) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b87031c0000001f00000000000000040014000d000a000d0000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) 2.581274507s ago: executing program 1 (id=2097): socket$inet6(0xa, 0x2, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x100000001, 0x4) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209"], 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0x208e24b) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000880)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000002c0)="e941502ed871d110ac482adb54cf977630b651fff21842f0d9c8f10d5723a86865e6da119ea6cabe0fb8ff29a203218a14b224528e0f401daede9632a96fa4b2851a4dd9e653b712850c0b7ce63d86ffc0f5a41981a85bbaf9dd365ccad9dd1840024e92d13dcc6fe019897870f8b858ea832dcc3668009574107131591d24b3", 0x80}], 0x1}}], 0x1, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0xffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040), 0x12) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x5c, 0x2, 0x6, 0x301, 0xa, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6}, @IPSET_ATTR_PORT_TO={0x6}]}]}, 0x5c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x28, 0x3, 0x6, 0x4920e7af812c3f03, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x28}}, 0x0) 2.451353788s ago: executing program 2 (id=2098): socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6}]}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) r2 = epoll_create1(0x0) fcntl$dupfd(r2, 0x2, 0xffffffffffffffff) open(&(0x7f0000000040)='./file0\x00', 0x101000, 0x60) fanotify_init(0x20, 0x0) socket(0x25, 0x801, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) pipe2(&(0x7f0000000040), 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) r3 = openat$cdrom(0xffffff9c, &(0x7f0000000080), 0x84000, 0x0) ioctl$CDROM_TIMED_MEDIA_CHANGE(r3, 0x5396, &(0x7f0000000100)={0xae3}) 1.421517082s ago: executing program 2 (id=2099): socket$inet(0x2, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) splice(r0, &(0x7f0000000040)=0x7f7fffff, r0, &(0x7f0000000240)=0x8000000000000001, 0x2, 0x9) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) fspick(0xffffffffffffff9c, 0x0, 0x4) creat(&(0x7f0000000040)='./file0\x00', 0x0) lsetxattr$security_ima(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100), &(0x7f0000000140)=ANY=[@ANYBLOB="c4"], 0x1, 0x0) open_by_handle_at(r0, &(0x7f0000000200)=@xfs={0x18, 0x81, {0x401, 0x7, 0x1ff, 0x7}}, 0x8400) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) r4 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$inet6_opts(r4, 0x29, 0x37, &(0x7f0000000280)=@srh={0x32, 0x2, 0x4, 0x1, 0x2, 0x58, 0x0, [@private2={0xfc, 0x2, '\x00', 0x1}]}, 0x18) sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703110000001f03000000000000040014000d000a000d0000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) 1.221603736s ago: executing program 2 (id=2100): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) ppoll(&(0x7f00000003c0)=[{r1}], 0x1, 0x0, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) signalfd4(r1, &(0x7f00000000c0), 0x8, 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="580000000206010100000000000000000000000005000100070000000900020073797a30000000000c000780080008400000000014000300686173683a69702c706f72742c697000859fc98ce99cb756493d558519516f00"], 0x58}}, 0x0) ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000000)={"4155bc4a89febd1ea719a0b68007da5a2539e94acc93f6915b0272db7e3309b4"}) syz_open_dev$video(&(0x7f0000000500), 0x1, 0x139580) r2 = openat$vimc0(0xffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc0185647, &(0x7f00000004c0)={0xfffffff, 0x200, 0x10001, 0xffffffffffffffff, 0x0, &(0x7f00000001c0)={0x98092a, 0x3, '\x00', @p_u16=&(0x7f0000000540)=0xd9}}) 339.516162ms ago: executing program 2 (id=2101): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r3, 0x0, 0x0) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)={0x38, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac05}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x5}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "fc0100"}]}, 0x38}}, 0x0) mkdir(&(0x7f0000000580)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000380)='./bus\x00') pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r6 = creat(&(0x7f0000000100)='./bus\x00', 0x0) splice(r4, 0x0, r6, 0x0, 0x16, 0x2) r7 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r7, 0x7a7, &(0x7f0000000080)=0xb0000) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x0, 0x3, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0x10}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_SET_FLAGS(r8, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={0x28, r9, 0x201, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x9}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0xe}]}]}, 0x28}}, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r7, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r7, 0x7a6, &(0x7f00000012c0)) r10 = getpid() process_vm_readv(r10, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) fcntl$lock(r5, 0x5, &(0x7f0000000000)={0x0, 0x2, 0x0, 0x0, r10}) r11 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[@ANYBLOB="20000000020000001d"], 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x3, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x11, 0xa8}, [], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195}, 0x90) 0s ago: executing program 2 (id=2103): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10001, 0x9, 0x1}, 0x48) close(r0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x1, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000004c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r1 = getpid() r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r2}, 0x10) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000080), 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={0x0, 0x4c}}, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = io_uring_setup(0x6ff1, &(0x7f0000019300)={0x0, 0x1a1d, 0x200}) close_range(r5, 0xffffffffffffffff, 0x0) vmsplice(r4, &(0x7f0000000300)=[{0x0}, {&(0x7f0000000080)="a1", 0x20000081}], 0x2, 0x0) r6 = socket$inet(0x2, 0x0, 0x0) sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000000)='cdg\x00', 0x4) close(r6) vmsplice(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f00000000c0)='c', 0x1}], 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$inet6_tcp(0xa, 0x1, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) socket$unix(0x1, 0x2, 0x0) kernel console output (not intermixed with test programs): fined op=collect_data cause=failed(directio) comm="syz.3.557" name="file0" dev="sda1" ino=1959 res=0 errno=0 [ 122.534788][ T5217] Bluetooth: hci2: unexpected event for opcode 0xab14 [ 122.550598][ T5217] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 122.609078][ T5206] Bluetooth: hci0: unexpected event for opcode 0xab14 [ 122.612079][ T5206] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 122.642617][ T39] audit: type=1800 audit(1719781096.349:65): pid=7098 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.559" name="file0" dev="sda1" ino=1963 res=0 errno=0 [ 122.682756][ T5206] Bluetooth: hci1: unexpected event for opcode 0xab14 [ 122.696315][ T5206] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 122.949693][ T7105] netlink: 28 bytes leftover after parsing attributes in process `syz.2.563'. [ 123.471910][ T7115] netlink: 4 bytes leftover after parsing attributes in process `syz.2.566'. [ 123.669198][ T7124] netlink: 4 bytes leftover after parsing attributes in process `syz.0.568'. [ 123.676052][ T5206] Bluetooth: hci2: unexpected event for opcode 0x2060 [ 123.713982][ T39] audit: type=1800 audit(1719781097.429:66): pid=7129 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.569" name="file0" dev="sda1" ino=1950 res=0 errno=0 [ 123.733912][ T39] audit: type=1800 audit(1719781097.449:67): pid=7131 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.570" name="file0" dev="sda1" ino=1954 res=0 errno=0 [ 123.790587][ T7136] netlink: 28 bytes leftover after parsing attributes in process `syz.3.572'. [ 123.798665][ T5206] Bluetooth: hci1: unexpected event for opcode 0x0809 [ 124.028363][ T5206] Bluetooth: hci0: unexpected event for opcode 0xab14 [ 124.037158][ T5206] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 124.135433][ T7151] netlink: 4 bytes leftover after parsing attributes in process `syz.3.577'. [ 124.139291][ T5206] Bluetooth: hci1: unexpected event for opcode 0x2060 [ 124.723603][ T39] audit: type=1800 audit(1719781098.429:68): pid=7168 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.581" name="file0" dev="sda1" ino=1949 res=0 errno=0 [ 124.913200][ T7177] netlink: 28 bytes leftover after parsing attributes in process `syz.0.584'. [ 124.955095][ T7173] netlink: 4 bytes leftover after parsing attributes in process `syz.3.582'. [ 124.965337][ T5206] Bluetooth: hci1: unexpected event for opcode 0x2060 [ 125.088528][ T5206] Bluetooth: hci2: unexpected event for opcode 0x0809 [ 125.337336][ T39] audit: type=1800 audit(1719781099.049:69): pid=7192 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.587" name="file0" dev="sda1" ino=1960 res=0 errno=0 [ 125.540457][ T5206] Bluetooth: hci1: unexpected event for opcode 0xab14 [ 125.692748][ T5206] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 126.192221][ T39] audit: type=1800 audit(1719781099.899:70): pid=7208 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.593" name="file0" dev="sda1" ino=1959 res=0 errno=0 [ 126.296233][ T5206] Bluetooth: hci1: unexpected event for opcode 0xab14 [ 126.303531][ T5206] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 126.449916][ T7214] netlink: 28 bytes leftover after parsing attributes in process `syz.2.594'. [ 126.869600][ T39] audit: type=1800 audit(1719781100.579:71): pid=7225 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.597" name="file0" dev="sda1" ino=1959 res=0 errno=0 [ 127.100053][ T7232] netlink: 28 bytes leftover after parsing attributes in process `syz.0.600'. [ 127.207849][ T5217] Bluetooth: hci1: unexpected event for opcode 0xab14 [ 127.219504][ T5217] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 128.030999][ T5206] Bluetooth: hci2: unexpected event for opcode 0x0809 [ 128.141121][ T39] audit: type=1800 audit(1719781101.849:72): pid=7262 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.610" name="file0" dev="sda1" ino=1959 res=0 errno=0 [ 128.144566][ T5206] Bluetooth: hci1: unexpected event for opcode 0xab14 [ 128.194991][ T5206] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 129.005957][ T5217] Bluetooth: hci1: unexpected event for opcode 0xab14 [ 129.045370][ T39] audit: type=1800 audit(1719781102.759:73): pid=7281 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.616" name="file0" dev="sda1" ino=1947 res=0 errno=0 [ 129.050864][ T5217] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 129.113696][ T5217] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 129.116724][ T5217] Bluetooth: hci2: Injecting HCI hardware error event [ 129.119986][ T5217] Bluetooth: hci2: hardware error 0x00 [ 129.140115][ T7278] netlink: 4 bytes leftover after parsing attributes in process `syz.2.615'. [ 129.392207][ T39] audit: type=1800 audit(1719781103.099:74): pid=7291 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.620" name="file0" dev="sda1" ino=1961 res=0 errno=0 [ 130.232591][ T7308] netlink: 28 bytes leftover after parsing attributes in process `syz.1.625'. [ 130.287861][ T5206] Bluetooth: hci0: unexpected event for opcode 0x0809 [ 130.543161][ T7319] netlink: 28 bytes leftover after parsing attributes in process `syz.2.629'. [ 130.565174][ T7320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.628'. [ 130.574214][ T5206] Bluetooth: hci1: unexpected event for opcode 0x2060 [ 131.140347][ T7341] netlink: 28 bytes leftover after parsing attributes in process `syz.2.635'. [ 131.183663][ T5217] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 131.617101][ T7354] netlink: 28 bytes leftover after parsing attributes in process `syz.0.638'. [ 131.821633][ T39] audit: type=1800 audit(1719781105.529:75): pid=7358 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.639" name="file0" dev="sda1" ino=1955 res=0 errno=0 [ 132.128409][ T7360] netlink: 4 bytes leftover after parsing attributes in process `syz.3.640'. [ 132.142869][ T5217] Bluetooth: hci1: unexpected event for opcode 0x2060 [ 132.196423][ T7367] netlink: 28 bytes leftover after parsing attributes in process `syz.2.642'. [ 132.314112][ T7374] netlink: 28 bytes leftover after parsing attributes in process `syz.0.644'. [ 132.956810][ T1352] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.960660][ T1352] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.420258][ T39] audit: type=1800 audit(1719781107.129:76): pid=7401 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.650" name="file0" dev="sda1" ino=1959 res=0 errno=0 [ 133.726384][ T7416] netlink: 28 bytes leftover after parsing attributes in process `syz.2.656'. [ 133.841770][ T39] audit: type=1800 audit(1719781107.549:77): pid=7420 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.657" name="file0" dev="sda1" ino=1960 res=0 errno=0 [ 133.864978][ T5217] Bluetooth: hci1: unexpected event for opcode 0x2060 [ 134.109488][ T39] audit: type=1800 audit(1719781107.819:78): pid=7432 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.662" name="file0" dev="sda1" ino=1947 res=0 errno=0 [ 134.301957][ T7442] __nla_validate_parse: 1 callbacks suppressed [ 134.301968][ T7442] netlink: 28 bytes leftover after parsing attributes in process `syz.3.666'. [ 134.304323][ T5217] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 134.310369][ T5217] Bluetooth: hci0: Injecting HCI hardware error event [ 134.314883][ T5217] Bluetooth: hci0: hardware error 0x00 [ 134.416590][ T5206] Bluetooth: hci1: unexpected event for opcode 0x0809 [ 134.702868][ T39] audit: type=1800 audit(1719781108.409:79): pid=7459 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.671" name="file0" dev="sda1" ino=1958 res=0 errno=0 [ 135.442383][ T7483] netlink: 28 bytes leftover after parsing attributes in process `syz.2.677'. [ 136.162103][ T5206] Bluetooth: hci0: unexpected event for opcode 0xab14 [ 136.403631][ T5217] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 136.797748][ T7524] netlink: 28 bytes leftover after parsing attributes in process `syz.1.688'. [ 137.304055][ T7533] netlink: 4 bytes leftover after parsing attributes in process `syz.2.691'. [ 137.342363][ T39] audit: type=1800 audit(1719781111.049:80): pid=7548 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.696" name="file0" dev="sda1" ino=1954 res=0 errno=0 [ 138.220325][ T39] audit: type=1800 audit(1719781111.929:81): pid=7573 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.704" name="file0" dev="sda1" ino=1960 res=0 errno=0 [ 138.273543][ T39] audit: type=1800 audit(1719781111.979:82): pid=7574 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.703" name="file0" dev="sda1" ino=1962 res=0 errno=0 [ 138.463733][ T5217] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 138.467100][ T5217] Bluetooth: hci1: Injecting HCI hardware error event [ 138.470478][ T5206] Bluetooth: hci1: hardware error 0x00 [ 138.966532][ T7581] netlink: 4 bytes leftover after parsing attributes in process `syz.0.707'. [ 139.254707][ T39] audit: type=1800 audit(1719781112.969:83): pid=7605 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.713" name="file0" dev="sda1" ino=1961 