last executing test programs: 59.846872479s ago: executing program 0 (id=38): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x8, 0x10002, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r2, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0x2, r3}, 0x38) 49.464917041s ago: executing program 0 (id=38): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x8, 0x10002, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r2, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0x2, r3}, 0x38) 38.635093574s ago: executing program 0 (id=38): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x8, 0x10002, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r2, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0x2, r3}, 0x38) 27.091270233s ago: executing program 0 (id=38): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x8, 0x10002, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r2, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0x2, r3}, 0x38) 15.469058352s ago: executing program 0 (id=38): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x8, 0x10002, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r2, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0x2, r3}, 0x38) 4.802965566s ago: executing program 2 (id=421): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000440)={0xffffffffffffffff, 0x3, 0x4, 0x3}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0xfffffffa, 0x0, 0x0, 0x1110, 0xffffffffffffffff, 0x1, '\x00', 0x0, r1, 0x4, 0x1, 0x2, 0x1, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000002000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_SERVICE(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000000100000040000180060001000a00000008000500000000000c0007000000000000000000080009007100000007000600727200000800080000"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58) r6 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000080), 0x0) sendmmsg$inet6(r6, 0x0, 0x0, 0x8000) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x7e832, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mem_connect\x00', r3}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) socket$inet_udp(0x2, 0x2, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a9646", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) 4.577315561s ago: executing program 2 (id=425): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x1c, r2, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80003080}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x2c, r2, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}, @NL80211_ATTR_REG_RULES={0x10, 0x22, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40080}, 0x40010) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), r4) sendmsg$IEEE802154_LIST_PHY(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r5, 0x321}, 0x14}}, 0x0) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r3, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r6, 0x20, 0x70bd2a, 0x25dfdbff, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x5}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x9}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0xffff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1e, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x6, 0x0, 0x0, 0x0, 0x71, 0x11, 0x9}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x19}, @exit={0x95, 0x0, 0x4c}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x7, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_lookup, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) 3.651689917s ago: executing program 2 (id=431): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.57164918s ago: executing program 2 (id=432): sendmmsg(0xffffffffffffffff, &(0x7f0000003b80), 0x0, 0x0) syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_ED_LEVEL(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x3, 0x12) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) getpid() r0 = getpid() r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000400)=""/4096) msgrcv(0x0, &(0x7f0000001400)={0x0, ""/117}, 0x79, 0x3, 0x3400) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r2, 0x0, 0x0, 0x100008) 3.081682354s ago: executing program 0 (id=38): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x8, 0x10002, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r2, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0x2, r3}, 0x38) 2.102085556s ago: executing program 1 (id=433): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xe, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r2, 0x0, r1, 0x0, 0x6, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10) r5 = getpid() r6 = gettid() rt_tgsigqueueinfo(r5, r6, 0xb, &(0x7f0000000080)={0x0, 0x0, 0x4}) write$P9_RRENAMEAT(r1, &(0x7f00000000c0)={0x7}, 0x7) r7 = io_uring_setup(0x3b5b, &(0x7f0000000040)={0x0, 0x0, 0x2}) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r7, 0x13, &(0x7f0000000100), 0x2) dup3(r2, r1, 0x0) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000e50601"], 0x14}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYRES16=r0, @ANYRES64=r1, @ANYRES8=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) clock_gettime(0x0, 0x0) ppoll(&(0x7f0000000200)=[{r9}], 0x1, 0x0, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000580)='kmem_cache_free\x00', r8}, 0x10) fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) 2.10140027s ago: executing program 2 (id=434): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x0, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), 0x0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0}, &(0x7f0000000580), &(0x7f0000000340)}, 0x20) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040), 0xfea7) listen(0xffffffffffffffff, 0x0) listen(0xffffffffffffffff, 0x0) syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_auth_complete={{0x6, 0x3}, {0x0, 0xc8}}}, 0x6) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x0, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x8}}, &(0x7f0000000040)='GPL\x00', 0x100002, 0x0, 0x0, 0x0, 0x19, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="b7050000feffffff6110590000000000078000000000000095000000000000003e4d6050f0"], &(0x7f00000002c0)='GPL\x00', 0x5, 0xbc, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000080), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000018c0)={'team0\x00', 0x0}) prlimit64(0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='net/igmp6\x00') preadv(r4, &(0x7f0000000100)=[{&(0x7f0000000140)=""/196, 0xc4}], 0x1, 0x200000, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x38, 0x10, 0x49920d862a92153b, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10004, 0x20}, [@IFLA_LINKINFO={0x10, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x38}}, 0x80) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000240)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0) 1.891141181s ago: executing program 3 (id=437): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000480)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) r1 = dup2(r0, r0) sendmmsg$unix(r1, &(0x7f0000001e80)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000280)="12f8a2b2236d539f42b67e083fcd9b5de2cb490c038d25210290c4cc3afacede0f7d823ef5968c9a", 0x28}], 0x1}}, {{&(0x7f0000000440)=@abs, 0x18, 0x0}}], 0x2, 0x0) 1.890836429s ago: executing program 3 (id=438): ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "ef359f413bb93852f7d68abc2d86fbd1ce5d29c2ee5e5c9d000ff8ee09e737ff0edf110ff4117639c2eb4b78c66ee677df701905b9aafab4afaaf755a3f6a004", "036c47c65a0820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171c992c11ef54ec32d71e14ef6bf093fce47d85272036dc78388e3dc177e9b496", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001"}) fsetxattr$trusted_overlay_origin(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0, 0x0) syz_emit_ethernet(0x29a, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaa00aaaaaaaaaa0086dd60cb653e02643a00fe800000000000000000000000000000fe80000000000000000000000000000086009078000000000000000000000000000d7db4265c9f6aa3b46521199ea778d105c24ab977edb940e63f49a7129f45462e5eecc39f468544e3c13aa9017ccd638e784912ef2c2589d0d45cf0ed4bbe909218459bcbeaf63697aef1702b895af582b2e3b5cd435f497d415f29c5d941df10c1ca58197441e0e9b3400d9800081598a4a8a719ffe0621615f6d04dcae3360546cf06f2665bae2296931fd1d71c1f7e8f222b9ddc4e0bfb5e5c9a484353b785e79b4d8181cf146261723484c54803466e8b0034130c3818a2eaac43f1a6efc4f7772852ea05bff405aa28758ba53e0f2060e4e027f24bb723a5571d0da2ebeb3fe47f34e606cb3987e3681841f511126b773758e143f6be25d6965fcca35155fec3f970e2067f5db8a5de787eaf96b5957e6b988c02ae9fe26ec3118d9fdcca129d1269b290f687cde5b4eaba737c806335ca0d1e43697d144c6df4dc0d31e84004bc22e87b6e2daab5674479c76a1be360d309e7e7e5fa089032b331a3ceea18d92124681c0b78a0f1665ffcba0bee11950f6b4912bb302b3e648fad7ff4862ccc823e720fdb20af8ab0a6a09dfcdacf69923d60a0efeacf81e1e7e17db9547a4962bdec794c013af7210e54d43f3fe7da2f88c674f4cfd818f6a7461368bf62f1d5f98fd90f4eb74bf0559f1c6b1ebec57dba007f143108ca4be3fa330cc21a411b0b7af23ebd9282be17fb702a5ca61650b283eec78e0280e4f2713b42bd4e3615c48c55c1abe5827601038109736f9c6b7242e7c9c917309397b864eedf5ca71db1debb609b63c1b54955706017731319e0cc41083f99bd11da748b47d8715080899eb15caf19df36632b73bb22596b"], 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) 1.771920378s ago: executing program 3 (id=439): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000004000000000000000201801000020786c3500000000002020207b1af8ff00000000bfa10000000000000701000094ffffffb702000008000000b703000000000020850000002d000000850000002a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001e40)=ANY=[@ANYBLOB="b702000026000000bfa300000000000005000000000000007a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643c4e8d41cdb7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67d5b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b0a341a2d7cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6659f28d9961b626c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a08060000000200000000000000334d83239dd27080e71113610e10d858e8327ef01fb6c86acac1223331f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3964663e88535c133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0182babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000000000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacee403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007976699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e6712824a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f5124948f8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f74b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b6c16bd94d2da66059de81abfa15eeeb88b6ae5882ad341032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b47dcb52b0be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd2231bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac47946d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f553573c48104d2ad0e10d3663488e664401453f22f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed3071330c58145be813a10788a720a6b5a498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cf2c60538a505ad4a0510eebb023e4954c9eb6cd70627f5c03d867dbf3ad5d1f1dc852064dd0efafc3df20ec8faf3d194db76127f88f284fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8ba37818e40c14b37c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1db99c2cf2735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c095162b3b5fb3832ee68e2b53d44bd84bf6770157e96bbb96b5e1f165c87e7a9a7d53c281d88ebb175a4dbb82130e6870982947913110f091d21760d985afd3163f2e6880682432f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db673acd2f7b8988d833e71943fe2c1c65a3cf36b955c56b55bfd3ecf0af694c71a03f2996c15b1ba971de1cb9c7e6a0000000000000014783ef54c51199317413f98dca8ff3df3572a7d9ef5f6103997f1f9e4b0c3970bda50f6c0af58dbd6c031b1a5a7512c5896514adfa17d31429c68db50a93d88199defd3b4625fea426ff9293a28a544a6a9e2a79b55daa1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718f3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e68884d7245bc5d61dc5a114d10ffb22e76678bbfc1e3865d17d128306d1b81884a934cb00000000000000000098a4526e6468987dbc63bff7590eb388afaba43d811996333eef7e9f472bee293f0c40d434b8be07cbd52325296e22802493edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b28546671f11d8157bb762c91f3fbcca8e21589c92446ae65d408c0637ffcc2d44d715ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f51a973a6c238e545b28211a92000000001501aed80000010000000000e293690c5e697b3a1480e46df5371bca1cfb28a57c1b3c956ec81397e81fbf870a67385fea04220423f52ad8178b9f"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x8, 0x0, &(0x7f0000000000)="e0b9547ed387dbe9", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000800)="76389e147583ddd0569ba56a888e", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.771616389s ago: executing program 3 (id=440): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0xe, 0x0, &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) creat(0x0, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0x22, 0x17, 0x4a, 0x20, 0x4b4, 0x861f, 0xf9d6, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x73, 0xa7, 0x7a}}]}}]}}, 0x0) 1.409113273s ago: executing program 2 (id=441): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000016c0)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x4, 0x0, 0x0, 0x0, 0xc7, 0x40}}}, @TCA_TBF_PTAB={0x404, 0x3, [0xffffff7f]}]}}]}, 0x45c}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={{0x14, 0x10, 0x1, 0x12}, [], {0x14, 0x10}}, 0x28}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(0xffffffffffffffff) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xffffffffffffff16) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, 0x40, 0x9, 0x0, 0x0, {0x2}, [@typed={0x8, 0x2, 0x0, 0x0, @u32}]}, 0x1c}}, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_int(r4, 0x11, 0xa, &(0x7f0000000040)=0x2000, 0x4) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xa0000, 0x156) readlinkat(r5, &(0x7f00000000c0)='./file0\x00', &(0x7f00000005c0)=""/199, 0xc7) sendmmsg$inet6(r4, &(0x7f00000001c0)=[{{&(0x7f0000000140)={0xa, 0x4e24, 0x0, @remote}, 0x1c, 0x0}}], 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) syz_emit_ethernet(0x13f, &(0x7f0000000140)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x109, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @dev, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [{0x0, 0x1c, "e6b128f1f07453ed8e501a180f87875cfd93599c7b7c7b7d463ebbf31ccd5f74e3a7bd3733a8d38f0021f7f22a63a326918b97acaf2687d503915f0120fc9cea280f423304842e5f2304bc7b1b47d8c6a318e457835f611cf3e007035abd56a797edfa270e2aff92da93d302c3fc522106289f83307474eddcb2967e7dcbd5276cb0c196103ca44ef46bd3656202c2bc3d40e885b91412e4ba9a32c5d3e4e2779ed8dbe23fc5811fbd9cf5786ae1b8547e473be21317ff5d380a9eb7481ac2809b20c81f3afaa68459402d5022fb0948085417e498576f0000000000000000"}]}}}}}}, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') r6 = open(&(0x7f0000000040)='./bus\x00', 0x145142, 0x0) ftruncate(r6, 0x2007ffc) 1.181615625s ago: executing program 1 (id=442): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000180), &(0x7f0000000200)='%ps \x00'}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000008000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x4, [@var={0x2, 0x0, 0x0, 0x11}, @const={0x0, 0x0, 0x0, 0x2}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x38, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) 1.110831666s ago: executing program 1 (id=443): sendmmsg(0xffffffffffffffff, &(0x7f0000003b80), 0x0, 0x0) syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_ED_LEVEL(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x3, 0x12) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) getpid() r0 = getpid() r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000400)=""/4096) msgrcv(0x0, &(0x7f0000001400)={0x0, ""/117}, 0x79, 0x3, 0x3400) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r2, 0x0, 0x0, 0x100008) 431.481105ms ago: executing program 3 (id=444): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1, 0x10000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='jbd2_handle_stats\x00', r1}, 0x10) r2 = syz_open_procfs(0x0, 0x0) fchdir(r2) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r3 = inotify_init1(0x0) fcntl$setown(r3, 0x8, 0xffffffffffffffff) fcntl$getownex(r3, 0x10, &(0x7f0000000140)={0x0, 0x0}) r5 = syz_open_procfs(r4, &(0x7f0000000040)='fd/4\x00') ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r5, 0x40086610, &(0x7f0000000180)={@id={0x40000, 0x0, @b}}) 291.872154ms ago: executing program 3 (id=445): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ptrace$getregset(0x4204, 0xffffffffffffffff, 0x2, &(0x7f0000000180)={&(0x7f0000000100)=""/109, 0x6d}) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) clock_adjtime(0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) write$input_event(0xffffffffffffffff, &(0x7f0000000000)={{0x77359400}}, 