last executing test programs: 36.08339935s ago: executing program 1 (id=447): recvfrom$ax25(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000040)={{0x3, @default, 0x4}, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @bcast, @null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00', 0xfffffffe}) ioctl(r1, 0x8b22, &(0x7f0000000040)) 36.081624401s ago: executing program 1 (id=448): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r1 = syz_open_dev$radio(&(0x7f00000003c0), 0x2, 0x2) read(r1, &(0x7f0000000080)=""/116, 0xfffffeb2) read(r1, &(0x7f0000000280)=""/96, 0x60) 35.992581322s ago: executing program 1 (id=450): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x100) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x0, 0x0, 'queue0\x00'}) sendmsg$RDMA_NLDEV_CMD_SET(0xffffffffffffffff, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x9, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3, 0x0, 0x0, 0x1, 0x1}}) 35.987433417s ago: executing program 1 (id=451): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x1d0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) umount2(&(0x7f00000000c0)='./file0/file0/../file0\x00', 0x1) 35.854905478s ago: executing program 1 (id=453): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3", 0xa3}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x8000}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 35.57607902s ago: executing program 1 (id=457): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newlink={0x50, 0x10, 0x503, 0x0, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x18, 0x2, 0x0, 0x1, @val={0x14, 0x1, {{0x0, 0x0, 0x0, r2, 0x400, 0x452c}}}}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x50}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0) 35.43475707s ago: executing program 32 (id=457): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newlink={0x50, 0x10, 0x503, 0x0, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x18, 0x2, 0x0, 0x1, @val={0x14, 0x1, {{0x0, 0x0, 0x0, r2, 0x400, 0x452c}}}}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x50}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0) 1.55146263s ago: executing program 0 (id=1204): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x2, @val=@tcx}, 0x1c) syz_emit_ethernet(0x2a, &(0x7f00000005c0)={@broadcast, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1}, @echo_reply={0x0, 0x0, 0x0, 0x65, 0x4}}}}}, 0x0) 1.474831103s ago: executing program 0 (id=1206): socket$kcm(0xa, 0x3, 0x87) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000030400000000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="20000000100000001c001280090001006970697027d6fc6015b652eea28f3b"], 0x3c}}, 0x20000000) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd010000000000140000006000000003088700fe88a43de1a400000000000000007d01ff020000000000000000000000000001"], 0xfdef) 1.424694159s ago: executing program 2 (id=1208): ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x2b) sendmsg$rds(r0, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0xf00, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) 1.424443222s ago: executing program 0 (id=1209): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x80100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x1000, &(0x7f0000f9b000/0x1000)=nil}) r3 = dup(r2) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000000c0)=0xffff) 1.26363187s ago: executing program 0 (id=1210): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x481, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f00000006c0)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000680)=ANY=[@ANYBLOB="010000000000000001"]) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000240)={"de3505bd13fffedca03799bcbd1b549ce942c5acf5c695d10d5dadcdaf9f67b1251d5130afd730ef6872cdd3af290b9ae402565a29289ab6cff823a23a934fb0f457379c6b358edb83895ab402cb42d4ec31c69e36a2b7d1d3612d25997170517656dbfb711abf910efb4168da4c3db0f1d847709def72ffffff7f000000005daf4e8e4cf35e98d4375b484cc20eac1fe4eb50aa83accb9e1e558df7c25ba73f148fc51797392f3ff870ce3fd2d9fd6051c57c73dd8fc583f2abfab6f6430407c61ba24308000000000000002377f77203fe7a907861da7be807e1ab9a12ed01fa50c20e0fe8372e5904476e7cab8ad4ea8d43ca167dbe60dbc0d61ad582864b2cf07685fe01795580e1ffd73b9269a0acc3b44b8b5cf40ab684edee8b02828f3cc9a939f238bbe5b370b860c702e30021b25db05189489c6484e0a