res=0 errno=0 [ 139.483988][ T39] audit: type=1800 audit(1719781113.189:84): pid=7607 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.714" name="file0" dev="sda1" ino=1961 res=0 errno=0 [ 139.570780][ T39] audit: type=1800 audit(1719781113.279:85): pid=7609 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.715" name="file0" dev="sda1" ino=1955 res=0 errno=0 [ 139.873210][ T7621] netlink: 28 bytes leftover after parsing attributes in process `syz.3.719'. [ 140.408750][ T5217] Bluetooth: hci1: unexpected event for opcode 0x0809 [ 140.553624][ T5206] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 140.558903][ T39] audit: type=1800 audit(1719781114.269:86): pid=7631 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.722" name="file0" dev="sda1" ino=1960 res=0 errno=0 [ 140.700985][ T7635] netlink: 4 bytes leftover after parsing attributes in process `syz.2.723'. [ 140.946938][ T39] audit: type=1800 audit(1719781114.659:87): pid=7650 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.728" name="file0" dev="sda1" ino=1961 res=0 errno=0 [ 142.162814][ T7677] netlink: 28 bytes leftover after parsing attributes in process `syz.1.735'. [ 142.428221][ T7680] netlink: 4 bytes leftover after parsing attributes in process `syz.0.736'. [ 143.366057][ T39] audit: type=1800 audit(1719781117.079:88): pid=7704 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.742" name="file0" dev="sda1" ino=1954 res=0 errno=0 [ 143.542660][ T39] audit: type=1800 audit(1719781117.249:89): pid=7714 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.746" name="file0" dev="sda1" ino=1959 res=0 errno=0 [ 143.562272][ T7716] netlink: 28 bytes leftover after parsing attributes in process `syz.2.747'. [ 143.627950][ T7710] netlink: 4 bytes leftover after parsing attributes in process `syz.0.745'. [ 144.509518][ T39] audit: type=1800 audit(1719781118.219:90): pid=7746 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.754" name="file0" dev="sda1" ino=1959 res=0 errno=0 [ 144.707746][ T39] audit: type=1800 audit(1719781118.419:91): pid=7755 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.758" name="file0" dev="sda1" ino=1959 res=0 errno=0 [ 144.720962][ T7752] netlink: 28 bytes leftover after parsing attributes in process `syz.0.757'. [ 145.101680][ T7759] netlink: 4 bytes leftover after parsing attributes in process `syz.2.759'. [ 146.422054][ T7798] netlink: 28 bytes leftover after parsing attributes in process `syz.3.768'. [ 146.638312][ T39] audit: type=1800 audit(1719781120.349:92): pid=7805 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.770" name="file0" dev="sda1" ino=1946 res=0 errno=0 [ 146.968015][ T7811] netlink: 4 bytes leftover after parsing attributes in process `syz.2.772'. [ 148.396117][ T7848] netlink: 4 bytes leftover after parsing attributes in process `syz.2.782'. [ 148.601541][ T7858] netlink: 4 bytes leftover after parsing attributes in process `syz.0.784'. [ 149.409583][ T7881] netlink: 4 bytes leftover after parsing attributes in process `syz.2.792'. [ 149.872781][ T39] audit: type=1800 audit(1719781123.579:93): pid=7907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.798" name="file0" dev="sda1" ino=1961 res=0 errno=0 [ 149.872969][ T7896] netlink: 4 bytes leftover after parsing attributes in process `syz.2.795'. [ 150.445254][ T7916] netlink: 4 bytes leftover after parsing attributes in process `syz.1.801'. [ 150.615396][ T39] audit: type=1800 audit(1719781124.329:94): pid=7932 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.803" name="file0" dev="sda1" ino=1955 res=0 errno=0 [ 151.261680][ T39] audit: type=1800 audit(1719781124.969:95): pid=7951 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.809" name="file0" dev="sda1" ino=1955 res=0 errno=0 [ 151.449179][ T7948] netlink: 4 bytes leftover after parsing attributes in process `syz.2.808'. [ 151.569293][ T39] audit: type=1800 audit(1719781125.279:96): pid=7964 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.813" name="file0" dev="sda1" ino=1961 res=0 errno=0 [ 151.776737][ T39] audit: type=1800 audit(1719781125.489:97): pid=7973 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.816" name="file0" dev="sda1" ino=1959 res=0 errno=0 [ 152.262614][ T7987] netlink: 4 bytes leftover after parsing attributes in process `syz.0.817'. [ 152.281497][ T7981] netlink: 4 bytes leftover after parsing attributes in process `syz.1.818'. [ 153.114399][ T39] audit: type=1800 audit(1719781126.819:98): pid=8012 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.826" name="file0" dev="sda1" ino=1960 res=0 errno=0 [ 154.222692][ T8051] netlink: 4 bytes leftover after parsing attributes in process `syz.3.834'. [ 154.950096][ T39] audit: type=1800 audit(1719781128.659:99): pid=8070 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.841" name="file0" dev="sda1" ino=1959 res=0 errno=0 [ 155.421941][ T8085] netlink: 4 bytes leftover after parsing attributes in process `syz.1.844'. [ 155.578715][ T8088] netlink: 4 bytes leftover after parsing attributes in process `syz.2.845'. [ 155.650191][ T39] audit: type=1800 audit(1719781129.359:100): pid=8093 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.846" name="file0" dev="sda1" ino=1954 res=0 errno=0 [ 156.365835][ T39] audit: type=1800 audit(1719781130.079:101): pid=8121 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.855" name="file0" dev="sda1" ino=1959 res=0 errno=0 [ 156.766136][ T8131] netlink: 4 bytes leftover after parsing attributes in process `syz.1.856'. [ 157.003008][ T8139] netlink: 4 bytes leftover after parsing attributes in process `syz.0.858'. [ 157.138302][ T39] audit: type=1800 audit(1719781130.849:102): pid=8143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.860" name="file0" dev="sda1" ino=1951 res=0 errno=0 [ 157.547185][ T39] audit: type=1800 audit(1719781131.259:103): pid=8156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.865" name="file0" dev="sda1" ino=1961 res=0 errno=0 [ 158.774836][ T8176] netlink: 4 bytes leftover after parsing attributes in process `syz.0.869'. [ 159.988559][ T39] audit: type=1800 audit(1719781133.699:104): pid=8222 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.881" name="file0" dev="sda1" ino=1956 res=0 errno=0 [ 160.224665][ T8225] netlink: 4 bytes leftover after parsing attributes in process `syz.2.883'. [ 162.402331][ T39] audit: type=1800 audit(1719781136.109:105): pid=8293 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.899" name="file0" dev="sda1" ino=1954 res=0 errno=0 [ 162.996680][ T8303] netlink: 4 bytes leftover after parsing attributes in process `syz.1.904'. [ 164.664413][ T8347] netlink: 4 bytes leftover after parsing attributes in process `syz.0.915'. [ 166.628639][ T8404] netlink: 4 bytes leftover after parsing attributes in process `syz.2.927'. [ 166.668298][ T8398] netlink: 4 bytes leftover after parsing attributes in process `syz.3.929'. [ 167.073181][ T39] audit: type=1800 audit(1719781140.779:106): pid=8420 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.935" name="file0" dev="sda1" ino=1960 res=0 errno=0 [ 167.092804][ T8418] netlink: 28 bytes leftover after parsing attributes in process `syz.0.934'. [ 167.528913][ T8441] netlink: 4 bytes leftover after parsing attributes in process `syz.2.941'. [ 168.728348][ T8464] netlink: 28 bytes leftover after parsing attributes in process `syz.2.947'. [ 171.037586][ T39] audit: type=1800 audit(1719781144.749:107): pid=8529 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.962" name="file0" dev="sda1" ino=1959 res=0 errno=0 [ 172.644861][ T8570] netlink: 28 bytes leftover after parsing attributes in process `syz.1.973'. [ 174.036603][ T5217] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 174.041449][ T5217] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 174.045219][ T5217] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 174.050224][ T5217] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 174.053832][ T5217] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 174.056996][ T5217] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 174.247176][ T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.373112][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.389309][ T8604] chnl_net:caif_netlink_parms(): no params data found [ 174.513904][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.591151][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.641474][ T8604] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.647550][ T8604] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.650486][ T8604] bridge_slave_0: entered allmulticast mode [ 174.653397][ T8604] bridge_slave_0: entered promiscuous mode [ 174.660040][ T8604] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.662872][ T8604] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.665817][ T8604] bridge_slave_1: entered allmulticast mode [ 174.669324][ T8604] bridge_slave_1: entered promiscuous mode [ 174.761221][ T8604] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 174.779204][ T8604] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 174.933055][ T8604] team0: Port device team_slave_0 added [ 174.944382][ T8604] team0: Port device team_slave_1 added [ 175.132740][ T13] bridge_slave_1: left allmulticast mode [ 175.135361][ T13] bridge_slave_1: left promiscuous mode [ 175.144300][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.171725][ T13] bridge_slave_0: left allmulticast mode [ 175.174294][ T13] bridge_slave_0: left promiscuous mode [ 175.176790][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.667014][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 175.676137][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 175.684085][ T13] bond0 (unregistering): Released all slaves [ 175.698216][ T8604] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 175.701154][ T8604] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 175.712232][ T8604] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 175.731159][ T8604] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 175.735333][ T8604] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 175.750239][ T8604] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 175.857644][ T8604] hsr_slave_0: entered promiscuous mode [ 175.861370][ T8604] hsr_slave_1: entered promiscuous mode [ 175.873724][ T8604] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 175.877771][ T8604] Cannot create hsr debugfs directory [ 176.143774][ T5217] Bluetooth: hci3: command tx timeout [ 176.481514][ T13] hsr_slave_0: left promiscuous mode [ 176.484217][ T13] hsr_slave_1: left promiscuous mode [ 176.500367][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 176.507629][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 176.540204][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 176.544874][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 176.604609][ T13] veth1_macvtap: left promiscuous mode [ 176.607383][ T13] veth0_macvtap: left promiscuous mode [ 176.609687][ T13] veth1_vlan: left promiscuous mode [ 176.612035][ T13] veth0_vlan: left promiscuous mode [ 177.868310][ T13] team0 (unregistering): Port device team_slave_1 removed [ 177.916755][ T13] team0 (unregistering): Port device team_slave_0 removed [ 178.224092][ T5217] Bluetooth: hci3: command tx timeout [ 178.391940][ T8694] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1001'. [ 178.951095][ T8728] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1003'. [ 179.111301][ T8604] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 179.125981][ T8604] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 179.135422][ T8604] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 179.146431][ T8604] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 179.237286][ T8604] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.250268][ T8604] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.257681][ T814] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.261046][ T814] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.271276][ T814] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.273823][ T814] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.566754][ T8604] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.587764][ T39] audit: type=1800 audit(1719781153.299:108): pid=8748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1007" name="file0" dev="sda1" ino=1940 res=0 errno=0 [ 179.631827][ T8604] veth0_vlan: entered promiscuous mode [ 179.644756][ T8604] veth1_vlan: entered promiscuous mode [ 179.675359][ T8604] veth0_macvtap: entered promiscuous mode [ 179.682387][ T8604] veth1_macvtap: entered promiscuous mode [ 179.700233][ T8756] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1009'. [ 179.707833][ T8604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 179.714272][ T8604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 179.717888][ T8604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 179.721783][ T8604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 179.725909][ T8604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 179.729787][ T8604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 179.736018][ T8604] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 179.742282][ T8604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 179.747870][ T8604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 179.751283][ T8604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 179.755289][ T8604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 179.759457][ T8604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 179.764311][ T8604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 179.770225][ T8604] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 179.780307][ T8604] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.787948][ T8604] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.791925][ T8604] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.796144][ T8604] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.870761][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 179.878683][ T39] audit: type=1800 audit(1719781153.589:109): pid=8763 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1011" name="file0" dev="sda1" ino=1957 res=0 errno=0 [ 179.878741][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 179.904409][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 179.907808][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 180.314443][ T5217] Bluetooth: hci3: command tx timeout [ 180.829385][ T39] audit: type=1800 audit(1719781154.539:110): pid=8795 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1017" name="file0" dev="sda1" ino=1951 res=0 errno=0 [ 181.201381][ T8807] syz.1.1022 (8807): /proc/8806/oom_adj is deprecated, please use /proc/8806/oom_score_adj instead. [ 181.456995][ T39] audit: type=1800 audit(1719781155.169:111): pid=8822 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1028" name="file0" dev="sda1" ino=1959 res=0 errno=0 [ 181.544419][ T5206] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 182.046687][ T8842] kvm: kvm [8841]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x6161616161616021 [ 182.282539][ T39] audit: type=1800 audit(1719781155.989:112): pid=8847 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1034" name="file0" dev="sda1" ino=1965 res=0 errno=0 [ 182.892918][ T8871] syz.2.1044 uses obsolete (PF_INET,SOCK_PACKET) [ 183.378072][ T8883] syz.1.1047 (pid 