last executing test programs: 4.12065675s ago: executing program 1 (id=961): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newtaction={0x14}, 0x14}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f00000001c0)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r4, 0xc020660b, &(0x7f00000003c0)={0x0, 0x2}) set_mempolicy(0x4003, &(0x7f0000000080)=0x7, 0x3) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mtu(r5, 0x0, 0xa, &(0x7f0000000000)=0x4, 0x4) r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000600), 0x10002, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r6, 0x40186f40, 0x20000502) 3.810866296s ago: executing program 3 (id=965): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x3}, 0x8) sendto$inet6(r0, &(0x7f0000000300)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}, 0x1c) sendto$inet6(r0, &(0x7f0000000140)="11", 0x1, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private2}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000002c0), 0x8) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="040e0a010e04"], 0xd) pipe(0x0) syz_emit_ethernet(0x0, 0x0, 0x0) r1 = socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000100)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x80000006}]}, 0x10) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000240)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @empty}}) syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_user_confirm_req={{0x33, 0xa}, {@none, 0x3}}}, 0xd) syz_emit_ethernet(0xb3, 0x0, 0x0) ioctl$sock_inet6_SIOCDELRT(r2, 0x890c, &(0x7f0000000180)={@remote, @loopback, @remote, 0x4, 0xff, 0xcd, 0x400, 0x20, 0x1800000, r3}) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) shutdown(r4, 0x1) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x6, &(0x7f0000000440)={0x0, @in={{0x2, 0x0, @empty}}}, &(0x7f0000000040)=0x84) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_emit_vhci(0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r5, 0x0, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r6 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) unshare(0x2a020400) fcntl$setpipe(r6, 0x2, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @remote, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "81d90d", 0x8, 0x0, 0x0, @mcast1, @ipv4={'\x00', '\xff\xff', @remote}, {[@dstopts={0x2}]}}}}}, 0x0) 3.779037772s ago: executing program 3 (id=966): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1}], {0x95, 0x0, 0x700}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc}, 0x80) 3.701877779s ago: executing program 3 (id=967): r0 = gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = eventfd(0x0) r2 = fcntl$dupfd(r1, 0x0, r1) write$FUSE_ATTR(r2, &(0x7f0000000240)={0x78, 0xfffffffffffffffe}, 0x78) write$cgroup_devices(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="01202a3a069a8a0edc06b43365067f50bc511c294228e766a447839f09e1417894fc6004451d52eeccbed2fe383c3642e0931d0ae5a5563bb8d4a644c3cf5b3439049058ad7f2d8525740fee2d123591098e671040736c6fc066826dbcb11f51e2f5697078af18"], 0x8) close(r2) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r3}, &(0x7f0000bbdffc)) pipe2(0x0, 0x0) read$char_usb(0xffffffffffffffff, &(0x7f00000002c0)=""/181, 0xb5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_inet_SIOCSIFNETMASK(r4, 0x5421, &(0x7f00000000c0)={'gretap0\x00', {0x2, 0x0, @remote}}) futex(0x0, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) rt_sigreturn() mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout_data(r5, 0x107, 0x16, 0x0, 0x3f) 3.249809366s ago: executing program 1 (id=968): bind$alg(0xffffffffffffffff, 0x0, 0x0) openat$vcs(0xffffffffffffff9c, 0x0, 0x80000, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd70a5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c707647fa8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa60e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b0a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000f841b35af2e300"/3601], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10) open$dir(0x0, 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0/file0\x00') bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0}, 0x10) semget(0x0, 0x5, 0x200) semctl$IPC_RMID(0x0, 0x0, 0x0) 3.201698693s ago: executing program 1 (id=969): r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002340)={0xffffffffffffffff}) write$binfmt_script(r1, &(0x7f0000000340), 0xffffff46) r2 = dup3(r1, r0, 0x0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f0000001140)={0x30}, 0x30) 2.936301254s ago: executing program 2 (id=973): syz_open_dev$sndpcmc(&(0x7f0000000000), 0x4, 0x0) r0 = memfd_create(&(0x7f00000002c0)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'e\xe5\xd5\xfd\xa9\r\xac7A\x94k\xcd\t\x00\x90k\xd6\x05\xb6&\xd0\x9daA\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\x03gB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\xfe@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\xbd#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x92!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xf2\xde\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\x91\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7yn\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xefCGa\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xda\xfdg(\xebA!\x1ckA\xee\x1f;u\xa7\x1d\xfe\xe9', 0x0) r1 = fanotify_init(0x200, 0x0) r2 = dup(r0) fanotify_mark(r1, 0x1, 0x0, r2, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000500)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000440), 0x10) listen(0xffffffffffffffff, 0x0) semget(0x1, 0x0, 0x0) 2.850992128s ago: executing program 2 (id=974): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c0000000a000000080000000000000fff"], 0x0, 0x2e}, 0x20) 2.850654576s ago: executing program 2 (id=975): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x1a}], {0x95, 0x0, 0x700}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc}, 0x90) 2.777492146s ago: executing program 2 (id=976): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newtaction={0x14}, 0x14}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f00000001c0)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r4, 0xc020660b, &(0x7f00000003c0)={0x0, 0x2}) set_mempolicy(0x4003, &(0x7f0000000080)=0x7, 0x3) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mtu(r5, 0x0, 0xa, &(0x7f0000000000)=0x4, 0x4) r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000600), 0x10002, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r6, 0x40186f40, 0x20000502) 2.270115756s ago: executing program 1 (id=979): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x0, &(0x7f000006b000)={{}, {0x0, 0x989680}}, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) write$binfmt_script(r3, &(0x7f0000000340), 0xffffff46) dup3(r3, r2, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) sendmsg$netlink(r2, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000380)=ANY=[], 0x10}], 0x1}, 0x0) close(r2) socket$inet_udp(0x2, 0x2, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000001300)={&(0x7f0000000100)=@in6={0xa, 0x0, 0x0, @local}, 0x80, 0x0}, 0x0) rt_sigreturn() poll(0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000240)={{}, {0x0, 0x989680}}, 0x0) mlockall(0x3) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = dup(r4) setsockopt$inet_udp_int(r5, 0x11, 0x0, 0x0, 0x1d) 2.269622235s ago: executing program 3 (id=980): socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r3}, [@IFLA_MTU={0x8, 0x4, 0x100}]}, 0x28}}, 0x0) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000180)={r3, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001980)={0x1, 0x3, &(0x7f00000013c0)=@framed, &(0x7f0000001400)='syzkaller\x00'}, 0x80) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x14, &(0x7f0000000340)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}}, @printk={@lli, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = syz_usb_connect$hid(0x0, 0x49, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1d34, 0xa, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r5, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x0, "6f7f5e18"}]}}, 0x0}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0x14, 0x2b, 0x0, 0x1, [@IFLA_XDP_FLAGS={0x8, 0x3, 0x2}, @IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x3c}}, 0x0) 1.910016125s ago: executing program 2 (id=981): rename(0x0, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) connect$inet(r1, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xff}}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r3, &(0x7f0000000c40)="fbbf0b5044e308cb7bd572aa2b42e9678bcf30eff9f3aed14dc94a114bd2b45956aebe2b108a87e865501a5f9e0383611afdd3f8bac3d5cfd7772a3ab48d0ba4b600731e357e38716c449fae7c28548a4f2105f44b8fd9b33041364fca00000000000000006d3a3ede9fc738b8d86209c060161d5ddb5fcf3d09001117cdb9d055aa2d89fe3458720724853a876448d4a1fe9ef0569ad98a05ab5df763923b4e2c576e00000000000000000000000000000000002090666159e3075f7244cf4ec3d7814c0c934f44e200219e6dd7bc23397d5f2f2c76a5baddd0fd8c340362691ef226f7a0ac51b74b6be5ed6737948514cd466943d08eeb3895b80499da2b209da4f3ec5e3744ce3e863b0e04d0ec2f39edf50b6e09c4b47e448a35414763d687fbe3792ee15c5b9791310a346472723c100bf77a310b0ced8004b5ac6d48c40439f512e8ef34a53d65f55563f68136a577736ca5f6f66e01ef4ec2cdc8db34f6de50713adaa3f70189958263fddc1314f8a28ccdef6e1390c5fbaeadc3035d019f0dc75de307de6c0d010000000000000027083d1d5b4b013c503b863b560688d94de886b6dc73d5da2dfeff4bed1a49a975a6c8dbb480e4415ddca5657a5a8e3b111015499e952bb5e8d8f60de3d688df7802c6e8b27b31fac4e199038b79a3999920e634a5af162a9581b0e6647e410700246548234acacf9cb43ab332a37bbc926c39897395c974fda31536be523bf4260300730ae6136fecae5f0fff002df8d98128b24589e3bbe5230e07dc5e0d65cc397e3f8204d48e59e8e294a6d7008ba8fba28cd5009fe1a7c569ce740078bf1c7389a6ba0f89257f0eac417aac0d2d89b05ee5dafa2f7b2c0d5abdbc4aec83a3bc1e260a234398a964ce943f895dd4c2e9dd7393543d89b00dc6b3a25045d4ec932366c67dfad087fa8dc104644828440bdf67dd97ebccb3bdc369a6820af33a78fe51aba20975bfd576a6dcbf0c7fccda7c8e54d21688eacd23d28b7cdede93c4cca88d04e76b7eae798d01d8776d421838537ad136fb39f461d81e835b2dcdb84a3ebe081771ebd17f5bbd6eb5247dc2c598e06effc4eb2365f3ca81f15d7b21b8db921faf9355f6a6fc9599595c79934868f65d6185b2461ee8b089ded0d66bfdee336648f100000000000000", 0xfffffea5, 0x0, 0x0, 0xfffffffffffffdb7) write$binfmt_elf64(r3, 0x0, 0x7e7) recvfrom(r2, &(0x7f0000000100)=""/31, 0x1f, 0x0, 0x0, 0x0) futex(&(0x7f0000000700)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) rt_sigreturn() 1.349024837s ago: executing program 0 (id=987): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window, @mss={0x2, 0xfff}, @window, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0xc7) sendto$inet(0xffffffffffffffff, &(0x7f0000000340), 0x0, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 548.335801ms ago: executing program 1 (id=988): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0, 0x0], &(0x7f0000000280), 0x2, r2}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000380)={0x0, 0x1, &(0x7f00000000c0)=[r2], &(0x7f0000000200), &(0x7f0000000300)=[r3], 0x0}) 465.19212ms ago: executing program 0 (id=989): socket$inet_sctp(0x2, 0x5, 0x84) socket$nl_route(0x10, 0x3, 0x0) socket$unix(0x1, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x0, 0x10, 0x0, 0x0, 0x4000}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket(0x1, 0x803, 0x101) r0 = socket(0x1, 0x0, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x5}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x7, &(0x7f0000000480)=ANY=[@ANYBLOB="9b34fcff00000000851000000100000018140000", @ANYRES32, @ANYBLOB="000000000000000085000000be0000001847000000000000003abf471664d84b00000000000004"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000380)='contention_end\x00'}, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_DEL_SEC_DEV(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x44, r1, 0x1, 0x0, 0x3, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x2e, 0x0, 0x1, {0xc}}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x44}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x1c, 0x39, 0x21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}]}, 0x1c}}, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, 0x0, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_ro(r5, &(0x7f00000002c0)='freezer.state\x00', 0x0, 0x0) openat$cgroup_int(r4, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r6) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) 356.490034ms ago: executing program 2 (id=990): timer_create(0x0, &(0x7f0000000080)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r0, &(0x7f0000000000)={0x69}, 0x69ff9a93bfc25838) r1 = dup(r0) write$FUSE_STATFS(r1, &(0x7f00000002c0)={0x60}, 0x60) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000380), 0x62c42, 0x0) dup3(r2, r1, 0x0) timer_create(0x0, &(0x7f0000000200)={0x0, 0x13, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000240)=0x0) timer_settime(r3, 0x0, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) 341.111938ms ago: executing program 0 (id=991): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x3}, 0x8) sendto$inet6(r0, &(0x7f0000000300)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}, 0x1c) sendto$inet6(r0, &(0x7f0000000140)="11", 0x1, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private2}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000002c0), 0x8) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="040e0a010e04"], 0xd) pipe(0x0) syz_emit_ethernet(0x0, 0x0, 0x0) r1 = socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000100)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x80000006}]}, 0x10) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000240)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @empty}}) syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_user_confirm_req={{0x33, 0xa}, {@none, 0x3}}}, 0xd) syz_emit_ethernet(0xb3, 0x0, 0x0) ioctl$sock_inet6_SIOCDELRT(r2, 0x890c, &(0x7f0000000180)={@remote, @loopback, @remote, 0x4, 0xff, 0xcd, 0x400, 0x20, 0x1800000, r3}) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) shutdown(r4, 0x1) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x6, &(0x7f0000000440)={0x0, @in={{0x2, 0x0, @empty}}}, &(0x7f0000000040)=0x84) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000340)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x46}, @l2cap_cid_signaling={{0x42}, [@l2cap_conf_req={{0x4, 0x20, 0x13}, {0x4, 0x8, [@l2cap_conf_flushto={0x2, 0x2, 0x4faf}, @l2cap_conf_fcs={0x5, 0x1, 0x1}, @l2cap_conf_mtu={0x1, 0x2, 0x807d}, @l2cap_conf_ews={0x7, 0x2, 0x9}]}}, @l2cap_disconn_req={{0x6, 0x0, 0x4}, {0x6, 0x6a21}}, @l2cap_move_chan_req={{0xe, 0x9, 0x3}, {0xaf, 0x3}}, @l2cap_conf_rsp={{0x5, 0x55, 0x18}, {0x9, 0xb9, 0x3ff, [@l2cap_conf_efs={0x6, 0x10, {0x3f, 0x0, 0x100, 0x3, 0x7f, 0x80}}]}}]}}, 0x4b) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r5, 0x0, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r6 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) unshare(0x2a020400) fcntl$setpipe(r6, 0x2, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @remote, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "81d90d", 0x8, 0x0, 0x0, @mcast1, @ipv4={'\x00', '\xff\xff', @remote}, {[@dstopts={0x2}]}}}}}, 0x0) 281.35218ms ago: executing program 0 (id=992): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) close(r0) 102.19299ms ago: executing program 3 (id=993): syz_open_dev$sndpcmc(&(0x7f0000000000), 0x4, 0x0) r0 = memfd_create(&(0x7f00000002c0)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'e\xe5\xd5\xfd\xa9\r\xac7A\x94k\xcd\t\x00\x90k\xd6\x05\xb6&\xd0\x9daA\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\x03gB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\xfe@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\xbd#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x92!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xf2\xde\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\x91\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7yn\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xefCGa\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xda\xfdg(\xebA!