last executing test programs: 10.659251221s ago: executing program 1 (id=392): r0 = socket(0x1d, 0x2, 0x6) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000500)={'tunl0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000000)={0x1d, r2, 0x2}, 0x18) 9.621075772s ago: executing program 0 (id=394): r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) ioctl$EVIOCSMASK(r0, 0x80104592, &(0x7f0000000000)={0x0, 0x1, &(0x7f00000000c0)="e2"}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="640000000206010800000000000000000000000014000780080012400003000008001140000000000500010006000000050005000200000005000400000000000900020073797a310000000015000300686173683a69702c706f7274"], 0x64}}, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1) mount$9p_rdma(&(0x7f0000000000), 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="7472616e733d72646d612c706f72743d3078303030303030303030303030301836302c73713d3078303030303030303130303030303030312c70726976706f72742c00"]) close(0xffffffffffffffff) openat$mixer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$FUSE_DEV_IOC_CLONE(0xffffffffffffffff, 0x80044d00, 0x0) syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109023b00010100c000090400000002060001052406000005240002000d240f01ffffffff00f9ff007f090582020000000700090503020000090000"], 0x0) openat$incfs(0xffffffffffffff9c, &(0x7f0000000100)='.pending_reads\x00', 0x149240, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000580)={0x2c, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x2c}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002200), r1) r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x4207, r8) socket$rxrpc(0x21, 0x2, 0x2) ptrace$setregs(0x4208, r8, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) r10 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r10, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r7, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r9, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="04010000d81e02e69205294701704e89e5fbfec20b7c99b0dba9569ca5f1d5dd7535f2b923da3c", @ANYRES16=r4, @ANYBLOB="080006000000dedbdf250700000008000300", @ANYRES32=r9, @ANYBLOB="0c009900020000005b0000000400cc002400178004000100040002000400010004000600040006000400050004000300040001000a00e80008021100000000001c00e7002d21037d4ac3f239d6228e3ad4c0c0e5e59598485c93c1690a00e8000802110000000000280017800400010004000500040003000400040004000400040006000400030004000400040003000a00e800ffffffffffff00000c00178004000200040005000a00e80008021100000000000c00178004000600040005001c00e70023f2ac1d889ac0f40eda5e7875300622e57bd0b0410b3e760a00e8000802110000010000"], 0x104}, 0x1, 0x0, 0x0, 0x440000c1}, 0x4000844) 9.620708261s ago: executing program 1 (id=396): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1}, 0x48) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) socket$nl_audit(0x10, 0x3, 0x9) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETLINK(r1, 0x400454cd, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x30, 0x2, {{}, [@TCA_NETEM_RATE={0x14, 0xe, {0x0, 0x2}}]}}}]}, 0x60}}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r4 = syz_open_procfs$userns(0x0, &(0x7f00000002c0)) ioctl$NS_GET_PARENT(r4, 0xb702, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') r6 = userfaultfd(0x80001) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) writev(r5, &(0x7f0000000780)=[{&(0x7f00000004c0)='4', 0x1}], 0x1) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x15) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000003000/0x1000)=nil, 0x7f7884acbfff, 0x14) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x5229000) 7.943752854s ago: executing program 0 (id=399): r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000006c0)=@newsa={0xf4, 0x10, 0x633, 0x0, 0x0, {{@in6=@loopback, @in6=@dev, 0x4e23}, {@in6=@dev, 0x0, 0x32}, @in=@local, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {}, {}, 0x0, 0x0, 0xa}, [@extra_flags={0x8}]}, 0xf4}}, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r2 = dup2(r1, r1) ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f0000000600)={0x14000000}) r3 = syz_open_dev$vim2m(&(0x7f0000000140), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_QBUF(r3, 0xc058560f, &(0x7f00000002c0)=@multiplanar_overlay={0x4, 0x2, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "c4b80948"}, 0x0, 0x3, {0x0}}) preadv(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)}], 0x100000000000004f, 0x0, 0x0) ioctl$TUNATTACHFILTER(r2, 0x400854d5, &(0x7f0000000100)={0x5, &(0x7f0000000080)=[{0x1, 0x1f, 0x2, 0xb9}, {0x80, 0x42, 0x2, 0x6}, {0x9, 0xfa, 0x9}, {0x7fff, 0xf8, 0x8, 0x2}, {0x81, 0x1, 0x20, 0x379}]}) r4 = socket$packet(0x11, 0x2, 0x300) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$can_raw(0x1d, 0x3, 0x1) fcntl$dupfd(0xffffffffffffffff, 0x0, r5) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c00000001010101000000004b000000000000000c00018006000340000300000c00198008000100810100008e6a95213de7d3ea370679b33ac941c240d4720a382c26146b009600cda1e7a7a83d1d881ff2696de8b3431ff81219bc220ac021a7f685e586975c152908aa436844e883d0d3836f0535e334e0d5b690"], 0x2c}}, 0x0) syz_open_dev$midi(&(0x7f00000001c0), 0xac, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r4, 0xc0205710, &(0x7f0000000000)={0x1, 0x5, 0x0, 0x0, 0x8}) r6 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r6, &(0x7f0000000000), 0x10) sendmsg$can_bcm(r6, &(0x7f0000000480)={&(0x7f0000000340), 0x10, &(0x7f00000000c0)={0x0, 0x20000600}}, 0x0) r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0x9, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r7, 0x2, 0x1}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r8}, 0x4) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x3, &(0x7f0000000500)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r9}, 0x10) syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) r10 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r10, 0x8983, &(0x7f00000017c0)={0x1, 'vlan0\x00'}) 7.542762568s ago: executing program 0 (id=400): socket$nl_generic(0x10, 0x3, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff}, 0x0) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r2, 0x40000000af01, 0x0) mount$9p_fd(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000000)=ANY=[@ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX]) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xb, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x4, 0x1}, 0x48) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000080)) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f00000003c0)=""/65, 0x0, 0x3000}) ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f00000000c0)=0x4000000) r4 = dup(r3) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup(r5) connect$vsock_stream(r6, &(0x7f0000000140), 0x10) ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000000)={0x0, r4}) mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./file0\x00', &(0x7f0000000240)='squashfs\x00', 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r7 = socket$inet(0x2, 0x3, 0x4) ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r4, 0x8008f513, &(0x7f0000000280)) setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, &(0x7f00000000c0)='caif0\x00', 0x10) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'caif0\x00', 0x0}) setsockopt$inet_mreqn(r7, 0x0, 0x20, &(0x7f0000000200)={@rand_addr, @private, r8}, 0xc) io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0x1c, 0x20000048, 0x0) dup(r1) write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18) 6.794829942s ago: executing program 1 (id=401): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='hugetlbfs\x00', 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='blkio.throttle.write_bps_device\x00', 0x2, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x0) syz_open_dev$vim2m(0x0, 0x7, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000180)=0x6) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000040)) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f00000013c0)) read$dsp(r2, &(0x7f0000000440)=""/171, 0xab) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 6.671495697s ago: executing program 3 (id=404): r0 = syz_open_dev$sndctrl(&(0x7f0000000300), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc2c45512, &(0x7f0000000340)={{0x7, 0x0, 0x0, 0x0, 'syz0\x00'}}) 6.546757872s ago: executing program 3 (id=405): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x8, 0x7fe2, 0x1}, 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0) 6.47683929s ago: executing program 3 (id=406): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) r2 = gettid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_emit_ethernet(0x61, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0x0) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000080)=0x200000000) preadv(r3, &(0x7f0000000600)=[{&(0x7f0000000280)=""/117, 0x75}], 0x1, 0x9000000, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x17}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_FLAGS={0x8}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x74}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000ab000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001900010000000000000000000a0000000000e3ffffffffff07001e"], 0x24}}, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000000040), 0x4) sendto$inet6(r0, &(0x7f0000847fff), 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) 5.147823583s ago: executing program 3 (id=408): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 4.292612509s ago: executing program 0 (id=415): openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) close(r0) openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/power/disk', 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = dup(r4) ioctl$KVM_SET_MSRS(r5, 0x4048aecb, &(0x7f00000000c0)=ANY=[@ANYRES64=r2, @ANYRES64]) 3.84855865s ago: executing program 0 (id=417): r0 = openat$mice(0xffffff9c, &(0x7f0000000040), 0x400) ioctl$PTP_EXTTS_REQUEST2(r0, 0x40103d0b, &(0x7f00000000c0)={0x7, 0xa}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r2, &(0x7f0000000440)={0x28, 0x0, 0x0, @my=0x1}, 0x10) preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r4, 0x0, &(0x7f0000000200)={0x44, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) socket$tipc(0x1e, 0x0, 0x0) pselect6(0x40, &(0x7f0000000100)={0x3b}, 0x0, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000340)=0x2000000) ioctl$SNDCTL_DSP_SUBDIVIDE(r3, 0xc0045009, 0x0) ioctl$SNDCTL_DSP_GETIPTR(r3, 0x800c5011, &(0x7f0000000040)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x5, 0x810, r0, 0x0) ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r1, 0xf504, 0x0) move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eeb1948bf42bc7fc2cb274849c9524154fa24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff7a1ef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a8684853abf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000400000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f500000010000000000944e4505da485a3a4154387a0a88370d9ed9467b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844892f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b57"], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000001c0)={0x0, 0xfffeffff, 0x2}, 0x10}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='mm_page_alloc\x00', r5}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[], 0x0, 0x37}, 0x20) openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) openat$rdma_cm(0xffffff9c, &(0x7f0000001c40), 0x2, 0x0) 3.848298406s ago: executing program 2 (id=418): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70200001400894fb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$NS_GET_NSTYPE(0xffffffffffffffff, 0xb703, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d) r7 = getpgrp(r2) ptrace$getenv(0x4201, r7, 0x1, &(0x7f00000000c0)) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x7, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x9, 0x0, 0x0, 0x0, 0x69, 0x10, 0xae}, [@ldst={0x0, 0x0, 0x6, 0x9, 0xb}], {0x95, 0x0, 0x74}}, 0x0, 0x8, 0xd1, &(0x7f00000003c0)=""/209, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000080), 0x10}, 0x90) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x40001, 0x0) ioctl$TIOCVHANGUP(r8, 0x5437, 0x0) io_setup(0x22, &(0x7f0000000600)=0x0) io_submit(r9, 0x1, &(0x7f0000000800)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, r8, 0x0}]) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000840)={0x14, r1, 0x1, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x0) 3.845548935s ago: executing program 3 (id=419): r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) ioctl$EVIOCSMASK(r0, 0x80104592, &(0x7f0000000000)={0x0, 0x1, &(0x7f00000000c0)="e2"}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="640000000206010800000000000000000000000014000780080012400003000008001140000000000500010006000000050005000200000005000400000000000900020073797a310000000015000300686173683a69702c706f7274"], 0x64}}, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1) mount$9p_rdma(&(0x7f0000000000), 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="7472616e733d72646d612c706f72743d3078303030303030303030303030301836302c73713d3078303030303030303130303030303030312c70726976706f72742c00"]) close(0xffffffffffffffff) openat$mixer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$FUSE_DEV_IOC_CLONE(0xffffffffffffffff, 0x80044d00, 0x0) syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109023b00010100c000090400000002060001052406000005240002000d240f01ffffffff00f9ff007f090582020000000700090503020000090000"], 0x0) openat$incfs(0xffffffffffffff9c, &(0x7f0000000100)='.pending_reads\x00', 0x149240, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000580)={0x2c, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x2c}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002200), r1) r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x4207, r8) socket$rxrpc(0x21, 0x2, 0x2) ptrace$setregs(0x4208, r8, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) r10 