8883) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 183.497456][ T8891] tipc: Started in network mode [ 183.505191][ T8891] tipc: Node identity 4, cluster identity 4711 [ 183.507960][ T8891] tipc: Node number set to 4 [ 183.541365][ T8883] fscrypt: Adiantum using implementation "adiantum(xchacha12-simd,aes-aesni,nhpoly1305-avx2)" [ 183.587506][ T8891] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1048'. [ 184.110547][ T39] audit: type=1800 audit(1719781157.819:113): pid=8923 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1056" name="bus" dev="sda1" ino=1967 res=0 errno=0 [ 184.266338][ T8927] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1058'. [ 184.804856][ T8945] warning: `syz.3.1063' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 185.007550][ T8967] pim6reg: entered allmulticast mode [ 185.017423][ T8967] pim6reg: left allmulticast mode [ 185.183576][ T5252] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 185.226958][ T8977] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1073'. [ 185.363569][ T5252] usb 6-1: Using ep0 maxpacket: 16 [ 185.371018][ T5252] usb 6-1: config 0 has no interfaces? [ 185.381308][ T5252] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 185.385724][ T5252] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.389289][ T5252] usb 6-1: Product: syz [ 185.391224][ T5252] usb 6-1: Manufacturer: syz [ 185.393331][ T5252] usb 6-1: SerialNumber: syz [ 185.400092][ T5252] usb 6-1: config 0 descriptor?? [ 185.624296][ T5252] usb 6-1: USB disconnect, device number 2 [ 185.880598][ T5252] hid-generic 0000:0000:0000.0002: item fetching failed at offset 0/2 [ 185.885200][ T5252] hid-generic 0000:0000:0000.0002: probe with driver hid-generic failed with error -22 [ 185.961301][ T5217] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 186.907436][ T9036] capability: warning: `syz.1.1091' uses 32-bit capabilities (legacy support in use) [ 186.913114][ T9036] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1091'. [ 186.917878][ T9036] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1091'. [ 186.921963][ T9036] unsupported nlmsg_type 40 [ 187.039215][ T9040] netlink: 'syz.1.1092': attribute type 4 has an invalid length. [ 187.101841][ T9041] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1090'. [ 187.301282][ T9050] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1096'. [ 187.667213][ T9065] veth1_macvtap: left promiscuous mode [ 187.670086][ T9065] macsec0: entered promiscuous mode [ 187.672467][ T9065] macsec0: entered allmulticast mode [ 187.689298][ T9065] veth1_macvtap: entered promiscuous mode [ 187.691777][ T9065] veth1_macvtap: entered allmulticast mode [ 187.695093][ T9065] macsec0: left promiscuous mode [ 187.697868][ T9065] macsec0: left allmulticast mode [ 187.700452][ T9065] veth1_macvtap: left allmulticast mode [ 187.797547][ T39] audit: type=1800 audit(1719781161.509:114): pid=9070 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1101" name="file0" dev="sda1" ino=1962 res=0 errno=0 [ 187.943193][ T9077] overlay: Unknown parameter 'fscontext' [ 188.074947][ T5217] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 188.103168][ T9082] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1106'. [ 188.293666][ T9093] ======================================================= [ 188.293666][ T9093] WARNING: The mand mount option has been deprecated and [ 188.293666][ T9093] and is ignored by this kernel. Remove the mand [ 188.293666][ T9093] option from the mount to silence this warning. [ 188.293666][ T9093] ======================================================= [ 188.373032][ T9095] can0: slcan on ttyS3. [ 188.494143][ T9095] can0 (unregistered): slcan off ttyS3. [ 188.622394][ T39] audit: type=1800 audit(1719781162.329:115): pid=9110 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1115" name="file0" dev="sda1" ino=1961 res=0 errno=0 [ 188.761418][ T9114] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1116'. [ 188.780807][ T9114] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.789465][ T9114] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.793328][ T9114] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.851575][ T9114] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.048700][ T9131] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1114'. [ 189.082704][ T39] audit: type=1326 audit(1719781162.789:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9132 comm="syz.0.1120" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73cd579 code=0x0 [ 189.456600][ T9144] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 189.517425][ T9150] overlayfs: statfs failed on './file0' [ 189.672695][ T39] audit: type=1800 audit(1719781163.379:117): pid=9154 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1126" name="file0" dev="sda1" ino=1961 res=0 errno=0 [ 190.080091][ T9159] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1129'. [ 190.166891][ T39] audit: type=1800 audit(1719781163.879:118): pid=9165 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1132" name="file0" dev="sda1" ino=1957 res=0 errno=0 [ 190.630042][ T39] audit: type=1800 audit(1719781164.339:119): pid=9184 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1138" name="file0" dev="sda1" ino=1945 res=0 errno=0 [ 190.786017][ T39] audit: type=1800 audit(1719781164.499:120): pid=9192 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1141" name="file0" dev="sda1" ino=1963 res=0 errno=0 [ 190.848975][ T9196] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1135'. [ 190.886028][ T9194] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1142'. [ 190.896980][ T9194] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.900421][ T9194] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.904555][ T9194] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.946630][ T9194] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.951766][ T39] audit: type=1804 audit(1719781164.659:121): pid=9201 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1144" name="/syzkaller.N88uI9/288/file0" dev="sda1" ino=1948 res=1 errno=0 [ 190.973698][ T9203] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 190.976801][ T9203] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 190.981019][ T9203] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 191.111578][ T9211] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1148'. [ 191.482069][ T9228] binder_alloc: 9227: binder_alloc_buf size 8 failed, no address space [ 191.486286][ T9228] binder_alloc: allocated: 4096 (num: 1 largest: 4096), free: 0 (num: 0 largest: 0) [ 191.607087][ T9234] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1155'. [ 191.727379][ T9238] hpfs: Bad magic ... probably not HPFS [ 191.746741][ T9238] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 191.749522][ T9238] IPv6: NLM_F_CREATE should be set when creating new route [ 192.357543][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.360787][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.364406][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.367188][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.369952][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.372557][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.375691][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.380820][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.385000][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.391411][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.396205][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.399863][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.404900][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.408042][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.411162][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.417208][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.420053][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.422690][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.428703][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.432501][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.439173][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.442636][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.446529][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.449915][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.454002][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.458055][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.463015][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.468104][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.470740][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.473964][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.477699][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.480807][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.485518][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.488989][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.492133][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.496894][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.500152][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.503381][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.507433][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.511367][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.515018][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.518451][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.521667][ T5205] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 192.531972][ T5205] hid-generic 0000:0000:0000.0003: hidraw1: HID v0.00 Device [syz0] on syz0 [ 192.562752][ T39] audit: type=1800 audit(1719781166.269:122): pid=9258 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1165" name="file0" dev="sda1" ino=1963 res=0 errno=0 [ 193.225878][ T9275] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1169'. [ 193.335061][ T9280] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1171'. [ 193.563677][ T9284] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 194.119027][ T39] audit: type=1800 audit(1719781167.829:123): pid=9298 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1176" name="file0" dev="sda1" ino=1949 res=0 errno=0 [ 194.330473][ T9310] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1179'. [ 194.387615][ T1352] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.390645][ T1352] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.484937][ T57] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 194.663787][ T57] usb 7-1: Using ep0 maxpacket: 8 [ 194.670604][ T57] usb 7-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 194.679092][ T57] usb 7-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 194.693675][ T57] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 194.698932][ T57] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 194.702125][ T57] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.707709][ T57] usb 7-1: Product: syz [ 194.710153][ T57] usb 7-1: Manufacturer: syz [ 194.711910][ T57] usb 7-1: SerialNumber: syz [ 194.986321][ T9330] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1183'. [ 194.996781][ T9305] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1177'. [ 195.183146][ T9336] random: crng reseeded on system resumption [ 195.232226][ T9338] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1186'. [ 195.795653][ T9350] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1191'. [ 196.404917][ T5270] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 196.499841][ T9368] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1197'. [ 196.593579][ T5270] usb 8-1: Using ep0 maxpacket: 8 [ 196.596959][ T5270] usb 8-1: too many configurations: 103, using maximum allowed: 8 [ 196.601481][ T5270] usb 8-1: unable to read config index 0 descriptor/start: -61 [ 196.604143][ T5270] usb 8-1: can't read configurations, error -61 [ 196.753709][ T5270] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 196.933699][ T5270] usb 8-1: Using ep0 maxpacket: 8 [ 196.936914][ T5270] usb 8-1: too many configurations: 103, using maximum allowed: 8 [ 196.941036][ T5270] usb 8-1: unable to read config index 0 descriptor/start: -61 [ 196.943743][ T5270] usb 8-1: can't read configurations, error -61 [ 196.946053][ T5270] usb usb8-port1: attempt power cycle [ 197.160712][ T57] usb 7-1: 0:2 : does not exist [ 197.168021][ T9371] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1198'. [ 197.180282][ T57] usb 7-1: USB disconnect, device number 2 [ 197.259791][ T9381] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1201'. [ 197.353647][ T5270] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 197.386061][ T5270] usb 8-1: Using ep0 maxpacket: 8 [ 197.391019][ T5270] usb 8-1: too many configurations: 103, using maximum allowed: 8 [ 197.392116][ T5252] libceph: connect (1)[c::]:6789 error -13 [ 197.398243][ T5252] libceph: mon0 (1)[c::]:6789 connect error [ 197.403744][ T5270] usb 8-1: unable to read config index 0 descriptor/start: -61 [ 197.407112][ T5270] usb 8-1: can't read configurations, error -61 [ 197.436493][ T5218] udevd[5218]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 197.563599][ T5270] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 197.595764][ T5270] usb 8-1: Using ep0 maxpacket: 8 [ 197.600022][ T5270] usb 8-1: too many configurations: 103, using maximum allowed: 8 [ 197.607196][ T5270] usb 8-1: unable to read config index 0 descriptor/start: -61 [ 197.610801][ T5270] usb 8-1: can't read configurations, error -61 [ 197.614943][ T5270] usb usb8-port1: unable to enumerate USB device [ 197.658113][ T5252] libceph: connect (1)[c::]:6789 error -13 [ 197.660356][ T5252] libceph: mon0 (1)[c::]:6789 connect error [ 197.974332][ T39] audit: type=1800 audit(1719781171.689:124): pid=9396 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1205" name="bus" dev="sda1" ino=1962 res=0 errno=0 [ 197.988043][ T9396] Bluetooth: MGMT ver 1.22 [ 198.183879][ T5252] libceph: connect (1)[c::]:6789 error -13 [ 198.187491][ T5252] libceph: mon0 (1)[c::]:6789 connect error [ 198.209507][ T9386] ceph: No mds server is up or the cluster is laggy [ 198.330048][ T9405] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1207'. [ 198.435948][ T55] libceph: connect (1)[c::]:6789 error -13 [ 198.438046][ T55] libceph: mon0 (1)[c::]:6789 connect error [ 198.586027][ T9408] ceph: No mds server is up or the cluster is laggy [ 198.801250][ T9423] overlay: ./file0 is not a directory [ 198.977436][ T9426] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1212'. [ 199.096551][ T39] audit: type=1800 audit(1719781172.809:125): pid=9433 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1215" name="file0" dev="sda1" ino=1962 res=0 errno=0 [ 199.118157][ T5205] libceph: connect (1)[c::]:6789 error -101 [ 199.121547][ T5205] libceph: mon0 (1)[c::]:6789 connect error [ 199.270312][ T9449] NILFS (nullb0): couldn't find nilfs on the device [ 199.373260][ T9458] __nla_validate_parse: 1 callbacks suppressed [ 199.373277][ T9458] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1223'. [ 199.394605][ T5205] libceph: connect (1)[c::]:6789 error -101 [ 199.396973][ T5205] libceph: mon0 (1)[c::]:6789 connect error [ 199.440788][ T9462] NILFS (nullb0): couldn't find nilfs on the device [ 199.479136][ T9464] netlink: 'syz.3.1225': attribute type 16 has an invalid length. [ 199.482090][ T9464] netlink: 64138 bytes leftover after parsing attributes in process `syz.3.1225'. [ 199.489827][ T39] audit: type=1800 audit(1719781173.199:126): pid=9464 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1225" name="bus" dev="sda1" ino=1963 res=0 errno=0 [ 199.517361][ T39] audit: type=1800 audit(1719781173.229:127): pid=9466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1226" name="file0" dev="sda1" ino=1953 res=0 errno=0 [ 199.638129][ T9472] fuse: Bad value for 'fd' [ 199.680789][ T5206] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 199.745514][ T39] audit: type=1800 audit(1719781173.459:128): pid=9482 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1233" name="bus" dev="sda1" ino=1957 res=0 errno=0 [ 199.793090][ T9484] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1234'. [ 199.874245][ T9490] overlayfs: missing 'lowerdir' [ 199.913752][ T5205] libceph: connect (1)[c::]:6789 error -101 [ 199.916031][ T5205] libceph: mon0 (1)[c::]:6789 connect error [ 199.939010][ T9435] ceph: No mds server is up or the cluster is laggy [ 200.094120][ T9504] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 200.097370][ T9504] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 200.102190][ T9504] vhci_hcd vhci_hcd.0: Device attached [ 200.120817][ T9505] vhci_hcd: connection closed [ 200.124051][ T9500] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1238'. [ 200.125180][ T11] vhci_hcd: stop threads [ 200.131179][ T11] vhci_hcd: release socket [ 200.132809][ T11] vhci_hcd: disconnect device [ 200.164254][ T5270] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 200.345961][ T5270] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 200.351234][ T5270] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 200.355940][ T5270] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 200.361111][ T5270] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 200.364247][ T5270] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.368112][ T5270] usb 6-1: config 0 descriptor?? [ 200.371308][ T9490] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 200.413662][ T25] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 200.613492][ T25] usb 8-1: Using ep0 maxpacket: 16 [ 200.618030][ T25] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 200.622677][ T25] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 200.628349][ T25] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 200.632345][ T25] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.638571][ T25] usb 8-1: config 0 descriptor?? [ 200.695446][ T9513] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1245'. [ 200.784610][ T5270] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 200.787975][ T5270] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 200.791937][ T5270] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 200.796046][ T5270] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 200.799220][ T5270] plantronics 0003:047F:FFFF.0004: item fetching failed at offset 14/15 [ 200.803337][ T5270] plantronics 0003:047F:FFFF.0004: parse failed [ 200.807076][ T5270] plantronics 0003:047F:FFFF.0004: probe with driver plantronics failed with error -22 [ 200.942950][ T5217] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 201.158522][ T25] usbhid 8-1:0.0: can't add hid device: -71 [ 201.168073][ T25] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 201.176109][ T25] usb 8-1: USB disconnect, device number 6 [ 201.249549][ T9546] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 201.691142][ T9577] fuse: Bad value for 'fd' [ 201.827992][ T9582] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1254'. [ 201.922989][ T5206] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 202.087358][ T9596] syz.3.1261: attempt to access beyond end of device [ 202.087358][ T9596] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 202.092479][ T9596] hpfs: hpfs_map_sector(): read error [ 202.864792][ T25] usb 6-1: USB disconnect, device number 3 [ 203.012307][ T39] audit: type=1800 audit(1719781176.719:129): pid=9666 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1283" name="file1" dev="sda1" ino=1964 res=0 errno=0 [ 203.015952][ T9666] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1283'. [ 203.028982][ T9666] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 203.032932][ T9666] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 203.071321][ T9669] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 203.080582][ T9669] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1284'. [ 203.734734][ T9700] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1294'. [ 203.827222][ T9712] netlink: 888 bytes leftover after parsing attributes in process `syz.1.1297'. [ 204.013896][ T5205] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 204.197376][ T5205] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 204.202021][ T5205] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 204.207871][ T5205] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 204.211785][ T5205] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.219982][ T9697] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 204.464473][ T5205] usb 5-1: USB disconnect, device number 2 [ 204.865858][ T9738] __nla_validate_parse: 1 callbacks suppressed [ 204.865875][ T9738] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1305'. [ 206.377875][ T5217] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 206.473554][ T10] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 206.687017][ T10] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 206.692153][ T10] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 206.697444][ T10] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 206.702319][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.717564][ T9794] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 206.832598][ C2] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 206.949117][ T5205] usb 8-1: USB disconnect, device number 7 [ 207.343665][ T5252] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 207.360045][ T9843] syzkaller1: entered promiscuous mode [ 207.362559][ T9843] syzkaller1: entered allmulticast mode [ 207.385672][ T9848] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 207.545943][ T5252] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 207.551599][ T5252] usb 5-1: New USB device found, idVendor=046d, idProduct=1017, bcdDevice= 0.00 [ 207.558226][ T5252] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.562148][ T5252] usb 5-1: config 0 descriptor?? [ 207.567133][ T5252] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 207.682835][ T9861] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1338'. [ 207.731978][ T9865] syz.1.1339: attempt to access beyond end of device [ 207.731978][ T9865] loop1: rw=0, sector=16, nr_sectors = 8 limit=0 [ 207.738761][ T9865] REISERFS warning (device loop1): sh-2006 read_super_block: bread failed (dev loop1, block 2, size 4096) [ 207.743310][ T9865] syz.1.1339: attempt to access beyond end of device [ 207.743310][ T9865] loop1: rw=0, sector=128, nr_sectors = 8 limit=0 [ 207.749297][ T9865] REISERFS warning (device loop1): sh-2006 read_super_block: bread failed (dev loop1, block 16, size 4096) [ 207.937565][ T9876] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1343'. [ 208.296417][ T9903] netlink: 'syz.2.1348': attribute type 23 has an invalid length. [ 208.363261][ T9909] syz.3.1350: attempt to access beyond end of device [ 208.363261][ T9909] loop3: rw=0, sector=16, nr_sectors = 8 limit=0 [ 208.368589][ T9909] REISERFS warning (device loop3): sh-2006 read_super_block: bread failed (dev loop3, block 2, size 4096) [ 208.372685][ T9909] syz.3.1350: attempt to access beyond end of device [ 208.372685][ T9909] loop3: rw=0, sector=128, nr_sectors = 8 limit=0 [ 208.379189][ T9909] REISERFS warning (device loop3): sh-2006 read_super_block: bread failed (dev loop3, block 16, size 4096) [ 208.621861][ T9922] netfs: Couldn't get user pages (rc=-14) [ 208.792805][ T39] audit: type=1326 audit(1719781182.499:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9929 comm="syz.3.1355" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7419579 code=0x0 [ 209.008937][ T9937] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1357'. [ 209.232031][ T5217] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 209.313529][ T55] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 209.495153][ T55] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 209.498662][ T55] usb 6-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 209.502528][ T55] usb 6-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 209.506939][ T55] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 209.510076][ T55] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.551052][ T55] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -2 [ 209.589951][ T5218] udevd[5218]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 209.728612][ T5205] usb 6-1: USB disconnect, device number 4 [ 209.875646][ T9952] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1363'. [ 209.881282][ T9952] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 209.886462][ T9952] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 209.958969][ T25] usb 5-1: USB disconnect, device number 3 [ 209.969132][ T5206] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 210.197878][ T9961] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1366'. [ 210.272958][ T9962] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1365'. [ 210.576699][ T9975] syz.1.1371: attempt to access beyond end of device [ 210.576699][ T9975] loop1: rw=0, sector=16, nr_sectors = 8 limit=0 [ 210.582477][ T9975] REISERFS warning (device loop1): sh-2006 read_super_block: bread failed (dev loop1, block 2, size 4096) [ 210.589045][ T9975] syz.1.1371: attempt to access beyond end of device [ 210.589045][ T9975] loop1: rw=0, sector=128, nr_sectors = 8 limit=0 [ 210.595084][ T9975] REISERFS warning (device loop1): sh-2006 read_super_block: bread failed (dev loop1, block 16, size 4096) [ 210.967190][ T5217] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 211.069433][ T9992] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1375'. [ 211.379351][ T39] audit: type=1800 audit(1719781185.089:131): pid=10001 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1378" name="file0" dev="sda1" ino=1963 res=0 errno=0 [ 211.659385][T10008] netlink: 'syz.0.1380': attribute type 4 has an invalid length. [ 211.670431][T10009] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_batadv, syncid = 0, id = 0 [ 211.684730][T10008] openvswitch: netlink: Missing key (keys=20040, expected=200000) [ 211.942406][T10025] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1384'. [ 211.979726][T10011] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1383'. [ 212.176136][ T39] audit: type=1800 audit(1719781185.889:132): pid=10035 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1387" name="file0" dev="sda1" ino=1964 res=0 errno=0 [ 212.983659][ T5251] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 213.177913][T10071] binder: Unknown parameter 'm¬qÖ&¿ƒL{Â' [ 213.181426][ T5251] usb 6-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 213.186332][ T5251] usb 6-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 213.191284][ T5251] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 213.195799][ T5251] usb 6-1: config 1 has no interface number 1 [ 213.198565][ T5251] usb 6-1: too many endpoints for config 1 interface 2 altsetting 2: 139, using maximum allowed: 30 [ 213.204355][ T5251] usb 6-1: config 1 interface 2 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 139 [ 213.210204][ T5251] usb 6-1: config 1 interface 2 has no altsetting 0 [ 213.216115][ T5251] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 213.220052][ T5251] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.224114][ T5251] usb 6-1: Product: à°‰ [ 213.226074][ T5251] usb 6-1: Manufacturer: 㴶磬ꋽ顥ꆰë½ê¤¿æ¾ˆæ€–꽎믿䌇뇫㫎㞎ꭋ먬댘惙冋ⅆ褅ﰊڭ漛â¬Å€â«±åš¬ã¯½ï½˜çº‡ã¦ç©…ì—䧦è²î­–㣮ꭼ滂巭갸쀫ç‰âžšæ®¹ï™¼ï†³æ¡µê †å‚²æƒ¿á†‚耰ä³á’¾á£¯í”¶ä€‡ì¦¨ëµ—䵩ë“싵㰾㵒⽽镳 [ 213.236789][ T5251] usb 6-1: SerialNumber: ÐŽ [ 213.244542][T10073] 9pnet_fd: Insufficient options for proto=fd [ 213.250756][T10074] xt_TCPMSS: Only works on TCP SYN packets [ 213.820037][ T5206] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 214.003086][ T5251] usb 6-1: USB disconnect, device number 5 [ 214.136066][T10111] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1406'. [ 214.139966][T10111] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1406'. [ 214.254599][ T5218] udevd[5218]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 215.057002][T10127] /dev/sr0: Can't open blockdev [ 215.195794][T10128] /dev/sr0: Can't open blockdev [ 215.534430][T10152] capability: warning: `syz.3.1419' uses deprecated v2 capabilities in a way that may be insecure [ 215.602400][T10158] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1419'. [ 216.175585][T10170] netlink: 'syz.1.1423': attribute type 10 has an invalid length. [ 216.178928][T10170] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1423'. [ 216.196089][T10170] netlink: 'syz.1.1423': attribute type 23 has an invalid length. [ 216.199910][T10170] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1423'. [ 216.208093][T10170] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.213059][T10170] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.217644][T10170] bridge0: entered promiscuous mode [ 216.297624][ T39] audit: type=1804 audit(1719781190.009:133): pid=10172 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1424" name="/syzkaller.N88uI9/361/bus" dev="sda1" ino=1963 res=1 errno=0 [ 216.443637][ T5217] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 216.967251][T10197] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 216.970355][T10197] IPv6: NLM_F_CREATE should be set when creating new route [ 216.972821][T10197] IPv6: NLM_F_CREATE should be set when creating new route [ 216.981192][T10197] fuse: Bad value for 'fd' [ 217.574477][ T5211] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 217.663717][ T5217] Bluetooth: hci4: command 0x1003 tx timeout [ 217.669504][ T5206] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 217.857122][T10223] syz_tun: entered promiscuous mode [ 217.864501][T10223] batadv_slave_0: entered promiscuous mode [ 218.359801][T10235] veth1_macvtap: left promiscuous mode [ 218.885179][T10244] /dev/sr0: Can't open blockdev [ 219.914519][T10271] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1456'. [ 220.220644][T10294] 9pnet_fd: Insufficient options for proto=fd [ 220.333863][T10284] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1460'. [ 220.362645][T10284] Illegal XDP return value 4294967274 on prog (id 520) dev N/A, expect packet loss! [ 220.729150][ T39] audit: type=1800 audit(1719781194.439:134): pid=10309 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1468" name="file0" dev="sda1" ino=1958 res=0 errno=0 [ 220.904017][T10324] cannot load conntrack support for proto=3 [ 221.453288][T10332] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1476'. [ 222.084210][T10351] fscrypt: AES-128-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 222.115427][T10355] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1481'. [ 222.190820][T10370] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1484'. [ 222.268179][T10351] fscrypt: AES-128-CBC-ESSIV using implementation "essiv(cbc-aes-aesni,sha256-ni)" [ 222.272913][ T39] audit: type=1800 audit(1719781195.979:135): pid=10351 