last executing test programs: 3.485714263s ago: executing program 1 (id=468): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001e00)={'bond0\x00', 0x0}) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000001e40)={r2, 0x3, 0x6}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100000006000000000000000000", @ANYRES32=r2], 0x20}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 3.295116161s ago: executing program 0 (id=477): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="1b0000001a00010000000000000000000a0000003a01bf17384adae4c8e561ce0000000005988a0000000000902ec9f00000009b47894c5ce82ebbd82f11b194704efc496cf97696063d0da17fae56353b1c82a6d7a83df714f1cd9fc1cbb735ebfa83933cd07b82a5d2c3db36ba8574b926dfddbe99f13c83bf97c91a6ace9494e9b175d4c90d97be6e12a588352e547084b1c035cb4ddd062e1703c3bfee5c8a94075647501e", @ANYRES32=0x0, @ANYBLOB="000000001400010020010000000000000000", @ANYBLOB="76a79c7caf12e51ca93675861fdd6411b861686e0605d32ce5efeca8c470e4220ee470f9cfbcc6d065154abad38828274eee92fe953f87bb865c4a14f8f438af19d589c08915441bd4df0b6b1be091167c289c3e8315c158a5471174c026ec29824edc0967ddb72e29d5ab9c435e465b077cc7f71e02da5784fbab1d7fb248c9c035c5005acb7618b7f8b239371997b4b482a6772e895eda8acf"], 0x30}}, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x26e1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) fsetxattr$system_posix_acl(r1, &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f0000002740)=ANY=[@ANYBLOB="02000000010006000000000002000000", @ANYRES32=0x0, @ANYBLOB="02000100", @ANYRES32=0x0, @ANYBLOB="0400000000000000", @ANYRES32=0x0, @ANYBLOB="080003", @ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="08000200", @ANYRES32=0x0, @ANYBLOB="080005", @ANYBLOB="08000500", @ANYRES32=0x0, @ANYBLOB="10000100000000002000000000000000"], 0x6c, 0x3) 3.185003121s ago: executing program 1 (id=471): r0 = io_uring_setup(0xfe6, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x2, 0x382}) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) r2 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000080)={0x1, 0x7b}) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1) memfd_create(0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) socket(0x10, 0x3, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f00000008c0)={0x44, &(0x7f00000002c0)={0x0, 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r4 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r3, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001000000000000000000000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b8002944291189"], 0xfdef) 2.81135416s ago: executing program 2 (id=474): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000140), 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000980)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) getsockopt$inet6_opts(r0, 0x11a, 0x3, 0x0, &(0x7f0000000000)=0x4) 2.714554009s ago: executing program 2 (id=485): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001808ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000140)={@my=0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, &(0x7f00000000c0)={{@my=0x1, 0x4}, @local, 0x0, 0x0, 0x5}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, &(0x7f0000000040)={{@my=0x1, 0x10000}, @host, 0x0, 0x0, 0x7}) close_range(r1, 0xffffffffffffffff, 0x0) 2.61479637s ago: executing program 2 (id=478): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x46d, 0xc295, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, {0x9}}}]}}]}}, 0x0) syz_usb_connect$uac1(0x0, 0x7e, &(0x7f0000000300)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6c, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@mixer_unit={0x5}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x8}]}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0xee, {0x7, 0x25, 0x1, 0x2}}}}}}}]}}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="043e1f0a"], 0x22) 2.475942036s ago: executing program 1 (id=479): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f00000000c0)='@', 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) recvmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000c00)=""/4111, 0x100f}], 0x1}}], 0x1, 0x122, 0x0) 2.386159025s ago: executing program 1 (id=480): socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454da, 0x0) syz_emit_vhci(&(0x7f0000000380)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x16}, @l2cap_cid_signaling={{0x12}, [@l2cap_conn_rsp={{0x3, 0x81, 0x8}, {0x0, 0x0, 0x7, 0x8}}, @l2cap_info_req={{0xa, 0x53, 0x2}, {0x2}}]}}, 0x1b) sched_setscheduler(0x0, 0x2, 0x0) flock(0xffffffffffffffff, 0x2) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21}, 0x0) 1.825701414s ago: executing program 0 (id=481): read$char_usb(0xffffffffffffffff, &(0x7f0000000300)=""/27, 0x1b) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x6, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="1800"/16], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000016c0), 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r1, &(0x7f0000000100)=[{&(0x7f00000004c0)='4', 0x1}], 0x9) sendto$inet6(r1, &(0x7f0000000680)="780400392ba407ffc00018001f05b9409b0dffff000d0203d5040205060506014007040012000f000000fac8388827a4c6040045653600648dcaaf6c26c2912145497158d013e8af8e0d7cc4093ad7f6496c22cf0f6ceb30df63cf0cb5f271008ddfa6afd44d851046c61cca23407cdb8d618df73a78b67c2970f8deb447366a7321b6e2a51710050a4012be868a6330347da32bce604cd310e9e9c0746387240400b1e654aac6fe04df9c8582d828151662587d16e608e6a721078d9ce1e49b8866ad576743154910bf20cbf00ce1acf6cd7782ce97ec2bf2710145c1c768286fd6b4d3e3f6216cf667593b8233e73f5a8e130cdb38c4c02c9bc8cb9bedb55ac56404296318f051b0a582fe268a989160972a0fa3ba9df623dbd52c543c430a72d88026f93ad66538cd60a3158dccf8094eb16fa68748fe3c7ca895eb637c07e0a2f6c25b854b4adbbb204341fca803b67c80df6bfc1b9d06166b5b5765a5252139c97d7c3f7184f5f5d6e5514a34b3b7e35a25e48764075b79ddffc80dd4522c58a02c8f5f4f7c121b2a24074b4ea4", 0x190, 0x0, 0x0, 0x0) ioctl$SOUND_MIXER_READ_VOLUME(r0, 0x40086603, &(0x7f0000000040)) 1.825484128s ago: executing program 1 (id=482): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r0}, 0x38) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r3, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r4, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0) 1.759358334s ago: executing program 0 (id=484): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="1f003300d08e880008021100000108021100000050505050505000"], 0x3c}}, 0x0) fsopen(0x0, 0x1) 1.758257609s ago: executing program 1 (id=486): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_RADAR_DETECT(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x54, r1, 0x10, 0x70bd27, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1f3}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xffffffff}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x186}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x7ed2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x181}]}, 0x54}, 0x1, 0x0, 0x0, 0x4040040}, 0x4) unshare(0x68040200) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff0000000000010902"], 0x0) r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001300)={0x2c, r1, 0x22af6f5a04337dcd, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x29}, @val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PID={0x8, 0x52, r3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20040000}, 0x4000) 1.72226061s ago: executing program 0 (id=487): prctl$PR_GET_TAGGED_ADDR_CTRL(0x38) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040e0400282060"], 0x7) syz_clone(0x108000, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, &(0x7f0000000100)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}, 0x1}) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 1.635778753s ago: executing program 0 (id=489): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000070000000900010073797a300000000058010000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff000800034000000038e3000d400acc20f896064e79c929702145fa63595955b57c5c023e63c8a0b353b0f092392779d44d411d6ad83ca91a8e8b282cc8bfb1ab91caa2ade3593a098f600f3e5645182a9ca5ace4cf126873c040cb3327edf3073be8b51d83cd436a3de9f9797c6d6bbb2a290d1c41dc2d836f9e12779d77160fe31758fff54b25fe4976ec2f65358361ce1aa371dc03936b25fa521423d30d6fd8e686ad9eef8dc1727308b716ab4cb4427bdc9d723e2f68c19720b3e4845cb19a245c71238051c5c201ddb4b8ee1f6c6ca36e130e8b6830d099231338203da1cf819ddd17f9f54507cd815b000c001040000000000000000508000840000044"], 0x1d0}}, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mkdir(&(0x7f0000000200)='./file0\x00', 0x60) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r2 = socket$kcm(0x10, 0x100000000002, 0x4) r3 = socket$inet6_udp(0xa, 0x2, 0x0) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r3, {0x2, 0x0, @private=0xa010100}, 0x4, 0x0, 0x1}}, 0x2e) sendmsg$kcm(r2, &(0x7f00000039c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="39000000140081ae00002c000500015601618575e285af0100d41f215c0000883795c04a31ba377a1b2cc32b38d3440c6942cb76cab3000000", 0x39}], 0x1, 0x0, 0x0, 0xc00e}, 0x4004) r5 = syz_open_dev$swradio(&(0x7f0000000f80), 0x1, 0x2) read(r5, &(0x7f0000000fc0)=""/4, 0x4) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000180)) chdir(0x0) r6 = creat(&(0x7f0000000000)='./file0\x00', 0x2a) setxattr$security_ima(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100), &(0x7f00000004c0)=ANY=[@ANYRES8=r2, @ANYRESHEX, @ANYRES32=r5, @ANYRESDEC], 0xff02, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r7, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4) recvmsg(r7, &(0x7f0000001380)={0x0, 0x0, 0x0}, 0x0) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r8, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) sendmmsg$inet6(r6, &(0x7f0000004b80), 0x0, 0x4000c000) sendto$inet6(r8, &(0x7f0000000300), 0x16, 0x0, 0x0, 0xfffffffffffffdfd) 1.457619206s ago: executing program 2 (id=490): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000000)=0x8, 0x4) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000240)="af", 0x1}, {&(0x7f0000000080)="8f7189644c4f941bdeb9e7a41075f42fd533c72fe0392cc0d1cb300434ff8fd7c2cbfeab48e6e0c6c2cbeb235b7fd5475012d63b", 0xff6c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000b80)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad315402678de76", 0x390}, {&(0x7f00000003c0)="439e9c06fc666cabc8569d63a866b31ff3ceda1e28f23f455e96a02001fc3fb089ed9e5234", 0x25}], 0x2, 0x0, 0x20}}], 0x2, 0x0) 1.443214436s ago: executing program 3 (id=491): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001e00)={'bond0\x00', 0x0}) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000001e40)={r2, 0x3, 0x6}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100000006000000000000000000", @ANYRES32=r2], 0x20}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1.189483049s ago: executing program 3 (id=492): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="2c385a4706", 0x5) r1 = accept4(r0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000000080), r1) sendmsg$alg(r1, &(0x7f00000019c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001a00)=@newtfilter={0xa78, 0x2c, 0x4, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x2, 0x7}, {0xe, 0xf}, {0x1a, 0xf}}, [@filter_kind_options=@f_u32={{0x8}, {0xa4c, 0x2, [@TCA_U32_ACT={0xa48, 0x7, [@m_mpls={0xe8, 0x1e, 0x0, 0x0, {{0x9}, {0xc, 0x2, 0x0, 0x1, [@TCA_MPLS_PROTO={0x6, 0x4, 0x2}]}, {0xb1, 0x6, "4ff7fe441317df0c51d6eb0ac333f6af2747c7adb7275e4bf3262ff0ef8369f7eedc6c58ae23263dcefc3fbc6c79095ef23f2194e014d5572e0907c14c7bb959fe1a7417057a4a5507fde488ac3fbd422b0ec3c4212c8fe5d0fa79291b7e0aa1b722822ac0b25a1214f69644ac1725bd3f8d8305098d4d9784f905b59b79126abc1bd1cb9d04f5b07cb38c8906d9d4b3d23713fc469a93aa0708af2a689a52d20b15f2a60004edb78ee5573e34"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x6, 0x6}}}}, @m_mpls={0xe4, 0x0, 0x0, 0x0, {{0x9}, {0xc, 0x2, 0x0, 0x1, [@TCA_MPLS_LABEL={0x8, 0x5, 0x3334}]}, {0xad, 0x6, "abb0c212bf3069f271294f095a7730f349af9f89444adc42cebb8e997b471b434433b1c2a85c025713de6d69d2ef8300d2802b3314d6565235b0baea368fdc0c3e30e0563f5c8eb652c2589200c16fd18de5c074d92d6d67172dc98e1902f97847de0d008f60bad11f9389f072c6a597eb1cbe3bb5bc07122dee1d48ab03fdd7406dd0b3f28c54ea7210d0b0af1e0c236a18ace15af02d6d13f2883adfc75c256e893a7bb496d1fd0d"}, {0xc, 0x7, {0x48953e7baea87ff0}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_nat={0x40, 0x10, 0x0, 0x0, {{0x8}, {0x4}, {0x15, 0x6, "e25a003dc1f85444713d20667554bc5fa3"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_police={0x838, 0x15, 0x0, 0x0, {{0xb}, {0x80c, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0xdc000000, 0x7fffffff, 0x2, 0xd, 0x79, 0x5, 0x4, 0x0, 0xa49, 0x5, 0x0, 0x40, 0x703, 0x3, 0xfffffffd, 0xb2, 0x80000001, 0xf, 0x8, 0x9, 0x80000001, 0x0, 0x9, 0x4, 0x10, 0xdbc, 0x0, 0x7, 0x1ff, 0x3, 0x1, 0x5, 0x3, 0x3, 0x7, 0x3, 0xe0e, 0x10000, 0x9, 0x58, 0x7, 0x1, 0x7, 0x80000001, 0x8, 0x10000, 0x6, 0x723a, 0xb6, 0x2, 0xf7, 0x400, 0x1, 0x80000001, 0x80, 0xf00000, 0x7103, 0x6, 0x9, 0x8, 0x6, 0x8, 0x99f9, 0x6, 0x662c2350, 0x79, 0x3e92, 0xf, 0x6, 0x8, 0x8, 0x6, 0x1, 0x6c19, 0x2, 0x4, 0x6, 0x10, 0x0, 0x4, 0x7, 0xff, 0x4, 0x4e8fe899, 0xb, 0x8a, 0x5, 0xfffffd13, 0x78, 0x8, 0x6, 0x4, 0x7, 0xffff, 0x8, 0x4b, 0x8, 0x9, 0x0, 0x9, 0x1, 0x29c, 0x81, 0x7b35, 0x7fff, 0x5, 0x3, 0x5, 0xfffffbed, 0x7, 0xfffffffa, 0x9, 0x7fffffff, 0x5, 0x0, 0xff, 0x8, 0x10001, 0x7f, 0x2, 0x248, 0x10000, 0x1, 0xfca, 0x73, 0x5, 0x3, 0x0, 0x0, 0xa4f, 0x0, 0x4, 0x2, 0x5391, 0x0, 0x0, 0x4, 0xfffffff8, 0x5, 0x1, 0x2, 0x1, 0xe61, 0xff, 0x3, 0x3ff, 0x9, 0x8, 0x2, 0xf, 0x4, 0x2, 0x6, 0x8, 0xc, 0x7b7e, 0x9, 0x6, 0x400, 0x6, 0xfffffffc, 0xd, 0x4, 0x5, 0xfae, 0x2, 0x2, 0x62ce, 0xfffffffb, 0x8, 0xb, 0x3, 0x400, 0x8001, 0x7e, 0x3ff, 0x6, 0x243df3a0, 0x2, 0x5, 0x7, 0xb, 0x0, 0xfcf, 0x7, 0x0, 0x1, 0x3, 0x3, 0x7, 0x5, 0xffffffc1, 0x7f, 0xffff, 0x1, 0x9, 0x0, 0x9, 0x2, 0x2, 0x3314b4f9, 0x1, 0x938, 0x1, 0x8, 0x0, 0xf44, 0x44, 