\x1ckA\xee\x1f;u\xa7\x1d\xfe\xe9', 0x0) fanotify_init(0x200, 0x0) dup(r0) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000440), 0x10) listen(0xffffffffffffffff, 0x0) semget(0x1, 0x0, 0x0) 85.614559ms ago: executing program 0 (id=994): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x64, 0x0, 0x1, 0x0, 0x0, {0x1d, 0xd601, 0x9}, [@nested={0x4d, 0x11, 0x0, 0x1, [@generic="25b57e35619bf282cfcd8fba0cb7f2934efacde0a223b473fe77f3e5ba760d3793b2f943b7528ea34883bc4a506cf756740574b89d396af9b59638700500000005006f88d6e1db9b2b"]}]}, 0x64}}, 0x0) 81.714748ms ago: executing program 1 (id=995): bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="b400000000000000791048"], 0x0}, 0x90) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000680)=ANY=[@ANYBLOB], 0xfdef) 743.14µs ago: executing program 0 (id=996): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8}, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close(0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r0}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006}]}) 0s ago: executing program 3 (id=997): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000080000009500000000000000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000), 0x4) r0 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r1, 0x4008ae90, &(0x7f0000000180)=ANY=[@ANYBLOB="0100000000"]) ioctl$KVM_NMI(r0, 0xae9a) epoll_pwait(r0, &(0x7f0000000180)=[{}, {}, {}], 0x3, 0x3, &(0x7f0000000a00)={[0x1]}, 0x8) openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/locks\x00', 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r2, 0x40046f41, 0x20000502) kernel console output (not intermixed with test programs): hci1: command tx timeout [ 53.992722][ T5209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 53.992731][ T5221] Bluetooth: hci0: command tx timeout [ 54.002235][ T5209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 54.009596][ T5209] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.029103][ T5209] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.033334][ T5209] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.037162][ T5209] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.041162][ T5209] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.058478][ T5217] Bluetooth: hci3: command tx timeout [ 54.058517][ T5221] Bluetooth: hci2: command tx timeout [ 54.064718][ T5213] veth0_vlan: entered promiscuous mode [ 54.116452][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.121805][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.133179][ T5213] veth1_vlan: entered promiscuous mode [ 54.147896][ T5215] veth0_macvtap: entered promiscuous mode [ 54.182311][ T5215] veth1_macvtap: entered promiscuous mode [ 54.233796][ T82] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.236844][ T82] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.252803][ T1199] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.256304][ T1199] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.256791][ T5215] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 54.264484][ T5215] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 54.268832][ T5215] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 54.273226][ T5215] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 54.279234][ T5215] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.295235][ T5213] veth0_macvtap: entered promiscuous mode [ 54.303034][ T5213] veth1_macvtap: entered promiscuous mode [ 54.323053][ T5215] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 54.328931][ T5215] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 54.333207][ T5215] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 54.337119][ T5215] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 54.342824][ T5215] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.370818][ T5215] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.374136][ T5215] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.378841][ T5215] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.382825][ T5215] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.403676][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 54.404500][ T1199] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.410275][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 54.413997][ T1199] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.416261][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 54.423567][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 54.427404][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 54.431710][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 54.438371][ T5213] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.454426][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 54.459945][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 54.463334][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 54.466979][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 54.471500][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 54.476605][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 54.482842][ T5213] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.495097][ T5213] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.499517][ T5213] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.503534][ T5213] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.507932][ T5213] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.624894][ T1091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.629760][ T1091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.675231][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.678991][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.765897][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.778791][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.790734][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.794826][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.813806][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 54.898541][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 55.046566][ T39] audit: type=1326 audit(1719461156.526:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5288 comm="syz.3.8" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 55.057734][ T39] audit: type=1326 audit(1719461156.526:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5288 comm="syz.3.8" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 55.070997][ T39] audit: type=1326 audit(1719461156.526:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5288 comm="syz.3.8" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 55.080135][ T39] audit: type=1326 audit(1719461156.546:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5288 comm="syz.3.8" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 55.088483][ T39] audit: type=1326 audit(1719461156.556:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5288 comm="syz.3.8" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 55.097195][ T39] audit: type=1326 audit(1719461156.556:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5288 comm="syz.3.8" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 55.119215][ T39] audit: type=1326 audit(1719461156.556:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5288 comm="syz.3.8" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 55.128857][ T39] audit: type=1326 audit(1719461156.556:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5288 comm="syz.3.8" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf73eb5a7 code=0x7ffc0000 [ 55.139382][ T39] audit: type=1326 audit(1719461156.556:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5288 comm="syz.3.8" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 55.149174][ T39] audit: type=1326 audit(1719461156.556:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5288 comm="syz.3.8" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf73eb5a7 code=0x7ffc0000 [ 55.150607][ T5287] netlink: 'syz.1.7': attribute type 9 has an invalid length. [ 55.179674][ T5287] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.7'. [ 55.261260][ T5287] netlink: 'syz.1.7': attribute type 9 has an invalid length. [ 55.264670][ T5287] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.7'. [ 55.535108][ T5221] Bluetooth: hci2: unexpected Set CIG Parameters response data [ 55.568204][ T5251] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 55.703338][ T5307] bond0: entered promiscuous mode [ 55.705410][ T5307] bond_slave_0: entered promiscuous mode [ 55.707733][ T5307] bond_slave_1: entered promiscuous mode [ 55.781657][ T5251] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 55.787225][ T5251] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 55.791642][ T5251] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 55.795450][ T5251] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 55.802378][ T5251] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 55.806700][ T5251] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 55.810299][ T5251] usb 8-1: Manufacturer: syz [ 55.815023][ T5251] usb 8-1: config 0 descriptor?? [ 55.894034][ T5310] tipc: Failed to obtain node identity [ 55.896042][ T5310] tipc: Enabling of bearer rejected, failed to enable media [ 56.058688][ T5221] Bluetooth: hci0: command tx timeout [ 56.058925][ T5249] usb 7-1: new low-speed USB device number 2 using dummy_hcd [ 56.058951][ T5217] Bluetooth: hci1: command tx timeout [ 56.138906][ T5221] Bluetooth: hci3: command tx timeout [ 56.168837][ T5314] netlink: 4 bytes leftover after parsing attributes in process `syz.0.17'. [ 56.241393][ T5316] netlink: 'syz.0.18': attribute type 29 has an invalid length. [ 56.244728][ T5251] appleir 0003:05AC:8243.0002: unknown main item tag 0x0 [ 56.245252][ T5316] netlink: 'syz.0.18': attribute type 29 has an invalid length. [ 56.250542][ T5251] appleir 0003:05AC:8243.0002: No inputs registered, leaving [ 56.255586][ T5316] netlink: 'syz.0.18': attribute type 29 has an invalid length. [ 56.260655][ T5316] netlink: 'syz.0.18': attribute type 29 has an invalid length. [ 56.262786][ T5249] usb 7-1: config index 0 descriptor too short (expected 1307, got 27) [ 56.263319][ T5251] appleir 0003:05AC:8243.0002: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 56.265129][ T5316] netlink: 'syz.0.18': attribute type 29 has an invalid length. [ 56.267478][ T5249] usb 7-1: config 0 has an invalid interface number: 0 but max is -1 [ 56.280448][ T5249] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 56.284395][ T5249] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 56.292222][ T5249] usb 7-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 56.297404][ T5249] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 56.308204][ T5249] usb 7-1: string descriptor 0 read error: -22 [ 56.311471][ T5249] usb 7-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 56.315765][ T5249] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 56.321222][ T5249] usb 7-1: config 0 descriptor?? [ 56.325487][ T5249] hub 7-1:0.0: bad descriptor, ignoring hub [ 56.328804][ T5249] hub 7-1:0.0: probe with driver hub failed with error -5 [ 56.533492][ T5306] bond0: left promiscuous mode [ 56.536025][ T5306] bond_slave_0: left promiscuous mode [ 56.544501][ T5306] bond_slave_1: left promiscuous mode [ 56.669627][ T5249] usb 7-1: USB disconnect, device number 2 [ 56.742351][ T5327] netlink: 'syz.1.22': attribute type 9 has an invalid length. [ 56.746514][ T5327] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.22'. [ 56.803835][ T5327] netlink: 'syz.1.22': attribute type 9 has an invalid length. [ 56.807569][ T5327] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.22'. [ 57.018853][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.197112][ T5221] Bluetooth: hci3: unexpected Set CIG Parameters response data [ 57.365471][ T5342] syz.1.28 (pid 5342) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 57.610263][ T5342] fscrypt: Adiantum using implementation "adiantum(xchacha12-simd,aes-aesni,nhpoly1305-avx2)" [ 57.848707][ T5252] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 58.011408][ T5358] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 58.030253][ T5252] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 58.034579][ T5252] usb 5-1: config 1 has no interface number 1 [ 58.037836][ T5252] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 58.044038][ T5252] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 58.054488][ T5252] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 58.061890][ T5252] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 58.065453][ T5252] usb 5-1: Product: syz [ 58.067321][ T5252] usb 5-1: Manufacturer: syz [ 58.070895][ T5252] usb 5-1: SerialNumber: syz [ 58.072849][ T5360] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 58.097080][ T5358] Zero length message leads to an empty skb [ 58.138292][ T5221] Bluetooth: hci1: command tx timeout [ 58.140307][ T5217] Bluetooth: hci0: command tx timeout [ 58.392538][ T35] usb 8-1: USB disconnect, device number 2 [ 58.501407][ T5343] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 58.504748][ T5343] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 58.513319][ T0] NOHZ tick-stop error: local softirq work is pending, handler #01!!! [ 58.514362][ T5252] usb 5-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 58.544819][ T5252] usb 5-1: USB disconnect, device number 2 [ 58.885614][ T5217] Bluetooth: hci3: unexpected Set CIG Parameters response data [ 59.005662][ T5380] netlink: 'syz.1.41': attribute type 9 has an invalid length. [ 59.009284][ T5380] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.41'. [ 59.064482][ T5380] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.41'. [ 59.150269][ T5383] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 59.218481][ T5383] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 59.508919][ T5399] netlink: 4 bytes leftover after parsing attributes in process `syz.1.48'. [ 59.584934][ T5403] bond0: entered promiscuous mode [ 59.587570][ T5403] bond_slave_0: entered promiscuous mode [ 59.590147][ T5217] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 59.591859][ T5403] bond_slave_1: entered promiscuous mode [ 59.597452][ T5217] Bluetooth: hci2: Injecting HCI hardware error event [ 59.601871][ T5217] Bluetooth: hci2: hardware error 0x00 [ 59.787235][ T5406] tipc: Failed to obtain node identity [ 59.791869][ T5406] tipc: Enabling of bearer rejected, failed to enable media [ 59.866255][ T5211] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 59.869902][ T5211] Bluetooth: Wrong link type (-22) [ 60.130268][ T5211] Bluetooth: hci0: unexpected Set CIG Parameters response data [ 60.416625][ T5402] bond0: left promiscuous mode [ 60.418966][ T5402] bond_slave_0: left promiscuous mode [ 60.421469][ T5402] bond_slave_1: left promiscuous mode [ 60.530557][ T5422] netlink: 4 bytes leftover after parsing attributes in process `syz.0.58'. [ 60.637685][ T5428] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 60.697355][ T5436] bond0: entered promiscuous mode [ 60.699836][ T5211] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 60.699856][ T5211] Bluetooth: Wrong link type (-22) [ 60.704516][ T5437] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 60.705747][ T5436] bond_slave_0: entered promiscuous mode [ 60.713064][ T5436] bond_slave_1: entered promiscuous mode [ 60.723943][ T5359] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 60.735194][ T39] kauditd_printk_skb: 615 callbacks suppressed [ 60.735209][ T39] audit: type=1804 audit(1719461162.216:627): pid=5428 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.61" name="/syzkaller.bisyDD/20/cgroup.controllers" dev="sda1" ino=1940 res=1 errno=0 [ 60.737930][ T5359] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 60.753374][ T1199] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 60.756433][ T1199] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 60.759560][ T1199] wlan1: authentication with 08:02:11:00:00:00 timed out [ 60.932514][ T5445] netlink: 4 bytes leftover after parsing attributes in process `syz.0.68'. [ 61.532559][ T5434] bond0: left promiscuous mode [ 61.534888][ T5434] bond_slave_0: left promiscuous mode [ 61.537532][ T5434] bond_slave_1: left promiscuous mode [ 61.663172][ T5217] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 61.683899][ T5217] Bluetooth: hci1: unexpected Set CIG Parameters response data [ 61.838115][ T5217] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 61.842221][ T5217] Bluetooth: Wrong link type (-22) [ 62.231182][ T5477] bond0: entered promiscuous mode [ 62.233947][ T5477] bond_slave_0: entered promiscuous mode [ 62.237302][ T5477] bond_slave_1: entered promiscuous mode [ 62.258411][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 62.778342][ T5217] Bluetooth: hci3: command 0x0405 tx timeout [ 62.828239][ T5273] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 63.014373][ T5273] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 63.020140][ T5273] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 63.025604][ T5273] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 63.033711][ T5273] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 63.042426][ T5273] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 63.046603][ T5273] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 63.055139][ T5273] usb 7-1: Manufacturer: syz [ 63.059383][ T5273] usb 7-1: config 0 descriptor?? [ 63.107786][ T5476] bond0: left promiscuous mode [ 63.110212][ T5476] bond_slave_0: left promiscuous mode [ 63.113547][ T5476] bond_slave_1: left promiscuous mode [ 63.184170][ T5221] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 63.187265][ T5221] Bluetooth: Wrong link type (-22) [ 63.521151][ T5273] appleir 0003:05AC:8243.0003: unknown main item tag 0x0 [ 63.525766][ T5273] appleir 0003:05AC:8243.0003: No inputs registered, leaving [ 63.533032][ T5273] appleir 0003:05AC:8243.0003: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 63.568375][ T10] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 63.718286][ T10] usb 6-1: device descriptor read/64, error -71 [ 63.998758][ T10] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 64.160420][ T10] usb 6-1: device descriptor read/64, error -71 [ 64.281451][ T10] usb usb6-port1: attempt power cycle [ 64.688259][ T10] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 64.720830][ T10] usb 6-1: device descriptor read/8, error -71 [ 64.939713][ T5494] ubi0: attaching mtd0 [ 64.944270][ T5494] ubi0: scanning is finished [ 64.946428][ T5494] ubi0: empty MTD device detected [ 64.976925][ T5494] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 64.980989][ T5494] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 64.984899][ T5494] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 64.988774][ T5494] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 64.991868][ T10] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 64.992919][ T5494] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 65.004314][ T5494] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 65.010525][ T5494] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3188649436 [ 65.016085][ T5494] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 65.022552][ T5496] ubi0: background thread "ubi_bgt0d" started, PID 5496 [ 65.030153][ T10] usb 6-1: device descriptor read/8, error -71 [ 65.152008][ T10] usb usb6-port1: unable to enumerate USB device [ 65.677282][ T5252] usb 7-1: USB disconnect, device number 3 [ 65.769688][ T5505] bond0: entered promiscuous mode [ 65.773426][ T5505] bond_slave_0: entered promiscuous mode [ 65.776505][ T5505] bond_slave_1: entered promiscuous mode [ 66.353725][ T5221] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 66.357165][ T5221] Bluetooth: Wrong link type (-22) [ 66.662297][ T5504] bond0: left promiscuous mode [ 66.668348][ T5504] bond_slave_0: left promiscuous mode [ 66.673699][ T5504] bond_slave_1: left promiscuous mode [ 67.088199][ T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 67.270054][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 67.276316][ T10] usb 5-1: config 0 has no interfaces? [ 67.279289][ T10] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 67.285162][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.318019][ T10] usb 5-1: config 0 descriptor?? [ 67.508201][ T5528] ubi: mtd0 is already attached to ubi0 [ 68.048391][ T3939] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 68.254674][ T3939] usb 7-1: device descriptor read/64, error -71 [ 68.528240][ T3939] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 68.698496][ T3939] usb 7-1: device descriptor read/64, error -71 [ 68.822443][ T10] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 68.831682][ T3939] usb usb7-port1: attempt power cycle [ 69.030597][ T10] usb 8-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 69.035593][ T10] usb 8-1: config 1 has no interface number 1 [ 69.038806][ T10] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 69.045313][ T10] usb 8-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 69.053282][ T10] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 69.057490][ T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 69.061884][ T10] usb 8-1: Product: syz [ 69.064149][ T10] usb 8-1: Manufacturer: syz [ 69.066084][ T10] usb 8-1: SerialNumber: syz [ 69.248222][ T3939] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 69.279105][ T3939] usb 7-1: device descriptor read/8, error -71 [ 69.491177][ T5534] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 69.495984][ T5534] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 69.506561][ T10] usb 8-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 69.521065][ T10] usb 8-1: USB disconnect, device number 3 [ 69.558187][ T3939] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 69.599950][ T3939] usb 7-1: device descriptor read/8, error -71 [ 69.721856][ T3939] usb usb7-port1: unable to enumerate USB device [ 69.847556][ T10] usb 5-1: USB disconnect, device number 3 [ 70.223915][ T5557] ubi: mtd0 is already attached to ubi0 [ 70.767508][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 70.839009][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 70.970695][ T5559] syzkaller0: entered promiscuous mode [ 70.973450][ T5559] syzkaller0: entered allmulticast mode [ 71.666740][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 71.670763][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 72.828536][ T5589] validate_nla: 1 callbacks suppressed [ 72.828556][ T5589] netlink: 'syz.3.121': attribute type 9 has an invalid length. [ 72.835271][ T5589] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.121'. [ 72.890876][ T5589] netlink: 'syz.3.121': attribute type 9 has an invalid length. [ 72.895029][ T5589] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.121'. [ 73.018439][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 73.072006][ T5598] netlink: 4 bytes leftover after parsing attributes in process `syz.3.124'. [ 73.198897][ T5600] netlink: 12 bytes leftover after parsing attributes in process `syz.3.125'. [ 73.233349][ T5600] lo speed is unknown, defaulting to 1000 [ 73.240383][ T5600] lo speed is unknown, defaulting to 1000 [ 73.244778][ T5600] lo speed is unknown, defaulting to 1000 [ 73.293997][ T5604] autofs: Unknown parameter '0x0000000000000000' [ 73.446310][ T5606] syzkaller0: entered promiscuous mode [ 73.449318][ T5606] syzkaller0: entered allmulticast mode [ 73.655288][ T5600] infiniband syz1: set active [ 73.662175][ T5600] infiniband syz1: added lo [ 73.806384][ T5600] RDS/IB: syz1: added [ 73.827011][ T5600] smc: adding ib device syz1 with port count 1 [ 73.830464][ T5600] smc: ib device syz1 port 1 has pnetid [ 74.856353][ T10] lo speed is unknown, defaulting to 1000 [ 74.860939][ T5615] hsr_slave_0: left promiscuous mode [ 74.864788][ T5615] hsr_slave_1: left promiscuous mode [ 74.903932][ T815] lo speed is unknown, defaulting to 1000 [ 74.909612][ T5600] lo speed is unknown, defaulting to 1000 [ 75.012770][ T5221] Bluetooth: hci3: unexpected event 0x04 length: 14 > 10 [ 75.112756][ T5600] lo speed is unknown, defaulting to 1000 [ 75.485354][ T5600] lo speed is unknown, defaulting to 1000 [ 75.579102][ T35] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 75.692578][ T5600] lo speed is unknown, defaulting to 1000 [ 75.812130][ T35] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 75.816344][ T35] usb 6-1: config 1 has no interface number 1 [ 75.819839][ T35] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 75.826460][ T35] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 75.849379][ T35] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 75.877933][ T35] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 75.886830][ T35] usb 6-1: Product: syz [ 75.889167][ T35] usb 6-1: Manufacturer: syz [ 75.891984][ T35] usb 6-1: SerialNumber: syz [ 76.209130][ T5628] netlink: 'syz.2.132': attribute type 9 has an invalid length. [ 76.213232][ T5628] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.132'. [ 76.244967][ T5628] netlink: 'syz.2.132': attribute type 9 has an invalid length. [ 76.248804][ T5628] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.132'. [ 76.321269][ T5632] netlink: 4 bytes leftover after parsing attributes in process `syz.0.133'. [ 76.370052][ T35] usb 6-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 76.391387][ T35] usb 6-1: USB disconnect, device number 6 [ 76.523197][ T5221] Bluetooth: hci3: unexpected Set CIG Parameters response data [ 76.526713][ T5221] Bluetooth: hci3: unexpected event for opcode 0x2062 [ 76.758572][ T5642] ubi: mtd0 is already attached to ubi0 [ 76.799905][ T1354] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.804391][ T1354] ieee802154 phy1 wpan1: encryption failed: -22 [ 77.023505][ T5644] hsr_slave_0: left promiscuous mode [ 77.026756][ T5644] hsr_slave_1: left promiscuous mode [ 77.206966][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.217236][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.221222][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.225237][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.228950][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.233932][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.237309][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.240883][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.244272][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.247516][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.251235][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.254818][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.258329][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.261646][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.265088][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.268597][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.280063][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.285321][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.288892][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.294011][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.298460][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.304986][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.325601][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.329820][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.333808][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.338040][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.342153][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.349278][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.354627][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.360294][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.366148][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.374282][ T5495] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 77.388043][ T5495] hid-generic 0000:0000:0000.0004: hidraw1: HID v0.00 Device [syz0] on syz0 [ 77.478452][ T815] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 77.710257][ T815] usb 7-1: config 0 has no interfaces? [ 77.713875][ T815] usb 7-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 77.724121][ T815] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.734079][ T815] usb 7-1: config 0 descriptor?? [ 77.774649][ T5651] netlink: 8 bytes leftover after parsing attributes in process `syz.0.142'. [ 77.787321][ T5651] netlink: 8 bytes leftover after parsing attributes in process `syz.0.142'. [ 77.792020][ T5651] netlink: 8 bytes leftover after parsing attributes in process `syz.0.142'. [ 78.098631][ T5657] binder: 5656:5657 ioctl c0306201 0 returned -14 [ 78.120744][ T55] usb 7-1: USB disconnect, device number 8 [ 78.735372][ T5665] netlink: 4 bytes leftover after parsing attributes in process `syz.2.143'. [ 78.914554][ T5667] netlink: 'syz.2.144': attribute type 9 has an invalid length. [ 78.920011][ T5667] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.144'. [ 78.961177][ T5667] netlink: 'syz.2.144': attribute type 9 has an invalid length. [ 78.965970][ T5667] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.144'. [ 79.130697][ T5672] bond0: entered promiscuous mode [ 79.134068][ T5672] bond_slave_0: entered promiscuous mode [ 79.140428][ T5672] bond_slave_1: entered promiscuous mode [ 79.229273][ T5221] Bluetooth: hci3: unexpected Set CIG Parameters response data [ 79.233059][ T5221] Bluetooth: hci3: unexpected event for opcode 0x2062 [ 79.538824][ T5686] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 79.815257][ T5695] bond0: entered promiscuous mode [ 79.817984][ T5695] bond_slave_0: entered promiscuous mode [ 79.822687][ T5695] bond_slave_1: entered promiscuous mode [ 79.946647][ T5671] bond0: left promiscuous mode [ 79.954621][ T5671] bond_slave_0: left promiscuous mode [ 79.957262][ T5671] bond_slave_1: left promiscuous mode [ 80.539552][ T5221] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 80.545372][ T5221] Bluetooth: hci3: Injecting HCI hardware error event [ 80.551338][ T5217] Bluetooth: hci3: hardware error 0x00 [ 80.597859][ T5705] netlink: 8 bytes leftover after parsing attributes in process `syz.3.158'. [ 80.610942][ T5705] netlink: 8 bytes leftover after parsing attributes in process `syz.3.158'. [ 80.615972][ T5705] netlink: 8 bytes leftover after parsing attributes in process `syz.3.158'. [ 80.643686][ T5694] bond0: left promiscuous mode [ 80.645976][ T5694] bond_slave_0: left promiscuous mode [ 80.648923][ T5694] bond_slave_1: left promiscuous mode [ 81.264663][ T5221] Bluetooth: hci3: unexpected Set CIG Parameters response data [ 81.268295][ T5221] Bluetooth: hci3: unexpected event for opcode 0x2062 [ 82.409139][ T5211] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 82.414126][ T5211] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 82.418674][ T5211] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 82.424899][ T5211] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 82.438717][ T5211] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 82.443626][ T5211] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 82.510098][ T5761] lo speed is unknown, defaulting to 1000 [ 82.618617][ T5217] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 82.711379][ T1199] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.825126][ T1199] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.946062][ T1199] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.050615][ T1199] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.122498][ T5761] chnl_net:caif_netlink_parms(): no params data found [ 83.316280][ T1199] bridge_slave_1: left allmulticast mode [ 83.324345][ T1199] bridge_slave_1: left promiscuous mode [ 83.348437][ T1199] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.366435][ T1199] bridge_slave_0: left allmulticast mode [ 83.372825][ T1199] bridge_slave_0: left promiscuous mode [ 83.375426][ T1199] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.073353][ T1199] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 84.083410][ T1199] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 84.091532][ T1199] bond0 (unregistering): Released all slaves [ 84.156526][ T5761] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.160175][ T5761] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.163381][ T5761] bridge_slave_0: entered allmulticast mode [ 84.167878][ T5761] bridge_slave_0: entered promiscuous mode [ 84.173546][ T5761] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.176673][ T5761] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.183764][ T5761] bridge_slave_1: entered allmulticast mode [ 84.189805][ T5761] bridge_slave_1: entered promiscuous mode [ 84.286495][ T5761] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.301854][ T5761] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.406661][ T5761] team0: Port device team_slave_0 added [ 84.413516][ T5761] team0: Port device team_slave_1 added [ 84.512645][ T5761] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.515927][ T5761] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.528392][ T5761] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.538293][ T5217] Bluetooth: hci1: command tx timeout [ 84.569356][ T5761] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.572062][ T5761] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.583000][ T5761] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.662567][ T5761] hsr_slave_0: entered promiscuous mode [ 84.666407][ T5761] hsr_slave_1: entered promiscuous mode [ 84.669817][ T5761] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 84.673383][ T5761] Cannot create hsr debugfs directory [ 84.716853][ T5775] syzkaller0: entered promiscuous mode [ 84.720529][ T5775] syzkaller0: entered allmulticast mode [ 86.222616][ T1199] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 86.225676][ T1199] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 86.239768][ T1199] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 86.242790][ T1199] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 86.329995][ T1199] veth1_macvtap: left promiscuous mode [ 86.333047][ T1199] veth0_macvtap: left promiscuous mode [ 86.335763][ T1199] veth1_vlan: left promiscuous mode [ 86.349264][ T1199] veth0_vlan: left promiscuous mode [ 86.628353][ T5217] Bluetooth: hci1: command tx timeout [ 87.020144][ T56] cfg80211: failed to load regulatory.db [ 87.845295][ T1199] team0 (unregistering): Port device team_slave_1 removed [ 88.004463][ T1199] team0 (unregistering): Port device team_slave_0 removed [ 88.699496][ T5217] Bluetooth: hci1: command tx timeout [ 89.722696][ T5819] syzkaller0: entered promiscuous mode [ 89.725158][ T5819] syzkaller0: entered allmulticast mode [ 90.779982][ T5217] Bluetooth: hci1: command tx timeout [ 91.263711][ T5761] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 91.275045][ T5761] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 91.285853][ T5761] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 91.294586][ T5761] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 91.392383][ T5761] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.410700][ T5761] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.430433][ T5251] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.434091][ T5251] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.446930][ T5251] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.450690][ T5251] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.702071][ T5761] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.752062][ T5761] veth0_vlan: entered promiscuous mode [ 91.794633][ T5761] veth1_vlan: entered promiscuous mode [ 91.850852][ T5761] veth0_macvtap: entered promiscuous mode [ 91.864376][ T5761] veth1_macvtap: entered promiscuous mode [ 91.894119][ T5761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.900918][ T5761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.912683][ T5761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.922235][ T5761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.929240][ T5761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.934713][ T5761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.944699][ T5761] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.962165][ T5761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.966588][ T5761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.971081][ T5761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.975162][ T5761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.979846][ T5761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.984065][ T5761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.990117][ T5761] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.999474][ T5761] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.003132][ T5761] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.008128][ T5761] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.011867][ T5761] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.079605][ T1091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.083340][ T5217] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 92.086136][ T5217] Bluetooth: Wrong link type (-22) [ 92.087546][ T1091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.124575][ T82] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.132355][ T82] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.175817][ T5848] syz.3.205[5848] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 92.175973][ T5848] syz.3.205[5848] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 92.250791][ T5848] netlink: 44 bytes leftover after parsing attributes in process `syz.3.205'. [ 92.254885][ T5853] syz.1.206[5853] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 92.265383][ T5853] syz.1.206[5853] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 92.266079][ T39] audit: type=1326 audit(1719461193.756:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5847 comm="syz.3.205" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x0 [ 92.705312][ T5867] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 92.734435][ T5867] netlink: 12 bytes leftover after parsing attributes in process `syz.1.206'. [ 92.739568][ T5869] Driver unsupported XDP return value 0 on prog (id 73) dev N/A, expect packet loss! [ 92.832089][ T5874] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 92.893672][ T5877] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 92.982819][ T39] audit: type=1804 audit(1719461194.456:629): pid=5877 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.213" name="/syzkaller.XOcsxO/54/cgroup.controllers" dev="sda1" ino=1942 res=1 errno=0 [ 93.539727][ T5899] netlink: 172 bytes leftover after parsing attributes in process `syz.0.219'. [ 93.684482][ T5913] sch_fq: defrate 0 ignored. [ 93.768647][ T5917] bond0: entered promiscuous mode [ 93.770904][ T5917] bond_slave_0: entered promiscuous mode [ 93.773578][ T5917] bond_slave_1: entered promiscuous mode [ 93.824945][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.827930][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.832801][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.836467][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.841173][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.844564][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.848227][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.852230][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.855150][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.858230][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.861471][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.865086][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.867977][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.871507][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.874208][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.876863][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.879920][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.882898][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.885578][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.888638][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.891504][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.894212][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.896938][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.902153][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.905084][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.907799][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.910617][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.913731][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.914258][ T5925] tipc: Failed to obtain node identity [ 93.916944][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.919527][ T5925] tipc: Enabling of bearer rejected, failed to enable media [ 93.922224][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.928505][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.931421][ T30] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 93.938205][ T30] hid-generic 0000:0000:0000.0005: hidraw1: HID v0.00 Device [syz0] on syz0 [ 94.098181][ T5251] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 94.310285][ T5251] usb 5-1: config index 0 descriptor too short (expected 65535, got 36) [ 94.313858][ T5251] usb 5-1: config 255 has too many interfaces: 255, using maximum allowed: 32 [ 94.317948][ T5251] usb 5-1: config 255 has an invalid descriptor of length 0, skipping remainder of the config [ 94.324640][ T5251] usb 5-1: config 255 has 0 interfaces, different from the descriptor's value: 255 [ 94.330214][ T5251] usb 5-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 94.334701][ T5251] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.446977][ T5932] syz.3.236 uses obsolete (PF_INET,SOCK_PACKET) [ 94.567506][ T2681] usb 5-1: USB disconnect, device number 4 [ 94.580185][ T5916] bond0: left promiscuous mode [ 94.582307][ T5916] bond_slave_0: left promiscuous mode [ 94.584903][ T5916] bond_slave_1: left promiscuous mode [ 94.951493][ T5941] sch_fq: defrate 0 ignored. [ 95.544596][ T5217] Bluetooth: hci1: unexpected event 0x04 length: 14 > 10 [ 95.856354][ T5992] binder: 5991:5992 ioctl 4018620d 0 returned -22 [ 95.885384][ T5996] ubi0: detaching mtd0 [ 95.895129][ T5996] ubi0: mtd0 is detached [ 96.365491][ T6010] bond0: entered promiscuous mode [ 96.367568][ T6010] bond_slave_0: entered promiscuous mode [ 96.371022][ T6010] bond_slave_1: entered promiscuous mode [ 96.506320][ T6012] tipc: Failed to obtain node identity [ 96.519545][ T6012] tipc: Enabling of bearer rejected, failed to enable media [ 96.721405][ T39] audit: type=1326 audit(1719461198.206:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6015 comm="syz.3.267" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 96.732864][ T39] audit: type=1326 audit(1719461198.206:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6015 comm="syz.3.267" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 96.742169][ T39] audit: type=1326 audit(1719461198.206:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6015 comm="syz.3.267" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 96.751947][ T39] audit: type=1326 audit(1719461198.206:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6015 comm="syz.3.267" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 96.761621][ T39] audit: type=1326 audit(1719461198.206:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6015 comm="syz.3.267" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 96.769854][ T39] audit: type=1326 audit(1719461198.226:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6015 comm="syz.3.267" exe="/syz-executor" sig=0 arch=40000003 syscall=329 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 96.777430][ T39] audit: type=1326 audit(1719461198.226:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6015 comm="syz.3.267" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 96.785676][ T39] audit: type=1326 audit(1719461198.226:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6015 comm="syz.3.267" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 96.794896][ T6020] netlink: 24 bytes leftover after parsing attributes in process `syz.1.269'. [ 96.827673][ T6021] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 96.889096][ T6023] netlink: 'syz.1.270': attribute type 9 has an invalid length. [ 96.892249][ T6023] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.270'. [ 96.932934][ T6023] netlink: 'syz.1.270': attribute type 9 has an invalid length. [ 96.935619][ T6023] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.270'. [ 97.118344][ T6028] netlink: 4 bytes leftover after parsing attributes in process `syz.1.272'. [ 97.195572][ T6009] bond0: left promiscuous mode [ 97.197661][ T6009] bond_slave_0: left promiscuous mode [ 97.200392][ T6009] bond_slave_1: left promiscuous mode [ 97.282316][ T6045] team_slave_0: entered promiscuous mode [ 97.284653][ T6045] team_slave_0: entered allmulticast mode [ 97.299368][ T6045] team0: Port device team_slave_0 removed [ 97.299452][ T6032] usb usb9: usbfs: process 6032 (syz.2.274) did not claim interface 0 before use [ 97.446864][ T6056] ubi0: attaching mtd0 [ 97.455376][ T6056] ubi0: scanning is finished [ 97.468494][ T6056] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 97.471653][ T6056] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 97.474694][ T6056] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 97.477589][ T6056] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 97.480992][ T6056] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 97.483853][ T6056] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 97.487225][ T6056] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3188649436 [ 97.492903][ T6056] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 97.498723][ T6057] ubi0: background thread "ubi_bgt0d" started, PID 6057 [ 97.578788][ T5217] Bluetooth: hci1: command tx timeout [ 98.313411][ T6070] netlink: 4 bytes leftover after parsing attributes in process `syz.3.286'. [ 98.545902][ T6074] usb usb9: usbfs: process 6074 (syz.1.288) did not claim interface 0 before use [ 98.641464][ T6083] team_slave_0: entered promiscuous mode [ 98.644445][ T6083] team_slave_0: entered allmulticast mode [ 98.671143][ T6083] team0: Port device team_slave_0 removed [ 98.889988][ T6093] netlink: 12 bytes leftover after parsing attributes in process `syz.1.293'. [ 98.901605][ T39] kauditd_printk_skb: 7 callbacks suppressed [ 98.901617][ T39] audit: type=1326 audit(1719461200.386:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6092 comm="syz.1.293" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7451579 code=0x7ffc0000 [ 98.927385][ T39] audit: type=1326 audit(1719461200.386:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6092 comm="syz.1.293" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7451579 code=0x7ffc0000 [ 98.946384][ T6093] process 'syz.1.293' launched '/dev/fd/10' with NULL argv: empty string added [ 98.947067][ T39] audit: type=1326 audit(1719461200.406:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6092 comm="syz.1.293" exe="/syz-executor" sig=0 arch=40000003 syscall=255 compat=1 ip=0xf7451579 code=0x7ffc0000 [ 98.959536][ T39] audit: type=1326 audit(1719461200.406:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6092 comm="syz.1.293" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7451579 code=0x7ffc0000 [ 98.968795][ T39] audit: type=1326 audit(1719461200.406:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6092 comm="syz.1.293" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7451579 code=0x7ffc0000 [ 98.978840][ T39] audit: type=1326 audit(1719461200.406:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6092 comm="syz.1.293" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7451579 code=0x7ffc0000 [ 98.987909][ T39] audit: type=1326 audit(1719461200.406:651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6092 comm="syz.1.293" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7451579 code=0x7ffc0000 [ 98.998504][ T39] audit: type=1326 audit(1719461200.406:652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6092 comm="syz.1.293" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7451579 code=0x7ffc0000 [ 99.007623][ T39] audit: type=1326 audit(1719461200.406:653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6092 comm="syz.1.293" exe="/syz-executor" sig=0 arch=40000003 syscall=310 compat=1 ip=0xf7451579 code=0x7ffc0000 [ 99.017156][ T39] audit: type=1326 audit(1719461200.406:654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6092 comm="syz.1.293" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7451579 code=0x7ffc0000 [ 99.189138][ T6096] syzkaller0: entered promiscuous mode [ 99.191262][ T6096] syzkaller0: entered allmulticast mode [ 101.116704][ T5251] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 101.204104][ T5217] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 101.207125][ T5217] Bluetooth: Wrong link type (-22) [ 101.209836][ T5217] Bluetooth: hci0: link tx timeout [ 101.212863][ T5217] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 101.282725][ T5211] Bluetooth: hci0: unexpected event 0x04 length: 14 > 10 [ 101.325147][ T5251] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 101.332793][ T5251] usb 7-1: config 1 has no interface number 1 [ 101.335849][ T5251] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 101.342360][ T5251] usb 7-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 101.369381][ T5251] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 101.375156][ T6136] syzkaller0: entered promiscuous mode [ 101.375178][ T6136] syzkaller0: entered allmulticast mode [ 101.380185][ T5251] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.385135][ T5251] usb 7-1: Product: syz [ 101.402613][ T5251] usb 7-1: Manufacturer: syz [ 101.412168][ T5251] usb 7-1: SerialNumber: syz [ 101.868191][ T6108] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 101.872564][ T6108] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 101.912856][ T5251] usb 7-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 101.943402][ T5251] usb 7-1: USB disconnect, device number 9 [ 102.911486][ T6152] netlink: 'syz.1.315': attribute type 9 has an invalid length. [ 102.914919][ T6152] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.315'. [ 103.153305][ T6153] netlink: 'syz.1.315': attribute type 9 has an invalid length. [ 103.159862][ T6153] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.315'. [ 103.194133][ T5211] Bluetooth: hci0: unexpected event for opcode 0x040e [ 103.199843][ T6159] bond0: entered promiscuous mode [ 103.201940][ T6159] bond_slave_0: entered promiscuous mode [ 103.204447][ T6159] bond_slave_1: entered promiscuous mode [ 103.219367][ T5211] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 103.221898][ T5211] Bluetooth: Wrong link type (-22) [ 103.224731][ T5211] Bluetooth: hci0: link tx timeout [ 103.226601][ T5211] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 103.375207][ T6169] tipc: Failed to obtain node identity [ 103.377780][ T6169] tipc: Enabling of bearer rejected, failed to enable media [ 103.676890][ T6182] syzkaller0: entered promiscuous mode [ 103.680031][ T6182] syzkaller0: entered allmulticast mode [ 105.176197][ T6158] bond0: left promiscuous mode [ 105.178437][ T6158] bond_slave_0: left promiscuous mode [ 105.180552][ T6158] bond_slave_1: left promiscuous mode [ 105.200686][ T6189] ubi0: detaching mtd0 [ 105.206949][ T6189] ubi0: mtd0 is detached [ 105.733575][ T5217] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 105.736584][ T5217] Bluetooth: Wrong link type (-22) [ 106.494495][ T6235] ubi0: attaching mtd0 [ 106.498979][ T6235] ubi0: scanning is finished [ 106.562726][ T6235] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 106.566223][ T6235] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 106.578117][ T6235] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 106.581416][ T6235] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 106.585123][ T6235] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 106.598119][ T6235] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 106.601710][ T6235] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3188649436 [ 106.606207][ T6235] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 106.628428][ T6236] ubi0: background thread "ubi_bgt0d" started, PID 6236 [ 107.789892][ T6243] netlink: 4 bytes leftover after parsing attributes in process `syz.0.348'. [ 107.817019][ T6243] team_slave_0: entered promiscuous mode [ 107.820686][ T6243] team_slave_0: entered allmulticast mode [ 107.845720][ T6243] team0: Port device team_slave_0 removed [ 108.268888][ T56] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 108.470526][ T56] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 108.475246][ T56] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 108.479711][ T56] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 253 [ 108.486491][ T56] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 108.489576][ T56] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 108.492939][ T56] usb 6-1: Manufacturer: syz [ 108.497144][ T56] usb 6-1: config 0 descriptor?? [ 108.502055][ T56] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 109.647426][ T6281] fuse: Unknown parameter '0xffffffffffffffff' [ 111.002780][ T3939] usb 6-1: USB disconnect, device number 7 [ 111.118264][ T57] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 111.316705][ T57] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 111.321005][ T57] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 111.325215][ T57] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 111.357554][ T57] usb 7-1: New USB device found, idVendor=056a, idProduct=0317, bcdDevice= 0.00 [ 111.363510][ T57] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.369173][ T57] usb 7-1: config 0 descriptor?? [ 111.434578][ T6311] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 111.508157][ T3939] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 111.511444][ T6311] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 111.554067][ T39] kauditd_printk_skb: 10 callbacks suppressed [ 111.554082][ T39] audit: type=1804 