last executing test programs: 4m34.706403348s ago: executing program 3 (id=5370): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000280)={{0xffc0, 0x4, 0x0, 0x6}, 'syz1\x00', 0x50}) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = syz_open_dev$evdev(&(0x7f0000000200), 0xaae, 0xa0100) ioctl$EVIOCRMFF(r1, 0x40044581, 0x0) 4m34.627846308s ago: executing program 3 (id=5371): r0 = socket$inet6(0xa, 0x1, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev={0xfe, 0x80, '\x00', 0x3b}, 0x0, 0x0, 0x4, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0x1, 0x0, 0x9833bf88d1b218f4, 0x1}, {{@in6=@ipv4={'\x00', '\xff\xff', @empty}, 0x4d6, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4, 0x8, 0x0, 0x40000}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) 4m33.989907509s ago: executing program 0 (id=5380): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file2\x00', &(0x7f0000000240), 0x10080, 0x0) 4m33.942675871s ago: executing program 0 (id=5373): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@bridge_newneigh={0x28, 0x1c, 0x1, 0x70bd29, 0x25dfdbff, {0x7, 0x0, 0x0, r2, 0x80, 0x7f, 0xa}, [@NDA_LLADDR={0xa, 0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040004) sendmmsg(r0, &(0x7f0000000000), 0x400000000000235, 0x0) 4m33.94090989s ago: executing program 0 (id=5376): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70ee}, 0x0, &(0x7f0000000040)={0xb, 0xffffffffffffffff}, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000340)) 4m33.757902136s ago: executing program 3 (id=5386): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@bridge_newneigh={0x28, 0x1c, 0x1, 0x70bd29, 0x25dfdbff, {0x7, 0x0, 0x0, r2, 0x80, 0x7f, 0xa}, [@NDA_LLADDR={0xa, 0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040004) sendmmsg(r0, &(0x7f0000000000), 0x400000000000235, 0x0) 4m33.755588699s ago: executing program 3 (id=5388): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x48) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x227) 4m33.694687543s ago: executing program 3 (id=5390): r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000140)=0x2000) mmap$dsp(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x100000f, 0x11, r0, 0x0) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000040)=0x7) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x4000) 4m33.36526733s ago: executing program 3 (id=5394): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000100)={@val={0x0, 0x88b5}, @void, @eth={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x29}, @multicast, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x1, 0x6, 0xfe6d, 0x65, 0x0, 0x1, 0x6, 0x0, @dev={0xac, 0x14, 0x14, 0x21}, @empty}}}}}}, 0x26) 4m33.323924852s ago: executing program 32 (id=5394): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000100)={@val={0x0, 0x88b5}, @void, @eth={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x29}, @multicast, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x1, 0x6, 0xfe6d, 0x65, 0x0, 0x1, 0x6, 0x0, @dev={0xac, 0x14, 0x14, 0x21}, @empty}}}}}}, 0x26) 4m33.046082559s ago: executing program 0 (id=5399): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x48) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x227) 4m33.045505087s ago: executing program 0 (id=5401): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000002d00091327bd70000000000006"], 0x20}}, 0x84) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002d00010000000000fcdbdf2504"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r0) 4m32.767385392s ago: executing program 0 (id=5407): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x26e1, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'\x00', 0x7101}) write$cgroup_devices(r0, &(0x7f0000000340)=ANY=[], 0xa) 4m32.713795941s ago: executing program 33 (id=5407): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x26e1, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'\x00', 0x7101}) write$cgroup_devices(r0, &(0x7f0000000340)=ANY=[], 0xa) 3m52.517721029s ago: executing program 5 (id=6116): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) mknod$loop(&(0x7f0000000780)='./bus\x00', 0x2000, 0x1) 3m52.517555211s ago: executing program 5 (id=6117): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f000000cb80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f000000cbc0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r1, &(0x7f000000e740)={0x0, 0x0, &(0x7f000000e700)={&(0x7f000000cc00)={0x1c, r2, 0x107, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0xc0}, 0xc0) 3m52.467757809s ago: executing program 5 (id=6118): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000008000000000000005000100070000000900020073797a30000000001400078008001240000000000500150004000000050005000000000005000400000000000d000300686173683a6d6163"], 0x5c}}, 0x0) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000740)=ANY=[@ANYBLOB="44000000090605000000000000000000010000050900020073797a30000006000500010007000000080009400000000114000880100007800a001100b4"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x44000) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000030605000000000000000000000000000500010007"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x20000010) 3m52.466842606s ago: executing program 5 (id=6126): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x3) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1edc01, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000180)='./file0/../file0\x00', 0x0, 0x887008, 0x0) 3m52.235793647s ago: executing program 5 (id=6128): pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) tee(r0, r1, 0x6, 0x0) 3m52.212257908s ago: executing program 5 (id=6120): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mount_setattr(r0, &(0x7f0000000080)='./file0\x00', 0x8000, &(0x7f00000000c0)={0x1, 0x89, 0x100000}, 0x20) 3m52.125206213s ago: executing program 34 (id=6120): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mount_setattr(r0, &(0x7f0000000080)='./file0\x00', 0x8000, &(0x7f00000000c0)={0x1, 0x89, 0x100000}, 0x20) 1m0.061676025s ago: executing program 4 (id=9933): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-aes-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x34000041) syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), r1) 59.223416964s ago: executing program 4 (id=9952): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) 59.222990472s ago: executing program 4 (id=9953): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x6, @private1, 0x8}, 0x1c, &(0x7f0000000340)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) sendto$inet(r1, &(0x7f0000000400)='X', 0x1, 0x8884, &(0x7f0000000480)={0x2, 0x4e24, @local}, 0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e24, @local}}, 0x1000000, 0x0, 0xffff1896, 0x1, 0x25, 0x800, 0x1e}, 0x9c) 58.351334576s ago: executing program 4 (id=9972): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x1d0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) umount2(&(0x7f00000000c0)='./file0/file0/../file0\x00', 0x1) 58.288357572s ago: executing program 4 (id=9974): r0 = socket$can_bcm(0x1d, 0x2, 0x2) io_setup(0x9, &(0x7f0000000240)=0x0) openat(0xffffffffffffff9c, 0x0, 0x105042, 0x1db) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) ioprio_set$pid(0x2, 0x0, 0x0) io_submit(r1, 0x1, &(0x7f0000000100)=[&(0x7f00000002c0)={0x400000, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) 57.973156106s ago: executing program 4 (id=9979): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000200)={"b94028f0472886060a85ae73fe0fffa7999ce8d44d998f45b34ef7c611da07f9fe410efba40bdc2eafd56506ce070fb4d4bb9117f80000000000ed4011a244e2dea53b647c1323a301c599a401d814bad8af602d9190cfe0a2409cbdbece57bb41c5e6300fb0a6fedaa09a9218c002919252c6a26f64bc5d65f530c7eec50863c2eb74acc403b8b08adbf9b3c6546e209ecb9b7b7b7e7301e9dd99efad5b9b90aa37efa888cd61f77658c7dd6bd306595295f5175600b180d8608a3d6792a41df2971e44c685ae61d991698a3a2f1fbeae6a6be75be25292e114ac5aba4e94cdbcf9d7d8bc48ed16bd8aa1ec0e896383b013fdbdbe59108f53a7d4d5bcffe471547984b9a669e23698c5c75f30ca9461df4b9932d6c4cc51e1cf7253fea5c07850ffb895a08625187689c2ed81dae4cac6f6ba79301166a41429547afd472a5952aaaaa467f499b868a6dc34edbedd337b6df24c841786d41c92ac810d92e1c2e4b940dc38244c285294ed29f51ca5571901b5d1c120f9bd48d2eb506622f68be01748890c7be9dd8e5a62f09b3205ae6a29cad936745d08c0e2e67c7b8adf4202f8ab37c7f13e04fdfa74e9417ddecf6d7415a25dc38217128d5d76d9a4df7916ce2511cde75ea0af3aecada713655ec37e7652011e3b0b5d0beafcbe382a2bdb83e7d8becd605f6aaced5184bbc4e9b7244fe53d5207d1a9584ca8d5ee8ce0c688437b648012cfc0c1292ca6caccbe9c0100af81fef680fe77e0c294bb286ba6ac517c24fa26ea62c1f56dd41455466954272438d70dafff3b01c93f8db7ad83e91daac058976caf99d7c7780c47a8f3ef927ef20083df6bb69ea346c8c6d631bd7beef18ff4b572f2f8b35014a195961df8919984fdf28f64cbd43c10fdf2aa04d4311b7cc49d2f1eeba328fe63c9afecdd5dca573669055400495da0a44ad3452108e829bbe86eef19a59a8c8caa440f7122341785071a21e80c42554b3ce108a1658b7bea148697e97ca9eeb3011533042a5ef9f2d1752024d8dd02a1bd8747985a794ea5af5f44263d039c882a7135b77bdb48de75bba09a7c1501eb304afe91be4b01bf56ba3eb1352f5fd01167021af1b379d7d61293ad5f768d07fe0e1bafbc68e11240402ce46c26eeca39a1271052a31068c181c5dd04d1e8eb13836f94c65d7e9c2278a838e8d4371ca53216ce6dda2aa5db67f052b2bde0d685e445f658108cf2954e35ebdef974f5246e161a04b7a124ee4b12b40e583478f428b60d450304577edbc0e3b937e786917f5dee22a6e2684b4f17db74f0da7092f5dfad372c952ada48c461e0349741ad92c482a84f9b24c32577b9aa2440d6539744bc6e326de8b900"}) ioctl$KVM_GET_LAPIC(r2, 0x8400ae8e, &(0x7f0000000680)) 57.937051791s ago: executing program 35 (id=9979): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000200)={"b94028f0472886060a85ae73fe0fffa7999ce8d44d998f45b34ef7c611da07f9fe410efba40bdc2eafd56506ce070fb4d4bb9117f80000000000ed4011a244e2dea53b647c1323a301c599a401d814bad8af602d9190cfe0a2409cbdbece57bb41c5e6300fb0a6fedaa09a9218c002919252c6a26f64bc5d65f530c7eec50863c2eb74acc403b8b08adbf9b3c6546e209ecb9b7b7b7e7301e9dd99efad5b9b90aa37efa888cd61f77658c7dd6bd306595295f5175600b180d8608a3d6792a41df2971e44c685ae61d991698a3a2f1fbeae6a6be75be25292e114ac5aba4e94cdbcf9d7d8bc48ed16bd8aa1ec0e896383b013fdbdbe59108f53a7d4d5bcffe471547984b9a669e23698c5c75f30ca9461df4b9932d6c4cc51e1cf7253fea5c07850ffb895a08625187689c2ed81dae4cac6f6ba79301166a41429547afd472a5952aaaaa467f499b868a6dc34edbedd337b6df24c841786d41c92ac810d92e1c2e4b940dc38244c285294ed29f51ca5571901b5d1c120f9bd48d2eb506622f68be01748890c7be9dd8e5a62f09b3205ae6a29cad936745d08c0e2e67c7b8adf4202f8ab37c7f13e04fdfa74e9417ddecf6d7415a25dc38217128d5d76d9a4df7916ce2511cde75ea0af3aecada713655ec37e7652011e3b0b5d0beafcbe382a2bdb83e7d8becd605f6aaced5184bbc4e9b7244fe53d5207d1a9584ca8d5ee8ce0c688437b648012cfc0c1292ca6caccbe9c0100af81fef680fe77e0c294bb286ba6ac517c24fa26ea62c1f56dd41455466954272438d70dafff3b01c93f8db7ad83e91daac058976caf99d7c7780c47a8f3ef927ef20083df6bb69ea346c8c6d631bd7beef18ff4b572f2f8b35014a195961df8919984fdf28f64cbd43c10fdf2aa04d4311b7cc49d2f1eeba328fe63c9afecdd5dca573669055400495da0a44ad3452108e829bbe86eef19a59a8c8caa440f7122341785071a21e80c42554b3ce108a1658b7bea148697e97ca9eeb3011533042a5ef9f2d1752024d8dd02a1bd8747985a794ea5af5f44263d039c882a7135b77bdb48de75bba09a7c1501eb304afe91be4b01bf56ba3eb1352f5fd01167021af1b379d7d61293ad5f768d07fe0e1bafbc68e11240402ce46c26eeca39a1271052a31068c181c5dd04d1e8eb13836f94c65d7e9c2278a838e8d4371ca53216ce6dda2aa5db67f052b2bde0d685e445f658108cf2954e35ebdef974f5246e161a04b7a124ee4b12b40e583478f428b60d450304577edbc0e3b937e786917f5dee22a6e2684b4f17db74f0da7092f5dfad372c952ada48c461e0349741ad92c482a84f9b24c32577b9aa2440d6539744bc6e326de8b900"}) ioctl$KVM_GET_LAPIC(r2, 0x8400ae8e, &(0x7f0000000680)) 48.883107528s ago: executing program 6 (id=10137): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x7bc, 0x4) bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300) setsockopt$inet_int(r0, 0x0, 0xb, 0x0, 0x0) 48.49149674s ago: executing program 6 (id=10148): r0 = socket$inet6(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000c80)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000000)=@ipv4_newaddr={0x48, 0x14, 0x509, 0x70bd2c, 0x25dfdbfd, {0x2, 0x20, 0x0, 0xcb, r2}, [@IFA_FLAGS={0x8, 0x8, 0x200}, @IFA_LOCAL={0x8, 0x2, @local}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x1}, @IFA_BROADCAST={0x8, 0x4, @local}, @IFA_RT_PRIORITY={0x8, 0x9, 0x31}, @IFA_RT_PRIORITY={0x8, 0x9, 0x103}]}, 0x48}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 48.416361008s ago: executing program 6 (id=10140): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4138ae84, &(0x7f0000000c40)=@x86={0xab, 0xd, 0x18, 0x0, 0x100, 0x8, 0x7, 0x0, 0x40, 0x3, 0xc, 0xfd, 0x0, 0x1, 0xa, 0x8a, 0x7, 0x14, 0x33, '\x00', 0x8, 0x2}) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f00000001c0)={0x6, 0xa4c}) 48.314105832s ago: executing program 6 (id=10146): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='autofs\x00', 0x0, &(0x7f0000000100)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0, 0x3f46137792f68265) syz_clone(0x180, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0xc0049364, &(0x7f00000001c0)) 48.313734678s ago: executing program 6 (id=10150): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xd}}}, 0x24}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000140)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x8016, 0x1400, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @local, @loopback}}}}, 0xfdef) 48.116587349s ago: executing program 6 (id=10153): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000700)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x94) r2 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r1}, 0x8) close(r2) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) close_range(r0, 0xffffffffffffffff, 0x0) 48.078206327s ago: executing program 36 (id=10153): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000700)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x94) r2 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r1}, 0x8) close(r2) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) close_range(r0, 0xffffffffffffffff, 0x0) 1.950549288s ago: executing program 1 (id=11275): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@newtfilter={0x48, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0x0, 0xffe0}, {}, {0x7, 0xf}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_KEY_IPV6_DST={0x14, 0x10, @local}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x2008c014) 1.840079885s ago: executing program 1 (id=11278): ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000200)={0x13, 0x2, 0x1, "bc57499e007105bf0000000100000000e40300", 0x50424752}) r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7732, 0x80, 0x1, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 1.763059247s ago: executing program 1 (id=11282): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000340), 0x8) 1.762736019s ago: executing program 1 (id=11284): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x8241, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGFLAG(r1, 0x8004480e, &(0x7f0000001100)) 1.324224259s ago: executing program 7 (id=11300): bpf$PROG_LOAD(0x5, 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = io_uring_setup(0x3eae, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1) syz_clone(0x62000000, 0x0, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 1.23967681s ago: executing program 7 (id=11304): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0)={0x3, 0x1000}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002a80)=ANY=[@ANYBLOB="b702000004000000bfa300000000000007030000407effff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca7ebfcd0cd000071d3d09a6175037958e271b60dedf8937f02008b6d83923dd29c034055d47dafe6c8dc3d5d78c07f34e4d5b3185b310efd4989147a00000000f110026e6d2ef831ab7ea0c34f17e3adeef3bb622003b538dfd8e012e71f6420b90adddff61b5b0a341a2d7cbdb90000bdb2ca76050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132658555cf476619f28d9961b626c57c2691208171656d60a17e3c1c4b751ca532e6ea09c346df3d7cb4ebd31a08b32808980200000000000000334d83239d0c2e9ff10ff2d27080e71113610e10c358e8327e7050b6c860dac12233f9a1fb9c2aec61ce63a38d316ef49b66d6e42fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a5f3d74ca891c4594e8a4399e01eadd3964663e88535c133f7130856f75643619f567d2e24f29e5dad9326edb697a6ea0182babc18cae2ed4b4390af9a9ceefd07e002cab5ebfcaad34732181feb215139f15eafddcb0c7cbe31fbae7c34d5ac5e7e64c21add9191eadd6e1795ad6a0f7f8cd3fccbdc3dec04b25dfc17975238345d4f71af35910b158e56657b7218baaa7cbf781c0a99bd50499ccff0f000000000000c7beba3da8223fe5308e4e2833baace04f4087c4f0da0d9a88f9dbb593ddeb3f0932a4d0175b889b8eccf707882042e716df9b57b290c661d4e85031086e97bcc5ca0e221a0e34323c129102b7b7a643e82e88a1940b3c02ed9c92d6f64b1282dc519b00159830d7617001154c46bd3ca96318c570f0721fc7aa2a58090000000000000094f22cdf550ef091a78098534f0d973058594000000000000000c12346e47ad97f4ead7cf754a52e4b2d0f22d428bd705414888700a30e2366c6a06b3367a389ca3905689a1f3db9c24db65c1e0001581d573dab18fd0600885f1ea8f2fd299fc3cdafda323e9c7080397bc49d70c060d57bc88fbe09baa058b040360ab9261503d2f363fb099408885afc2bf9a4f8c3506b669e889f5e4be1b8e0d634ebc1057b7e98186fc5141bd670dba6f43279f73db9dec75070cd9ab0fd969169ef6d2857b6bf955012cf7fe50d133da86c0477e42b98a6cc999dc21c3ef408e633dfa35f14d6e734837d365e63845f3c1092f8dd4fc7ea0000af3904ea0f3698cd9492794b8212a350d726bff873339c4cad4ead1348474250eda2c8067ab730c1d82a5687f2ed690000522a0b7426000000000000000000000000000000000000000093fc7a82b98f99d9dedf7ba17f5f0b6d15e552fbd21f7eecff10243a43af03eea84c4304a5d3f93c3fc74c00000000000043e1ed82b9aa0ae92a499984a009000000937523f5292d12659906005cde64f903c3415c458a2b32c2318f0858f19c6def80e1481e8e1c0098fc3f38b7a57211adb15d824cfdcf229628c0de49860e44286fe0e257cfa4ce50f3d10763d442824414a73c06837fe08de62f8710ca977960b74d0000ce73da6022a8671d1a3575b4e18c28c73203bf134686dd65808452cb6b76fcb134252c78de9b240de7b4cd015a77f76bb6470c05fc980b3d8f3f964f432a4bf6cddd6222c2da006b6fdb9c8468ae1d986a893b9519444d16a6dfa92c04331a6698507048fab5ae402acd05fe621f22712dfd09004770b4278fa14547d8ce3c21188e5e4e2baacd98e8e451d6aaaf090000006ed1d9018000008dd952595d78e9583bf4ea5de36099e3cd32941a815e3f3ceafe3065b9594fdcb24ebb6eddb9e87c9ecec7a42c0000abe1c6ea55887dfa18d0aea1b6eca5a883702b0bf3aefcb225895db90e237157a34e9f447237ea5b391bddd1290f7ce987a0e36b8e71b1779bbe95ffa9c3c0f6ba66e4d48e75253e3d633811e4b3220616aafbe7a3a18375ae593eb58fd500426286472466823cb8e1800aaaa0d9463c0c4ea5541a55df6eeffec0b66482228816cdfccb98374c644eea45de7867a0efbad0ab2bc33b350440a90b791b2b33f74a112a3b91b40bed8db2df8633207f8387e04ca52ab0f3f7b058b13523b896800b992972d9609551c27a5916ea16069c5b0300000026d3c27e7945b29996e5cefbc9f857bc1332d200194f658b930780603134ae6b7f5092772bd5d880dbe21b790c475b14b7fe4fe002dffd651faa79bb0cee0cdac2bc3218f2ddaa6f7ba04b696a30d313bed30ba8f35569a9b07ee7308da09c01a4b827aa1784d927aca9b8540534c5c49a0300cfbc2213fc1572b0204dd456b11a454d1f3f14179974aae624ea59500f5e048b2780666de81a040663c57f49af25be909984ae4e679107a14bbb24851f6199eaf9a1b81f33426f86b4b941c08dfe2bc8ec246ec1aae120c42405e428923f3a83d9ba5c373f5e8a54120b451e2806370f1ed60c9fd5d9af4d16cb0f413c324da52d4bd2e01d3ac2d578d72e2d63322dfc9245ce3e3a097fb82f4e3b61a55594616020f72f1c55ee3d325c7496a7c2f10cfeae16ae436751227378f0b1ee78bd33c50206700dd90b96a330f92bff736c83ca53e7f02b734d1a9292337e2be3896f7e7f244bfab4946c7042e88206f641eafcc5b4ba7a7880533cde00995d1caf6936f356ecf07a0084e7adc2dc12417997b03087c7b3b44b06f6158a2a18ce0e56ffbeb22f40521dd9972583d413098aa80db98ef324a2bfb6961c07b47521973cf0bb6f5530f6216b047b35d6e06b72b22b29de42bb1bc8ce0a0e3500000000000000000000000000b92eb197e4149627920000008000000000801792756f90b37f0858efc387f559203f314a4b0ed750fa72e5948ac3fe5921c14ef578d420e7b2a9e2f87f7b44949fe14c00000000000f47030c09f62d444b4981db81799776eeb4448278de519705fa8b56779bc8cc927b308c8e50815c4c3b27487996c09121caf47f76158362c74904f89cbc588aae84567a83571ff72bb65c082b5a8dedc05a3167d84205d5af86553c21e1f023a51c0e179fccfbc201982ebddcaa45613899d19082453b180ca0c525b8d3cfaf7d0bcddeb5d5c7166038f276a92941393ba5e51f77172822bd903d9f8b436656771774ed88daab0d0cfdd1bffc30ab566e1a4cb3ad66d830e10f7c1de13218aea21e7def6132e4f8acf03438b1d01ccbe27e5be5b46304c2b7c1ad48b01c20024032e9b3bba7d6ceca38d3e96db049b92fc32ee34fe7b8419c8fbf03d61c159dc5864e030000a2c55b614d622b8de966c97e1940026f96db3c78ca18c9f08d1c47edf1a4d7298109f31b6078711ee72eacab61213bf50000000000e1000000000000000000001217887d0452aa6d26e4614d511710abeec84b78c027c160ba3759fa55249b832ce4dfb91122193d514ed992c07f8cd6d897b314907e15642da228dbc03429e6e0e7ac118ed351c3b0c44bf5d8b58be5732f29eed98d5b3688d80f7c66f8333aa8cc2ec5b5e305b3dee2562d415b4b9ed530797f55f9fe8510423409629a09000000000000009a35d9ca93e4b4591679547b8de8af1782451f7b8e1de508f1e9e525210d62bb850f8035040ad9e57abe58797515b737bfb21d35ac560f99dbd18dad5e6345a464955e8141d75b6177e4fa176a020b0000000000006e76f0294fee7d19a0f327f8796d77b6e24b8df4bb438b527d10e657d49b844198ea9f93c4fd6fd2daa9bd87fd1e02ecc8075dca1280c201043257e9bd3c9a7aa150eb1711632b76d4dc053e64bfcfd057980136d6e9faca03b24fa300ef90bfe4ad364256937796f941c2fead94785f48777941f0cd3dba54ab6a5d5e91e90ac9ae994c3d4108b2fe7eca9413ac9bc138c74800487eb19c48db3f79be964808d409b5e36fc7fdd40080361427b6b9c118e5c9a0a1d5ca24886eb8a78796540635ac3530b9025d8bad0533a7f81b2188ec75a5fc9302e3815bdcc9ab11201ef940569c995c21eeaefe2e8fc02e0433dc7371d1f72124bad23e554c30fdd7cd8c2da1e8706417da9ad8916551a1182fac08603dfc2f2279ba161c13984cd753b54a85e6f3018c7d48c4b6c2f6910975e9ff51318b09fa13e2d38ce013aab41524c298c3719e31bcb1f102eaeee69a19e006bcdb1acc2664efa949a1a07bb3d7848d5e1381fbe63c522053a3bb32eb6345e10f7a12bf84e0e196a00