0x8, 0x1, 0x2, 0x3, 0xe, 0x7, 0x9, 0x6, 0xe6, 0xf, 0x8, 0x4, 0x3, 0x8, 0x3, 0xc57, 0xfffff4d4, 0x7, 0xfffffffc, 0x9, 0x3b5b, 0x3, 0x4d23, 0x3, 0x40, 0x32c, 0x6, 0x7, 0x1, 0x9, 0xffffffff, 0x6, 0x3, 0x1, 0x7ff, 0x1, 0x100, 0x1000, 0x2, 0x0, 0x200, 0x41, 0x2, 0x4, 0xfffffffe, 0x6, 0x34fa4ab7, 0x100]}], [@TCA_POLICE_RATE={0x404, 0x2, [0x5, 0xfffffff6, 0x200000, 0x6, 0x7fffffff, 0x1, 0x0, 0x6, 0x7, 0x1, 0x8, 0xffffffff, 0x6, 0xe96a, 0x9, 0x2, 0x3, 0x4, 0x401, 0x0, 0x9, 0x1000, 0x3, 0x3, 0x0, 0x80000000, 0xa, 0x8, 0xebff, 0x6, 0xa, 0x9d0a, 0x2, 0xffffffff, 0xfff, 0x5, 0x0, 0x21a89e45, 0xf898, 0x3, 0x280, 0xf4, 0xfffffffc, 0xed63, 0x4, 0x6, 0x0, 0x4, 0x1, 0x1, 0x4, 0x0, 0x68d, 0x7fff, 0x4, 0xfffffffe, 0x81, 0x1c0000, 0x8000000, 0x84e, 0x1, 0x4, 0x10000, 0x8, 0x4, 0x6, 0x6, 0x4, 0x80000000, 0x4, 0x3, 0x373ad609, 0x2, 0x9aa2, 0x2, 0x0, 0x80000000, 0x8, 0x9, 0x8, 0x80000001, 0x0, 0x0, 0x6, 0x7, 0x26, 0x7, 0x401, 0x7fffffff, 0x6, 0x7ff, 0x8, 0xa8, 0x800, 0xd3, 0x80000000, 0x11, 0xb5, 0x1d71, 0x0, 0x5, 0xf06, 0xf704a76, 0xffff4a26, 0x7, 0x6, 0x6, 0x6, 0x1, 0x4, 0x3, 0x3, 0x0, 0xfffffff8, 0x3, 0x1, 0x6, 0x10001, 0x1, 0x8, 0x5, 0xffffffff, 0x0, 0x7f, 0x9, 0xd, 0x2, 0x7, 0x0, 0x3f, 0xe, 0x9, 0xb7, 0x9, 0x7, 0x6, 0x3ff, 0x8001, 0x4, 0xffffff00, 0xfffffff7, 0x9, 0x7, 0xc8, 0x3, 0x0, 0x678, 0x0, 0x1, 0x0, 0x9, 0x7, 0x4686, 0x1, 0x6, 0xe0, 0x4, 0x9, 0x6, 0x4, 0x1aa, 0x2, 0x8, 0x5, 0x2, 0xfffffff5, 0x2, 0x80000001, 0x1, 0x8a, 0xfffffff9, 0x9, 0x6eb, 0x81, 0x9, 0x49f8, 0x4, 0x8001, 0x2, 0xb, 0x6, 0x7a, 0x7, 0x768, 0x7, 0x7, 0x6, 0x7, 0x8, 0x3, 0xff, 0x6, 0x1, 0x1, 0x2, 0x8, 0x2, 0xc, 0x623, 0x3, 0x7ff, 0x8001, 0x7fff, 0x3ff, 0x4, 0x7, 0x779d, 0x8, 0x4, 0x40, 0xc6, 0x6, 0xc0, 0x9e, 0x0, 0x2, 0x5, 0x0, 0x7, 0x40800000, 0x10000, 0xd2b6, 0xffffffff, 0x1, 0x0, 0x8, 0xfffffffe, 0xf, 0x0, 0x3679d9b8, 0x44, 0x9, 0x7, 0x7b, 0x6, 0x1000000, 0x6, 0x5b, 0x5, 0x2, 0x9, 0x3, 0x4f, 0x2, 0x0, 0x3, 0x8001, 0x1, 0x9, 0x7, 0x9, 0x7fff, 0x7, 0x800, 0x6, 0x7]}]]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x2}}}}]}]}}]}, 0xa78}}, 0x0) 1.188014538s ago: executing program 2 (id=493): read$char_usb(0xffffffffffffffff, &(0x7f0000000300)=""/27, 0x1b) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x6, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="1800"/16], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000016c0), 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r1, &(0x7f0000000100)=[{&(0x7f00000004c0)='4', 0x1}], 0x9) sendto$inet6(r1, &(0x7f0000000680)="780400392ba407ffc00018001f05b9409b0dffff000d0203d5040205060506014007040012000f000000fac8388827a4c6040045653600648dcaaf6c26c2912145497158d013e8af8e0d7cc4093ad7f6496c22cf0f6ceb30df63cf0cb5f271008ddfa6afd44d851046c61cca23407cdb8d618df73a78b67c2970f8deb447366a7321b6e2a51710050a4012be868a6330347da32bce604cd310e9e9c0746387240400b1e654aac6fe04df9c8582d828151662587d16e608e6a721078d9ce1e49b8866ad576743154910bf20cbf00ce1acf6cd7782ce97ec2bf2710145c1c768286fd6b4d3e3f6216cf667593b8233e73f5a8e130cdb38c4c02c9bc8cb9bedb55ac56404296318f051b0a582fe268a989160972a0fa3ba9df623dbd52c543c430a72d88026f93ad66538cd60a3158dccf8094eb16fa68748fe3c7ca895eb637c07e0a2f6c25b854b4adbbb204341fca803b67c80df6bfc1b9d06166b5b5765a5252139c97d7c3f7184f5f5d6e5514a34b3b7e35a25e48764075b79ddffc80dd4522c58a02c8f5f4f7c121b2a24074b4ea4", 0x190, 0x0, 0x0, 0x0) ioctl$SOUND_MIXER_READ_VOLUME(r0, 0x40086603, &(0x7f0000000040)) 1.028660472s ago: executing program 2 (id=494): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10c4, 0xea90, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) r1 = syz_io_uring_setup(0x112, &(0x7f0000000140), &(0x7f0000000240)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x5, 0x0, 0x0}) io_uring_enter(r1, 0x47f6, 0xb277, 0x0, 0x0, 0x0) write$P9_RWRITE(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 275.510174ms ago: executing program 3 (id=495): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@u, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000003680)='sched_switch\x00', r0}, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000300)={0x84, @loopback, 0x4e22, 0x1, 'nq\x00', 0x0, 0x10000}, 0x2c) setsockopt$IP_VS_SO_SET_DEL(r1, 0x0, 0x483, &(0x7f0000001280)={0x20000000000084, @remote, 0x0, 0x200000001, 'sh\x00'}, 0x2c) 274.709318ms ago: executing program 3 (id=496): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) creat(&(0x7f0000000340)='./file0/file0\x00', 0x0) lsetxattr$security_capability(&(0x7f0000000180)='./file0/file0\x00', &(0x7f0000000100), 0x0, 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') lsetxattr$system_posix_acl(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='system.posix_acl_access\x00', &(0x7f00000007c0)={{}, {0x1, 0x4}, [], {0x4, 0x3}, [], {0x10, 0x4}, {0x20, 0x7}}, 0x24, 0x1) 252.558118ms ago: executing program 0 (id=497): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x30}, 0xc) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000140)="98", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)="93", 0x34000, 0x0, 0x0, 0x44) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000180)={0x0, 0x1}, 0x8) sendmsg$inet6(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000002c0)="b9", 0x1}], 0x1}, 0x4010) 248.112953ms ago: executing program 3 (id=498): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f00000000c0)='@', 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) recvmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000c00)=""/4111, 0x100f}], 0x1}}], 0x1, 0x122, 0x0) 0s ago: executing program 3 (id=499): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x46d, 0xc295, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, {0x9}}}]}}]}}, 0x0) syz_usb_connect$uac1(0x0, 0x7e, &(0x7f0000000300)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6c, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@mixer_unit={0x5}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x8}]}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0xee, {0x7, 0x25, 0x1, 0x2}}}}}}}]}}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="043e1f0a"], 0x22) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:24804' (ED25519) to the list of known hosts. [ 40.819936][ T5334] cgroup: Unknown subsys name 'net' [ 40.946544][ T5334] cgroup: Unknown subsys name 'cpuset' [ 40.950846][ T5334] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 41.887460][ T5334] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 44.465898][ T5353] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 44.471540][ T5358] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 44.474382][ T5358] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 44.476275][ T5355] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 44.477194][ T5358] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 44.480036][ T5355] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 44.482689][ T5360] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 44.485169][ T5355] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 44.487260][ T5360] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 44.489776][ T5355] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 44.492513][ T5360] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 44.494318][ T5355] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 44.496726][ T5360] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 44.499379][ T5355] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 44.502150][ T5360] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 44.503841][ T5355] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 44.504954][ T5359] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 44.505929][ T5359] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 44.505979][ T5360] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 44.506458][ T5360] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 44.506822][ T5360] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 44.507035][ T5360] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 44.524742][ T5349] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 44.528099][ T5353] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 44.732612][ T5344] chnl_net:caif_netlink_parms(): no params data found [ 44.755465][ T5345] chnl_net:caif_netlink_parms(): no params data found [ 44.760080][ T5351] chnl_net:caif_netlink_parms(): no params data found [ 44.798354][ T5356] chnl_net:caif_netlink_parms(): no params data found [ 44.884306][ T5344] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.886582][ T5344] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.888677][ T5344] bridge_slave_0: entered allmulticast mode [ 44.890744][ T5344] bridge_slave_0: entered promiscuous mode [ 44.894052][ T5344] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.895838][ T5344] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.897691][ T5344] bridge_slave_1: entered allmulticast mode [ 44.900157][ T5344] bridge_slave_1: entered promiscuous mode [ 44.944830][ T5345] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.947360][ T5345] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.949974][ T5345] bridge_slave_0: entered allmulticast mode [ 44.952808][ T5345] bridge_slave_0: entered promiscuous mode [ 44.956289][ T5345] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.958756][ T5345] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.961369][ T5345] bridge_slave_1: entered allmulticast mode [ 44.964117][ T5345] bridge_slave_1: entered promiscuous mode [ 45.018253][ T5344] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.060635][ T5351] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.063015][ T5351] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.065462][ T5351] bridge_slave_0: entered allmulticast mode [ 45.067960][ T5351] bridge_slave_0: entered promiscuous mode [ 45.074438][ T5351] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.076805][ T5351] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.079359][ T5351] bridge_slave_1: entered allmulticast mode [ 45.081818][ T5351] bridge_slave_1: entered promiscuous mode [ 45.085313][ T5344] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.103051][ T5356] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.104966][ T5356] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.106843][ T5356] bridge_slave_0: entered allmulticast mode [ 45.108982][ T5356] bridge_slave_0: entered promiscuous mode [ 45.173731][ T5356] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.175722][ T5356] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.177542][ T5356] bridge_slave_1: entered allmulticast mode [ 45.179983][ T5356] bridge_slave_1: entered promiscuous mode [ 45.194198][ T5345] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.198994][ T5344] team0: Port device team_slave_0 added [ 45.202808][ T5351] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.216391][ T5345] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.222519][ T5344] team0: Port device team_slave_1 added [ 45.225310][ T5351] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.228991][ T5356] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.232948][ T5356] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.291653][ T5345] team0: Port device team_slave_0 added [ 45.306874][ T5344] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.309511][ T5344] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.318236][ T5344] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.333764][ T5351] team0: Port device team_slave_0 added [ 45.337016][ T5351] team0: Port device team_slave_1 added [ 45.348849][ T5356] team0: Port device team_slave_0 added [ 45.352627][ T5345] team0: Port device team_slave_1 added [ 45.355128][ T5344] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.357513][ T5344] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.367205][ T5344] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.381306][ T5356] team0: Port device team_slave_1 added [ 45.410648][ T5351] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.412502][ T5351] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.420263][ T5351] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.444879][ T5345] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.447412][ T5345] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.457553][ T5345] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.462515][ T5351] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.464955][ T5351] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.476840][ T5351] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.481642][ T5356] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.484092][ T5356] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.493316][ T5356] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.511558][ T5345] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.514039][ T5345] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.523458][ T5345] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.534339][ T5356] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.536764][ T5356] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.547407][ T5356] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.573284][ T5344] hsr_slave_0: entered promiscuous mode [ 45.576704][ T5344] hsr_slave_1: entered promiscuous mode [ 45.667854][ T5345] hsr_slave_0: entered promiscuous mode [ 45.670929][ T5345] hsr_slave_1: entered promiscuous mode [ 45.674201][ T5345] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 45.677014][ T5345] Cannot create hsr debugfs directory [ 45.698336][ T5356] hsr_slave_0: entered promiscuous mode [ 45.702565][ T5356] hsr_slave_1: entered promiscuous mode [ 45.705823][ T5356] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 45.708464][ T5356] Cannot create hsr debugfs directory [ 45.713870][ T5351] hsr_slave_0: entered promiscuous