audit(1719461213.036:665): pid=6311 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.370" name="/syzkaller.2UWMgL/86/cgroup.controllers" dev="sda1" ino=1959 res=1 errno=0 [ 111.720242][ T3939] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 111.724376][ T3939] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 111.728404][ T3939] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 111.733615][ T3939] usb 8-1: New USB device found, idVendor=056a, idProduct=0317, bcdDevice= 0.00 [ 111.737255][ T3939] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.742247][ T3939] usb 8-1: config 0 descriptor?? [ 111.748174][ T56] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 111.942876][ T56] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 111.949033][ T56] usb 6-1: New USB device found, idVendor=056a, idProduct=0317, bcdDevice= 0.00 [ 111.953131][ T56] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.958583][ T56] usb 6-1: config 0 descriptor?? [ 111.965745][ T56] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 113.065147][ T6318] netlink: 4 bytes leftover after parsing attributes in process `syz.0.372'. [ 113.454348][ T57] usbhid 7-1:0.0: can't add hid device: -71 [ 113.457181][ T57] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 113.464647][ T57] usb 7-1: USB disconnect, device number 10 [ 113.842257][ T3939] usbhid 8-1:0.0: can't add hid device: -71 [ 113.844842][ T3939] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 113.856832][ T3939] usb 8-1: USB disconnect, device number 4 [ 113.921203][ T6336] pim6reg1: entered promiscuous mode [ 113.923530][ T6336] pim6reg1: entered allmulticast mode [ 113.973572][ T6340] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 114.034755][ T6341] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 114.054958][ T39] audit: type=1804 audit(1719461215.536:666): pid=6340 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.379" name="/syzkaller.XOcsxO/97/cgroup.controllers" dev="sda1" ino=1946 res=1 errno=0 [ 114.145978][ T56] usb 6-1: USB disconnect, device number 8 [ 115.564558][ T6371] ubi0: detaching mtd0 [ 115.570888][ T6371] ubi0: mtd0 is detached [ 115.788374][ T3939] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 115.987841][ T3939] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 115.995019][ T3939] usb 7-1: config 1 has no interface number 1 [ 115.998538][ T3939] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 116.004867][ T3939] usb 7-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 116.022624][ T3939] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 116.026770][ T3939] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.035018][ T3939] usb 7-1: Product: syz [ 116.037616][ T3939] usb 7-1: Manufacturer: syz [ 116.040537][ T3939] usb 7-1: SerialNumber: syz [ 116.169746][ T6380] bond0: entered promiscuous mode [ 116.172411][ T6380] bond_slave_0: entered promiscuous mode [ 116.175007][ T6380] bond_slave_1: entered promiscuous mode [ 116.318984][ T6381] tipc: Failed to obtain node identity [ 116.321378][ T6381] tipc: Enabling of bearer rejected, failed to enable media [ 116.488259][ T6364] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 116.492301][ T6364] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 116.520389][ T3939] usb 7-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 116.535203][ T3939] usb 7-1: USB disconnect, device number 11 [ 116.601202][ T6316] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 116.780935][ T6316] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 116.786326][ T6316] usb 6-1: New USB device found, idVendor=056a, idProduct=0317, bcdDevice= 0.00 [ 116.789736][ T6316] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.795961][ T6316] usb 6-1: config 0 descriptor?? [ 116.802053][ T6316] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 117.001748][ T6379] bond0: left promiscuous mode [ 117.028184][ T6379] bond_slave_0: left promiscuous mode [ 117.074002][ T6379] bond_slave_1: left promiscuous mode [ 117.438236][ T5273] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 117.649228][ T5273] usb 5-1: Using ep0 maxpacket: 8 [ 117.656039][ T5273] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 117.660130][ T5273] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 117.664565][ T5273] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 117.669140][ T5273] usb 5-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 117.674495][ T5273] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 117.680643][ T5273] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 117.685373][ T5273] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.695779][ T5273] usbtmc 5-1:16.0: bulk endpoints not found [ 118.647637][ T5273] usb 6-1: USB disconnect, device number 9 [ 119.928226][ T5006] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 120.130701][ T5006] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 120.136655][ T5006] usb 7-1: New USB device found, idVendor=056a, idProduct=0317, bcdDevice= 0.00 [ 120.140350][ T5006] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.151162][ T5006] usb 7-1: config 0 descriptor?? [ 120.156712][ T5006] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 120.165886][ T5006] usb 5-1: USB disconnect, device number 5 [ 120.473742][ T6462] netlink: 105120 bytes leftover after parsing attributes in process `syz.3.423'. [ 120.516925][ T5217] Bluetooth: hci0: unexpected event for opcode 0x040e [ 120.544522][ T5217] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 120.547087][ T5217] Bluetooth: Wrong link type (-22) [ 121.008276][ T5006] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 121.209355][ T5006] usb 8-1: Using ep0 maxpacket: 8 [ 121.214713][ T5006] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 121.218461][ T5006] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 121.222621][ T5006] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 121.226288][ T5006] usb 8-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 121.230322][ T5006] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 121.235030][ T5006] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 121.240175][ T5006] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.245933][ T5006] usbtmc 8-1:16.0: bulk endpoints not found [ 121.772205][ T6484] netlink: 12 bytes leftover after parsing attributes in process `syz.1.431'. [ 121.823835][ T6484] bond1: (slave gre1): The slave device specified does not support setting the MAC address [ 121.829070][ T6484] bond1: (slave gre1): Error -95 calling set_mac_address [ 121.874541][ T6487] netlink: 4 bytes leftover after parsing attributes in process `syz.1.431'. [ 121.883649][ T6487] bond1 (unregistering): Released all slaves [ 122.027786][ T6489] bond0: entered promiscuous mode [ 122.031730][ T6489] bond_slave_0: entered promiscuous mode [ 122.034441][ T6489] bond_slave_1: entered promiscuous mode [ 122.056630][ T6489] tipc: Failed to obtain node identity [ 122.059321][ T6489] tipc: Enabling of bearer rejected, failed to enable media [ 122.080867][ T6488] bond0: left promiscuous mode [ 122.082787][ T6488] bond_slave_0: left promiscuous mode [ 122.085228][ T6488] bond_slave_1: left promiscuous mode [ 122.168375][ T39] audit: type=1326 audit(1719461223.646:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.1.434" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7451579 code=0x0 [ 122.262687][ T55] usb 7-1: USB disconnect, device number 12 [ 122.386736][ T6497] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 122.447827][ T6497] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 122.466962][ T39] audit: type=1804 audit(1719461223.946:668): pid=6497 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.435" name="/syzkaller.WJhPta/95/cgroup.controllers" dev="sda1" ino=1955 res=1 errno=0 [ 123.095617][ T5217] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 123.098810][ T5217] Bluetooth: Wrong link type (-22) [ 123.449919][ T6515] bond0: entered promiscuous mode [ 123.452070][ T6515] bond_slave_0: entered promiscuous mode [ 123.454945][ T6515] bond_slave_1: entered promiscuous mode [ 123.510926][ T6515] tipc: Failed to obtain node identity [ 123.513902][ T6515] tipc: Enabling of bearer rejected, failed to enable media [ 123.548151][ T6514] bond0: left promiscuous mode [ 123.550815][ T6514] bond_slave_0: left promiscuous mode [ 123.553513][ T6514] bond_slave_1: left promiscuous mode [ 123.637343][ T6517] netlink: 32 bytes leftover after parsing attributes in process `syz.1.442'. [ 123.735241][ T6521] netlink: 4 bytes leftover after parsing attributes in process `syz.1.444'. [ 123.754873][ T815] usb 8-1: USB disconnect, device number 5 [ 123.832444][ T6525] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 123.899506][ T6525] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 123.905157][ T6535] bond0: entered promiscuous mode [ 123.907561][ T6535] bond_slave_0: entered promiscuous mode [ 123.911694][ T6535] bond_slave_1: entered promiscuous mode [ 123.923257][ T39] audit: type=1804 audit(1719461225.406:669): pid=6525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.446" name="/syzkaller.WJhPta/99/cgroup.controllers" dev="sda1" ino=1955 res=1 errno=0 [ 124.050343][ T6536] tipc: Failed to obtain node identity [ 124.052749][ T6536] tipc: Enabling of bearer rejected, failed to enable media [ 124.193545][ T6539] netlink: 32 bytes leftover after parsing attributes in process `syz.0.452'. [ 124.443451][ T6549] netlink: 196 bytes leftover after parsing attributes in process `syz.0.456'. [ 124.739136][ T6534] bond0: left promiscuous mode [ 124.741359][ T6534] bond_slave_0: left promiscuous mode [ 124.743912][ T6534] bond_slave_1: left promiscuous mode [ 125.404958][ T6578] netlink: 4 bytes leftover after parsing attributes in process `syz.2.467'. [ 125.811071][ T6585] tipc: Can't bind to reserved service type 0 [ 125.839842][ T6587] netlink: 'syz.3.471': attribute type 72 has an invalid length. [ 125.844164][ T6587] netlink: 24 bytes leftover after parsing attributes in process `syz.3.471'. [ 126.059222][ T6600] netlink: 4 bytes leftover after parsing attributes in process `syz.3.476'. [ 126.442125][ T6612] netlink: 196 bytes leftover after parsing attributes in process `syz.1.478'. [ 127.429332][ T6632] netlink: 'syz.2.487': attribute type 9 has an invalid length. [ 127.435547][ T6632] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.487'. [ 127.468762][ T6632] netlink: 'syz.2.487': attribute type 9 has an invalid length. [ 127.472459][ T6632] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.487'. [ 127.933793][ T6645] bond0: entered promiscuous mode [ 127.937317][ T6645] bond_slave_0: entered promiscuous mode [ 127.940748][ T6645] bond_slave_1: entered promiscuous mode [ 128.049480][ T6647] bond0: entered promiscuous mode [ 128.051810][ T6647] bond_slave_0: entered promiscuous mode [ 128.054395][ T6647] bond_slave_1: entered promiscuous mode [ 128.141390][ T6650] tipc: Failed to obtain node identity [ 128.144116][ T6650] tipc: Enabling of bearer rejected, failed to enable media [ 128.242232][ T6652] tipc: Failed to obtain node identity [ 128.245096][ T6652] tipc: Enabling of bearer rejected, failed to enable media [ 128.251999][ T6654] netlink: 4 bytes leftover after parsing attributes in process `syz.3.495'. [ 128.267545][ T6654] team_slave_0: entered promiscuous mode [ 128.270374][ T6654] team_slave_0: entered allmulticast mode [ 128.281671][ T6654] team0: Port device team_slave_0 removed [ 128.388393][ T6656] netlink: 'syz.3.496': attribute type 9 has an invalid length. [ 128.391801][ T6656] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.496'. [ 128.416233][ T6656] netlink: 'syz.3.496': attribute type 9 has an invalid length. [ 128.419286][ T6656] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.496'. [ 128.694425][ T6661] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.498'. [ 128.741440][ T6663] netlink: 'syz.0.499': attribute type 10 has an invalid length. [ 128.752247][ T6663] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 128.760043][ T6663] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 128.769602][ T6644] bond0: left promiscuous mode [ 128.771807][ T6644] bond_slave_0: left promiscuous mode [ 128.774335][ T6644] bond_slave_1: left promiscuous mode [ 128.809869][ T55] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 128.884795][ T6646] bond0: left promiscuous mode [ 128.887246][ T6646] bond_slave_0: left promiscuous mode [ 128.890435][ T6646] bond_slave_1: left promiscuous mode [ 128.950138][ T6669] syzkaller0: entered promiscuous mode [ 128.952493][ T6669] syzkaller0: entered allmulticast mode [ 129.008307][ T55] usb 8-1: Using ep0 maxpacket: 8 [ 129.016063][ T55] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 129.019901][ T55] usb 8-1: config 0 has no interface number 0 [ 129.022721][ T55] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 129.027755][ T55] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 129.032428][ T55] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.047291][ T55] usb 8-1: config 0 descriptor?? [ 129.063113][ T55] iowarrior 8-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 129.285163][ T815] usb 8-1: USB disconnect, device number 6 [ 129.344653][ T815] iowarrior 8-1:0.1: I/O-Warror #0 now disconnected [ 129.748695][ T6677] netlink: 4 bytes leftover after parsing attributes in process `syz.2.504'. [ 130.267048][ T5217] Bluetooth: hci0: unexpected event for opcode 0x040e [ 130.388929][ T5217] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 130.393241][ T5217] Bluetooth: Wrong link type (-22) [ 130.723720][ T6697] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 130.797821][ T6702] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 130.836106][ T39] audit: type=1804 audit(1719461232.316:670): pid=6697 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.511" name="/syzkaller.2UWMgL/119/cgroup.controllers" dev="sda1" ino=1944 res=1 errno=0 [ 130.948531][ T6316] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 131.056892][ T5217] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 131.060515][ T5217] Bluetooth: Wrong link type (-22) [ 131.063306][ T5217] Bluetooth: hci1: link tx timeout [ 131.067264][ T5217] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 131.170374][ T6713] ubi0: attaching mtd0 [ 131.173779][ T6713] ubi0: scanning is finished [ 131.189141][ T6713] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 131.192537][ T6713] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 131.195804][ T6713] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 131.208408][ T6713] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 131.211716][ T6713] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 131.239752][ T6713] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 131.243227][ T6713] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3188649436 [ 131.266806][ T6713] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 131.275115][ T6714] ubi0: background thread "ubi_bgt0d" started, PID 6714 [ 131.275268][ T6718] ubi0: detaching mtd0 [ 131.291132][ T6718] ubi0: mtd0 is detached [ 131.447247][ T6726] syz.2.524[6726] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 131.447414][ T6726] syz.2.524[6726] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 132.052983][ T6741] bond0: entered promiscuous mode [ 132.063454][ T6741] bond_slave_0: entered promiscuous mode [ 132.076519][ T6741] bond_slave_1: entered promiscuous mode [ 132.280829][ T6742] tipc: Failed to obtain node identity [ 132.288520][ T6742] tipc: Enabling of bearer rejected, failed to enable media [ 132.413728][ T6746] bond0: entered promiscuous mode [ 132.417009][ T6746] bond_slave_0: entered promiscuous mode [ 132.423019][ T6746] bond_slave_1: entered promiscuous mode [ 132.604061][ T6747] tipc: Failed to obtain node identity [ 132.607145][ T6747] tipc: Enabling of bearer rejected, failed to enable media [ 132.965458][ T6740] bond0: left promiscuous mode [ 132.969910][ T6740] bond_slave_0: left promiscuous mode [ 132.973825][ T6740] bond_slave_1: left promiscuous mode [ 133.098600][ T5211] Bluetooth: hci1: command 0x0406 tx timeout [ 133.244794][ T6745] bond0: left promiscuous mode [ 133.257936][ T6745] bond_slave_0: left promiscuous mode [ 133.260712][ T6745] bond_slave_1: left promiscuous mode [ 133.369655][ T6769] netlink: 4 bytes leftover after parsing attributes in process `syz.0.542'. [ 133.493791][ T6786] bond0: entered promiscuous mode [ 133.497397][ T6786] bond_slave_0: entered promiscuous mode [ 133.506688][ T6786] bond_slave_1: entered promiscuous mode [ 133.606039][ T39] audit: type=1800 audit(1719461235.086:671): pid=6792 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.553" name="memory.events" dev="sda1" ino=1949 res=0 errno=0 [ 133.609672][ T5273] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 133.618005][ T6794] netlink: 4 bytes leftover after parsing attributes in process `syz.2.554'. [ 133.630706][ T39] audit: type=1804 audit(1719461235.116:672): pid=6792 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.553" name="/syzkaller.2UWMgL/128/memory.events" dev="sda1" ino=1949 res=1 errno=0 [ 133.699057][ T6795] tipc: Failed to obtain node identity [ 133.701972][ T6795] tipc: Enabling of bearer rejected, failed to enable media [ 133.760945][ T6803] syz.2.558[6803] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 133.761091][ T6803] syz.2.558[6803] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 133.828425][ T5273] usb 8-1: Using ep0 maxpacket: 8 [ 133.843783][ T5273] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 