833f464dd2f6547f14ebf137fce33efeb813211f31ff24d7dbb00f2574ccda59b3ea068fc2a18c37ee579f5a9ecc47da73684bcadd209ae5bbb7147df745ae7a4e446ca16d027d8d0adcdb54182c9de8053fc8b1b9d19c16c53d34db6e26f6a88d449f6abf378ca2e577e206a758a3d46e45e7949c5b5069103009693a798a330a1ccb32d49772e80862df36dc0156b3f72cd85083f8e96ca1697457ec722766bd46ee2424975a38149bd57e5c0eb4087fc243e7e51b0aca9f0ab0668d7f2ee9ad9f267d8804417aa7e36a64d489bb84a1483fd3c3ecb024060002858cbb1f7708f5b41fca2fee7c03b1f862ce88dc313d913e041dd7583a1ac41c466757c5dd07ea2c5d62a000b84b11308b6636b735b3c654cbc0000000000000019a4e9a9c2cbc906f97fd6eb00b18d09a5df123ebbdb2827b43aed6a29e9942e402c1ae52e9cb98f3019d364fc21ea02023db91ced3c2f06550cef8a79ed39091e4776001187d0ab2f82478431d36470cc008d745ce8fd64c9aa64da230bb080945a557081b767beb75b1ea856a55c71b8fda672289aa6085100d48ac8039f19fec3acbcc5944a4e6fd44af8f10110db730a8d0d41b4ea36f9510f843a471963bd4621b9e43f08d341bb69df430ac4bf5c06c6398c1b28bdd3f4c2353c330d8457cf728294e8ea1861ce50c367498945285f73c94d91210652eb4f3077cab6be2a3512eddbcb63d091d69fb1b26c8ada9a99d747d38ef5042053299b8e95decc637a022a49664742606cfdb2a3258498a6a0a82369d70177433e52b851ac396163ca09e6c22ad796a565cf23d87ae9be7235553aa6b8ab74842d3d4ba738b3fa997f079d225335f2af55644478e514aed8ba202805ad458d9ae6ab8d156f11f3cfe7def690f2bbbb463063664625223d23386540e0db96d8eb1755ad49ae817683de97a6dd32d584391302e65594b12bb2e6630217401031c8a1b964ca32f735421bbf64c9f1f9329e5cfda139ea79619e1d00a9a3ab49993362f30d191aa3387101feaa3e326190804eae2114437f8f4b27480900dd6511844a643886588fbdee7f8863a8dfdd75a9e128c6c15166a5f92d3c2d4952e5d07c59bfce0724a02600094c3369be3024edf451ff76a59855fd90353a0de907834bb77a059c56e92eed2f1415b3d8178453c7aecd8fbd161e2ffd66bcf2be175e45184f06bafd1c1c4fd7006a6c90d8afd126f1c51ee0f724ffbbed25a286c95d17c8b4297f8bba8efd565ecb157f0be244fb9657f737354b20e3a5012abb36052eec7a4fe9bc5b5283581b208d90d28d78f1c5422c3bcad67278e8bb88d7e6ccf72dd61319b44aa617d667000000000000a5edbd3e8605225681090853fc66a20e30fb9938e5886ae748236f5e071278763e070b2b75ce0a9e6870033d25dd19733152b01b507d812216e0f7fc89bbe200806f079e9515dd886a781a46ebe3da4c8307885b535109bb1678d08eeef3717bea30f64282ee844b6d64ec51b1221d175b59c1537089dfa803275ab6dcd40b1fe4e851597c1993a477c225201087b7b0977be62a71927bb01b705267aabe967add451795dfd5114726193415cc3e0784a37db8ab8b97a171bc4ad9593f7c750ad440a26b93d24ee8f080de0f2a16cbd5cd1f370bc1235d88d5cbd25acf91daa392731dab4c9c15015de2fded6332b6ebccf6e1588f3f1a5a3e853587a6843ee1a3f3c270e3ab4462bcff01c70b03e8f8c9d816d7d69e4040155e9f999ce4e366a816c6e7224f41df7eead6d6d214ed98708e1d269f4b469af2e2a2559258439758f4fded2780e736568c7eea209c5ed54a1beaf06013bb4b330d39518528a46d68b277faf926672650cad335ae285aeb0b0130a9c7016580a857722b9c51a5a37a856ccb9b6673f58ebfa66f1db4d041741e104cdd91efa4b3248ebecff3568f31b547b19a939708c3b4b45f46377b4a345248489ddef4bc87426717971de1c0049006d2fb99c311fa91c364749917ee81ea8fd51365449d568eadbad6aead6101b7e6582e793670492d814d58e4a9faa8a4a3027b230e8f5b2349fb3ff3c4365df6bd85aa7f76c388ef94f0155c81b04863624fb4708f83ebf93a51d1438d7761d4b1b929d9aa8faef691676834a2591b75205ede2e4a709c3a9899d06c5cb5a571159402e429c5cf839f49957aed76dc7db43f9fdc754e40d7c662ad7939a09bfdbc31deb0d327895afae1eca61820e09abc2c0ed5ce083aceb89c8e24ad45483d3128f0547869970dc84c8787a06046bf79f28a7678b03baeff239ce600d91a07236e255ff7ea441ff0602bb38d7aaa1c414a94c4e143ea2cca9d14a01bb70ff93057a03288bd71c45b025731765ca5250b162f08be1a29460a53f213bfb88a8e80e4c46dbfa5936894a95d27c4e90c151748f8ee457c29cb7e21deb805a9c5c6abf373a4bad5e1eaf8deff211a307626d8b27f4356755a8b3a8103e73bb2c7114e85ab2f2ee3f2ea8a4188a7d5917e790629887c1c51f56d10a8400fb4193dd79dd657ec190acfbd00e5b3a37b6205b6b5c438ebaaea9d47acc662e5ef3c51cc2add70aa9a6420abb168651d78e3a61b3007e5c86b03ffdaaebc7545061274f1b7bfefecea707423af2601bd1608abc6f7dc4bc1ab8933d11c825efb1308d2fc80d2c19d6e083bed16f8063497f59174a8e2d0500d4c1f5f0384fd8b54faa13ecde3080a17bd3b60191a8bc1cdc985d70c539e53c1b99a8e07"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffffe8, 0x0, 0xffffffffffffffff, 0x5a}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x18000000000002a0, 0xe80, 0x0, &(0x7f0000000140)="b9ff0300600d698cff9e14f086dd", 0x0, 0x63, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x48) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000240)=@req3={0x1000, 0x1, 0x1000, 0x1, 0x7ff, 0xf84, 0x3}, 0x1c) syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) 1.163146313s ago: executing program 7 (id=11307): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x19}, 0x94) r0 = syz_io_uring_setup(0x8dd, &(0x7f0000000440)={0x0, 0x1b7, 0x400, 0x8, 0x20000fe}, &(0x7f00000000c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 1.162947251s ago: executing program 7 (id=11309): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 1.090334243s ago: executing program 7 (id=11313): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) close(0x3) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02) syz_usb_disconnect(r1) write(r0, 0x0, 0x0) 1.027944294s ago: executing program 2 (id=11317): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@local}) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f00000001c0)={@any, 0x2}) 1.027870315s ago: executing program 2 (id=11318): r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x8]}, 0x8, 0x80800) io_setup(0x2, &(0x7f0000000b80)=0x0) io_submit(r1, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) signalfd4(r0, &(0x7f0000000140)={[0x72]}, 0x8, 0x0) 849.938394ms ago: executing program 2 (id=11323): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2a}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) syz_open_dev$vim2m(0x0, 0xfffffffffffffffe, 0x2) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000240)) 391.41381ms ago: executing program 8 (id=11333): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x28801, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x42280, 0x0) close(r1) ioctl$KVM_CHECK_EXTENSION(r2, 0xae01, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000080)={0x0, 0x4, 0x3000, 0x2000, &(0x7f000060b000/0x2000)=nil, 0x9}) 391.288609ms ago: executing program 8 (id=11334): ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000500)=ANY=[@ANYBLOB="01000000000000002201"]) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x102080, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_DISABLE_QUIRKS2(r1, 0x4068aea3, &(0x7f0000000280)={0xd5, 0x0, 0x10}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000500)=ANY=[@ANYBLOB="0100000000000000a0"]) 390.977604ms ago: executing program 7 (id=11335): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000080)={0xfffffffffffffc70, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f00000007c9c0d224d324b9a7abb3"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000180), 0x0, 0x80200) ioctl$HIDIOCGUSAGES(r1, 0xd01c4813, &(0x7f00000010c0)={{0x3, 0xffffffff, 0x5, 0xfff, 0x1000, 0x9}, 0x242, [0x6, 0xdab, 0xb, 0x9, 0x0, 0xe8c, 0x200, 0x7fff, 0x0, 0x6, 0x81, 0x896b, 0x7, 0x4, 0x400, 0xff, 0xfffff000, 0x3a, 0x1, 0x9, 0x71, 0x9, 0xea70, 0x3ec1, 0x1, 0xd96c, 0x24000000, 0x1, 0x2, 0x2, 0x0, 0xa2, 0xeda, 0xef8, 0x65, 0xff, 0x100, 0x7, 0x8, 0x3, 0x6, 0x7, 0xd, 0x1, 0x344054a0, 0x3, 0x100, 0x2, 0x4, 0xe1, 0x0, 0xf80, 0x1b0, 0x1, 0x4, 0x1, 0x492, 0x88, 0x5, 0x10, 0x401, 0x9, 0x0, 0x8000, 0x81, 0x7ff, 0x3ff, 0x6, 0x7, 0x2, 0x0, 0x3, 0x5, 0x1, 0x6c, 0x8, 0x3, 0x6, 0x8, 0x8001, 0x3, 0x0, 0x2, 0x8, 0x0, 0x0, 0x7, 0x10000, 0x1, 0xa20, 0xffffffff, 0x0, 0x5, 0x8, 0x6, 0x3, 0xe1, 0x4, 0x4, 0xfff, 0x5, 0x2, 0x84, 0x10000, 0x100, 0x3, 0xfffffff9, 0xc, 0xfff, 0xfffffff6, 0x0, 0x63, 0xfffffffd, 0x0, 0xfffff000, 0x200, 0x5, 0x1, 0xfffffffe, 0xff, 0x8, 0xfffffff8, 0xfffffff7, 0x2, 0x9, 0x2008, 0x8c, 0x8, 0x2, 0x9, 0xffff, 0xffff, 0xff, 0x2, 0x7, 0x5, 0xf, 0x3, 0x8, 0x9, 0x0, 0xa, 0x9, 0x5, 0xf, 0x3, 0x1, 0x9, 0x40, 0x10000001, 0x5, 0x1, 0x9, 0xbc4, 0x4032, 0x400, 0x8, 0x80000001, 0x5, 0x8, 0x800, 0x2, 0x94c, 0xec48, 0x6, 0x81, 0x0, 0x8, 0x4, 0x8, 0x7, 0x5, 0x1, 0x3, 0xa, 0x80000001, 0x7, 0x8, 0xfffffff3, 0x2, 0xffffff6e, 0x2, 0x6, 0x7, 0x3, 0xf7ea, 0x80000001, 0x5, 0x0, 0x7fff, 0x7, 0x3, 0x6e2fc2f6, 0x0, 0x7ff, 0x50, 0x9, 0x180, 0x4, 0xcc, 0x7, 0x0, 0x6, 0x6e, 0x9, 0xe0000000, 0x9, 0x3b5e, 0x4, 0x0, 0xda, 0x4, 0x9, 0xd, 0x0, 0x1, 0x1, 0x7fffffff, 0xf88, 0x3, 0xa58, 0x5, 0x6, 0x4e7, 0x7, 0x8, 0xe2d7, 0xd, 0x2, 0x5, 0xffff50ca, 0x9, 0x3, 0x3af1f10, 0x3, 0x1, 0x7ff8000, 0x4, 0x9, 0x4faa, 0x2, 0xecf, 0x9, 0x1, 0x3, 0x101, 0x3f3, 0xa, 0xfffffffd, 0x8, 0x0, 0x800, 0x13, 0x1, 0x4, 0x9, 0x4, 0x0, 0x6, 0xe, 0x94, 0x5, 0x3, 0xf05, 0x80, 0x0, 0x7, 0xc, 0xffff, 0x0, 0x1000, 0xe6, 0x200, 0xf, 0x42f, 0x10001, 0x6, 0x6, 0x6, 0x1a1, 0xa96, 0x3, 0xa69, 0x5, 0x2, 0x6, 0x2, 0xdf46, 0x401, 0x1, 0x80, 0x3, 0x1, 0x2800000, 0x3, 0xffffffbc, 0xfffffc00, 0x3b2, 0x45db, 0xfff, 0xef, 0x6, 0x7, 0x2, 0x7, 0x5ad9b8de, 0x8, 0x4, 0xfffff001, 0x8, 0x200, 0x101, 0x9, 0x5, 0x8, 0x2, 0x8, 0x2250, 0x1, 0x8, 0x8, 0x75d, 0xffffffff, 0x8, 0x3, 0x2d85, 0x3, 0x7ff, 0x8001, 0x0, 0x8, 0x7, 0x6, 0xe, 0x2, 0x2, 0xdf2a, 0x4, 0x10001, 0x7, 0x3, 0x0, 0x6, 0x3, 0x6, 0xfffffb04, 0x80000000, 0x1, 0x5, 0x100, 0xff, 0x7, 0xa8fb, 0x3, 0x2, 0x3, 0x5, 0x0, 0x8, 0x4, 0xfffffff9, 0x9, 0x3, 0x1000, 0x8, 0xd67, 0xffffffc0, 0x4, 0x1, 0x101, 0x43, 0x5, 0x723, 0x7, 0xffffffff, 0x95, 0xfff, 0x7, 0x57a8, 0x400, 0x74, 0xaa1, 0x2, 0x2, 0x4, 0x4, 0x1, 0x1000, 0x7, 0x4, 0x5, 0x2000000, 0x8, 0x5, 0x6d, 0x1, 0x5, 0x4080, 0x3, 0x5, 0xa372, 0xffffff81, 0x5, 0x5, 0x4d000000, 0x7, 0x9, 0x7ae, 0x2000, 0x7, 0xfffffffb, 0x4aa1, 0x7, 0x2, 0x0, 0x2, 0x298c, 0x989f, 0x1, 0x8, 0x1, 0x3, 0xfffffff7, 0x40, 0x2, 0xffff, 0x9, 0x200, 0x9, 0x3ff, 0x32c7, 0x400, 0x5, 0x7c1, 0x1f, 0x7, 0x7, 0x9, 0x8, 0x80000000, 0xd, 0x278e142d, 0x2, 0x5, 0x7f, 0xc0, 0x1, 0x3, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0xfff, 0x6, 0x4, 0xaf9, 0x1, 0x8, 0x1ff, 0x7, 0x8, 0x7, 0x5, 0x800, 0x7, 0x8, 0x7, 0x2, 0x400, 0x800, 0xffffffff, 0x9, 0x0, 0x5, 0x9, 0x5, 0x4, 0x3, 0x8, 0x400, 0x6, 0xfffffff9, 0x100, 0x2, 0x3c, 0x2b51, 0xe3, 0x6, 0x3, 0x3e0f, 0x5, 0x2, 0x2, 0x99, 0x80000000, 0x2a3, 0x5, 0x1, 0x2, 0xe, 0x7ff, 0x4, 0x4, 0x80, 0x401, 0x7, 0xa, 0x10, 0x1, 0x9, 0x7fff, 0x2, 0x6, 0x8001, 0x0, 0x804e, 0xcc, 0x8, 0x8, 0xa, 0x9, 0x87, 0x4, 0x8, 0x6, 0xfffffbff, 0x3, 0x8, 0xbec, 0x9, 0x9, 0xbbf6, 0x2, 0x2, 0x0, 0x2, 0x5, 0xffff, 0x7f, 0x2, 0x7, 0x0, 0x4, 0x2, 0x9, 0x2, 0x55, 0xfffffa90, 0x92bf, 0x1, 0x40000, 0x9, 0x4, 0x2, 0x2, 0x7, 0x0, 0x9, 0x7, 0x9, 0xf6, 0x8, 0x3, 0x9a27, 0x6, 0x0, 0x4, 0x4, 0x2000, 0x5, 0x96, 0x1, 0x9, 0x1, 0x3, 0xff, 0x3, 0x3, 0x10, 0x688, 0x40, 0x3491, 0x8, 0xffffffff, 0x1, 0x1, 0xffff8001, 0x2, 0x6, 0x6, 0xe86, 0x7fffffff, 0xe, 0x18000, 0x401, 0xc, 0x2, 0xfffffff9, 0x8, 0xacb, 0x8, 0x72c, 0x1000, 0x0, 0x10, 0x4, 0x1, 0xffffffff, 0x8, 0x4, 0x5, 0x7fffffff, 0x0, 0x5, 0x8b, 0x4, 0x2, 0x6, 0x1000, 0xeb3a, 0x0, 0x2, 0x0, 0x101, 0x4, 0xfffffff9, 0x8, 0x9, 0x5, 0xffff, 0xc, 0x9, 0xff, 0x0, 0x8792, 0xfffffffd, 0xce, 0x1000, 0x9, 0xbab, 0x2, 0x80, 0x9, 0x8, 0x8, 0x1, 0x0, 0x8, 0x2, 0x3, 0x2, 0x2, 0x3ff, 0x5, 0x9, 0x9603, 0x7, 0x5, 0x44, 0x9, 0x6, 0x52000000, 0x5, 0x1ff, 0x1, 0x81, 0x30, 0x3, 0x0, 0x9, 0x2, 0x6, 0x3ff, 0x6, 0x6df1, 0x0, 0x60b3, 0x0, 0xa, 0xffd, 0x2, 0x8, 0x2, 0x2, 0x8, 0x1000, 0x50, 0x8, 0x898, 0x3, 0x0, 0x79d8, 0x1d06, 0x7, 0x200, 0x8, 0x60, 0x5, 0x9, 0x6, 0x3ff, 0x8, 0xbd, 0x7, 0xd, 0x2, 0xff, 0xc39, 0xfffffa5f, 0x100, 0x5, 0x1, 0x5f66, 0xe, 0x0, 0x4, 0xfff, 0x8001, 0x9, 0x8, 0x1, 0x8001, 0x6, 0x8, 0x8001, 0x81, 0x68c, 0x5, 0x571, 0x2, 0x1, 0x3, 0x5, 0x5, 0x0, 0x1ff, 0x7, 0x3, 0x5, 0x600, 0x3, 0x10000, 0x3, 0x7ff, 0x401, 0x80, 0x6, 0x20, 0x8, 0xe, 0x1000, 0xffff, 0x101, 0x2, 0x1ff, 0x8001, 0x403, 0x7, 0x80000000, 0x24, 0xf5, 0x10000, 0xf7d4, 0x4, 0x1ff, 0x9, 0x2, 0x10001, 0x8, 0x2, 0x0, 0x10001, 0x1cd, 0xffffffff, 0xd, 0x7, 0xac8f, 0xfffffffa, 0x9, 0x0, 0x3, 0xc1c3, 0x4, 0x1, 0x5, 0x5, 0x8, 0x8, 0x8, 0x1, 0x80000005, 0x7ff, 0x5, 0x7fff, 0xb, 0x6, 0x5, 0x5, 0x4, 0x9, 0x9, 0x1, 0x8001, 0x7f76, 0x8, 0x5, 0x1, 0x9, 0x0, 0x0, 0x800, 0x3, 0xe145, 0x9, 0xe94, 0x7, 0x8, 0x3, 0xfffffff7, 0x7, 0x100, 0x5, 0x5, 0x4, 0x723d3593, 0x40, 0x1, 0x5, 0x5dd3, 0x0, 0xfff, 0x4, 0x0, 0xe184, 0x7, 0x9, 0xe163, 0x4800000, 0xffffea27, 0x7f, 0x4, 0x80, 0x2a7f957d, 0x9, 0x6, 0x7ff, 0x1, 0xbc, 0x8, 0xe, 0x7f, 0x623, 0x5, 0x317b, 0x8001, 0x9, 0x3ff, 0x7fffffff, 0x1ff, 0x74b6, 0x9, 0x1, 0xb57, 0x6, 0x0, 0x800, 0xd, 0x400, 0x99, 0x2, 0x7fff, 0xb2, 0xfffffffe, 0xcd8, 0x80, 0xfffffffe, 0xfffffff7, 0x1000, 0xd, 0x4, 0x1, 0x0, 0x6, 0xfff, 0x4, 0x5, 0x7f, 0x7, 0x5, 0x0, 0xffffff01, 0xffffffff, 0x8, 0x8, 0x0, 0x8, 0xfffffff9, 0x7, 0x1, 0x35, 0xfffffffe, 0x7, 0x4, 0x1, 0x4, 0x1, 0x6, 0x8, 0x6, 0x8000, 0xd5, 0x7, 0x4, 0x5, 0x4, 0x359, 0x9, 0xaa90, 0x6, 0x101, 0x81, 0x1, 0x7, 0x1ab, 0x3, 0x10, 0x10000, 0xa, 0x80008, 0x8, 0x2, 0x1, 0x80, 0x4, 0x40, 0x4, 0x5e, 0xac2, 0x6911977, 0x0, 0xd2a, 0x2, 0x1c000, 0xf, 0x7, 0x11, 0x6, 0x7, 0x6, 0x4, 0x10001, 0x6, 0xffffffff, 0x4b8c70f6, 0xff5a, 0x301b, 0x8, 0xaa26, 0x5, 0x10, 0x6cfc, 0x2, 0xa00000, 0x2, 0x366, 0x5, 0x1800, 0x0, 0x800, 0x9, 0x1, 0xb, 0x479a74a, 0x6, 0x3b, 0x8, 0x2, 0x4, 0xfff, 0x98f, 0x0, 0x6, 0x36, 0x6, 0x10, 0x1, 0x1000, 0x3ff, 0x5, 0x9e6, 0x7, 0x200, 0xb1, 0x8, 0x9, 0x4, 0x3, 0x9, 0xffffffff, 0xa2, 0x40, 0x0, 0x8, 0x9, 0x7, 0x8c, 0x4, 0x3, 0xb8c, 0x8, 0x0, 0x5, 0x2, 0x7fff, 0x9400, 0x6, 0x0, 0x9, 0x7, 0x100]}) 390.898826ms ago: executing program 8 (id=11336): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) 324.940838ms ago: executing program 8 (id=11337): fanotify_init(0x2, 0x0) epoll_create1(0x0) r0 = syz_io_uring_setup(0x3732, &(0x7f0000000700)={0x0, 0x0, 0x10100}, &(0x7f0000000140), &(0x7f0000000640)=0x0) syz_io_uring_setup(0x1868, &(0x7f00000001c0)={0x0, 0xedce, 0x0, 0xfffffffc, 0xc7}, &(0x7f0000000040)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r2, r1, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x2, 0x0, 0x0, 0x19}) io_uring_enter(r0, 0x184c, 0x0, 0x0, 0x0, 0x0) 324.771964ms ago: executing program 8 (id=11338): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r0, 0x400455c8, 0x4) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000100)=0x2) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x5) 270.885482ms ago: executing program 8 (id=11339): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000012c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109024a0001100000000904000003fe03010009cd8d1f00020000000905050200067e001009058b1e", @ANYRESHEX], 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000100)={0x1c, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r2, &(0x7f0000000180)='0', 0xfe64) 121.550064ms ago: executing program 1 (id=11340): r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000001080), 0x0, 0x0) io_setup(0x3, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000800)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) r3 = dup(r2) write$UHID_INPUT(r3, &(0x7f0000001000)={0xf, {"a2e3ad21ed0d09f90750090987f70906d038e7ff7fc6e5539b0d3d0e8b089b34366d63060890e0878f0e1ac6e7049b334a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383701d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb06ffc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb15da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 401.546µs ago: executing program 2 (id=11341): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x1}, 0x4) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x2000}, 0x4) 216.906µs ago: executing program 2 (id=11342): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x36, &(0x7f00000002c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0) syz_emit_ethernet(0x42, &(0x7f0000000140)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0xda18, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x80, 0x0, 0x0, 0x1000, {[@timestamp={0x8, 0xa, 0x7ffffffe, 0x20000006}]}}}}}}}, 0x0) 116.343µs ago: executing program 1 (id=11343): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x1a9d42, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 0s ago: executing program 2 (id=11344): syz_usb_connect(0x4, 0x0, 0x0, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0xf0ff}}]}) r0 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x5452, &(0x7f0000000240)=""/77) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x57, 0x0, 0x0, {0xfffe, 0x1}, {0x74, 0x2}, @const={0x6, {0x7f, 0x0, 0x8000, 0xfffd}}}) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x78, 0x822b01) write$char_usb(r1, &(0x7f0000000040)="e2", 0x1068) kernel console output (not intermixed with test programs): 000 [ 425.207799][ T40] audit: type=1326 audit(2000001316.409:3040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25794 comm="syz.2.8664" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 425.215564][ T40] audit: type=1326 audit(2000001316.409:3041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25794 comm="syz.2.8664" exe="/syz-executor" sig=0 arch=40000003 syscall=219 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 425.222329][ T40] audit: type=1326 audit(2000001316.409:3042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25794 comm="syz.2.8664" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 425.229181][ T40] audit: type=1326 audit(2000001316.409:3043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25794 comm="syz.2.8664" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 425.236210][ T40] audit: type=1326 audit(2000001316.409:3044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25794 comm="syz.2.8664" exe="/syz-executor" sig=0 arch=40000003 syscall=122 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 425.299864][T25799] batman_adv: batadv0: Adding interface: macsec0 [ 425.302132][T25799] batman_adv: batadv0: The MTU of interface macsec0 is too small (1504) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1596 would solve the problem. [ 425.310052][T25799] batman_adv: batadv0: Interface activated: macsec0 [ 425.337856][T25803] syzkaller1: entered promiscuous mode [ 425.339777][T25803] syzkaller1: entered allmulticast mode [ 425.730011][T25829] binder: 25828:25829 ioctl c0306201 800003c0 returned -14 [ 426.461427][ T6884] usb 7-1: new high-speed USB device number 54 using dummy_hcd [ 426.623763][ T6884] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 426.627174][ T6884] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 426.630220][ T6884] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 426.633367][ T6884] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.637835][T25847] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 426.641858][ T6884] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 426.791301][T15072] usb 6-1: new high-speed USB device number 51 using dummy_hcd [ 426.845827][ T6884] usb 7-1: USB disconnect, device number 54 [ 426.847809][ T53] kernel write not supported for file /register (pid: 53 comm: kworker/2:1) [ 426.954500][T15072] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 426.958888][T15072] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 426.963131][T15072] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 426.966660][T15072] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.979346][T25851] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 426.984320][T15072] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 427.228498][ T6021] usb 6-1: USB disconnect, device number 51 [ 427.267046][T25884] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8705'. [ 427.390444][T25898] binder: 25897:25898 ioctl c0306201 800003c0 returned -14 [ 427.400533][T25900] syzkaller1: entered promiscuous mode [ 427.403318][T25900] syzkaller1: entered allmulticast mode [ 427.613506][ T6884] libceph: connect (1)[c::]:6789 error -101 [ 427.615852][ T6884] libceph: mon0 (1)[c::]:6789 connect error [ 427.702550][T25919] ceph: No mds server is up or the cluster is laggy [ 427.763825][T25932] binder: 25931:25932 ioctl c0306201 800003c0 returned -14 [ 427.777702][T25934] syzkaller1: entered promiscuous mode [ 427.779490][T25934] syzkaller1: entered allmulticast mode [ 428.588324][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 428.588336][ T40] audit: type=1326 audit(2000001319.800:3047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26006 comm="syz.1.8756" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 428.598195][ T40] audit: type=1326 audit(2000001319.800:3048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26006 comm="syz.1.8756" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 428.605753][ T40] audit: type=1326 audit(2000001319.800:3049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26006 comm="syz.1.8756" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 428.614070][ T40] audit: type=1326 audit(2000001319.800:3050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26006 comm="syz.1.8756" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 428.622197][ T40] audit: type=1326 audit(2000001319.800:3051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26006 comm="syz.1.8756" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 428.629214][ T40] audit: type=1326 audit(2000001319.800:3052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26006 comm="syz.1.8756" exe="/syz-executor" sig=0 arch=40000003 syscall=219 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 428.637235][ T40] audit: type=1326 audit(2000001319.800:3053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26006 comm="syz.1.8756" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 428.644554][ T40] audit: type=1326 audit(2000001319.800:3054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26006 