4d06d827d450f198b21b04a54553fc9346b18d36a040b4854c41bb0a5b4b4d8cfc2186356c31e381b50da79d6a42567730134fc70e6486568798772aaf9533380f5efbd6f02036b0fd5619a47994400aa65b698c54752a5b7e71826417392d95c234b101c9dba599255a77f015c8748b075bbf113d011df34c29b6dacb410f8b63260d4c0079c220049a4a83eae6078effd3892fc9aa173c00476102f4cc52d4e0a417dcaecf8f342f7515ae23db82b9849a8eff88309fb53f0193d35977970c60035b9d6c37fa1df1d35a5a0f3aa1f69bec9e818670029b0d82efd8ef0907c4db22f0ef5bee20259c5c4158e63b376021dbe39002bd268e1ab7fee8002ccf9509d1a956f0d2aeb942c96c91e89183e564a84c431e3d3a1d6b1d7364c369bb6931935d74f19e609b898633378f1d67966b9196ba3d866dc0ee42341f147ccec3aa2c78ce689476eb830756f992c4acc74c166f7992c7453e6b57a43c56194ee25ace05b41afcfa61f963d1e9851eb8d471dfa435deb14ca350b1b50e8e50ece91f75877d02a7a6856beaf0d90259fb75adb86242283fd9e3e1dba5dd941c2b506d92a67f6b2af8dc726e95b351525f4c1b20e5038874321a306b4af9d9b48228071e4ce763bf7fbe9c8aa6671c151f8c7e6a8b6cfb9217d131d9f34f3534c0cb240e4bf9f8c981517637317c879a2a693f4c05bccdaa7c4ecdaf50800aee17284b488c77298bd6ddc0cdc4e098d67c4cf6145e5d1489c4e65bd00003e77fde174836c1b3d3a35b81a5f490a7737eaa25acd5ef62344ba137ecc4715439b25313e0ddd712562a83f52f2fc80c50965dff03c4d65a7d4804fe844d04f2e02b56f5be821a6a1ba18b1b198122e6bf460c208b04f7a246875ab1e75657ca4605193c216645700000000000000000000000000000000000700"}) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000740)={"effa58a4e979e5b74aefe73bc1f2d3a717dfabdc5e1d38b959ceeca589a25589fc1df7d173269f436e9627180a855633bc2ddbb90afe128283775ca5b5755be7b97408bf33f7f4eea2791b33a292c4d976fa04971bffad97ac33198356a218de4f2088b0c0c4cddaccc51cc28922b9acc8c4d1aea8184691a551fb6e147146feca8262b09f105c66630c187bb8ebb4e44c74443c84e399a6c860129ccf73d0fc9c3ad29e89a3b3afb60abeaf0b7e55e4a619cce3618c502b146788e059d8aac202954c207c72d4555ef04ba89e445b76bb0ed6b163eb8ff42dc75ba90eb99650fbc0566f503471173a218fd53e9dd12c5a71447a499db40faf9ed7c2c60a01d468d790b8189ae0b02582f16d43f60e2a15d0262cbea2b783203f5036c753f8220b9c4540b132889c881f848295bf7c17b93e1bc4527096c2e5863ffadeb082a4aaeaba08bd8a0ca96a0aaf5f616c3cfdc1bc58b0814f657b7c2070bc96c2af2281136dfaff4e4d6dce1cb6e12fbb530bcee6a87b2336672de89fcc8bf769d20b6f67f289961172de1e7f82ff95ddb310c0381ddce5c96864fc763b718169528717a99d24df5fc47d9540e9a923827b60751efb9a68ab5e7c0105550996eae2d2fd3e81b24dc8032a97dabd8ff96b056a0f153bca013c95c2a0af37eb21f2ff3529315192af1f7ab05f4ac5dfc5b31f023a39ab7db6c3430c40695a849bdd3b414860e789d224beaf8c07689f3ee39a265c382fb400a010d741193c5b98a1d54c9bdb984706180386e91372a7ef80a4705ec3f8dc6cedfb1073aa1845ccb18a448e706c89c50e60901a8a70b9df95fa728be6abacdc65a1eb554768cd971bc50aea6646fa060a4b83724e93965cd93145549933f350320b7a498826b5f3b23fca68749b1ed60bf0dc36a7d3c47fe60b4c26a209844e6f876de2b69b81ad2d8ae72a438ec0f4c41889edac36003f5c3617a3da32c0dd8c27884e44e902efb527cc5be4336ce06776e0dfb2a56565fc4deeea78f66c663215786ed35fa1299f34667cabe4ae9afdd8cf943f38db9ed1a909f4d83cd0e793c6947c43ab5130f1c7868a1a92842878c5d85860e5cc58f13b2b8ce5e7ed84025b91572a4bc315faf270d7c023bfa92d686b814fd2d3ab94612cbcec0f095f403a925c27b143d34af2e8eba760adec1c8bd2d239b41a1a35881bfda70b4c39eb9051fe5e807fe3f566219f4a886330fca4f2221c9a61efa3b80a4b9b40fa138f9f152c84f99e8714d86eab0f473726d9cf949acd0abb7470caf8088438ee8e6dced66276a1b174028ab636e0abc70f5a18f1779216fdeeea2b4ba482f4100f5a4094a95d69ccc3ef8ab74011d4320f2bfaf6a5052518be42c0f6b2045f56a348945f80ab3d9ccf3808bd55dc018d7dd91000"}) 1.262983733s ago: executing program 2 (id=1211): r0 = signalfd4(0xffffffffffffffff, &(0x7f00000008c0), 0x8, 0x800) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}}) r1 = signalfd(0xffffffffffffffff, &(0x7f0000000280)={[0x6]}, 0x8) read$FUSE(r1, &(0x7f00000008c0)={0x2020}, 0xfffffef0) r2 = gettid() rt_sigsuspend(&(0x7f0000000040)={[0x3]}, 0x8) tkill(r2, 0x7) 1.164723366s ago: executing program 0 (id=1212): bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x50) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448de, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{}, &(0x7f0000000840), &(0x7f0000000880)}, 0x20) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newtaction={0x4c, 0x1e, 0x109, 0x0, 0x25dfdbfe, {}, [{0x38, 0x1, [@m_mirred={0x34, 0x0, 0x0, 0x0, {{0xb, 0x9}, {0x4, 0xe}, {0x6, 0x6, "6ed0"}, {0x21}, {0xc, 0x8, {0x1}}}}]}]}, 0x4c}, 0x1, 0x2b1e}, 0x0) syz_usb_connect$uac1(0x0, 0x8a, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x78, 