0xfe4f) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000000740)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000081400002d0301000000000095000000000000006916600000000000bf67000000000000260300000fff07106706000003000000170300000ee6004ebf050000000000001d360000000000006507f9ff01000000070700004c00d6cfcc75000000000000bf54000000000000070400000400f9ffad4301000000000095004000000000000500000000000000950000000000000032ff7f5be95e09b67754bb12feffffff8ecf264e0f84f9f17d3c51e3c7bdd2d17f2f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be5b369289aa6812b8e007e733a9a4f16d0abbd5ad0300806ef08513e3d3778a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad5b803306b17cf4ef3f1d45f60b24a26aba1276a3fa1f6ab689fde4de4e63edf10271a5144ddc8da3aa5b0ab733a1b9ff129e609f4c787c6002d4519af619e3a2a4d69e0dee5eb106774a8f3e6916dfec88b5634ee19b02d2ca8ff54c158f0200000000eafb735fd552bdc206004aeb0743eb2dc819cf5c8ac86d8a297dff0445a13d00dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174cecac4d03723f1c932b3faffffffffffffff5fc998e13b670e373e3e5897f7ad2e99e0e67a993716dbf580469f0f53acbb40b401e3738270b315d362ed834f2a0700000096649a462e7ee4bcf8b07a101c879730beb4000000000000000000000000000000bc00f674629709e7e78f4ddc3d1bc3ebf0bd9d42ca019dd5d022cf7468659fbe2562671cd47840a72faab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7eaf04871bc47287cd313f3bea788ea2bcdc340ffb567b40407d000000000000000000000000005f37d83f84e98a523d80bd0d0d703f3767ce603c9d48cac052ca363f601ae899a53f67b63d20a268bb9f15a0a6e66ce4660fbee91629ab028acfc1d9260e9659a0f6a5480a55c22fe3ae5f562d0ae520c38d2bab6528000000596fb73a96b33c81cdbbd421a27f7f1db054cc7a0a4d372849c99a98822103b9851d924b85b1ca4b21b187db00000000000000066dead3b9670a7604a5ddd0fd2e4fb8a5749a8a8ad78454ba1eebeff1b528da294247d294d2487babb176fdfafeb3d492a325671e6b91afb41f87feda4ce2f468a3758750c0b8f151d4d8574bbbe027687a0e12311cdf3384a26ee3f6f2424b92e5be98ef1f8f2db9a4991e234f9f447e1730ceaf54cf25c0e3ad7cbb0de06e55db89d154c9d3fcd01c551b0ef5d5305845b9a8763b264e8f0bcd0f606fe92e511f122325ebc5fef1b67845d0eb8b8a4997f83424221e94a5c4623feb8496ccdbc55b27773bf1b3e6a91a20e0c27fc80262647f88d8d1123d199b2c7729bb7700e887ea963f00004a1d0851dbfb9308d16cadcc7b477c9a84e3d6bd82526898735552a203c4797228530c946a0008c9730abb6a9b3b3b1a73ab44aa115136353964648abcc4adbe765556643842290a92eafea0ec2c000000000000000000000000000000e1f3518dc3fc2bbefe043804ac1b6b1c8b7e3afed045a3a808700bca61a39d5bfa83877803013e2d145e642253632f3a283c6eee0e22cb69fe7f94786220c31e9b2a82a9856e947bace74923e4740bf1c17cb41ef19161c3d417655517c28bd09edc32d77a40b834ba7a12223354e9321b8300f7d5d63fa0e8f074adc176285a8f41609ce040cec99943792f5443ca5292447b0f0f240743c4b2b8142ce0b43d4d1731ce11533f61ef241c83557f5aae58a848b5ccce86b8b0fb21fe369c90f06e2d9680003df72f3f0060e6c3415cc1026d342003bece09fbfd062efdd9b48377335903f3b4e87386915e3ac429a4db646da1cc6e29ad8650f4da326cbfdce12c8d5deba32549d6aefe422e0d665d62325c737fe76ec1f3c3670ed96f86738a2cf1c59b5f9b84ffd068f7b4509f53617910a41b811a3f7cd6251f8100008133af11a4db2d00c0adce515e2c9491b7773d5d542be0104d8ca9b92e0f86ce500af490acb9ce69b2f4f9a1345b8c977cfd325d2170c4b8243a8cb4a621d942b6890f5a724e97753f049ab5ba4bf31f4effcbf29e0bbacbbc7f3b572d081e9bf6ee48b8788d946d73e715864a58c7e353eaa1eb4e726f035c112af714d7e7ea088133d90afd430b665fea65e6454c95538a097ffc06bbf05cfbcd25a9508b9851ffccd3974d1553d86982635fdaaaae91981863a0d4b60e77bf68631cf0f9838cba2194bd8d73a319f8a5fdccf713e1c3456cb5555da785f89c6a828efa65f39a88fc3da2c738548c07975ccd7efe261e0b0f43bff0ea1103cc72b9d4ec8eda9c175010708cf7e4fe3bf5345be8c59099fdcfc9c642eca20537caba430ffbd3a619cffea600818714c7060a367c96e04c985f2e4ec5cc9c9187c0200ed6000000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6000, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r2, 0x401070ca, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x10, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuacct.usage\x00', 0x2, 0x0) r4 = openat$cgroup_ro(r0, &(0x7f0000000040)='cpuset.memory_pressure\x00', 0x0, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) sendfile(r3, r4, 0x0, 0x9c) preadv(r4, &(0x7f0000000300)=[{&(0x7f0000000540)=""/238, 0xee}], 0x1, 0x0, 0x0) 191.523005ms ago: executing program 1 (id=446): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000070018110000", @ANYRES32, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000200b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b00)={&(0x7f0000000980)='br_fdb_add\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="280000001c000100000000000000000007000000", @ANYRES32=r4, @ANYBLOB="4000aa000a0002"], 0x28}}, 0x0) 81.650727ms ago: executing program 1 (id=447): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r1, 0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r2, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c00000000000000120000f1850000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r4, 0x4020565b, &(0x7f00000001c0)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000300)='hrtimer_expire_entry\x00', r3}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x3, 0x0, &(0x7f00002bf000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TEST(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x38, 0xb, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x38}}, 0x0) 0s ago: executing program 1 (id=448): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r0, 0xffffffffffffffff, 0x26, 0x0, 0x0, @void, @value}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, 0x0, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(0xffffffffffffffff, 0x0, 0x0) io_submit(0x0, 0x0, 0x0) r2 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000580)={'vxcan0\x00', 0x0}) connect$can_bcm(r2, &(0x7f00000005c0)={0x1d, r3}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000040)={'vxcan1\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r6}}, 0x24}}, 0x0) kernel console output (not intermixed with test programs): ts on: batadv_slave_0 [ 65.361792][ T5358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.365803][ T5358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.369816][ T5358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.373991][ T5358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.377717][ T5358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.382815][ T5358] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.389461][ T5358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.395555][ T5358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.399617][ T5358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.406344][ T5358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.410247][ T5358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.415779][ T5358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.420756][ T5358] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.427748][ T5361] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.437095][ T5361] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.440409][ T5361] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.446508][ T5361] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.459973][ T5358] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.463735][ T5358] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.467052][ T5358] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.470404][ T5358] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.506634][ T5425] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 65.537057][ T5425] netlink: 'syz.1.2': attribute type 4 has an invalid length. [ 65.596519][ T3163] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.600006][ T3163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.626276][ T3163] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.629442][ T3163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.648107][ T1102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.662232][ T1102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.668442][ T3163] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.675150][ T3163] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.709543][ T1102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.713872][ T1102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.792425][ T3163] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.806013][ T3163] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.881489][ T39] audit: type=1326 audit(1726139036.734:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5429 comm="syz.1.5" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 65.890327][ T39] audit: type=1326 audit(1726139036.734:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5429 comm="syz.1.5" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 65.903974][ T5432] binder: 5431:5432 ioctl 4018620d 0 returned -22 [ 65.919158][ T39] audit: type=1326 audit(1726139036.744:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5429 comm="syz.1.5" exe="/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 65.928971][ T39] audit: type=1326 audit(1726139036.744:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5429 comm="syz.1.5" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 65.941881][ T39] audit: type=1326 audit(1726139036.764:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5429 comm="syz.1.5" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 65.951315][ T39] audit: type=1326 audit(1726139036.764:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5429 comm="syz.1.5" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 65.960472][ T39] audit: type=1326 audit(1726139036.764:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5429 comm="syz.1.5" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 65.973359][ T39] audit: type=1326 audit(1726139036.764:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5429 comm="syz.1.5" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 65.982456][ T39] audit: type=1326 audit(1726139036.774:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5429 comm="syz.1.5" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 65.991822][ T39] audit: type=1326 audit(1726139036.794:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5429 comm="syz.1.5" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 66.096946][ T5436] binder: 5431:5436 ioctl c0306201 0 returned -14 [ 66.568551][ T5442] usb usb9: usbfs: process 5442 (syz.2.3) did not claim interface 0 before use [ 66.580486][ T5442] usb usb9: selecting invalid altsetting 21783 [ 66.793315][ T5367] Bluetooth: hci0: command tx timeout [ 66.851788][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.855458][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.871753][ T5367] Bluetooth: hci3: command tx timeout [ 66.874130][ T5367] Bluetooth: hci1: command tx timeout [ 66.876277][ T5367] Bluetooth: hci2: command tx timeout [ 67.011236][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 67.091129][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 67.111070][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 67.131009][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2c2!!! [ 67.151065][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 67.171040][ T25] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 67.341188][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 67.396422][ T25] usb 6-1: config 0 has no interfaces? [ 67.398825][ T25] usb 6-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 67.410265][ T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.423418][ T25] usb 6-1: config 0 descriptor?? [ 67.453253][ T5449] syz.3.7[5449] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 67.453401][ T5449] syz.3.7[5449] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 67.831424][ T5455] ip6gretap0: entered promiscuous mode [ 67.832393][ T5455] vlan2: entered promiscuous mode [ 67.832514][ T5455] vlan2: entered allmulticast mode [ 67.832527][ T5455] ip6gretap0: entered allmulticast mode [ 67.856124][ T5455] ip6gretap0: left allmulticast mode [ 67.856979][ T5455] ip6gretap0: left promiscuous mode [ 68.121076][ T5422] usb 6-1: USB disconnect, device number 2 [ 68.669119][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 68.829751][ T5459] Illegal XDP return value 4294967274 on prog (id 10) dev N/A, expect packet loss! [ 68.871138][ T5367] Bluetooth: hci0: command tx timeout [ 68.951401][ T5374] Bluetooth: hci3: command tx timeout [ 68.954178][ T5374] Bluetooth: hci2: command tx timeout [ 68.962702][ T5367] Bluetooth: hci1: command tx timeout [ 69.055172][ T5462] Process accounting resumed [ 70.001682][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 70.069492][ T5475] input: syz0 as /devices/virtual/input/input5 [ 70.758416][ T5486] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 70.983271][ T5489] overlayfs: failed to resolve './file0': -2 [ 71.423819][ T5374] Bluetooth: Unexpected continuation frame (len 34) [ 71.440153][ T1376] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.444156][ T1376] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.004409][ T5504] block nbd0: shutting down sockets [ 72.678265][ T39] kauditd_printk_skb: 53 callbacks suppressed [ 72.678279][ T39] audit: type=1326 audit(1726139044.538:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5512 comm="syz.0.27" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000 [ 72.707080][ T39] audit: type=1326 audit(1726139044.558:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5512 comm="syz.0.27" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000 [ 72.718230][ T5522] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 72.731754][ T39] audit: type=1326 audit(1726139044.558:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5512 comm="syz.0.27" exe="/syz-executor" sig=0 arch=40000003 syscall=170 compat=1 ip=0xf7f25579 code=0x7ffc0000 [ 72.751157][ T39] audit: type=1326 audit(1726139044.558:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5512 comm="syz.0.27" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000 [ 72.766318][ T39] audit: type=1326 audit(1726139044.558:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5512 comm="syz.0.27" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000 [ 72.784710][ T39] audit: type=1326 audit(1726139044.568:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5512 comm="syz.0.27" exe="/syz-executor" sig=0 arch=40000003 syscall=106 compat=1 ip=0xf7f25579 code=0x7ffc0000 [ 72.799188][ T39] audit: type=1326 audit(1726139044.568:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5512 comm="syz.0.27" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000 [ 72.813633][ T39] audit: type=1326 audit(1726139044.588:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5512 comm="syz.0.27" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000 [ 72.823457][ T39] audit: type=1326 audit(1726139044.588:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5512 comm="syz.0.27" exe="/syz-executor" sig=0 arch=40000003 syscall=71 compat=1 ip=0xf7f25579 code=0x7ffc0000 [ 72.833040][ T39] audit: type=1326 audit(1726139044.588:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5512 comm="syz.0.27" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000 [ 73.147795][ T5526] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10) [ 73.151082][ T5526] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 73.176942][ T5526] vhci_hcd vhci_hcd.0: Device attached [ 73.199912][ T5531] vhci_hcd: connection closed [ 73.204041][ T1099] vhci_hcd: stop threads [ 73.213037][ T1099] vhci_hcd: release socket [ 73.215256][ T1099] vhci_hcd: disconnect device [ 73.465143][ T5536] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 73.467968][ T5536] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 73.471632][ T5536] vhci_hcd vhci_hcd.0: Device attached [ 73.485757][ T5536] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 73.488691][ T5536] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 73.494491][ T5536] vhci_hcd vhci_hcd.0: Device attached [ 73.501662][ T5540] usbip_core: unknown command [ 73.511076][ T5540] vhci_hcd: unknown pdu 0 [ 73.512956][ T5540] usbip_core: unknown command [ 73.515672][ T1099] vhci_hcd: stop threads [ 73.517565][ T1099] vhci_hcd: release socket [ 73.518662][ T5537] vhci_hcd: connection closed [ 73.519529][ T1099] vhci_hcd: disconnect device [ 73.526807][ T1099] vhci_hcd: stop threads [ 73.529100][ T1099] vhci_hcd: release socket [ 73.531692][ T1099] vhci_hcd: disconnect device [ 73.983406][ T5549] Zero length message leads to an empty skb [ 74.247800][ T3187] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.362040][ T3187] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.371113][ T5553] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 74.387215][ T5553] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 74.399222][ T5553] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 74.412291][ T5553] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 74.484779][ T3187] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.621476][ T3187] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.632057][ T5367] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 74.636884][ T5367] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 74.644996][ T5367] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 74.649336][ T5367] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 74.655258][ T5367] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 74.659437][ T5367] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 74.888088][ T3187] bridge_slave_1: left allmulticast mode [ 74.894213][ T3187] bridge_slave_1: left promiscuous mode [ 74.897983][ T3187] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.907385][ T3187] bridge_slave_0: left allmulticast mode [ 74.910301][ T3187] bridge_slave_0: left promiscuous mode [ 74.916428][ T3187] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.435339][ T5367] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 75.440428][ T5367] Bluetooth: hci0: Injecting HCI hardware error event [ 75.446714][ T5367] Bluetooth: hci0: hardware error 0x00 [ 75.510117][ T3187] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 75.528314][ T3187] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 75.536291][ T3187] bond0 (unregistering): Released all slaves [ 75.779717][ T5556] chnl_net:caif_netlink_parms(): no params data found [ 76.107372][ T5556] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.110453][ T5556] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.115099][ T5556] bridge_slave_0: entered allmulticast mode [ 76.120522][ T5556] bridge_slave_0: entered promiscuous mode [ 76.143590][ T3187] hsr_slave_0: left promiscuous mode [ 76.147614][ T3187] hsr_slave_1: left promiscuous mode [ 76.153805][ T3187] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 76.157166][ T3187] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 76.162253][ T3187] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 76.165477][ T3187] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 76.226807][ T3187] veth1_macvtap: left promiscuous mode [ 76.229387][ T3187] veth0_macvtap: left promiscuous mode [ 76.232943][ T3187] veth1_vlan: left promiscuous mode [ 76.235471][ T3187] veth0_vlan: left promiscuous mode [ 76.712234][ T5374] Bluetooth: hci1: command tx timeout [ 76.981167][ T5595] usb usb8: usbfs: process 5595 (syz.2.47) did not claim interface 0 before use [ 77.220491][ T5597] syz.2.48[5597] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 77.220630][ T5597] syz.2.48[5597] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 77.264934][ T3187] team0 (unregistering): Port device team_slave_1 removed [ 77.398909][ T3187] team0 (unregistering): Port device team_slave_0 removed [ 77.512658][ T5367] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 78.194612][ T5556] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.197662][ T5556] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.200847][ T5556] bridge_slave_1: entered allmulticast mode [ 78.207027][ T5556] bridge_slave_1: entered promiscuous mode [ 78.279986][ T5556] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.287895][ T5556] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.386287][ T5556] team0: Port device team_slave_0 added [ 78.404105][ T5556] team0: Port device team_slave_1 added [ 78.509825][ T5556] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.513801][ T5556] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.524917][ T5556] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.565828][ T5556] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.568486][ T5556] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.577492][ T5556] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.695584][ T5556] hsr_slave_0: entered promiscuous mode [ 78.698468][ T5556] hsr_slave_1: entered promiscuous mode [ 78.713435][ T5556] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.717732][ T5556] Cannot create hsr debugfs directory [ 78.791768][ T5367] Bluetooth: hci1: command tx timeout [ 79.619528][ T5556] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.630499][ T5556] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.641436][ T5556] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.650452][ T5556] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 79.759225][ T5556] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.796403][ T5556] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.815251][ T1099] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.818556][ T1099] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.832353][ T3163] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.836181][ T3163] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.108923][ T5556] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.169492][ T5556] veth0_vlan: entered promiscuous mode [ 80.195965][ T5556] veth1_vlan: entered promiscuous mode [ 80.249634][ T5556] veth0_macvtap: entered promiscuous mode [ 80.265807][ T5556] veth1_macvtap: entered promiscuous mode [ 80.284165][ T5556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.289104][ T5556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.294691][ T5556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.299507][ T5556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.305669][ T5556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.310259][ T5556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.317430][ T5556] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.337310][ T5556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.351096][ T5556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.355438][ T5556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.360337][ T5556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.378873][ T5556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.384857][ T5556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.390900][ T5556] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.402082][ T5556] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.405998][ T5556] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.412092][ T5556] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.416246][ T5556] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.568646][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.575943][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.609549][ T3163] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.615465][ T3163] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.681179][ T10] cfg80211: failed to load regulatory.db [ 81.780425][ T5711] Bluetooth: MGMT ver 1.23 [ 82.111081][ T10] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 82.296759][ T10] usb 6-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 82.301042][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.306644][ T10] usb 6-1: config 0 descriptor?? [ 82.519751][ T10] usb 6-1: string descriptor 0 read error: -71 [ 82.527050][ T10] ums-realtek 6-1:0.0: USB Mass Storage device detected [ 82.620159][ T10] usb 6-1: USB disconnect, device number 3 [ 82.807411][ T5725] netlink: 64 bytes leftover after parsing attributes in process `syz.2.78'. [ 83.474763][ T3163] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.562445][ T5740] syz.3.85[5740] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 83.562590][ T5740] syz.3.85[5740] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 83.687689][ T5748] netlink: 32 bytes leftover after parsing attributes in process `syz.3.87'. [ 83.800516][ T5360] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 83.806354][ T5360] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 83.810220][ T5360] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 83.814318][ T5360] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 83.818489][ T5360] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 83.822002][ T5360] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 83.832369][ T5360] Bluetooth: hci3: command 0x1407 tx timeout [ 83.840358][ T5367] Bluetooth: hci3: Opcode 0x1407 failed: -110 [ 83.981934][ T5423] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 84.045430][ T5750] chnl_net:caif_netlink_parms(): no params data found [ 84.161243][ T5423] usb 7-1: Using ep0 maxpacket: 16 [ 84.179021][ T5423] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 84.188939][ T5423] usb 7-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55 [ 84.190771][ T5763] ip6gretap1: entered allmulticast mode [ 84.194771][ T5423] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 84.199548][ T5423] usb 7-1: Product: syz [ 84.202243][ T5423] usb 7-1: Manufacturer: syz [ 84.204537][ T5423] usb 7-1: SerialNumber: syz [ 84.217739][ T5423] usb 7-1: config 0 descriptor?? [ 84.249568][ T5423] usb 7-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 84.289121][ T5750] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.298680][ T5750] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.305248][ T5750] bridge_slave_0: entered allmulticast mode [ 84.309308][ T5750] bridge_slave_0: entered promiscuous mode [ 84.320750][ T5750] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.325753][ T5750] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.329393][ T5750] bridge_slave_1: entered allmulticast mode [ 84.334038][ T5750] bridge_slave_1: entered promiscuous mode [ 84.339528][ T5772] syz.3.95[5772] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 84.339668][ T5772] syz.3.95[5772] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 84.427133][ T5750] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.434709][ T25] usb 7-1: USB disconnect, device number 2 [ 84.436055][ T11] usb 7-1: Failed to submit usb control message: -71 [ 84.436168][ T11] usb 7-1: unable to send the bmi data to the device: -71 [ 84.436185][ T11] usb 7-1: unable to get target info from device [ 84.436198][ T11] usb 7-1: could not get target info (-71) [ 84.436423][ T11] usb 7-1: could not probe fw (-71) [ 84.455861][ T5750] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.526293][ T5750] team0: Port device team_slave_0 added [ 84.543734][ T5750] team0: Port device team_slave_1 added [ 84.581090][ T5423] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 84.604356][ T5750] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.607649][ T5750] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.618983][ T5750] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.626228][ T5750] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.629678][ T5750] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.641479][ T5750] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.708374][ T5750] hsr_slave_0: entered promiscuous mode [ 84.715595][ T5750] hsr_slave_1: entered promiscuous mode [ 84.719007][ T5750] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 84.723585][ T5750] Cannot create hsr debugfs directory [ 84.762501][ T5423] usb 6-1: config 120 has too many interfaces: 48, using maximum allowed: 32 [ 84.771205][ T5423] usb 6-1: config 120 descriptor has 1 excess byte, ignoring [ 84.773841][ T5423] usb 6-1: config 120 has 0 interfaces, different from the descriptor's value: 48 [ 84.781108][ T5423] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 84.784788][ T5423] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.000227][ T5423] usb 6-1: USB disconnect, device number 4 [ 85.120415][ T5788] netlink: 'syz.2.99': attribute type 10 has an invalid length. [ 85.129072][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.134354][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.152926][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.156209][ T5788] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.160621][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.163846][ T5788] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.171417][ T5788] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 85.691026][ T25] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 85.704754][ T5805] team_slave_0: entered promiscuous mode [ 85.707098][ T5805] team_slave_1: entered promiscuous mode [ 85.709508][ T5805] vlan2: entered promiscuous mode [ 85.712094][ T5805] team0: entered promiscuous mode [ 85.718277][ T5805] team0: left promiscuous mode [ 85.721048][ T5805] team_slave_0: left promiscuous mode [ 85.723464][ T5805] team_slave_1: left promiscuous mode [ 85.870795][ T5807] capability: warning: `syz.1.108' uses deprecated v2 capabilities in a way that may be insecure [ 85.874017][ T25] usb 8-1: too many configurations: 9, using maximum allowed: 8 [ 85.890701][ T25] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 85.895023][ T25] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 85.905121][ T25] usb 8-1: config 0 interface 0 has no altsetting 0 [ 85.909333][ T25] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 85.915845][ T5367] Bluetooth: hci1: command tx timeout [ 85.924461][ T3163] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.925979][ T25] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 85.934412][ T25] usb 8-1: config 0 interface 0 has no altsetting 0 [ 85.940399][ T25] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 85.944717][ T25] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 85.949592][ T25] usb 8-1: config 0 interface 0 has no altsetting 0 [ 85.954392][ T25] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 85.958570][ T25] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 85.964747][ T25] usb 8-1: config 0 interface 0 has no altsetting 0 [ 85.969584][ T25] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 85.973824][ T25] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 85.978688][ T25] usb 8-1: config 0 interface 0 has no altsetting 0 [ 85.987819][ T25] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 85.992225][ T25] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 85.996816][ T25] usb 8-1: config 0 interface 0 has no altsetting 0 [ 86.001326][ T25] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 86.005094][ T25] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 86.009407][ T25] usb 8-1: config 0 interface 0 has no altsetting 0 [ 86.014753][ T25] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 86.020615][ T25] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 86.025854][ T25] usb 8-1: config 0 interface 0 has no altsetting 0 [ 86.030894][ T25] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 86.034921][ T25] usb 8-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 86.038508][ T25] usb 8-1: Product: syz [ 86.040311][ T25] usb 8-1: Manufacturer: syz [ 86.044338][ T25] usb 8-1: SerialNumber: syz [ 86.048420][ T25] usb 8-1: config 0 descriptor?? [ 86.073110][ T25] yurex 8-1:0.0: USB YUREX device now attached to Yurex #0 [ 86.107256][ T3163] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.215031][ T3163] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.262858][ T25] usb 8-1: USB disconnect, device number 2 [ 86.269249][ T25] yurex 8-1:0.0: USB YUREX #0 now disconnected [ 86.424354][ T3163] bridge_slave_1: left allmulticast mode [ 86.426932][ T3163] bridge_slave_1: left promiscuous mode [ 86.429586][ T3163] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.445626][ T3163] bridge_slave_0: left allmulticast mode [ 86.448195][ T3163] bridge_slave_0: left promiscuous mode [ 86.450882][ T3163] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.603285][ T5792] syz.2.101 (5792): drop_caches: 1 [ 86.647332][ T5799] syz.3.104 uses obsolete (PF_INET,SOCK_PACKET) [ 87.021978][ T3163] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 87.038621][ T3163] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 87.053312][ T3163] bond0 (unregistering): Released all slaves [ 87.412073][ T5830] netlink: 'syz.3.113': attribute type 10 has an invalid length. [ 87.643882][ T3163] hsr_slave_0: left promiscuous mode [ 87.654307][ T3163] hsr_slave_1: left promiscuous mode [ 87.666833][ T3163] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 87.671390][ T3163] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 87.681528][ T3163] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 87.685148][ T3163] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 87.768153][ T3163] veth1_macvtap: left promiscuous mode [ 87.771895][ T3163] veth0_macvtap: left promiscuous mode [ 87.781261][ T3163] veth1_vlan: left promiscuous mode [ 87.787014][ T3163] veth0_vlan: left promiscuous mode [ 87.834426][ T39] kauditd_printk_skb: 21 callbacks suppressed [ 87.834440][ T39] audit: type=1326 audit(1726139059.698:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5838 comm="syz.2.115" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x0 [ 87.991118][ T5367] Bluetooth: hci1: command tx timeout [ 88.949023][ T3163] team0 (unregistering): Port device team_slave_1 removed [ 89.043131][ T3163] team0 (unregistering): Port device team_slave_0 removed [ 89.753855][ T5845] netlink: 'syz.2.115': attribute type 4 has an invalid length. [ 89.770708][ T5750] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.778199][ T5750] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.786866][ T5845] syz.2.115 (5845) used greatest stack depth: 21296 bytes left [ 89.801246][ T5750] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.813878][ T5750] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.878717][ T5866] geneve2: entered promiscuous mode [ 89.888074][ T5866] geneve2: entered allmulticast mode [ 89.973644][ T5873] netlink: 'syz.2.125': attribute type 4 has an invalid length. [ 90.041638][ T5750] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.064969][ T5750] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.071163][ T5367] Bluetooth: hci1: command tx timeout [ 90.087681][ T1099] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.090505][ T1099] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.100366][ T1099] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.103661][ T1099] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.120845][ T5876] sch_fq: defrate 0 ignored. [ 90.245238][ T39] audit: type=1326 audit(1726139062.108:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5881 comm="syz.2.129" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7fc00000 [ 90.251818][ T5886] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks [ 90.255016][ T39] audit: type=1326 audit(1726139062.108:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5881 