comm="syz.1.8756" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 428.651680][ T40] audit: type=1326 audit(2000001319.810:3055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26006 comm="syz.1.8756" exe="/syz-executor" sig=0 arch=40000003 syscall=122 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 428.658614][ T40] audit: type=1326 audit(2000001319.810:3056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26006 comm="syz.1.8756" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 428.717856][T26023] overlayfs: failed lookup in lower (/, name='file0', err=-66): unsupported object type [ 429.044635][ T6041] libceph: connect (1)[c::]:6789 error -101 [ 429.046642][ T6041] libceph: mon0 (1)[c::]:6789 connect error [ 429.144780][T26052] ceph: No mds server is up or the cluster is laggy [ 429.310138][T15072] usb 6-1: new high-speed USB device number 52 using dummy_hcd [ 429.470050][T15072] usb 6-1: Using ep0 maxpacket: 8 [ 429.473147][T15072] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 429.475769][T15072] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 429.478824][T15072] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 429.483148][T15072] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 429.486252][T15072] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 429.490562][T15072] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 429.493377][T15072] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 429.702215][T15072] usb 6-1: GET_CAPABILITIES returned 0 [ 429.703971][T15072] usbtmc 6-1:16.0: can't read capabilities [ 429.903082][T15072] usb 6-1: USB disconnect, device number 52 [ 430.995899][T26124] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8808'. [ 431.009199][ T6028] usb 6-1: new high-speed USB device number 53 using dummy_hcd [ 431.099312][ T6021] usb 7-1: new high-speed USB device number 55 using dummy_hcd [ 431.170935][ T6028] usb 6-1: Using ep0 maxpacket: 8 [ 431.174111][ T6028] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 431.177669][ T6028] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 431.180780][ T6028] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 431.184562][ T6028] usb 6-1: config 0 descriptor?? [ 431.270464][ T6021] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 431.273288][ T6021] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 431.276584][ T6021] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 431.279659][ T6021] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 431.283116][ T6021] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 431.288049][ T6021] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 431.291011][ T6021] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 431.293630][ T6021] usb 7-1: Product: syz [ 431.294992][ T6021] usb 7-1: Manufacturer: syz [ 431.299747][ T6021] cdc_wdm 7-1:1.0: skipping garbage [ 431.301446][ T6021] cdc_wdm 7-1:1.0: skipping garbage [ 431.305312][ T6021] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 431.307265][ T6021] cdc_wdm 7-1:1.0: Unknown control protocol [ 431.391576][ T6028] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior1 [ 431.501888][T15072] usb 7-1: USB disconnect, device number 55 [ 431.791715][T26118] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 431.796470][T26118] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 431.801088][ T6114] usb 6-1: USB disconnect, device number 53 [ 432.309333][T26140] block nbd2: NBD_DISCONNECT [ 432.311002][T26140] block nbd2: Send disconnect failed -22 [ 432.314939][T26140] block nbd2: Send disconnect failed -22 [ 432.317237][T26139] block nbd2: Disconnected due to user request. [ 432.319893][T26139] block nbd2: shutting down sockets [ 432.854388][T26159] vcan0: tx drop: invalid sa for name 0x0000000000000002 [ 433.278011][ T6021] usb 6-1: new high-speed USB device number 54 using dummy_hcd [ 433.449503][ T6021] usb 6-1: config 0 has no interfaces? [ 433.451385][ T6021] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 433.454213][ T6021] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 433.458063][ T6021] usb 6-1: config 0 descriptor?? [ 433.665811][ T10] usb 6-1: USB disconnect, device number 54 [ 433.987714][ T6884] usb 11-1: new high-speed USB device number 15 using dummy_hcd [ 434.138905][ T6884] usb 11-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 434.142532][ T6884] usb 11-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 434.145731][ T6884] usb 11-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 434.148881][ T6884] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 434.153122][T26196] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 434.156987][ T6884] usb 11-1: Quirk or no altset; falling back to MIDI 1.0 [ 434.310650][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 434.310663][ T40] audit: type=1326 audit(2000001325.533:3060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26211 comm="syz.1.8847" exe="/syz-executor" sig=31 arch=40000003 syscall=20 compat=1 ip=0xf709e579 code=0x0 [ 434.400871][ T6884] usb 11-1: USB disconnect, device number 15 [ 435.207088][ T6021] usb 11-1: new high-speed USB device number 16 using dummy_hcd [ 435.378317][ T6021] usb 11-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 435.382037][ T6021] usb 11-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 435.385222][ T6021] usb 11-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 435.388621][ T6021] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 435.393036][T26222] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 435.398644][ T6021] usb 11-1: Quirk or no altset; falling back to MIDI 1.0 [ 435.524163][T26240] Invalid ELF header magic: != ELF [ 435.604884][ T6021] usb 11-1: USB disconnect, device number 16 [ 435.616910][ T6060] kernel write not supported for file /register (pid: 6060 comm: kworker/1:5) [ 435.824237][T26256] netlink: 'syz.2.8865': attribute type 1 has an invalid length. [ 435.826880][T26256] netlink: 16074 bytes leftover after parsing attributes in process `syz.2.8865'. [ 436.032644][T26258] Invalid ELF header magic: != ELF [ 436.143571][ T10] libceph: connect (1)[c::]:6789 error -101 [ 436.145614][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 436.190118][T15072] libceph: connect (1)[c::]:6789 error -101 [ 436.192190][T15072] libceph: mon0 (1)[c::]:6789 connect error [ 436.238532][T26285] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 436.332169][T26298] netlink: 24 bytes leftover after parsing attributes in process `syz.2.8882'. [ 436.351957][T26298] netlink: 'syz.2.8882': attribute type 1 has an invalid length. [ 436.354470][T26298] netlink: 'syz.2.8882': attribute type 2 has an invalid length. [ 436.357070][T26298] netlink: 'syz.2.8882': attribute type 3 has an invalid length. [ 436.360167][T26298] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8882'. [ 436.418937][ T10] libceph: connect (1)[c::]:6789 error -101 [ 436.421045][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 436.446735][ T53] libceph: connect (1)[c::]:6789 error -101 [ 436.449348][ T53] libceph: mon0 (1)[c::]:6789 connect error [ 436.653920][T26320] netlink: 12 bytes leftover after parsing attributes in process `syz.6.8891'. [ 436.927584][ T10] libceph: connect (1)[c::]:6789 error -101 [ 436.930183][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 436.945734][ T40] audit: type=1326 audit(2000001328.165:3061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26322 comm="syz.2.8893" exe="/syz-executor" sig=31 arch=40000003 syscall=20 compat=1 ip=0xf70ae579 code=0x0 [ 436.965182][T26270] ceph: No mds server is up or the cluster is laggy [ 436.966271][T26283] ceph: No mds server is up or the cluster is laggy [ 436.966890][ T53] libceph: connect (1)[c::]:6789 error -101 [ 436.967054][ T53] libceph: mon0 (1)[c::]:6789 connect error [ 437.082967][T26331] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8895'. [ 437.085969][T26331] netlink: 'syz.1.8895': attribute type 1 has an invalid length. [ 437.088827][T26331] netlink: 'syz.1.8895': attribute type 2 has an invalid length. [ 437.091312][T26331] netlink: 'syz.1.8895': attribute type 3 has an invalid length. [ 437.093761][T26331] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8895'. [ 437.334323][T26353] netlink: 'syz.1.8903': attribute type 1 has an invalid length. [ 437.336976][T26353] netlink: 16074 bytes leftover after parsing attributes in process `syz.1.8903'. [ 437.759924][T26380] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 438.235509][T26402] block nbd1: Device being setup by another task [ 438.238339][T26397] block nbd1: NBD_DISCONNECT [ 438.239883][T26397] block nbd1: Send disconnect failed -22 [ 438.242800][T26396] block nbd1: Disconnected due to user request. [ 438.244822][T26396] block nbd1: shutting down sockets [ 438.867410][T26438] syz_tun: entered allmulticast mode [ 438.870313][T26436] syz_tun: left allmulticast mode [ 439.049913][T26456] netlink: 164 bytes leftover after parsing attributes in process `syz.2.8948'. [ 439.400248][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.402681][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 439.524377][T26499] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 439.665708][T15072] usb 6-1: new high-speed USB device number 55 using dummy_hcd [ 439.689403][T26512] netlink: 'syz.6.8972': attribute type 2 has an invalid length. [ 439.693128][T26512] netlink: 532 bytes leftover after parsing attributes in process `syz.6.8972'. [ 439.824966][T15072] usb 6-1: Using ep0 maxpacket: 32 [ 439.827830][T15072] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 439.831034][T15072] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 439.845667][T15072] usb 6-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 439.848591][T15072] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 439.851148][T15072] usb 6-1: Product: syz [ 439.852511][T15072] usb 6-1: Manufacturer: syz [ 439.853986][T15072] usb 6-1: SerialNumber: syz [ 439.857463][T15072] usb 6-1: config 0 descriptor?? [ 439.861042][T15072] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 439.876459][T15072] snd-usb-audio 6-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 440.037736][T26521] "syz.6.8977" (26521) uses obsolete ecb(arc4) skcipher [ 440.063369][ T6114] usb 6-1: USB disconnect, device number 55 [ 440.635800][T15072] libceph: connect (1)[c::]:6789 error -22 [ 440.637871][T15072] libceph: mon0 (1)[c::]:6789 connect error [ 440.667947][T26582] syzkaller1: entered promiscuous mode [ 440.669930][T26582] syzkaller1: entered allmulticast mode [ 440.672442][T26582] PF_CAN: dropped non conform CAN skbuff: dev type 280, len 324 [ 440.686076][ T6041] libceph: connect (1)[c::]:6789 error -22 [ 440.688122][ T6041] libceph: mon0 (1)[c::]:6789 connect error [ 440.844221][ T6114] usb 11-1: new high-speed USB device number 17 using dummy_hcd [ 440.847939][T26593] syz_tun: entered allmulticast mode [ 440.850852][T26592] syz_tun: left allmulticast mode [ 440.895433][T15072] libceph: connect (1)[c::]:6789 error -22 [ 440.897452][T15072] libceph: mon0 (1)[c::]:6789 connect error [ 440.944521][ T6041] libceph: connect (1)[c::]:6789 error -22 [ 440.946516][ T6041] libceph: mon0 (1)[c::]:6789 connect error [ 440.997669][ T6114] usb 11-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 441.001207][ T6114] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 441.005667][ T6114] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 441.008738][ T6114] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 441.013555][ T6114] usb 11-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 441.016678][ T6114] usb 11-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 441.019218][ T6114] usb 11-1: Manufacturer: syz [ 441.021854][ T6114] usb 11-1: config 0 descriptor?? [ 441.039009][T26601] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9011'. [ 441.404052][T15072] libceph: connect (1)[c::]:6789 error -22 [ 441.406046][T15072] libceph: mon0 (1)[c::]:6789 connect error [ 441.429343][ T6114] hid_parser_main: 5 callbacks suppressed [ 441.429356][ T6114] appleir 0003:05AC:8243.004D: unknown main item tag 0x0 [ 441.435444][ T6114] appleir 0003:05AC:8243.004D: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.6-1/input0 [ 441.453101][T26576] ceph: No mds server is up or the cluster is laggy [ 441.454017][T26583] ceph: No mds server is up or the cluster is laggy [ 441.468781][ T6114] libceph: connect (1)[c::]:6789 error -22 [ 441.472398][ T6114] libceph: mon0 (1)[c::]:6789 connect error [ 443.253991][T26613] netlink: 'syz.2.9015': attribute type 2 has an invalid length. [ 443.257589][T26613] netlink: 532 bytes leftover after parsing attributes in process `syz.2.9015'. [ 443.274075][T26613] bond0: (slave dummy0): Releasing backup interface [ 443.324388][T26617] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 443.376430][T26622] "syz.1.9019" (26622) uses obsolete ecb(arc4) skcipher [ 443.511599][ T53] usb 11-1: USB disconnect, device number 17 [ 443.677496][T26651] netlink: 'syz.4.9029': attribute type 2 has an invalid length. [ 443.681522][T26651] netlink: 532 bytes leftover after parsing attributes in process `syz.4.9029'. [ 443.713578][T26655] syzkaller1: entered promiscuous mode [ 443.715322][T26655] syzkaller1: entered allmulticast mode [ 443.891798][T26672] netlink: 36 bytes leftover after parsing attributes in process `syz.4.9041'. [ 443.925162][T26676] syzkaller1: entered promiscuous mode [ 443.926970][T26676] syzkaller1: entered allmulticast mode [ 443.934717][ T6041] usb 7-1: new high-speed USB device number 56 using dummy_hcd [ 444.089167][T26688] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 444.096040][ T6041] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 444.099492][ T6041] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 444.104175][ T6041] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 444.107029][ T6041] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 444.111254][T26653] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 444.114641][T26693] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9050'. [ 444.116587][ T6041] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 444.117882][T26693] netlink: 32 bytes leftover after parsing attributes in process `syz.4.9050'. [ 444.362739][ T6060] usb 7-1: USB disconnect, device number 56 [ 444.860893][T26719] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 444.863291][ T6060] usb 9-1: new high-speed USB device number 24 using dummy_hcd [ 445.032088][ T6060] usb 9-1: Using ep0 maxpacket: 8 [ 445.035299][ T6060] usb 9-1: config index 0 descriptor too short (expected 301, got 45) [ 445.038017][ T6060] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 445.041108][ T6060] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 445.044827][ T6060] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 445.047980][ T6060] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 445.051118][ T6060] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 445.055414][ T6060] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 445.058286][ T6060] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 445.063364][ T6060] usbtmc 9-1:16.0: probe with driver usbtmc failed with error -22 [ 445.065717][T26740] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 445.112197][T26746] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9073'. [ 445.116196][T26746] netlink: 32 bytes leftover after parsing attributes in process `syz.2.9073'. [ 445.343518][ T10] usb 9-1: USB disconnect, device number 24 [ 445.978227][T26780] 9pnet: p9_errstr2errno: server reported unknown error 184467 [ 445.981861][ T40] audit: type=1326 audit(2000001337.199:3062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26749 comm="syz.2.9075" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7fc00000 [ 446.184820][T26808] 9pnet: p9_errstr2errno: server reported unknown error 184467 [ 447.309695][T26877] syz.2.9132: attempt to access beyond end of device [ 447.309695][T26877] loop5: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 447.315232][T26877] SQUASHFS error: Failed to read block 0x0: -5 [ 448.101823][T26874] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 448.108149][ T5988] Bluetooth: hci4: sending frame failed (-49) [ 448.111572][ T5985] Bluetooth: hci4: Entering manufacturer mode failed (-49) [ 448.136851][T26891] ALSA: seq fatal error: cannot create timer (-16) [ 448.261911][T26907] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9143'. [ 448.262498][T26906] syz_tun: entered allmulticast mode [ 448.885252][T26968] netlink: 12 bytes leftover after parsing attributes in process `syz.6.9177'. [ 448.900721][T26968] vxlan2: entered promiscuous mode [ 449.400002][ T5985] Bluetooth: hci3: command 0x040f tx timeout [ 449.760301][ T840] usb 9-1: new high-speed USB device number 25 using dummy_hcd [ 449.911128][ T840] usb 9-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 449.916649][ T840] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 449.919465][ T840] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 449.923216][ T840] usb 9-1: Product: syz [ 449.924554][ T840] usb 9-1: Manufacturer: syz [ 449.926028][ T840] usb 9-1: SerialNumber: syz [ 450.132909][ T840] usblp 9-1:1.0: usblp0: USB Unidirectional printer dev 25 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 450.338436][ T6060] usb 9-1: USB disconnect, device number 25 [ 450.347335][ T6060] usblp0: removed [ 450.881369][T27084] bridge0: port 2(bridge_slave_1) entered disabled state [ 450.883927][T27084] bridge0: port 1(bridge_slave_0) entered disabled state [ 450.932631][T27084] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 450.939623][T27084] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 451.001235][T27084] batman_adv: batadv0: Interface deactivated: macsec1 [ 451.010360][ T1237] netdevsim netdevsim6 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 451.013774][ T1237] netdevsim netdevsim6 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 451.017093][ T1237] netdevsim netdevsim6 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 451.020879][ T1237] netdevsim netdevsim6 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 451.036950][ T1237] netdevsim netdevsim6 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 451.042208][ T1237] netdevsim netdevsim6 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 451.045017][ T1237] netdevsim netdevsim6 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 451.047683][ T1237] netdevsim netdevsim6 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 451.791323][T27122] veth1_to_batadv: left promiscuous mode [ 451.800175][T27122] batman_adv: batadv0: Interface deactivated: macvlan2 [ 451.808542][T27122] batman_adv: batadv0: Interface deactivated: macsec0 [ 451.811998][ T97] netdevsim netdevsim1 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 451.815384][ T97] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 20000 - 0 [ 451.818972][ T97] netdevsim netdevsim1 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 451.822561][ T97] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 20000 - 0 [ 451.825862][ T97] netdevsim netdevsim1 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 451.828482][ T97] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 20000 - 0 [ 451.832331][ T97] netdevsim netdevsim1 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 451.835642][ T97] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 20000 - 0 [ 452.308692][ T53] usb 11-1: new high-speed USB device number 18 using dummy_hcd [ 452.459967][ T53] usb 11-1: config 0 has an invalid interface number: 117 but max is 0 [ 452.462727][ T53] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 452.466058][ T53] usb 11-1: config 0 has no interface number 0 [ 452.468088][ T53] usb 11-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30 [ 452.471866][ T53] usb 11-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239 [ 452.477942][ T53] usb 11-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46 [ 452.481501][ T53] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 452.484267][ T53] usb 11-1: Product: syz [ 452.485780][ T53] usb 11-1: Manufacturer: syz [ 452.487388][ T53] usb 11-1: SerialNumber: syz [ 452.490460][ T53] usb 11-1: config 0 descriptor?? [ 452.493820][ T53] HFC-S_USB 11-1:0.117: probe with driver HFC-S_USB failed with error -5 [ 452.696990][ T53] usb 11-1: USB disconnect, device number 18 [ 452.740625][T27140] netlink: 24 bytes leftover after parsing attributes in process `syz.2.9236'. [ 452.743444][T27140] netlink: 'syz.2.9236': attribute type 1 has an invalid length. [ 452.746002][T27140] netlink: 'syz.2.9236': attribute type 2 has an invalid length. [ 452.748811][T27140] netlink: 24 bytes leftover after parsing attributes in process `syz.2.9236'. [ 453.032064][T27171] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9243'. [ 453.160747][T27177] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9246'. [ 453.411192][T27202] netlink: 240 bytes leftover after parsing attributes in process `syz.4.9254'. [ 453.435716][T27204] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9257'. [ 453.480555][T27206] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 453.483593][T27206] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 453.600390][T27213] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9261'. [ 453.648550][ T840] usb 7-1: new high-speed