0x3, 0x1, 0x8, 0x80, 0x1, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xa65d, 0x4}, [@processing_unit={0xa, 0x24, 0x7, 0x4, 0x3, 0xf, "057a8a"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0x7, 0x4c, 0x8, {0x7, 0x25, 0x1, 0x80, 0x9, 0xfffe}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0xe, 0xfb, 0x1002}, @format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0x5, 0x4, 0x52, 0x5}]}, {{0x9, 0x5, 0x82, 0x9, 0x200, 0x7a, 0x80, 0x40, {0x7, 0x25, 0x1, 0x3, 0xf, 0x32}}}}}}}]}}, 0x0) 453.971726ms ago: executing program 3 (id=1219): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000041}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r3, {0x0, 0x5}, {0xffe0, 0xb}, {0x9, 0x8}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xf, 0x8, 0x27, 0x100, 0x1, 0x3, 0x40}}, {0x4}}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) 446.929617ms ago: executing program 4 (id=1220): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000000)={0x0, 0xfff8, 0x7, 0x800, 0x8, 0x100000c}, 0x14) 383.41274ms ago: executing program 3 (id=1221): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="e40000001000010400400000000000000000ffff", @ANYRES32=0x0, @ANYBLOB="0891040000000000b000128009000100766c616e00000000a000028004000480400003800c0000002d0a0000030000000c0001000900000008"], 0xe4}}, 0x0) r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000240)=0x0, &(0x7f0000000140)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='2'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd_index=0x1}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 383.179137ms ago: executing program 2 (id=1222): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000080)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f00000000c0)={@local, 0x1}) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r1, 0x7ab, &(0x7f00000001c0)={&(0x7f0000000780)={{@my=0x0, 0x4}, {@local, 0x5}, 0x400, "982cbf5250a16070f462a33e81487dc2c89a71670d229a4958c91e934bf250b89ac9eb14f62abbceaa2758e59adbb3713426bfa62100d3cfb9fc3e2a1115a1c4c3e1fcb0811f30fe8a04c5a366bac1fe2ba60d3dc986fabef91bea03b79aa38665585ff12f61ddc9e602bb8e451e172e317ad7fa1308662d371cf74cd9d62fb3173f6ded9926ef88aa62e0af52fdc97cf474500c4364bd747d83e242c4de11c30f7f8507b60dac9ffa855914a4f010a793e5a463ca1431db2098d45f83805250f07edaca08852a27ab7df82a0c9165b5347c7f0d70473a6faa22a2c151583ed7d6b204c3a8fca9434b6c537f45511e1647cf34fc9af714f395b3ee99c950afd1f687d67a71a01a83a8e8d585b5a6b8f34ceb8a4253596f57ca4a4ecd8d194ef11d3592e389de788da42dde388f36c4e02e422851971f6d4c5673d986c047ab8e32b937594bc35b281cc0cdffd1876f5848a9a4a36335e584495e6a7be7c09fec288447e204c2e2e87717d2b425fc93d23459384ae3b1242050e044b1c2cd303dc6c59facc0ff3c66a44c0fbb95dbf237870ac88764be9d3491e5e46402f099b7cdcf9836670875ed0fdf96bbd3350e82da2e5ae5a1f8345e98bf3edafa8db44ee7aa0372eaebf9635a467c4570c2a779fcea3c543760329bb41a7c72f3dca444c2897bb7dda830b9fdd934483d90d7463f83185ee689f89b4960508f8130eb6cfa7e2ec8b7cc518312005d7825258801c46b5245ec6795248813b3bfac6e04039081da5a9c9a80637866f78039e7fde0b0362a09f827e98602028a0159a00f6a1e8c73c3ab00b73b3b0895a5bcb5aa5c4b6b0d9668ffdb9f3b11f2b213daf1088508fbf545c3a5d9e6ec9debc4648268879aec54059e0b3bb296ab1ea775b42d9b206e2f759e80ce47a9c5de8d753f6463856cc0ad94cff563e27621d137a0b61983bb49a795bc283956894b1ec4efc55dda0c62bc61c76f09fae24e5676bb73db392089477ec21b61534d84f912bbe5c8bea4167a5018317f5292561c9f76bfb969d7d67b26e9ddfe95cace6fbc5898b91396bf1c9a1cae3ce01cf8264f53e7c5c58bce6b9328f320a274f47f92d87f529ee2f9dce9a7711be65fe0f8787578809e365bca178f40a1813ebf5011233880108f4aa2d70a2a861a2849d878bed392b5fad306a26b35f25681cf5277b6573a53890dbabff34dee29a15ff56c86a0e422e67e36838384871197a759cccd3df30f4a4f4fb41a702334b92a0512569f9e197d75337e2baf6990ce3a556c56e26fc471054fe2ebd641212f86263804721e9bdeb88308bdecb531e247a8408fe85fbd261e7f8c190587a4d2710bbeb01749a5bd10249f4a3f87dcaf074ae948f0cd1483033b6b9f13fba50510522a4f81ab686b6515b7b7bd7d8f0e28320fd7fdc982f13c95195b7ac3e2f9ccbe097325"}, 0x418, 0x1}) 382.903279ms ago: executing program 4 (id=1223): socket(0x2000000000000021, 0x2, 0x10000000000002) r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x34f}, &(0x7f00000002c0)=0x0, &(0x7f0000000080)=0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_LINKAT={0x27, 0x0, 0x0, r3, 0x0, 0x0, 0xffffffffffffffff, 0x1400}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 