133.862373][ T5273] usb 8-1: config 0 has no interface number 0 [ 133.865907][ T5273] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 133.870184][ T5273] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 133.874474][ T5273] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.880330][ T5273] usb 8-1: config 0 descriptor?? [ 133.886834][ T5273] iowarrior 8-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 134.101214][ T5273] usb 8-1: USB disconnect, device number 8 [ 134.105846][ T5273] iowarrior 8-1:0.1: I/O-Warror #0 now disconnected [ 134.186481][ T6819] netlink: 'syz.2.565': attribute type 9 has an invalid length. [ 134.190489][ T6819] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.565'. [ 134.224055][ T6819] netlink: 'syz.2.565': attribute type 9 has an invalid length. [ 134.226807][ T6819] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.565'. [ 134.326647][ T6784] bond0: left promiscuous mode [ 134.329670][ T6784] bond_slave_0: left promiscuous mode [ 134.332645][ T6784] bond_slave_1: left promiscuous mode [ 134.514952][ T6833] ubi0: attaching mtd0 [ 134.518641][ T6833] ubi0: scanning is finished [ 134.530086][ T6833] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 134.533909][ T6833] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 134.537166][ T6833] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 134.542722][ T6833] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 134.547376][ T6833] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 134.550437][ T6833] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 134.554267][ T6833] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3188649436 [ 134.558811][ T6833] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 134.563157][ T6836] ubi0: background thread "ubi_bgt0d" started, PID 6836 [ 134.582045][ T6835] syzkaller0: entered promiscuous mode [ 134.584525][ T6835] syzkaller0: entered allmulticast mode [ 134.591399][ T82] syzkaller0: tun_net_xmit 48 [ 135.990433][ T6846] bond0: entered promiscuous mode [ 135.992803][ T6846] bond_slave_0: entered promiscuous mode [ 135.995403][ T6846] bond_slave_1: entered promiscuous mode [ 136.001596][ T6846] bond0: left promiscuous mode [ 136.004869][ T6846] bond_slave_0: left promiscuous mode [ 136.008216][ T6846] bond_slave_1: left promiscuous mode [ 136.013395][ T6848] tipc: Failed to obtain node identity [ 136.015954][ T6848] tipc: Enabling of bearer rejected, failed to enable media [ 136.040391][ T6854] ubi0: detaching mtd0 [ 136.046833][ T6854] ubi0: mtd0 is detached [ 136.086835][ T6856] netlink: 4 bytes leftover after parsing attributes in process `syz.1.579'. [ 136.502326][ T6883] syzkaller0: entered promiscuous mode [ 136.505294][ T6883] syzkaller0: entered allmulticast mode [ 136.510620][ T82] syzkaller0: tun_net_xmit 48 [ 136.869138][ T5495] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 137.061871][ T5495] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 137.066508][ T5495] usb 7-1: config 1 has no interface number 1 [ 137.070227][ T5495] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 137.076614][ T5495] usb 7-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 137.084960][ T5495] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 137.090365][ T5495] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.094345][ T5495] usb 7-1: Product: syz [ 137.096597][ T5495] usb 7-1: Manufacturer: syz [ 137.098878][ T5495] usb 7-1: SerialNumber: syz [ 137.515630][ T6874] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 137.520315][ T6874] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 137.537126][ T5495] usb 7-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 137.559865][ T5495] usb 7-1: USB disconnect, device number 13 [ 138.221138][ T1354] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.224006][ T1354] ieee802154 phy1 wpan1: encryption failed: -22 [ 139.008426][ T5495] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 139.149042][ T6925] netlink: 4 bytes leftover after parsing attributes in process `syz.0.604'. [ 139.209247][ T5495] usb 6-1: Using ep0 maxpacket: 8 [ 139.213458][ T5495] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 139.227632][ T5495] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 139.232998][ T5495] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 139.237582][ T5495] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 139.242489][ T5495] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 139.251271][ T5495] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 139.255481][ T5495] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.299567][ T6934] syzkaller0: entered promiscuous mode [ 139.301737][ T6934] syzkaller0: entered allmulticast mode [ 139.306793][ T63] syzkaller0: tun_net_xmit 48 [ 139.607791][ T6942] netlink: 4 bytes leftover after parsing attributes in process `syz.3.611'. [ 139.672513][ T5273] usb 6-1: USB disconnect, device number 10 [ 140.779634][ T6954] netlink: 4 bytes leftover after parsing attributes in process `syz.0.615'. [ 140.857057][ T5217] Bluetooth: hci0: unexpected event for opcode 0x040e [ 140.865866][ T5217] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 140.869523][ T5217] Bluetooth: Wrong link type (-22) [ 141.100390][ T5217] Bluetooth: hci0: unexpected Set CIG Parameters response data [ 141.103968][ T5217] Bluetooth: hci0: unexpected event for opcode 0x2062 [ 141.186362][ T6979] netlink: 4 bytes leftover after parsing attributes in process `syz.2.624'. [ 141.959680][ T5217] Bluetooth: hci0: unexpected event for opcode 0x040e [ 141.991163][ T5217] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 141.994110][ T5217] Bluetooth: Wrong link type (-22) [ 142.458190][ T6316] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 142.670190][ T6316] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 142.678159][ T6316] usb 6-1: config 1 has no interface number 1 [ 142.681216][ T6316] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 142.697278][ T6316] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 142.710013][ T6316] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 142.715138][ T6316] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.719459][ T6316] usb 6-1: Product: syz [ 142.721355][ T6316] usb 6-1: Manufacturer: syz [ 142.723701][ T6316] usb 6-1: SerialNumber: syz [ 143.178593][ T6990] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 143.182870][ T6990] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 143.193883][ T6316] usb 6-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 143.215831][ T6316] usb 6-1: USB disconnect, device number 11 [ 143.505190][ T7008] ubi0: attaching mtd0 [ 143.507971][ T7008] ubi0: scanning is finished [ 143.528762][ T7008] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 143.531983][ T7008] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 143.537396][ T7008] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 143.541182][ T7008] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 143.544619][ T7008] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 143.550658][ T7008] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 143.554132][ T7008] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3188649436 [ 143.558574][ T7008] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 143.578151][ T7009] ubi0: background thread "ubi_bgt0d" started, PID 7009 [ 144.089772][ T7024] netlink: 4 bytes leftover after parsing attributes in process `syz.0.637'. [ 144.166768][ T7028] ubi: mtd0 is already attached to ubi0 [ 144.273900][ T5273] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 144.378233][ T5495] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 144.474003][ T5273] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 144.480791][ T5273] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 144.490969][ T5273] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 144.495040][ T5273] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 144.505068][ T5273] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 144.509931][ T5273] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 144.513967][ T5273] usb 7-1: Manufacturer: syz [ 144.517735][ T5273] usb 7-1: config 0 descriptor?? [ 144.584343][ T5495] usb 6-1: Using ep0 maxpacket: 8 [ 144.599451][ T5495] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 144.605584][ T5495] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 144.624176][ T5495] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 144.630346][ T5495] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 144.634018][ T7044] netlink: 4 bytes leftover after parsing attributes in process `syz.0.652'. [ 144.634311][ T5495] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 144.649070][ T5495] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 144.652994][ T5495] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.748076][ C0] hrtimer: interrupt took 81050 ns [ 144.960741][ T5273] usbhid 7-1:0.0: can't add hid device: -71 [ 144.963647][ T5273] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 144.970776][ T5273] usb 7-1: USB disconnect, device number 14 [ 145.023713][ T7052] ubi0: detaching mtd0 [ 145.027287][ T7052] ubi0: mtd0 is detached [ 145.095449][ T5495] usb 6-1: USB disconnect, device number 12 [ 146.029082][ T7089] netlink: 4 bytes leftover after parsing attributes in process `syz.1.672'. [ 146.518533][ T57] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 146.710530][ T57] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 146.715875][ T57] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 146.728510][ T57] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 146.733035][ T57] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 146.751822][ T57] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 146.755853][ T57] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 146.760026][ T57] usb 6-1: Manufacturer: syz [ 146.764290][ T57] usb 6-1: config 0 descriptor?? [ 147.065534][ T7100] bond0: entered promiscuous mode [ 147.067479][ T7100] bond_slave_0: entered promiscuous mode [ 147.070316][ T7100] bond_slave_1: entered promiscuous mode [ 147.073079][ T7100] batadv0: entered promiscuous mode [ 147.209222][ C3] raw-gadget.0 gadget.1: ignoring, device is not running [ 147.212307][ T57] usbhid 6-1:0.0: can't add hid device: -32 [ 147.214746][ T57] usbhid 6-1:0.0: probe with driver usbhid failed with error -32 [ 147.220710][ T57] usb 6-1: USB disconnect, device number 13 [ 147.256360][ T7104] tipc: Failed to obtain node identity [ 147.259238][ T7104] tipc: Enabling of bearer rejected, failed to enable media [ 147.473105][ T7115] bond0: entered promiscuous mode [ 147.475459][ T7115] bond_slave_0: entered promiscuous mode [ 147.478302][ T7115] bond_slave_1: entered promiscuous mode [ 147.665323][ T7116] tipc: Failed to obtain node identity [ 147.667746][ T7116] tipc: Enabling of bearer rejected, failed to enable media [ 147.894628][ T7099] bond0: left promiscuous mode [ 147.896897][ T7099] bond_slave_0: left promiscuous mode [ 147.899998][ T7099] bond_slave_1: left promiscuous mode [ 147.902591][ T7099] batadv0: left promiscuous mode [ 148.321055][ T7114] bond0: left promiscuous mode [ 148.323011][ T7114] bond_slave_0: left promiscuous mode [ 148.328359][ T7114] bond_slave_1: left promiscuous mode [ 148.519851][ T7129] bond0: entered promiscuous mode [ 148.522240][ T7129] bond_slave_0: entered promiscuous mode [ 148.524872][ T7129] bond_slave_1: entered promiscuous mode [ 148.706189][ T7138] tipc: Failed to obtain node identity [ 148.708854][ T7138] tipc: Enabling of bearer rejected, failed to enable media [ 149.327413][ T7128] bond0: left promiscuous mode [ 149.338151][ T7128] bond_slave_0: left promiscuous mode [ 149.340799][ T7128] bond_slave_1: left promiscuous mode [ 149.747390][ T7161] bond0: entered promiscuous mode [ 149.750686][ T7161] bond_slave_0: entered promiscuous mode [ 149.753286][ T7161] bond_slave_1: entered promiscuous mode [ 149.798190][ T55] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 149.882691][ T7164] tipc: Failed to obtain node identity [ 149.885128][ T7164] tipc: Enabling of bearer rejected, failed to enable media [ 150.018242][ T55] usb 5-1: Using ep0 maxpacket: 8 [ 150.029554][ T55] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 150.034453][ T55] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 150.039781][ T55] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 150.044805][ T55] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 150.049237][ T55] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 150.055963][ T55] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 150.060279][ T55] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.273322][ T55] usb 5-1: usb_control_msg returned -32 [ 150.275928][ T55] usbtmc 5-1:16.0: can't read capabilities [ 150.282033][ T55] usb 5-1: USB disconnect, device number 6 [ 150.593964][ T7160] bond0: left promiscuous mode [ 150.596531][ T7160] bond_slave_0: left promiscuous mode [ 150.608342][ T7160] bond_slave_1: left promiscuous mode [ 151.072034][ T7187] ubi0: attaching mtd0 [ 151.083012][ T7187] ubi0: scanning is finished [ 151.110382][ T7190] bond0: entered promiscuous mode [ 151.113287][ T7190] bond_slave_0: entered promiscuous mode [ 151.120245][ T7190] bond_slave_1: entered promiscuous mode [ 151.123076][ T7190] batadv0: entered promiscuous mode [ 151.134376][ T7187] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 151.148364][ T7187] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 151.153470][ T7187] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 151.158835][ T7187] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 151.177769][ T7187] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 151.181872][ T7187] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 151.186424][ T7187] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3188649436 [ 151.191740][ T7187] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 151.196620][ T7191] ubi0: background thread "ubi_bgt0d" started, PID 7191 [ 151.257712][ T7192] tipc: Failed to obtain node identity [ 151.260616][ T7192] tipc: Enabling of bearer rejected, failed to enable media [ 151.931905][ T7189] bond0: left promiscuous mode [ 151.934155][ T7189] bond_slave_0: left promiscuous mode [ 151.941801][ T7189] bond_slave_1: left promiscuous mode [ 151.944434][ T7189] batadv0: left promiscuous mode [ 152.008284][ T56] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 152.094095][ T7213] ubi0: detaching mtd0 [ 152.101769][ T7213] ubi0: mtd0 is detached [ 152.218842][ T56] usb 6-1: Using ep0 maxpacket: 8 [ 152.222175][ T56] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 152.225122][ T56] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 152.228484][ T56] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 152.232055][ T56] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 152.236296][ T56] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 152.241034][ T56] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 152.244257][ T56] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.457820][ T56] usb 6-1: usb_control_msg returned -32 [ 152.465925][ T56] usbtmc 6-1:16.0: can't read capabilities [ 152.472850][ T56] usb 6-1: USB disconnect, device number 15 [ 152.934207][ T7226] bond0: entered promiscuous mode [ 152.937073][ T7226] bond_slave_0: entered promiscuous mode [ 152.940256][ T7226] bond_slave_1: entered promiscuous mode [ 152.952574][ T7227] futex_wake_op: syz.2.727 tries to shift op by -1; fix this program [ 153.126864][ T7236] tipc: Failed to obtain node identity [ 153.129898][ T7236] tipc: Enabling of bearer rejected, failed to enable media [ 153.135081][ T5217] Bluetooth: hci1: unexpected Set CIG Parameters response data [ 153.140254][ T5217] Bluetooth: hci1: unexpected event for opcode 0x2062 [ 153.765182][ T7224] bond0: left promiscuous mode [ 153.779497][ T7224] bond_slave_0: left promiscuous mode [ 153.781997][ T7224] bond_slave_1: left promiscuous mode [ 153.840281][ T5211] Bluetooth: hci0: unexpected event for opcode 0x040e [ 153.905210][ T5211] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 153.908295][ T5211] Bluetooth: Wrong link type (-22) [ 154.041398][ T5217] block nbd0: Receive control failed (result -32) [ 154.043023][ T7249] block nbd0: shutting down sockets [ 154.497776][ T7283] bond0: entered promiscuous mode [ 154.503887][ T7283] bond_slave_0: entered promiscuous mode [ 154.507100][ T7283] bond_slave_1: entered promiscuous mode [ 154.510873][ T7284] netlink: 'syz.1.747': attribute type 9 has an invalid length. [ 154.515556][ T7283] batadv0: entered promiscuous mode [ 154.519380][ T7284] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.747'. [ 154.565013][ T7284] netlink: 'syz.1.747': attribute type 9 has an invalid length. [ 154.567918][ T7284] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.747'. [ 154.652297][ T7285] tipc: Failed to obtain node identity [ 154.657918][ T7285] tipc: Enabling of bearer rejected, failed to enable media [ 155.341193][ T7281] bond0: left promiscuous mode [ 155.343389][ T7281] bond_slave_0: left promiscuous mode [ 155.345950][ T7281] bond_slave_1: left promiscuous mode [ 155.361305][ T7281] batadv0: left promiscuous mode [ 155.369152][ T7298] sit0: mtu greater than device maximum [ 155.474131][ T5217] Bluetooth: hci1: unexpected Set CIG Parameters response data [ 155.477464][ T5217] Bluetooth: hci1: unexpected event for opcode 0x2062 [ 155.628408][ T55] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 155.812659][ T55] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 