USB device number 57 using dummy_hcd [ 453.746169][T27221] netlink: 64 bytes leftover after parsing attributes in process `syz.1.9265'. [ 453.757767][T27221] netlink: 64 bytes leftover after parsing attributes in process `syz.1.9265'. [ 453.799106][ T840] usb 7-1: config 0 has an invalid interface number: 117 but max is 0 [ 453.801829][ T840] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 453.805017][ T840] usb 7-1: config 0 has no interface number 0 [ 453.807425][ T840] usb 7-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30 [ 453.811113][ T840] usb 7-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239 [ 453.816691][ T840] usb 7-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46 [ 453.820407][ T840] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 453.822947][ T840] usb 7-1: Product: syz [ 453.824281][ T840] usb 7-1: Manufacturer: syz [ 453.825768][ T840] usb 7-1: SerialNumber: syz [ 453.828491][ T840] usb 7-1: config 0 descriptor?? [ 453.831956][ T840] HFC-S_USB 7-1:0.117: probe with driver HFC-S_USB failed with error -5 [ 454.035651][ T6060] usb 7-1: USB disconnect, device number 57 [ 454.051507][T27225] kvm: user requested TSC rate below hardware speed [ 454.191537][T27230] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9269'. [ 454.410470][T27244] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9276'. [ 454.456442][ T40] audit: type=1326 audit(2000001345.683:3063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27215 comm="syz.4.9263" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2579 code=0x7fc00000 [ 454.590583][T27248] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 455.075836][T27253] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9280'. [ 455.204642][T27264] netlink: 'syz.6.9284': attribute type 12 has an invalid length. [ 455.207475][T27264] netlink: 'syz.6.9284': attribute type 29 has an invalid length. [ 455.210059][T27264] netlink: 148 bytes leftover after parsing attributes in process `syz.6.9284'. [ 455.212912][T27264] netlink: 'syz.6.9284': attribute type 2 has an invalid length. [ 455.215310][T27264] netlink: 23 bytes leftover after parsing attributes in process `syz.6.9284'. [ 455.427174][ T840] usb 6-1: new high-speed USB device number 56 using dummy_hcd [ 455.477067][ T6041] usb 9-1: new high-speed USB device number 26 using dummy_hcd [ 455.589012][ T840] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 455.592470][ T840] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 455.595757][ T840] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 455.599747][ T840] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 455.604938][ T840] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 455.608344][ T840] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 455.610888][ T840] usb 6-1: Manufacturer: syz [ 455.613495][ T840] usb 6-1: config 0 descriptor?? [ 455.638111][ T6041] usb 9-1: config 0 has an invalid interface number: 117 but max is 0 [ 455.640721][ T6041] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 455.643873][ T6041] usb 9-1: config 0 has no interface number 0 [ 455.645959][ T6041] usb 9-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30 [ 455.649701][ T6041] usb 9-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239 [ 455.655676][ T6041] usb 9-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46 [ 455.658692][ T6041] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 455.661259][ T6041] usb 9-1: Product: syz [ 455.662629][ T6041] usb 9-1: Manufacturer: syz [ 455.664165][ T6041] usb 9-1: SerialNumber: syz [ 455.667226][ T6041] usb 9-1: config 0 descriptor?? [ 455.671203][ T6041] HFC-S_USB 9-1:0.117: probe with driver HFC-S_USB failed with error -5 [ 455.875479][ T53] usb 9-1: USB disconnect, device number 26 [ 456.022224][ T840] appleir 0003:05AC:8243.004E: unknown main item tag 0x0 [ 456.026309][ T840] appleir 0003:05AC:8243.004E: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 456.063384][T27316] macsec0: entered promiscuous mode [ 456.065075][T27316] mac80211_hwsim hwsim10 wlan0: entered promiscuous mode [ 456.067439][T27316] macsec0: entered allmulticast mode [ 456.069107][T27316] mac80211_hwsim hwsim10 wlan0: entered allmulticast mode [ 456.117868][T27320] hsr0: entered promiscuous mode [ 456.120218][T27320] hsr_slave_0: left promiscuous mode [ 456.123075][T27320] hsr_slave_1: left promiscuous mode [ 456.132296][T27320] hsr0 (unregistering): left promiscuous mode [ 456.278329][ T10] usb 6-1: USB disconnect, device number 56 [ 457.036192][ T10] usb 6-1: new high-speed USB device number 57 using dummy_hcd [ 457.090777][T27378] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 457.197563][ T10] usb 6-1: config 0 has an invalid interface number: 117 but max is 0 [ 457.202660][ T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 457.205789][ T10] usb 6-1: config 0 has no interface number 0 [ 457.208470][ T10] usb 6-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30 [ 457.211869][ T10] usb 6-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239 [ 457.218161][ T10] usb 6-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46 [ 457.220959][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 457.223466][ T10] usb 6-1: Product: syz [ 457.224838][ T10] usb 6-1: Manufacturer: syz [ 457.228130][ T10] usb 6-1: SerialNumber: syz [ 457.230764][ T10] usb 6-1: config 0 descriptor?? [ 457.234532][ T10] HFC-S_USB 6-1:0.117: probe with driver HFC-S_USB failed with error -5 [ 457.293891][ T10] libceph: connect (1)[c::]:6789 error -101 [ 457.295871][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 457.343987][ T10] libceph: connect (1)[c::]:6789 error -101 [ 457.346170][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 457.442195][ T10] usb 6-1: USB disconnect, device number 57 [ 457.556302][ T6884] libceph: connect (1)[c::]:6789 error -101 [ 457.558266][ T6884] libceph: mon0 (1)[c::]:6789 connect error [ 457.606255][ T6884] libceph: connect (1)[c::]:6789 error -101 [ 457.608168][ T6884] libceph: mon0 (1)[c::]:6789 connect error [ 458.065991][ T10] libceph: connect (1)[c::]:6789 error -101 [ 458.067942][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 458.124971][T27401] ceph: No mds server is up or the cluster is laggy [ 458.125766][ T10] libceph: connect (1)[c::]:6789 error -101 [ 458.128517][T27408] ceph: No mds server is up or the cluster is laggy [ 458.128783][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 458.397514][ T40] audit: type=1326 audit(2000001349.635:3064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27456 comm="syz.6.9371" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e598 code=0x7ffc0000 [ 458.404343][ T40] audit: type=1326 audit(2000001349.635:3065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27456 comm="syz.6.9371" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000 [ 458.411093][ T40] audit: type=1326 audit(2000001349.635:3066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27456 comm="syz.6.9371" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e598 code=0x7ffc0000 [ 458.417918][ T40] audit: type=1326 audit(2000001349.635:3067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27456 comm="syz.6.9371" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e598 code=0x7ffc0000 [ 458.424627][ T40] audit: type=1326 audit(2000001349.635:3068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27456 comm="syz.6.9371" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000 [ 458.431927][ T40] audit: type=1326 audit(2000001349.635:3069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27456 comm="syz.6.9371" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e598 code=0x7ffc0000 [ 458.438787][ T40] audit: type=1326 audit(2000001349.635:3070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27456 comm="syz.6.9371" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000 [ 458.446960][ T40] audit: type=1326 audit(2000001349.635:3071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27456 comm="syz.6.9371" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000 [ 458.453751][ T40] audit: type=1326 audit(2000001349.635:3072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27456 comm="syz.6.9371" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e598 code=0x7ffc0000 [ 458.965127][ T840] usb 9-1: new high-speed USB device number 27 using dummy_hcd [ 459.125042][ T840] usb 9-1: Using ep0 maxpacket: 8 [ 459.128173][ T840] usb 9-1: config 179 has an invalid interface number: 65 but max is 0 [ 459.130786][ T840] usb 9-1: config 179 has no interface number 0 [ 459.132779][ T840] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 459.136421][ T840] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 459.139940][ T840] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 459.143467][ T840] usb 9-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 459.148355][ T840] usb 9-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 459.151192][ T840] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 459.155713][T27482] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 459.305832][T27535] __nla_validate_parse: 1 callbacks suppressed [ 459.305844][T27535] netlink: 120 bytes leftover after parsing attributes in process `syz.1.9401'. [ 459.370252][ T6041] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:179.65/input/input105 [ 459.564893][ T53] usb 9-1: USB disconnect, device number 27 [ 459.564970][ C3] xpad 9-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 459.569698][ C3] dummy_hcd dummy_hcd.4: timer fired with no URBs pending? [ 459.594983][ T840] usb 7-1: new high-speed USB device number 58 using dummy_hcd [ 459.746092][ T840] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 459.749408][ T840] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 459.752750][ T840] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 459.756053][ T840] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 459.760869][ T840] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 459.763690][ T840] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 459.766441][ T840] usb 7-1: Manufacturer: syz [ 459.769124][ T840] usb 7-1: config 0 descriptor?? [ 460.179019][ T840] appleir 0003:05AC:8243.004F: unknown main item tag 0x0 [ 460.183146][ T840] appleir 0003:05AC:8243.004F: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 460.202006][T27568] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9414'. [ 460.229508][ T840] libceph: connect (1)[c::]:6789 error -101 [ 460.231492][ T840] libceph: mon0 (1)[c::]:6789 connect error [ 460.280204][ T6060] libceph: connect (1)[c::]:6789 error -101 [ 460.282251][ T6060] libceph: mon0 (1)[c::]:6789 connect error [ 460.435912][ T840] usb 7-1: USB disconnect, device number 58 [ 460.484602][ T6041] libceph: connect (1)[c::]:6789 error -101 [ 460.486592][ T6041] libceph: mon0 (1)[c::]:6789 connect error [ 460.534658][ T6021] libceph: connect (1)[c::]:6789 error -101 [ 460.536674][ T6021] libceph: mon0 (1)[c::]:6789 connect error [ 460.960617][ T40] kauditd_printk_skb: 65 callbacks suppressed [ 460.960628][ T40] audit: type=1326 audit(2000001352.187:3138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27584 comm="syz.2.9420" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ae598 code=0x7ffc0000 [ 460.969907][ T40] audit: type=1326 audit(2000001352.197:3139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27584 comm="syz.2.9420" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ae598 code=0x7ffc0000 [ 460.976826][ T40] audit: type=1326 audit(2000001352.197:3140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27584 comm="syz.2.9420" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ae598 code=0x7ffc0000 [ 460.983566][ T40] audit: type=1326 audit(2000001352.197:3141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27584 comm="syz.2.9420" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ae598 code=0x7ffc0000 [ 460.991281][ T40] audit: type=1326 audit(2000001352.197:3142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27584 comm="syz.2.9420" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ae598 code=0x7ffc0000 [ 460.995397][ T840] libceph: connect (1)[c::]:6789 error -101 [ 460.999411][ T40] audit: type=1326 audit(2000001352.197:3143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27584 comm="syz.2.9420" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ae598 code=0x7ffc0000 [ 460.999960][ T840] libceph: mon0 (1)[c::]:6789 connect error [ 461.007493][ T40] audit: type=1326 audit(2000001352.197:3144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27584 comm="syz.2.9420" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ae598 code=0x7ffc0000 [ 461.007518][ T40] audit: type=1326 audit(2000001352.197:3145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27584 comm="syz.2.9420" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 461.007538][ T40] audit: type=1326 audit(2000001352.197:3146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27584 comm="syz.2.9420" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ae598 code=0x7ffc0000 [ 461.007558][ T40] audit: type=1326 audit(2000001352.197:3147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27584 comm="syz.2.9420" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ae598 code=0x7ffc0000 [ 461.054330][ T6021] libceph: connect (1)[c::]:6789 error -101 [ 461.056431][ T6021] libceph: mon0 (1)[c::]:6789 connect error [ 461.060997][T27570] ceph: No mds server is up or the cluster is laggy [ 461.061102][T27573] ceph: No mds server is up or the cluster is laggy [ 461.378982][T27628] input: syz1 as /devices/virtual/input/input107 [ 461.495891][T27646] netlink: 24 bytes leftover after parsing attributes in process `syz.4.9448'. [ 461.506675][T27650] input: syz1 as /devices/virtual/input/input108 [ 461.581586][T27661] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 461.586575][T27661] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 461.647836][T27661] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 461.651057][T27661] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 461.705938][T27679] @: renamed from vlan0 (while UP) [ 461.740121][T27661] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 461.743864][T27661] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 461.834798][T27688] netlink: 24 bytes leftover after parsing attributes in process `syz.1.9467'. [ 461.867599][T27661] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 461.870699][T27661] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 462.012144][ T1237] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 462.014852][ T1237] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 462.022928][ T1237] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 462.026757][ T1237] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 462.046255][ T1237] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 462.048835][ T1237] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 462.051464][ T1237] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 462.054281][ T1237] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 462.313557][ T6884] usb 9-1: new high-speed USB device number 28 using dummy_hcd [ 462.373693][ T53] usb 7-1: new high-speed USB device number 59 using dummy_hcd [ 462.473385][ T6884] usb 9-1: Using ep0 maxpacket: 32 [ 462.476715][ T6884] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 462.480907][ T6884] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 462.484504][ T6884] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 462.487917][ T6884] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.492168][ T6884] usb 9-1: config 0 descriptor?? [ 462.523733][ T53] usb 7-1: Using ep0 maxpacket: 8 [ 462.527627][ T53] usb 7-1: config 179 has an invalid interface number: 65 but max is 0 [ 462.530953][ T53] usb 7-1: config 179 has no interface number 0 [ 462.533632][ T53] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 462.538035][ T53] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 462.542457][ T53] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 462.546639][ T53] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 462.551257][ T53] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 462.555168][ T53] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.559456][T27708] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 462.769688][ T53] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:179.65/input/input109 [ 462.901810][ T6884] savu 0003:1E7D:2D5A.0050: hiddev0,hidraw1: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0 [ 462.970059][ T6021] usb 7-1: USB disconnect, device number 59 [ 462.970162][ C2] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 462.974867][ C2] dummy_hcd dummy_hcd.2: timer fired with no URBs pending? [ 463.061379][T27718] hsr0: entered allmulticast mode [ 463.063206][T27718] hsr_slave_0: entered allmulticast mode [ 463.064963][T27718] hsr_slave_1: entered allmulticast mode [ 463.067734][T27718] hsr_slave_0: left promiscuous mode [ 463.070153][T27718] hsr_slave_1: left promiscuous mode [ 463.078819][T27718] hsr0 (unregistering): left allmulticast mode [ 463.155261][ T6884] usb 9-1: USB disconnect, device number 28 [ 463.277908][T27733] netlink: 56 bytes leftover after parsing attributes in process `syz.1.9486'. [ 463.553943][T27750] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9495'. [ 463.580598][T27750] batman_adv: batadv0: Removing interface: macsec0 [ 463.920748][T27792] netlink: 4 bytes leftover after parsing attributes in process `syz.6.9514'. [ 463.925193][T27792] bridge_slave_1: left allmulticast mode [ 463.927187][T27792] bridge_slave_1: left promiscuous mode [ 463.929165][T27792] bridge0: port 2(bridge_slave_1) entered disabled state [ 463.934093][T27792] bridge_slave_0: left allmulticast mode [ 463.935926][T27792] bridge_slave_0: left promiscuous mode [ 463.937789][T27792] bridge0: port 1(bridge_slave_0) entered disabled state [ 463.970025][T27792] batman_adv: batadv0: Removing interface: macsec1 [ 464.230624][T27824] 9pnet: p9_errstr2errno: server reported unknown error pA;KZ44/@qk [ 464.270158][T27831] input: syz0 as /devices/virtual/input/input110 [ 464.448437][T27846] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9540'. [ 464.451294][T27846] bridge_slave_1: left allmulticast mode [ 464.453368][T27846] bridge_slave_1: left promiscuous mode [ 464.455286][T27846] bridge0: port 2(bridge_slave_1) entered disabled state [ 464.460522][T27846] bridge_slave_0: left allmulticast mode [ 464.462294][T27846] bridge_slave_0: left promiscuous mode [ 464.464308][T27846] bridge0: port 1(bridge_slave_0) entered disabled state [ 464.563295][T27852] 9pnet: p9_errstr2errno: server reported unknown error pA;KZ44/@qk [ 465.681478][T27951] overlayfs: workdir and upperdir must reside under the same mount [ 466.148906][T27961] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9594'. [ 466.152816][T27961] syz_tun: left allmulticast mode [ 466.154941][T27961] syz_tun: left promiscuous mode [ 466.157279][T27961] bridge0: port 3(syz_tun) entered disabled state [ 466.165053][T27961] bridge_slave_1: left allmulticast mode [ 466.167472][T27961] bridge_slave_1: left promiscuous mode [ 466.169693][T27923] overlayfs: statfs failed on './file0' [ 466.170053][T27961] bridge0: port 2(bridge_slave_1) entered disabled state [ 466.175792][T27961] bridge_slave_0: left allmulticast mode [ 466.177854][T27961] bridge_slave_0: left promiscuous mode [ 466.180462][T27961] bridge0: port 1(bridge_slave_0) entered disabled state [ 466.322007][ T40] kauditd_printk_skb: 198 callbacks suppressed [ 466.322018][ T40] audit: type=1326 audit(2000001357.559:3346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27971 comm="syz.2.9598" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 466.331541][ T40] audit: type=1326 audit(2000001357.559:3347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27971 comm="syz.2.9598" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 466.338241][ T40] audit: type=1326 audit(2000001357.569:3348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27971 comm="syz.2.9598" exe="/syz-executor" sig=0 arch=40000003 syscall=430 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 466.346432][ T40] audit: type=1326 audit(2000001357.569:3349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27971 comm="syz.2.9598" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 466.355398][ T40] audit: type=1326 audit(2000001357.569:3350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27971 comm="syz.2.9598" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 466.362944][ T40] audit: type=1326 audit(2000001357.569:3351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27971 comm="syz.2.9598" exe="/syz-executor" sig=0 arch=40000003 syscall=431 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 466.369665][ T40] audit: type=1326 audit(2000001357.569:3352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27971 comm="syz.2.9598" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 466.369690][ T40] audit: type=1326 audit(2000001357.569:3353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27971 comm="syz.2.9598" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 466.369711][ T40] audit: type=1326 audit(2000001357.569:3354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27971 comm="syz.2.9598" exe="/syz-executor" sig=0 arch=40000003 syscall=432 