370.849467ms ago: executing program 3 (id=1224): syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='smaps_rollup\x00') fchdir(r0) r1 = inotify_init() inotify_add_watch(r1, &(0x7f0000000000)='./file0\x00', 0x84000584) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x401c2, 0x0) 333.97137ms ago: executing program 2 (id=1225): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000740)={'wlan1\x00', 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)={0x20, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 332.973226ms ago: executing program 4 (id=1226): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee4, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8001}}) io_uring_enter(r0, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_POLL_REMOVE={0x7, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x4e14, 0x912a, 0x41, 0x0, 0x0) 331.632192ms ago: executing program 3 (id=1227): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94) r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0xfffffffc, 0xd3}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x32, 0x0, 0x0, 0x4}]}, 0x8) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x54, 0x0, 0x0, 0x0, 0x23456}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 264.744579ms ago: executing program 2 (id=1228): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = syz_io_uring_setup(0x507d, &(0x7f0000000480)={0x0, 0x0, 0x10100, 0x0, 0xffffffff}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='net_prio.prioidx\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='6'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 229.98404ms ago: executing program 2 (id=1229): pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'lo\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x70bd27, 0x25dfdbff, {0xa, 0x40, 0x0, 0xff, r4}, [@IFA_LOCAL={0x14, 0x2, @loopback}, @IFA_RT_PRIORITY={0x8, 0x9, 0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x2004c041}, 0x400c0c0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x8001, 0xd) 162.312345ms ago: executing program 4 (id=1230): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0xa, 0x4, 0x6, 0x23, 0x0, 0x1, 0x3}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0x4, 0x6, 0x1}, 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) 159.488977ms ago: executing program 3 (id=1231): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x80, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x54, 0x4, 0x0, 0x1, [{0x50, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x40, 0x2, 0x0, 0x1, [@NFTA_TARGET_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TARGET_INFO={0x2c, 0x3, "7339f2f10455afb9fdd672bad09dfb78c7699c74e891a0c700"/40}, @NFTA_TARGET_NAME={0x8, 0x1, 'TEE\x00'}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa8}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) close_range(r0, 0xffffffffffffffff, 0x0) 154.226424ms ago: executing program 4 (id=1232): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet(r1, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0) sendto$inet6(r1, &(0x7f0000000200)='x', 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8) 81.333681ms ago: executing program 3 (id=1233): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x70, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0x0, 0xffe0}, {}, {0x7, 0xe}}, [@filter_kind_options=@f_flow={{0x9}, {0x40, 0x2, [@TCA_FLOW_EMATCHES={0x3c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x7}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x2c, 0x1, 0x0, 0x0, {{0x8, 0x9, 0x40}, [@TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x2}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x3}, @TCA_EM_IPT_MATCH_DATA={0x4}, @TCA_EM_IPT_MATCH_NAME={0xb}]}}]}]}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x2c0408c0}, 0x2008c014) 80.664178ms ago: executing program 4 (id=1234): setreuid(0xffffffffffffffff, 0xee00) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000000040)=0x8001) r2 = getpgid(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000140)={0x2, r2}) sendmmsg$unix(r0, &(0x7f0000006c40)=[{{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000008c0)='\x00', 0x1}], 0x1}}], 0x1, 0x408b1) 0s ago: executing program 0 (id=1235): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@newlink={0x4c, 0x10, 0xffffff1f, 0x0, 