comm="syz.2.129" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fe6579 code=0x7fc00000 [ 90.259344][ T5887] netlink: 104 bytes leftover after parsing attributes in process `syz.2.129'. [ 90.424403][ T5750] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.463442][ T5750] veth0_vlan: entered promiscuous mode [ 90.483493][ T5750] veth1_vlan: entered promiscuous mode [ 90.520632][ T5750] veth0_macvtap: entered promiscuous mode [ 90.526397][ T5750] veth1_macvtap: entered promiscuous mode [ 90.541734][ T5750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.548574][ T5750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.554442][ T5750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.559099][ T5750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.563326][ T5750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.567800][ T5750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.574056][ T5750] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.583972][ T5750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.588663][ T5750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.595740][ T5750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.600681][ T5750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.605474][ T5750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.610156][ T5750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.616574][ T5750] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.623996][ T5750] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.627938][ T5750] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.632064][ T5750] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.635969][ T5750] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.708731][ T3187] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.715065][ T3187] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.746089][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.750097][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.010014][ T5905] ALSA: seq fatal error: cannot create timer (-22) [ 91.013271][ T39] audit: type=1326 audit(1726139062.878:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5881 comm="syz.2.129" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7fc00000 [ 91.061809][ T5402] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 91.242415][ T5402] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid maxpacket 8192, setting to 1024 [ 91.248192][ T5402] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 1024 [ 91.258339][ T5402] usb 6-1: New USB device found, idVendor=0499, idProduct=1035, bcdDevice=56.12 [ 91.267114][ T5402] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.277585][ T5402] usb 6-1: config 0 descriptor?? [ 91.288482][ T5402] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 91.498839][ T5544] usb 6-1: USB disconnect, device number 5 [ 92.720030][ T39] audit: type=1804 audit(1726139064.578:100): pid=5946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.149" name="/newroot/53/bus/bus" dev="overlay" ino=301 res=1 errno=0 [ 92.731966][ T5946] evm: overlay not supported [ 92.735313][ T5946] Invalid ELF header magic: != ELF [ 93.051056][ T5544] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 93.240997][ T5544] usb 6-1: Using ep0 maxpacket: 32 [ 93.247211][ T5544] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 93.250252][ T5544] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 93.257555][ T5544] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 93.261342][ T5544] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 93.264435][ T5544] usb 6-1: Product: syz [ 93.266028][ T5544] usb 6-1: Manufacturer: syz [ 93.268424][ T5544] usb 6-1: SerialNumber: syz [ 93.272347][ T5544] usb 6-1: config 0 descriptor?? [ 93.276614][ T5544] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 93.282429][ T5544] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 93.418808][ T1144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.490408][ T64] usb 6-1: USB disconnect, device number 6 [ 93.490485][ C1] ldusb 6-1:0.0: usb_submit_urb failed (-19) [ 93.498673][ T64] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 93.669377][ T5954] syz.2.151[5954] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 93.669519][ T5954] syz.2.151[5954] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 93.716282][ T5374] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 93.727076][ T5374] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 93.732139][ T5374] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 93.737327][ T5374] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 93.741107][ T5374] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 93.744229][ T5374] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 93.888526][ T5963] netlink: 'syz.3.153': attribute type 15 has an invalid length. [ 93.989179][ T5956] chnl_net:caif_netlink_parms(): no params data found [ 94.116670][ T5956] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.120688][ T5956] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.124305][ T5956] bridge_slave_0: entered allmulticast mode [ 94.128249][ T5956] bridge_slave_0: entered promiscuous mode [ 94.133656][ T5956] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.136830][ T5956] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.140207][ T5956] bridge_slave_1: entered allmulticast mode [ 94.144299][ T5956] bridge_slave_1: entered promiscuous mode [ 94.254697][ T5956] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.283521][ T5956] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.479739][ T5956] team0: Port device team_slave_0 added [ 94.518385][ T5956] team0: Port device team_slave_1 added [ 94.609342][ T5956] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.615143][ T5956] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.638298][ T5956] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.650378][ T5956] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.657216][ T5956] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.667573][ T5956] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.745442][ T5956] hsr_slave_0: entered promiscuous mode [ 94.749459][ T5956] hsr_slave_1: entered promiscuous mode [ 94.757502][ T5956] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.760534][ T5956] Cannot create hsr debugfs directory [ 94.771195][ T58] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 94.842700][ T5989] syz.2.160[5989] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 94.842851][ T5989] syz.2.160[5989] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 94.961534][ T58] usb 8-1: Using ep0 maxpacket: 32 [ 94.974719][ T58] usb 8-1: config index 0 descriptor too short (expected 29220, got 36) [ 94.978152][ T58] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 94.991064][ T58] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 94.994603][ T58] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 94.997804][ T58] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 95.002561][ T58] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 95.006641][ T58] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 95.012541][ T58] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 95.016432][ T58] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.022465][ T58] usb 8-1: config 0 descriptor?? [ 95.831712][ T5367] Bluetooth: hci1: command tx timeout [ 96.217370][ T1144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.288093][ T1144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.319260][ T6016] ALSA: seq fatal error: cannot create timer (-22) [ 96.359694][ T1144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.539556][ T1144] bridge_slave_1: left allmulticast mode [ 96.550977][ T1144] bridge_slave_1: left promiscuous mode [ 96.554090][ T1144] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.562427][ T1144] bridge_slave_0: left allmulticast mode [ 96.564774][ T1144] bridge_slave_0: left promiscuous mode [ 96.567178][ T1144] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.032904][ T1144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 97.045051][ T1144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 97.068356][ T1144] bond0 (unregistering): Released all slaves [ 97.438247][ T5402] usb 8-1: USB disconnect, device number 3 [ 97.645156][ T1144] hsr_slave_0: left promiscuous mode [ 97.649575][ T1144] hsr_slave_1: left promiscuous mode [ 97.666229][ T1144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 97.669497][ T1144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 97.681636][ T1144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 97.684587][ T1144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 97.770783][ T1144] veth1_macvtap: left promiscuous mode [ 97.773412][ T1144] veth0_macvtap: left promiscuous mode [ 97.775821][ T1144] veth1_vlan: left promiscuous mode [ 97.777756][ T1144] veth0_vlan: left promiscuous mode [ 97.912802][ T5367] Bluetooth: hci1: command tx timeout [ 98.790177][ T6044] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 98.960139][ T1144] team0 (unregistering): Port device team_slave_1 removed [ 99.063968][ T1144] team0 (unregistering): Port device team_slave_0 removed [ 99.981836][ T5956] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 99.998785][ T5956] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 100.004417][ T5367] Bluetooth: hci1: command tx timeout [ 100.031923][ T5956] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 100.044704][ T5956] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 100.209171][ T5956] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.253683][ T5956] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.268337][ T1107] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.271511][ T1107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.281923][ T1107] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.284783][ T1107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.405369][ T10] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 100.477273][ T5956] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.519450][ T5956] veth0_vlan: entered promiscuous mode [ 100.526400][ T5956] veth1_vlan: entered promiscuous mode [ 100.552482][ T5956] veth0_macvtap: entered promiscuous mode [ 100.559349][ T5956] veth1_macvtap: entered promiscuous mode [ 100.577099][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 100.582052][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.586048][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 100.590522][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.592803][ T10] usb 8-1: config 0 has no interfaces? [ 100.595297][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 100.597205][ T10] usb 8-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00 [ 100.602470][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.611230][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.614229][ T5956] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.630246][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 100.631844][ T10] usb 8-1: config 0 descriptor?? [ 100.636661][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.640450][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 100.644083][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.647639][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 100.652129][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.656851][ T5956] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.664494][ T5956] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.667738][ T5956] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.671600][ T5956] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.674498][ T5956] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.761591][ T3187] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.765035][ T3187] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.807858][ T3187] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.812904][ T3187] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.861859][ T5368] usb 8-1: USB disconnect, device number 4 [ 100.897156][ T39] audit: type=1326 audit(1726139072.758:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6084 comm="syz.1.184" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 100.906396][ T39] audit: type=1326 audit(1726139072.768:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6084 comm="syz.1.184" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 100.914607][ T39] audit: type=1326 audit(1726139072.768:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6084 comm="syz.1.184" exe="/syz-executor" sig=0 arch=40000003 syscall=261 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 100.929272][ T39] audit: type=1326 audit(1726139072.768:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6084 comm="syz.1.184" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 101.060351][ T6088] syz.1.185: attempt to access beyond end of device [ 101.060351][ T6088] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 101.066929][ T6088] efs: cannot read volume header [ 101.316671][ T39] audit: type=1326 audit(1726139073.178:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6095 comm="syz.2.189" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x0 [ 102.121381][ T35] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 102.323443][ T35] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 102.328604][ T35] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 31, changing to 7 [ 102.351047][ T35] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 102.362002][ T35] usb 6-1: string descriptor 0 read error: -22 [ 102.365587][ T35] usb 6-1: New USB device found, idVendor=2013, idProduct=0251, bcdDevice=e8.6e [ 102.370204][ T35] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.377483][ T35] usb 6-1: config 0 descriptor?? [ 102.391796][ T35] em28xx 6-1:0.0: New device @ 480 Mbps (2013:0251, interface 0, class 0) [ 102.395795][ T35] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class) [ 102.672222][ T35] em28xx 6-1:0.0: unknown em28xx chip ID (0) [ 102.675671][ T35] em28xx 6-1:0.0: Config register raw data: 0xfffffffb [ 102.679490][ T35] em28xx 6-1:0.0: AC97 chip type couldn't be determined [ 102.683774][ T35] em28xx 6-1:0.0: No AC97 audio processor [ 102.694254][ T35] usb 6-1: USB disconnect, device number 7 [ 102.698705][ T35] em28xx 6-1:0.0: Disconnecting em28xx [ 102.710266][ T35] em28xx 6-1:0.0: Freeing device [ 103.858630][ T1101] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.658318][ T5374] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 104.663611][ T5374] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 104.668544][ T5374] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 104.677455][ T5374] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 104.677937][ T6178] netlink: 'syz.1.218': attribute type 10 has an invalid length. [ 104.686893][ T5374] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 104.691801][ T5374] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 104.705796][ T6177] xt_CT: You must specify a L4 protocol and not use inversions on it [ 104.716582][ T6178] team0: Failed to send options change via netlink (err -105) [ 104.720018][ T6178] team0: Port device netdevsim0 added [ 104.755847][ T6178] netlink: 56 bytes leftover after parsing attributes in process `syz.1.218'. [ 104.860874][ T39] audit: type=1326 audit(1726139076.718:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.1.220" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 104.880899][ T39] audit: type=1326 audit(1726139076.718:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.1.220" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 104.931012][ T39] audit: type=1326 audit(1726139076.788:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.1.220" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 104.952953][ T6173] chnl_net:caif_netlink_parms(): no params data found [ 104.967773][ T39] audit: type=1326 audit(1726139076.788:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.1.220" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 104.990485][ T39] audit: type=1326 audit(1726139076.788:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.1.220" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 105.218352][ T6173] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.227219][ T6173] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.238872][ T6173] bridge_slave_0: entered allmulticast mode [ 105.243803][ T6173] bridge_slave_0: entered promiscuous mode [ 105.258674][ T6173] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.264508][ T6173] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.267623][ T6173] bridge_slave_1: entered allmulticast mode [ 105.271676][ T6173] bridge_slave_1: entered promiscuous mode [ 105.461464][ T6173] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.483401][ T6173] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.674566][ T6173] team0: Port device team_slave_0 added [ 105.684729][ T6173] team0: Port device team_slave_1 added [ 105.771670][ T6173] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.774523][ T6173] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.785935][ T6173] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.791458][ T6173] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.793838][ T6173] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.803826][ T6173] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.003392][ T6173] hsr_slave_0: entered promiscuous mode [ 106.007975][ T6173] hsr_slave_1: entered promiscuous mode [ 106.021354][ T6173] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 106.024613][ T6173] Cannot create hsr debugfs directory [ 106.334646][ T6203] netlink: 124 bytes leftover after parsing attributes in process `syz.2.227'. [ 106.338111][ T6203] netlink: 124 bytes leftover after parsing attributes in process `syz.2.227'. [ 106.722257][ T1101] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.722318][ T5367] Bluetooth: hci1: command tx timeout [ 106.824423][ T1101] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.918533][ T1101] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.941107][ T1414] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 107.098624][ T6218] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks [ 107.128144][ T1101] bridge_slave_1: left allmulticast mode [ 107.130795][ T1101] bridge_slave_1: left promiscuous mode [ 107.131041][ T1414] usb 6-1: Using ep0 maxpacket: 32 [ 107.134944][ T1101] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.142683][ T1414] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 107.142727][ T1101] bridge_slave_0: left allmulticast mode [ 107.146891][ T1414] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 107.149359][ T1101] bridge_slave_0: left promiscuous mode [ 107.156036][ T1101] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.157072][ T1414] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 107.165236][ T1414] usb 6-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 107.169044][ T1414] usb 6-1: Product: syz [ 107.173802][ T1414] usb 6-1: Manufacturer: syz [ 107.179788][ T1414] hub 6-1:4.0: USB hub found [ 107.453289][ T1414] hub 6-1:4.0: config failed, hub has too many ports! (err -19) [ 107.750519][ T1101] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 107.764683][ T1101] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 107.770257][ T1101] bond0 (unregistering): Released all slaves [ 107.821376][ T64] usb 6-1: USB disconnect, device number 8 [ 108.428366][ T1101] hsr_slave_0: left promiscuous mode [ 108.435299][ T1101] hsr_slave_1: left promiscuous mode [ 108.442371][ T1101] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 108.475674][ T1101] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 108.480306][ T1101] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 108.495467][ T1101] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 108.576003][ T1101] veth1_macvtap: left promiscuous mode [ 108.578075][ T1101] veth0_macvtap: left promiscuous mode [ 108.578414][ T6243] ALSA: seq fatal error: cannot create timer (-22) [ 108.580328][ T1101] veth1_vlan: left promiscuous mode [ 108.591115][ T1101] veth0_vlan: left promiscuous mode [ 108.711831][ T5544] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 108.791163][ T5367] Bluetooth: hci1: command tx timeout [ 108.867424][ T5544] usb 7-1: device descriptor read/64, error -71 [ 109.157242][ T5544] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 109.331015][ T5544] usb 7-1: device descriptor read/64, error -71 [ 109.472812][ T5544] usb usb7-port1: attempt power cycle [ 109.808146][ T1101] team0 (unregistering): Port device team_slave_1 removed [ 109.918851][ T1101] team0 (unregistering): Port device team_slave_0 removed [ 109.920998][ T5544] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 109.961675][ T5544] usb 7-1: device descriptor read/8, error -71 [ 110.241048][ T5544] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 110.272622][ T5544] usb 7-1: device descriptor read/8, error -71 [ 110.399783][ T5544] usb usb7-port1: unable to enumerate USB device [ 110.784953][ T6173] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 110.796823][ T6173] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 110.810819][ T6173] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 110.826311][ T6173] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 110.871122][ T5367] Bluetooth: hci1: command tx timeout [ 111.031230][ T6173] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.075545][ T6173] 8021q: adding VLAN 0 to HW filter on device team0 [ 111.085271][ T1144] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.085661][ T6257] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 111.088527][ T1144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.094517][ T6257] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 111.099084][ T6257] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 111.114071][ T1107] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.117451][ T1107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.362808][ T6173] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 111.404131][ T6173] veth0_vlan: entered promiscuous mode [ 111.413964][ T6173] veth1_vlan: entered promiscuous mode [ 111.449410][ T6173] veth0_macvtap: entered promiscuous mode [ 111.459643][ T6173] veth1_macvtap: entered promiscuous mode [ 111.477754][ T6173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 111.487338][ T6173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.493406][ T6173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 111.498113][ T6173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.502707][ T6173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 111.507048][ T6173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.513373][ T6173] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.522557][ T6173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 111.526838][ T6173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.530773][ T6173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 111.536616][ T6173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.540827][ T6173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 111.545961][ T6173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.552369][ T6173] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.561639][ T6173] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.565473][ T6173] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.569301][ T6173] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.574947][ T6173] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.650407][ T6273] geneve2: entered promiscuous mode [ 111.654416][ T6273] geneve2: entered allmulticast mode [ 111.659146][ T3163] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.666176][ T3163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.688189][ T3163] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.693517][ T3163] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.852177][ T58] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 112.042617][ T58] usb 7-1: Using ep0 maxpacket: 16 [ 112.050175][ T58] usb 7-1: New USB device found, idVendor=23a7, idProduct=fedc, bcdDevice=e0.0b [ 112.056281][ T58] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.060465][ T58] usb 7-1: Product: syz [ 112.063211][ T58] usb 7-1: Manufacturer: syz [ 112.066230][ T58] usb 7-1: SerialNumber: syz [ 112.077035][ T58] usb 7-1: config 0 descriptor?? [ 112.141076][ T8] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 112.321468][ T8] usb 6-1: Using ep0 maxpacket: 8 [ 112.344486][ T8] usb 6-1: New USB device found, idVendor=046d, idProduct=0900, bcdDevice=66.9e [ 112.348241][ T8] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.358049][ T8] usb 6-1: Product: syz [ 112.359890][ T8] usb 6-1: Manufacturer: syz [ 112.359919][ T6270] netlink: 4 bytes leftover after parsing attributes in process `syz.2.244'. [ 112.362564][ T8] usb 6-1: SerialNumber: syz [ 112.364846][ T8] usb 6-1: config 0 descriptor?? [ 112.377392][ T8] gspca_main: spca500-2.14.0 probing 046d:0900 [ 112.388652][ T6270] netlink: 4 bytes leftover after parsing attributes in process `syz.2.244'. [ 112.407983][ T6270] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 112.413781][ T6270] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 112.435892][ T58] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 112.438954][ T58] usb 7-1: MIDIStreaming interface descriptor not found [ 112.463382][ T58] usb 7-1: USB disconnect, device number 7 [ 112.528799][ T5373] udevd[5373]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 113.091288][ T58] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 113.145834][ T6303] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 113.216239][ T8] gspca_spca500: reg write: error -71 [ 113.219994][ T8] gspca_spca500: reg write: error -71 [ 113.222924][ T8] gspca_spca500: reg write: error -71 [ 113.229318][ T8] gspca_spca500: reg write: error -71 [ 113.232811][ T8] gspca_spca500: reg write: error -71 [ 113.237178][ T8] gspca_spca500: reg write: error -71 [ 113.239898][ T8] gspca_spca500: reg write: error -71 [ 113.243220][ T8] gspca_spca500: reg write: error -71 [ 113.245836][ T8] gspca_spca500: reg write: error -71 [ 113.248400][ T8] gspca_spca500: reg write: error -71 [ 113.251035][ T8] gspca_spca500: reg write: error -71 [ 113.258538][ T8] usb 6-1: USB disconnect, device number 9 [ 113.327584][ T58] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 113.332412][ T58] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 113.335692][ T58] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 113.340635][ T58] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.347799][ T58] usb 8-1: config 0 descriptor?? [ 113.622107][ T58] usb 8-1: string descriptor 0 read error: -71 [ 113.626896][ T58] usb 8-1: USB disconnect, device number 5 [ 113.817079][ T6310] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.821517][ T6310] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.887125][ T6312] netlink: 24 bytes leftover after parsing attributes in process `syz.1.257'. [ 114.031783][ T6313] netlink: 'syz.1.257': attribute type 10 has an invalid length. [ 114.984869][ T3187] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.516272][ T5374] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 115.521979][ T5374] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 115.527425][ T5374] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 115.537853][ T5374] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 115.544652][ T5374] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 115.549563][ T5374] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 115.926709][ T6345] chnl_net:caif_netlink_parms(): no params data found [ 116.156615][ T6345] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.160049][ T6345] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.166162][ T6345] bridge_slave_0: entered allmulticast mode [ 116.180851][ T6345] bridge_slave_0: entered promiscuous mode [ 116.212152][ T6345] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.224273][ T6345] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.228143][ T6345] bridge_slave_1: entered allmulticast mode [ 116.241717][ T6345] bridge_slave_1: entered promiscuous mode [ 116.381026][ T5368] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 116.394529][ T6345] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 116.405069][ T6345] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 116.552181][ T6345] team0: Port device team_slave_0 added [ 116.559290][ T6345] team0: Port device team_slave_1 added [ 116.604271][ T5368] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 116.608479][ T5368] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 116.617992][ T5368] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 116.622858][ T5368] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.636419][ T5368] usb 6-1: config 0 descriptor?? [ 116.669010][ T6374] netlink: 'syz.3.275': attribute type 3 has an invalid length. [ 116.673063][ T6374] netlink: 'syz.3.275': attribute type 3 has an invalid length. [ 116.676507][ T6374] netlink: 'syz.3.275': attribute type 5 has an invalid length. [ 116.729656][ T6345] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 116.751041][ T6345] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.765309][ T6345] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 116.773935][ T6345] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 116.777090][ T6345] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.794230][ T6345] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 116.945421][ T6345] hsr_slave_0: entered promiscuous mode [ 116.955890][ T6345] hsr_slave_1: entered promiscuous mode [ 116.956597][ T6384] sock: sock_timestamping_bind_phc: sock not bind to device [ 116.962815][ T6345] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 116.966478][ T6345] Cannot create hsr debugfs directory [ 117.346304][ T3187] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.544436][ T3187] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.609592][ T5367] Bluetooth: hci1: command tx timeout [ 117.829044][ T3187] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.102320][ T3187] bridge_slave_1: left allmulticast mode [ 118.104719][ T3187] bridge_slave_1: left promiscuous mode [ 118.107922][ T3187] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.160319][ T3187] bridge_slave_0: left allmulticast mode [ 118.223682][ T3187] bridge_slave_0: left promiscuous mode [ 118.226397][ T3187] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.627818][ T5368] usb 6-1: string descriptor 0 read error: -71 [ 118.633365][ T5368] usb 6-1: USB disconnect, device number 10 [ 118.670175][ T6389] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks [ 119.131988][ T3187] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 119.148049][ T3187] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 119.163377][ T3187] bond0 (unregistering): Released all slaves [ 119.671118][ T5367] Bluetooth: hci1: command tx timeout [ 119.817370][ T3187] hsr_slave_0: left promiscuous mode [ 119.827120][ T3187] hsr_slave_1: left promiscuous mode [ 119.832765][ T3187] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 119.837119][ T3187] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 119.852396][ T3187] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 119.855741][ T3187] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 119.873308][ T6414] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks [ 119.895208][ T3187] veth1_macvtap: left promiscuous mode [ 119.897640][ T3187] veth0_macvtap: left promiscuous mode [ 119.900134][ T3187] veth1_vlan: left promiscuous mode [ 119.903471][ T3187] veth0_vlan: left promiscuous mode [ 120.909721][ T3187] team0 (unregistering): Port device team_slave_1 removed [ 121.019464][ T3187] team0 (unregistering): Port device team_slave_0 removed [ 121.751171][ T5367] Bluetooth: hci1: command tx timeout [ 122.239706][ T6345] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 122.274240][ T6345] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 122.315806][ T6345] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 122.364308][ T6345] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 122.447177][ T6439] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks [ 122.524752][ T6436] syz.1.298[6436] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 122.524907][ T6436] syz.1.298[6436] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 122.550126][ T6345] 8021q: adding VLAN 0 to HW filter on device bond0 [ 122.596139][ T6345] 8021q: adding VLAN 0 to HW filter on device team0 [ 122.619808][ T1101] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.622311][ T1101] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.626437][ T1101] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.629135][ T1101] bridge0: port 2(bridge_slave_1) entered forwarding state [ 122.789588][ T6455] warning: `syz.1.302' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 122.842652][ T56] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 122.899229][ T6345] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 122.939075][ T6345] veth0_vlan: entered promiscuous mode [ 122.951676][ T6345] veth1_vlan: entered promiscuous mode [ 122.988371][ T6345] veth0_macvtap: entered promiscuous mode [ 122.998391][ T6345] veth1_macvtap: entered promiscuous mode [ 123.015526][ T6345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.020183][ T6345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.026490][ T6345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.033828][ T56] usb 8-1: config 0 has an invalid interface number: 18 but max is 0 [ 123.037142][ T6345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.040499][ T6345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.044154][ T56] usb 8-1: config 0 has no interface number 0 [ 123.046583][ T56] usb 8-1: New USB device found, idVendor=050d, idProduct=011b, bcdDevice=6f.a4 [ 123.050216][ T56] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.053302][ T6345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.059985][ T56] usb 8-1: config 0 descriptor?? [ 123.063254][ T6345] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 123.073059][ T56] usb 8-1: bad CDC descriptors [ 123.079460][ T6345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 123.084584][ T6345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.089129][ T6345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 123.094111][ T6345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.106583][ T6345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 123.112372][ T6345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.118430][ T6345] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 123.125861][ T6345] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.129262][ T6345] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.132788][ T6345] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.136407][ T6345] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.203779][ T1107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.207252][ T1107] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.235907][ T1107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.239901][ T1107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.287068][ T8] usb 8-1: USB disconnect, device number 6 [ 123.385737][ T6473] syz.1.309[6473] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 123.385885][ T6473] syz.1.309[6473] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 124.107962][ T6494] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks [ 124.275810][ T6502] syz.2.319: attempt to access beyond end of device [ 124.275810][ T6502] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 124.283679][ T6502] efs: cannot read volume header [ 124.708753][ T6504] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 125.041198][ T56] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 125.234081][ T56] usb 7-1: config index 0 descriptor too short (expected 64776, got 68) [ 125.237614][ T56] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 125.251426][ T56] usb 7-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 3, skipping [ 125.255904][ T56] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 125.264302][ T56] usb 7-1: config index 1 descriptor too short (expected 64776, got 68) [ 125.268239][ T56] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 125.282454][ T56] usb 7-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 3, skipping [ 125.287202][ T56] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 125.318367][ T6525] syz.1.329[6525] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 125.318610][ T6525] syz.1.329[6525] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 125.321781][ T56] usb 7-1: string descriptor 0 read error: -71 [ 125.335080][ T56] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 125.341279][ T56] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.375694][ T56] usb 7-1: can't set config #1, error -71 [ 125.379933][ T56] usb 7-1: USB disconnect, device number 8 [ 125.686271][ T6531] syz.3.331: attempt to access beyond end of device [ 125.686271][ T6531] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 125.692207][ T6531] efs: cannot read volume header [ 126.125051][ T6536] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 126.127928][ T6536] overlayfs: failed to set xattr on upper [ 126.130064][ T6536] overlayfs: ...falling back to redirect_dir=nofollow. [ 126.137685][ T6536] overlayfs: ...falling back to index=off. [ 126.141152][ T6536] overlayfs: ...falling back to uuid=null. [ 126.218979][ T1144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.302115][ T5374] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 127.317027][ T5374] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 127.321406][ T5374] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 127.332573][ T5374] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 127.336264][ T5374] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 127.339662][ T5374] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 127.655764][ T6550] chnl_net:caif_netlink_parms(): no params data found [ 127.844402][ T6566] syz.2.340: attempt to access beyond end of device [ 127.844402][ T6566] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 127.849707][ T6566] efs: cannot read volume header [ 128.010641][ T6550] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.034792][ T6550] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.038439][ T6550] bridge_slave_0: entered allmulticast mode [ 128.047988][ T6550] bridge_slave_0: entered promiscuous mode [ 128.083135][ T6550] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.089417][ T6550] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.092649][ T6550] bridge_slave_1: entered allmulticast mode [ 128.096263][ T6550] bridge_slave_1: entered promiscuous mode [ 128.205691][ T6550] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 128.213611][ T6550] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 128.465353][ T6550] team0: Port device team_slave_0 added [ 128.477917][ T6550] team0: Port device team_slave_1 added [ 128.723504][ C0] vcan0: j1939_tp_rxtimer: 0xffff888022082800: rx timeout, send abort [ 128.731842][ T6550] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 128.743768][ T6550] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 128.744951][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888022082800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 128.782578][ T6550] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 128.793618][ T6550] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 128.800019][ T6550] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 128.811240][ T6550] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 129.038886][ T6550] hsr_slave_0: entered promiscuous mode [ 129.060510][ T6550] hsr_slave_1: entered promiscuous mode [ 129.101029][ T6550] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 129.105197][ T6550] Cannot create hsr debugfs directory [ 129.111884][ T6574] netlink: 'syz.2.342': attribute type 13 has an invalid length. [ 129.150472][ T6574] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 129.192327][ T6574] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 129.201048][ T6574] gretap1: entered promiscuous mode [ 129.203055][ T6574] gretap1: entered allmulticast mode [ 129.431122][ T1414] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 129.431552][ T5367] Bluetooth: hci1: command tx timeout [ 129.536016][ T1144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.623086][ T1414] usb 8-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 129.628589][ T1414] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 129.634534][ T1414] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 129.639836][ T1414] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.646509][ T1414] usb 8-1: config 0 descriptor?? [ 129.664991][ T1414] usbhid 8-1:0.0: couldn't find an input interrupt endpoint [ 129.676336][ T1144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.880479][ T1144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.942243][ C0] vcan0: j1939_tp_rxtimer: 0xffff888022080400: rx timeout, send abort [ 129.945708][ C0] vcan0: j1939_tp_rxtimer: 0xffff888022083800: rx timeout, send abort [ 129.949258][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888022080400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 129.956589][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888022083800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 130.063590][ T1144] bridge_slave_1: left allmulticast mode [ 130.066039][ T1144] bridge_slave_1: left promiscuous mode [ 130.068915][ T1144] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.084884][ T1144] bridge_slave_0: left allmulticast mode [ 130.088800][ T1144] bridge_slave_0: left promiscuous mode [ 130.095218][ T1144] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.462994][ T6593] netlink: 24 bytes leftover after parsing attributes in process `syz.2.349'. [ 130.599091][ T1144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 130.607340][ T1144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 130.615087][ T1144] bond0 (unregistering): Released all slaves [ 131.105889][ T1144] hsr_slave_0: left promiscuous mode [ 131.124240][ T1144] hsr_slave_1: left promiscuous mode [ 131.129935][ T1144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 131.138721][ T1144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 131.143937][ T1144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 131.148339][ T1144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 131.216675][ T1144] veth1_macvtap: left promiscuous mode [ 131.219346][ T1144] veth0_macvtap: left promiscuous mode [ 131.223335][ T1144] veth1_vlan: left promiscuous mode [ 131.226500][ T1144] veth0_vlan: left promiscuous mode [ 131.255029][ T6616] ALSA: seq fatal error: cannot create timer (-22) [ 131.511212][ T5367] Bluetooth: hci1: command tx timeout [ 131.681937][ T39] kauditd_printk_skb: 14 callbacks suppressed [ 131.681950][ T39] audit: type=1326 audit(1726139103.538:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6622 comm="syz.2.355" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7ffc0000 [ 131.699494][ T39] audit: type=1326 audit(1726139103.538:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6622 comm="syz.2.355" exe="/syz-executor" sig=0 arch=40000003 syscall=225 compat=1 ip=0xf7fe6579 code=0x7ffc0000 [ 131.720482][ T39] audit: type=1326 audit(1726139103.538:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6622 comm="syz.2.355" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7ffc0000 [ 131.730308][ T39] audit: type=1326 audit(1726139103.538:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6622 comm="syz.2.355" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7ffc0000 [ 132.021266][ T5368] usb 8-1: USB disconnect, device number 7 [ 132.072151][ T5367] Bluetooth: hci3: command 0x1407 tx timeout [ 132.813102][ T1144] team0 (unregistering): Port device team_slave_1 removed [ 132.877735][ T1376] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.880668][ T1376] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.945748][ T1144] team0 (unregistering): Port device team_slave_0 removed [ 133.238087][ T6644] ======================================================= [ 133.238087][ T6644] WARNING: The mand mount option has been deprecated and [ 133.238087][ T6644] and is ignored by this kernel. Remove the mand [ 133.238087][ T6644] option from the mount to silence this warning. [ 133.238087][ T6644] ======================================================= [ 133.561081][ T4161] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 133.601221][ T5367] Bluetooth: hci1: command tx timeout [ 133.764108][ T4161] usb 7-1: Using ep0 maxpacket: 8 [ 133.774935][ T4161] usb 7-1: config 179 has an invalid interface number: 65 but max is 0 [ 133.778512][ T4161] usb 7-1: config 179 has no interface number 0 [ 133.781435][ T4161] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 133.786423][ T4161] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 133.791554][ T4161] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 133.797652][ T4161] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 133.802621][ T4161] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 133.808444][ T4161] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 133.814170][ T4161] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.830367][ T6644] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 133.971536][ T6550] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 133.985037][ T6550] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 133.991803][ T6550] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 134.011424][ T6550] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 134.045528][ T6644] netlink: 8 bytes leftover after parsing attributes in process `syz.2.364'. [ 134.058843][ T6644] usb usb8: usbfs: process 6644 (syz.2.364) did not claim interface 0 before use [ 134.119586][ T6550] 8021q: adding VLAN 0 to HW filter on device bond0 [ 134.138004][ T6550] 8021q: adding VLAN 0 to HW filter on device team0 [ 134.157709][ T1102] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.161114][ T1102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 134.172905][ T1102] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.176065][ T1102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 134.309542][ T5368] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:179.65/input/input6 [ 134.434594][ T6550] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 134.476668][ T6550] veth0_vlan: entered promiscuous mode [ 134.481044][ T5544] usb 6-1: new full-speed USB device number 11 using dummy_hcd [ 134.487272][ T56] usb 7-1: USB disconnect, device number 9 [ 134.487435][ C0] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 134.495176][ T56] xpad 7-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 134.506550][ T6550] veth1_vlan: entered promiscuous mode [ 134.527777][ T6662] syz.3.369: attempt to access beyond end of device [ 134.527777][ T6662] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 134.532877][ T6662] efs: cannot read volume header [ 134.542510][ T6550] veth0_macvtap: entered promiscuous mode [ 134.548934][ T6550] veth1_macvtap: entered promiscuous mode [ 134.567052][ T6550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 134.572002][ T6550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 134.575787][ T6550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 134.580409][ T6550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 134.588993][ T6550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 134.593940][ T6550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 134.599915][ T6550] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 134.607364][ T6550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 134.612377][ T6550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 134.616584][ T6550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 134.622578][ T6550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 134.626935][ T6550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 134.631752][ T6550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 134.637464][ T6550] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 134.645721][ T6550] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.649648][ T6550] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.654280][ T6550] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.658168][ T6550] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.664158][ T5544] usb 6-1: unable to get BOS descriptor or descriptor too short [ 134.671087][ T5544] usb 6-1: not running at top speed; connect to a high speed hub [ 134.675325][ T5544] usb 6-1: config 0 has an invalid interface number: 113 but max is 2 [ 134.678698][ T5544] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 134.683373][ T5544] usb 6-1: config 0 has 2 interfaces, different from the descriptor's value: 3 [ 134.686571][ T5544] usb 6-1: config 0 has no interface number 1 [ 134.688906][ T5544] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1023, setting to 64 [ 134.694572][ T5544] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1024, setting to 64 [ 134.700792][ T5544] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 1024, setting to 1023 [ 134.705796][ T5544] usb 6-1: config 0 interface 0 altsetting 0 has a duplicate endpoint with address 0x9, skipping [ 134.710208][ T5544] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 134.715492][ T5544] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 134.719804][ T5544] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 134.726446][ T5544] usb 6-1: Duplicate descriptor for config 0 interface 0 altsetting 0, skipping [ 134.730351][ T5544] usb 6-1: config 0 interface 113 altsetting 32 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 134.735141][ T5544] usb 6-1: config 0 interface 0 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 10 [ 134.736298][ T1102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.739536][ T5544] usb 6-1: config 0 interface 0 has no altsetting 1 [ 134.739550][ T5544] usb 6-1: config 0 interface 113 has no altsetting 0 [ 134.745743][ T5544] usb 6-1: New USB device found, idVendor=0499, idProduct=1003, bcdDevice=a0.fc [ 134.745769][ T5544] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.745787][ T5544] usb 6-1: SerialNumber: syz [ 134.751171][ T1102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.751587][ T5544] usb 6-1: config 0 descriptor?? [ 134.802362][ T3187] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.805852][ T3187] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.990418][ T5544] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 134.995193][ T5544] snd-usb-audio 6-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 135.007950][ T5544] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 135.033537][ T5544] snd-usb-audio 6-1:0.113: probe with driver snd-usb-audio failed with error -2 [ 135.042418][ T5544] usb 6-1: USB disconnect, device number 11 [ 135.087699][ T5372] udevd[5372]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.113/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 135.250529][ T6667] input: syz0 as /devices/virtual/input/input7 [ 135.339754][ T3187] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.448143][ T3187] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.550614][ T3187] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.611889][ T5374] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 135.617525][ T39] audit: type=1326 audit(1726139107.478:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6677 