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1479" name="bus" dev="sda1" ino=1963 res=0 errno=0 [ 222.363264][T10382] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1487'. [ 222.413760][ T5252] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 222.595653][ T5252] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 255, changing to 11 [ 222.600223][ T5252] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 222.613628][ T5252] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 222.619322][ T5252] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 222.623325][ T5252] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.646586][ T5252] usb 6-1: config 0 descriptor?? [ 222.649774][T10355] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 222.819942][ T39] audit: type=1800 audit(1719781196.529:136): pid=10392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1490" name="bus" dev="sda1" ino=1965 res=0 errno=0 [ 222.921188][ T39] audit: type=1804 audit(1719781196.629:137): pid=10393 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1490" name="/syzkaller.0xBheL/338/bus" dev="sda1" ino=1965 res=1 errno=0 [ 222.926043][ T39] audit: type=1804 audit(1719781196.629:138): pid=10393 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1490" name="/syzkaller.0xBheL/338/bus" dev="sda1" ino=1965 res=1 errno=0 [ 223.143447][ T5252] usbhid 6-1:0.0: can't add hid device: -71 [ 223.147111][ T5252] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 223.155437][ T5252] usb 6-1: USB disconnect, device number 6 [ 223.328349][ T39] audit: type=1804 audit(1719781197.029:139): pid=10403 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1490" name="/syzkaller.0xBheL/338/bus" dev="sda1" ino=1965 res=1 errno=0 [ 223.363703][ T39] audit: type=1804 audit(1719781197.049:140): pid=10393 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1490" name="/syzkaller.0xBheL/338/bus" dev="sda1" ino=1965 res=1 errno=0 [ 223.508753][ T39] audit: type=1326 audit(1719781197.219:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10406 comm="syz.3.1493" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7419579 code=0x0 [ 223.886441][T10413] PKCS8: Unsupported PKCS#8 version [ 224.108390][ T5206] Bluetooth: hci3: unexpected event 0x04 length: 11 > 10 [ 225.669026][T10494] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1524'. [ 225.699504][T10493] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1525'. [ 226.153686][ T5206] Bluetooth: hci3: command tx timeout [ 226.540433][T10517] debugfs: Directory 'netdev:nicvf0' with parent 'phy5' already present! [ 226.629083][T10524] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1534'. [ 226.636125][T10524] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1534'. [ 226.659049][T10524] Invalid ELF header type: 65281 != 1 [ 226.663203][T10524] process 'syz.1.1534' launched './file1' with NULL argv: empty string added [ 226.822437][T10535] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1537'. [ 227.068286][T10553] netlink: set zone limit has 4 unknown bytes [ 227.168237][ T39] audit: type=1800 audit(1719781200.879:142): pid=10560 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1544" name="bus" dev="sda1" ino=1963 res=0 errno=0 [ 227.184475][ T39] audit: type=1804 audit(1719781200.889:143): pid=10559 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1544" name="/syzkaller.0xBheL/350/bus" dev="sda1" ino=1963 res=1 errno=0 [ 227.827816][T10572] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1549'. [ 227.841297][ T39] audit: type=1326 audit(1719781201.549:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10573 comm="syz.1.1548" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7446579 code=0x0 [ 228.880349][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 228.883311][ T5206] Bluetooth: Wrong link type (-22) [ 229.700411][T10617] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1558'. [ 230.511449][T10643] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1566'. [ 230.576738][T10649] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1567'. [ 230.592482][T10649] 9pnet_fd: Insufficient options for proto=fd [ 231.800466][T10665] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1572'. [ 231.893991][T10661] netlink: 'syz.0.1571': attribute type 1 has an invalid length. [ 231.897669][T10661] netlink: 112860 bytes leftover after parsing attributes in process `syz.0.1571'. [ 231.902551][T10661] netlink: 1 bytes leftover after parsing attributes in process `syz.0.1571'. [ 232.614338][T10680] veth1_macvtap: entered promiscuous mode [ 233.122084][T10699] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1582'. [ 233.426562][T10702] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1583'. [ 233.704958][T10717] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 233.771773][T10719] kAFS: Can only specify source 'none' with -o dyn [ 234.424500][T10721] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1589'. [ 234.582586][T10724] evm: overlay not supported [ 234.831143][T10729] fuse: Bad value for 'fd' [ 234.836192][T10729] openvswitch: netlink: Missing key (keys=200040, expected=2000) [ 234.979101][T10734] netlink: 'syz.0.1594': attribute type 4 has an invalid length. [ 235.021643][ T5206] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 235.472450][ T39] audit: type=1326 audit(1719781209.179:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10740 comm="syz.1.1596" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7446579 code=0x0 [ 236.094925][T10753] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1599'. [ 236.667300][T10762] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1603'. [ 237.119189][T10781] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1609'. [ 237.280448][T10783] netlink: 5 bytes leftover after parsing attributes in process `syz.0.1607'. [ 237.298853][T10783] 0ªX¹¦D: renamed from gretap0 (while UP) [ 237.332462][T10783] 0ªX¹¦D: entered allmulticast mode [ 237.339245][T10783] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 237.751244][T10785] bridge0: port 3(netdevsim0) entered blocking state [ 237.755433][T10785] bridge0: port 3(netdevsim0) entered disabled state [ 237.762208][T10785] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 237.779914][T10785] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 237.793152][T10785] bridge0: port 3(netdevsim0) entered blocking state [ 237.796864][T10785] bridge0: port 3(netdevsim0) entered forwarding state [ 237.995098][T10790] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1612'. [ 239.631919][T10814] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 239.664215][T10811] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1618'. [ 240.264749][T10819] overlayfs: missing 'lowerdir' [ 240.652962][T10837] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1626'. [ 240.673009][T10837] bond1: entered promiscuous mode [ 240.701414][T10837] bond0: (slave bond_slave_0): Releasing backup interface [ 240.722548][T10837] bond_slave_0: entered promiscuous mode [ 240.726554][T10837] bond1: (slave bond_slave_0): Enslaving as an active interface with an up link [ 240.765298][T10837] fuse: Bad value for 'fd' [ 240.905928][ T5217] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 241.396542][T10850] overlayfs: missing 'lowerdir' [ 241.708546][T10862] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1636'. [ 242.201865][ T39] audit: type=1326 audit(1719781215.909:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10881 comm="syz.1.1644" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 242.206286][T10884] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1645'. [ 242.232336][ T39] audit: type=1326 audit(1719781215.909:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10881 comm="syz.1.1644" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 242.241780][T10882] netlink: 'syz.1.1644': attribute type 3 has an invalid length. [ 242.246161][ T39] audit: type=1326 audit(1719781215.919:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10881 comm="syz.1.1644" exe="/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 242.255594][ T39] audit: type=1326 audit(1719781215.919:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10881 comm="syz.1.1644" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 242.264919][ T39] audit: type=1326 audit(1719781215.929:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10881 comm="syz.1.1644" exe="/syz-executor" sig=0 arch=40000003 syscall=304 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 242.275397][ T39] audit: type=1326 audit(1719781215.939:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10881 comm="syz.1.1644" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 242.293628][ T39] audit: type=1326 audit(1719781215.939:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10881 comm="syz.1.1644" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 242.302704][ T39] audit: type=1326 audit(1719781215.939:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10881 comm="syz.1.1644" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 242.312694][ T39] audit: type=1326 audit(1719781215.939:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10881 comm="syz.1.1644" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 242.322678][ T39] audit: type=1326 audit(1719781215.939:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10881 comm="syz.1.1644" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 243.049506][T10912] Bluetooth: MGMT ver 1.22 [ 243.935145][T10929] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1661'. [ 243.959993][T10929] netlink: 'syz.1.1661': attribute type 16 has an invalid length. [ 243.973534][T10929] netlink: 4632 bytes leftover after parsing attributes in process `syz.1.1661'. [ 244.248489][T10940] fuse: Invalid group_id [ 244.251416][T10939] fuse: Invalid group_id [ 244.567941][T10948] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 244.868677][T10958] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1667'. [ 245.430522][T10971] 9pnet_fd: p9_fd_create_tcp (10971): problem connecting socket to 127.0.0.1 [ 245.692615][T10990] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1677'. [ 245.905485][T10992] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.036122][T10992] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.195216][T10992] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.298336][T10992] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.520945][T10992] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 246.592759][T10992] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 246.644334][T10992] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 246.697575][T10992] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 247.088014][T11003] syzkaller0: entered promiscuous mode [ 247.101086][T11003] syzkaller0: entered allmulticast mode [ 247.393214][T11017] dccp_invalid_packet: pskb_may_pull failed [ 247.460342][ T39] kauditd_printk_skb: 22 callbacks suppressed [ 247.460357][ T39] audit: type=1326 audit(1719781221.169:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11016 comm="syz.2.1685" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73cb579 code=0x0 [ 248.337133][ T5252] IPVS: starting estimator thread 0... [ 248.358866][T11027] IPVS: nq: SCTP 127.0.0.1:0 - no destination available [ 248.456887][T11029] IPVS: using max 18 ests per chain, 43200 per kthread [ 249.097205][T11018] tipc: MTU too low for tipc bearer [ 249.142535][T11042] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1692'. [ 249.145818][T11042] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1692'. [ 249.239138][T11047] €Â: renamed from pim6reg1 [ 249.273626][ T5206] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 249.277692][ T5206] Bluetooth: hci3: Injecting HCI hardware error event [ 249.279078][T11051] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1695'. [ 249.282899][ T5217] Bluetooth: hci3: hardware error 0x00 [ 249.416306][T11041] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1693'. [ 249.422523][ T5206] Bluetooth: hci3: unexpected event for opcode 0x2060 [ 250.901170][T11087] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1703'. [ 251.353988][ T5217] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 251.753965][ T57] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 251.910941][T11107] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 251.937205][ T57] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 251.942177][ T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 251.947997][ T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 251.952201][ T57] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 251.958365][ T57] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 251.962639][ T57] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 251.966552][ T57] usb 5-1: Manufacturer: syz [ 251.969442][ T57] usb 5-1: config 0 descriptor?? [ 252.408492][ T57] appleir 0003:05AC:8243.0005: unknown main item tag 0x0 [ 252.413908][ T57] appleir 0003:05AC:8243.0005: No inputs registered, leaving [ 252.442242][ T57] appleir 0003:05AC:8243.0005: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 252.948908][ T5252] usb 5-1: USB disconnect, device number 4 [ 254.871282][ T39] audit: type=1804 audit(1719781228.579:179): pid=11125 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1718" name="/syzkaller.p6Bkle/449/file0" dev="sda1" ino=1962 res=1 errno=0 [ 254.993941][ T39] audit: type=1804 audit(1719781228.699:180): pid=11127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1718" name="/syzkaller.p6Bkle/449/file0" dev="sda1" ino=1962 res=1 errno=0 [ 255.379667][ T39] audit: type=1326 audit(1719781229.089:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11133 comm="syz.3.1722" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7419579 code=0x0 [ 255.500937][T11141] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1724'. [ 255.527333][T11141] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 255.532144][T11141] overlayfs: failed to set xattr on upper [ 255.535569][T11141] overlayfs: ...falling back to redirect_dir=nofollow. [ 255.538500][T11141] overlayfs: ...falling back to index=off. [ 255.541017][T11141] overlayfs: ...falling back to uuid=null. [ 255.624280][ T25] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 255.691883][T10639] syz_tun (unregistering): left promiscuous mode [ 255.783959][ T25] usb 6-1: device descriptor read/64, error -71 [ 255.838469][ T1352] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.841312][ T1352] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.063696][ T25] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 256.100984][T11150] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1728'. [ 256.106519][T11150] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1728'. [ 256.223976][ T25] usb 6-1: device descriptor read/64, error -71 [ 256.251211][ T5206] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 256.256936][ T5206] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 256.262416][ T5206] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 256.268444][ T5206] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 256.272429][ T5206] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 256.276371][ T5206] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 256.319391][ T39] audit: type=1326 audit(1719781230.029:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11152 