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r10, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r7, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r9, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="04010000d81e02e69205294701704e89e5fbfec20b7c99b0dba9569ca5f1d5dd7535f2b923da3c", @ANYRES16=r4, @ANYBLOB="080006000000dedbdf250700000008000300", @ANYRES32=r9, @ANYBLOB="0c009900020000005b0000000400cc002400178004000100040002000400010004000600040006000400050004000300040001000a00e80008021100000000001c00e7002d21037d4ac3f239d6228e3ad4c0c0e5e59598485c93c1690a00e8000802110000000000280017800400010004000500040003000400040004000400040006000400030004000400040003000a00e800ffffffffffff00000c00178004000200040005000a00e80008021100000000000c00178004000600040005001c00e70023f2ac1d889ac0f40eda5e7875300622e57bd0b0410b3e760a00e8000802110000010000"], 0x104}, 0x1, 0x0, 0x0, 0x440000c1}, 0x4000844) 3.729896536s ago: executing program 1 (id=420): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000a50000000060a0b040000000000000000020000002400048020000180078001006374000014000280080002400000001208000140000000000900010073797a30000000000900020073797a320000000014000000028b72a20000000000faff008000000a000000000000"], 0x78}}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) r1 = openat$tcp_congestion(0xffffff9c, &(0x7f0000000000), 0x1, 0x0) r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) writev(r2, &(0x7f0000002340)=[{&(0x7f0000000140)="de", 0x20000141}], 0x1) fstat64(r1, &(0x7f0000000f40)) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r4 = fcntl$dupfd(r3, 0x0, r3) write$sndseq(r4, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time={0x0, 0x2a}, {}, {}, @raw8={"13e661fefa8c7d0d9a4be91e"}}], 0x38) pipe2(&(0x7f0000000000), 0x80) r5 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0) ioctl$CEC_RECEIVE(r5, 0xc0386106, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, "251a9e25cd86cc30dfe7f807f53361eb"}) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r7, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) ioctl$SNDCTL_DSP_SYNC(r7, 0x5001, 0x0) ioctl$SNDCTL_DSP_SETFMT(r7, 0xc0045003, &(0x7f0000000300)) ioctl$SNDCTL_DSP_RESET(r7, 0x5000, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001fc0)=@newtaction={0x14, 0x1c, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}}, 0x14}}, 0x0) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) dup(r9) 2.661835841s ago: executing program 1 (id=421): mkdir(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x0, 0x100008f}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x345000, 0x0) ioctl$TUNSETLINK(r0, 0x400454cd, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bd2) r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000180001000000000000000000020000000000"], 0x38}}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_pressure(r3, &(0x7f0000000040)='memory.pressure\x00', 0x2, 0x0) write$cgroup_pressure(r4, &(0x7f0000000080)={'some', 0x20, 0x2000000005, 0x20, 0x10000000fffff}, 0x2f) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000b40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87ea487e223ac37264833d618e92eac195f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd70a5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d29c7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c707647fa8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b356fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff53902a8f57000000009700cf0b4b8bc2294133000000007900000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa60e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645463dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a80741f0adba07f01d25eb3d1e23e0f2645d1cdfabfa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361cfbc61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e7567335dc3008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c7ba599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b0a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b96a81232fbef665f6212f875b2a0000000000000000000000000000f841b35af2e300000000000000000087a5f4bca39ad01340e98399f47f81d522dddcabc93ca6b082eb6be80b24b87652f76c3042ce504ac67b01a62451724b9257a0edceacb715a627247d11689663302f02b90fd6e10638b372c3413ee3066af68ce7ae685ccbd815c567fc50947703444e5625daea863219ebccf6cb3bd813e011097619c3f3c5f72c08ac0fa8f7e2536073bfd9f326f7369a3b4f000c4a300d3ef04db5fcf063e7f92711d1eb068d789e6c4d85c34c89e3e5f73178067e2976212ffe3ec8c284389ec7197a382bcba30b101938062e292e5185d8c1893f90cad3d8cac60b84b39843eed5fa17c362977c788361346eeca1d69fe200bd55a8d7ee48e80266661574f362e2069cec64e7e4426eb0a76a9a72887f68b5081aaf99f4d0a863cf47798cbe87b00663da6c834674fc2160d047e95f011b64a06576016f074e9e6afbe7675636fcd7e8abf2d788f5c8b31857"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000001c0)='sched_kthread_stop_ret\x00', r5}, 0x10) close(r4) 2.518919535s ago: executing program 2 (id=422): r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r1, 0x80045017, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) write$snddsp(r2, &(0x7f0000000200)="a38d", 0x2) ioctl$SNDRV_PCM_IOCTL_FORWARD(r2, 0x4122, 0x0) 2.094133163s ago: executing program 3 (id=423): write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) madvise(&(0x7f00004fb000/0x3000)=nil, 0x3000, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xd, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0xba}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$BTRFS_IOC_GET_FEATURES(0xffffffffffffffff, 0x80189439, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x20, 0x20, 0x4, [@var={0x1, 0x0, 0x0, 0xe, 0x3}, @var={0x2, 0x0, 0x0, 0x11, 0x3}]}, {0x0, [0x2e, 0x5f]}}, 0x0, 0x3c}, 0x20) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000080)=0xb4) ioctl$TIOCSTI(r2, 0x5412, &(0x7f00000000c0)=0x17) r3 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000000)) r4 = syz_open_procfs$namespace(0x0, &(0x7f00000003c0)='ns/ipc\x00') dup2(r4, r3) setns(r3, 0x0) 2.091596622s ago: executing program 2 (id=431): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='dctcp\x00', 0x6) r1 = getpid() r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe55}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r3, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000001500)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="d74d4156a221296a665e18aa4c7a0acfd92aa9fb57dbd7cb2c9a9d1cd00b40d432e82bebeb0c176990de4eceb7f41b16a0543f95240979fdcd68b7db60965ca8232034538be7d93df76fead7bddf574c70e3a9724a6614c371b405d4a8126f90990422f978e5e7eb2eb9448d419377df69a9d9635429f06fabcb6655d5dda77848c25b97f87151d9c21709000257580be9edd4f3041fcf2473042c8f55c0aa71ef035f5b89b0d2e4b322ec9787a321450d1c164e8cfaacca90a9773e6b877e38e4237eb5da067a85c2c25a89aeeea93c278cab807f725d6b2077c101c709797a9fa0a0d082797a62", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x0, 0x1}, 0x48) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000180)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r4, 0xc01064c8, &(0x7f00000001c0)={0x42, 0x0, &(0x7f0000000180)}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r4, 0xc02064b9, &(0x7f0000000dc0)={0x0, &(0x7f0000000200), 0x0, r5}) ioctl$DRM_IOCTL_MODE_ATOMIC(r4, 0xc03864bc, &(0x7f0000000840)={0x0, 0x1, &(0x7f00000000c0)=[r5], &(0x7f0000000180), &(0x7f0000000280)=[0x0], &(0x7f0000000040)}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r6, 0xc0045006, &(0x7f0000000100)) r7 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r7, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1}, 0x1c) sendto$inet6(r7, &(0x7f00000001c0)='O', 0x1, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10) 1.671386387s ago: executing program 0 (id=424): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@bloom_filter={0x1e, 0x1, 0x2, 0x2, 0x1901, 0x1, 0x1adf, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x2, 0x3}, 0x48) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) socket$nl_audit(0x10, 0x3, 0x9) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x324) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'}) sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, 0x0}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r3 = userfaultfd(0x1) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000040)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_WRITEPROTECT(r3, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000800000/0x800000)=nil, 0x802000}, 0x2}) ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000400)={&(0x7f0000b36000/0x12000)=nil, &(0x7f0000841000/0x4000)=nil, 0x12000}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$UFFDIO_CONTINUE(r4, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}, 0x1}) syz_io_uring_setup(0x6866, &(0x7f00000003c0)={0x0, 0x0, 0x2000}, &(0x7f0000000080), &(0x7f0000000140)) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) syz_open_procfs$userns(0x0, &(0x7f00000002c0)) userfaultfd(0x80001) 759.046182ms ago: executing program 2 (id=425): syz_open_dev$media(&(0x7f0000000b80), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') write$P9_RLINK(r0, 0x0, 0x0) 586.136395ms ago: executing program 2 (id=426): bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) syz_clone(0x0, &(0x7f0000000080)="09dc1101ed8f10ed6dbfbe1d4e8b5da07fab0a4a1d798981779cbd4dd9fe2b", 0x1f, 0x0, &(0x7f00000001c0), 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080e74000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x9}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x13, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000ba20702500000000002003007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x6c00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r4, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 102.180905ms ago: executing program 2 (id=427): getpid() r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000000)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @mcast2, 0x4}, r1}}, 0x30) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @mcast1}, {0x2, 0x0, 0x4, @empty}, r1}}, 0x48) 0s ago: executing program 1 (id=428): openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) close(r0) openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/power/disk', 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = dup(r4) ioctl$KVM_SET_MSRS(r5, 0x4048aecb, &(0x7f00000000c0)=ANY=[@ANYRES64=r2, @ANYRES64]) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:22754' (ED25519) to the list of known hosts. [ 50.272757][ T5327] cgroup: Unknown subsys name 'net' [ 50.429681][ T5327] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 51.484359][ T5327] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 59.545142][ T66] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 59.549430][ T66] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 59.561893][ T5397] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 59.565942][ T5397] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 59.569657][ T5397] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 59.573340][ T5397] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 59.600067][ T5398] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 59.604311][ T5398] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 59.607962][ T5398] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 59.611583][ T5398] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 59.615077][ T5398] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 59.618186][ T5398] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 59.644383][ T66] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 59.649052][ T66] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 59.654412][ T5397] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 59.656437][ T66] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 59.662192][ T5397] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 59.665713][ T5397] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 59.666666][ T66] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 59.668743][ T5397] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 59.674473][ T66] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 59.684555][ T66] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 59.688109][ T66] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 59.692324][ T66] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 60.073411][ T5394] chnl_net:caif_netlink_parms(): no params data found [ 60.153635][ T5399] chnl_net:caif_netlink_parms(): no params data found [ 60.237262][ T5394] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.240459][ T5394] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.245219][ T5394] bridge_slave_0: entered allmulticast mode [ 60.249078][ T5394] bridge_slave_0: entered promiscuous mode [ 60.316364][ T5394] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.319757][ T5394] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.323237][ T5394] bridge_slave_1: entered allmulticast mode [ 60.327288][ T5394] bridge_slave_1: entered promiscuous mode [ 60.482909][ T5394] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.564024][ T5394] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.592019][ T5399] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.595441][ T5399] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.598446][ T5399] bridge_slave_0: entered allmulticast mode [ 60.602772][ T5399] bridge_slave_0: entered promiscuous mode [ 60.607799][ T5399] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.611215][ T5399] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.614011][ T5399] bridge_slave_1: entered allmulticast mode [ 60.616702][ T5399] bridge_slave_1: entered promiscuous mode [ 60.700045][ T5394] team0: Port device team_slave_0 added [ 60.708128][ T5394] team0: Port device team_slave_1 added [ 60.776062][ T5399] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.779659][ T5402] chnl_net:caif_netlink_parms(): no params data found [ 60.791473][ T5404] chnl_net:caif_netlink_parms(): no params data found [ 60.797212][ T5394] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.799609][ T5394] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.810907][ T5394] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.819978][ T5399] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.879645][ T5399] team0: Port device team_slave_0 added [ 60.888066][ T5399] team0: Port device team_slave_1 added [ 60.891119][ T5394] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.894038][ T5394] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.904112][ T5394] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.050319][ T5399] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.056956][ T5399] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.067403][ T5399] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.073965][ T5399] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.077187][ T5399] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.087842][ T5399] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.174251][ T5394] hsr_slave_0: entered promiscuous mode [ 61.178737][ T5394] hsr_slave_1: entered promiscuous mode [ 61.266982][ T5402] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.270352][ T5402] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.273626][ T5402] bridge_slave_0: entered allmulticast mode [ 61.277065][ T5402] bridge_slave_0: entered promiscuous mode [ 61.314970][ T5399] hsr_slave_0: entered promiscuous mode [ 61.318221][ T5399] hsr_slave_1: entered promiscuous mode [ 61.322438][ T5399] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.325593][ T5399] Cannot create hsr debugfs directory [ 61.354553][ T5402] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.357371][ T5402] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.361800][ T5402] bridge_slave_1: entered allmulticast mode [ 61.367576][ T5402] bridge_slave_1: entered promiscuous mode [ 61.520231][ T5402] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.530453][ T5404] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.534706][ T5404] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.538054][ T5404] bridge_slave_0: entered allmulticast mode [ 61.542018][ T5404] bridge_slave_0: entered promiscuous mode [ 61.556063][ T5402] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.611459][ T5404] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.614561][ T5404] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.617450][ T5404] bridge_slave_1: entered allmulticast mode [ 61.621192][ T5404] bridge_slave_1: entered promiscuous mode [ 61.651792][ T4774] Bluetooth: hci0: command tx timeout [ 61.651816][ T66] Bluetooth: hci1: command tx timeout [ 61.728860][ T5402] team0: Port device team_slave_0 added [ 61.731103][ T4774] Bluetooth: hci3: command tx timeout [ 61.733096][ T5402] team0: Port device team_slave_1 added [ 61.741514][ T4774] Bluetooth: hci2: command tx timeout [ 61.799398][ T5404] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.806334][ T5404] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.825380][ T5402] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.828299][ T5402] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.839293][ T5402] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.915093][ T5402] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.918270][ T5402] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.929454][ T5402] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.947603][ T5404] team0: Port device team_slave_0 added [ 62.042017][ T5404] team0: Port device team_slave_1 added [ 62.210151][ T5404] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.213397][ T5404] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.224936][ T5404] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.248460][ T5402] hsr_slave_0: entered promiscuous mode [ 62.252989][ T5402] hsr_slave_1: entered promiscuous mode [ 62.256125][ T5402] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.259858][ T5402] Cannot create hsr debugfs directory [ 62.287268][ T5404] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.289939][ T5404] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.302655][ T5404] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.454566][ T5404] hsr_slave_0: entered promiscuous mode [ 62.457819][ T5404] hsr_slave_1: entered promiscuous mode [ 62.461264][ T5404] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.464622][ T5404] Cannot create hsr debugfs directory [ 62.535209][ T5394] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 62.545650][ T5394] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 62.554702][ T5394] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 62.606628][ T5394] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 62.674706][ T5399] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 62.721430][ T5399] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 62.745390][ T5399] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 62.767135][ T5399] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 62.798612][ T5402] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 62.806436][ T5402] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 62.836635][ T5402] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 62.843733][ T5402] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 62.883920][ T5404] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 62.892896][ T5404] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 62.899431][ T5404] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 62.909498][ T5404] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 63.042473][ T5394] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.051384][ T5399] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.097731][ T5394] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.113911][ T5399] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.121511][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.124493][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.142229][ T831] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.145109][ T831] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.179964][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.183057][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.189190][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.192437][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.208617][ T5402] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.239810][ T5404] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.283312][ T5402] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.310600][ T5399] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 63.335112][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.338177][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.346351][ T5404] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.360198][ T5436] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.363668][ T5436] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.368589][ T5436] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.371788][ T5436] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.407357][ T5441] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.409831][ T5441] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.447185][ T5402] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 63.505766][ T5404] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 63.534844][ T5394] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.593880][ T5399] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.615801][ T5394] veth0_vlan: entered promiscuous mode [ 63.632952][ T5394] veth1_vlan: entered promiscuous mode [ 63.684875][ T5399] veth0_vlan: entered promiscuous mode [ 63.703644][ T5399] veth1_vlan: entered promiscuous mode [ 63.714626][ T5394] veth0_macvtap: entered promiscuous mode [ 63.725949][ T5402] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.731328][ T4774] Bluetooth: hci0: command tx timeout [ 63.738626][ T4774] Bluetooth: hci1: command tx timeout [ 63.742285][ T5394] veth1_macvtap: entered promiscuous mode [ 63.772649][ T5399] veth0_macvtap: entered promiscuous mode [ 63.784152][ T5399] veth1_macvtap: entered promiscuous mode [ 63.789695][ T5394] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.800517][ T5394] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.811862][ T4774] Bluetooth: hci2: command tx timeout [ 63.814291][ T4774] Bluetooth: hci3: command tx timeout [ 63.826803][ T5394] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.830544][ T5394] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.834528][ T5394] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.838277][ T5394] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.855445][ T5404] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.873438][ T5402] veth0_vlan: entered promiscuous mode [ 63.966576][ T5399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.970670][ T5399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.975346][ T5399] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.985972][ T5402] veth1_vlan: entered promiscuous mode [ 63.991506][ T5399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.996980][ T5399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.005396][ T5399] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.034272][ T5399] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.037258][ T5399] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.040254][ T5399] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.043276][ T5399] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.064987][ T5404] veth0_vlan: entered promiscuous mode [ 64.106610][ T5404] veth1_vlan: entered promiscuous mode [ 64.133460][ T73] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.141230][ T73] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.170220][ T5404] veth0_macvtap: entered promiscuous mode [ 64.238415][ T5402] veth0_macvtap: entered promiscuous mode [ 64.246062][ T5404] veth1_macvtap: entered promiscuous mode [ 64.268519][ T1101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.272045][ T1101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.310372][ T5402] veth1_macvtap: entered promiscuous mode [ 64.363260][ T1101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.366989][ T1101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.399768][ T5402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.404282][ T5402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.409175][ T5402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.418106][ T5402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.428863][ T5402] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.448265][ T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.456720][ T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.471762][ T5404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.475740][ T5404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.479456][ T5404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.486261][ T5404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.490291][ T5404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.494928][ T5404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.500637][ T5404] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.512717][ T5404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.516828][ T5404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.520689][ T5404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.526220][ T5404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.532151][ T5404] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.542849][ T5402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.547259][ T5402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.552255][ T5402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.557384][ T5402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.562863][ T5402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.567460][ T5402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.579625][ T5402] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.590413][ T5404] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.596885][ T5404] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.601223][ T5404] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.605349][ T5404] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.619550][ T5402] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.626089][ T5402] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.632085][ T5402] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.635833][ T5402] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.709759][ T5458] netlink: 'syz.0.36': attribute type 11 has an invalid length. [ 64.776106][ T5457] netlink: 24 bytes leftover after parsing attributes in process `syz.1.37'. [ 64.785126][ T73] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.811011][ T73] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.847779][ T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.857023][ T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.918090][ T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.932427][ T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.948492][ T73] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.953517][ T73] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.138670][ T5473] sg_write: data in/out 768/1 bytes for SCSI command 0x0-- guessing data in; [ 65.138670][ T5473] program syz.3.39 not setting count and/or reply_len properly [ 65.265114][ T831] IPVS: starting estimator thread 0... [ 65.421601][ T5476] IPVS: using max 24 ests per chain, 57600 per kthread [ 65.763036][ T5491] netlink: 8 bytes leftover after parsing attributes in process `syz.1.48'. [ 65.811650][ T66] Bluetooth: hci1: command tx timeout [ 65.814076][ T66] Bluetooth: hci0: command tx timeout [ 65.891030][ T4774] Bluetooth: hci3: command tx timeout [ 65.914375][ T66] Bluetooth: hci2: command tx timeout [ 65.962725][ T5497] usb usb8: usbfs: interface 0 claimed by hub while 'syz.1.51' sets config #1 [ 67.032806][ T5532] netlink: 8 bytes leftover after parsing attributes in process `syz.2.66'. [ 67.172884][ C2] vkms_vblank_simulate: vblank timer overrun [ 67.251969][ T5535] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 67.301606][ T5540] Bluetooth: MGMT ver 1.23 [ 67.439156][ T5546] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 67.445039][ T5546] overlayfs: failed to set xattr on upper [ 67.447812][ T5546] overlayfs: ...falling back to redirect_dir=nofollow. [ 67.462836][ T5546] overlayfs: ...falling back to index=off. [ 67.480297][ T5546] overlayfs: ...falling back to uuid=null. [ 