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 466.391968][ T40] audit: type=1326 audit(2000001357.569:3355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27971 comm="syz.2.9598" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 466.540954][T27991] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 466.554075][T27991] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 466.598805][T27991] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 466.601931][T27991] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 466.665379][T27991] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 466.668540][T27991] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 466.754060][T27991] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 466.757850][T27991] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 466.809764][T28011] overlayfs: workdir and upperdir must reside under the same mount [ 466.836775][ T89] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 466.839998][ T89] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.850355][ T89] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 466.853904][ T89] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.863762][ T89] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 466.866371][ T89] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.874999][ T89] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 466.877540][ T89] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 467.235863][T28035] kvm: vcpu 512: requested lapic timer restore with starting count register 0x390=1814518830 (232258410240 ns) > initial count (2458284544 ns). Using initial count to start timer. [ 467.266566][T28037] loop6: detected capacity change from 0 to 7 [ 467.270344][T28037] Dev loop6: unable to read RDB block 7 [ 467.272795][T28037] loop6: AHDI p3 p4 [ 467.274350][T28037] loop6: partition table partially beyond EOD, truncated [ 467.277178][T28037] loop6: p3 start 1886353253 is beyond EOD, truncated [ 468.002959][T28068] Bluetooth: hci0: unsupported parameter 32780 [ 468.004937][T28068] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 468.070667][ T6060] usb 6-1: new high-speed USB device number 58 using dummy_hcd [ 468.240592][ T6060] usb 6-1: Using ep0 maxpacket: 32 [ 468.243695][ T6060] usb 6-1: config 0 has an invalid interface number: 12 but max is 0 [ 468.246273][ T6060] usb 6-1: config 0 has no interface number 0 [ 468.248194][ T6060] usb 6-1: config 0 interface 12 has no altsetting 0 [ 468.252897][ T6060] usb 6-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 468.256263][ T6060] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 468.258720][ T6060] usb 6-1: Product: syz [ 468.260070][ T6060] usb 6-1: Manufacturer: syz [ 468.261969][ T6060] usb 6-1: SerialNumber: syz [ 468.264536][ T6060] usb 6-1: config 0 descriptor?? [ 468.267235][ T6060] f81534 6-1:0.12: required endpoints missing [ 468.323085][T28082] netlink: 4 bytes leftover after parsing attributes in process `syz.6.9645'. [ 468.477389][ T53] usb 6-1: USB disconnect, device number 58 [ 469.817503][T28160] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 469.911850][ T5985] Bluetooth: hci3: unexpected cc 0x203e length: 2 > 1 [ 469.915199][ T5985] Bluetooth: hci3: unexpected event for opcode 0x203e [ 470.588038][T28209] loop2: detected capacity change from 0 to 7 [ 470.590898][T28209] Dev loop2: unable to read RDB block 7 [ 470.592650][T28209] loop2: AHDI p1 p2 p3 [ 470.594305][T28209] loop2: partition table partially beyond EOD, truncated [ 470.596531][T28209] loop2: p1 start 1601398130 is beyond EOD, truncated [ 470.600685][T28209] loop2: p2 start 1702059890 is beyond EOD, truncated [ 471.011469][T28250] netlink: 67 bytes leftover after parsing attributes in process `syz.6.9710'. [ 471.055730][T28246] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 471.117578][T28265] input: syz0 as /devices/virtual/input/input111 [ 471.255339][T28277] netlink: 67 bytes leftover after parsing attributes in process `syz.1.9723'. [ 471.405829][T28289] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9729'. [ 471.979882][T28323] netlink: 8 bytes leftover after parsing attributes in process `syz.6.9744'. [ 472.394122][T28350] loop2: detected capacity change from 0 to 7 [ 472.396512][T28350] Dev loop2: unable to read RDB block 7 [ 472.398263][T28350] loop2: AHDI p1 p2 p3 [ 472.401041][T28350] loop2: partition table partially beyond EOD, truncated [ 472.403972][T28350] loop2: p1 start 1601398130 is beyond EOD, truncated [ 472.406539][T28350] loop2: p2 start 1702059890 is beyond EOD, truncated [ 472.421420][T28354] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9758'. [ 473.617925][ T5985] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 473.618194][ T5988] Bluetooth: hci4: command 0x1003 tx timeout [ 473.665829][T28386] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9771'. [ 473.845183][T28414] loop7: detected capacity change from 0 to 7 [ 473.947840][ T5988] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 473.950749][ T5988] Bluetooth: hci3: Injecting HCI hardware error event [ 473.955276][ T5985] Bluetooth: hci3: hardware error 0x00 [ 474.069924][T28423] support for the xor transformation has been removed. [ 474.072907][T28414] Dev loop7: unable to read RDB block 7 [ 474.074650][T28414] loop7: unable to read partition table [ 474.076497][T28414] loop7: partition table beyond EOD, truncated [ 474.079314][T28414] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 474.080586][T28432] Invalid ELF header len 8 [ 474.083498][ C3] blk_print_req_error: 6 callbacks suppressed [ 474.083509][ C3] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 474.089896][ C3] buffer_io_error: 14 callbacks suppressed [ 474.089905][ C3] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 474.192315][T28441] netlink: 48 bytes leftover after parsing attributes in process `syz.2.9798'. [ 474.337034][T28459] loop7: detected capacity change from 0 to 7 [ 474.390909][T28464] input: syz1 as /devices/virtual/input/input113 [ 474.558619][T28469] support for the xor transformation has been removed. [ 474.562881][ C0] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 474.564910][T28459] Dev loop7: unable to read RDB block 7 [ 474.566161][ C0] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 474.573707][T28459] loop7: unable to read partition table [ 474.576135][T28459] loop7: partition table beyond EOD, truncated [ 474.579173][T28459] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 474.867322][ T840] usb 6-1: new high-speed USB device number 59 using dummy_hcd [ 475.028849][ T840] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 475.033594][ T840] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 475.038300][ T840] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 475.042142][ T840] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 475.048263][T28491] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 475.053431][ T840] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 475.254791][T15072] usb 6-1: USB disconnect, device number 59 [ 475.261861][T28524] netlink: 48 bytes leftover after parsing attributes in process `syz.4.9832'. [ 476.016849][ T5985] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 477.101660][T28625] syz_tun: entered promiscuous mode [ 477.108315][T28625] batadv_slave_0: entered promiscuous mode [ 477.113901][T28625] debugfs: 'hsr1' already exists in 'hsr' [ 477.116366][T28625] Cannot create hsr debugfs directory [ 477.119584][T28625] hsr1: Slave A (syz_tun) is not up; please bring it up to get a fully working HSR network [ 477.124491][T28625] hsr1: entered allmulticast mode [ 477.130657][T28625] syz_tun: entered allmulticast mode [ 477.132452][T28625] batadv_slave_0: entered allmulticast mode [ 477.396036][ T10] usb 11-1: new high-speed USB device number 19 using dummy_hcd [ 477.565747][ T10] usb 11-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 477.568702][ T10] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 477.571240][ T10] usb 11-1: Product: syz [ 477.572594][ T10] usb 11-1: Manufacturer: syz [ 477.574237][ T10] usb 11-1: SerialNumber: syz [ 477.576947][ T10] usb 11-1: config 0 descriptor?? [ 477.786370][ T10] usb 11-1: USB disconnect, device number 19 [ 479.044281][T28747] syz_tun: entered promiscuous mode [ 479.046718][T28747] batadv_slave_0: entered promiscuous mode [ 479.049005][T28747] hsr0: Slave A (syz_tun) is not up; please bring it up to get a fully working HSR network [ 479.052249][T28747] hsr0: Slave B (batadv_slave_0) is not up; please bring it up to get a fully working HSR network [ 479.056184][T28747] hsr0: entered allmulticast mode [ 479.057851][T28747] syz_tun: entered allmulticast mode [ 479.059602][T28747] batadv_slave_0: entered allmulticast mode [ 480.372470][T28807] bond1: entered allmulticast mode [ 480.374570][T28807] 8021q: adding VLAN 0 to HW filter on device bond1 [ 481.435770][T25964] syz_tun (unregistering): left promiscuous mode [ 481.454293][ T6021] usb 6-1: new high-speed USB device number 60 using dummy_hcd [ 481.536339][ T12] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 481.539883][ T12] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 481.613896][ T6021] usb 6-1: Using ep0 maxpacket: 32 [ 481.619425][ T12] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 481.622490][ T12] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 481.624190][ T6021] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 481.628547][ T6021] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 481.644051][ T6021] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 481.649104][ T6021] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 481.654797][ T6021] usb 6-1: config 0 interface 0 has no altsetting 0 [ 481.659439][T28880] netlink: 'syz.2.9983': attribute type 1 has an invalid length. [ 481.659494][ T6021] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 481.665651][ T6021] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 481.668279][ T6021] usb 6-1: Product: syz [ 481.669607][ T6021] usb 6-1: Manufacturer: syz [ 481.671075][ T6021] usb 6-1: SerialNumber: syz [ 481.672839][T28880] 8021q: adding VLAN 0 to HW filter on device bond1 [ 481.673642][ T6021] usb 6-1: config 0 descriptor?? [ 481.681258][ T6021] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 481.685606][ T6021] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 481.690931][T28880] bond1: (slave geneve3): making interface the new active one [ 481.694213][T28880] bond1: (slave geneve3): Enslaving as an active interface with an up link [ 481.701167][ T12] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 481.706792][ T12] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 481.713497][ T13] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 481.717604][ T13] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 481.720185][ T13] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 481.722716][ T13] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 481.731644][ T5988] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 481.739054][ T5988] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 481.742529][ T5988] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 481.747034][ T5988] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 481.750038][ T5988] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 481.808971][ T12] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 481.812051][ T12] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 481.874719][T28882] chnl_net:caif_netlink_parms(): no params data found [ 481.924096][ T6041] usb 6-1: USB disconnect, device number 60 [ 481.927315][ T6041] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 482.001163][T28882] bridge0: port 1(bridge_slave_0) entered blocking state [ 482.003372][T28882] bridge0: port 1(bridge_slave_0) entered disabled state [ 482.006045][T28882] bridge_slave_0: entered allmulticast mode [ 482.008685][T28882] bridge_slave_0: entered promiscuous mode [ 482.245447][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 482.249526][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 482.253250][ T12] bond0 (unregistering): Released all slaves [ 482.259550][T28882] bridge0: port 2(bridge_slave_1) entered blocking state [ 482.261791][T28882] bridge0: port 2(bridge_slave_1) entered disabled state [ 482.264182][T28882] bridge_slave_1: entered allmulticast mode [ 482.266792][T28882] bridge_slave_1: entered promiscuous mode [ 482.311517][T28882] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 482.318271][T28882] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 482.368428][T28882] team0: Port device team_slave_0 added [ 482.371817][T28882] team0: Port device team_slave_1 added [ 482.434671][T28882] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 482.436876][T28882] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 482.445380][T28882] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 482.450892][T28882] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 482.453144][T28882] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 482.461698][T28882] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 482.536948][T28882] hsr_slave_0: entered promiscuous mode [ 482.539227][T28882] hsr_slave_1: entered promiscuous mode [ 482.542703][T28882] debugfs: 'hsr0' already exists in 'hsr' [ 482.544796][T28882] Cannot create hsr debugfs directory [ 482.577835][T28911] netlink: 8 bytes leftover after parsing attributes in process `syz.6.9992'. [ 482.666009][ T12] batadv_slave_0: left promiscuous mode [ 482.672445][ T12] hsr_slave_0: left promiscuous mode [ 482.675875][ T12] hsr_slave_1: left promiscuous mode [ 482.677903][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 482.680259][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 482.683118][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 482.686680][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 482.712263][ T12] team0: left allmulticast mode [ 482.714546][ T12] team_slave_0: left allmulticast mode [ 482.716411][ T12] team_slave_1: left allmulticast mode [ 482.718127][ T12] team0: left promiscuous mode [ 482.719936][ T12] team_slave_0: left promiscuous mode [ 482.722409][ T12] team_slave_1: left promiscuous mode [ 482.724571][ T12] veth1_vlan: left promiscuous mode [ 482.726295][ T12] veth0_vlan: left promiscuous mode [ 482.749443][ T40] kauditd_printk_skb: 17 callbacks suppressed [ 482.749455][ T40] audit: type=1326 audit(2000001373.988:3373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28930 comm="syz.2.10009" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70ae579 code=0x0 [ 483.417248][ T12] team0 (unregistering): Port device team_slave_1 removed [ 483.507302][ T12] team0 (unregistering): Port device team_slave_0 removed [ 483.776771][ T5988] Bluetooth: hci3: command tx timeout [ 484.205789][T28882] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 484.210217][T28882] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 484.214933][T28882] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 484.226939][T28882] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 484.276535][T28882] 8021q: adding VLAN 0 to HW filter on device bond0 [ 484.285871][T28882] 8021q: adding VLAN 0 to HW filter on device team0 [ 484.290620][ T97] bridge0: port 1(bridge_slave_0) entered blocking state [ 484.292973][ T97] bridge0: port 1(bridge_slave_0) entered forwarding state [ 484.298809][ T89] bridge0: port 2(bridge_slave_1) entered blocking state [ 484.301141][ T89] bridge0: port 2(bridge_slave_1) entered forwarding state [ 484.411855][T28882] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 484.534487][T28882] veth0_vlan: entered promiscuous mode [ 484.539485][T28882] veth1_vlan: entered promiscuous mode [ 484.555963][T28882] veth0_macvtap: entered promiscuous mode [ 484.560262][T28882] veth1_macvtap: entered promiscuous mode [ 484.571211][T28882] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 484.578080][T28882] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 484.585345][ T1139] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.588188][ T1139] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.593901][ T1139] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.596667][ T1139] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.631349][ T89] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 484.634173][ T89] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 484.645768][ T89] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 484.648214][ T89] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 484.682102][T28951] netlink: 12 bytes leftover after parsing attributes in process `syz.7.9980'. [ 484.691308][T28956] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10013'. [ 484.705815][T28956] 8021q: adding VLAN 0 to HW filter on device bond2 [ 484.735772][T28956] 8021q: adding VLAN 0 to HW filter on device bond2 [ 484.738203][T28956] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 484.742153][T28956] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 484.945364][T28971] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10006'. [ 485.236135][ T53] kernel read not supported for file /swradio5 (pid: 53 comm: kworker/2:1) [ 485.349817][T29023] netlink: 'syz.2.10032': attribute type 1 has an invalid length. [ 485.352764][T29023] netlink: 'syz.2.10032': attribute type 4 has an invalid length. [ 485.355208][T29023] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.10032'. [ 485.479651][ T10] kernel read not supported for file /swradio5 (pid: 10 comm: kworker/0:1) [ 485.634270][T29050] netlink: 'syz.7.10042': attribute type 12 has an invalid length. [ 485.637431][T29050] netlink: 'syz.7.10042': attribute type 29 has an invalid length. [ 485.640622][T29050] netlink: 148 bytes leftover after parsing attributes in process `syz.7.10042'. [ 485.644343][T29050] netlink: 59 bytes leftover after parsing attributes in process `syz.7.10042'. [ 485.746680][T29059] netlink: 'syz.6.10046': attribute type 1 has an invalid length. [ 485.765621][T29059] 8021q: adding VLAN 0 to HW filter on device bond1 [ 485.773476][T29064] netlink: 12 bytes leftover after parsing attributes in process `syz.7.10049'. [ 485.790818][T29059] bond1: (slave geneve2): making interface the new active one [ 485.794293][T29059] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 485.797689][ T12] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.803337][ T12] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.806116][ T12] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.808665][ T12] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.828008][T29068] netlink: 4 bytes leftover after parsing attributes in process `syz.6.10051'. [ 485.861924][ T5988] Bluetooth: hci3: command tx timeout [ 486.121827][ T6041] usb 12-1: new high-speed USB device number 2 using dummy_hcd [ 486.199441][T29090] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10061'. [ 486.213201][T29090] 8021q: adding VLAN 0 to HW filter on device bond2 [ 486.234934][T29090] 8021q: adding VLAN 0 to HW filter on device bond2 [ 486.237261][T29090] bond2: (slave vxcan1): The slave device specified does not support setting the MAC address [ 486.241186][T29090] bond2: (slave vxcan1): Error -95 calling set_mac_address [ 486.272927][ T6041] usb 12-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 486.276320][ T6041] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 486.279696][ T6041] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 486.291543][ T6041] usb 12-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 486.298335][ T6041] usb 12-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 486.301358][ T6041] usb 12-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 486.304225][ T6041] usb 12-1: Manufacturer: syz [ 486.306965][ T6041] usb 12-1: config 0 descriptor?? [ 486.378223][ T40] audit: type=1326 audit(2000001377.619:3374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29096 comm="syz.1.10062" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf709e579 code=0x0 [ 486.721795][ T6041] appleir 0003:05AC:8243.0051: unknown main item tag 0x0 [ 486.725758][ T6041] appleir 0003:05AC:8243.0051: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.7-1/input0 [ 487.291074][ T10] usb 11-1: new high-speed USB device number 20 using dummy_hcd [ 487.441414][ T10] usb 11-1: too many configurations: 9, using maximum allowed: 8 [ 487.444789][ T10] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 487.447636][ T10] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 487.451292][ T10] usb 11-1: config 0 interface 0 has no altsetting 0 [ 487.454203][ T10] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 487.456988][ T10] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 487.460552][ T10] usb 11-1: config 0 interface 0 has no altsetting 0 [ 487.463512][ T10] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 487.466454][ T10] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 487.469825][ T10] usb 11-1: config 0 interface 0 has no altsetting 0 [ 487.472798][ T10] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 487.475621][ T10] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 487.478986][ T10] usb 11-1: config 0 interface 0 has no altsetting 0 [ 487.481925][ T10] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 487.484949][ T10] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 