mode [ 45.717246][ T5351] hsr_slave_1: entered promiscuous mode [ 45.720909][ T5351] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 45.723466][ T5351] Cannot create hsr debugfs directory [ 46.070646][ T5344] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 46.079087][ T5344] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 46.084879][ T5344] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 46.089408][ T5344] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 46.112864][ T5345] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 46.116702][ T5345] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 46.120429][ T5345] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 46.124372][ T5345] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 46.152592][ T5356] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 46.155743][ T5356] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 46.160437][ T5356] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 46.163527][ T5356] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 46.200856][ T5351] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 46.205110][ T5351] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 46.216082][ T5351] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 46.220798][ T5351] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 46.273718][ T5344] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.279782][ T5345] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.293107][ T5345] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.312314][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.314202][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.317006][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.318804][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.324188][ T5344] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.333703][ T5356] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.342993][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.344760][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.360664][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.363143][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.384709][ T5356] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.390212][ T5351] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.397583][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.400108][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.413133][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.415699][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.442727][ T5351] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.452782][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.454820][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.459660][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.461607][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.565348][ T5344] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.590528][ T4790] Bluetooth: hci3: command tx timeout [ 46.591914][ T5356] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.600028][ T4790] Bluetooth: hci1: command tx timeout [ 46.602182][ T4790] Bluetooth: hci2: command tx timeout [ 46.604250][ T4790] Bluetooth: hci0: command tx timeout [ 46.613985][ T5344] veth0_vlan: entered promiscuous mode [ 46.621784][ T5344] veth1_vlan: entered promiscuous mode [ 46.626001][ T5345] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.631828][ T5351] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.666430][ T5356] veth0_vlan: entered promiscuous mode [ 46.670223][ T5344] veth0_macvtap: entered promiscuous mode [ 46.684397][ T5344] veth1_macvtap: entered promiscuous mode [ 46.693562][ T5356] veth1_vlan: entered promiscuous mode [ 46.697587][ T5351] veth0_vlan: entered promiscuous mode [ 46.707863][ T5351] veth1_vlan: entered promiscuous mode [ 46.712531][ T5344] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.724907][ T5344] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.728827][ T5345] veth0_vlan: entered promiscuous mode [ 46.734529][ T5344] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.736978][ T5344] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.739264][ T5344] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.742354][ T5344] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.747409][ T5345] veth1_vlan: entered promiscuous mode [ 46.758459][ T5356] veth0_macvtap: entered promiscuous mode [ 46.773679][ T5351] veth0_macvtap: entered promiscuous mode [ 46.778430][ T5356] veth1_macvtap: entered promiscuous mode [ 46.785454][ T5351] veth1_macvtap: entered promiscuous mode [ 46.819545][ T5356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.822349][ T5356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.825525][ T5356] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.833537][ T5351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.836440][ T5351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.838995][ T5351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.841877][ T5351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.845102][ T5351] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.848907][ T5351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.852910][ T5351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.857212][ T5351] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.862272][ T5356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.865304][ T5356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.868028][ T5356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.871495][ T5356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.874797][ T5356] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.878050][ T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.879951][ T5356] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.880440][ T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.882489][ T5356] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.886695][ T5356] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.888971][ T5356] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.895916][ T5345] veth0_macvtap: entered promiscuous mode [ 46.899607][ T5345] veth1_macvtap: entered promiscuous mode [ 46.909245][ T5351] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.912398][ T5351] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.915369][ T5351] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.918387][ T5351] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.924009][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.926305][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.934293][ T5345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.937349][ T5345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.941241][ T5345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.944443][ T5345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.947816][ T5345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.951971][ T5345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.956951][ T5345] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.978176][ T5345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.981549][ T5344] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 46.982135][ T5345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.989143][ T5345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.992077][ T5345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.994684][ T5345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.997418][ T5345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.000714][ T5345] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.009131][ T5345] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.013247][ T5345] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.015570][ T5345] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.017847][ T5345] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.027930][ T1096] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.030102][ T1096] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.053493][ T5413] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 47.070192][ T1096] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.072495][ T1096] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.078348][ T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.082259][ T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.111597][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.113886][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.119140][ T1096] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.122238][ T1096] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.133849][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.140220][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.193585][ C0] Unknown status report in ack skb [ 47.246862][ T5429] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7'. [ 47.297153][ T5433] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8'. [ 47.299739][ T5433] netlink: 'syz.2.8': attribute type 6 has an invalid length. [ 47.305321][ T5433] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 47.307717][ T5433] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 47.310095][ T5433] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 47.312393][ T5433] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 47.315788][ T5433] vxlan0: entered promiscuous mode [ 47.336937][ T5435] Driver unsupported XDP return value 0 on prog (id 4) dev N/A, expect packet loss! [ 47.340745][ T56] IPVS: starting estimator thread 0... [ 47.429439][ T5438] IPVS: using max 34 ests per chain, 81600 per kthread [ 47.986783][ T5480] netlink: 4 bytes leftover after parsing attributes in process `syz.3.29'. [ 48.037377][ C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 48.197282][ T5503] Bluetooth: MGMT ver 1.23 [ 48.245572][ T5507] syzkaller0: entered allmulticast mode [ 48.293292][ T5509] netlink: 4 bytes leftover after parsing attributes in process `syz.3.43'. [ 48.419968][ T56] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 48.457936][ T5519] syz.1.48 uses obsolete (PF_INET,SOCK_PACKET) [ 48.591125][ T56] usb 5-1: Using ep0 maxpacket: 8 [ 48.595811][ T56] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 48.601016][ T56] usb 5-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.00 [ 48.604371][ T56] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 48.616569][ T56] usb 5-1: config 0 descriptor?? [ 48.626529][ T56] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 48.670489][ T4790] Bluetooth: hci0: command tx timeout [ 48.671506][ T5353] Bluetooth: hci2: command tx timeout [ 48.671529][ T5349] Bluetooth: hci3: command tx timeout [ 48.675429][ T5359] Bluetooth: hci1: command tx timeout [ 48.831640][ T5500] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 48.842255][ T5500] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 48.866195][ T1293] usb 5-1: USB disconnect, device number 2 [ 49.452988][ T5536] netlink: 12 bytes leftover after parsing attributes in process `syz.0.55'. [ 49.456248][ T5536] netlink: 'syz.0.55': attribute type 20 has an invalid length. [ 49.545653][ T5539] netlink: 12 bytes leftover after parsing attributes in process `syz.3.56'. [ 49.548637][ T5539] netlink: 'syz.3.56': attribute type 5 has an invalid length. [ 49.553022][ T5539] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 49.555306][ T5539] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 49.557534][ T5539] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 49.559864][ T5539] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 49.562230][ T5539] vxlan0: entered promiscuous mode [ 49.593143][ T9] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 49.750798][ T9] usb 7-1: config 0 has no interfaces? [ 49.752637][ T9] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 49.755620][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 49.759764][ T9] usb 7-1: config 0 descriptor?? [ 50.135742][ T30] usb 7-1: USB disconnect, device number 2 [ 50.563154][ T5559] input: syz1 as /devices/virtual/input/input5 [ 50.749776][ T5359] Bluetooth: hci2: command tx timeout [ 50.750441][ T4790] Bluetooth: hci0: command tx timeout [ 50.752121][ T5353] Bluetooth: hci3: command tx timeout [ 50.949426][ T1285] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 50.949496][ T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 51.100100][ T1285] usb 7-1: Using ep0 maxpacket: 32 [ 51.105247][ T1285] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 51.108220][ T1285] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 51.111314][ T1285] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 51.114395][ T1285] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 51.119178][ T1285] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 51.119903][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 51.122660][ T1285] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 51.129141][ T1285] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 51.130397][ T9] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 51.132361][ T1285] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.135087][ T9] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 51.139418][ T1285] usb 7-1: config 0 descriptor?? [ 51.141047][ T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 51.145713][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 51.149082][ T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 51.153383][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 51.157855][ T9] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 51.161505][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.169262][ T9] usb 5-1: config 0 descriptor?? [ 51.191815][ T8] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 51.198093][ T8] hid-generic 