comm="syz.3.1729" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7419579 code=0x0 [ 256.357624][ T25] usb usb6-port1: attempt power cycle [ 256.437729][T11151] chnl_net:caif_netlink_parms(): no params data found [ 256.561044][T11151] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.565710][T11151] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.569458][T11151] bridge_slave_0: entered allmulticast mode [ 256.573785][T11151] bridge_slave_0: entered promiscuous mode [ 256.578576][T11151] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.581745][T11151] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.587600][T11151] bridge_slave_1: entered allmulticast mode [ 256.591247][T11151] bridge_slave_1: entered promiscuous mode [ 256.659709][T11151] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 256.673019][T11151] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 256.679974][T11162] fuse: Bad value for 'fd' [ 256.695812][ T39] audit: type=1804 audit(1719781230.399:183): pid=11162 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1730" name="/file0/syzkaller.XgzhNF/201/file0" dev="sda1" ino=1957 res=1 errno=0 [ 256.770277][T11151] team0: Port device team_slave_0 added [ 256.778079][T11151] team0: Port device team_slave_1 added [ 256.783846][ T25] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 256.820009][T11151] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 256.822738][T11151] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 256.833847][T11151] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 256.834581][ T25] usb 6-1: device descriptor read/8, error -71 [ 256.840816][T11151] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 256.844664][T11151] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 256.856856][T11151] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 256.935654][T11151] hsr_slave_0: entered promiscuous mode [ 256.939379][T11151] hsr_slave_1: entered promiscuous mode [ 256.943339][T11151] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 256.950064][T11151] Cannot create hsr debugfs directory [ 257.114721][ T25] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 257.139625][T11151] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.154049][ T25] usb 6-1: device descriptor read/8, error -71 [ 257.220111][T11151] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.274113][ T25] usb usb6-port1: unable to enumerate USB device [ 257.316708][T11151] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.420843][T11151] bridge0: port 3(netdevsim0) entered disabled state [ 257.445171][T11151] netdevsim netdevsim0 netdevsim0 (unregistering): left allmulticast mode [ 257.449161][T11151] netdevsim netdevsim0 netdevsim0 (unregistering): left promiscuous mode [ 257.454626][T11151] bridge0: port 3(netdevsim0) entered disabled state [ 257.465909][T11151] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.631632][T11151] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 257.641652][T11151] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 257.648720][T11151] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 257.655235][T11151] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 257.778211][T11151] 8021q: adding VLAN 0 to HW filter on device bond0 [ 257.809248][T11151] 8021q: adding VLAN 0 to HW filter on device team0 [ 257.817179][ T1384] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.820184][ T1384] bridge0: port 1(bridge_slave_0) entered forwarding state [ 257.835122][ T1384] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.838312][ T1384] bridge0: port 2(bridge_slave_1) entered forwarding state [ 258.166519][T11151] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 258.237661][T11151] veth0_vlan: entered promiscuous mode [ 258.252389][T11151] veth1_vlan: entered promiscuous mode [ 258.283020][T11151] veth0_macvtap: entered promiscuous mode [ 258.295254][T11151] veth1_macvtap: entered promiscuous mode [ 258.303663][ T5206] Bluetooth: hci2: command tx timeout [ 258.327405][T11151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 258.330989][T11151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.343629][T11151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 258.347291][T11151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.350962][T11151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 258.359912][T11151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.367226][T11151] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 258.388338][T11151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 258.393051][T11151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.404194][T11151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 258.408801][T11151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.424774][T11151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 258.438642][T11151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.442283][T11151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 258.446854][T11151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.455256][T11151] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 258.490974][T11151] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.495051][T11151] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.498339][T11151] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.501360][T11151] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.575596][ T1085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 258.579346][ T1085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 258.624173][ T1142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 258.628034][ T1142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 258.967823][T11210] 9pnet_fd: Insufficient options for proto=fd [ 259.639642][ T39] audit: type=1326 audit(1719781233.339:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11249 comm="syz.3.1751" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7419579 code=0x0 [ 259.886407][T11262] cgroup: noprefix used incorrectly [ 260.509670][T11273] netlink: 'syz.1.1756': attribute type 12 has an invalid length. [ 260.513647][T11273] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1756'. [ 260.825340][T11286] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1762'. [ 260.837257][T11286] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1762'. [ 260.956683][T11286] lo speed is unknown, defaulting to 1000 [ 260.962060][T11286] lo speed is unknown, defaulting to 1000 [ 260.978490][T11286] lo speed is unknown, defaulting to 1000 [ 261.023605][ T5217] Bluetooth: hci2: command tx timeout [ 261.126767][ T39] audit: type=1326 audit(1719781234.839:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11291 comm="syz.0.1765" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73df579 code=0x0 [ 261.206961][T11286] infiniband syz0: set down [ 261.210823][ T5251] lo speed is unknown, defaulting to 1000 [ 261.216246][T11286] infiniband syz0: added lo [ 261.268780][T11286] RDS/IB: syz0: added [ 261.280396][T11286] smc: adding ib device syz0 with port count 1 [ 261.301378][T11286] smc: ib device syz0 port 1 has pnetid [ 261.311920][ T5252] lo speed is unknown, defaulting to 1000 [ 261.319403][T11286] lo speed is unknown, defaulting to 1000 [ 261.361315][T11316] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1770'. [ 261.510091][T11286] lo speed is unknown, defaulting to 1000 [ 261.697677][T11286] lo speed is unknown, defaulting to 1000 [ 261.862758][T11286] lo speed is unknown, defaulting to 1000 [ 262.087935][T11325] cgroup: noprefix used incorrectly [ 262.088587][T11286] lo speed is unknown, defaulting to 1000 [ 262.194738][T11326] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1772'. [ 262.400112][T11333] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1775'. [ 263.114237][ T5217] Bluetooth: hci2: command tx timeout [ 263.486133][T11370] tipc: Started in network mode [ 263.488501][T11370] tipc: Node identity 4, cluster identity 4711 [ 263.491362][T11370] tipc: Node number set to 4 [ 263.641784][ T39] audit: type=1804 audit(1719781237.349:186): pid=11375 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1789" name="/file0/syzkaller.XgzhNF/218/bus/file0" dev="overlay" ino=1971 res=1 errno=0 [ 263.851316][T11384] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1792'. [ 263.860501][T11384] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1792'. [ 263.872749][T11384] tc_dump_action: action bad kind [ 263.990112][T11390] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1794'. [ 264.006074][T11390] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.1794'. [ 264.341252][T11402] netlink: 'syz.0.1798': attribute type 12 has an invalid length. [ 264.619640][ T39] audit: type=1326 audit(1719781238.329:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11403 comm="syz.0.1800" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73df579 code=0x0 [ 264.909282][T11421] ip6erspan0: entered allmulticast mode [ 265.183862][ T5217] Bluetooth: hci2: command tx timeout [ 265.247964][T11439] binder: 11438:11439 ioctl c0306201 20000080 returned -14 [ 265.595419][T11455] __nla_validate_parse: 1 callbacks suppressed [ 265.595458][T11455] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1813'. [ 266.574589][T11488] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1822'. [ 266.580227][T11488] netlink: 277 bytes leftover after parsing attributes in process `syz.3.1822'. [ 266.586005][T11488] netlink: 277 bytes leftover after parsing attributes in process `syz.3.1822'. [ 266.599299][T11488] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1822'. [ 266.903576][ T55] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 267.103897][ T55] usb 5-1: Using ep0 maxpacket: 32 [ 267.112979][ T55] usb 5-1: config 1 interface 0 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 8 [ 267.120212][ T55] usb 5-1: config 1 interface 0 altsetting 1 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 267.126588][ T55] usb 5-1: config 1 interface 0 has no altsetting 0 [ 267.132809][ T55] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 267.138062][ T55] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 267.141613][ T55] usb 5-1: Product: ᣿ [ 267.143652][ T55] usb 5-1: Manufacturer: Ð¥ [ 267.145743][ T55] usb 5-1: SerialNumber: ﯬ쎔䂈뇾艃î«î³¯î°Ÿâ½Žæ¥ê…¡çµà¾–宄뱤颧虩껎啿䌉碨é’ദ넦èªî’–鵆ꣴäµê–‰ì¹Ï›ê¬¦æƒšë™ì½½åƒçš„鼆諸癞푨止䲰태좲冟︾ç™æ¶£ï¸™é½¡ç‰±áž³à¨˜ä¹¿ï’Œç¸ëžá†˜ê¥¶çº€å¬¡ëº¦ [ 267.159031][T11490] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 267.310946][T11507] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1828'. [ 267.427491][ T55] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 1 proto 1 vid 0x0525 pid 0xA4A8 [ 267.443686][ T55] usb 5-1: USB disconnect, device number 5 [ 267.450652][ T55] usblp0: removed [ 267.617349][T11515] macsec0: entered promiscuous mode [ 267.854166][ T39] audit: type=1326 audit(1719781241.569:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11517 comm="syz.3.1831" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7419579 code=0x0 [ 268.477876][T11537] raw_sendmsg: syz.1.1836 forgot to set AF_INET. Fix it! [ 268.781338][T11563] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1843'. [ 269.105270][T11567] fuse: Bad value for 'fd' [ 269.108035][ T39] audit: type=1804 audit(1719781242.819:189): pid=11567 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1845" name="/file0/syzkaller.XgzhNF/231/file0" dev="sda1" ino=1959 res=1 errno=0 [ 269.639993][T11586] overlay: Unknown parameter 'mask' [ 269.865794][T11598] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1853'. [ 269.950006][T11595] xt_recent: hitcount (718) is larger than allowed maximum (255) [ 270.399989][T11621] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1862'. [ 270.445466][T11624] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 270.856652][T11657] devtmpfs: Bad value for 'mpol' [ 272.010149][T11695] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1884'. [ 272.694235][T11704] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1887'. [ 273.230922][T11737] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1898'. [ 273.393695][ T39] audit: type=1326 audit(1719781251.099:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11739 comm="syz.0.1899" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73df579 code=0x0 [ 274.233939][T11782] syz.0.1912 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 274.434426][T11786] netlink: 'syz.3.1914': attribute type 12 has an invalid length. [ 274.484868][T11788] netlink: 'syz.3.1915': attribute type 1 has an invalid length. [ 274.982715][T11805] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1921'. [ 276.314583][T11827] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 276.317813][T11827] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 276.338260][T11827] vhci_hcd vhci_hcd.0: Device attached [ 276.613574][ T55] usb 19-1: new high-speed USB device number 2 using vhci_hcd [ 276.938497][T11835] vhci_hcd: connection reset by peer [ 276.942844][ T88] vhci_hcd: stop threads [ 276.947820][ T88] vhci_hcd: release socket [ 276.958276][ T88] vhci_hcd: disconnect device [ 277.400203][T11880] xt_cgroup: invalid path, errno=-2 [ 277.455019][T11888] netlink: 'syz.0.1949': attribute type 9 has an invalid length. [ 277.520573][T11889] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1948'. [ 277.549778][T11892] xt_hashlimit: Unknown mode mask 1BD, kernel too old? [ 277.749573][ T39] audit: type=1800 audit(1719781255.459:191): pid=11898 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1953" name="bus" dev="sda1" ino=1969 res=0 errno=0 [ 277.992735][ T39] audit: type=1326 audit(1719781255.699:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11910 comm="syz.0.1955" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73df579 code=0x0 [ 278.553004][T11925] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 278.555810][T11925] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 278.561327][T11925] vhci_hcd vhci_hcd.0: Device attached [ 278.593224][T11934] netlink: 'syz.2.1960': attribute type 9 has an invalid length. [ 278.826804][ T25] usb 13-1: new high-speed USB device number 2 using vhci_hcd [ 278.906532][T11942] xt_cgroup: invalid path, errno=-2 [ 279.245607][T11928] vhci_hcd: connection reset by peer [ 279.248462][T11233] vhci_hcd: stop threads [ 279.250188][T11233] vhci_hcd: release socket [ 279.263610][T11233] vhci_hcd: disconnect device [ 279.355647][ T39] audit: type=1326 audit(1719781257.069:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11947 comm="syz.1.1965" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7446579 code=0x0 [ 281.057044][T11992] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1978'. [ 281.181184][ T5206] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 281.189349][ T5206] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 281.194009][ T5206] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 281.198520][ T5206] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 281.207689][ T5206] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 281.211354][ T5206] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 281.254173][T11993] lo speed is unknown, defaulting to 1000 [ 281.325645][T11996] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.329622][T11996] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.347071][T11996] bridge0: port 2(bridge_slave_1) entered blocking state [ 281.350127][T11996] bridge0: port 2(bridge_slave_1) entered