487.488387][ T10] usb 11-1: config 0 interface 0 has no altsetting 0 [ 487.492505][ T10] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 487.495382][ T10] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 487.498796][ T10] usb 11-1: config 0 interface 0 has no altsetting 0 [ 487.501809][ T10] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 487.504595][ T10] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 487.507948][ T10] usb 11-1: config 0 interface 0 has no altsetting 0 [ 487.510920][ T10] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 487.513731][ T10] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 487.517092][ T10] usb 11-1: config 0 interface 0 has no altsetting 0 [ 487.521102][ T10] usb 11-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 487.524057][ T10] usb 11-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 487.526585][ T10] usb 11-1: Product: syz [ 487.527887][ T10] usb 11-1: Manufacturer: syz [ 487.529835][ T10] usb 11-1: SerialNumber: syz [ 487.532707][ T10] usb 11-1: config 0 descriptor?? [ 487.536746][ T10] yurex 11-1:0.0: USB YUREX device now attached to Yurex #1 [ 487.554024][ T6028] usb 12-1: USB disconnect, device number 2 [ 487.742449][ T6041] usb 11-1: USB disconnect, device number 20 [ 487.745559][ T6041] yurex 11-1:0.0: USB YUREX #1 now disconnected [ 487.760850][ T6114] usb 7-1: new high-speed USB device number 60 using dummy_hcd [ 487.912963][ T6114] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 487.916412][ T6114] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 487.919320][ T6114] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 487.923426][ T6114] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 487.926245][ T6114] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 487.929893][ T6114] usb 7-1: config 0 descriptor?? [ 487.931885][ T5988] Bluetooth: hci3: command tx timeout [ 488.344721][ T6114] plantronics 0003:047F:FFFF.0052: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 488.602963][ T6114] usb 7-1: USB disconnect, device number 60 [ 488.639307][T29168] netlink: 'syz.7.10092': attribute type 5 has an invalid length. [ 488.761702][T29174] syz.7.10095: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz7,mems_allowed=0-1 [ 488.767185][T29174] CPU: 0 UID: 0 PID: 29174 Comm: syz.7.10095 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) [ 488.767204][T29174] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 488.767212][T29174] Call Trace: [ 488.767217][T29174] [ 488.767223][T29174] dump_stack_lvl+0x16c/0x1f0 [ 488.767267][T29174] warn_alloc+0x248/0x3a0 [ 488.767319][T29174] ? __pfx_warn_alloc+0x10/0x10 [ 488.767332][T29174] ? __pfx_stack_trace_save+0x10/0x10 [ 488.767350][T29174] ? kasan_save_stack+0x42/0x60 [ 488.767363][T29174] ? kasan_save_stack+0x33/0x60 [ 488.767376][T29174] ? kasan_save_track+0x14/0x30 [ 488.767389][T29174] ? xskq_create+0x52/0x1d0 [ 488.767401][T29174] ? xsk_setsockopt+0x792/0x9a0 [ 488.767410][T29174] ? do_sock_setsockopt+0xf3/0x1d0 [ 488.767428][T29174] ? xskq_create+0xfb/0x1d0 [ 488.767439][T29174] __vmalloc_node_range_noprof+0xff5/0x14b0 [ 488.767455][T29174] ? xskq_create+0xfb/0x1d0 [ 488.767469][T29174] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 488.767484][T29174] ? xskq_create+0xfb/0x1d0 [ 488.767495][T29174] vmalloc_user_noprof+0x9e/0xe0 [ 488.767505][T29174] ? xskq_create+0xfb/0x1d0 [ 488.767516][T29174] xskq_create+0xfb/0x1d0 [ 488.767528][T29174] xsk_setsockopt+0x792/0x9a0 [ 488.767540][T29174] ? __pfx_xsk_setsockopt+0x10/0x10 [ 488.767550][T29174] ? find_held_lock+0x2b/0x80 [ 488.767562][T29174] ? aa_sock_opt_perm+0xfd/0x1c0 [ 488.767581][T29174] ? __pfx_xsk_setsockopt+0x10/0x10 [ 488.767591][T29174] do_sock_setsockopt+0xf3/0x1d0 [ 488.767609][T29174] __sys_setsockopt+0x120/0x1a0 [ 488.767624][T29174] __ia32_sys_setsockopt+0xbc/0x160 [ 488.767637][T29174] ? lockdep_hardirqs_on+0x7c/0x110 [ 488.767650][T29174] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 488.767664][T29174] __do_fast_syscall_32+0x7c/0x3a0 [ 488.767680][T29174] do_fast_syscall_32+0x32/0x80 [ 488.767694][T29174] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 488.767708][T29174] RIP: 0023:0xf707e579 [ 488.767717][T29174] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 488.767728][T29174] RSP: 002b:00000000f546e55c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 488.767739][T29174] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000011b [ 488.767745][T29174] RDX: 0000000000000002 RSI: 0000000080000900 RDI: 0000000000000004 [ 488.767751][T29174] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 488.767757][T29174] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 488.767763][T29174] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 488.767777][T29174] [ 488.767781][T29174] Mem-Info: [ 488.854103][T29174] active_anon:2400 inactive_anon:13803 isolated_anon:0 [ 488.854103][T29174] active_file:4528 inactive_file:9691 isolated_file:0 [ 488.854103][T29174] unevictable:1768 dirty:387 writeback:0 [ 488.854103][T29174] slab_reclaimable:6360 slab_unreclaimable:61910 [ 488.854103][T29174] mapped:22458 shmem:14467 pagetables:1596 [ 488.854103][T29174] sec_pagetables:328 bounce:0 [ 488.854103][T29174] kernel_misc_reclaimable:0 [ 488.854103][T29174] free:36351 free_pcp:11532 free_cma:0 [ 488.868643][T29174] Node 0 active_anon:68kB inactive_anon:240kB active_file:504kB inactive_file:32kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:1164kB dirty:24kB writeback:0kB shmem:4340kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8384kB pagetables:1244kB sec_pagetables:1192kB all_unreclaimable? yes Balloon:0kB [ 488.880173][T29174] Node 1 active_anon:9532kB inactive_anon:54972kB active_file:17608kB inactive_file:38732kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:88668kB dirty:1524kB writeback:0kB shmem:53528kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:4096kB kernel_stack:5272kB pagetables:5140kB sec_pagetables:120kB all_unreclaimable? no Balloon:0kB [ 488.893256][T29174] Node 0 DMA free:2076kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:440kB local_pcp:88kB free_cma:0kB [ 488.903019][T29174] lowmem_reserve[]: 0 288 288 288 288 [ 488.905328][T29174] Node 0 DMA32 free:18380kB boost:0kB min:13220kB low:16524kB high:19828kB reserved_highatomic:4096KB free_highatomic:2032KB active_anon:68kB inactive_anon:240kB active_file:504kB inactive_file:32kB unevictable:3536kB writepending:24kB present:1032196kB managed:295164kB mlocked:0kB bounce:0kB free_pcp:4036kB local_pcp:888kB free_cma:0kB [ 488.917340][T29174] lowmem_reserve[]: 0 0 0 0 0 [ 488.918916][T29174] Node 1 DMA32 free:124840kB boost:0kB min:47140kB low:58924kB high:70708kB reserved_highatomic:4096KB free_highatomic:2124KB active_anon:9532kB inactive_anon:54972kB active_file:17608kB inactive_file:38732kB unevictable:3536kB writepending:1524kB present:1048432kB managed:948220kB mlocked:0kB bounce:0kB free_pcp:41812kB local_pcp:9792kB free_cma:0kB [ 488.929322][T29174] lowmem_reserve[]: 0 0 0 0 0 [ 488.930970][T29174] Node 0 DMA: 7*4kB (UM) 32*8kB (U) 2*16kB (M) 3*32kB (M) 2*64kB (U) 2*128kB (M) 1*256kB (M) 0*512kB 1*1024kB (M) 0*2048kB 0*4096kB = 2076kB [ 488.935567][T29174] Node 0 DMA32: 3*4kB (EH) 96*8kB (UMEH) 118*16kB (UMEH) 119*32kB (MEH) 52*64kB (UMEH) 33*128kB (UMEH) 9*256kB (UMEH) 2*512kB (M) 1*1024kB (U) 0*2048kB 0*4096kB = 18380kB [ 488.941125][T29174] Node 1 DMA32: 822*4kB (UMEH) 390*8kB (MEH) 112*16kB (UME) 441*32kB (UME) 169*64kB (UMEH) 106*128kB (UME) 81*256kB (UME) 20*512kB (UM) 26*1024kB (UM) 6*2048kB (UMH) 2*4096kB (M) = 124776kB [ 488.947008][T29174] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 488.950438][T29174] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 488.953379][T29174] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 488.956409][T29174] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 488.959702][T29174] 28963 total pagecache pages [ 488.961361][T29174] 281 pages in swap cache [ 488.962724][T29174] Free swap = 92764kB [ 488.963991][T29174] Total swap = 124996kB [ 488.965303][T29174] 524155 pages RAM [ 488.966472][T29174] 0 pages HighMem/MovableOnly [ 488.968012][T29174] 209469 pages reserved [ 488.969393][T29174] 0 pages cma reserved [ 489.246457][T29200] binder: 29199:29200 ioctl c0306201 800001c0 returned -22 [ 489.435960][T29214] "syz.1.10112" (29214) uses obsolete ecb(arc4) skcipher [ 489.615515][T29225] input: syz1 as /devices/virtual/input/input114 [ 489.713726][T29235] "syz.7.10122" (29235) uses obsolete ecb(arc4) skcipher [ 490.009965][ T5988] Bluetooth: hci3: command tx timeout [ 490.110828][T29251] input: syz1 as /devices/virtual/input/input115 [ 490.143005][T29253] "syz.6.10130" (29253) uses obsolete ecb(arc4) skcipher [ 491.057621][T29277] netlink: 51 bytes leftover after parsing attributes in process `syz.6.10148'. [ 491.109626][T29284] binder: 29283:29284 ioctl c0306201 80000640 returned -22 [ 491.163417][T29288] netlink: 'syz.2.10145': attribute type 11 has an invalid length. [ 491.270782][T29293] syz_tun (unregistering): left promiscuous mode [ 491.385463][ T97] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 491.500744][ T97] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 491.538377][ C0] vcan0: j1939_tp_rxtimer: 0xffff888000c7c400: rx timeout, send abort [ 491.541163][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805eeb9c00: rx timeout, send abort [ 491.543888][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888000c7c400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 491.548403][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805eeb9c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 491.572619][ T97] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 491.584469][ T5985] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 491.590500][ T5985] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 491.594700][ T5985] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 491.597407][ T5985] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 491.603362][ T5985] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 491.618497][T29319] Bluetooth: MGMT ver 1.23 [ 491.644532][ T97] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 491.721958][T29314] chnl_net:caif_netlink_parms(): no params data found [ 491.878217][ T97] erspan0 (unregistering): left promiscuous mode [ 491.888483][ T97] gretap0 (unregistering): left promiscuous mode [ 491.914559][ T97] bond1 (unregistering): (slave geneve2): Releasing active interface [ 491.964661][ T97] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 491.967717][ T97] bond_slave_0: left allmulticast mode [ 491.971105][ T97] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 491.974184][ T97] bond_slave_1: left allmulticast mode [ 491.976123][ T97] bond0 (unregistering): Released all slaves [ 492.065850][ T97] bond1 (unregistering): Released all slaves [ 492.086901][T29314] bridge0: port 1(bridge_slave_0) entered blocking state [ 492.089430][T29314] bridge0: port 1(bridge_slave_0) entered disabled state [ 492.091718][T29314] bridge_slave_0: entered allmulticast mode [ 492.094340][T29314] bridge_slave_0: entered promiscuous mode [ 492.097525][T29314] bridge0: port 2(bridge_slave_1) entered blocking state [ 492.101111][T29314] bridge0: port 2(bridge_slave_1) entered disabled state [ 492.103369][T29314] bridge_slave_1: entered allmulticast mode [ 492.106251][T29314] bridge_slave_1: entered promiscuous mode [ 492.148732][ T97] tipc: Disabling bearer [ 492.150478][ T97] tipc: Left network mode [ 492.152526][T29314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 492.158993][T29314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 492.220045][T29335] netlink: 'syz.7.10166': attribute type 1 has an invalid length. [ 492.221101][T29314] team0: Port device team_slave_0 added [ 492.222615][T29335] netlink: 56 bytes leftover after parsing attributes in process `syz.7.10166'. [ 492.226075][T29314] team0: Port device team_slave_1 added [ 492.262536][T29314] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 492.265303][T29314] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 492.275378][T29314] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 492.280724][T29314] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 492.282881][T29314] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 492.290956][T29314] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 492.360412][T29314] hsr_slave_0: entered promiscuous mode [ 492.363134][T29314] hsr_slave_1: entered promiscuous mode [ 492.365694][T29314] debugfs: 'hsr0' already exists in 'hsr' [ 492.367926][T29314] Cannot create hsr debugfs directory [ 492.400645][ T97] batadv_slave_0: left promiscuous mode [ 492.403461][ T97] batadv_slave_1: left promiscuous mode [ 492.409016][ T97] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 492.412087][ T97] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 493.305017][ T97] team0 (unregistering): Port device team_slave_1 removed [ 493.404309][ T97] team0 (unregistering): Port device team_slave_0 removed [ 493.691866][ T5988] Bluetooth: hci0: command tx timeout [ 493.782196][ T5988] Bluetooth: hci4: command 0x1003 tx timeout [ 493.782271][ T5985] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 494.276496][T29379] binder: 29378:29379 ioctl c0306201 800003c0 returned -14 [ 494.337996][T29314] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 494.342264][T29314] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 494.349014][T29314] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 494.360695][T29314] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 494.413182][T29314] 8021q: adding VLAN 0 to HW filter on device bond0 [ 494.426682][T29314] 8021q: adding VLAN 0 to HW filter on device team0 [ 494.437575][ T1237] bridge0: port 1(bridge_slave_0) entered blocking state [ 494.439907][ T1237] bridge0: port 1(bridge_slave_0) entered forwarding state [ 494.452762][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 494.455230][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 494.476549][T29314] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 494.480560][T29314] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 494.551774][ T97] IPVS: stop unused estimator thread 0... [ 494.583301][T29314] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 494.757584][T29314] veth0_vlan: entered promiscuous mode [ 494.763258][T29314] veth1_vlan: entered promiscuous mode [ 494.782102][T29314] veth0_macvtap: entered promiscuous mode [ 494.786465][T29314] veth1_macvtap: entered promiscuous mode [ 494.800572][T29314] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 494.806827][T29314] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 494.815918][T29421] binder: 29420:29421 ioctl c0306201 800003c0 returned -14 [ 494.816598][ T1237] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 494.821432][ T1237] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 494.826285][ T1237] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 494.830232][ T1237] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 494.887625][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 494.891285][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 494.906132][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 494.909217][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 495.143714][T29443] binder: 29442:29443 ioctl c0306201 800003c0 returned -14 [ 495.436958][ T6028] usb 7-1: new high-speed USB device number 61 using dummy_hcd [ 495.588567][ T6028] usb 7-1: config 0 has no interfaces? [ 495.590689][ T6028] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 495.593706][ T6028] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 495.597848][ T6028] usb 7-1: config 0 descriptor?? [ 495.768869][ T5985] Bluetooth: hci0: command tx timeout [ 495.804264][ T6059] usb 7-1: USB disconnect, device number 61 [ 496.344924][T29514] loop8: detected capacity change from 0 to 79 [ 496.398848][T29514] loop8: detected capacity change from 79 to 78 [ 496.430466][T29520] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 496.825140][T29552] loop8: detected capacity change from 0 to 79 [ 496.886412][T29552] loop8: detected capacity change from 79 to 78 [ 497.166181][ T6059] usb 12-1: new high-speed USB device number 3 using dummy_hcd [ 497.336061][ T6059] usb 12-1: Using ep0 maxpacket: 16 [ 497.339941][ T6059] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 497.343868][ T6059] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 497.347106][ T6059] usb 12-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 497.351098][ T6059] usb 12-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 497.354148][ T6059] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 497.358595][ T6059] usb 12-1: config 0 descriptor?? [ 497.767115][ T6059] shield 0003:0955:7214.0053: unknown main item tag 0x0 [ 497.770250][ T6059] shield 0003:0955:7214.0053: unknown main item tag 0x0 [ 497.773170][ T6059] shield 0003:0955:7214.0053: unknown main item tag 0x0 [ 497.775933][ T6059] shield 0003:0955:7214.0053: unknown main item tag 0x0 [ 497.778845][ T6059] shield 0003:0955:7214.0053: unknown main item tag 0x0 [ 497.783718][ T6059] input: HID 0955:7214 Haptics as /devices/virtual/input/input116 [ 497.796686][ T6059] shield 0003:0955:7214.0053: Registered Thunderstrike controller [ 497.800117][ T6059] shield 0003:0955:7214.0053: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.7-1/input0 [ 497.845860][ T5985] Bluetooth: hci0: command tx timeout [ 497.966429][T29564] netlink: 'syz.7.10257': attribute type 2 has an invalid length. [ 497.968987][T29564] netlink: 224 bytes leftover after parsing attributes in process `syz.7.10257'. [ 497.972948][ T6884] shield 0003:0955:7214.0053: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 497.978894][ T6028] usb 12-1: USB disconnect, device number 3 [ 497.981226][ T6884] shield 0003:0955:7214.0053: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 497.984702][ T6884] shield 0003:0955:7214.0053: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 497.988289][ T6884] shield 0003:0955:7214.0053: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 498.649525][T29622] input: syz1 as /devices/virtual/input/input117 [ 498.691687][T29632] netlink: 96 bytes leftover after parsing attributes in process `syz.7.10287'. [ 498.741940][ T6884] kernel read not supported for file /rfkill (pid: 6884 comm: kworker/0:5) [ 499.507948][T29660] block nbd8: shutting down sockets [ 499.925901][ T5985] Bluetooth: hci0: command tx timeout [ 500.227928][T29674] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add() [ 500.309260][T29678] input: syz1 as /devices/virtual/input/input118 [ 500.804295][ T5985] Bluetooth: hci3: command 0x0c1a tx timeout [ 500.809788][T29637] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 500.812773][T29637] Bluetooth: hci3: Error when powering off device on rfkill (-110) [ 500.819277][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 500.821400][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 500.895894][T29739] binder: 29738:29739 ioctl c0306201 0 returned -14 [ 500.898410][T29739] binder: 29738:29739 ioctl 8912 80000200 returned -22 [ 501.681441][T29637] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 501.683575][T29637] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 501.876461][T29785] 9pnet_fd: Insufficient options for proto=fd [ 502.256836][T29824] openvswitch: netlink: IPv4 tun info is not correct [ 502.335211][T29832] netlink: 4 bytes leftover after parsing attributes in process `syz.7.10376'. [ 502.344854][ T40] audit: type=1326 audit(2000001393.597:3375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29835 comm="syz.8.10378" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x0 [ 502.412395][T29848] 9pnet_fd: Insufficient options for proto=fd [ 502.549378][T29860] tls_set_device_offload_rx: netdev not found [ 502.631485][T29867] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10390'. [ 502.973321][ T53] usb 7-1: new high-speed USB device number 62 using dummy_hcd [ 503.143042][ T53] usb 7-1: Using ep0 maxpacket: 16 [ 503.145933][ T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 503.149445][ T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 503.152467][ T53] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 503.156529][ T53] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 503.159392][ T53] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 503.163133][ T53] usb 7-1: config 0 descriptor?? [ 503.199691][T29885] tls_set_device_offload_rx: netdev not found [ 503.233079][T29887] 9pnet_fd: Insufficient options for proto=fd [ 503.565383][T29901] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10405'. [ 503.575493][ T53] shield 0003:0955:7214.0054: unknown main item tag 0x0 [ 503.577799][ T53] shield 0003:0955:7214.0054: unknown main item tag 0x0 [ 503.580019][ T53] shield 0003:0955:7214.0054: unknown main item tag 0x0 [ 503.589479][ T53] shield 0003:0955:7214.0054: unknown main item tag 0x0 [ 503.598470][ T53] shield 0003:0955:7214.0054: unknown main item tag 0x0 [ 503.601926][ T53] input: HID 0955:7214 Haptics as /devices/virtual/input/input119 [ 503.614590][ T53] shield 0003:0955:7214.0054: Registered Thunderstrike controller [ 503.617468][ T53] shield 0003:0955:7214.0054: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0 [ 503.620708][T29905] netlink: 12 bytes leftover after parsing