comm="syz.3.378" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x0 [ 135.618008][ T5374] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 135.631179][ T5374] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 135.636146][ T5374] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 135.640651][ T5374] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 135.644421][ T5374] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 135.677264][ T3187] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.740878][ T6686] sock: sock_timestamping_bind_phc: sock not bind to device [ 135.876913][ T3187] bridge_slave_1: left allmulticast mode [ 135.879362][ T3187] bridge_slave_1: left promiscuous mode [ 135.882450][ T3187] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.887625][ T3187] bridge_slave_0: left allmulticast mode [ 135.890228][ T3187] bridge_slave_0: left promiscuous mode [ 135.895539][ T3187] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.161515][ T3187] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 136.325343][ T3187] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 136.332788][ T3187] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 136.339053][ T3187] bond0 (unregistering): Released all slaves [ 136.351515][ T6680] chnl_net:caif_netlink_parms(): no params data found [ 136.633364][ T6712] netlink: 'syz.1.385': attribute type 11 has an invalid length. [ 136.642192][ T6703] raw_sendmsg: syz.1.385 forgot to set AF_INET. Fix it! [ 136.678005][ T6680] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.682438][ T6680] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.685364][ T6680] bridge_slave_0: entered allmulticast mode [ 136.688788][ T6680] bridge_slave_0: entered promiscuous mode [ 136.693184][ T6680] bridge0: port 2(bridge_slave_1) entered blocking state [ 136.696285][ T6680] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.699334][ T6680] bridge_slave_1: entered allmulticast mode [ 136.704498][ T6680] bridge_slave_1: entered promiscuous mode [ 136.805597][ T6680] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 136.862049][ T35] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 136.864738][ T6680] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 136.952874][ T6680] team0: Port device team_slave_0 added [ 136.956773][ T6729] syz.1.389[6729] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 136.956921][ T6729] syz.1.389[6729] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 136.984501][ T6680] team0: Port device team_slave_1 added [ 137.029939][ T3187] hsr_slave_0: left promiscuous mode [ 137.037615][ T3187] hsr_slave_1: left promiscuous mode [ 137.043238][ T3187] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 137.046707][ T3187] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 137.051078][ T3187] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 137.054481][ T35] usb 8-1: Using ep0 maxpacket: 16 [ 137.058260][ T3187] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 137.063035][ T35] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 137.074231][ T35] usb 8-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 137.078211][ T35] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.083232][ T35] usb 8-1: Product: syz [ 137.084929][ T35] usb 8-1: Manufacturer: syz [ 137.086697][ T35] usb 8-1: SerialNumber: syz [ 137.097172][ T35] usb 8-1: config 0 descriptor?? [ 137.104741][ T35] ftdi_sio 8-1:0.0: FTDI USB Serial Device converter detected [ 137.106143][ T3187] veth1_macvtap: left promiscuous mode [ 137.109985][ T35] usb 8-1: Detected FT232R [ 137.110271][ T3187] veth0_macvtap: left promiscuous mode [ 137.114778][ T3187] veth1_vlan: left promiscuous mode [ 137.117271][ T3187] veth0_vlan: left promiscuous mode [ 137.313677][ T35] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 137.517972][ T35] ftdi_sio 8-1:0.0: GPIO initialisation failed: -32 [ 137.557526][ T35] usb 8-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 137.590588][ T35] usb 8-1: USB disconnect, device number 8 [ 137.601393][ T35] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 137.615802][ T35] ftdi_sio 8-1:0.0: device disconnected [ 137.682616][ T5367] Bluetooth: hci0: command tx timeout [ 138.087796][ T3187] team0 (unregistering): Port device team_slave_1 removed [ 138.193991][ T3187] team0 (unregistering): Port device team_slave_0 removed [ 138.814280][ T5374] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 138.830109][ T5374] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 138.835297][ T5374] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 138.855320][ T5374] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 138.869279][ T5374] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 138.873057][ T5374] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 139.126945][ T6738] block device autoloading is deprecated and will be removed. [ 139.218229][ T6680] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 139.222041][ T6680] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 139.232815][ T6680] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 139.239218][ T6680] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 139.243304][ T6680] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 139.255163][ T6680] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 139.266583][ T6740] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 139.270101][ T6740] overlayfs: failed to set xattr on upper [ 139.273494][ T6740] overlayfs: ...falling back to redirect_dir=nofollow. [ 139.276192][ T6740] overlayfs: ...falling back to index=off. [ 139.278492][ T6740] overlayfs: ...falling back to uuid=null. [ 139.445550][ T6680] hsr_slave_0: entered promiscuous mode [ 139.451322][ T6680] hsr_slave_1: entered promiscuous mode [ 139.454843][ T6680] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 139.459020][ T6680] Cannot create hsr debugfs directory [ 139.578151][ T39] audit: type=1326 audit(1726139111.428:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6749 comm="syz.3.394" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x0 [ 139.751703][ T5367] Bluetooth: hci0: command tx timeout [ 139.828293][ T6757] veth0_vlan: entered allmulticast mode [ 139.870597][ T6735] chnl_net:caif_netlink_parms(): no params data found [ 139.888633][ T6757] veth0_vlan: left promiscuous mode [ 139.895676][ T6757] veth0_vlan: entered promiscuous mode [ 139.933694][ T3187] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.054081][ T39] audit: type=1326 audit(1726139111.918:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6756 comm="syz.1.395" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x0 [ 140.088474][ T6735] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.093462][ T6735] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.096583][ T6735] bridge_slave_0: entered allmulticast mode [ 140.100604][ T6735] bridge_slave_0: entered promiscuous mode [ 140.148655][ T6735] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.152874][ T6735] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.155763][ T6735] bridge_slave_1: entered allmulticast mode [ 140.160201][ T6735] bridge_slave_1: entered promiscuous mode [ 140.232663][ T6735] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 140.286180][ T6735] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 140.357775][ T6735] team0: Port device team_slave_0 added [ 140.367088][ T6735] team0: Port device team_slave_1 added [ 140.432931][ T3187] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.482868][ T6735] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 140.485905][ T6735] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 140.496345][ T6735] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 140.524888][ T6735] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 140.529789][ T6735] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 140.539640][ T6735] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 140.593419][ T3187] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.615219][ T6680] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 140.720115][ T6680] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 140.725842][ T6680] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 140.762933][ T3187] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.795093][ T6735] hsr_slave_0: entered promiscuous mode [ 140.807240][ T6735] hsr_slave_1: entered promiscuous mode [ 140.810416][ T6735] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 140.815038][ T6735] Cannot create hsr debugfs directory [ 140.817526][ T6680] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 140.824794][ T6778] netlink: 'syz.3.397': attribute type 13 has an invalid length. [ 140.851916][ T6778] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 140.873161][ T6778] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 140.876620][ T6778] gretap1: entered promiscuous mode [ 140.878989][ T6778] gretap1: entered allmulticast mode [ 140.926227][ T6785] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks [ 140.951102][ T5367] Bluetooth: hci1: command tx timeout [ 141.139171][ T3187] bridge_slave_1: left allmulticast mode [ 141.142307][ T3187] bridge_slave_1: left promiscuous mode [ 141.149508][ T3187] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.156293][ T3187] bridge_slave_0: left allmulticast mode [ 141.159049][ T3187] bridge_slave_0: left promiscuous mode [ 141.162348][ T3187] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.563546][ T3187] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 141.571287][ T3187] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 141.578239][ T3187] bond0 (unregistering): Released all slaves [ 141.831106][ T5367] Bluetooth: hci0: command tx timeout [ 143.031140][ T5367] Bluetooth: hci1: command tx timeout [ 143.872478][ T39] audit: type=1326 audit(1726139115.738:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6820 comm="syz.1.403" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x0 [ 143.888128][ T6680] 8021q: adding VLAN 0 to HW filter on device bond0 [ 143.921097][ T5367] Bluetooth: hci0: command tx timeout [ 144.024248][ T6827] sp0: Synchronizing with TNC [ 144.031976][ T3187] hsr_slave_0: left promiscuous mode [ 144.039581][ T3187] hsr_slave_1: left promiscuous mode [ 144.061485][ T3187] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 144.064864][ T3187] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 144.070626][ T3187] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 144.081176][ T3187] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 144.131133][ T3187] veth1_macvtap: left promiscuous mode [ 144.133461][ T3187] veth0_macvtap: left promiscuous mode [ 144.136426][ T3187] veth1_vlan: left promiscuous mode [ 144.138675][ T3187] veth0_vlan: left promiscuous mode [ 145.125784][ T5367] Bluetooth: hci1: command tx timeout [ 145.305932][ T3187] team0 (unregistering): Port device team_slave_1 removed [ 145.420401][ T3187] team0 (unregistering): Port device team_slave_0 removed [ 146.273807][ T6680] 8021q: adding VLAN 0 to HW filter on device team0 [ 146.369191][ T3163] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.372116][ T3163] bridge0: port 1(bridge_slave_0) entered forwarding state [ 146.385353][ T1107] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.388662][ T1107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 146.499973][ T6735] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 146.506150][ T6735] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 146.528452][ T6735] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 146.544463][ T6735] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 146.658438][ T6680] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 146.767668][ T6840] netlink: 'syz.3.405': attribute type 10 has an invalid length. [ 146.782973][ T6840] team0: Device veth0_macvtap failed to register rx_handler [ 146.806730][ T6680] veth0_vlan: entered promiscuous mode [ 146.814265][ T6680] veth1_vlan: entered promiscuous mode [ 146.840545][ T6735] 8021q: adding VLAN 0 to HW filter on device bond0 [ 146.859012][ T6844] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks [ 146.879382][ T6735] 8021q: adding VLAN 0 to HW filter on device team0 [ 146.892503][ T6680] veth0_macvtap: entered promiscuous mode [ 146.902521][ T1107] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.905507][ T1107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 146.915138][ T1107] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.917936][ T1107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 146.929850][ T6680] veth1_macvtap: entered promiscuous mode [ 146.982078][ T6680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 146.986283][ T6680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.990593][ T6680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 146.996864][ T6680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.013147][ T6680] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 147.032821][ T6850] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_macvtap, syncid = 0, id = 0 [ 147.050563][ T6680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 147.055643][ T6680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.060029][ T6680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 147.064957][ T6680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.078264][ T6680] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 147.088885][ T6849] netlink: 'syz.3.409': attribute type 13 has an invalid length. [ 147.102903][ T6849] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap2 [ 147.109751][ T6849] gretap2: default qdisc (pfifo_fast) fail, fallback to noqueue [ 147.114100][ T6849] gretap2: entered promiscuous mode [ 147.116691][ T6849] gretap2: entered allmulticast mode [ 147.136943][ T6680] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.141336][ T6680] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.145267][ T6680] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.149446][ T6680] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.191063][ T5367] Bluetooth: hci1: command tx timeout [ 147.272031][ T3163] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 147.275240][ T3163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 147.289747][ T6856] IPv6: Can't replace route, no match found [ 147.318331][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 147.328321][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 147.400102][ T6735] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 147.463829][ T6735] veth0_vlan: entered promiscuous mode [ 147.474394][ T6735] veth1_vlan: entered promiscuous mode [ 147.512072][ T6735] veth0_macvtap: entered promiscuous mode [ 147.526929][ T6735] veth1_macvtap: entered promiscuous mode [ 147.549746][ T6735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 147.556061][ T6735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.560836][ T6735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 147.583333][ T6735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.587130][ T6735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 147.601533][ T6735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.606302][ T6735] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 147.644079][ T6735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 147.648606][ T6735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.654236][ T6735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 147.659391][ T6735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.664237][ T6735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 147.669068][ T6735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.675714][ T6735] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 147.690780][ T6735] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.696235][ T6735] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.701046][ T6735] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.704678][ T6735] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.819294][ T1107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 147.827076][ T1107] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 147.856511][ T1107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 147.859992][ T1107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 147.960476][ T6879] netlink: 'syz.1.417': attribute type 13 has an invalid length. [ 148.248464][ T6886] __find_get_block_slow() failed. block=144115188075855872, b_blocknr=0, b_state=0x00316019, b_size=4096, device sda1 blocksize: 4096 [ 148.258261][ T6886] grow_buffers: requested out-of-range block 144115188075855872 for device sda1 [ 148.261696][ T6886] EXT4-fs warning (device sda1): ext4_resize_fs:2018: can't read last block, resize aborted [ 148.301538][ T39] audit: type=1326 audit(1726139120.168:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6887 comm="syz.3.420" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x7ffc0000 [ 148.311445][ T39] audit: type=1326 audit(1726139120.168:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6887 comm="syz.3.420" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x7ffc0000 [ 148.322671][ T39] audit: type=1326 audit(1726139120.168:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6887 comm="syz.3.420" exe="/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf747e579 code=0x7ffc0000 [ 148.332518][ T39] audit: type=1326 audit(1726139120.168:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6887 comm="syz.3.420" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x7ffc0000 [ 148.342596][ T39] audit: type=1326 audit(1726139120.168:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6887 comm="syz.3.420" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf747e579 code=0x7ffc0000 [ 148.360303][ T39] audit: type=1326 audit(1726139120.168:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6887 comm="syz.3.420" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x7ffc0000 [ 148.370100][ T39] audit: type=1326 audit(1726139120.168:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6887 comm="syz.3.420" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x7ffc0000 [ 148.380288][ T39] audit: type=1326 audit(1726139120.178:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6887 comm="syz.3.420" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf747e579 code=0x7ffc0000 [ 148.401228][ T39] audit: type=1326 audit(1726139120.178:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6887 comm="syz.3.420" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x7ffc0000 [ 148.410736][ T39] audit: type=1326 audit(1726139120.178:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6887 comm="syz.3.420" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf747e579 code=0x7ffc0000 [ 148.515877][ T6891] netlink: 8 bytes leftover after parsing attributes in process `syz.2.421'. [ 148.529827][ T1414] IPVS: starting estimator thread 0... [ 148.574818][ T6891] IPVS: rr: TCP [::]:0 - no destination available [ 148.643355][ T6893] IPVS: using max 21 ests per chain, 50400 per kthread [ 148.700736][ T6899] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 148.705039][ T6899] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 149.231130][ T30] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 149.246730][ T6905] netlink: 'syz.3.427': attribute type 13 has an invalid length. [ 149.422641][ T30] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 149.426298][ T30] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 149.434761][ T30] usb 6-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 149.438553][ T30] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.442822][ T30] usb 6-1: Product: syz [ 149.444522][ T30] usb 6-1: Manufacturer: syz [ 149.446434][ T30] usb 6-1: SerialNumber: syz [ 149.449619][ T30] usb 6-1: config 0 descriptor?? [ 149.453559][ T6903] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 149.456962][ T6903] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 149.681858][ T6903] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 149.684562][ T6903] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 150.208369][ T1144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.295064][ T30] dm9601 6-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID [ 150.314160][ T30] usb 6-1: USB disconnect, device number 12 [ 151.243413][ T6926] netlink: 'syz.3.436': attribute type 13 has an invalid length. [ 151.349745][ T5374] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 151.355558][ T5374] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 151.360214][ T5374] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 151.364798][ T5374] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 151.368624][ T5374] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 151.372290][ T5374] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 151.761064][ T30] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 151.910888][ T6931] chnl_net:caif_netlink_parms(): no params data found [ 151.951157][ T30] usb 8-1: Using ep0 maxpacket: 32 [ 151.959302][ T30] usb 8-1: New USB device found, idVendor=04b4, idProduct=861f, bcdDevice=f9.d6 [ 151.959608][ T6943] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 151.964515][ T30] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.991332][ T30] usb 8-1: config 0 descriptor?? [ 152.007916][ T30] usb 8-1: dvb_usb_v2: found a 'Anysee' in warm state [ 152.011332][ T30] usb 8-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 152.015548][ T30] dvb_usb_anysee 8-1:0.0: probe with driver dvb_usb_anysee failed with error -22 [ 152.164877][ T6931] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.170264][ T6931] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.180448][ T6931] bridge_slave_0: entered allmulticast mode [ 152.191521][ T6931] bridge_slave_0: entered promiscuous mode [ 152.205693][ T6931] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.213928][ T6931] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.216546][ T6931] bridge_slave_1: entered allmulticast mode [ 152.222923][ T6931] bridge_slave_1: entered promiscuous mode [ 152.224033][ T10] usb 8-1: USB disconnect, device number 9 [ 152.327247][ T6931] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 152.342585][ T6931] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 152.418613][ T6931] team0: Port device team_slave_0 added [ 152.426099][ T6931] team0: Port device team_slave_1 added [ 152.504886][ T6931] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 152.508345][ T6931] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 152.527887][ T6931] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 152.536756][ T6931] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 152.539751][ T6931] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 152.557496][ T6931] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 152.639035][ T6931] hsr_slave_0: entered promiscuous mode [ 152.643990][ T6931] hsr_slave_1: entered promiscuous mode [ 152.647411][ T6931] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 152.650748][ T6931] Cannot create hsr debugfs directory [ 153.070559][ T1144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.080819][ T6959] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 153.262509][ T1144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.285052][ T6963] netlink: 4 bytes leftover after parsing attributes in process `syz.1.448'. [ 153.346957][ T1144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.401825][ T6962] ------------[ cut here ]------------ [ 153.405092][ T6962] name '18880' [ 153.406809][ T6962] WARNING: CPU: 3 PID: 6962 at fs/proc/generic.c:711 remove_proc_entry+0x268/0x470 [ 153.410890][ T6962] Modules linked in: [ 153.412850][ T6962] CPU: 3 UID: 0 PID: 6962 Comm: syz.1.448 Not tainted 6.11.0-rc7-syzkaller-00021-g7c6a3a65ace7 #0 [ 153.419841][ T6962] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 153.424710][ T6962] RIP: 0010:remove_proc_entry+0x268/0x470 [ 153.427183][ T6962] Code: 08 eb a2 e8 1a dc 67 ff 48 c7 c7 00 cf ff 8d e8 ee aa e7 08 e8 09 dc 67 ff 90 48 c7 c7 80 e1 60 8b 4c 89 e6 e8 79 94 2a ff 90 <0f> 0b 90 90 e9 72 ff ff ff e8 ea db 67 ff 49 8d be 98 00 00 00 48 [ 153.435837][ T6962] RSP: 0018:ffffc900068c7c88 EFLAGS: 00010286 [ 153.438520][ T6962] RAX: 0000000000000000 RBX: 1ffff92000d18f93 RCX: ffffffff814dd439 [ 153.441818][ T6962] RDX: ffff888021eaa440 RSI: ffffffff814dd446 RDI: 0000000000000001 [ 153.441958][ T5367] Bluetooth: hci1: command tx timeout [ 153.445004][ T6962] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 153.445045][ T6962] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888025824548 [ 153.445052][ T6962] R13: dffffc0000000000 R14: ffff88802269ec80 R15: ffff8880491df8c0 [ 153.445059][ T6962] FS: 0000000000000000(0000) GS:ffff88802b900000(0063) knlGS:0000000056615440 [ 153.445082][ T6962] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 153.465398][ T6962] CR2: 000000000c32d1e2 CR3: 000000006005a000 CR4: 0000000000350ef0 [ 153.468564][ T6962] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 SYZFAIL: failed to recv rpc [ 153.471927][ T6962] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 153.475280][ T6962] Call Trace: [ 153.476824][ T6962] [ 153.478142][ T6962] ? show_regs+0x8c/0xa0 [ 153.480023][ T6962] ? __warn+0xe5/0x3c0 [ 153.482132][ T6962] ? remove_proc_entry+0x268/0x470 [ 153.484117][ T6962] ? report_bug+0x3c0/0x580 [ 153.485932][ T6962] ? handle_bug+0x3d/0x70 [ 153.487590][ T6962] ? exc_invalid_op+0x17/0x50 [ 153.493002][ T5341] syz-executor (5341) used greatest stack depth: 21120 bytes left [ 153.501599][ T10] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 153.503510][ T6962] ? asm_exc_invalid_op+0x1a/0x20 [ 153.512670][ T6962] ? __warn_printk+0x199/0x350 [ 153.514588][ T6962] ? __warn_printk+0x1a6/0x350 [ 153.516472][ T6962] ? remove_proc_entry+0x268/0x470 [ 153.518362][ T6962] ? remove_proc_entry+0x267/0x470 [ 153.520138][ T6962] ? __pfx_lock_release+0x10/0x10 [ 153.524023][ T6962] ? __pfx_remove_proc_entry+0x10/0x10 [ 153.526615][ T6962] ? mark_held_locks+0x9f/0xe0 [ 153.529371][ T6962] ? __local_bh_enable_ip+0xa4/0x120 [ 153.532026][ T6962] bcm_release+0x27b/0x8d0 [ 153.534078][ T6962] __sock_release+0xb0/0x270 [ 153.536086][ T6962] ? __pfx_sock_close+0x10/0x10 [ 153.538239][ T6962] sock_close+0x1c/0x30 [ 153.542298][ T6962] __fput+0x408/0xbb0 [ 153.544266][ T6962] ? _raw_spin_unlock_irq+0x23/0x50 [ 153.547270][ T6962] task_work_run+0x14e/0x250 [ 153.549397][ T6962] ? __pfx_task_work_run+0x10/0x10 [ 153.552058][ T6962] ? __pfx___close_range+0x10/0x10 [ 153.554417][ T6962] syscall_exit_to_user_mode+0x27b/0x2a0 [ 153.556906][ T6962] __do_fast_syscall_32+0x80/0x120 [ 153.559254][ T6962] do_fast_syscall_32+0x32/0x80 [ 153.561579][ T6962] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 153.564140][ T6962] RIP: 0023:0xf7f43579 [ 153.574281][ T6962] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 153.584318][ T6962] RSP: 002b:00000000ffcacbec EFLAGS: 00000202 ORIG_RAX: 00000000000001b4 [ 153.588126][ T6962] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000000001e [ 153.591531][ T6962] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 153.594656][ T6962] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 153.597978][ T6962] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 153.602347][ T6962] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 153.605853][ T6962] [ 153.607382][ T6962] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 153.610662][ T6962] CPU: 3 UID: 0 PID: 6962 Comm: syz.1.448 Not tainted 6.11.0-rc7-syzkaller-00021-g7c6a3a65ace7 #0 [ 153.615207][ T6962] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 153.619923][ T6962] Call Trace: [ 153.621417][ T6962] [ 153.622745][ T6962] dump_stack_lvl+0x3d/0x1f0 [ 153.624800][ T6962] panic+0x6dc/0x7c0 [ 153.626501][ T6962] ? __pfx_panic+0x10/0x10 [ 153.628496][ T6962] ? show_trace_log_lvl+0x363/0x500 [ 153.630953][ T6962] ? check_panic_on_warn+0x1f/0xb0 [ 153.633304][ T6962] ? remove_proc_entry+0x268/0x470 [ 153.635794][ T6962] check_panic_on_warn+0xab/0xb0 [ 153.638119][ T6962] __warn+0xf1/0x3c0 [ 153.639877][ T6962] ? remove_proc_entry+0x268/0x470 [ 153.642208][ T6962] report_bug+0x3c0/0x580 [ 153.644159][ T6962] handle_bug+0x3d/0x70 [ 153.646040][ T6962] exc_invalid_op+0x17/0x50 [ 153.648118][ T6962] asm_exc_invalid_op+0x1a/0x20 [ 153.650319][ T6962] RIP: 0010:remove_proc_entry+0x268/0x470 [ 153.652786][ T6962] Code: 08 eb a2 e8 1a dc 67 ff 48 c7 c7 00 cf ff 8d e8 ee aa e7 08 e8 09 dc 67 ff 90 48 c7 c7 80 e1 60 8b 4c 89 e6 e8 79 94 2a ff 90 <0f> 0b 90 90 e9 72 ff ff ff e8 ea db 67 ff 49 8d be 98 00 00 00 48 [ 153.660998][ T6962] RSP: 0018:ffffc900068c7c88 EFLAGS: 00010286 [ 153.663461][ T6962] RAX: 0000000000000000 RBX: 1ffff92000d18f93 RCX: ffffffff814dd439 [ 153.666467][ T6962] RDX: ffff888021eaa440 RSI: ffffffff814dd446 RDI: 0000000000000001 [ 153.669450][ T6962] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 153.672311][ T6962] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888025824548 [ 153.675302][ T6962] R13: dffffc0000000000 R14: ffff88802269ec80 R15: ffff8880491df8c0 [ 153.678857][ T6962] ? __warn_printk+0x199/0x350 [ 153.681035][ T6962] ? __warn_printk+0x1a6/0x350 [ 153.683158][ T6962] ? remove_proc_entry+0x267/0x470 [ 153.685397][ T6962] ? __pfx_lock_release+0x10/0x10 [ 153.687616][ T6962] ? __pfx_remove_proc_entry+0x10/0x10 [ 153.689950][ T6962] ? mark_held_locks+0x9f/0xe0 [ 153.691832][ T6962] ? __local_bh_enable_ip+0xa4/0x120 [ 153.694035][ T6962] bcm_release+0x27b/0x8d0 [ 153.695998][ T6962] __sock_release+0xb0/0x270 [ 153.698042][ T6962] ? __pfx_sock_close+0x10/0x10 [ 153.700071][ T6962] sock_close+0x1c/0x30 [ 153.701683][ T6962] __fput+0x408/0xbb0 [ 153.703253][ T6962] ? _raw_spin_unlock_irq+0x23/0x50 [ 153.705278][ T6962] task_work_run+0x14e/0x250 [ 153.707089][ T6962] ? __pfx_task_work_run+0x10/0x10 [ 153.709075][ T6962] ? __pfx___close_range+0x10/0x10 [ 153.713186][ T6962] syscall_exit_to_user_mode+0x27b/0x2a0 [ 153.715573][ T6962] __do_fast_syscall_32+0x80/0x120 [ 153.717771][ T6962] do_fast_syscall_32+0x32/0x80 [ 153.719900][ T6962] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 153.722156][ T6962] RIP: 0023:0xf7f43579 [ 153.723871][ T6962] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 153.731644][ T6962] RSP: 002b:00000000ffcacbec EFLAGS: 00000202 ORIG_RAX: 00000000000001b4 [ 153.735191][ T6962] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000000001e [ 153.738403][ T6962] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 153.741171][ T6962] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 153.744502][ T6962] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 153.747395][ T6962] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 153.750354][ T6962] [ 153.752054][ T6962] Kernel Offset: disabled [ 153.753523][ T6962] Rebooting in 86400 seconds.. VM DIAGNOSIS: 11:05:24 Registers: info registers vcpu 0 CPU#0 RAX=00000002000008fd RBX=ffff88801e7c2440 RCX=0000000000000830 RDX=0000000000000002 RSI=00000000000000fd RDI=0000000000000002 RBP=0000000000000001 RSP=ffffc90000007d80 R8 =0000000000000000 R9 =fffffbfff2023ceb R10=ffffffff9011e75f R11=ffff88802b728a40 R12=1ffff92000000fb1 R13=ffffc90000007da8 R14=ffffffff8d772de8 R15=ffffffff90121a38 RIP=ffffffff813b30e8 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000566154c0 CR3=000000000db7c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=ffffc900030d6fa0 RCX=ffffc900030d6fd4 RDX=1ffff9200061adf4 RSI=0000000000000001 RDI=0000000000000001 RBP=0000000000000001 RSP=ffffc900030d6f18 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=dffffc0000000000 R12=0000000000000001 R13=0000000000000001 R14=0000000000000001 R15=0000000000000001 RIP=ffffffff818b1ba0 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f305b6a2d00 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055778e8d4000 CR3=00000000469d0000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=a9d532a7a9d532a7 a9d532a7a9d532a7 a9d532a7a9d532a7 a9d532a7a9d532a7 a9d532a7a9d532a7 a9d532a7a9d532a7 a9d532a7a9d532a7 a9d532a7a9d532a7 ZMM22=be031c90be031c90 be031c90be031c90 be031c90be031c90 be031c90be031c90 be031c90be031c90 be031c90be031c90 be031c90be031c90 be031c90be031c90 ZMM23=87a485ed87a485ed 87a485ed87a485ed 87a485ed87a485ed 87a485ed87a485ed 87a485ed87a485ed 87a485ed87a485ed 87a485ed87a485ed 87a485ed87a485ed ZMM24=1b72c1591b72c159 1b72c1591b72c159 1b72c1591b72c159 1b72c1591b72c159 1b72c1591b72c159 1b72c1591b72c159 1b72c1591b72c159 1b72c1591b72c159 ZMM25=d33fcfe9d33fcfe9 d33fcfe9d33fcfe9 d33fcfe9d33fcfe9 d33fcfe9d33fcfe9 d33fcfe9d33fcfe9 d33fcfe9d33fcfe9 d33fcfe9d33fcfe9 d33fcfe9d33fcfe9 ZMM26=db9e8a0fdb9e8a0f db9e8a0fdb9e8a0f db9e8a0fdb9e8a0f db9e8a0fdb9e8a0f db9e8a0fdb9e8a0f db9e8a0fdb9e8a0f db9e8a0fdb9e8a0f db9e8a0fdb9e8a0f ZMM27=13178ae613178ae6 13178ae613178ae6 13178ae613178ae6 13178ae613178ae6 13178ae613178ae6 13178ae613178ae6 13178ae613178ae6 13178ae613178ae6 ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=4f0400004f040000 4f0400004f040000 4f0400004f040000 4f0400004f040000 4f0400004f040000 4f0400004f040000 4f0400004f040000 4f0400004f040000 info registers vcpu 2 CPU#2 RAX=0000000000000007 RBX=64677343b8b20754 RCX=ffffffff81690fa8 RDX=0000000000000000 RSI=0000000000000008 RDI=0000000046773436 RBP=0000000000000000 RSP=ffffc90000f3f578 R8 =0000000000000000 R9 =fffffbfff2d126e0 R10=0000000000000001 R11=0000000000000000 R12=dffffc0000000000 R13=ffff88801fb02f48 R14=0000000000000004 R15=ffff88801fb02440 RIP=ffffffff81690d1c RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f7405008 CR3=000000002aaf0000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000040000000 Opmask01=0000000000028000 Opmask02=0000000000800000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd7667a470 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6565656565656565 6565656565656565 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffff0000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f6e3a6d5e007325 2e73250064252e73 2500656c6f736e6f 632f7665642f000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4b1f485e005600 0b56000041000b56 000040494a564b4a 460a5340410a000a ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3020746162206166 203220657073000a 000a20202d202038 30362074203a2920 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff84fc2880 RDI=ffffffff9a516680 RBP=ffffffff9a516640 RSP=ffffc900068c7608 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000020 R14=fffffbfff34a2d22 R15=dffffc0000000000 RIP=ffffffff84fc28a7 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b900000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000000c32d1e2 CR3=000000006005a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000