67.531116][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 67.771766][ T5556] evm: overlay not supported [ 67.813792][ T39] audit: type=1800 audit(1723067143.961:2): pid=5556 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.77" name="file2" dev="overlay" ino=102 res=0 errno=0 [ 67.891245][ T4774] Bluetooth: hci0: command tx timeout [ 67.896674][ T66] Bluetooth: hci1: command tx timeout [ 67.970977][ T66] Bluetooth: hci2: command tx timeout [ 67.973291][ T4774] Bluetooth: hci3: command tx timeout [ 67.977683][ T5566] ata1.00: invalid command format 189 [ 68.929657][ T5586] netlink: 4 bytes leftover after parsing attributes in process `syz.2.89'. [ 68.992820][ T5586] netlink: 12 bytes leftover after parsing attributes in process `syz.2.89'. [ 69.225055][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 69.390936][ T35] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 69.391881][ C2] vkms_vblank_simulate: vblank timer overrun [ 69.424930][ C2] vkms_vblank_simulate: vblank timer overrun [ 69.568556][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 69.652334][ T35] usb 6-1: Using ep0 maxpacket: 32 [ 69.691452][ T35] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 16029, setting to 1024 [ 69.691517][ T0] NOHZ tick-stop error: local softirq work is pending, handler #280!!! [ 69.696939][ T35] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 69.747843][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 69.751946][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 69.770868][ T35] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 69.775022][ T35] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 69.785060][ T35] usb 6-1: Product: syz [ 69.787182][ T35] usb 6-1: Manufacturer: syz [ 69.803212][ T35] usb 6-1: SerialNumber: syz [ 69.815563][ T5596] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 69.981041][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 70.159557][ T35] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 70.202185][ T5459] syz.1.37 (5459) used greatest stack depth: 20768 bytes left [ 70.365777][ C3] usblp0: nonzero write bulk status received: -71 [ 70.380729][ T35] usb 6-1: USB disconnect, device number 2 [ 70.396524][ T35] usblp0: removed [ 70.920314][ C2] vkms_vblank_simulate: vblank timer overrun [ 71.005883][ T5623] netlink: 160 bytes leftover after parsing attributes in process `syz.2.101'. [ 71.070731][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 71.119202][ T5625] netlink: 4 bytes leftover after parsing attributes in process `syz.1.102'. [ 71.229370][ T39] audit: type=1326 audit(1723067147.371:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5626 comm="syz.0.103" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf746e579 code=0x7fc00000 [ 71.290410][ T5635] netlink: 8 bytes leftover after parsing attributes in process `syz.1.107'. [ 71.338251][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 71.371282][ T39] audit: type=1326 audit(1723067147.521:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5626 comm="syz.0.103" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf746e579 code=0x7fc00000 [ 71.432138][ T5633] ucma_write: process 49 (syz.0.103) changed security contexts after opening file descriptor, this is not allowed. [ 71.615455][ T39] audit: type=1804 audit(1723067147.761:5): pid=5646 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.111" name="/newroot/26/file0/bus" dev="ramfs" ino=9035 res=1 errno=0 [ 71.671853][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 71.731943][ T39] audit: type=1800 audit(1723067147.881:6): pid=5646 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.111" name="bus" dev="ramfs" ino=9035 res=0 errno=0 [ 71.794391][ T39] audit: type=1800 audit(1723067147.931:7): pid=5652 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.113" name="file2" dev="overlay" ino=136 res=0 errno=0 [ 71.928895][ T39] audit: type=1326 audit(1723067148.071:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5626 comm="syz.0.103" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf746e579 code=0x7fc00000 [ 71.948512][ T5654] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 71.953556][ T5654] overlayfs: failed to set xattr on upper [ 71.960897][ T5654] overlayfs: ...falling back to redirect_dir=nofollow. [ 71.964184][ T5654] overlayfs: ...falling back to index=off. [ 71.966969][ T5654] overlayfs: ...falling back to uuid=null. [ 72.020398][ T5656] netlink: 8 bytes leftover after parsing attributes in process `syz.1.115'. [ 73.718904][ T39] audit: type=1326 audit(1723067149.861:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5682 comm="syz.1.124" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x0 [ 73.757523][ T39] audit: type=1800 audit(1723067149.901:10): pid=5681 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.122" name="file2" dev="overlay" ino=77 res=0 errno=0 [ 73.809998][ T5688] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 73.820850][ T5688] overlayfs: failed to set xattr on upper [ 73.824206][ T5688] overlayfs: ...falling back to redirect_dir=nofollow. [ 73.827696][ T5688] overlayfs: ...falling back to index=off. [ 73.835830][ T5688] overlayfs: ...falling back to uuid=null. [ 74.080549][ T5692] netlink: 8 bytes leftover after parsing attributes in process `syz.3.128'. [ 74.723636][ T5716] program syz.0.136 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 74.940902][ T35] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 75.141992][ T35] usb 7-1: Using ep0 maxpacket: 8 [ 75.149965][ T35] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 75.155763][ T35] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 75.160361][ T35] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 75.165328][ T35] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 75.176090][ T35] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 75.182926][ T35] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.500942][ T35] usb 7-1: GET_CAPABILITIES returned 0 [ 75.509092][ T35] usbtmc 7-1:16.0: can't read capabilities [ 75.892791][ T1426] usb 7-1: USB disconnect, device number 2 [ 76.309673][ T1374] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.313917][ T1374] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.618211][ T5729] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 76.666205][ T39] audit: type=1326 audit(1723067152.811:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5724 comm="syz.2.142" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f36579 code=0x7fc00000 [ 76.737270][ T1101] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.747895][ T39] audit: type=1326 audit(1723067152.901:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5724 comm="syz.2.142" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f36579 code=0x7fc00000 [ 76.837597][ T1101] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.994599][ T1101] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.089633][ T1101] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.107455][ T66] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.113579][ T66] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 77.118180][ T66] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.122470][ T66] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.142555][ T66] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 77.147708][ T66] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.264796][ T1101] bridge_slave_1: left allmulticast mode [ 77.268195][ T1101] bridge_slave_1: left promiscuous mode [ 77.271950][ T1101] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.289322][ T1101] bridge_slave_0: left allmulticast mode [ 77.292658][ T1101] bridge_slave_0: left promiscuous mode [ 77.295593][ T1101] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.403757][ T39] audit: type=1326 audit(1723067153.551:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5724 comm="syz.2.142" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f36579 code=0x7fc00000 [ 77.424152][ T39] audit: type=1326 audit(1723067153.551:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5724 comm="syz.2.142" exe="/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf7f36579 code=0x7fc00000 [ 77.434821][ T39] audit: type=1326 audit(1723067153.551:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5724 comm="syz.2.142" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f36579 code=0x7fc00000 [ 77.469911][ T39] audit: type=1326 audit(1723067153.551:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5724 comm="syz.2.142" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f36579 code=0x7fc00000 [ 77.479089][ T39] audit: type=1326 audit(1723067153.551:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5724 comm="syz.2.142" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f36579 code=0x7fc00000 [ 77.500959][ T39] audit: type=1326 audit(1723067153.551:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5724 comm="syz.2.142" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f36579 code=0x7fc00000 [ 77.641274][ T5750] netlink: 24 bytes leftover after parsing attributes in process `syz.0.152'. [ 77.723712][ T1101] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 77.735313][ T1101] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 77.746947][ T1101] bond0 (unregistering): Released all slaves [ 77.845525][ T5746] netlink: 4 bytes leftover after parsing attributes in process `syz.3.150'. [ 77.851713][ T5752] netlink: 12 bytes leftover after parsing attributes in process `syz.3.150'. [ 77.962165][ T5756] netlink: 8 bytes leftover after parsing attributes in process `syz.0.153'. [ 78.087428][ T5766] block nbd2: shutting down sockets [ 78.188119][ T5770] sg_write: data in/out 768/1 bytes for SCSI command 0x0-- guessing data in; [ 78.188119][ T5770] program syz.0.158 not setting count and/or reply_len properly [ 78.323505][ T10] IPVS: starting estimator thread 0... [ 78.326070][ T1101] hsr_slave_0: left promiscuous mode [ 78.340118][ T1101] hsr_slave_1: left promiscuous mode [ 78.346552][ T1101] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 78.349581][ T1101] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 78.358004][ T1101] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 78.362244][ T1101] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 78.407536][ T1101] veth1_macvtap: left promiscuous mode [ 78.410667][ T1101] veth0_macvtap: left promiscuous mode [ 78.419014][ T1101] veth1_vlan: left promiscuous mode [ 78.421506][ T5777] IPVS: using max 16 ests per chain, 38400 per kthread [ 78.429529][ T1101] veth0_vlan: left promiscuous mode [ 78.571894][ T5787] fuse: Bad value for 'fd' [ 79.115469][ T39] kauditd_printk_skb: 36 callbacks suppressed [ 79.115485][ T39] audit: type=1326 audit(1723067155.261:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5774 comm="syz.3.159" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7fc00000 [ 79.261503][ T66] Bluetooth: hci1: command tx timeout [ 79.610095][ T5796] netlink: 24 bytes leftover after parsing attributes in process `syz.3.162'. [ 80.022420][ T66] Bluetooth: hci3: unexpected event 0x01 length: 4 > 1 [ 80.086287][ T5799] syz.3.163 uses obsolete (PF_INET,SOCK_PACKET) [ 80.211764][ T5807] netlink: 4 bytes leftover after parsing attributes in process `syz.3.163'. [ 80.485046][ T1101] team0 (unregistering): Port device team_slave_1 removed [ 80.560157][ T1101] team0 (unregistering): Port device team_slave_0 removed [ 81.344291][ T66] Bluetooth: hci1: command tx timeout [ 81.455226][ T2786] cfg80211: failed to load regulatory.db [ 81.588527][ T5813] netlink: 8 bytes leftover after parsing attributes in process `syz.0.166'. [ 81.605613][ T5738] chnl_net:caif_netlink_parms(): no params data found [ 82.144499][ T5738] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.160052][ T5738] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.182399][ T5738] bridge_slave_0: entered allmulticast mode [ 82.187976][ T5738] bridge_slave_0: entered promiscuous mode [ 82.204603][ T5738] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.207989][ T5738] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.216198][ T5738] bridge_slave_1: entered allmulticast mode [ 82.225532][ T5738] bridge_slave_1: entered promiscuous mode [ 82.498074][ T5738] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.524947][ T5843] No control pipe specified [ 82.539046][ T5738] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.786372][ T5738] team0: Port device team_slave_0 added [ 82.794784][ T5853] netlink: 'syz.2.175': attribute type 32 has an invalid length. [ 82.798022][ T5853] netlink: 8 bytes leftover after parsing attributes in process `syz.2.175'. [ 82.802367][ T5853] (unnamed net_device) (uninitialized): Setting coupled_control to off (0) [ 82.858465][ T5738] team0: Port device team_slave_1 added [ 83.037325][ T5738] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.064734][ T5738] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.086024][ T5738] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.094593][ T5738] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.103778][ T5738] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.158020][ T5738] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.399327][ T5738] hsr_slave_0: entered promiscuous mode [ 83.422246][ T66] Bluetooth: hci1: command tx timeout [ 83.461283][ T5738] hsr_slave_1: entered promiscuous mode [ 83.480715][ T5738] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 83.485937][ T5738] Cannot create hsr debugfs directory [ 84.435680][ T5738] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 84.445001][ T5738] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 84.452519][ T5738] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 84.464039][ T5738] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 84.546044][ T5738] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.565122][ T5738] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.582418][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.585661][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.597017][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.600123][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.819272][ T5738] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.890025][ T5738] veth0_vlan: entered promiscuous mode [ 84.907829][ T5738] veth1_vlan: entered promiscuous mode [ 84.968569][ T5738] veth0_macvtap: entered promiscuous mode [ 84.976282][ T5738] veth1_macvtap: entered promiscuous mode [ 84.990518][ T5738] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.998897][ T5738] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.007575][ T5738] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.012661][ T5738] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.017465][ T5738] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.022728][ T5738] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.032995][ T5738] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.044499][ T5738] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.049471][ T5738] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.055280][ T5738] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.059682][ T5738] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.064558][ T5738] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.069250][ T5738] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.076415][ T5738] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.085758][ T5738] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.089496][ T5738] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.093291][ T5738] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.096891][ T5738] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.167920][ T1105] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.180817][ T1105] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.215252][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.219327][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.491033][ T66] Bluetooth: hci1: command tx timeout [ 85.879404][ T5912] netlink: 4 bytes leftover after parsing attributes in process `syz.2.181'. [ 85.931819][ T39] audit: type=1800 audit(1723067162.081:56): pid=5915 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.179" name="file2" dev="overlay" ino=245 res=0 errno=0 [ 86.121962][ T5923] block nbd0: shutting down sockets [ 86.150705][ T5919] netlink: 8 bytes leftover after parsing attributes in process `syz.2.184'. [ 86.246576][ T5928] netlink: 'syz.3.189': attribute type 2 has an invalid length. [ 86.331238][ T5928] hub 1-0:1.0: USB hub found [ 86.335213][ T5928] hub 1-0:1.0: 2 ports detected [ 86.485254][ T2786] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 86.607582][ T5932] No control pipe specified [ 86.670964][ T2786] usb 5-1: Using ep0 maxpacket: 32 [ 86.675817][ T2786] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 16029, setting to 1024 [ 86.680257][ T2786] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 86.706642][ T2786] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 86.718930][ T2786] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.723685][ T2786] usb 5-1: Product: syz [ 86.729068][ T2786] usb 5-1: Manufacturer: syz [ 86.731417][ T2786] usb 5-1: SerialNumber: syz [ 86.737436][ T5926] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 87.022291][ T2786] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 87.220543][ C2] usblp0: nonzero write bulk status received: -71 [ 87.263665][ T2786] usb 5-1: USB disconnect, device number 2 [ 87.271262][ T2786] usblp0: removed [ 87.367713][ T39] audit: type=1800 audit(1723067163.511:57): pid=5941 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.193" name="file2" dev="overlay" ino=49 res=0 errno=0 [ 87.518701][ T5945] netlink: 4 bytes leftover after parsing attributes in process `syz.3.195'. [ 87.923260][ T5962] netlink: 8 bytes leftover after parsing attributes in process `syz.3.199'. [ 88.175428][ T5976] netlink: 24 bytes leftover after parsing attributes in process `syz.3.208'. [ 88.179315][ T5976] netlink: 24 bytes leftover after parsing attributes in process `syz.3.208'. [ 88.339341][ T5977] netlink: 4 bytes leftover after parsing attributes in process `syz.0.200'. [ 88.348367][ T5977] netlink: 12 bytes leftover after parsing attributes in process `syz.0.200'. [ 89.240903][ T5434] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 89.261052][ T1426] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 89.437918][ T5434] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 89.440879][ T1426] usb 7-1: Using ep0 maxpacket: 32 [ 89.446289][ T5434] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 89.446736][ T1426] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 16029, setting to 1024 [ 89.450439][ T5434] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 89.455241][ T1426] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 89.466211][ T1426] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 89.470261][ T1426] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.470872][ T5434] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 89.480836][ T1426] usb 7-1: Product: syz [ 89.481309][ T5434] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 89.482850][ T1426] usb 7-1: Manufacturer: syz [ 89.486965][ T5434] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 89.488999][ T1426] usb 7-1: SerialNumber: syz [ 89.493207][ T5434] usb 8-1: Manufacturer: syz [ 89.498523][ T5986] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 89.501705][ T5434] usb 8-1: config 0 descriptor?? [ 89.734107][ T1426] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 89.922472][ T5434] appleir 0003:05AC:8243.0002: unknown main item tag 0x0 [ 89.928205][ T5434] appleir 0003:05AC:8243.0002: No inputs registered, leaving [ 89.939633][ C0] usblp0: nonzero write bulk status received: -71 [ 89.941136][ T5434] appleir 0003:05AC:8243.0002: hiddev1,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 89.947530][ T1426] usb 7-1: USB disconnect, device number 3 [ 89.959986][ T1426] usblp0: removed [ 90.093041][ T5996] netlink: 8 bytes leftover after parsing attributes in process `syz.1.215'. [ 90.582227][ T66] Bluetooth: hci2: unexpected event 0x01 length: 4 > 1 [ 90.633108][ T6009] netlink: 4 bytes leftover after parsing attributes in process `syz.2.218'. [ 91.094903][ T39] audit: type=1326 audit(1723067167.241:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6012 comm="syz.2.227" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f36579 code=0x0 [ 91.473779][ T6015] netlink: 4 bytes leftover after parsing attributes in process `syz.1.219'. [ 91.498164][ T6015] netlink: 12 bytes leftover after parsing attributes in process `syz.1.219'. [ 91.978547][ T58] usb 8-1: USB disconnect, device number 2 [ 92.299177][ T39] audit: type=1326 audit(1723067168.441:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6019 comm="syz.1.220" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7fc00000 [ 92.345944][ T66] Bluetooth: hci0: unexpected event 0x01 length: 4 > 1 [ 92.379906][ T39] audit: type=1326 audit(1723067168.521:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6019 comm="syz.1.220" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf749e579 code=0x7fc00000 [ 92.381689][ T6024] netlink: 4 bytes leftover after parsing attributes in process `syz.0.229'. [ 92.790970][ T25] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 92.831016][ T6041] xt_CT: You must specify a L4 protocol and not use inversions on it [ 92.980952][ T25] usb 8-1: Using ep0 maxpacket: 32 [ 92.987438][ T25] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 93.011394][ T25] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 93.047601][ T25] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 93.054651][ T39] audit: type=1326 audit(1723067169.201:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6019 comm="syz.1.220" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7fc00000 [ 93.060827][ T25] usb 8-1: Product: syz [ 93.066170][ T25] usb 8-1: Manufacturer: syz [ 93.068200][ T25] usb 8-1: SerialNumber: syz [ 93.080172][ T25] usb 8-1: config 0 descriptor?? [ 93.083631][ T6034] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 93.296138][ T25] usb 8-1: USB disconnect, device number 3 [ 94.216643][ T6050] netlink: 4 bytes leftover after parsing attributes in process `syz.3.233'. [ 94.265865][ T6050] netlink: 'syz.3.233': attribute type 1 has an invalid length. [ 94.269708][ T6050] netlink: 224 bytes leftover after parsing attributes in process `syz.3.233'. [ 94.385861][ T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.490543][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.577849][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.656434][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.791057][ T13] bridge_slave_1: left allmulticast mode [ 94.793651][ T13] bridge_slave_1: left promiscuous mode [ 94.796186][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.805918][ T13] bridge_slave_0: left allmulticast mode [ 94.808470][ T13] bridge_slave_0: left promiscuous mode [ 94.811570][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.130346][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 95.137900][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 95.163333][ T13] bond0 (unregistering): Released all slaves [ 95.173119][ T13] bond1 (unregistering): Released all slaves [ 95.522707][ T13] hsr_slave_0: left promiscuous mode [ 95.526150][ T13] hsr_slave_1: left promiscuous mode [ 95.529436][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 95.533030][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 95.537509][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 95.540706][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 95.584949][ T13] veth1_macvtap: left promiscuous mode [ 95.587693][ T13] veth0_macvtap: left promiscuous mode [ 95.589922][ T13] veth1_vlan: left promiscuous mode [ 95.592732][ T13] veth0_vlan: left promiscuous mode [ 96.017021][ T6079] Zero length message leads to an empty skb [ 96.062103][ T39] audit: type=1326 audit(1723067172.191:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6074 comm="syz.3.238" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7fc00000 [ 96.107645][ T4774] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 96.113363][ T4774] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 96.124375][ T4774] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 96.130547][ T4774] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 96.138049][ T39] audit: type=1326 audit(1723067172.281:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6074 comm="syz.3.238" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf742e579 code=0x7fc00000 [ 96.139506][ T4774] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 96.151365][ T4774] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 96.683620][ T13] team0 (unregistering): Port device team_slave_1 removed [ 96.766319][ T39] audit: type=1326 audit(1723067172.911:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6074 comm="syz.3.238" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7fc00000 [ 96.914625][ T13] team0 (unregistering): Port device team_slave_0 removed [ 97.332247][ C3] vkms_vblank_simulate: vblank timer overrun [ 97.696577][ T6077] netlink: 4 bytes leftover after parsing attributes in process `syz.0.235'. [ 98.211272][ T4774] Bluetooth: hci2: command tx timeout [ 98.290126][ T6082] chnl_net:caif_netlink_parms(): no params data found [ 98.540222][ T4774] Bluetooth: hci1: unexpected event 0x01 length: 4 > 1 [ 98.699921][ T6118] netlink: 4 bytes leftover after parsing attributes in process `syz.1.245'. [ 98.829188][ T6082] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.841933][ T6082] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.845593][ T6082] bridge_slave_0: entered allmulticast mode [ 98.862473][ T6082] bridge_slave_0: entered promiscuous mode [ 98.961668][ T6082] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.964753][ T6082] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.967888][ T6082] bridge_slave_1: entered allmulticast mode [ 98.973352][ T6082] bridge_slave_1: entered promiscuous mode [ 99.036350][ T6082] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.046008][ T6082] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.193197][ T6082] team0: Port device team_slave_0 added [ 99.222359][ T6082] team0: Port device team_slave_1 added [ 99.278200][ T6134] xt_CT: You must specify a L4 protocol and not use inversions on it [ 99.321769][ T6082] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.325229][ T6082] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.338719][ T6136] netlink: 4 bytes leftover after parsing attributes in process `syz.3.249'. [ 99.349977][ T6082] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.371786][ T6082] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.383848][ T6082] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.395879][ T6082] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.623284][ T6143] netlink: 4 bytes leftover after parsing attributes in process `syz.0.250'. [ 99.648767][ T6082] hsr_slave_0: entered promiscuous mode [ 99.657638][ T6082] hsr_slave_1: entered promiscuous mode [ 99.664885][ T6082] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.668382][ T6082] Cannot create hsr debugfs directory [ 100.093353][ T6152] mmap: syz.0.253 (6152) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 100.300928][ T4774] Bluetooth: hci2: command tx timeout [ 101.023441][ T6082] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 101.049080][ T6082] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 101.073334][ T6082] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 101.081459][ T6082] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 102.371066][ T4774] Bluetooth: hci2: command tx timeout [ 102.427112][ T4774] Bluetooth: hci1: unexpected event 0x01 length: 4 > 1 [ 102.543441][ T6190] netlink: 4 bytes leftover after parsing attributes in process `syz.1.256'. [ 103.538092][ T6082] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.567204][ T6082] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.576466][ T831] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.579485][ T831] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.606395][ T831] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.609929][ T831] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.962736][ T6082] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.006625][ T6082] veth0_vlan: entered promiscuous mode [ 104.017085][ T6082] veth1_vlan: entered promiscuous mode [ 104.070609][ T6082] veth0_macvtap: entered promiscuous mode [ 104.089685][ T6082] veth1_macvtap: entered promiscuous mode [ 104.109925][ T6082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.131280][ T6082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.135457][ T6082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.139886][ T6082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.145972][ T6082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.150558][ T6082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.163283][ T6082] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.180079][ T6082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 104.190887][ T6082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.195207][ T6082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 104.210201][ T6082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.214784][ T6082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 104.219293][ T6082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.233501][ T6082] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.243473][ T6082] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.247017][ T6082] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.250467][ T6082] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.280890][ T6082] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.375720][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.379109][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.415866][ T1101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.419410][ T1101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.452786][ T4774] Bluetooth: hci2: command tx timeout [ 104.638394][ T6243] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 104.650962][ T6243] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 104.703551][ T6240] netlink: 8 bytes leftover after parsing attributes in process `syz.2.237'. [ 105.344055][ T6267] syz.2.271: attempt to access beyond end of device [ 105.344055][ T6267] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 105.350248][ T6267] SQUASHFS error: Failed to read block 0x0: -5 [ 105.396637][ T6267] unable to read squashfs_super_block [ 105.476892][ T6266] program syz.1.270 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 105.579672][ T6276] netlink: 'syz.0.273': attribute type 10 has an invalid length. [ 105.590693][ T6276] netlink: 55 bytes leftover after parsing attributes in process `syz.0.273'. [ 107.118342][ T6287] No control pipe specified [ 107.231039][ T6289] netlink: 'syz.3.277': attribute type 1 has an invalid length. [ 107.234832][ T6289] netlink: 9352 bytes leftover after parsing attributes in process `syz.3.277'. [ 107.239900][ T6289] netlink: 'syz.3.277': attribute type 1 has an invalid length. [ 107.244972][ T6289] netlink: 'syz.3.277': attribute type 2 has an invalid length. [ 107.248424][ T6289] netlink: 4 bytes leftover after parsing attributes in process `syz.3.277'. [ 107.628908][ T39] audit: type=1326 audit(1723067183.771:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6292 comm="syz.0.279" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf746e579 code=0x0 [ 107.637556][ T5470] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 107.820851][ T5470] usb 8-1: Using ep0 maxpacket: 8 [ 107.825855][ T5470] usb 8-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 107.830709][ T5470] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 107.836204][ T5470] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 239, changing to 11 [ 107.842182][ T5470] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 9059, setting to 1024 [ 107.847346][ T5470] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 107.857349][ T5470] usb 8-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 107.862127][ T5470] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.865226][ T5470] usb 8-1: Product: syz [ 107.867967][ T5470] usb 8-1: Manufacturer: syz [ 107.869951][ T5470] usb 8-1: SerialNumber: syz [ 107.878129][ T5470] usb 8-1: config 0 descriptor?? [ 107.889208][ T5470] input: KB Gear Tablet as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input5 [ 107.924616][ C3] kbtab 8-1:0.0: kbtab_irq - usb_submit_urb failed with result -1 [ 108.011871][ C3] kbtab 8-1:0.0: kbtab_irq - usb_submit_urb failed with result -1 [ 108.092386][ T2786] usb 8-1: USB disconnect, device number 4 [ 108.512282][ T6299] netlink: 4 bytes leftover after parsing attributes in process `syz.1.280'. [ 108.775157][ T4774] Bluetooth: hci3: unexpected event 0x01 length: 4 > 1 [ 108.845572][ T6303] netlink: 4 bytes leftover after parsing attributes in process `syz.3.282'. [ 109.232017][ T6312] netlink: 4 bytes leftover after parsing attributes in process `syz.2.284'. [ 109.240561][ T6312] netlink: 12 bytes leftover after parsing attributes in process `syz.2.284'. [ 109.616146][ T6321] syzkaller0: entered promiscuous mode [ 109.618925][ T6321] syzkaller0: entered allmulticast mode [ 109.622839][ T6322] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 109.625030][ T6322] syzkaller0: Linktype set failed because interface is up [ 109.630851][ T64] syzkaller0: tun_net_xmit 48 [ 110.768806][ T39] audit: type=1326 audit(1723067186.911:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6330 comm="syz.1.291" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf749e579 code=0x0 [ 111.737587][ T4774] Bluetooth: hci1: unexpected event 0x01 length: 4 > 1 [ 111.829467][ T6338] netlink: 4 bytes leftover after parsing attributes in process `syz.1.294'. [ 112.082677][ T73] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.157177][ T73] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.242260][ T73] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.303114][ T73] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.434845][ T73] bridge_slave_1: left allmulticast mode [ 112.437068][ T73] bridge_slave_1: left promiscuous mode [ 112.439965][ T73] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.451543][ T73] bridge_slave_0: left allmulticast mode [ 112.454271][ T73] bridge_slave_0: left promiscuous mode [ 112.456769][ T73] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.627300][ T4774] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 112.631384][ T4774] Bluetooth: hci2: Injecting HCI hardware error event [ 112.635271][ T4774] Bluetooth: hci2: hardware error 0x00 [ 112.909238][ T73] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 112.921409][ T73] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 112.938679][ T73] bond0 (unregistering): Released all slaves [ 113.327656][ T73] hsr_slave_0: left promiscuous mode [ 113.332653][ T73] hsr_slave_1: left promiscuous mode [ 113.336499][ T73] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 113.341553][ T73] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 113.346561][ T73] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 113.350179][ T73] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 113.406747][ T73] veth1_macvtap: left promiscuous mode [ 113.413131][ T73] veth0_macvtap: left promiscuous mode [ 113.415881][ T73] veth1_vlan: left promiscuous mode [ 113.418461][ T73] veth0_vlan: left promiscuous mode [ 113.583884][ T6356] No control pipe specified [ 113.689085][ T5398] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 113.708856][ T5398] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 113.716919][ T5398] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 113.736625][ T5398] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 113.746637][ T5398] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 113.756717][ T111] EXT4-fs warning (device sda1): es_reclaim_extents:1827: forced shrink of precached extents [ 113.775274][ T5398] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 114.316288][ T111] EXT4-fs warning (device sda1): es_reclaim_extents:1827: forced shrink of precached extents [ 114.476084][ C3] vkms_vblank_simulate: vblank timer overrun [ 114.702003][ T4774] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 114.821501][ T73] team0 (unregistering): Port device team_slave_1 removed [ 114.908240][ T73] team0 (unregistering): Port device team_slave_0 removed [ 115.624211][ T39] audit: type=1326 audit(1723067191.771:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6375 comm="syz.1.301" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7fc00000 [ 115.707873][ T39] audit: type=1326 audit(1723067191.851:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6375 comm="syz.1.301" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf749e579 code=0x7fc00000 [ 115.901929][ T4774] Bluetooth: hci0: command tx timeout [ 116.154926][ T6358] chnl_net:caif_netlink_parms(): no params data found [ 116.393055][ T39] audit: type=1326 audit(1723067192.541:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6375 comm="syz.1.301" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7fc00000 [ 116.511035][ T6358] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.514266][ T6358] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.518695][ T6358] bridge_slave_0: entered allmulticast mode [ 116.522583][ T6358] bridge_slave_0: entered promiscuous mode [ 116.527805][ T6358] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.531524][ T6358] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.534869][ T6358] bridge_slave_1: entered allmulticast mode [ 116.538340][ T6358] bridge_slave_1: entered promiscuous mode [ 116.666570][ T73] IPVS: stop unused estimator thread 0... [ 116.742750][ T6358] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 116.766932][ T6358] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 116.851028][ T6358] team0: Port device team_slave_0 added [ 116.856644][ T6358] team0: Port device team_slave_1 added [ 116.933897][ T6358] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 116.937068][ T6358] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.950285][ T6358] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 116.974953][ T6358] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 116.977991][ T6358] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.994640][ T6358] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 117.090084][ T6358] hsr_slave_0: entered promiscuous mode [ 117.095987][ T6358] hsr_slave_1: entered promiscuous mode [ 117.356921][ T4774] Bluetooth: hci1: unexpected event 0x01 length: 4 > 1 [ 117.467643][ T6419] netlink: 4 bytes leftover after parsing attributes in process `syz.1.309'. [ 117.470912][ T10] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 117.684638][ T10] usb 8-1: Using ep0 maxpacket: 32 [ 117.691494][ T10] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 16029, setting to 1024 [ 117.698124][ T10] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 117.708878][ T10] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 117.714631][ T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.718277][ T10] usb 8-1: Product: syz [ 117.720208][ T10] usb 8-1: Manufacturer: syz [ 117.724824][ T10] usb 8-1: SerialNumber: syz [ 117.731222][ T6412] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 117.963015][ T10] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 117.965493][ T6358] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 117.983324][ T4774] Bluetooth: hci0: command tx timeout [ 117.995280][ T6358] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 118.000947][ T6358] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 118.014651][ T6358] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 118.092844][ T6358] 8021q: adding VLAN 0 to HW filter on device bond0 [ 118.117340][ T6358] 8021q: adding VLAN 0 to HW filter on device team0 [ 118.132248][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.135722][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.140625][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.143858][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 118.166342][ C0] usblp0: nonzero write bulk status received: -71 [ 118.169617][ T8] usb 8-1: USB disconnect, device number 5 [ 118.176915][ T8] usblp0: removed [ 118.195316][ T6358] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 118.199598][ T6358] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 118.345653][ T6358] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 118.392771][ T6358] veth0_vlan: entered promiscuous mode [ 118.402270][ T6358] veth1_vlan: entered promiscuous mode [ 118.449323][ T6358] veth0_macvtap: entered promiscuous mode [ 118.458629][ T6358] veth1_macvtap: entered promiscuous mode [ 118.475809][ T6358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.480404][ T6358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.485461][ T6358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.490094][ T6358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.498116][ T6358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.503327][ T6358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.508740][ T6358] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 118.514349][ T6358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.518823][ T6358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.523109][ T6358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.527183][ T6358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.540875][ T6358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.545004][ T6358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.550705][ T6358] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 118.557126][ T6358] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.560662][ T6358] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.564697][ T6358] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.567776][ T6358] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.653592][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.657152][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.659805][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.663601][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.027572][ T39] audit: type=1326 audit(1723067195.171:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6478 comm="syz.0.313" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1579 code=0x7fc00000 [ 119.073892][ T39] audit: type=1326 audit(1723067195.221:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6478 comm="syz.0.313" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7ff1579 code=0x7fc00000 [ 119.074860][ T8] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 119.293989][ T8] usb 6-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 119.302977][ T8] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 119.309605][ T8] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.320938][ T8] usb 6-1: Product: syz [ 119.324319][ T8] usb 6-1: Manufacturer: syz [ 119.326511][ T8] usb 6-1: SerialNumber: syz [ 119.365086][ T6492] xt_CT: You must specify a L4 protocol and not use inversions on it [ 119.799142][ T39] audit: type=1326 audit(1723067195.941:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6478 comm="syz.0.313" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1579 code=0x7fc00000 [ 119.808148][ T39] audit: type=1326 audit(1723067195.951:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6478 comm="syz.0.313" exe="/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf7ff1579 code=0x7fc00000 [ 119.827523][ T39] audit: type=1326 audit(1723067195.951:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6478 comm="syz.0.313" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1579 code=0x7fc00000 [ 119.836820][ T39] audit: type=1326 audit(1723067195.951:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6478 comm="syz.0.313" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1579 code=0x7fc00000 [ 119.846008][ T39] audit: type=1326 audit(1723067195.951:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6478 comm="syz.0.313" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1579 code=0x7fc00000 [ 119.866261][ T8] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -22 [ 119.875597][ T8] usb 6-1: USB disconnect, device number 3 [ 120.055369][ T4774] Bluetooth: hci0: command tx timeout [ 120.316251][ T6498] capability: warning: `syz.3.316' uses deprecated v2 capabilities in a way that may be insecure [ 120.505441][ T6508] CIFS: iocharset name too long [ 122.130874][ T4774] Bluetooth: hci0: command tx timeout [ 122.163437][ T39] kauditd_printk_skb: 56 callbacks suppressed [ 122.163453][ T39] audit: type=1326 audit(1723067198.301:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6528 comm="syz.3.326" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x0 [ 124.340871][ T5470] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 124.570337][ T5470] usb 7-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 124.588240][ T5470] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 124.600999][ T5470] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.604369][ T5470] usb 7-1: Product: syz [ 124.607651][ T5470] usb 7-1: Manufacturer: syz [ 124.614484][ T5470] usb 7-1: SerialNumber: syz [ 124.645428][ T6547] netlink: 'syz.1.333': attribute type 11 has an invalid length. [ 124.662739][ T6547] netlink: 211132 bytes leftover after parsing attributes in process `syz.1.333'. [ 124.694349][ T111] EXT4-fs warning (device sda1): es_reclaim_extents:1827: forced shrink of precached extents [ 124.699444][ T111] EXT4-fs warning (device sda1): es_reclaim_extents:1827: forced shrink of precached extents [ 124.732516][ T6549] netlink: 'syz.0.334': attribute type 9 has an invalid length. [ 124.733771][ T111] EXT4-fs warning (device sda1): es_reclaim_extents:1827: forced shrink of precached extents [ 124.737067][ T6549] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.334'. [ 124.803979][ C3] vkms_vblank_simulate: vblank timer overrun [ 125.093225][ T73] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.164043][ T5470] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -22 [ 125.187835][ T5470] usb 7-1: USB disconnect, device number 4 [ 125.262008][ T73] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.347762][ T73] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.435558][ T73] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.648824][ T73] bridge_slave_1: left allmulticast mode [ 125.660828][ T73] bridge_slave_1: left promiscuous mode [ 125.663491][ T73] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.669198][ T73] bridge_slave_0: left allmulticast mode [ 125.671896][ T73] bridge_slave_0: left promiscuous mode [ 125.674232][ T73] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.734098][ T66] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 125.748960][ T66] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 125.767204][ T66] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 125.774646][ T66] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 125.778561][ T66] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 125.782318][ T66] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 126.390481][ T73] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 126.408661][ T73] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 126.414971][ T73] bond0 (unregistering): Released all slaves [ 126.871329][ T6588] netlink: 8 bytes leftover after parsing attributes in process `syz.2.345'. [ 126.959260][ T6591] netlink: 4 bytes leftover after parsing attributes in process `syz.0.344'. [ 127.037415][ T6594] netlink: 8 bytes leftover after parsing attributes in process `syz.2.346'. [ 127.048959][ T6598] netlink: 8 bytes leftover after parsing attributes in process `syz.2.346'. [ 127.078406][ T6598] netlink: 8 bytes leftover after parsing attributes in process `syz.2.346'. [ 127.189738][ T73] hsr_slave_0: left promiscuous mode [ 127.212797][ T73] hsr_slave_1: left promiscuous mode [ 127.233292][ T73] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 127.252456][ T73] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 127.267261][ T73] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 127.271211][ T73] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 127.381289][ T73] veth1_macvtap: left promiscuous mode [ 127.383679][ T73] veth0_macvtap: left promiscuous mode [ 127.386262][ T73] veth1_vlan: left promiscuous mode [ 127.388060][ T73] veth0_vlan: left promiscuous mode [ 127.810955][ T4774] Bluetooth: hci3: command tx timeout [ 128.239772][ T73] team0 (unregistering): Port device team_slave_1 removed [ 128.338454][ T73] team0 (unregistering): Port device team_slave_0 removed [ 128.930716][ T6594] netlink: 8 bytes leftover after parsing attributes in process `syz.2.346'. [ 128.984025][ T6568] chnl_net:caif_netlink_parms(): no params data found [ 129.201594][ T6568] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.217073][ T6568] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.220307][ T6568] bridge_slave_0: entered allmulticast mode [ 129.233327][ T6568] bridge_slave_0: entered promiscuous mode [ 129.260093][ T6568] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.268369][ T6568] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.271813][ T6568] bridge_slave_1: entered allmulticast mode [ 129.281145][ T6568] bridge_slave_1: entered promiscuous mode [ 129.399030][ T6568] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 129.408722][ T6568] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 129.527619][ T6568] team0: Port device team_slave_0 added [ 129.535473][ T6568] team0: Port device team_slave_1 added [ 129.666537][ T73] IPVS: stop unused estimator thread 0... [ 129.670665][ T6568] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 129.674631][ T6568] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 129.698844][ T6568] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 129.710983][ T6568] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 129.719328][ T6568] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 129.732671][ T6568] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 129.854633][ T6568] hsr_slave_0: entered promiscuous mode [ 129.882434][ T6568] hsr_slave_1: entered promiscuous mode [ 129.895999][ T6568] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 129.900699][ T6568] Cannot create hsr debugfs directory [ 129.906252][ T4774] Bluetooth: hci3: command tx timeout [ 130.364146][ T8] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 130.594016][ T8] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 130.628022][ T6644] program syz.2.354 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 130.628414][ T8] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 130.628436][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.628451][ T8] usb 5-1: Product: syz [ 130.628462][ T8] usb 5-1: Manufacturer: syz [ 130.628472][ T8] usb 5-1: SerialNumber: syz [ 130.950682][ T6568] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 130.998517][ T6568] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 131.009219][ T6568] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 131.016215][ T6568] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 131.136712][ T6568] 8021q: adding VLAN 0 to HW filter on device bond0 [ 131.163708][ T6568] 8021q: adding VLAN 0 to HW filter on device team0 [ 131.172036][ T831] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.175341][ T831] bridge0: port 1(bridge_slave_0) entered forwarding state [ 131.183872][ T8] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22 [ 131.196884][ T8] usb 5-1: USB disconnect, device number 3 [ 131.203769][ T831] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.206907][ T831] bridge0: port 2(bridge_slave_1) entered forwarding state [ 131.257830][ T6568] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 131.262792][ T6568] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 131.477545][ T6568] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 131.558009][ T6568] veth0_vlan: entered promiscuous mode [ 131.571792][ T6568] veth1_vlan: entered promiscuous mode [ 131.599403][ T6568] veth0_macvtap: entered promiscuous mode [ 131.635956][ T6568] veth1_macvtap: entered promiscuous mode [ 131.655237][ T6568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 131.660999][ T6568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 131.665452][ T6568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 131.670283][ T6568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 131.688186][ T6568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 131.709903][ T6568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 131.748048][ T6568] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 131.772459][ T6568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 131.787091][ T6568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 131.792565][ T6568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 131.805999][ T6568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 131.810707][ T6568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 131.822838][ T6568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 131.845515][ T6686] ISOFS: Unable to identify CD-ROM format. [ 131.854003][ T6568] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 131.889336][ T6568] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 131.909835][ T6568] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 131.915070][ T6568] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 131.919770][ T6568] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 131.973397][ T4774] Bluetooth: hci3: command tx timeout [ 132.104539][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.180911][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.318562][ T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.325337][ T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.939946][ T6712] syz.3.363: attempt to access beyond end of device [ 132.939946][ T6712] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 132.957865][ T6712] SQUASHFS error: Failed to read block 0x0: -5 [ 132.960388][ T6712] unable to read squashfs_super_block [ 133.611438][ T35] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 133.814102][ T35] usb 6-1: Using ep0 maxpacket: 8 [ 133.843459][ T35] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 133.847638][ T35] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 133.876145][ T35] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 133.885065][ T35] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 133.895102][ T35] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 133.899422][ T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.051107][ T4774] Bluetooth: hci3: command tx timeout [ 134.201432][ T35] usb 6-1: GET_CAPABILITIES returned 0 [ 134.203573][ T35] usbtmc 6-1:16.0: can't read capabilities [ 134.519285][ T8] usb 6-1: USB disconnect, device number 4 [ 135.010978][ T5033] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 135.096563][ T6761] netlink: 48 bytes leftover after parsing attributes in process `syz.0.376'. [ 135.203667][ T5033] usb 8-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 135.215364][ T5033] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 135.223816][ T5033] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.227799][ T5033] usb 8-1: Product: syz [ 135.230223][ T5033] usb 8-1: Manufacturer: syz [ 135.233443][ T5033] usb 8-1: SerialNumber: syz [ 135.324778][ T6765] syz.1.377: attempt to access beyond end of device [ 135.324778][ T6765] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 135.331210][ T6765] SQUASHFS error: Failed to read block 0x0: -5 [ 135.334275][ T6765] unable to read squashfs_super_block [ 135.708178][ T5033] cdc_ether 8-1:1.0: probe with driver cdc_ether failed with error -22 [ 135.727680][ T5033] usb 8-1: USB disconnect, device number 6 [ 136.456609][ T6787] netlink: 4 bytes leftover after parsing attributes in process `syz.3.385'. [ 136.939004][ T35] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 137.180832][ T35] usb 8-1: Using ep0 maxpacket: 8 [ 137.184895][ T35] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 137.188732][ T35] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 137.193909][ T35] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 137.210539][ T35] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 