attributes in process `syz.7.10407'. [ 503.774984][T29882] netlink: 'syz.2.10404': attribute type 2 has an invalid length. [ 503.777741][T29882] netlink: 224 bytes leftover after parsing attributes in process `syz.2.10404'. [ 503.781510][ T5978] shield 0003:0955:7214.0054: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 503.781984][ T6028] usb 7-1: USB disconnect, device number 62 [ 503.785510][ T5978] shield 0003:0955:7214.0054: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 503.790949][ T5978] shield 0003:0955:7214.0054: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 503.795540][ T5978] shield 0003:0955:7214.0054: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 507.163558][T30093] netlink: 12 bytes leftover after parsing attributes in process `syz.7.10485'. [ 507.207112][T30093] bond1: entered promiscuous mode [ 507.214502][T30093] 8021q: adding VLAN 0 to HW filter on device bond1 [ 507.241808][T30097] 8021q: adding VLAN 0 to HW filter on device bond1 [ 507.244156][T30097] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 507.248053][T30097] bond1: (slave vcan1): Error -95 calling set_mac_address [ 507.302132][T30101] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 507.873039][T30127] veth0: entered promiscuous mode [ 507.875744][T30124] veth0: left promiscuous mode [ 508.216753][T30140] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10505'. [ 508.228832][T30140] bond3: entered promiscuous mode [ 508.241637][T30140] 8021q: adding VLAN 0 to HW filter on device bond3 [ 508.259724][T30140] 8021q: adding VLAN 0 to HW filter on device bond3 [ 508.262375][T30140] bond3: (slave vcan1): The slave device specified does not support setting the MAC address [ 508.266526][T30140] bond3: (slave vcan1): Error -95 calling set_mac_address [ 508.275935][T30062] syz.1.10471 (30062) used greatest stack depth: 19272 bytes left [ 508.558861][T30174] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 508.598024][T30176] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10517'. [ 508.606067][T30176] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10517'. [ 509.236995][T30190] overlayfs: failed to clone upperpath [ 509.240250][T30193] veth0: entered promiscuous mode [ 509.242995][T30189] veth0: left promiscuous mode [ 509.289484][T30200] overlayfs: failed to clone upperpath [ 510.167502][T30239] overlayfs: failed to clone upperpath [ 512.334324][T30292] unknown channel width for channel at 909000KHz? [ 512.335771][T30295] netlink: 'syz.8.10566': attribute type 12 has an invalid length. [ 512.336472][T30292] unknown channel width for channel at 909000KHz? [ 514.146086][T30351] netlink: 212376 bytes leftover after parsing attributes in process `syz.8.10588'. [ 514.288175][T30360] raw_sendmsg: syz.2.10591 forgot to set AF_INET. Fix it! [ 515.266815][T30409] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.10610'. [ 515.397099][T30421] netlink: 8 bytes leftover after parsing attributes in process `syz.7.10616'. [ 515.399975][T30421] netlink: 20 bytes leftover after parsing attributes in process `syz.7.10616'. [ 515.436720][T30425] netlink: 32 bytes leftover after parsing attributes in process `syz.8.10618'. [ 515.549065][ T840] usb 7-1: new high-speed USB device number 63 using dummy_hcd [ 515.717050][ T840] usb 7-1: Using ep0 maxpacket: 16 [ 515.720060][ T840] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 515.723502][ T840] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 515.726639][ T840] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 515.730914][ T840] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 515.733848][ T840] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 515.737622][ T840] usb 7-1: config 0 descriptor?? [ 516.083197][T30442] netlink: 24 bytes leftover after parsing attributes in process `syz.7.10625'. [ 516.149615][ T840] shield 0003:0955:7214.0055: unknown main item tag 0x0 [ 516.152022][ T840] shield 0003:0955:7214.0055: unknown main item tag 0x0 [ 516.154222][ T840] shield 0003:0955:7214.0055: unknown main item tag 0x0 [ 516.156337][ T840] shield 0003:0955:7214.0055: unknown main item tag 0x0 [ 516.158922][ T840] shield 0003:0955:7214.0055: unknown main item tag 0x0 [ 516.162380][ T840] input: HID 0955:7214 Haptics as /devices/virtual/input/input120 [ 516.174777][ T840] shield 0003:0955:7214.0055: Registered Thunderstrike controller [ 516.178270][ T840] shield 0003:0955:7214.0055: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0 [ 516.197399][T30449] netlink: 32 bytes leftover after parsing attributes in process `syz.7.10628'. [ 516.347449][T30413] random: crng reseeded on system resumption [ 516.355436][ T840] shield 0003:0955:7214.0055: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 516.355818][T15072] usb 7-1: USB disconnect, device number 63 [ 516.359565][ T840] shield 0003:0955:7214.0055: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 516.359621][ T840] shield 0003:0955:7214.0055: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 516.359650][ T840] shield 0003:0955:7214.0055: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 517.240038][T30532] netlink: 'syz.7.10669': attribute type 10 has an invalid length. [ 517.245414][T30532] bridge0: port 2(bridge_slave_1) entered disabled state [ 517.248738][T30532] bridge_slave_1: left allmulticast mode [ 517.250583][T30532] bridge_slave_1: left promiscuous mode [ 517.252489][T30532] bridge0: port 2(bridge_slave_1) entered disabled state [ 517.261844][T30532] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 517.566941][T30572] netlink: 104 bytes leftover after parsing attributes in process `syz.2.10687'. [ 518.374916][T30630] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10713'. [ 518.561046][T30666] netlink: 212376 bytes leftover after parsing attributes in process `syz.8.10729'. [ 519.651206][T30726] overlayfs: failed to clone upperpath [ 519.691693][T30734] netlink: 12 bytes leftover after parsing attributes in process `syz.8.10760'. [ 519.841209][T30753] syzkaller1: entered promiscuous mode [ 519.843137][T30753] syzkaller1: entered allmulticast mode [ 520.003825][T30766] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10774'. [ 520.043954][T30772] netlink: 'syz.1.10777': attribute type 10 has an invalid length. [ 520.046932][T30772] netlink: 40 bytes leftover after parsing attributes in process `syz.1.10777'. [ 520.050124][T30772] dummy0: entered promiscuous mode [ 520.085003][T30777] overlayfs: failed to clone upperpath [ 520.116553][T30785] netlink: 8 bytes leftover after parsing attributes in process `syz.8.10784'. [ 520.654395][ T61] usb 6-1: new high-speed USB device number 61 using dummy_hcd [ 520.680181][T30854] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.10814'. [ 520.796924][T30861] netlink: 24 bytes leftover after parsing attributes in process `syz.7.10815'. [ 520.835996][ T61] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 520.839466][ T61] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 520.842742][T30863] netlink: 212376 bytes leftover after parsing attributes in process `syz.7.10818'. [ 520.843032][ T61] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 520.849697][ T61] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 520.855445][T30819] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 520.866986][ T61] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 520.875531][T30865] fuse: Bad value for 'fd' [ 520.903319][T30869] netlink: 4 bytes leftover after parsing attributes in process `syz.7.10820'. [ 521.018857][T30882] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 521.049782][T30884] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10824'. [ 521.186812][ T6059] usb 6-1: USB disconnect, device number 61 [ 521.507504][T30891] netlink: 12 bytes leftover after parsing attributes in process `syz.8.10829'. [ 521.515304][T30891] pim6reg: entered allmulticast mode [ 521.518689][T30891] pim6reg: left allmulticast mode [ 523.207723][T31021] overlayfs: failed to clone upperpath [ 523.349431][T31019] team0: Port device team_slave_0 removed [ 523.373055][ T6114] usb 6-1: new high-speed USB device number 62 using dummy_hcd [ 523.532982][ T6114] usb 6-1: Using ep0 maxpacket: 8 [ 523.535918][ T6114] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 523.538542][ T6114] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 523.541691][ T6114] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 523.544893][ T6114] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 523.547959][ T6114] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 523.561121][ T6114] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 523.565130][ T6114] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 523.772572][ T6114] usb 6-1: usb_control_msg returned -32 [ 523.775188][ T6114] usbtmc 6-1:16.0: can't read capabilities [ 524.167116][T31056] overlayfs: failed to clone lowerpath [ 524.489579][T31076] input: syz1 as /devices/virtual/input/input121 [ 524.536203][T31080] fuse: Bad value for 'fd' [ 524.806591][T31048] Set syz1 is full, maxelem 65536 reached [ 524.927475][T31114] __nla_validate_parse: 4 callbacks suppressed [ 524.927486][T31114] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10925'. [ 526.132469][ T10] usb 6-1: USB disconnect, device number 62 [ 526.446643][T31190] pim6reg1: entered promiscuous mode [ 526.448613][T31190] pim6reg1: entered allmulticast mode [ 526.946338][T31239] netlink: 348 bytes leftover after parsing attributes in process `syz.2.10983'. [ 527.293105][T31273] wireguard0: entered promiscuous mode [ 527.294991][T31273] wireguard0: entered allmulticast mode [ 527.621827][T15072] libceph: connect (1)[c::]:6789 error -101 [ 527.623914][T15072] libceph: mon0 (1)[c::]:6789 connect error [ 527.675346][ T61] libceph: connect (1)[b::]:6789 error -101 [ 527.677400][ T61] libceph: mon0 (1)[b::]:6789 connect error [ 527.851565][T31307] Bluetooth: hci0: too big key_count value 34945 [ 527.881074][T15072] libceph: connect (1)[c::]:6789 error -101 [ 527.883147][T15072] libceph: mon0 (1)[c::]:6789 connect error [ 527.940966][ T61] libceph: connect (1)[b::]:6789 error -101 [ 527.943225][ T61] libceph: mon0 (1)[b::]:6789 connect error [ 528.187889][T31340] Invalid ELF header magic: != ELF [ 528.391058][T15072] libceph: connect (1)[c::]:6789 error -101 [ 528.393381][T15072] libceph: mon0 (1)[c::]:6789 connect error [ 528.415207][T31353] dvmrp0: entered allmulticast mode [ 528.430620][ T6059] usb 7-1: new high-speed USB device number 64 using dummy_hcd [ 528.450718][ T6028] libceph: connect (1)[b::]:6789 error -101 [ 528.452831][ T6028] libceph: mon0 (1)[b::]:6789 connect error [ 528.453053][T31298] ceph: No mds server is up or the cluster is laggy [ 528.454956][T31301] ceph: No mds server is up or the cluster is laggy [ 528.581737][ T6059] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 528.585411][ T6059] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 528.588873][ T6059] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 528.592056][ T6059] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 528.595877][ T6059] usb 7-1: config 0 descriptor?? [ 528.616231][T31365] netlink: 'syz.8.11037': attribute type 8 has an invalid length. [ 528.680370][T15072] usb 6-1: new high-speed USB device number 63 using dummy_hcd [ 528.831897][T15072] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 528.834865][T15072] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 528.838455][T15072] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 528.841711][T15072] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 528.845354][T15072] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 528.850455][T15072] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 528.853644][T15072] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 528.856727][T15072] usb 6-1: Product: syz [ 528.858099][T15072] usb 6-1: Manufacturer: syz [ 528.862158][T15072] cdc_wdm 6-1:1.0: skipping garbage [ 528.863904][T15072] cdc_wdm 6-1:1.0: skipping garbage [ 528.867963][T15072] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 528.869920][T15072] cdc_wdm 6-1:1.0: Unknown control protocol [ 529.002379][ T6059] cm6533_jd 0003:0D8C:0022.0056: unknown main item tag 0x0 [ 529.004937][ T6059] cm6533_jd 0003:0D8C:0022.0056: unknown main item tag 0x0 [ 529.008786][ T6059] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/0003:0D8C:0022.0056/input/input122 [ 529.015474][ T6059] cm6533_jd 0003:0D8C:0022.0056: input,hiddev1,hidraw1: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0 [ 529.203322][T15072] usb 7-1: USB disconnect, device number 64 [ 529.235007][ T5978] IPVS: starting estimator thread 0... [ 529.237216][T31408] tipc: Started in network mode [ 529.238859][T31408] tipc: Node identity ac1414aa, cluster identity 4711 [ 529.241534][T31408] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 529.243753][T31408] tipc: Enabled bearer , priority 10 [ 529.330017][T31409] IPVS: using max 44 ests per chain, 105600 per kthread [ 529.380006][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 529.519926][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 529.659825][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 529.798342][T31452] netlink: 40 bytes leftover after parsing attributes in process `syz.8.11071'. [ 529.799765][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 529.802895][T31452] netlink: 40 bytes leftover after parsing attributes in process `syz.8.11071'. [ 529.810092][T31452] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 529.895636][T31460] overlayfs: failed to clone upperpath [ 529.900050][ T40] audit: type=1326 audit(2000001421.161:3376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31468 comm="syz.7.11078" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 529.907135][ T40] audit: type=1326 audit(2000001421.161:3377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31468 comm="syz.7.11078" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 529.915318][ T40] audit: type=1326 audit(2000001421.181:3378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31468 comm="syz.7.11078" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 529.923795][ T40] audit: type=1326 audit(2000001421.181:3379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31468 comm="syz.7.11078" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 529.931771][ T40] audit: type=1326 audit(2000001421.181:3380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31468 comm="syz.7.11078" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 529.939325][ T40] audit: type=1326 audit(2000001421.181:3381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31468 comm="syz.7.11078" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 529.939661][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 529.946412][ T40] audit: type=1326 audit(2000001421.181:3382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31468 comm="syz.7.11078" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 529.955893][ T40] audit: type=1326 audit(2000001421.181:3383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31468 comm="syz.7.11078" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 529.965161][ T40] audit: type=1326 audit(2000001421.181:3384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31468 comm="syz.7.11078" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 529.972512][ T40] audit: type=1326 audit(2000001421.181:3385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31468 comm="syz.7.11078" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 530.079606][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 530.219595][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 530.370393][ T6059] tipc: Node number set to 2886997162 [ 530.510830][T31509] netlink: 156 bytes leftover after parsing attributes in process `syz.8.11097'. [ 530.519375][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 530.589065][T31514] netlink: 212376 bytes leftover after parsing attributes in process `syz.8.11099'. [ 530.779324][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 531.319010][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 531.350772][T31559] netlink: 'syz.7.11119': attribute type 2 has an invalid length. [ 531.354045][T31559] netlink: 16 bytes leftover after parsing attributes in process `syz.7.11119'. [ 531.441858][ T840] usb 6-1: USB disconnect, device number 63 [ 531.699363][T31580] dummy0: entered allmulticast mode [ 531.701442][T31580] dummy0: left allmulticast mode [ 532.161881][ T840] libceph: connect (1)[c::]:6789 error -22 [ 532.163966][ T840] libceph: mon0 (1)[c::]:6789 connect error [ 532.388677][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 532.419164][ T840] libceph: connect (1)[c::]:6789 error -22 [ 532.421884][ T840] libceph: mon0 (1)[c::]:6789 connect error [ 532.938738][ T840] libceph: connect (1)[c::]:6789 error -22 [ 532.941412][ T840] libceph: mon0 (1)[c::]:6789 connect error [ 532.988526][T31605] ceph: No mds server is up or the cluster is laggy [ 533.428050][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 534.070371][T31654] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 534.073295][T31654] overlayfs: failed to clone lowerpath [ 534.077121][T31654] overlayfs: failed to clone upperpath [ 534.477591][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 534.797684][T31692] netlink: 212376 bytes leftover after parsing attributes in process `syz.7.11178'. [ 535.137552][T31728] input: syz0 as /devices/virtual/input/input123 [ 535.172554][T31731] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11196'. [ 535.260346][T31736] netlink: 'syz.1.11197': attribute type 1 has an invalid length. [ 535.272841][T31736] bond3: entered promiscuous mode [ 535.274573][T31736] bond3: entered allmulticast mode [ 535.293646][T31736] bond3: (slave erspan1): making interface the new active one [ 535.296476][T31736] erspan1: entered promiscuous mode [ 535.298816][T31736] erspan1: entered allmulticast mode [ 535.301585][T31736] bond3: (slave erspan1): Enslaving as an active interface with an up link [ 535.506850][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 535.872220][T31788] netlink: 4 bytes leftover after parsing attributes in process `syz.7.11218'. [ 535.877590][T31793] netlink: 'syz.2.11216': attribute type 10 has an invalid length. [ 535.881597][T31793] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 536.556502][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 536.818005][T31841] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 536.820681][T31841] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 536.823300][T31841] vhci_hcd vhci_hcd.0: Device attached [ 537.066305][T15072] usb 41-1: new high-speed USB device number 2 using vhci_hcd [ 537.066530][ T61] usb 7-1: new high-speed USB device number 65 using dummy_hcd [ 537.226127][ T61] usb 7-1: Using ep0 maxpacket: 16 [ 537.229130][ T61] usb 7-1: config 0 has no interfaces? [ 537.231303][ T61] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 537.234202][ T61] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 537.238399][ T61] usb 7-1: config 0 descriptor?? [ 537.343548][T31885] all: renamed from bridge_slave_0 [ 537.442446][T31842] usb 41-1: recv xbuf, 0 [ 537.443493][ T61] usb 7-1: USB disconnect, device number 65 [ 537.444137][ T97] vhci_hcd: stop threads [ 537.448859][ T97] vhci_hcd: release socket [ 537.453364][ T97] vhci_hcd: disconnect device [ 537.515949][T15072] vhci_hcd: vhci_device speed not set [ 537.585896][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 537.671991][T31927] netlink: 212376 bytes leftover after parsing attributes in process `syz.7.11279'. [ 537.970799][T31950] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11290'. [ 538.018285][ T840] usb 6-1: new high-speed USB device number 64 using dummy_hcd [ 538.023348][T31956] input: syz1 as /devices/virtual/input/input124 [ 538.139457][T31963] overlayfs: failed to clone upperpath [ 538.165667][ T840] usb 6-1: Using ep0 maxpacket: 16 [ 538.169547][ T840] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 538.173362][ T840] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 538.177145][ T840] usb 6-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 538.180121][ T840] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 538.184936][ T840] usb 6-1: config 0 descriptor?? [ 538.188308][T31967] bridge2: entered allmulticast mode [ 538.595980][ T840] appleir 0003:05AC:8241.0057: unknown main item tag 0x0 [ 538.598373][ T840] appleir 0003:05AC:8241.0057: unknown main item tag 0x0 [ 538.600602][ T840] appleir 0003:05AC:8241.0057: unknown main item tag 0x0 [ 538.602910][ T840] appleir 0003:05AC:8241.0057: unknown main item tag 0x0 [ 538.605138][ T840] appleir 0003:05AC:8241.0057: unknown main item tag 0x0 [ 538.610602][ T840] appleir 0003:05AC:8241.0057: hiddev0,hidraw1: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.1-1/input0 [ 538.635546][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 538.856446][ T6028] usb 6-1: USB disconnect, device number 64 [ 539.479415][ T40] kauditd_printk_skb: 6 callbacks suppressed [ 539.479430][ T40] audit: type=1326 audit(2000001430.756:3392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32021 comm="syz.2.11323" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7fc00000 [ 539.548152][T32072] [ 539.549008][T32072] ===================================================== [ 539.551189][T32072] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 539.553558][T32072] 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 Not tainted [ 539.555999][T32072] ----------------------------------------------------- [ 539.559723][T32072] syz.2.11344/32072 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 539.562194][T32072] ffff88806042dd38 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510 [ 539.564996][T32072] [ 539.564996][T32072] and this task is already holding: [ 539.567308][T32072] ffff88806d202028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 539.570408][T32072] which would create a new lock dependency: [ 539.572367][T32072] (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 539.575029][T32072] [ 539.575029][T32072] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 539.577971][T32072] (&dev->event_lock#2){..