155.816988][ T55] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 155.821495][ T55] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 155.825482][ T55] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 155.834610][ T55] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 155.838340][ T55] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 155.841904][ T55] usb 8-1: Manufacturer: syz [ 155.846497][ T55] usb 8-1: config 0 descriptor?? [ 156.264293][ T55] usbhid 8-1:0.0: can't add hid device: -32 [ 156.270448][ T55] usbhid 8-1:0.0: probe with driver usbhid failed with error -32 [ 156.282105][ T55] usb 8-1: USB disconnect, device number 9 [ 156.357083][ T7314] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 156.418469][ T7314] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 156.436962][ T39] audit: type=1804 audit(1719461257.916:673): pid=7314 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.759" name="/syzkaller.2UWMgL/198/cgroup.controllers" dev="sda1" ino=1961 res=1 errno=0 [ 156.547198][ T7317] netlink: 'syz.2.760': attribute type 9 has an invalid length. [ 156.550987][ T7317] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.760'. [ 156.580529][ T7317] netlink: 'syz.2.760': attribute type 9 has an invalid length. [ 156.583962][ T7317] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.760'. [ 157.007861][ T7332] netlink: 4 bytes leftover after parsing attributes in process `syz.0.766'. [ 157.134388][ T7336] netlink: 208 bytes leftover after parsing attributes in process `syz.0.768'. [ 157.179192][ T5217] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 157.183058][ T5217] Bluetooth: hci1: Injecting HCI hardware error event [ 157.187502][ T5217] Bluetooth: hci1: hardware error 0x00 [ 157.286041][ T5211] Bluetooth: hci1: unexpected Set CIG Parameters response data [ 157.289287][ T5211] Bluetooth: hci1: unexpected event for opcode 0x2062 [ 157.468198][ T5273] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 157.669561][ T5273] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 157.674468][ T5273] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 157.679225][ T5273] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 157.683111][ T5273] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 157.685556][ T7351] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 157.690512][ T5273] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 157.696272][ T5273] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 157.701513][ T5273] usb 5-1: Manufacturer: syz [ 157.706109][ T5273] usb 5-1: config 0 descriptor?? [ 157.748566][ T7352] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 157.767492][ T39] audit: type=1804 audit(1719461259.246:674): pid=7351 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.774" name="/syzkaller.XOcsxO/191/cgroup.controllers" dev="sda1" ino=1960 res=1 errno=0 [ 158.119306][ T5273] usbhid 5-1:0.0: can't add hid device: -32 [ 158.122097][ T5273] usbhid 5-1:0.0: probe with driver usbhid failed with error -32 [ 158.127241][ T5273] usb 5-1: USB disconnect, device number 7 [ 158.375216][ T7356] syzkaller0: entered promiscuous mode [ 158.377886][ T7356] syzkaller0: entered allmulticast mode [ 158.384868][ T82] syzkaller0: tun_net_xmit 48 [ 159.085609][ T7386] netlink: 'syz.1.788': attribute type 9 has an invalid length. [ 159.089050][ T7386] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.788'. [ 159.261900][ T5217] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 159.675848][ T5217] Bluetooth: hci0: unexpected event for opcode 0x040e [ 159.794945][ T5217] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 159.797569][ T5217] Bluetooth: Wrong link type (-22) [ 159.901189][ T7387] netlink: 'syz.1.788': attribute type 9 has an invalid length. [ 159.904715][ T7387] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.788'. [ 160.052581][ T7424] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 160.053238][ T7426] bond0: entered promiscuous mode [ 160.059555][ T7426] bond_slave_0: entered promiscuous mode [ 160.061828][ T7426] bond_slave_1: entered promiscuous mode [ 160.112769][ T7424] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 160.243377][ T7428] tipc: Failed to obtain node identity [ 160.245912][ T7428] tipc: Enabling of bearer rejected, failed to enable media [ 160.763911][ T7437] syzkaller0: entered promiscuous mode [ 160.766383][ T7437] syzkaller0: entered allmulticast mode [ 160.775284][ T1146] syzkaller0: tun_net_xmit 48 [ 162.103251][ T7425] bond0: left promiscuous mode [ 162.105505][ T7425] bond_slave_0: left promiscuous mode [ 162.108144][ T7425] bond_slave_1: left promiscuous mode [ 162.277477][ T7451] netlink: 'syz.3.812': attribute type 9 has an invalid length. [ 162.280917][ T7451] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.812'. [ 162.325478][ T7451] netlink: 'syz.3.812': attribute type 9 has an invalid length. [ 162.328400][ T7451] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.812'. [ 162.406409][ T7464] netlink: 4 bytes leftover after parsing attributes in process `syz.0.817'. [ 162.496677][ T7468] bond0: entered promiscuous mode [ 162.503895][ T7468] bond_slave_0: entered promiscuous mode [ 162.506890][ T7468] bond_slave_1: entered promiscuous mode [ 162.510286][ T7468] batadv0: entered promiscuous mode [ 162.527144][ T7470] bond0: entered promiscuous mode [ 162.530496][ T7470] bond_slave_0: entered promiscuous mode [ 162.533039][ T7470] bond_slave_1: entered promiscuous mode [ 162.715915][ T7472] tipc: Failed to obtain node identity [ 162.719025][ T7472] tipc: Enabling of bearer rejected, failed to enable media [ 163.325034][ T7467] bond0: left promiscuous mode [ 163.326966][ T7467] bond_slave_0: left promiscuous mode [ 163.328331][ T7486] netlink: 4 bytes leftover after parsing attributes in process `syz.2.827'. [ 163.339155][ T7467] bond_slave_1: left promiscuous mode [ 163.341894][ T7467] batadv0: left promiscuous mode [ 163.356303][ T7469] bond0: left promiscuous mode [ 163.368164][ T7469] bond_slave_0: left promiscuous mode [ 163.370870][ T7469] bond_slave_1: left promiscuous mode [ 163.482504][ T7490] sch_tbf: burst 0 is lower than device team0 mtu (1514) ! [ 163.584159][ C3] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies. [ 163.604932][ T7509] bond0: entered promiscuous mode [ 163.606995][ T7509] bond_slave_0: entered promiscuous mode [ 163.609784][ T7509] bond_slave_1: entered promiscuous mode [ 163.635280][ T7512] bond0: entered promiscuous mode [ 163.637687][ T7512] bond_slave_0: entered promiscuous mode [ 163.640795][ T7512] bond_slave_1: entered promiscuous mode [ 163.783872][ T7513] tipc: Failed to obtain node identity [ 163.786033][ T7513] tipc: Enabling of bearer rejected, failed to enable media [ 163.823752][ T7514] tipc: Failed to obtain node identity [ 163.826291][ T7514] tipc: Enabling of bearer rejected, failed to enable media [ 164.437045][ T7508] bond0: left promiscuous mode [ 164.448174][ T7508] bond_slave_0: left promiscuous mode [ 164.451690][ T7508] bond_slave_1: left promiscuous mode [ 164.488167][ T7511] bond0: left promiscuous mode [ 164.491026][ T7511] bond_slave_0: left promiscuous mode [ 164.493999][ T7511] bond_slave_1: left promiscuous mode [ 164.603270][ T7522] sch_tbf: burst 0 is lower than device team0 mtu (1514) ! [ 164.613325][ T7528] netlink: 4 bytes leftover after parsing attributes in process `syz.1.839'. [ 164.686285][ T39] audit: type=1326 audit(1719461266.166:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7535 comm="syz.1.848" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7451579 code=0x7ffc0000 [ 164.699883][ T39] audit: type=1326 audit(1719461266.166:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7535 comm="syz.1.848" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7451579 code=0x7ffc0000 [ 164.709991][ T39] audit: type=1326 audit(1719461266.176:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7535 comm="syz.1.848" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7451579 code=0x7ffc0000 [ 164.717972][ T39] audit: type=1326 audit(1719461266.176:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7535 comm="syz.1.848" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7451579 code=0x7ffc0000 [ 164.719962][ T7542] bond0: entered promiscuous mode [ 164.726408][ T39] audit: type=1326 audit(1719461266.176:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7535 comm="syz.1.848" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7451579 code=0x7ffc0000 [ 164.731132][ T7542] bond_slave_0: entered promiscuous mode [ 164.741746][ T7542] bond_slave_1: entered promiscuous mode [ 164.741920][ T39] audit: type=1326 audit(1719461266.176:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7535 comm="syz.1.848" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7451579 code=0x7ffc0000 [ 164.744442][ T7542] batadv0: entered promiscuous mode [ 164.754399][ T39] audit: type=1326 audit(1719461266.186:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7535 comm="syz.1.848" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7451579 code=0x7ffc0000 [ 164.768764][ T39] audit: type=1326 audit(1719461266.186:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7535 comm="syz.1.848" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7451579 code=0x7ffc0000 [ 164.779788][ T39] audit: type=1326 audit(1719461266.186:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7535 comm="syz.1.848" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf74515a7 code=0x7ffc0000 [ 164.790552][ T7544] bond0: entered promiscuous mode [ 164.791178][ T39] audit: type=1326 audit(1719461266.186:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7535 comm="syz.1.848" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7451579 code=0x7ffc0000 [ 164.792831][ T7544] bond_slave_0: entered promiscuous mode [ 164.793113][ T7544] bond_slave_1: entered promiscuous mode [ 164.858010][ T7538] kernel profiling enabled (shift: 9) [ 164.981430][ T7547] tipc: Failed to obtain node identity [ 164.983662][ T7547] tipc: Enabling of bearer rejected, failed to enable media [ 165.550336][ T7541] bond0: left promiscuous mode [ 165.553035][ T7541] bond_slave_0: left promiscuous mode [ 165.555387][ T7541] bond_slave_1: left promiscuous mode [ 165.557742][ T7541] batadv0: left promiscuous mode [ 165.631008][ T7549] syzkaller0: entered promiscuous mode [ 165.633449][ T7549] syzkaller0: entered allmulticast mode [ 165.638972][ T7543] bond0: left promiscuous mode [ 165.641140][ T7543] bond_slave_0: left promiscuous mode [ 165.643698][ T7543] bond_slave_1: left promiscuous mode [ 165.703940][ T1146] syzkaller0: tun_net_xmit 48 [ 165.746438][ T7566] netlink: 'syz.3.860': attribute type 9 has an invalid length. [ 165.750700][ T7566] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.860'. [ 165.844062][ T7578] netlink: 4 bytes leftover after parsing attributes in process `syz.0.863'. [ 166.786259][ T7577] bond0: entered promiscuous mode [ 166.788613][ T7577] bond_slave_0: entered promiscuous mode [ 166.790795][ T7577] bond_slave_1: entered promiscuous mode [ 166.793084][ T7577] bond0: left promiscuous mode [ 166.795169][ T7577] bond_slave_0: left promiscuous mode [ 166.797795][ T7577] bond_slave_1: left promiscuous mode [ 166.825302][ T7575] netlink: 'syz.3.860': attribute type 9 has an invalid length. [ 166.829113][ T7575] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.860'. [ 167.091775][ T7610] netlink: 'syz.1.877': attribute type 9 has an invalid length. [ 167.095054][ T7610] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.877'. [ 167.130844][ T7610] netlink: 'syz.1.877': attribute type 9 has an invalid length. [ 167.135056][ T7610] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.877'. [ 167.137538][ T6316] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 167.331173][ T6316] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 167.335856][ T6316] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 167.340827][ T6316] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 167.344490][ T6316] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 167.351076][ T6316] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 167.354724][ T6316] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 167.358377][ T6316] usb 7-1: Manufacturer: syz [ 167.362659][ T6316] usb 7-1: config 0 descriptor?? [ 167.518241][ T5495] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 167.699677][ T5495] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 167.703087][ T5495] usb 5-1: config 1 has no interface number 1 [ 167.705627][ T5495] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 167.712142][ T5495] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 167.718533][ T5495] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 167.722314][ T5495] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.725279][ T5495] usb 5-1: Product: syz [ 167.727300][ T5495] usb 5-1: Manufacturer: syz [ 167.729511][ T5495] usb 5-1: SerialNumber: syz [ 167.777219][ T6316] usbhid 7-1:0.0: can't add hid device: -32 [ 167.780334][ T6316] usbhid 7-1:0.0: probe with driver usbhid failed with error -32 [ 167.785489][ T6316] usb 7-1: USB disconnect, device number 16 [ 168.156874][ T7608] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 168.160317][ T7608] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 168.169053][ T5495] usb 5-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 168.182967][ T5495] usb 5-1: USB disconnect, device number 8 [ 168.490176][ T7640] netlink: 'syz.2.893': attribute type 9 has an invalid length. [ 168.493504][ T7640] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.893'. [ 168.526585][ T7640] netlink: 'syz.2.893': attribute type 9 has an invalid length. [ 168.530825][ T7640] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.893'. [ 169.059988][ T7665] netlink: 'syz.2.902': attribute type 9 has an invalid length. [ 169.063844][ T7665] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.902'. [ 169.095011][ T7665] netlink: 'syz.2.902': attribute type 9 has an invalid length. [ 169.098247][ T5279] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 169.098869][ T7665] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.902'. [ 169.260658][ T7668] bond0: entered promiscuous mode [ 169.263017][ T7668] bond_slave_0: entered promiscuous mode [ 169.265825][ T7668] bond_slave_1: entered promiscuous mode [ 169.281542][ T5279] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 169.287617][ T5279] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 169.292533][ T5279] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 169.296882][ T5279] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 169.304350][ T5279] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 169.309954][ T5279] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 169.313923][ T5279] usb 5-1: Manufacturer: syz [ 169.318514][ T5279] usb 5-1: config 0 descriptor?? [ 169.398379][ T7669] tipc: Failed to obtain node identity [ 169.400470][ T7669] tipc: Enabling of bearer rejected, failed to enable media [ 169.730853][ T5279] usbhid 5-1:0.0: can't add hid device: -32 [ 169.733128][ T5279] usbhid 5-1:0.0: probe with driver usbhid failed with error -32 [ 169.737804][ T5279] usb 5-1: USB disconnect, device number 9 [ 170.091619][ T7667] bond0: left promiscuous mode [ 170.093742][ T7667] bond_slave_0: left promiscuous mode [ 170.096192][ T7667] bond_slave_1: left promiscuous mode [ 170.460855][ T7688] netlink: 'syz.0.911': attribute type 9 has an invalid length. [ 170.464264][ T7688] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.911'. [ 170.486570][ T7688] netlink: 'syz.0.911': attribute type 9 has an invalid length. [ 170.630926][ T7696] bond0: entered promiscuous mode [ 170.632936][ T7696] bond_slave_0: entered promiscuous mode [ 170.635183][ T7696] bond_slave_1: entered promiscuous mode [ 170.637217][ T7696] batadv0: entered promiscuous mode [ 170.756329][ T7697] tipc: Failed to obtain node identity [ 170.758788][ T7697] tipc: Enabling of bearer rejected, failed to enable media [ 171.462789][ T7695] bond0: left promiscuous mode [ 171.464969][ T7695] bond_slave_0: left promiscuous mode [ 171.478269][ T7695] bond_slave_1: left promiscuous mode [ 171.480651][ T7695] batadv0: left promiscuous mode [ 171.525577][ T7701] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 171.583077][ T7701] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 171.599544][ T39] kauditd_printk_skb: 24 callbacks suppressed [ 171.599555][ T39] audit: type=1804 audit(1719461273.086:709): pid=7701 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.916" name="/syzkaller.2UWMgL/233/cgroup.controllers" dev="sda1" ino=1960 res=1 errno=0 [ 171.799105][ T815] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 172.001807][ T815] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 172.007415][ T815] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 172.017114][ T815] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 172.021905][ T815] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 172.029899][ T815] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 172.035416][ T815] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 172.043337][ T815] usb 6-1: Manufacturer: syz [ 172.047650][ T815] usb 6-1: config 0 descriptor?? [ 172.456132][ T7716] bond0: entered promiscuous mode [ 172.460842][ T7716] bond_slave_0: entered promiscuous mode [ 172.464302][ T7716] bond_slave_1: entered promiscuous mode [ 172.472873][ T815] usbhid 6-1:0.0: can't add hid device: -32 [ 172.473561][ T7716] batadv0: entered promiscuous mode [ 172.476475][ T815] usbhid 