forwarding state [ 281.354373][T11996] bridge0: port 1(bridge_slave_0) entered blocking state [ 281.358036][T11996] bridge0: port 1(bridge_slave_0) entered forwarding state [ 281.371605][T11996] team0: Port device bridge0 added [ 281.425632][T11996] netlink: 'syz.0.1980': attribute type 2 has an invalid length. [ 281.567532][T11993] chnl_net:caif_netlink_parms(): no params data found [ 281.619023][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 281.622807][ T5206] Bluetooth: Wrong link type (-22) [ 281.692057][T11993] bridge0: port 1(bridge_slave_0) entered blocking state [ 281.695570][T11993] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.698488][T11993] bridge_slave_0: entered allmulticast mode [ 281.702480][T11993] bridge_slave_0: entered promiscuous mode [ 281.708248][T11993] bridge0: port 2(bridge_slave_1) entered blocking state [ 281.711223][T11993] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.714340][T11993] bridge_slave_1: entered allmulticast mode [ 281.717260][T11993] bridge_slave_1: entered promiscuous mode [ 281.753701][ T55] vhci_hcd: vhci_device speed not set [ 281.771869][T11993] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 281.779855][T11993] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 281.853088][T11993] team0: Port device team_slave_0 added [ 281.859231][T11993] team0: Port device team_slave_1 added [ 281.927943][T11993] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 281.931239][T11993] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 281.942179][T11993] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 281.948786][T11993] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 281.951486][T11993] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 281.961830][T11993] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 282.047888][T11993] hsr_slave_0: entered promiscuous mode [ 282.052979][T11993] hsr_slave_1: entered promiscuous mode [ 282.058220][T11993] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 282.061823][T11993] Cannot create hsr debugfs directory [ 282.280507][T11993] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.385966][T11993] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.489595][T11993] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.600624][T11993] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.792534][T11993] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 282.801719][T11993] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 282.824300][T11993] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 282.831502][T11993] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 282.926846][T11993] 8021q: adding VLAN 0 to HW filter on device bond0 [ 282.947795][T11993] 8021q: adding VLAN 0 to HW filter on device team0 [ 282.958272][ T5252] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.961563][ T5252] bridge0: port 1(bridge_slave_0) entered forwarding state [ 282.975099][ T5252] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.978508][ T5252] bridge0: port 2(bridge_slave_1) entered forwarding state [ 283.170582][T11993] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 283.218541][T11993] veth0_vlan: entered promiscuous mode [ 283.232379][T11993] veth1_vlan: entered promiscuous mode [ 283.263961][ T5206] Bluetooth: hci1: command tx timeout [ 283.271702][T11993] veth0_macvtap: entered promiscuous mode [ 283.280576][T11993] veth1_macvtap: entered promiscuous mode [ 283.301456][T11993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 283.309782][T11993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.314878][T11993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 283.320261][T11993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.325534][T11993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 283.329931][T11993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.334908][T11993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 283.339859][T11993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.346523][T11993] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 283.358412][T11993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 283.363189][T11993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.371051][T11993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 283.376008][T11993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.380691][T11993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 283.385244][T11993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.389610][T11993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 283.394160][T11993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.399593][T11993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 283.403915][T11993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.410075][T11993] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 283.419496][T11993] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.423407][T11993] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.426792][T11993] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.430110][T11993] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.511473][T11236] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 283.522729][T11236] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 283.564439][T11233] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 283.568073][T11233] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 283.994025][ T25] vhci_hcd: vhci_device speed not set [ 284.800918][ T39] audit: type=1326 audit(1719781262.509:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12087 comm="syz.3.2002" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf740c579 code=0x0 [ 285.005216][ T39] audit: type=1800 audit(1719781262.709:195): pid=12100 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2007" name="SYSV00000000" dev="hugetlbfs" ino=4 res=0 errno=0 [ 285.085059][T12103] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2009'. [ 285.345528][ T5206] Bluetooth: hci1: command tx timeout [ 285.449885][T12119] overlay: filesystem on ./bus not supported as upperdir [ 285.561558][ T5205] IPVS: starting estimator thread 0... [ 285.582582][T12126] netlink: 'syz.1.2016': attribute type 10 has an invalid length. [ 285.586811][T12126] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2016'. [ 285.591725][T12126] bridge0: port 3(veth0_to_bridge) entered blocking state [ 285.596735][T12126] bridge0: port 3(veth0_to_bridge) entered disabled state [ 285.599937][T12126] veth0_to_bridge: entered allmulticast mode [ 285.604505][T12126] veth0_to_bridge: entered promiscuous mode [ 285.673886][T12127] IPVS: using max 17 ests per chain, 40800 per kthread [ 285.861472][T12142] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2023'. [ 286.046640][ T5206] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 286.229720][ T39] audit: type=1326 audit(1719781263.939:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12154 comm="syz.1.2027" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 286.246064][ T39] audit: type=1326 audit(1719781263.939:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12154 comm="syz.1.2027" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 286.263954][ T39] audit: type=1326 audit(1719781263.939:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12154 comm="syz.1.2027" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 286.286457][ T39] audit: type=1326 audit(1719781263.939:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12154 comm="syz.1.2027" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 286.331714][ T39] audit: type=1326 audit(1719781263.939:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12154 comm="syz.1.2027" exe="/syz-executor" sig=0 arch=40000003 syscall=374 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 286.346670][ T39] audit: type=1326 audit(1719781263.939:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12154 comm="syz.1.2027" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 286.359148][ T39] audit: type=1326 audit(1719781263.949:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12154 comm="syz.1.2027" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 286.371565][ T39] audit: type=1326 audit(1719781263.949:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12154 comm="syz.1.2027" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 287.181347][T12183] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 287.192500][T12183] netlink: 'syz.2.2038': attribute type 10 has an invalid length. [ 287.197240][T12183] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2038'. [ 287.202001][T12183] bridge0: port 3(veth0_to_bridge) entered blocking state [ 287.206365][T12183] bridge0: port 3(veth0_to_bridge) entered disabled state [ 287.210894][T12183] veth0_to_bridge: entered allmulticast mode [ 287.218433][T12183] veth0_to_bridge: entered promiscuous mode [ 287.221965][T12183] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 287.229079][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 287.238341][T12183] bridge0: port 3(veth0_to_bridge) entered blocking state [ 287.242257][T12183] bridge0: port 3(veth0_to_bridge) entered forwarding state [ 287.282294][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 287.287982][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 287.293061][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 287.298490][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 287.303293][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 287.308753][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 287.308952][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 287.309132][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 287.309316][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 287.424032][ T5217] Bluetooth: hci1: command tx timeout [ 287.515862][T12186] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2039'. [ 287.656096][T12197] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2042'. [ 288.040706][T12201] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2045'. [ 288.350713][ T5217] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 289.503904][ T5217] Bluetooth: hci1: command tx timeout [ 289.705042][T12238] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2055'. [ 289.712465][T12238] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2055'. [ 289.717127][T12238] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2055'. [ 290.006222][ T39] kauditd_printk_skb: 132 callbacks suppressed [ 290.006234][ T39] audit: type=1800 audit(1719781267.719:336): pid=12246 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2057" name="bus" dev="sda1" ino=1964 res=0 errno=0 [ 290.167460][T12250] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2059'. [ 290.207710][T12251] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2058'. [ 290.803653][ T1384] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 290.994387][ T1384] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 290.999922][ T1384] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 291.006038][ T1384] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 291.011045][ T1384] usb 5-1: config 0 interface 0 has no altsetting 0 [ 291.016337][ T1384] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 291.020826][ T1384] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 291.026492][ T1384] usb 5-1: config 0 interface 0 has no altsetting 0 [ 291.031576][ T1384] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 291.036342][ T1384] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 291.041601][ T1384] usb 5-1: config 0 interface 0 has no altsetting 0 [ 291.046252][ T1384] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 291.050625][ T1384] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 291.056693][ T1384] usb 5-1: config 0 interface 0 has no altsetting 0 [ 291.061301][ T1384] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 291.066077][ T1384] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 291.071391][ T1384] usb 5-1: config 0 interface 0 has no altsetting 0 [ 291.076887][ T1384] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 291.092710][ T1384] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 291.097699][ T1384] usb 5-1: config 0 interface 0 has no altsetting 0 [ 291.102071][ T1384] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 291.112192][ T1384] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 291.117672][ T1384] usb 5-1: config 0 interface 0 has no altsetting 0 [ 291.122023][ T1384] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 291.126391][ T1384] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 291.131506][ T1384] usb 5-1: config 0 interface 0 has no altsetting 0 [ 291.145815][ T1384] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 291.153508][ T1384] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 291.162952][ T1384] usb 5-1: Product: syz [ 291.165842][ T1384] usb 5-1: Manufacturer: syz [ 291.168692][ T1384] usb 5-1: SerialNumber: syz [ 291.175098][ T1384] usb 5-1: config 0 descriptor?? [ 291.184663][ T1384] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 291.400680][ T1384] usb 5-1: USB disconnect, device number 6 [ 291.406177][ T1384] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 292.233783][ C0] net_ratelimit: 18225 callbacks suppressed [ 292.233804][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 292.242455][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 292.247992][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 292.253640][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 292.258919][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 292.264165][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 292.270409][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 292.275978][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 292.281403][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 292.287632][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 292.346338][ T5217] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 293.494230][T12294] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2072'. [ 294.693995][ T35] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 294.938525][ T35] usb 6-1: Using ep0 maxpacket: 8 [ 294.949671][ T35] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 294.963559][ T35] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 294.976432][ T39] audit: type=1326 audit(1719781272.689:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12313 comm="syz.3.2078" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf740c579 code=0x0 [ 294.986538][ T35] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 294.991465][ T35] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 295.013545][ T35] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 295.023168][ T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.293600][ T35] usb 6-1: usb_control_msg returned -32 [ 295.296027][ T35] usbtmc 6-1:16.0: can't read capabilities [ 295.669381][ C2] usbtmc 6-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 295.703822][T12322] usbtmc 6-1:16.0: Unable to send data, error -71 [ 297.243760][ C0] net_ratelimit: 14673 callbacks suppressed [ 297.243780][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 297.254733][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 297.262486][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 297.270936][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 