0000:0000:0000.0002: hidraw1: HID v0.00 Device [syz1] on syz0 [ 51.289368][ T30] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 51.357035][ T1285] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 51.370488][ T1285] usb 7-1: USB disconnect, device number 3 [ 51.375068][ T1285] usblp0: removed [ 51.383779][ T9] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 51.390808][ T9] usb 5-1: USB disconnect, device number 3 [ 51.396398][ T9] usblp0: removed [ 51.429444][ T5410] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 51.442129][ T30] usb 8-1: config index 0 descriptor too short (expected 45, got 36) [ 51.444752][ T30] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 51.448443][ T30] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 51.452116][ T30] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 51.455495][ T30] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 51.457815][ T30] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.460942][ T30] usb 8-1: config 0 descriptor?? [ 51.462727][ T5577] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 51.643146][ T5410] usb 6-1: unable to get BOS descriptor or descriptor too short [ 51.653373][ T5410] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 51.656311][ T5410] usb 6-1: can't read configurations, error -71 [ 51.799422][ T8] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 51.819466][ T1285] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 51.877757][ T30] plantronics 0003:047F:FFFF.0003: unknown main item tag 0xd [ 51.881888][ T30] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 51.888225][ T30] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 51.949497][ T8] usb 7-1: Using ep0 maxpacket: 32 [ 51.952414][ T8] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 51.954705][ T8] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 51.956996][ T8] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 51.959495][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 51.962219][ T8] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 51.965203][ T8] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 51.968679][ T8] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 51.969473][ T1285] usb 5-1: Using ep0 maxpacket: 32 [ 51.971210][ T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.973977][ T1285] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 51.976273][ T8] usb 7-1: config 0 descriptor?? [ 51.977933][ T1285] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 51.982091][ T1285] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 51.984653][ T1285] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 51.987147][ T1285] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 51.990283][ T1285] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 51.993811][ T1285] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 51.996653][ T1285] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 52.000389][ T1285] usb 5-1: config 0 descriptor?? [ 52.143307][ T9] usb 8-1: USB disconnect, device number 2 [ 52.184170][ T5584] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks [ 52.189834][ T8] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 52.213953][ T1285] usblp 5-1:0.0: usblp1: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 52.251530][ T5586] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 52.254582][ T5586] overlayfs: failed to set uuid (17/file1, err=-1); falling back to uuid=null. [ 52.262326][ T5586] evm: overlay not supported [ 52.392098][ T9] usb 7-1: USB disconnect, device number 4 [ 52.397296][ T9] usblp0: removed [ 52.486987][ T5588] dummy0: entered promiscuous mode [ 52.731879][ T5598] netlink: 4 bytes leftover after parsing attributes in process `syz.1.78'. [ 52.777381][ T5604] dccp_flush_write_queue: CCID did not manage to send all packets [ 52.829212][ T5607] netlink: 12 bytes leftover after parsing attributes in process `syz.1.81'. [ 52.832372][ T5353] Bluetooth: hci0: command tx timeout [ 52.837965][ T5607] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 52.839450][ T5353] Bluetooth: hci3: command tx timeout [ 52.841023][ T5607] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 52.842595][ T5353] Bluetooth: hci2: command tx timeout [ 52.845426][ T5607] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 52.850050][ T5607] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 52.853377][ T5607] vxlan0: entered promiscuous mode [ 53.650707][ T5632] netlink: 4 bytes leftover after parsing attributes in process `syz.1.92'. [ 53.653624][ T5629] dccp_close: ABORT with 65475 bytes unread [ 53.659154][ T5632] netlink: 12 bytes leftover after parsing attributes in process `syz.1.92'. [ 53.724723][ T35] usb 5-1: USB disconnect, device number 4 [ 53.729902][ T35] usblp1: removed [ 53.829904][ T5646] netlink: 56 bytes leftover after parsing attributes in process `syz.2.97'. [ 53.882290][ T5648] netlink: 4 bytes leftover after parsing attributes in process `syz.2.98'. [ 54.136098][ T5655] netlink: 4 bytes leftover after parsing attributes in process `syz.2.100'. [ 54.139069][ T5655] netlink: 12 bytes leftover after parsing attributes in process `syz.2.100'. [ 54.378400][ T5666] netlink: 'syz.0.105': attribute type 4 has an invalid length. [ 54.458202][ T5670] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 54.549571][ T5674] netlink: 20 bytes leftover after parsing attributes in process `syz.3.109'. [ 54.620823][ T5675] overlayfs: failed to resolve './file1': -2 [ 54.670637][ T4790] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 54.673437][ T4790] Bluetooth: hci1: Injecting HCI hardware error event [ 54.678021][ T5353] Bluetooth: hci1: hardware error 0x00 [ 54.814218][ T4790] Bluetooth: hci0: unexpected cc 0x2007 length: 100 > 2 [ 55.023237][ T5692] netlink: 'syz.0.115': attribute type 1 has an invalid length. [ 55.130137][ T5692] bond1: (slave veth1_to_hsr): Enslaving as a backup interface with an up link [ 55.450500][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.480910][ T1293] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 55.540236][ T5707] netlink: 20 bytes leftover after parsing attributes in process `syz.2.122'. [ 55.603402][ T5708] overlayfs: failed to resolve './file1': -2 [ 55.634290][ T1293] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 55.640669][ T1293] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 55.645136][ T1293] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 55.649029][ T1293] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 55.655719][ T1293] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 55.658806][ T1293] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.663353][ T1293] usb 5-1: config 0 descriptor?? [ 55.670055][ T5697] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 55.729397][ T35] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 55.902581][ T35] usb 6-1: config index 0 descriptor too short (expected 45, got 36) [ 55.904737][ T35] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 55.907557][ T35] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 55.910521][ T35] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 55.912031][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 55.913833][ T35] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 55.918971][ T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.924359][ T35] usb 6-1: config 0 descriptor?? [ 55.926115][ T5705] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 56.094026][ T1293] plantronics 0003:047F:FFFF.0004: unknown main item tag 0xd [ 56.100008][ T1293] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 56.104443][ T1293] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 56.112928][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 56.291504][ T5697] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 56.300645][ T5697] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 56.385272][ T5697] plantronics 0003:047F:FFFF.0004: implement() called with too large value 4129042 (n: 0)! (syz.0.117) [ 56.389500][ T5697] plantronics 0003:047F:FFFF.0004: implement() called with too large value 1073741824 (n: 0)! (syz.0.117) [ 56.393477][ T5697] plantronics 0003:047F:FFFF.0004: implement() called with too large value -64385 (n: 0)! (syz.0.117) [ 56.397389][ T5697] plantronics 0003:047F:FFFF.0004: implement() called with too large value 34144512 (n: 0)! (syz.0.117) [ 56.401329][ T5697] plantronics 0003:047F:FFFF.0004: implement() called with too large value 65572 (n: 0)! (syz.0.117) [ 56.405179][ T5697] plantronics 0003:047F:FFFF.0004: implement() called with too large value 150994944 (n: 0)! (syz.0.117) [ 56.409145][ T5697] plantronics 0003:047F:FFFF.0004: implement() called with too large value 352321540 (n: 0)! (syz.0.117) [ 56.413494][ T5697] plantronics 0003:047F:FFFF.0004: implement() called with too large value 3 (n: 0)! (syz.0.117) [ 56.417131][ T5697] plantronics 0003:047F:FFFF.0004: implement() called with too large value 4202761 (n: 0)! (syz.0.117) [ 56.421037][ T5697] plantronics 0003:047F:FFFF.0004: implement() called with too large value 253886720 (n: 0)! (syz.0.117) [ 56.425043][ T5697] plantronics 0003:047F:FFFF.0004: implement() called with too large value -16447232 (n: 0)! (syz.0.117) [ 56.428885][ T5697] plantronics 0003:047F:FFFF.0004: implement() called with too large value -1 (n: 0)! (syz.0.117) [ 56.432658][ T5697] plantronics 0003:047F:FFFF.0004: implement() called with too large value 16777215 (n: 0)! (syz.0.117) [ 56.751797][ T5353] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 56.989406][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 57.424798][ T35] usbhid 6-1:0.0: can't add hid device: -71 [ 57.426996][ T35] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 57.441459][ T35] usb 6-1: USB disconnect, device number 4 [ 58.207145][ T5744] syzkaller0: entered promiscuous mode [ 58.208617][ T5744] syzkaller0: entered allmulticast mode [ 58.221870][ T9] usb 5-1: USB disconnect, device number 5 [ 58.429516][ T5353] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 58.432665][ T5353] Bluetooth: hci0: Injecting HCI hardware error event [ 58.436032][ T4790] Bluetooth: hci0: hardware error 0x00 [ 58.869520][ T5756] __nla_validate_parse: 1 callbacks suppressed [ 58.869531][ T5756] netlink: 20 bytes leftover after parsing attributes in process `syz.2.138'. [ 58.953783][ T5757] overlayfs: failed to resolve './file1': -2 [ 60.313752][ T5802] Cannot find add_set index 0 as target [ 60.510475][ T4790] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 60.516961][ T5747] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 60.522027][ T5747] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 60.542458][ T5747] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 60.544622][ T5747] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 60.594608][ T5809] random: crng reseeded on system resumption [ 60.695699][ T5811] syzkaller0: entered promiscuous mode [ 60.697553][ T5811] syzkaller0: entered allmulticast mode [ 60.705642][ T1096] syzkaller0: tun_net_xmit 48 [ 60.716691][ T5811] syzkaller0: tun_net_xmit 1280 [ 60.718533][ T5811] syzkaller0: create flow: hash 2321274707 index 1 [ 60.738569][ T5810] syzkaller0: delete flow: hash 2321274707 index 1 [ 60.946313][ T5823] Bluetooth: (null): Invalid header checksum [ 61.076802][ T5829] netlink: 20 bytes leftover after parsing attributes in process `syz.0.155'. [ 61.143361][ T5832] overlayfs: failed to resolve './file1': -2 [ 61.157739][ T5833] netlink: 20 bytes leftover after parsing attributes in process `syz.3.157'. [ 61.243868][ T5835] overlayfs: failed to resolve './file1': -2 [ 61.629039][ T5847] netlink: 36 bytes leftover after parsing attributes in process `syz.1.160'. [ 62.539488][ T63] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 62.609588][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 62.700994][ T63] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 62.705260][ T63] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 62.713467][ T63] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 62.717620][ T63] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 62.722192][ T63] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 62.725430][ T63] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.733390][ T63] usb 6-1: config 0 descriptor?? [ 62.736174][ T5849] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 63.173506][ T63] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 63.175716][ T63] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 63.178274][ T63] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 63.182712][ T63] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 63.185046][ T63] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 63.187324][ T63] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 63.199418][ T63] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 63.201911][ T63] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 63.204460][ T63] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 63.207493][ T63] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 63.211141][ T63] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 63.213679][ T63] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 63.216579][ T63] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 63.219836][ T63] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 63.222000][ T63] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 63.224166][ T63] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving [ 63.232269][ T63] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 63.289414][ T5390] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 63.460491][ T5390] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 63.464379][ T5390] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 