6-1:0.0: probe with driver usbhid failed with error -32 [ 172.484438][ T815] usb 6-1: USB disconnect, device number 16 [ 172.656920][ T7721] tipc: Failed to obtain node identity [ 172.659494][ T7721] tipc: Enabling of bearer rejected, failed to enable media [ 173.299165][ T7715] bond0: left promiscuous mode [ 173.301445][ T7715] bond_slave_0: left promiscuous mode [ 173.303999][ T7715] bond_slave_1: left promiscuous mode [ 173.306750][ T7715] batadv0: left promiscuous mode [ 173.441020][ T7729] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 173.499553][ T7729] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 173.515843][ T39] audit: type=1804 audit(1719461274.996:710): pid=7729 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.928" name="/syzkaller.2UWMgL/238/cgroup.controllers" dev="sda1" ino=1959 res=1 errno=0 [ 174.349692][ T5217] Bluetooth: hci0: unexpected event for opcode 0x040e [ 174.390784][ T5217] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 174.393335][ T5217] Bluetooth: Wrong link type (-22) [ 174.395234][ T5217] Bluetooth: hci0: link tx timeout [ 174.397113][ T5217] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 174.758798][ T7751] tipc: Failed to obtain node identity [ 174.761355][ T7751] tipc: Enabling of bearer rejected, failed to enable media [ 174.955437][ T7756] bond0: entered promiscuous mode [ 174.958847][ T7756] bond_slave_0: entered promiscuous mode [ 174.961818][ T7756] bond_slave_1: entered promiscuous mode [ 175.137232][ T7757] tipc: Failed to obtain node identity [ 175.139985][ T7757] tipc: Enabling of bearer rejected, failed to enable media [ 175.680998][ C2] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies. [ 175.688819][ T7769] IPVS: set_ctl: invalid protocol: 0 224.0.0.2:0 [ 175.770383][ T5217] Bluetooth: hci0: unexpected event for opcode 0x040e [ 175.790900][ T7755] bond0: left promiscuous mode [ 175.793676][ T7755] bond_slave_0: left promiscuous mode [ 175.800297][ T7755] bond_slave_1: left promiscuous mode [ 176.429139][ T7786] netlink: 'syz.1.952': attribute type 9 has an invalid length. [ 176.433289][ T7786] __nla_validate_parse: 1 callbacks suppressed [ 176.433306][ T7786] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.952'. [ 176.456113][ T7788] syzkaller0: entered promiscuous mode [ 176.459572][ T7788] syzkaller0: entered allmulticast mode [ 176.478043][ T63] syzkaller0: tun_net_xmit 48 [ 177.846328][ T5211] Bluetooth: hci0: unexpected event 0x04 length: 14 > 10 [ 178.538341][ T7818] ubi0: attaching mtd0 [ 178.544501][ T7818] ubi0: scanning is finished [ 178.589794][ T7818] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 178.593288][ T7818] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 178.596794][ T7818] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 178.600011][ T7818] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 178.603478][ T7818] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 178.606687][ T7818] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 178.612854][ T7818] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3188649436 [ 178.617300][ T7818] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 178.624905][ T7822] ubi0: background thread "ubi_bgt0d" started, PID 7822 [ 178.747000][ T7824] tipc: Failed to obtain node identity [ 178.758185][ T7824] tipc: Enabling of bearer rejected, failed to enable media [ 178.790395][ T5211] Bluetooth: hci0: unexpected event for opcode 0x040e [ 179.606900][ T7841] netlink: 4 bytes leftover after parsing attributes in process `syz.2.971'. [ 179.866095][ T7850] ubi: mtd0 is already attached to ubi0 [ 181.000867][ T7869] ubi0: detaching mtd0 [ 181.004967][ T7869] ubi0: mtd0 is detached [ 181.058283][ T815] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 181.260482][ T815] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 181.265695][ T815] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 181.269912][ T815] usb 8-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 181.273934][ T815] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.279860][ T815] usb 8-1: config 0 descriptor?? [ 181.700271][ T7865] infiniband syz1: set active [ 181.916257][ T5495] lo speed is unknown, defaulting to 1000 [ 181.934981][ T815] usbhid 8-1:0.0: can't add hid device: -71 [ 181.962467][ T815] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 181.967734][ T815] usb 8-1: USB disconnect, device number 11 [ 182.216806][ T7882] netlink: 4 bytes leftover after parsing attributes in process `syz.0.989'. [ 182.360658][ T7886] pim6reg1: entered promiscuous mode [ 182.363597][ T7886] pim6reg1: entered allmulticast mode [ 182.628097][ C3] ================================================================== [ 182.631207][ C3] BUG: KASAN: stack-out-of-bounds in profile_pc+0x186/0x1a0 [ 182.634064][ C3] Read of size 8 at addr ffffc90003ecfb90 by task syz-executor/5209 [ 182.637475][ C3] [ 182.638886][ C3] CPU: 3 PID: 5209 Comm: syz-executor Not tainted 6.10.0-rc5-syzkaller-00035-gafcd48134c58 #0 [ 182.645307][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 182.649942][ C3] Call Trace: [ 182.651451][ C3] [ 182.652703][ C3] dump_stack_lvl+0x116/0x1f0 [ 182.654807][ C3] print_report+0xc3/0x620 [ 182.656853][ C3] ? __virt_addr_valid+0x5e/0x580 [ 182.659149][ C3] kasan_report+0xd9/0x110 [ 182.661100][ C3] ? profile_pc+0x186/0x1a0 [ 182.662999][ C3] ? profile_pc+0x186/0x1a0 [ 182.664995][ C3] ? queued_read_lock_slowpath+0x135/0x2b1 [ 182.667776][ C3] profile_pc+0x186/0x1a0 [ 182.669733][ C3] profile_tick+0xd3/0x140 [ 182.671577][ C3] tick_nohz_handler+0x380/0x530 [ 182.673468][ C3] ? __pfx_tick_nohz_handler+0x10/0x10 [ 182.675404][ C3] __hrtimer_run_queues+0x657/0xcc0 [ 182.677486][ C3] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 182.679903][ C3] ? ktime_get_update_offsets_now+0x201/0x310 [ 182.682633][ C3] hrtimer_interrupt+0x31b/0x800 [ 182.684746][ C3] __sysvec_apic_timer_interrupt+0x10f/0x450 [ 182.687180][ C3] sysvec_apic_timer_interrupt+0x90/0xb0 [ 182.689525][ C3] [ 182.690806][ C3] [ 182.692005][ C3] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 182.694516][ C3] RIP: 0010:queued_read_lock_slowpath+0x135/0x2b1 [ 182.697485][ C3] Code: 00 8b 03 84 c0 74 36 48 b8 00 00 00 00 00 fc ff df 49 89 de 48 89 dd 49 c1 ee 03 83 e5 07 49 01 c6 83 c5 03 f3 90 41 0f b6 06 <40> 38 c5 7c 08 84 c0 0f 85 1f 01 00 00 8b 03 84 c0 75 e7 48 c7 c0 [ 182.707305][ C3] RSP: 0018:ffffc90003ecfb88 EFLAGS: 00000286 [ 182.710203][ C3] RAX: 0000000000000000 RBX: ffffffff8d80a080 RCX: ffffffff8adfd30b [ 182.714019][ C3] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8d80a080 [ 182.717605][ C3] RBP: 0000000000000003 R08: 0000000000000001 R09: fffffbfff1b01410 [ 182.721532][ C3] R10: ffffffff8d80a083 R11: 0000000000000000 R12: 1ffff920007d9f72 [ 182.724952][ C3] R13: ffffffff8d80a084 R14: fffffbfff1b01410 R15: ffffffff8152a979 [ 182.728283][ C3] ? do_wait+0x1e9/0x570 [ 182.730118][ C3] ? queued_read_lock_slowpath+0xdb/0x2b1 [ 182.732571][ C3] ? queued_read_lock_slowpath+0xdb/0x2b1 [ 182.735080][ C3] ? __pfx_queued_read_lock_slowpath+0x10/0x10 [ 182.737630][ C3] __do_wait+0x105/0x890 [ 182.739237][ C3] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 182.741466][ C3] ? do_wait+0x1e9/0x570 [ 182.743285][ C3] do_wait+0x219/0x570 [ 182.745084][ C3] kernel_wait4+0x16c/0x280 [ 182.747165][ C3] ? __pfx_kernel_wait4+0x10/0x10 [ 182.749887][ C3] ? __pfx_child_wait_callback+0x10/0x10 [ 182.752741][ C3] ? fpu__restore_sig+0x140/0x180 [ 182.755108][ C3] __do_compat_sys_wait4+0x159/0x170 [ 182.757330][ C3] ? __pfx_lock_release+0x10/0x10 [ 182.759467][ C3] ? __pfx___do_compat_sys_wait4+0x10/0x10 [ 182.762025][ C3] ? __do_compat_sys_sigreturn+0x196/0x1f0 [ 182.764529][ C3] ? __pfx___do_compat_sys_sigreturn+0x10/0x10 [ 182.767104][ C3] __do_fast_syscall_32+0x73/0x120 [ 182.769345][ C3] do_fast_syscall_32+0x32/0x80 [ 182.771439][ C3] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 182.774446][ C3] RIP: 0023:0xf73eb579 [ 182.776328][ C3] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 182.784216][ C3] RSP: 002b:00000000ffc52010 EFLAGS: 00000246 ORIG_RAX: 0000000000000072 [ 182.787234][ C3] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00000000ffc52130 [ 182.790293][ C3] RDX: 0000000040000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 182.793600][ C3] RBP: 00000000ffc52130 R08: 0000000000000000 R09: 0000000000000000 [ 182.797225][ C3] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 182.800491][ C3] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 182.803845][ C3] [ 182.805142][ C3] [ 182.806504][ C3] The buggy address belongs to stack of task syz-executor/5209 [ 182.810171][ C3] and is located at offset 0 in frame: [ 182.813123][ C3] queued_read_lock_slowpath+0x0/0x2b1 [ 182.815776][ C3] [ 182.816826][ C3] This frame has 1 object: [ 182.819113][ C3] [32, 36) 'val' [ 182.819124][ C3] [ 182.821688][ C3] The buggy address belongs to the virtual mapping at [ 182.821688][ C3] [ffffc90003ec8000, ffffc90003ed1000) created by: [ 182.821688][ C3] kernel_clone+0xfd/0x980 [ 182.828649][ C3] [ 182.829709][ C3] The buggy address belongs to the physical page: [ 182.832357][ C3] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29f4d [ 182.836381][ C3] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 182.839731][ C3] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 182.843403][ C3] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 182.846985][ C3] page dumped because: kasan: bad access detected [ 182.849586][ C3] page_owner tracks the page as allocated [ 182.852083][ C3] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 4922, tgid 4922 (dhcpcd), ts 48026638457, free_ts 47718541618 [ 182.860133][ C3] post_alloc_hook+0x2d1/0x350 [ 182.862012][ C3] get_page_from_freelist+0x1353/0x2e50 [ 182.865008][ C3] __alloc_pages_noprof+0x22b/0x2460 [ 182.867955][ C3] alloc_pages_mpol_noprof+0x275/0x610 [ 182.870172][ C3] __vmalloc_node_range_noprof+0xa6a/0x1520 [ 182.872691][ C3] copy_process+0x29f5/0x6f50 [ 182.874811][ C3] kernel_clone+0xfd/0x980 [ 182.877151][ C3] __do_sys_clone+0xba/0x100 [ 182.879679][ C3] do_syscall_64+0xcd/0x250 [ 182.881969][ C3] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.884201][ C3] page last free pid 0 tgid 0 stack trace: [ 182.886160][ C3] free_unref_page+0x64a/0xe40 [ 182.888161][ C3] __folio_put+0x239/0x360 [ 182.889900][ C3] free_page_and_swap_cache+0x249/0x2c0 [ 182.892696][ C3] tlb_remove_table_rcu+0x89/0xe0 [ 182.895132][ C3] rcu_core+0x828/0x16b0 [ 182.896906][ C3] handle_softirqs+0x216/0x8f0 [ 182.898942][ C3] irq_exit_rcu+0xbb/0x120 [ 182.900855][ C3] sysvec_apic_timer_interrupt+0x95/0xb0 [ 182.903419][ C3] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 182.906227][ C3] [ 182.907390][ C3] Memory state around the buggy address: [ 182.910026][ C3] ffffc90003ecfa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 182.913411][ C3] ffffc90003ecfb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 182.916750][ C3] >ffffc90003ecfb80: 00 00 f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00 00 00 [ 182.920070][ C3] ^ [ 182.922410][ C3] ffffc90003ecfc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 182.926121][ C3] ffffc90003ecfc80: 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 [ 182.929624][ C3] ================================================================== [ 182.932979][ C3] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 182.936166][ C3] CPU: 3 PID: 5209 Comm: syz-executor Not tainted 6.10.0-rc5-syzkaller-00035-gafcd48134c58 #0 [ 182.940697][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 182.945176][ C3] Call Trace: [ 182.946633][ C3] [ 182.947907][ C3] dump_stack_lvl+0x3d/0x1f0 [ 182.950106][ C3] panic+0x6f5/0x7a0 [ 182.951948][ C3] ? __pfx_panic+0x10/0x10 [ 182.953992][ C3] ? rcu_is_watching+0x12/0xc0 [ 182.956028][ C3] ? __pfx_lock_release+0x10/0x10 [ 182.958099][ C3] ? check_panic_on_warn+0x1f/0xb0 [ 182.960247][ C3] check_panic_on_warn+0xab/0xb0 [ 182.962376][ C3] end_report+0x117/0x180 [ 182.964453][ C3] kasan_report+0xe9/0x110 [ 182.966776][ C3] ? profile_pc+0x186/0x1a0 [ 182.968912][ C3] ? profile_pc+0x186/0x1a0 [ 182.970871][ C3] ? queued_read_lock_slowpath+0x135/0x2b1 [ 182.973388][ C3] profile_pc+0x186/0x1a0 [ 182.975195][ C3] profile_tick+0xd3/0x140 [ 182.977163][ C3] tick_nohz_handler+0x380/0x530 [ 182.979361][ C3] ? __pfx_tick_nohz_handler+0x10/0x10 [ 182.981725][ C3] __hrtimer_run_queues+0x657/0xcc0 [ 182.984016][ C3] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 182.986762][ C3] ? ktime_get_update_offsets_now+0x201/0x310 [ 182.989625][ C3] hrtimer_interrupt+0x31b/0x800 [ 182.991760][ C3] __sysvec_apic_timer_interrupt+0x10f/0x450 [ 182.994339][ C3] sysvec_apic_timer_interrupt+0x90/0xb0 [ 182.996410][ C3] [ 182.997545][ C3] [ 182.998690][ C3] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 183.000990][ C3] RIP: 0010:queued_read_lock_slowpath+0x135/0x2b1 [ 183.003820][ C3] Code: 00 8b 03 84 c0 74 36 48 b8 00 00 00 00 00 fc ff df 49 89 de 48 89 dd 49 c1 ee 03 83 e5 07 49 01 c6 83 c5 03 f3 90 41 0f b6 06 <40> 38 c5 7c 08 84 c0 0f 85 1f 01 00 00 8b 03 84 c0 75 e7 48 c7 c0 [ 183.011967][ C3] RSP: 0018:ffffc90003ecfb88 EFLAGS: 00000286 [ 183.014658][ C3] RAX: 0000000000000000 RBX: ffffffff8d80a080 RCX: ffffffff8adfd30b [ 183.018313][ C3] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8d80a080 [ 183.021749][ C3] RBP: 0000000000000003 R08: 0000000000000001 R09: fffffbfff1b01410 [ 183.025219][ C3] R10: ffffffff8d80a083 R11: 0000000000000000 R12: 1ffff920007d9f72 [ 183.028703][ C3] R13: ffffffff8d80a084 R14: fffffbfff1b01410 R15: ffffffff8152a979 [ 183.032051][ C3] ? do_wait+0x1e9/0x570 [ 183.033851][ C3] ? queued_read_lock_slowpath+0xdb/0x2b1 [ 183.036271][ C3] ? queued_read_lock_slowpath+0xdb/0x2b1 [ 183.038758][ C3] ? __pfx_queued_read_lock_slowpath+0x10/0x10 [ 183.041474][ C3] __do_wait+0x105/0x890 [ 183.043280][ C3] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 183.045696][ C3] ? do_wait+0x1e9/0x570 [ 183.047672][ C3] do_wait+0x219/0x570 [ 183.049558][ C3] kernel_wait4+0x16c/0x280 [ 183.051583][ C3] ? __pfx_kernel_wait4+0x10/0x10 [ 183.053741][ C3] ? __pfx_child_wait_callback+0x10/0x10 [ 183.056117][ C3] ? fpu__restore_sig+0x140/0x180 [ 183.058339][ C3] __do_compat_sys_wait4+0x159/0x170 [ 183.060667][ C3] ? __pfx_lock_release+0x10/0x10 [ 183.062927][ C3] ? __pfx___do_compat_sys_wait4+0x10/0x10 [ 183.065375][ C3] ? __do_compat_sys_sigreturn+0x196/0x1f0 [ 183.067554][ C3] ? __pfx___do_compat_sys_sigreturn+0x10/0x10 [ 183.069860][ C3] __do_fast_syscall_32+0x73/0x120 [ 183.071861][ C3] do_fast_syscall_32+0x32/0x80 [ 183.074056][ C3] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 183.076830][ C3] RIP: 0023:0xf73eb579 [ 183.078610][ C3] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 183.087036][ C3] RSP: 002b:00000000ffc52010 EFLAGS: 00000246 ORIG_RAX: 0000000000000072 [ 183.090713][ C3] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00000000ffc52130 [ 183.094553][ C3] RDX: 0000000040000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 183.098024][ C3] RBP: 00000000ffc52130 R08: 0000000000000000 R09: 0000000000000000 [ 183.101461][ C3] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 183.104843][ C3] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 183.107896][ C3] [ 184.203730][ C3] Shutting down cpus with NMI [ 184.206279][ C3] Kernel Offset: disabled [ 184.208072][ C3] Rebooting in 86400 seconds.. VM DIAGNOSIS: 04:08:04 Registers: info registers vcpu 0 CPU#0 RAX=000000000030b5b1 RBX=0000000000000000 RCX=ffffffff8adc0c99 RDX=0000000000000000 RSI=ffffffff8b2cb9e0 RDI=ffffffff8b8fb8e0 RBP=fffffbfff1b12af8 RSP=ffffffff8d807e20 R8 =0000000000000001 R9 =ffffed1005806fdd R10=ffff88802c037eeb R11=0000000000000000 R12=0000000000000000 R13=ffffffff8d8957c0 R14=ffffffff8fe2a4d0 R15=0000000000000000 RIP=ffffffff8adc208f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000031818ff8 CR3=000000005718e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000040000 RBX=ffffc90003a278d8 RCX=ffffc9000c492000 RDX=0000000000040000 RSI=000000000000025f RDI=000000000000025a RBP=000000000000025a RSP=ffffc90003a27730 R8 =0000000000000006 R9 =000000000000001a R10=000000000000001a R11=0000000000000004 R12=000000000000001a R13=000000000000025f R14=ffff88805a737440 R15=dffffc0000000000 RIP=ffffffff818e8ab0 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802c100000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f73d70b0 CR3=0000000022e68000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=0000000000000003 RCX=ffffffff813be48e RDX=ffff88801e5ec880 RSI=ffffffff813be4ab RDI=0000000000000000 RBP=ffffffff8d80a084 RSP=ffffc900062ff8c0 R8 =0000000000000000 R9 =0000000000000003 R10=0000000000000003 R11=0000000000000001 R12=0000000000000003 R13=0000000000000003 R14=ffff88802c23fa40 R15=fffffbfff1b01410 RIP=ffffffff813be4ac RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802c200000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7f465d5 CR3=0000000057192000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000f000000000 0000000300000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000000000006f RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84f95a45 RDI=ffffffff94d5c040 RBP=ffffffff94d5c000 RSP=ffffc900005f07e8 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=502033203a555043 R12=0000000000000000 R13=000000000000006f R14=ffffffff84f959e0 R15=0000000000000000 RIP=ffffffff84f95a6f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802c300000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=0000000043106000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000