-.}-{3:3} [ 539.577990][T32072] [ 539.577990][T32072] ... which became SOFTIRQ-irq-safe at: [ 539.582149][T32072] lock_acquire+0x179/0x350 [ 539.583664][T32072] _raw_spin_lock_irqsave+0x3a/0x60 [ 539.585375][T32072] input_inject_event+0x9f/0x3b0 [ 539.586998][T32072] led_set_brightness+0x217/0x290 [ 539.588657][T32072] led_trigger_event+0xda/0x270 [ 539.590287][T32072] kbd_bh+0x21b/0x300 [ 539.591636][T32072] tasklet_action_common+0x284/0x400 [ 539.593406][T32072] handle_softirqs+0x219/0x8e0 [ 539.594979][T32072] run_ksoftirqd+0x3a/0x60 [ 539.596448][T32072] smpboot_thread_fn+0x3f4/0xae0 [ 539.598055][T32072] kthread+0x3c5/0x780 [ 539.599410][T32072] ret_from_fork+0x5d4/0x6f0 [ 539.600923][T32072] ret_from_fork_asm+0x1a/0x30 [ 539.602476][T32072] [ 539.602476][T32072] to a SOFTIRQ-irq-unsafe lock: [ 539.604682][T32072] (tasklist_lock){.+.+}-{3:3} [ 539.604698][T32072] [ 539.604698][T32072] ... which became SOFTIRQ-irq-unsafe at: [ 539.608739][T32072] ... [ 539.608744][T32072] lock_acquire+0x179/0x350 [ 539.611065][T32072] _raw_read_lock+0x5f/0x70 [ 539.612558][T32072] __do_wait+0x105/0x890 [ 539.613948][T32072] do_wait+0x21e/0x5a0 [ 539.615296][T32072] kernel_wait+0x9f/0x160 [ 539.616737][T32072] call_usermodehelper_exec_work+0xf1/0x170 [ 539.618687][T32072] process_one_work+0x9cc/0x1b70 [ 539.620352][T32072] worker_thread+0x6c8/0xf10 [ 539.621867][T32072] kthread+0x3c5/0x780 [ 539.623198][T32072] ret_from_fork+0x5d4/0x6f0 [ 539.624709][T32072] ret_from_fork_asm+0x1a/0x30 [ 539.626278][T32072] [ 539.626278][T32072] other info that might help us debug this: [ 539.626278][T32072] [ 539.629468][T32072] Chain exists of: [ 539.629468][T32072] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 539.629468][T32072] [ 539.633685][T32072] Possible interrupt unsafe locking scenario: [ 539.633685][T32072] [ 539.636293][T32072] CPU0 CPU1 [ 539.638005][T32072] ---- ---- [ 539.639725][T32072] lock(tasklist_lock); [ 539.641087][T32072] local_irq_disable(); [ 539.643221][T32072] lock(&dev->event_lock#2); [ 539.645531][T32072] lock(&client->buffer_lock); [ 539.647968][T32072] [ 539.649123][T32072] lock(&dev->event_lock#2); [ 539.650698][T32072] [ 539.650698][T32072] *** DEADLOCK *** [ 539.650698][T32072] [ 539.653250][T32072] 7 locks held by syz.2.11344/32072: [ 539.654937][T32072] #0: ffff888045148118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x184/0x440 [ 539.657815][T32072] #1: ffff888022fc2230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0x9f/0x3b0 [ 539.660990][T32072] #2: ffffffff8e5c1060 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbb/0x3b0 [ 539.664024][T32072] #3: ffffffff8e5c1060 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x80/0x880 [ 539.667046][T32072] #4: ffffffff8e5c1060 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x7b/0x390 [ 539.669945][T32072] #5: ffff88806d202028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 539.673170][T32072] #6: ffffffff8e5c1060 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x62/0x510 [ 539.676031][T32072] [ 539.676031][T32072] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 539.679298][T32072] -> (&dev->event_lock#2){..-.}-{3:3} { [ 539.681114][T32072] IN-SOFTIRQ-W at: [ 539.682424][T32072] lock_acquire+0x179/0x350 [ 539.684588][T32072] _raw_spin_lock_irqsave+0x3a/0x60 [ 539.686869][T32072] input_inject_event+0x9f/0x3b0 [ 539.689050][T32072] led_set_brightness+0x217/0x290 [ 539.691223][T32072] led_trigger_event+0xda/0x270 [ 539.693334][T32072] kbd_bh+0x21b/0x300 [ 539.694894][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 539.695196][T32072] tasklet_action_common+0x284/0x400 [ 539.699760][T32072] handle_softirqs+0x219/0x8e0 [ 539.701845][T32072] run_ksoftirqd+0x3a/0x60 [ 539.703825][T32072] smpboot_thread_fn+0x3f4/0xae0 [ 539.705975][T32072] kthread+0x3c5/0x780 [ 539.707841][T32072] ret_from_fork+0x5d4/0x6f0 [ 539.709852][T32072] ret_from_fork_asm+0x1a/0x30 [ 539.711940][T32072] INITIAL USE at: [ 539.713325][T32072] lock_acquire+0x179/0x350 [ 539.715372][T32072] _raw_spin_lock_irqsave+0x3a/0x60 [ 539.717591][T32072] input_inject_event+0x9f/0x3b0 [ 539.719773][T32072] led_set_brightness+0x217/0x290 [ 539.721933][T32072] kbd_led_trigger_activate+0xcb/0x110 [ 539.724241][T32072] led_trigger_set+0x59a/0xc50 [ 539.726348][T32072] led_trigger_set_default+0x1e0/0x2e0 [ 539.728782][T32072] led_classdev_register_ext+0x7b8/0xa10 [ 539.731137][T32072] input_leds_connect+0x552/0x8e0 [ 539.733310][T32072] input_attach_handler.isra.0+0x176/0x250 [ 539.735750][T32072] input_register_device+0xab9/0x1180 [ 539.737997][T32072] atkbd_connect+0x5f8/0xa40 [ 539.740058][T32072] serio_driver_probe+0x7f/0xd0 [ 539.742149][T32072] really_probe+0x23e/0xa90 [ 539.744158][T32072] __driver_probe_device+0x1de/0x440 [ 539.746409][T32072] driver_probe_device+0x4c/0x1b0 [ 539.748726][T32072] __driver_attach+0x283/0x580 [ 539.750818][T32072] bus_for_each_dev+0x13e/0x1d0 [ 539.752939][T32072] serio_handle_event+0x335/0xc30 [ 539.755197][T32072] process_one_work+0x9cc/0x1b70 [ 539.757466][T32072] worker_thread+0x6c8/0xf10 [ 539.759917][T32072] kthread+0x3c5/0x780 [ 539.761876][T32072] ret_from_fork+0x5d4/0x6f0 [ 539.764321][T32072] ret_from_fork_asm+0x1a/0x30 [ 539.766454][T32072] } [ 539.767537][T32072] ... key at: [] __key.7+0x0/0x40 [ 539.769936][T32072] -> (&client->buffer_lock){....}-{3:3} { [ 539.771760][T32072] INITIAL USE at: [ 539.773012][T32072] lock_acquire+0x179/0x350 [ 539.774942][T32072] _raw_spin_lock+0x2e/0x40 [ 539.776878][T32072] evdev_pass_values+0x10e/0x9b0 [ 539.778930][T32072] evdev_events+0x1bb/0x390 [ 539.780858][T32072] input_pass_values+0x74e/0x880 [ 539.782901][T32072] input_handle_event+0xf00/0x14d0 [ 539.785036][T32072] input_inject_event+0x1e8/0x3b0 [ 539.787121][T32072] evdev_write+0x2e1/0x440 [ 539.789018][T32072] vfs_write+0x29d/0x11d0 [ 539.790881][T32072] ksys_write+0x1f8/0x250 [ 539.792748][T32072] __do_fast_syscall_32+0x7c/0x3a0 [ 539.794816][T32072] do_fast_syscall_32+0x32/0x80 [ 539.796851][T32072] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 539.799359][T32072] } [ 539.800193][T32072] ... key at: [] __key.1+0x0/0x40 [ 539.802417][T32072] ... acquired at: [ 539.803643][T32072] _raw_spin_lock+0x2e/0x40 [ 539.805168][T32072] evdev_pass_values+0x10e/0x9b0 [ 539.806796][T32072] evdev_events+0x1bb/0x390 [ 539.808301][T32072] input_pass_values+0x74e/0x880 [ 539.809959][T32072] input_handle_event+0xf00/0x14d0 [ 539.811647][T32072] input_inject_event+0x1e8/0x3b0 [ 539.813276][T32072] evdev_write+0x2e1/0x440 [ 539.814758][T32072] vfs_write+0x29d/0x11d0 [ 539.816228][T32072] ksys_write+0x1f8/0x250 [ 539.817684][T32072] __do_fast_syscall_32+0x7c/0x3a0 [ 539.819395][T32072] do_fast_syscall_32+0x32/0x80 [ 539.821009][T32072] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 539.823055][T32072] [ 539.823838][T32072] [ 539.823838][T32072] the dependencies between the lock to be acquired [ 539.823844][T32072] and SOFTIRQ-irq-unsafe lock: [ 539.828117][T32072] -> (tasklist_lock){.+.+}-{3:3} { [ 539.829840][T32072] HARDIRQ-ON-R at: [ 539.831158][T32072] lock_acquire+0x179/0x350 [ 539.833218][T32072] _raw_read_lock+0x5f/0x70 [ 539.835237][T32072] __do_wait+0x105/0x890 [ 539.837217][T32072] do_wait+0x21e/0x5a0 [ 539.839211][T32072] kernel_wait+0x9f/0x160 [ 539.841219][T32072] call_usermodehelper_exec_work+0xf1/0x170 [ 539.843680][T32072] process_one_work+0x9cc/0x1b70 [ 539.845892][T32072] worker_thread+0x6c8/0xf10 [ 539.848034][T32072] kthread+0x3c5/0x780 [ 539.850010][T32072] ret_from_fork+0x5d4/0x6f0 [ 539.852090][T32072] ret_from_fork_asm+0x1a/0x30 [ 539.854205][T32072] SOFTIRQ-ON-R at: [ 539.855564][T32072] lock_acquire+0x179/0x350 [ 539.857602][T32072] _raw_read_lock+0x5f/0x70 [ 539.859703][T32072] __do_wait+0x105/0x890 [ 539.861674][T32072] do_wait+0x21e/0x5a0 [ 539.863600][T32072] kernel_wait+0x9f/0x160 [ 539.865620][T32072] call_usermodehelper_exec_work+0xf1/0x170 [ 539.868083][T32072] process_one_work+0x9cc/0x1b70 [ 539.870247][T32072] worker_thread+0x6c8/0xf10 [ 539.872310][T32072] kthread+0x3c5/0x780 [ 539.874219][T32072] ret_from_fork+0x5d4/0x6f0 [ 539.876297][T32072] ret_from_fork_asm+0x1a/0x30 [ 539.878400][T32072] INITIAL USE at: [ 539.879803][T32072] lock_acquire+0x179/0x350 [ 539.882305][T32072] _raw_write_lock_irq+0x36/0x50 [ 539.884429][T32072] copy_process+0x4caf/0x7690 [ 539.886741][T32072] kernel_clone+0xfc/0x930 [ 539.889082][T32072] user_mode_thread+0xc7/0x110 [ 539.891657][T32072] rest_init+0x23/0x2b0 [ 539.893745][T32072] start_kernel+0x3ee/0x4d0 [ 539.896005][T32072] x86_64_start_reservations+0x18/0x30 [ 539.898339][T32072] x86_64_start_kernel+0x130/0x190 [ 539.900581][T32072] common_startup_64+0x13e/0x148 [ 539.902735][T32072] INITIAL READ USE at: [ 539.904193][T32072] lock_acquire+0x179/0x350 [ 539.906351][T32072] _raw_read_lock+0x5f/0x70 [ 539.908529][T32072] __do_wait+0x105/0x890 [ 539.910626][T32072] do_wait+0x21e/0x5a0 [ 539.912664][T32072] kernel_wait+0x9f/0x160 [ 539.914766][T32072] call_usermodehelper_exec_work+0xf1/0x170 [ 539.917330][T32072] process_one_work+0x9cc/0x1b70 [ 539.919642][T32072] worker_thread+0x6c8/0xf10 [ 539.921814][T32072] kthread+0x3c5/0x780 [ 539.923843][T32072] ret_from_fork+0x5d4/0x6f0 [ 539.926043][T32072] ret_from_fork_asm+0x1a/0x30 [ 539.928270][T32072] } [ 539.929164][T32072] ... key at: [] tasklist_lock+0x18/0x40 [ 539.931636][T32072] ... acquired at: [ 539.932905][T32072] _raw_read_lock+0x5f/0x70 [ 539.934403][T32072] send_sigurg+0xed/0xc80 [ 539.935883][T32072] sk_send_sigurg+0x76/0x360 [ 539.937410][T32072] unix_stream_sendmsg+0xfa5/0x1340 [ 539.939119][T32072] ____sys_sendmsg+0xa95/0xc70 [ 539.940700][T32072] ___sys_sendmsg+0x134/0x1d0 [ 539.942437][T32072] __sys_sendmmsg+0x2f9/0x420 [ 539.944353][T32072] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 539.946220][T32072] __do_fast_syscall_32+0x7c/0x3a0 [ 539.947854][T32072] do_fast_syscall_32+0x32/0x80 [ 539.949393][T32072] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 539.951423][T32072] [ 539.952179][T32072] -> (&f_owner->lock){....}-{3:3} { [ 539.953843][T32072] INITIAL USE at: [ 539.955208][T32072] lock_acquire+0x179/0x350 [ 539.957241][T32072] _raw_write_lock_irq+0x36/0x50 [ 539.959431][T32072] __f_setown+0x61/0x3c0 [ 539.961368][T32072] do_fcntl+0x1098/0x15a0 [ 539.963615][T32072] do_compat_fcntl64+0x367/0x710 [ 539.965757][T32072] __do_fast_syscall_32+0x7c/0x3a0 [ 539.968233][T32072] do_fast_syscall_32+0x32/0x80 [ 539.970353][T32072] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 539.972925][T32072] INITIAL READ USE at: [ 539.974357][T32072] lock_acquire+0x179/0x350 [ 539.976485][T32072] _raw_read_lock_irq+0x67/0x80 [ 539.978810][T32072] f_getown+0x57/0x300 [ 539.980813][T32072] sock_ioctl+0x1f2/0x6b0 [ 539.982859][T32072] compat_sock_ioctl+0x4e3/0x730 [ 539.985124][T32072] __ia32_compat_sys_ioctl+0x23f/0x370 [ 539.987519][T32072] __do_fast_syscall_32+0x7c/0x3a0 [ 539.990018][T32072] do_fast_syscall_32+0x32/0x80 [ 539.992780][T32072] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 539.995782][T32072] } [ 539.996639][T32072] ... key at: [] __key.1+0x0/0x40 [ 539.998928][T32072] ... acquired at: [ 540.000191][T32072] _raw_read_lock_irqsave+0x74/0x90 [ 540.001891][T32072] send_sigio+0x31/0x3e0 [ 540.003361][T32072] kill_fasync+0x214/0x510 [ 540.005022][T32072] lease_break_callback+0x23/0x30 [ 540.006683][T32072] __break_lease+0x671/0x1810 [ 540.008409][T32072] do_dentry_open+0x91f/0x1530 [ 540.009998][T32072] vfs_open+0x82/0x3f0 [ 540.011355][T32072] path_openat+0x1de4/0x2cb0 [ 540.012896][T32072] do_filp_open+0x20b/0x470 [ 540.014384][T32072] do_sys_openat2+0x11b/0x1d0 [ 540.015948][T32072] __ia32_compat_sys_openat+0x16d/0x210 [ 540.017737][T32072] __do_fast_syscall_32+0x7c/0x3a0 [ 540.019489][T32072] do_fast_syscall_32+0x32/0x80 [ 540.021345][T32072] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 540.023884][T32072] [ 540.024667][T32072] -> (&new->fa_lock){....}-{3:3} { [ 540.026306][T32072] INITIAL USE at: [ 540.027572][T32072] lock_acquire+0x179/0x350 [ 540.029497][T32072] _raw_write_lock_irq+0x36/0x50 [ 540.031551][T32072] fasync_remove_entry+0xb2/0x1e0 [ 540.033650][T32072] fasync_helper+0xaf/0xd0 [ 540.035654][T32072] __fput+0x968/0xb70 [ 540.037839][T32072] task_work_run+0x150/0x240 [ 540.040331][T32072] exit_to_user_mode_loop+0xeb/0x110 [ 540.042527][T32072] __do_fast_syscall_32+0x2ac/0x3a0 [ 540.044674][T32072] do_fast_syscall_32+0x32/0x80 [ 540.046688][T32072] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 540.049580][T32072] INITIAL READ USE at: [ 540.051324][T32072] lock_acquire+0x179/0x350 [ 540.053558][T32072] _raw_read_lock_irqsave+0x74/0x90 [ 540.055848][T32072] kill_fasync+0x138/0x510 [ 540.057881][T32072] snd_fasync_work_fn+0x1ac/0x240 [ 540.060117][T32072] process_one_work+0x9cc/0x1b70 [ 540.062313][T32072] worker_thread+0x6c8/0xf10 [ 540.064442][T32072] kthread+0x3c5/0x780 [ 540.066374][T32072] ret_from_fork+0x5d4/0x6f0 [ 540.068499][T32072] ret_from_fork_asm+0x1a/0x30 [ 540.070666][T32072] } [ 540.071501][T32072] ... key at: [] __key.0+0x0/0x40 [ 540.073714][T32072] ... acquired at: [ 540.074946][T32072] lock_acquire+0x179/0x350 [ 540.076455][T32072] _raw_read_lock_irqsave+0x74/0x90 [ 540.078186][T32072] kill_fasync+0x138/0x510 [ 540.079690][T32072] evdev_pass_values+0x619/0x9b0 [ 540.081301][T32072] evdev_events+0x1bb/0x390 [ 540.082791][T32072] input_pass_values+0x74e/0x880 [ 540.084409][T32072] input_handle_event+0xf00/0x14d0 [ 540.086106][T32072] input_inject_event+0x1e8/0x3b0 [ 540.087798][T32072] evdev_write+0x2e1/0x440 [ 540.089288][T32072] vfs_write+0x29d/0x11d0 [ 540.090731][T32072] ksys_write+0x1f8/0x250 [ 540.092212][T32072] __do_fast_syscall_32+0x7c/0x3a0 [ 540.093958][T32072] do_fast_syscall_32+0x32/0x80 [ 540.095739][T32072] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 540.097860][T32072] [ 540.098761][T32072] [ 540.098761][T32072] stack backtrace: [ 540.101009][T32072] CPU: 2 UID: 0 PID: 32072 Comm: syz.2.11344 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) [ 540.101033][T32072] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 540.101043][T32072] Call Trace: [ 540.101051][T32072] [ 540.101059][T32072] dump_stack_lvl+0x116/0x1f0 [ 540.101080][T32072] check_irq_usage+0x7dc/0x920 [ 540.101101][T32072] ? __pfx___smp_call_single_queue+0x10/0x10 [ 540.101124][T32072] ? check_path.constprop.0+0x24/0x50 [ 540.101146][T32072] ? __lock_acquire+0x12bc/0x1ce0 [ 540.101167][T32072] __lock_acquire+0x12bc/0x1ce0 [ 540.101190][T32072] lock_acquire+0x179/0x350 [ 540.101210][T32072] ? kill_fasync+0x138/0x510 [ 540.101237][T32072] _raw_read_lock_irqsave+0x74/0x90 [ 540.101255][T32072] ? kill_fasync+0x138/0x510 [ 540.101272][T32072] kill_fasync+0x138/0x510 [ 540.101295][T32072] evdev_pass_values+0x619/0x9b0 [ 540.101314][T32072] evdev_events+0x1bb/0x390 [ 540.101330][T32072] input_pass_values+0x74e/0x880 [ 540.101348][T32072] input_handle_event+0xf00/0x14d0 [ 540.101361][T32072] ? _copy_from_user+0x59/0xd0 [ 540.101386][T32072] input_inject_event+0x1e8/0x3b0 [ 540.101405][T32072] evdev_write+0x2e1/0x440 [ 540.101421][T32072] ? __pfx_evdev_write+0x10/0x10 [ 540.101434][T32072] ? common_file_perm+0x1a9/0x340 [ 540.101455][T32072] ? bpf_lsm_file_permission+0x9/0x10 [ 540.101479][T32072] ? security_file_permission+0x71/0x210 [ 540.101497][T32072] ? rw_verify_area+0xcf/0x6c0 [ 540.101514][T32072] ? __pfx_evdev_write+0x10/0x10 [ 540.101528][T32072] vfs_write+0x29d/0x11d0 [ 540.101549][T32072] ? __pfx_vfs_write+0x10/0x10 [ 540.101571][T32072] ? find_held_lock+0x2b/0x80 [ 540.101585][T32072] ? __fget_files+0x204/0x3c0 [ 540.101601][T32072] ? __fget_files+0x20e/0x3c0 [ 540.101621][T32072] ksys_write+0x1f8/0x250 [ 540.101639][T32072] ? __pfx_ksys_write+0x10/0x10 [ 540.101658][T32072] ? rcu_is_watching+0x12/0xc0 [ 540.101675][T32072] __do_fast_syscall_32+0x7c/0x3a0 [ 540.101693][T32072] do_fast_syscall_32+0x32/0x80 [ 540.101713][T32072] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 540.101734][T32072] RIP: 0023:0xf70ae579 [ 540.101747][T32072] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 540.101763][T32072] RSP: 002b:00000000f549e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 540.101775][T32072] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040 [ 540.101782][T32072] RDX: 0000000000001068 RSI: 0000000000000000 RDI: 0000000000000000 [ 540.101788][T32072] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 540.101794][T32072] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 540.101800][T32072] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 540.101811][T32072] [ 540.714352][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 541.743779][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 542.783434][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 543.832707][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 544.862331][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 545.901679][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 546.941306][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 547.990597][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 549.030322][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available VM DIAGNOSIS: 12:56:05 Registers: info registers vcpu 0 CPU#0 RAX=000000000007ffff RBX=ffff88806aee0000 RCX=ffffc9000c001000 RDX=0000000000080000 RSI=ffffffff81b3dc80 RDI=ffffffff90ab9878 RBP=0000000000000000 RSP=ffffc9000c5bf298 R8 =0000000000000000 R9 =0000000000000000 R10=ffffffff90ab6b97 R11=0000000000010400 R12=1ffff920018b7e56 R13=ffff88806aee0008 R14=ffffffff90ab9840 R15=ffff88804bbcb000 RIP=ffffffff81bb1036 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880974c6000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f71a3b10 CR3=0000000058630000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=00000000004fbcfc RBX=0000000000000001 RCX=ffffffff8b903bf9 RDX=ffffed1005666656 RSI=ffffffff8c162900 RDI=ffffffff8190cd41 RBP=ffffed1003bd8488 RSP=ffffc9000046fdf8 R8 =0000000000000000 R9 =ffffed1005666655 R10=ffff88802b3332ab R11=0000000000000000 R12=0000000000000001 R13=ffff88801dec2440 R14=ffffffff90ab6b90 R15=0000000000000000 RIP=ffffffff8b90275f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880975c6000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7436288 CR3=000000005933d000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff85614150 RDI=ffffffff9b0f6600 RBP=ffffffff9b0f65c0 RSP=ffffc9000c64f298 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=0000000000000020 R14=fffffbfff361ed12 R15=dffffc0000000000 RIP=ffffffff85614177 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880976c6000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f549c4b4 CR3=0000000050f3d000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffff00 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000419754 RBX=0000000000000003 RCX=ffffffff8b903bf9 RDX=ffffed10056a6656 RSI=ffffffff8c162900 RDI=ffffffff8190cd41 RBP=ffffed1003862000 RSP=ffffc9000048fdf8 R8 =0000000000000000 R9 =ffffed10056a6655 R10=ffff88802b5332ab R11=0000000000000001 R12=0000000000000003 R13=ffff88801c310000 R14=ffffffff90ab6b90 R15=0000000000000000 RIP=ffffffff8b90275f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977c6000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c3e5817 CR3=000000000e380000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=000000008000007f Opmask01=000000000000ffff Opmask02=000000000301ffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005643e20b20b0 0000000000000009 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001e1 0000000000000031 746e6576652f7475 706e692f7665642f ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 25203a726f727265 2064616572207265 79616c207475706e 6900000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00051f574a575740 0541444057055740 5c4449055150554b 4c00000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0007002400000001 0005000800000000 0004000800000001 0003000800000021 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005643e20b6778 0000000000000000 0000000200000005 00005643e20b6388 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005643e20b56d5 0000000000000001 0000000200000005 00005643e20b6778 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000200000005 00005643e20b6388 0000000000000001 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005643e20b56ac 0000000000000001 0000000000000005 00005643e20b56c1 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbf2d2e28332220 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3724bf2f2b2427bf 2d2e2832312435bf 3728252433342c2f 33bf2d2e28332220 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000