63.467421][ T5390] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 63.471199][ T5390] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 63.474363][ T5390] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 63.476645][ T5390] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 63.482474][ T5390] usb 5-1: config 0 descriptor?? [ 63.485728][ T5849] usb 6-1: language id specifier not provided by device, defaulting to English [ 63.486759][ T5882] IPVS: sync thread started: state = MASTER, mcast_ifn = vlan1, syncid = 0, id = 0 [ 63.692347][ T5887] input: syz1 as /devices/virtual/input/input8 [ 63.860485][ T5892] netlink: 20 bytes leftover after parsing attributes in process `syz.3.177'. [ 63.888599][ T5849] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 63.893377][ T5849] overlayfs: missing 'lowerdir' [ 63.902831][ T5390] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 63.909389][ T1293] usb 6-1: USB disconnect, device number 5 [ 63.915224][ T5390] plantronics 0003:047F:FFFF.0006: hiddev1,hidraw2: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 63.937052][ T5893] overlayfs: failed to resolve './file1': -2 [ 64.229511][ T9] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 64.401463][ T9] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 64.408218][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.416715][ T9] usb 7-1: config 0 descriptor?? [ 64.553183][ T5901] netlink: 4 bytes leftover after parsing attributes in process `syz.1.179'. [ 64.635348][ T9] ath6kl: Failed to submit usb control message: -71 [ 64.643544][ T9] ath6kl: unable to send the bmi data to the device: -71 [ 64.646592][ T9] ath6kl: Unable to send get target info: -71 [ 64.661014][ T9] ath6kl: Failed to init ath6kl core: -71 [ 64.672754][ T9] ath6kl_usb 7-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 64.686072][ T9] usb 7-1: USB disconnect, device number 5 [ 65.550384][ T5921] netlink: 20 bytes leftover after parsing attributes in process `syz.2.187'. [ 65.550402][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 65.569158][ T5923] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks [ 65.626917][ T5926] overlayfs: failed to resolve './file1': -2 [ 66.061096][ T1415] usb 5-1: USB disconnect, device number 6 [ 66.462208][ T5938] netlink: 52 bytes leftover after parsing attributes in process `syz.3.193'. [ 66.520744][ T5940] netlink: 20 bytes leftover after parsing attributes in process `syz.1.194'. [ 66.588365][ T5942] overlayfs: failed to resolve './file1': -2 [ 66.663616][ T5946] netlink: 20 bytes leftover after parsing attributes in process `syz.3.197'. [ 66.664432][ T5948] netlink: 12 bytes leftover after parsing attributes in process `syz.2.195'. [ 66.744475][ T5952] overlayfs: failed to resolve './file1': -2 [ 66.936401][ T5957] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 66.938344][ T5957] overlayfs: failed to set xattr on upper [ 66.940469][ T5957] overlayfs: ...falling back to redirect_dir=nofollow. [ 66.942249][ T5957] overlayfs: ...falling back to index=off. [ 66.943750][ T5957] overlayfs: ...falling back to uuid=null. [ 67.285704][ T5962] netlink: 4 bytes leftover after parsing attributes in process `syz.2.201'. [ 67.416319][ T5967] netlink: 20 bytes leftover after parsing attributes in process `syz.2.203'. [ 67.473209][ T5968] overlayfs: failed to resolve './file1': -2 [ 68.058431][ T39] audit: type=1326 audit(1728839390.404:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5970 comm="syz.1.204" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7ff2579 code=0x0 [ 69.029519][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 69.092754][ T5984] binder_alloc: 5983: binder_alloc_buf, no vma [ 69.242764][ T5989] process 'syz.2.210' launched './file0' with NULL argv: empty string added [ 69.291240][ T5992] netlink: 20 bytes leftover after parsing attributes in process `syz.0.211'. [ 69.351519][ T5993] overlayfs: failed to resolve './file1': -2 [ 69.644664][ T6003] trusted_key: syz.3.214 sent an empty control message without MSG_MORE. [ 69.969449][ T39] audit: type=1800 audit(1728839392.314:3): pid=5989 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.210" name="/" dev="fuse" ino=0 res=0 errno=0 [ 70.069706][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 70.072760][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 70.075873][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 70.409507][ T35] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 70.569582][ T35] usb 7-1: Using ep0 maxpacket: 32 [ 70.595572][ T35] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 314 [ 70.602205][ T35] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 70.605400][ T35] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 70.608230][ T35] usb 7-1: Product: syz [ 70.610521][ T35] usb 7-1: Manufacturer: syz [ 70.612240][ T35] usb 7-1: SerialNumber: syz [ 70.613969][ T6030] netlink: 28 bytes leftover after parsing attributes in process `syz.1.223'. [ 70.618146][ T6030] netlink: 8 bytes leftover after parsing attributes in process `syz.1.223'. [ 70.620669][ T6021] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 70.688321][ T6034] netlink: 20 bytes leftover after parsing attributes in process `syz.1.225'. [ 70.748264][ T6036] xt_TCPMSS: Only works on TCP SYN packets [ 70.752555][ T1378] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.754787][ T1378] ieee802154 phy1 wpan1: encryption failed: -22 [ 70.755872][ T6037] overlayfs: failed to resolve './file1': -2 [ 70.834484][ T35] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 6 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 70.851593][ T6041] netlink: 'syz.3.228': attribute type 11 has an invalid length. [ 70.978250][ T6047] netlink: 'syz.0.230': attribute type 10 has an invalid length. [ 70.992725][ T6047] bond0: (slave netdevsim0): Enslaving as an active interface with a down link [ 71.076261][ C2] usblp0: nonzero write bulk status received: -71 [ 71.079355][ T5390] usb 7-1: USB disconnect, device number 6 [ 71.083627][ T5390] usblp0: removed [ 71.095336][ T6049] binder: 6048:6049 ioctl c0306201 20005dc0 returned -11 [ 71.396084][ T6064] syzkaller0: entered promiscuous mode [ 71.397951][ T6064] syzkaller0: entered allmulticast mode [ 72.490496][ T6086] binder: transaction release 35 bad handle 1, ret = -22 [ 72.821791][ T6088] netlink: 24 bytes leftover after parsing attributes in process `syz.2.246'. [ 72.941228][ T6095] netlink: 20 bytes leftover after parsing attributes in process `syz.0.248'. [ 73.023940][ T6104] overlayfs: failed to resolve './file1': -2 [ 73.084520][ C2] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 73.288002][ T6116] netlink: 4 bytes leftover after parsing attributes in process `syz.3.254'. [ 74.125020][ T6130] kernel profiling enabled (shift: 0) [ 74.204365][ T6133] netlink: 20 bytes leftover after parsing attributes in process `syz.2.259'. [ 74.298031][ T6135] overlayfs: failed to resolve './file1': -2 [ 74.799413][ T1415] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 74.970816][ T1415] usb 6-1: config 0 has no interfaces? [ 74.972831][ T1415] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 74.976049][ T1415] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.980665][ T1415] usb 6-1: config 0 descriptor?? [ 75.162258][ T6158] Bluetooth: MGMT ver 1.23 [ 75.204836][ T1293] usb 6-1: USB disconnect, device number 6 [ 75.794826][ T6160] IPv4: Oversized IP packet from 172.20.20.24 [ 75.798498][ C2] IPv4: Oversized IP packet from 172.20.20.24 [ 75.801246][ C2] IPv4: Oversized IP packet from 172.20.20.24 [ 76.085589][ T6170] fuse: Invalid rootmode [ 76.098236][ T6167] netlink: 12 bytes leftover after parsing attributes in process `syz.3.272'. [ 76.159621][ T1285] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 76.313167][ T1285] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 76.316365][ T1285] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 76.319411][ T1285] usb 6-1: Product: syz [ 76.320968][ T1285] usb 6-1: Manufacturer: syz [ 76.322527][ T1285] usb 6-1: SerialNumber: syz [ 76.329376][ T1285] usb 6-1: config 0 descriptor?? [ 76.540660][ T1415] usb 6-1: USB disconnect, device number 7 [ 76.760110][ T6162] Invalid option length (1031570) for dns_resolver key [ 77.104127][ T6208] syz.2.284: attempt to access beyond end of device [ 77.104127][ T6208] loop2: rw=0, sector=64, nr_sectors = 1 limit=0 [ 77.108500][ T6208] syz.2.284: attempt to access beyond end of device [ 77.108500][ T6208] loop2: rw=0, sector=256, nr_sectors = 1 limit=0 [ 77.112165][ T6208] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 77.115568][ T6208] syz.2.284: attempt to access beyond end of device [ 77.115568][ T6208] loop2: rw=0, sector=512, nr_sectors = 1 limit=0 [ 77.119052][ T6208] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 [ 77.122481][ T6208] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 77.124480][ T6208] UDF-fs: Scanning with blocksize 512 failed [ 77.126874][ T6208] syz.2.284: attempt to access beyond end of device [ 77.126874][ T6208] loop2: rw=0, sector=64, nr_sectors = 2 limit=0 [ 77.130361][ T6208] syz.2.284: attempt to access beyond end of device [ 77.130361][ T6208] loop2: rw=0, sector=512, nr_sectors = 2 limit=0 [ 77.133902][ T6208] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 77.136592][ T6208] syz.2.284: attempt to access beyond end of device [ 77.136592][ T6208] loop2: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 77.140584][ T6208] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 [ 77.144860][ T6208] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 77.147701][ T6208] UDF-fs: Scanning with blocksize 1024 failed [ 77.160224][ T6208] syz.2.284: attempt to access beyond end of device [ 77.160224][ T6208] loop2: rw=0, sector=64, nr_sectors = 4 limit=0 [ 77.165132][ T6208] syz.2.284: attempt to access beyond end of device [ 77.165132][ T6208] loop2: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 77.182747][ T6208] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 77.186379][ T6208] syz.2.284: attempt to access beyond end of device [ 77.186379][ T6208] loop2: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 77.191648][ T6208] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 [ 77.195084][ T6208] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 77.197831][ T6208] UDF-fs: Scanning with blocksize 2048 failed [ 77.200539][ T6208] syz.2.284: attempt to access beyond end of device [ 77.200539][ T6208] loop2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 77.206067][ T6208] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 77.209991][ T6208] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 [ 77.213433][ T6208] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 77.216682][ T6208] UDF-fs: Scanning with blocksize 4096 failed [ 77.218928][ T6208] UDF-fs: warning (device loop2): udf_fill_super: No partition found (1) [ 77.365207][ T6221] syz.2.289[6221] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 77.365286][ T6221] syz.2.289[6221] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 77.369141][ T6221] syz.2.289[6221] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 78.531556][ T6250] netlink: 20 bytes leftover after parsing attributes in process `syz.2.298'. [ 78.617573][ T6253] overlayfs: failed to resolve './file1': -2 [ 78.756867][ T6259] netlink: 20 bytes leftover after parsing attributes in process `syz.3.301'. [ 78.906598][ T6269] netlink: 4 bytes leftover after parsing attributes in process `syz.3.302'. [ 78.943090][ T6265] netlink: 8 bytes leftover after parsing attributes in process `syz.3.302'. [ 79.449724][ T6282] netlink: 4 bytes leftover after parsing attributes in process `syz.3.307'. [ 79.452754][ T6282] bridge_slave_1: left allmulticast mode [ 79.454640][ T6282] bridge_slave_1: left promiscuous mode [ 79.458292][ T6282] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.493118][ T6282] bridge_slave_0: left allmulticast mode [ 79.495082][ T6282] bridge_slave_0: left promiscuous mode [ 79.497078][ T6282] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.652937][ T6302] netlink: 20 bytes leftover after parsing attributes in process `syz.1.313'. [ 80.718111][ T6309] overlayfs: failed to resolve './file1': -2 [ 80.920912][ C3] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 80.965412][ T6326] IPv4: Oversized IP packet from 172.20.20.24 [ 80.967815][ C2] IPv4: Oversized IP packet from 172.20.20.24 [ 80.970237][ C2] IPv4: Oversized IP packet from 172.20.20.24 [ 80.972444][ C2] IPv4: Oversized IP packet from 172.20.20.24 [ 80.997674][ T25] cfg80211: failed to load regulatory.db [ 81.135718][ T6332] netlink: 20 bytes leftover after parsing attributes in process `syz.0.322'. [ 81.208820][ T6334] overlayfs: failed to resolve './file1': -2 [ 82.037234][ T6341] syzkaller0: entered promiscuous mode [ 82.038737][ T6341] syzkaller0: entered allmulticast mode [ 82.182312][ T63] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 82.330212][ T63] usb 8-1: too many configurations: 9, using maximum allowed: 8 [ 82.340311][ T63] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 82.343257][ T63] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 82.346018][ T63] usb 8-1: config 0 interface 0 has no altsetting 0 [ 82.349816][ T63] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 82.359412][ T63] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 82.362208][ T63] usb 8-1: config 0 interface 0 has no altsetting 0 [ 82.365208][ T63] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 82.367682][ T63] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 82.370698][ T63] usb 8-1: config 0 interface 0 has no altsetting 0 [ 82.373534][ T63] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 82.375982][ T63] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 82.378746][ T63] usb 8-1: config 0 interface 0 has no altsetting 0 [ 82.387195][ T63] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 82.389696][ T63] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 82.392625][ T63] usb 8-1: config 0 interface 0 has no altsetting 0 [ 82.399868][ T63] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 82.402368][ T63] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 82.409367][ T63] usb 8-1: config 0 interface 0 has no altsetting 0 [ 82.412608][ T63] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 82.416229][ T63] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 82.429380][ T63] usb 8-1: config 0 interface 0 has no altsetting 0 [ 82.432835][ T63] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 82.435425][ T63] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 82.438638][ T63] usb 8-1: config 0 interface 0 has no altsetting 0 [ 82.460408][ T63] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 82.463698][ T63] usb 8-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 82.466160][ T63] usb 8-1: Product: syz [ 82.467269][ T63] usb 8-1: Manufacturer: syz [ 82.468468][ T63] usb 8-1: SerialNumber: syz [ 82.479519][ T63] usb 8-1: config 0 descriptor?? [ 82.486714][ T63] yurex 8-1:0.0: USB YUREX device now attached to Yurex #0 [ 82.696614][ T9] usb 8-1: USB disconnect, device number 3 [ 82.700623][ T9] yurex 8-1:0.0: USB YUREX #0 now disconnected [ 83.972777][ T6371] netlink: 20 bytes leftover after parsing attributes in process `syz.0.335'. [ 84.048792][ T6372] overlayfs: failed to resolve './file1': -2 [ 84.453528][ C3] dccp_check_seqno: Step 6 failed for CLOSEREQ packet, (LSWL(208399403749248) <= P.seqno(208399403749247) <= S.SWH(208399403749322)) and (P.ackno exists or LAWL(132389856522768) <= P.ackno(132389856522768) <= S.AWH(132389856522786), sending SYNC... [ 84.584679][ T6379] netlink: 20 bytes leftover after parsing attributes in process `syz.1.337'. [ 84.815627][ T6380] overlayfs: failed to resolve './file1': -2 [ 86.325873][ T6386] netlink: 20 bytes leftover after parsing attributes in process `syz.2.338'. [ 86.397253][ T6387] overlayfs: failed to resolve './file1': -2 [ 86.950783][ T6392] tipc: Started in network mode [ 86.952909][ T6392] tipc: Node identity 7f000001, cluster identity 4711 [ 86.955456][ T6392] tipc: Enabled bearer , priority 10 [ 87.162460][ T6404] binder: 6399:6404 ioctl 4018620d 0 returned -22 [ 87.488867][ T39] audit: type=1804 audit(1728839409.834:4): pid=6412 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.344" name="/newroot/78/file0" dev="fuse" ino=1 res=1 errno=0 [ 88.081372][ T829] tipc: Node number set to 2130706433 [ 88.663929][ T6416] syzkaller0: entered promiscuous mode [ 88.665472][ T6416] syzkaller0: entered allmulticast mode [ 88.768039][ T6425] block device autoloading is deprecated and will be removed. [ 88.889615][ T829] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 89.043597][ T829] usb 8-1: too many configurations: 9, using maximum allowed: 8 [ 89.054044][ T829] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 89.060612][ T829] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 89.063729][ T829] usb 8-1: config 0 interface 0 has no altsetting 0 [ 89.071441][ T829] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 89.073839][ T829] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 89.076660][ T829] usb 8-1: config 0 interface 0 has no altsetting 0 [ 89.079173][ T829] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 89.081483][ T829] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 89.084260][ T829] usb 8-1: config 0 interface 0 has no altsetting 0 [ 89.086781][ T829] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 89.090789][ T829] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 89.093613][ T829] usb 8-1: config 0 interface 0 has no altsetting 0 [ 89.096099][ T829] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 89.098711][ T829] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 89.105963][ T829] usb 8-1: config 0 interface 0 has no altsetting 0 [ 89.115547][ T829] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 89.117913][ T829] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 89.120845][ T829] usb 8-1: config 0 interface 0 has no altsetting 0 [ 89.130796][ T829] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 89.133194][ T829] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 89.135867][ T829] usb 8-1: config 0 interface 0 has no altsetting 0 [ 89.147697][ T829] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 89.152583][ T829] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 89.155638][ T829] usb 8-1: config 0 interface 0 has no altsetting 0 [ 89.158891][ T829] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 89.162721][ T829] usb 8-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 89.165130][ T829] usb 8-1: Product: syz [ 89.166311][ T829] usb 8-1: Manufacturer: syz [ 89.167490][ T829] usb 8-1: SerialNumber: syz [ 89.173554][ T829] usb 8-1: config 0 descriptor?? [ 89.177331][ T829] yurex 8-1:0.0: USB YUREX device now attached to Yurex #0 [ 89.849429][ T829] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 90.009424][ T829] usb 5-1: Using ep0 maxpacket: 8 [ 90.015189][ T829] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 90.017704][ T829] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.019925][ T829] usb 5-1: Product: syz [ 90.021123][ T829] usb 5-1: Manufacturer: syz [ 90.022398][ T829] usb 5-1: SerialNumber: syz [ 90.100114][ T6437] netlink: 20 bytes leftover after parsing attributes in process `syz.1.352'. [ 90.178246][ T6438] overlayfs: failed to resolve './file1': -2 [ 90.232857][ T829] usblp 5-1:1.0: usblp1: USB Unidirectional printer dev 7 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 90.487797][ T5857] usb 5-1: USB disconnect, device number 7 [ 91.023734][ T6450] ======================================================= [ 91.023734][ T6450] WARNING: The mand mount option has been deprecated and [ 91.023734][ T6450] and is ignored by this kernel. Remove the mand [ 91.023734][ T6450] option from the mount to silence this warning. [ 91.023734][ T6450] ======================================================= [ 91.339365][ T1293] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 91.469576][ C2] usb 8-1: yurex_control_callback - control failed: -2 [ 91.473072][ T5857] usblp1: removed [ 91.474101][ T829] usb 8-1: USB disconnect, device number 4 [ 91.476732][ T829] yurex 8-1:0.0: USB YUREX #0 now disconnected [ 91.512684][ T1293] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 91.515561][ T1293] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 91.518042][ T1293] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 91.521647][ T1293] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 91.523970][ T1293] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.527323][ T1293] usb 7-1: config 0 descriptor?? [ 91.937034][ T1293] plantronics 0003:047F:FFFF.0007: ignoring exceeding usage max [ 91.941390][ T1293] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving [ 91.948575][ T1293] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 92.014040][ T6463] netlink: 20 bytes leftover after parsing attributes in process `syz.0.360'. [ 92.417123][ T6482] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 93.795509][ T6487] netlink: 20 bytes leftover after parsing attributes in process `syz.3.368'. [ 93.906727][ T6494] overlayfs: failed to resolve './file1': -2 [ 93.928526][ T6498] netlink: 20 bytes leftover after parsing attributes in process `syz.1.370'. [ 94.025507][ T6500] overlayfs: failed to resolve './file1': -2 [ 94.071325][ T829] usb 7-1: USB disconnect, device number 7 [ 95.874504][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 96.695635][ T6527] netlink: 16 bytes leftover after parsing attributes in process `syz.3.378'. [ 96.763567][ T39] audit: type=1326 audit(1728839419.114:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6529 comm="syz.3.379" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f31579 code=0x0 [ 97.049709][ T6536] netlink: 20 bytes leftover after parsing attributes in process `syz.2.381'. [ 97.107483][ T6537] overlayfs: failed to resolve './file1': -2 [ 97.343280][ T6541] binder: 6540:6541 ioctl c018620c 20000140 returned -22 [ 97.909434][ T829] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 98.079387][ T829] usb 8-1: Using ep0 maxpacket: 8 [ 98.083464][ T829] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 98.087207][ T829] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 98.090836][ T829] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 98.094332][ T829] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 98.099567][ T829] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 98.102699][ T829] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.215649][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 98.327533][ T829] usb 8-1: GET_CAPABILITIES returned 0 [ 98.334165][ T829] usbtmc 8-1:16.0: can't read capabilities [ 98.581017][ C2] usbtmc 8-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 98.584558][ T6555] usbtmc 8-1:16.0: Unable to send data, error -71 [ 98.587832][ T1415] usb 8-1: USB disconnect, device number 5 [ 99.939004][ T6590] netlink: 20 bytes leftover after parsing attributes in process `syz.0.396'. [ 100.001114][ T6591] overlayfs: failed to resolve './file1': -2 [ 100.307337][ T6599] netlink: 'syz.0.398': attribute type 7 has an invalid length. [ 100.319602][ T6599] netlink: 'syz.0.398': attribute type 39 has an invalid length. [ 100.335902][ T6599] bridge1: port 1(gretap1) entered blocking state [ 100.338356][ T6599] bridge1: port 1(gretap1) entered disabled state [ 100.341632][ T6599] gretap1: entered allmulticast mode [ 100.344310][ T6599] gretap1: entered promiscuous mode [ 100.348753][ T6599] netlink: 'syz.0.398': attribute type 7 has an invalid length. [ 100.351442][ T6599] netlink: 'syz.0.398': attribute type 39 has an invalid length. [ 100.448093][ T39] audit: type=1326 audit(1728839422.794:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6607 comm="syz.0.400" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f14579 code=0x0 [ 100.997237][ T6619] netlink: 20 bytes leftover after parsing attributes in process `syz.3.402'. [ 101.059356][ T6623] overlayfs: failed to resolve './file1': -2 [ 101.146541][ T6628] netlink: 20 bytes leftover after parsing attributes in process `syz.2.403'. [ 101.216801][ T6629] overlayfs: failed to resolve './file1': -2 [ 101.459106][ T6636] netlink: 12 bytes leftover after parsing attributes in process `syz.1.405'. [ 101.527423][ T6638] netlink: 20 bytes leftover after parsing attributes in process `syz.0.406'. [ 101.532007][ T6640] usb 2-1: USB disconnect, device number 2 [ 101.623124][ T6642] overlayfs: failed to resolve './file1': -2 [ 101.709569][ T6640] __vm_enough_memory: pid: 6640, comm: syz.1.407, bytes: 4294963200 not enough memory for the allocation [ 102.950930][ T1293] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 103.099593][ T1293] usb 8-1: Using ep0 maxpacket: 8 [ 103.105556][ T1293] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 103.108923][ T1293] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 103.122057][ T1293] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 103.134238][ T1293] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 103.143865][ T1293] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 103.157889][ T1293] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 103.164979][ T1293] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 103.172769][ T1293] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 103.179366][ T1293] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 103.182131][ T1293] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 103.191098][ T1293] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 103.199330][ T1293] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 103.208982][ T1293] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 103.212043][ T1293] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 103.214845][ T1293] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 103.229968][ T1293] usb 8-1: string descriptor 0 read error: -22 [ 103.231708][ T1293] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 103.234012][ T1293] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.239627][ T1293] adutux 8-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 103.245487][ T4845] udevd[4845]: worker [5580] terminated by signal 33 (Unknown signal 33) [ 103.248283][ T4845] udevd[4845]: worker [5580] failed while handling '/devices/platform/dummy_hcd.3/usb8/8-1' [ 103.268050][ T4845] udevd[4845]: worker [6454] terminated by signal 33 (Unknown signal 33) [ 103.270338][ T4845] udevd[4845]: worker [6454] failed while handling '/devices/platform/dummy_hcd.3/usb8/8-1/8-1:168.0' [ 103.555811][ T35] usb 8-1: USB disconnect, device number 6 [ 104.699341][ T5410] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 104.754186][ T6678] team0 (unregistering): Port device team_slave_0 removed [ 104.768090][ T6678] team0 (unregistering): Port device team_slave_1 removed [ 104.860625][ T5410] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 104.863852][ T5410] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 104.867107][ T5410] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 104.879354][ T5410] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 104.882514][ T5410] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.885792][ T5410] usb 8-1: config 0 descriptor?? [ 104.888985][ T6676] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 104.929087][ T39] audit: type=1326 audit(1728839427.274:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6680 comm="syz.2.417" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7ff4579 