297.278494][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 297.284835][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 297.290839][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 297.299157][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 297.305748][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 297.311708][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 297.414639][ T35] usb 6-1: USB disconnect, device number 11 [ 297.545738][ T39] audit: type=1326 audit(1719781275.249:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12335 comm="syz.1.2083" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 297.563847][ T39] audit: type=1326 audit(1719781275.249:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12335 comm="syz.1.2083" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 297.585734][ T39] audit: type=1326 audit(1719781275.269:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12335 comm="syz.1.2083" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 297.605583][ T39] audit: type=1326 audit(1719781275.269:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12335 comm="syz.1.2083" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 297.629890][ T39] audit: type=1326 audit(1719781275.269:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12335 comm="syz.1.2083" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 297.649406][ T39] audit: type=1326 audit(1719781275.269:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12335 comm="syz.1.2083" exe="/syz-executor" sig=0 arch=40000003 syscall=374 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 297.669799][ T39] audit: type=1326 audit(1719781275.269:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12335 comm="syz.1.2083" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 297.703246][ T39] audit: type=1326 audit(1719781275.269:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12335 comm="syz.1.2083" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 297.723953][ T39] audit: type=1326 audit(1719781275.299:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12335 comm="syz.1.2083" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 297.761457][ T39] audit: type=1326 audit(1719781275.299:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12335 comm="syz.1.2083" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7446579 code=0x7ffc0000 [ 297.848049][T12339] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2084'. [ 301.100542][T12383] netlink: 'syz.1.2096': attribute type 10 has an invalid length. [ 301.104866][T12383] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2096'. [ 301.391390][T12390] kvm: kvm [12384]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x640000003b0a [ 302.254308][ C0] net_ratelimit: 7411 callbacks suppressed [ 302.254328][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 302.262790][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 302.268872][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 302.274195][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 302.280059][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 302.285734][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 302.291613][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 302.296843][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 302.303217][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 302.308532][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 302.437841][T12400] netlink: 'syz.2.2099': attribute type 10 has an invalid length. [ 302.441533][T12400] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2099'. [ 302.446469][T12400] dummy0: entered promiscuous mode [ 302.449659][T12400] dummy0: entered allmulticast mode [ 302.453376][T12400] bridge0: port 4(dummy0) entered blocking state [ 302.456998][T12400] bridge0: port 4(dummy0) entered disabled state [ 302.462709][T12400] bridge0: port 4(dummy0) entered blocking state [ 302.466128][T12400] bridge0: port 4(dummy0) entered forwarding state [ 302.571527][T12403] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2100'. [ 303.900990][ T5217] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 303.929561][ T5217] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 303.936593][ T5217] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 303.962949][ T5217] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 303.985059][ T5217] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 303.993589][ T5217] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 304.019626][T12301] ------------[ cut here ]------------ [ 304.022693][T12301] ida_free called for id=57576 which is not allocated. [ 304.060265][T12301] WARNING: CPU: 3 PID: 12301 at lib/idr.c:525 ida_free+0x1fb/0x2f0 [ 304.064176][T12301] Modules linked in: [ 304.066087][T12301] CPU: 3 PID: 12301 Comm: syz.0.2073 Not tainted 6.10.0-rc5-syzkaller-00282-g8282d5af7be8 #0 [ 304.073421][T12301] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 304.078862][T12301] RIP: 0010:ida_free+0x1fb/0x2f0 [ 304.081590][T12301] Code: c7 f6 41 83 fe 3e 76 73 e8 c2 a9 c7 f6 48 8b 7c 24 28 4c 89 ee e8 c5 c1 18 00 90 48 c7 c7 60 d3 7f 8c 89 ee e8 16 2a 8a f6 90 <0f> 0b 90 90 e8 9c a9 c7 f6 48 b8 00 00 00 00 00 fc ff df 48 01 c3 [ 304.090742][T12301] RSP: 0018:ffffc90002cffa98 EFLAGS: 00010286 [ 304.093686][T12301] RAX: 0000000000000000 RBX: 1ffff9200059ff54 RCX: ffffffff81511289 [ 304.098168][T12301] RDX: ffff8880209e2440 RSI: ffffffff81511296 RDI: 0000000000000001 [ 304.102150][T12301] RBP: 000000000000e0e8 R08: 0000000000000001 R09: 0000000000000000 [ 304.105839][T12301] R10: 0000000000000001 R11: 0000000000000002 R12: 0000000000000000 [ 304.109631][T12301] R13: 0000000000000293 R14: 00000000000000e8 R15: 0000000000000000 [ 304.113535][T12301] FS: 0000000000000000(0000) GS:ffff88802c300000(0000) knlGS:0000000000000000 [ 304.118753][T12301] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 304.122126][T12301] CR2: 0000000000000000 CR3: 000000005deac000 CR4: 0000000000352ef0 SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 304.125770][T12301] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 304.129728][T12301] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 304.133386][T12301] Call Trace: [ 304.135505][T12301] [ 304.136961][T12301] ? show_regs+0x8c/0xa0 [ 304.139335][T12301] ? __warn+0xe5/0x3c0 [ 304.141505][T12301] ? preempt_schedule_notrace+0x62/0xe0 [ 304.144648][T12301] ? ida_free+0x1fb/0x2f0 [ 304.146782][T12301] ? report_bug+0x3c0/0x580 [ 304.149183][T12301] ? handle_bug+0x3d/0x70 [ 304.151233][T12301] ? exc_invalid_op+0x17/0x50 [ 304.153430][T12301] ? asm_exc_invalid_op+0x1a/0x20 [ 304.155986][T12301] ? __warn_printk+0x199/0x350 [ 304.158674][T12301] ? __warn_printk+0x1a6/0x350 [ 304.161319][T12301] ? ida_free+0x1fb/0x2f0 [ 304.163400][T12301] ? ida_free+0x1fa/0x2f0 [ 304.165666][T12301] ? __pfx_ida_free+0x10/0x10 [ 304.167822][T12301] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 304.170177][T12301] hci_conn_del+0x768/0xdb0 [ 304.172301][T12301] hci_conn_hash_flush+0x18f/0x260 [ 304.175097][T12301] hci_dev_close_sync+0x534/0x11c0 [ 304.177610][T12301] hci_dev_do_close+0x2e/0x90 [ 304.179833][T12301] hci_unregister_dev+0x1e3/0x5f0 [ 304.182474][T12301] ? __pfx_vhci_release+0x10/0x10 [ 304.185896][T12301] vhci_release+0x7f/0x100 [ 304.187914][T12301] __fput+0x408/0xbb0 [ 304.189688][T12301] task_work_run+0x14e/0x250 [ 304.191780][T12301] ? __pfx_task_work_run+0x10/0x10 [ 304.194662][T12301] do_exit+0xa9b/0x2ba0 [ 304.196607][T12301] ? __pfx_do_exit+0x10/0x10 [ 304.198642][T12301] ? preempt_schedule_thunk+0x1a/0x30 [ 304.201091][T12301] do_group_exit+0xd3/0x2a0 [ 304.203346][T12301] __ia32_sys_exit_group+0x3e/0x50 [ 304.206310][T12301] __do_fast_syscall_32+0x73/0x120 [ 304.209192][T12301] do_fast_syscall_32+0x32/0x80 [ 304.211543][T12301] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 304.215043][T12301] RIP: 0023:0xf73df579 [ 304.216939][T12301] Code: Unable to access opcode bytes at 0xf73df54f. [ 304.219987][T12301] RSP: 002b:00000000fff118ec EFLAGS: 00000286 ORIG_RAX: 00000000000000fc [ 304.221418][T12408] lo speed is unknown, defaulting to 1000 [ 304.224342][T12301] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000 [ 304.224405][T12301] RDX: 0000000000000000 RSI: 00000000ffffff9c RDI: 00000000f73cbff4 [ 304.224417][T12301] RBP: 00000000fff119f4 R08: 0000000000000000 R09: 0000000000000000 [ 304.224429][T12301] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 304.224439][T12301] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 304.224464][T12301] [ 304.224474][T12301] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 304.224483][T12301] CPU: 3 PID: 12301 Comm: syz.0.2073 Not tainted 6.10.0-rc5-syzkaller-00282-g8282d5af7be8 #0 [ 304.224501][T12301] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 304.224511][T12301] Call Trace: [ 304.224518][T12301] [ 304.224525][T12301] dump_stack_lvl+0x3d/0x1f0 [ 304.224554][T12301] panic+0x6f5/0x7a0 [ 304.224576][T12301] ? __pfx_panic+0x10/0x10 [ 304.224593][T12301] ? show_trace_log_lvl+0x363/0x500 [ 304.224628][T12301] ? check_panic_on_warn+0x1f/0xb0 [ 304.224647][T12301] ? ida_free+0x1fb/0x2f0 [ 304.224668][T12301] check_panic_on_warn+0xab/0xb0 [ 304.224689][T12301] __warn+0xf1/0x3c0 [ 304.224707][T12301] ? preempt_schedule_notrace+0x62/0xe0 [ 304.224729][T12301] ? ida_free+0x1fb/0x2f0 [ 304.224751][T12301] report_bug+0x3c0/0x580 [ 304.224774][T12301] handle_bug+0x3d/0x70 [ 304.224800][T12301] exc_invalid_op+0x17/0x50 [ 304.224826][T12301] asm_exc_invalid_op+0x1a/0x20 [ 304.224852][T12301] RIP: 0010:ida_free+0x1fb/0x2f0 [ 304.224872][T12301] Code: c7 f6 41 83 fe 3e 76 73 e8 c2 a9 c7 f6 48 8b 7c 24 28 4c 89 ee e8 c5 c1 18 00 90 48 c7 c7 60 d3 7f 8c 89 ee e8 16 2a 8a f6 90 <0f> 0b 90 90 e8 9c a9 c7 f6 48 b8 00 00 00 00 00 fc ff df 48 01 c3 [ 304.224889][T12301] RSP: 0018:ffffc90002cffa98 EFLAGS: 00010286 [ 304.224905][T12301] RAX: 0000000000000000 RBX: 1ffff9200059ff54 RCX: ffffffff81511289 [ 304.224917][T12301] RDX: ffff8880209e2440 RSI: ffffffff81511296 RDI: 0000000000000001 [ 304.224929][T12301] RBP: 000000000000e0e8 R08: 0000000000000001 R09: 0000000000000000 [ 304.224941][T12301] R10: 0000000000000001 R11: 0000000000000002 R12: 0000000000000000 [ 304.224952][T12301] R13: 0000000000000293 R14: 00000000000000e8 R15: 0000000000000000 [ 304.224972][T12301] ? __warn_printk+0x199/0x350 [ 304.224989][T12301] ? __warn_printk+0x1a6/0x350 [ 304.225011][T12301] ? ida_free+0x1fa/0x2f0 [ 304.225031][T12301] ? __pfx_ida_free+0x10/0x10 [ 304.225056][T12301] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 304.225094][T12301] hci_conn_del+0x768/0xdb0 [ 304.225124][T12301] hci_conn_hash_flush+0x18f/0x260 [ 304.225154][T12301] hci_dev_close_sync+0x534/0x11c0 [ 304.225187][T12301] hci_dev_do_close+0x2e/0x90 [ 304.225209][T12301] hci_unregister_dev+0x1e3/0x5f0 [ 304.225234][T12301] ? __pfx_vhci_release+0x10/0x10 [ 304.225259][T12301] vhci_release+0x7f/0x100 [ 304.225280][T12301] __fput+0x408/0xbb0 [ 304.225307][T12301] task_work_run+0x14e/0x250 [ 304.225329][T12301] ? __pfx_task_work_run+0x10/0x10 [ 304.225354][T12301] do_exit+0xa9b/0x2ba0 [ 304.225378][T12301] ? __pfx_do_exit+0x10/0x10 [ 304.225395][T12301] ? preempt_schedule_thunk+0x1a/0x30 [ 304.225423][T12301] do_group_exit+0xd3/0x2a0 [ 304.225444][T12301] __ia32_sys_exit_group+0x3e/0x50 [ 304.225463][T12301] __do_fast_syscall_32+0x73/0x120 [ 304.225491][T12301] do_fast_syscall_32+0x32/0x80 [ 304.225515][T12301] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 304.225536][T12301] RIP: 0023:0xf73df579 [ 304.225551][T12301] Code: Unable to access opcode bytes at 0xf73df54f. [ 304.225560][T12301] RSP: 002b:00000000fff118ec EFLAGS: 00000286 ORIG_RAX: 00000000000000fc [ 304.225575][T12301] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000 [ 304.225586][T12301] RDX: 0000000000000000 RSI: 00000000ffffff9c RDI: 00000000f73cbff4 [ 304.225597][T12301] RBP: 00000000fff119f4 R08: 0000000000000000 R09: 0000000000000000 [ 304.225609][T12301] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 304.225618][T12301] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 304.225645][T12301] [ 304.228134][T12301] Kernel Offset: disabled VM DIAGNOSIS: 21:01:18 Registers: info registers vcpu 0 CPU#0 RAX=dffffc0000000000 RBX=0000000000000001 RCX=ffffffff89098eda RDX=1ffff11004e50dc5 RSI=0000000000000007 RDI=0000000000000007 RBP=ffff888027286dc0 RSP=ffffc90000006d48 R8 =0000000000000003 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000005 R12=ffffc90000006e40 R13=0000000000000007 R14=ffffffff89098e10 R15=dffffc0000000000 RIP=ffffffff818e8bb8 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000200bd01c CR3=000000000d97a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 68e966cc39854194 1d0f901bb8938db7 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f5bd2600e7b4256d 15f31209acc05857 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 c2edeb6a98662236 c205db3f7f87afbd ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 112909ce8d80ce81 928d927541ac56e7 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000003400 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b34191860001f6cc 1a0000000a000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00029e35b350fa83 d95413082ded5768 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b349181bfc000000 aa000000f3000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 9e000000f97dce30 b3577a97a0000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 703a40f7701210d5 cab2e677feee40f5 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 34bdcc3b16e2c218 d272bd18b37f507f ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000002 RBX=ffffc9000056f568 RCX=0000000000000001 RDX=0000000000000000 RSI=ffffffff8b2cbca0 RDI=ffffffff8b8fb860 RBP=ffffffff8f734fa8 RSP=ffffc9000056f410 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=ffff8880163f0000 R13=ffff8880163f0ae0 R14=00000000ffffffff R15=0000000000000000 RIP=ffffffff8adbff19 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000ffd63e40 CR3=00000000523c8000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffff0f0e0d0c ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffff00 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000040000 RBX=ffffc900042cecd0 RCX=ffffc900038a9000 RDX=0000000000040000 RSI=ffffffff813c7fd0 RDI=0000000000000005 RBP=0000000000000001 RSP=ffffc900042ceca0 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=dffffc0000000000 R12=ffffc900042ced18 R13=ffffffff817a4d20 R14=ffffc900042ced90 R15=ffff88801ec7a440 RIP=ffffffff818e90d8 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802c200000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000203d7000 CR3=0000000048f44000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000ff0000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 00000000ff000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000000000003a RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84f94cf5 RDI=ffffffff94d5c040 RBP=ffffffff94d5c000 RSP=ffffc90002cff480 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000005 R12=0000000000000000 R13=000000000000003a R14=ffffffff84f94c90 R15=0000000000000000 RIP=ffffffff84f94d1f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000005deac000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 00c800a400000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000105a00000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000