137.216172][ T35] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 137.219996][ T35] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.402699][ T6802] netlink: 8 bytes leftover after parsing attributes in process `syz.1.389'. [ 137.408360][ T6802] netlink: 8 bytes leftover after parsing attributes in process `syz.1.389'. [ 137.413335][ T6802] netlink: 8 bytes leftover after parsing attributes in process `syz.1.389'. [ 137.420035][ T6802] netlink: 8 bytes leftover after parsing attributes in process `syz.1.389'. [ 137.643263][ T35] usb 8-1: GET_CAPABILITIES returned 0 [ 137.645720][ T35] usbtmc 8-1:16.0: can't read capabilities [ 137.737306][ T1374] ieee802154 phy1 wpan1: encryption failed: -22 [ 137.986565][ T25] usb 8-1: USB disconnect, device number 7 [ 138.812497][ T6819] xt_CT: You must specify a L4 protocol and not use inversions on it [ 138.939094][ T6822] kvm: emulating exchange as write [ 139.080975][ T5033] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 139.183472][ T6827] batman_adv: batadv0: Adding interface: ipvlan0 [ 139.186423][ T6827] batman_adv: batadv0: The MTU of interface ipvlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 139.201748][ T6827] batman_adv: batadv0: Not using interface ipvlan0 (retrying later): interface not active [ 139.282838][ T5033] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 139.294070][ T5033] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 139.298187][ T5033] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.307338][ T5033] usb 5-1: Product: syz [ 139.312966][ T5033] usb 5-1: Manufacturer: syz [ 139.315124][ T5033] usb 5-1: SerialNumber: syz [ 139.868435][ T5033] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22 [ 139.876346][ T5033] usb 5-1: USB disconnect, device number 4 [ 140.954495][ T6838] syz.0.400: attempt to access beyond end of device [ 140.954495][ T6838] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 140.959414][ T6838] SQUASHFS error: Failed to read block 0x0: -5 [ 140.962901][ T6838] unable to read squashfs_super_block [ 142.016260][ T6843] ieee802154 phy1 wpan1: encryption failed: -22 [ 142.115245][ T6859] netlink: 'syz.3.406': attribute type 30 has an invalid length. [ 144.861686][ T5434] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 144.942782][ T6896] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 144.947351][ T6896] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 144.964513][ T5033] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 145.067409][ T5434] usb 8-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 145.116306][ T5434] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 145.121022][ T5434] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.125349][ T5434] usb 8-1: Product: syz [ 145.129192][ T5434] usb 8-1: Manufacturer: syz [ 145.132859][ T5434] usb 8-1: SerialNumber: syz [ 145.159131][ T5033] usb 5-1: Using ep0 maxpacket: 8 [ 145.165059][ T5033] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 145.169157][ T5033] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 145.181398][ T5033] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 145.186404][ T5033] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 145.193360][ T5033] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 145.197286][ T5033] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.603888][ T5033] usb 5-1: GET_CAPABILITIES returned 0 [ 145.607022][ T5033] usbtmc 5-1:16.0: can't read capabilities [ 145.702891][ T5434] cdc_ether 8-1:1.0: probe with driver cdc_ether failed with error -22 [ 145.713269][ T5434] usb 8-1: USB disconnect, device number 8 [ 145.751472][ T6902] netlink: 28 bytes leftover after parsing attributes in process `syz.1.421'. [ 145.970994][ T831] usb 5-1: USB disconnect, device number 5 [ 148.364482][ T6912] ------------[ cut here ]------------ [ 148.367259][ T6912] WARNING: CPU: 0 PID: 6912 at mm/page_table_check.c:207 __page_table_check_ptes_set+0x2fa/0x3e0 [ 148.372277][ T6912] Modules linked in: [ 148.395122][ T6912] CPU: 0 UID: 0 PID: 6912 Comm: syz.0.424 Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0 [ 148.399545][ T6912] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 148.404515][ T6912] RIP: 0010:__page_table_check_ptes_set+0x2fa/0x3e0 [ 148.407590][ T6912] Code: e9 91 fe ff ff e8 46 48 97 ff 48 8b 2c 24 31 ff 83 e5 02 48 89 ee e8 65 43 97 ff 48 85 ed 0f 84 85 00 00 00 e8 27 48 97 ff 90 <0f> 0b 90 e9 e9 fd ff ff e8 19 48 97 ff eb 69 cc cc cc e8 0f 48 97 [ 148.416319][ T6912] RSP: 0000:ffffc90006f2fa28 EFLAGS: 00010293 [ 148.418978][ T6912] RAX: 0000000000000000 RBX: ffff888055981000 RCX: ffffffff81f3dbab [ 148.422102][ T6912] RDX: ffff8880207a0000 RSI: ffffffff81f3dbb9 RDI: 0000000000000007 [ 148.425348][ T6912] RBP: 0000000000000002 R08: 0000000000000007 R09: 0000000000000000 [ 148.428554][ T6912] R10: 0000000000000002 R11: 0000000000000000 R12: 0000000000000001 [ 148.431913][ T6912] R13: ffff8880274b0980 R14: 0000000000000001 R15: 1ffff92000de5f47 [ 148.435182][ T6912] FS: 0000000000000000(0000) GS:ffff88802c000000(0063) knlGS:00000000584d1440 [ 148.438642][ T6912] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 148.441328][ T6912] CR2: 00000000200002c0 CR3: 000000005982e000 CR4: 0000000000352ef0 [ 148.444980][ T6912] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 148.448494][ T6912] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 148.452675][ T6912] Call Trace: [ 148.454334][ T6912] [ 148.455740][ T6912] ? show_regs+0x8c/0xa0 [ 148.457646][ T6912] ? __warn+0xe5/0x3c0 [ 148.459403][ T6912] ? __page_table_check_ptes_set+0x2fa/0x3e0 [ 148.461982][ T6912] ? report_bug+0x3c0/0x580 [ 148.463897][ T6912] ? handle_bug+0x3d/0x70 [ 148.465685][ T6912] ? exc_invalid_op+0x17/0x50 [ 148.467533][ T6912] ? asm_exc_invalid_op+0x1a/0x20 SYZFAIL: failed to recv rpc [ 148.469817][ T6912] ? __page_table_check_ptes_set+0x2eb/0x3e0 [ 148.472364][ T6912] ? __page_table_check_ptes_set+0x2f9/0x3e0 [ 148.474467][ T6912] ? __page_table_check_ptes_set+0x2fa/0x3e0 [ 148.476721][ T6912] ? __page_table_check_ptes_set+0x2f9/0x3e0 [ 148.478921][ T6912] ? __pfx___page_table_check_ptes_set+0x10/0x10 [ 148.481330][ T6912] ? irqentry_exit+0x3b/0x90 fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 148.483405][ T6912] ? lockdep_hardirqs_on+0x7c/0x110 [ 148.486406][ T6912] set_ptes.constprop.0+0x193/0x1d0 [ 148.489684][ T6912] ? __pfx_set_ptes.constprop.0+0x10/0x10 [ 148.492586][ T6912] ? do_swap_page+0xf39/0x3dc0 [ 148.494883][ T6912] ? do_swap_page+0xf47/0x3dc0 [ 148.497271][ T6912] do_swap_page+0x1214/0x3dc0 [ 148.499766][ T6912] ? __pfx_do_swap_page+0x10/0x10 [ 148.502519][ T6912] ? pte_offset_map_nolock+0xfe/0x1c0 [ 148.505090][ T6912] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 148.507664][ T6912] __handle_mm_fault+0x146b/0x5360 [ 148.510170][ T6912] ? down_read_trylock+0x1ed/0x3f0 [ 148.513214][ T6912] ? lock_vma_under_rcu+0x1e2/0x8f0 [ 148.516090][ T6912] ? __pfx___handle_mm_fault+0x10/0x10 [ 148.519286][ T6912] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 148.522620][ T6912] handle_mm_fault+0x44e/0x7b0 [ 148.525078][ T6912] ? __pkru_allows_pkey+0x52/0xb0 [ 148.527969][ T6912] do_user_addr_fault+0x60d/0x13f0 [ 148.530626][ T6912] exc_page_fault+0x5c/0xc0 [ 148.533389][ T6912] asm_exc_page_fault+0x26/0x30 [ 148.535821][ T6912] RIP: 0023:0xf72efd71 [ 148.537788][ T6912] Code: 00 00 74 02 a4 49 50 89 c8 c1 e9 02 83 e0 03 f3 a5 89 c1 f3 a4 58 89 c7 89 d6 8b 44 24 04 c3 d1 e9 73 01 a4 d1 e9 73 02 66 a5 a5 eb e8 66 90 66 90 66 90 66 90 66 90 90 8b 44 24 0c 39 44 24 [ 148.546080][ T6912] RSP: 002b:00000000ff8ae80c EFLAGS: 00010202 [ 148.548260][ T6912] RAX: 0000000000000000 RBX: 00000000f747cff4 RCX: 0000000000000002 [ 148.551502][ T6912] RDX: 0000000000000008 RSI: 00000000f6db03ae RDI: 00000000200002c0 [ 148.554948][ T6912] RBP: 00000000ff8aea88 R08: 0000000000000000 R09: 0000000000000000 [ 148.557934][ T6912] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 148.560990][ T6912] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 148.564139][ T6912] [ 148.565581][ T6912] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 148.568778][ T6912] CPU: 0 UID: 0 PID: 6912 Comm: syz.0.424 Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0 [ 148.573138][ T6912] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 148.577288][ T6912] Call Trace: [ 148.578519][ T6912] [ 148.579705][ T6912] dump_stack_lvl+0x3d/0x1f0 [ 148.581346][ T6912] panic+0x6f5/0x7a0 [ 148.582595][ T6912] ? __pfx_panic+0x10/0x10 [ 148.583963][ T6912] ? show_trace_log_lvl+0x363/0x500 [ 148.585851][ T6912] ? check_panic_on_warn+0x1f/0xb0 [ 148.588261][ T6912] ? __page_table_check_ptes_set+0x2fa/0x3e0 [ 148.590770][ T6912] check_panic_on_warn+0xab/0xb0 [ 148.592816][ T6912] __warn+0xf1/0x3c0 [ 148.594609][ T6912] ? __page_table_check_ptes_set+0x2fa/0x3e0 [ 148.597319][ T6912] report_bug+0x3c0/0x580 [ 148.599263][ T6912] handle_bug+0x3d/0x70 [ 148.601118][ T6912] exc_invalid_op+0x17/0x50 [ 148.603188][ T6912] asm_exc_invalid_op+0x1a/0x20 [ 148.605495][ T6912] RIP: 0010:__page_table_check_ptes_set+0x2fa/0x3e0 [ 148.608739][ T6912] Code: e9 91 fe ff ff e8 46 48 97 ff 48 8b 2c 24 31 ff 83 e5 02 48 89 ee e8 65 43 97 ff 48 85 ed 0f 84 85 00 00 00 e8 27 48 97 ff 90 <0f> 0b 90 e9 e9 fd ff ff e8 19 48 97 ff eb 69 cc cc cc e8 0f 48 97 [ 148.616366][ T6912] RSP: 0000:ffffc90006f2fa28 EFLAGS: 00010293 [ 148.618699][ T6912] RAX: 0000000000000000 RBX: ffff888055981000 RCX: ffffffff81f3dbab [ 148.621780][ T6912] RDX: ffff8880207a0000 RSI: ffffffff81f3dbb9 RDI: 0000000000000007 [ 148.624726][ T6912] RBP: 0000000000000002 R08: 0000000000000007 R09: 0000000000000000 [ 148.627665][ T6912] R10: 0000000000000002 R11: 0000000000000000 R12: 0000000000000001 [ 148.630693][ T6912] R13: ffff8880274b0980 R14: 0000000000000001 R15: 1ffff92000de5f47 [ 148.633890][ T6912] ? __page_table_check_ptes_set+0x2eb/0x3e0 [ 148.636615][ T6912] ? __page_table_check_ptes_set+0x2f9/0x3e0 [ 148.639368][ T6912] ? __page_table_check_ptes_set+0x2f9/0x3e0 [ 148.641898][ T6912] ? __pfx___page_table_check_ptes_set+0x10/0x10 [ 148.644508][ T6912] ? irqentry_exit+0x3b/0x90 [ 148.646458][ T6912] ? lockdep_hardirqs_on+0x7c/0x110 [ 148.648653][ T6912] set_ptes.constprop.0+0x193/0x1d0 [ 148.650853][ T6912] ? __pfx_set_ptes.constprop.0+0x10/0x10 [ 148.653244][ T6912] ? do_swap_page+0xf39/0x3dc0 [ 148.655219][ T6912] ? do_swap_page+0xf47/0x3dc0 [ 148.657207][ T6912] do_swap_page+0x1214/0x3dc0 [ 148.659083][ T6912] ? __pfx_do_swap_page+0x10/0x10 [ 148.661017][ T6912] ? pte_offset_map_nolock+0xfe/0x1c0 [ 148.663026][ T6912] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 148.665872][ T6912] __handle_mm_fault+0x146b/0x5360 [ 148.668119][ T6912] ? down_read_trylock+0x1ed/0x3f0 [ 148.670096][ T6912] ? lock_vma_under_rcu+0x1e2/0x8f0 [ 148.671811][ T6912] ? __pfx___handle_mm_fault+0x10/0x10 [ 148.673977][ T6912] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 148.675850][ T6912] handle_mm_fault+0x44e/0x7b0 [ 148.677630][ T6912] ? __pkru_allows_pkey+0x52/0xb0 [ 148.679736][ T6912] do_user_addr_fault+0x60d/0x13f0 [ 148.682287][ T6912] exc_page_fault+0x5c/0xc0 [ 148.684412][ T6912] asm_exc_page_fault+0x26/0x30 [ 148.686455][ T6912] RIP: 0023:0xf72efd71 [ 148.688236][ T6912] Code: 00 00 74 02 a4 49 50 89 c8 c1 e9 02 83 e0 03 f3 a5 89 c1 f3 a4 58 89 c7 89 d6 8b 44 24 04 c3 d1 e9 73 01 a4 d1 e9 73 02 66 a5 a5 eb e8 66 90 66 90 66 90 66 90 66 90 90 8b 44 24 0c 39 44 24 [ 148.696067][ T6912] RSP: 002b:00000000ff8ae80c EFLAGS: 00010202 [ 148.699072][ T6912] RAX: 0000000000000000 RBX: 00000000f747cff4 RCX: 0000000000000002 [ 148.703072][ T6912] RDX: 0000000000000008 RSI: 00000000f6db03ae RDI: 00000000200002c0 [ 148.706535][ T6912] RBP: 00000000ff8aea88 R08: 0000000000000000 R09: 0000000000000000 [ 148.709892][ T6912] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 148.713166][ T6912] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 148.716575][ T6912] [ 148.718578][ T6912] Kernel Offset: disabled [ 148.720715][ T6912] Rebooting in 86400 seconds.. VM DIAGNOSIS: 21:47:04 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84fa5cb5 RDI=ffffffff9511c340 RBP=ffffffff9511c300 RSP=ffffc90006f2f3e0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000038 R14=ffffffff84fa5c50 R15=0000000000000000 RIP=ffffffff84fa5cdf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802c000000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000200002c0 CR3=000000005982e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000f000000000 0000000300000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000002 RBX=ffff88802c046560 RCX=ffffc9002bb44000 RDX=0000000000040000 RSI=ffffffff817ef895 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc9000c117c00 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=ffffed1005808cad R13=0000000000000001 R14=ffff88802c046568 R15=ffff88802c13ffc0 RIP=ffffffff818b2425 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802c100000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f744fb00 CR3=0000000052a96000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000014000000000 0000000400000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000002 RBX=ffff888058b63040 RCX=1ffffffff20229ef RDX=0000000000000001 RSI=0000000000000013 RDI=ffff888058b63040 RBP=ffff88807ffd6000 RSP=ffffc9000c01ee90 R8 =0000000000000000 R9 =fffffbfff28b6ad8 R10=ffffffff945b56c7 R11=0000000000000000 R12=0000000000000001 R13=0000000000000013 R14=0000000000000000 R15=ffff8880278ae000 RIP=ffffffff81f07619 RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802c200000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f57b5e8c CR3=000000005303e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=1ffff11002627c22 RBX=ffff88801313e000 RCX=ffffffff81827474 RDX=ffff88801b708000 RSI=ffff8880576ae000 RDI=0000000000000005 RBP=ffff88801313e110 RSP=ffffc90001fefa98 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=ffff888017af6000 R13=dffffc0000000000 R14=0000000000000000 R15=ffff88801313e000 RIP=ffffffff81827726 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000ffd2bf6f CR3=000000004712a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000f000000000 0000000300000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000