code=0x0 [ 104.983631][ T6683] netlink: 4 bytes leftover after parsing attributes in process `syz.0.419'. [ 104.994338][ T6683] netlink: 12 bytes leftover after parsing attributes in process `syz.0.419'. [ 105.108147][ T6689] netlink: 24 bytes leftover after parsing attributes in process `syz.1.418'. [ 105.111260][ T6689] netlink: 8 bytes leftover after parsing attributes in process `syz.1.418'. [ 105.298160][ T5410] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 105.300473][ T5410] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 105.303856][ T5410] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 106.111146][ T35] usb 7-1: new full-speed USB device number 8 using dummy_hcd [ 106.276632][ T35] usb 7-1: config 1 interface 0 has no altsetting 0 [ 106.280839][ T35] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 106.283280][ T35] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.285311][ T35] usb 7-1: Product: syz [ 106.286424][ T35] usb 7-1: Manufacturer: syz [ 106.287628][ T35] usb 7-1: SerialNumber: syz [ 106.912291][ T35] usblp 7-1:1.0: usblp1: USB Unidirectional printer dev 8 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 107.073458][ T6724] 9pnet_fd: Insufficient options for proto=fd [ 107.272846][ T6730] netlink: 20 bytes leftover after parsing attributes in process `syz.3.433'. [ 107.276781][ T39] audit: type=1326 audit(1728839429.624:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6732 comm="syz.0.434" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f14579 code=0x7ffc0000 [ 107.289842][ T39] audit: type=1326 audit(1728839429.624:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6732 comm="syz.0.434" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f14579 code=0x7ffc0000 [ 107.295411][ T39] audit: type=1326 audit(1728839429.634:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6732 comm="syz.0.434" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f14579 code=0x7ffc0000 [ 107.300953][ T39] audit: type=1326 audit(1728839429.634:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6732 comm="syz.0.434" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f14579 code=0x7ffc0000 [ 107.306153][ T39] audit: type=1326 audit(1728839429.634:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6732 comm="syz.0.434" exe="/syz-executor" sig=0 arch=40000003 syscall=120 compat=1 ip=0xf7f14579 code=0x7ffc0000 [ 107.311886][ T39] audit: type=1326 audit(1728839429.634:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6732 comm="syz.0.434" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f14579 code=0x7ffc0000 [ 107.317003][ T39] audit: type=1326 audit(1728839429.634:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6732 comm="syz.0.434" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f14579 code=0x7ffc0000 [ 107.322300][ T39] audit: type=1326 audit(1728839429.634:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6736 comm="syz.0.434" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf7f14579 code=0x7ffc0000 [ 107.327424][ T39] audit: type=1326 audit(1728839429.654:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6732 comm="syz.0.434" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf7f14579 code=0x7ffc0000 [ 107.344096][ T6738] overlayfs: failed to resolve './file1': -2 [ 107.388924][ T5857] usb 8-1: USB disconnect, device number 7 [ 107.769384][ T5410] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 107.929493][ T5410] usb 5-1: Using ep0 maxpacket: 16 [ 107.959851][ T5410] usb 5-1: config 0 has an invalid interface number: 2 but max is 0 [ 107.963689][ T5410] usb 5-1: config 0 has an invalid descriptor of length 13, skipping remainder of the config [ 107.968734][ T5410] usb 5-1: config 0 has no interface number 0 [ 107.972070][ T5410] usb 5-1: config 0 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 107.981413][ T5410] usb 5-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= 0.88 [ 107.984970][ T5410] usb 5-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 107.989160][ T5410] usb 5-1: Product: syz [ 107.991681][ T5410] usb 5-1: SerialNumber: syz [ 108.012407][ T5410] usb 5-1: config 0 descriptor?? [ 108.026743][ T5410] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 108.060742][ T5410] snd-usb-audio 5-1:0.2: probe with driver snd-usb-audio failed with error -2 [ 108.102864][ T5348] udevd[5348]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.2/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 108.569363][ T25] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 108.729511][ T25] usb 6-1: Using ep0 maxpacket: 8 [ 108.740830][ T25] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 108.744172][ T25] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 108.747511][ T25] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 28448, setting to 1024 [ 108.759425][ T25] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 108.763161][ T25] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 108.768059][ T25] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 108.779533][ T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.865392][ T5582] usb 7-1: USB disconnect, device number 8 [ 108.870073][ T5582] usblp1: removed [ 109.050360][ T25] usb 6-1: usb_control_msg returned -71 [ 109.052449][ T25] usbtmc 6-1:16.0: can't read capabilities [ 109.073065][ T25] usb 6-1: USB disconnect, device number 8 [ 109.928410][ T6773] /dev/sr0: Can't open blockdev [ 109.929516][ T39] kauditd_printk_skb: 3646 callbacks suppressed [ 109.929527][ T39] audit: type=1326 audit(1728839432.274:3663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6749 comm="syz.3.438" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f31579 code=0x7fc00000 [ 109.941345][ T39] audit: type=1326 audit(1728839432.274:3664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6749 comm="syz.3.438" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f31579 code=0x7fc00000 [ 109.949014][ T39] audit: type=1326 audit(1728839432.274:3665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6749 comm="syz.3.438" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f31579 code=0x7fc00000 [ 109.957047][ T39] audit: type=1326 audit(1728839432.274:3666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6749 comm="syz.3.438" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f31579 code=0x7fc00000 [ 109.964272][ T39] audit: type=1326 audit(1728839432.274:3667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6749 comm="syz.3.438" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f31579 code=0x7fc00000 [ 109.971542][ T39] audit: type=1326 audit(1728839432.274:3668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6749 comm="syz.3.438" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f31579 code=0x7fc00000 [ 109.978352][ T39] audit: type=1326 audit(1728839432.274:3669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6749 comm="syz.3.438" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f31579 code=0x7fc00000 [ 109.985644][ T39] audit: type=1326 audit(1728839432.274:3670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6749 comm="syz.3.438" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f31579 code=0x7fc00000 [ 109.992971][ T39] audit: type=1326 audit(1728839432.274:3671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6749 comm="syz.3.438" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f31579 code=0x7fc00000 [ 109.999106][ T39] audit: type=1326 audit(1728839432.274:3672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6749 comm="syz.3.438" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f31579 code=0x7fc00000 [ 110.045334][ T6776] bond_slave_0: entered promiscuous mode [ 110.047798][ T6776] bond_slave_1: entered promiscuous mode [ 110.060898][ T6776] bond_slave_0: left promiscuous mode [ 110.063285][ T6776] bond_slave_1: left promiscuous mode [ 110.178650][ T6776] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 110.195781][ T6776] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 110.205254][ T6776] bond0 (unregistering): Released all slaves [ 110.529873][ T9] usb 5-1: USB disconnect, device number 8 [ 110.763034][ T6802] netlink: 20 bytes leftover after parsing attributes in process `syz.0.456'. [ 110.860687][ T6810] netlink: 24 bytes leftover after parsing attributes in process `syz.1.448'. [ 110.876335][ T6808] overlayfs: failed to resolve './file1': -2 [ 111.304650][ T5857] IPVS: starting estimator thread 0... [ 111.421353][ T6825] IPVS: using max 34 ests per chain, 81600 per kthread [ 111.690326][ T6837] netlink: 20 bytes leftover after parsing attributes in process `syz.2.457'. [ 111.834388][ T6840] overlayfs: failed to resolve './file1': -2 [ 112.028839][ T6847] overlayfs: failed to decode file handle (len=2, type=1, flags=0, err=-22) [ 112.740519][ T1415] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 112.890716][ T1415] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 112.893545][ T1415] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 112.896087][ T1415] usb 8-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 112.898403][ T1415] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.902177][ T1415] usb 8-1: config 0 descriptor?? [ 113.135880][ T6861] tipc: Started in network mode [ 113.138456][ T1415] usbhid 8-1:0.0: can't add hid device: -71 [ 113.140087][ T1415] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 113.143492][ T1415] usb 8-1: USB disconnect, device number 8 [ 113.145167][ T6861] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 113.167153][ T6861] tipc: Enabled bearer , priority 0 [ 113.280482][ T6870] bond_slave_0: entered promiscuous mode [ 113.282225][ T6870] bond_slave_1: entered promiscuous mode [ 113.291944][ T6870] bond_slave_0: left promiscuous mode [ 113.293515][ T6870] bond_slave_1: left promiscuous mode [ 113.400261][ T6870] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 113.406065][ T6870] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 113.410832][ T6870] bond0 (unregistering): Released all slaves [ 114.167093][ T6901] netlink: 12 bytes leftover after parsing attributes in process `syz.3.476'. [ 114.170482][ T6901] netlink: 'syz.3.476': attribute type 6 has an invalid length. [ 114.289810][ T8] tipc: Node number set to 11578026 [ 114.419495][ T9] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 114.569553][ T9] usb 7-1: Using ep0 maxpacket: 8 [ 114.572360][ T9] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 114.575701][ T9] usb 7-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.00 [ 114.578064][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.582871][ T9] usb 7-1: config 0 descriptor?? [ 114.587651][ T9] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 114.792859][ T6900] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 114.796904][ T6900] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 114.808106][ T1415] usb 7-1: USB disconnect, device number 9 [ 115.017701][ T6909] netlink: 4 bytes leftover after parsing attributes in process `syz.1.482'. [ 115.021067][ T6911] syzkaller0: entered allmulticast mode [ 115.151307][ T6923] netlink: 20 bytes leftover after parsing attributes in process `syz.0.489'. [ 115.214371][ T6924] overlayfs: failed to resolve './file1': -2 [ 115.365748][ T6928] bond_slave_0: entered promiscuous mode [ 115.367452][ T6928] bond_slave_1: entered promiscuous mode [ 115.377685][ T6928] bond_slave_0: left promiscuous mode [ 115.379691][ T6928] bond_slave_1: left promiscuous mode [ 115.451948][ T1415] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 115.473148][ T6928] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 115.485390][ T6928] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 115.491767][ T6928] bond0 (unregistering): Released all slaves [ 115.910651][ T1415] usb 6-1: config 0 has no interfaces? [ 115.912411][ T1415] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 115.915714][ T1415] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.927486][ T1415] usb 6-1: config 0 descriptor?? [ 115.969442][ T1285] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 116.131129][ T1285] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.134953][ T1285] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 116.138253][ T1285] usb 7-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 116.140851][ T1285] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.146427][ T1285] usb 7-1: config 0 descriptor?? [ 116.311705][ T1415] usb 6-1: USB disconnect, device number 9 [ 116.384771][ T1285] usbhid 7-1:0.0: can't add hid device: -71 [ 116.386362][ T1285] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 116.397026][ T1285] usb 7-1: USB disconnect, device number 10 [ 116.502070][ T8] IPVS: starting estimator thread 0... [ 116.599557][ T6946] IPVS: using max 34 ests per chain, 81600 per kthread [ 117.039074][ T64] ================================================================== [ 117.041766][ T64] BUG: KASAN: slab-use-after-free in kvfree_call_rcu+0xb99/0xbe0 [ 117.044337][ T64] Write of size 8 at addr ffff88804a149008 by task kworker/u32:3/64 [ 117.048999][ T64] [ 117.049409][ T5857] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 117.049817][ T64] CPU: 0 UID: 0 PID: 64 Comm: kworker/u32:3 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 117.056125][ T64] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 117.059563][ T64] Workqueue: netns cleanup_net [ 117.061256][ T64] Call Trace: [ 117.062409][ T64] [ 117.063446][ T64] dump_stack_lvl+0x116/0x1f0 [ 117.065086][ T64] print_report+0xc3/0x620 [ 117.066631][ T64] ? __virt_addr_valid+0x5e/0x590 [ 117.068347][ T64] ? __phys_addr+0xc6/0x150 [ 117.069919][ T64] kasan_report+0xd9/0x110 [ 117.071506][ T64] ? kvfree_call_rcu+0xb99/0xbe0 [ 117.073214][ T64] ? kvfree_call_rcu+0xb99/0xbe0 [ 117.074936][ T64] kvfree_call_rcu+0xb99/0xbe0 [ 117.076576][ T64] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 117.078582][ T64] _cfg80211_unregister_wdev+0x38c/0x7f0 [ 117.080409][ T64] ieee80211_remove_interfaces+0x36d/0x760 [ 117.082138][ T64] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 117.083778][ T64] ieee80211_unregister_hw+0x55/0x3a0 [ 117.085027][ T64] mac80211_hwsim_del_radio+0x268/0x370 [ 117.086300][ T64] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 117.087753][ T64] ? hwsim_exit_net+0x2f3/0x6d0 [ 117.088876][ T64] ? __local_bh_enable_ip+0xa4/0x120 [ 117.090579][ T64] hwsim_exit_net+0x33f/0x6d0 [ 117.092064][ T64] ? __pfx_hwsim_exit_net+0x10/0x10 [ 117.093746][ T64] ? ip_vs_sync_net_cleanup+0x72/0xb0 [ 117.095484][ T64] ? __ip_vs_dev_cleanup_batch+0xb1/0x290 [ 117.097321][ T64] ? __pfx_hwsim_exit_net+0x10/0x10 [ 117.098989][ T64] ops_exit_list+0xb0/0x180 [ 117.100328][ T64] cleanup_net+0x5b7/0xb40 [ 117.101901][ T64] ? __pfx_cleanup_net+0x10/0x10 [ 117.103407][ T64] ? trace_lock_acquire+0x14a/0x1d0 [ 117.105199][ T64] ? process_one_work+0x8bb/0x1b30 [ 117.106821][ T64] ? lock_acquire+0x2f/0xb0 [ 117.108297][ T64] ? process_one_work+0x8bb/0x1b30 [ 117.109896][ T64] process_one_work+0x958/0x1b30 [ 117.111111][ T64] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 117.112351][ T64] ? __pfx_process_one_work+0x10/0x10 [ 117.113613][ T64] ? assign_work+0x1a0/0x250 [ 117.114714][ T64] worker_thread+0x6c8/0xf00 [ 117.115802][ T64] ? __pfx_worker_thread+0x10/0x10 [ 117.117014][ T64] kthread+0x2c1/0x3a0 [ 117.117973][ T64] ? _raw_spin_unlock_irq+0x23/0x50 [ 117.119207][ T64] ? __pfx_kthread+0x10/0x10 [ 117.120283][ T64] ret_from_fork+0x45/0x80 [ 117.121350][ T64] ? __pfx_kthread+0x10/0x10 [ 117.122434][ T64] ret_from_fork_asm+0x1a/0x30 [ 117.123568][ T64] [ 117.124285][ T64] [ 117.124841][ T64] Allocated by task 5768: [ 117.125820][ T64] kasan_save_stack+0x33/0x60 [ 117.126870][ T64] kasan_save_track+0x14/0x30 [ 117.127935][ T64] __kasan_kmalloc+0xaa/0xb0 [ 117.129017][ T64] __kmalloc_noprof+0x1e8/0x410 [ 117.130149][ T64] nl80211_set_cqm+0xa19/0x1780 [ 117.131373][ T64] genl_family_rcv_msg_doit+0x202/0x2f0 [ 117.132583][ T64] genl_rcv_msg+0x565/0x800 [ 117.133618][ T64] netlink_rcv_skb+0x165/0x410 [ 117.134738][ T64] genl_rcv+0x28/0x40 [ 117.135669][ T64] netlink_unicast+0x53c/0x7f0 [ 117.136778][ T64] netlink_sendmsg+0x8b8/0xd70 [ 117.137893][ T64] ____sys_sendmsg+0x9ae/0xb40 [ 117.139018][ T64] ___sys_sendmsg+0x135/0x1e0 [ 117.140117][ T64] __sys_sendmsg+0x117/0x1f0 [ 117.141223][ T64] __do_fast_syscall_32+0x73/0x120 [ 117.142413][ T64] do_fast_syscall_32+0x32/0x80 [ 117.143544][ T64] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 117.145001][ T64] [ 117.145559][ T64] Freed by task 12: [ 117.146447][ T64] kasan_save_stack+0x33/0x60 [ 117.147508][ T64] kasan_save_track+0x14/0x30 [ 117.148583][ T64] kasan_save_free_info+0x3b/0x60 [ 117.149749][ T64] __kasan_slab_free+0x51/0x70 [ 117.150895][ T64] kfree+0x14f/0x4b0 [ 117.151831][ T64] kvfree+0x47/0x50 [ 117.152722][ T64] kvfree_rcu_list+0xf5/0x2c0 [ 117.153810][ T64] kfree_rcu_work+0x40f/0x5a0 [ 117.154956][ T64] process_one_work+0x958/0x1b30 [ 117.156095][ T64] worker_thread+0x6c8/0xf00 [ 117.157171][ T64] kthread+0x2c1/0x3a0 [ 117.158118][ T64] ret_from_fork+0x45/0x80 [ 117.159150][ T64] ret_from_fork_asm+0x1a/0x30 [ 117.160256][ T64] [ 117.160811][ T64] Last potentially related work creation: [ 117.162271][ T64] kasan_save_stack+0x33/0x60 [ 117.163333][ T64] __kasan_record_aux_stack+0xba/0xd0 [ 117.164578][ T64] kvfree_call_rcu+0x74/0xbe0 [ 117.165664][ T64] _cfg80211_unregister_wdev+0x38c/0x7f0 [ 117.166936][ T64] ieee80211_remove_interfaces+0x36d/0x760 [ 117.168232][ T64] ieee80211_unregister_hw+0x55/0x3a0 [ 117.169461][ T64] mac80211_hwsim_del_radio+0x268/0x370 [ 117.170730][ T64] hwsim_exit_net+0x33f/0x6d0 [ 117.172144][ T64] ops_exit_list+0xb0/0x180 [ 117.173553][ T64] cleanup_net+0x5b7/0xb40 [ 117.175051][ T64] process_one_work+0x958/0x1b30 [ 117.176601][ T64] worker_thread+0x6c8/0xf00 [ 117.178059][ T64] kthread+0x2c1/0x3a0 [ 117.179340][ T64] ret_from_fork+0x45/0x80 [ 117.180778][ T64] ret_from_fork_asm+0x1a/0x30 [ 117.182300][ T64] [ 117.183073][ T64] Second to last potentially related work creation: [ 117.185108][ T64] kasan_save_stack+0x33/0x60 [ 117.186623][ T64] __kasan_record_aux_stack+0xba/0xd0 [ 117.188324][ T64] kvfree_call_rcu+0x74/0xbe0 [ 117.189782][ T64] _cfg80211_unregister_wdev+0x38c/0x7f0 [ 117.191125][ T64] cfg80211_netdev_notifier_call+0xa5c/0x1160 [ 117.192480][ T64] notifier_call_chain+0xb9/0x410 [ 117.193605][ T64] call_netdevice_notifiers_info+0xbe/0x140 [ 117.195305][ T64] __dev_change_net_namespace+0x44f/0x12a0 [ 117.197140][ T64] cfg80211_switch_netns+0x11e/0x690 [ 117.198851][ T64] nl80211_wiphy_netns+0x134/0x2b0 [ 117.200484][ T64] genl_family_rcv_msg_doit+0x202/0x2f0 [ 117.202209][ T64] genl_rcv_msg+0x565/0x800 [ 117.203631][ T64] netlink_rcv_skb+0x165/0x410 [ 117.205150][ T64] genl_rcv+0x28/0x40 [ 117.206417][ T64] netlink_unicast+0x53c/0x7f0 [ 117.207919][ T64] netlink_sendmsg+0x8b8/0xd70 [ 117.209462][ T64] ____sys_sendmsg+0x9ae/0xb40 [ 117.210955][ T64] ___sys_sendmsg+0x135/0x1e0 [ 117.212475][ T64] __sys_sendmsg+0x117/0x1f0 [ 117.213976][ T64] __do_fast_syscall_32+0x73/0x120 [ 117.215636][ T64] do_fast_syscall_32+0x32/0x80 [ 117.217171][ T64] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 117.219234][ T64] [ 117.220017][ T64] The buggy address belongs to the object at ffff88804a149000 [ 117.220017][ T64] which belongs to the cache kmalloc-64 of size 64 [ 117.224374][ T64] The buggy address is located 8 bytes inside of [ 117.224374][ T64] freed 64-byte region [ffff88804a149000, ffff88804a149040) [ 117.228231][ T64] [ 117.228793][ T64] The buggy address belongs to the physical page: [ 117.230392][ T64] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4a149 [ 117.233210][ T64] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 117.235609][ T64] page_type: f5(slab) [ 117.236909][ T64] raw: 04fff00000000000 ffff88801ac428c0 ffffea00010df740 dead000000000002 [ 117.239765][ T64] raw: 0000000000000000 0000000000200020 00000001f5000000 0000000000000000 [ 117.242511][ T64] page dumped because: kasan: bad access detected [ 117.244685][ T64] page_owner tracks the page as allocated [ 117.246540][ T64] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5344, tgid 5344 (syz-executor), ts 45258637296, free_ts 45254821519 [ 117.252081][ T64] post_alloc_hook+0x2d1/0x350 [ 117.254028][ T64] get_page_from_freelist+0x101e/0x3070 [ 117.255969][ T64] __alloc_pages_noprof+0x223/0x25a0 [ 117.257764][ T64] alloc_pages_mpol_noprof+0x2c9/0x610 [ 117.259551][ T64] new_slab+0x2ba/0x3f0 [ 117.260905][ T64] ___slab_alloc+0xd1d/0x16f0 [ 117.262396][ T64] __slab_alloc.constprop.0+0x56/0xb0 [ 117.264162][ T64] __kmalloc_noprof+0x379/0x410 [ 117.265802][ T64] kobject_get_path+0xcb/0x230 [ 117.267379][ T64] kobject_uevent_env+0x289/0x1670 [ 117.268596][ T64] net_rx_queue_update_kobjects+0x17a/0x5f0 [ 117.270239][ T64] netdev_register_kobject+0x26d/0x3f0 [ 117.272002][ T64] register_netdevice+0x1473/0x1e20 [ 117.273461][ T64] veth_newlink+0x4fb/0x9e0 [ 117.274781][ T64] __rtnl_newlink+0x119c/0x1920 [ 117.276062][ T64] rtnl_newlink+0x67/0xa0 [ 117.277281][ T64] page last free pid 5344 tgid 5344 stack trace: [ 117.279267][ T64] free_unref_page+0x5f4/0xdc0 [ 117.280768][ T64] qlist_free_all+0x4e/0x120 [ 117.282215][ T64] kasan_quarantine_reduce+0x192/0x1e0 [ 117.283922][ T64] __kasan_slab_alloc+0x69/0x90 [ 117.285428][ T64] __kmalloc_cache_noprof+0x11e/0x310 [ 117.287111][ T64] rtnl_newlink+0x49/0xa0 [ 117.288508][ T64] rtnetlink_rcv_msg+0x3c7/0xea0 [ 117.290154][ T64] netlink_rcv_skb+0x165/0x410 [ 117.291828][ T64] netlink_unicast+0x53c/0x7f0 [ 117.293390][ T64] netlink_sendmsg+0x8b8/0xd70 [ 117.295025][ T64] __sys_sendto+0x479/0x4d0 [ 117.296498][ T64] __do_compat_sys_socketcall+0x5e2/0x700 [ 117.298302][ T64] __do_fast_syscall_32+0x73/0x120 [ 117.299979][ T64] do_fast_syscall_32+0x32/0x80 [ 117.301572][ T64] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 117.303445][ T64] [ 117.304215][ T64] Memory state around the buggy address: [ 117.306016][ T64] ffff88804a148f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 117.308555][ T64] ffff88804a148f80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 117.311154][ T64] >ffff88804a149000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 117.313711][ T64] ^ [ 117.315092][ T64] ffff88804a149080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 117.317649][ T64] ffff88804a149100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 117.320127][ T64] ================================================================== [ 117.322613][ T64] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 117.324864][ T64] CPU: 0 UID: 0 PID: 64 Comm: kworker/u32:3 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 117.328222][ T64] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 117.331610][ T64] Workqueue: netns cleanup_net [ 117.333135][ T64] Call Trace: [ 117.334205][ T64] [ 117.335165][ T64] dump_stack_lvl+0x3d/0x1f0 [ 117.336424][ T64] panic+0x71d/0x800 [ 117.337663][ T64] ? __pfx_panic+0x10/0x10 [ 117.339124][ T64] ? rcu_is_watching+0x12/0xc0 [ 117.340661][ T64] ? __pfx_lock_release+0x10/0x10 [ 117.342232][ T64] ? check_panic_on_warn+0x1f/0xb0 [ 117.343879][ T64] check_panic_on_warn+0xab/0xb0 [ 117.345479][ T64] end_report+0x117/0x180 [ 117.346889][ T64] kasan_report+0xe9/0x110 [ 117.348336][ T64] ? kvfree_call_rcu+0xb99/0xbe0 [ 117.349929][ T64] ? kvfree_call_rcu+0xb99/0xbe0 [ 117.351566][ T64] kvfree_call_rcu+0xb99/0xbe0 [ 117.352982][ T64] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 117.354299][ T64] _cfg80211_unregister_wdev+0x38c/0x7f0 [ 117.355612][ T64] ieee80211_remove_interfaces+0x36d/0x760 [ 117.356983][ T64] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 117.358473][ T64] ieee80211_unregister_hw+0x55/0x3a0 [ 117.359761][ T64] mac80211_hwsim_del_radio+0x268/0x370 [ 117.361093][ T64] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 117.362504][ T64] ? hwsim_exit_net+0x2f3/0x6d0 [ 117.363651][ T64] ? __local_bh_enable_ip+0xa4/0x120 [ 117.364878][ T64] hwsim_exit_net+0x33f/0x6d0 [ 117.365982][ T64] ? __pfx_hwsim_exit_net+0x10/0x10 [ 117.367206][ T64] ? ip_vs_sync_net_cleanup+0x72/0xb0 [ 117.368467][ T64] ? __ip_vs_dev_cleanup_batch+0xb1/0x290 [ 117.369794][ T64] ? __pfx_hwsim_exit_net+0x10/0x10 [ 117.371109][ T64] ops_exit_list+0xb0/0x180 [ 117.372183][ T64] cleanup_net+0x5b7/0xb40 [ 117.373237][ T64] ? __pfx_cleanup_net+0x10/0x10 [ 117.374398][ T64] ? trace_lock_acquire+0x14a/0x1d0 [ 117.375598][ T64] ? process_one_work+0x8bb/0x1b30 [ 117.376760][ T64] ? lock_acquire+0x2f/0xb0 [ 117.377979][ T64] ? process_one_work+0x8bb/0x1b30 [ 117.379236][ T64] process_one_work+0x958/0x1b30 [ 117.380412][ T64] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 117.381775][ T64] ? __pfx_process_one_work+0x10/0x10 [ 117.383052][ T64] ? assign_work+0x1a0/0x250 [ 117.384134][ T64] worker_thread+0x6c8/0xf00 [ 117.385226][ T64] ? __pfx_worker_thread+0x10/0x10 [ 117.386424][ T64] kthread+0x2c1/0x3a0 [ 117.387399][ T64] ? _raw_spin_unlock_irq+0x23/0x50 [ 117.388619][ T64] ? __pfx_kthread+0x10/0x10 [ 117.389703][ T64] ret_from_fork+0x45/0x80 [ 117.390782][ T64] ? __pfx_kthread+0x10/0x10 [ 117.392018][ T64] ret_from_fork_asm+0x1a/0x30 [ 117.393141][ T64] [ 118.464841][ T64] Shutting down cpus with NMI [ 118.466540][ T64] Kernel Offset: disabled [ 118.467655][ T64] Rebooting in 86400 seconds.. VM DIAGNOSIS: 17:10:39 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000061 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85037bc5 RDI=ffffffff9a63c220 RBP=ffffffff9a63c1e0 RSP=ffffc900009ff310 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3430383838666657 R12=0000000000000000 R13=0000000000000061 R14=ffffffff85037b60 R15=0000000000000000 RIP=ffffffff85037bef RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f71f18e0 CR3=000000004db02000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000003e00000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=00000000003d5513 RBX=0000000000000001 RCX=ffffffff8b132a39 RDX=0000000000000000 RSI=ffffffff8b4cc8e0 RDI=ffffffff8bb12320 RBP=ffffed10036ec910 RSP=ffffc90000477e08 R8 =0000000000000001 R9 =ffffed10056a7025 R10=ffff88802b53812b R11=0000000000000000 R12=0000000000000001 R13=ffff88801b764880 R14=ffffffff901cd748 R15=0000000000000000 RIP=ffffffff8b133e1f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b500000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f747f048 CR3=000000005c3c4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000003e00000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000108f99 RBX=0000000000000002 RCX=ffffffff8b132a39 RDX=0000000000000000 RSI=ffffffff8b4cc8e0 RDI=ffffffff8bb12320 RBP=ffffed100376d000 RSP=ffffc90000487e08 R8 =0000000000000001 R9 =ffffed10056c7025 R10=ffff88802b63812b R11=0000000000000000 R12=0000000000000002 R13=ffff88801bb68000 R14=ffffffff901cd748 R15=0000000000000000 RIP=ffffffff8b133e1f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f3b15324ba0 CR3=0000000022a94000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f73fbff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000080000000 RBX=0000000000000002 RCX=ffffffff81cb01c6 RDX=ffff888020420000 RSI=ffffffff81cb01df RDI=0000000000000005 RBP=ffff8880437e2720 RSP=ffffc90001fa77b0 R8 =0000000000000005 R9 =0000000000000001 R10=0000000000000002 R11=0000000000000000 R12=ffff8880437e2700 R13=dffffc0000000000 R14=0000000000000002 R15=ffff88801ceb6000 RIP=ffffffff818cb94b RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f56b5520 CR3=00000000001cc000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001c200000000 0000000600000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000