0x80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, [@IFLA_MASTER={0x8, 0xa, r2}, @IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_FILTERING={0x5, 0x7, 0x6}, @IFLA_BR_VLAN_DEFAULT_PVID={0x6}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:49593' (ED25519) to the list of known hosts. [ 46.986566][ T5894] cgroup: Unknown subsys name 'net' [ 47.198234][ T5894] cgroup: Unknown subsys name 'cpuset' [ 47.203464][ T5894] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 48.239543][ T5894] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 52.424683][ T5985] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 52.427795][ T5985] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 52.430311][ T5985] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 52.433605][ T5985] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 52.436686][ T5985] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 52.451594][ T5994] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 52.452184][ T5986] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 52.455601][ T5994] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 52.459484][ T5986] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 52.462335][ T5995] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 52.465121][ T5986] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 52.467539][ T5995] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 52.471341][ T5986] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 52.476247][ T5993] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 52.478402][ T5339] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 52.480670][ T5993] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 52.481705][ T5996] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 52.482594][ T5339] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 52.492327][ T5339] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 52.495430][ T5339] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 52.789610][ T5980] chnl_net:caif_netlink_parms(): no params data found [ 52.859624][ T5981] chnl_net:caif_netlink_parms(): no params data found [ 52.887498][ T5989] chnl_net:caif_netlink_parms(): no params data found [ 52.959246][ T5990] chnl_net:caif_netlink_parms(): no params data found [ 53.062322][ T5980] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.065633][ T5980] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.068235][ T5980] bridge_slave_0: entered allmulticast mode [ 53.071499][ T5980] bridge_slave_0: entered promiscuous mode [ 53.140797][ T5980] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.143494][ T5980] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.145910][ T5980] bridge_slave_1: entered allmulticast mode [ 53.148702][ T5980] bridge_slave_1: entered promiscuous mode [ 53.163783][ T5981] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.166774][ T5981] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.169767][ T5981] bridge_slave_0: entered allmulticast mode [ 53.173832][ T5981] bridge_slave_0: entered promiscuous mode [ 53.198945][ T5981] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.202436][ T5981] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.206996][ T5981] bridge_slave_1: entered allmulticast mode [ 53.211504][ T5981] bridge_slave_1: entered promiscuous mode [ 53.363969][ T5980] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.367053][ T5989] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.369311][ T5989] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.371608][ T5989] bridge_slave_0: entered allmulticast mode [ 53.374273][ T5989] bridge_slave_0: entered promiscuous mode [ 53.377159][ T5990] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.380190][ T5990] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.383351][ T5990] bridge_slave_0: entered allmulticast mode [ 53.387536][ T5990] bridge_slave_0: entered promiscuous mode [ 53.395530][ T5981] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.401947][ T5980] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.406127][ T5989] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.409080][ T5989] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.411650][ T5989] bridge_slave_1: entered allmulticast mode [ 53.414479][ T5989] bridge_slave_1: entered promiscuous mode [ 53.430078][ T5990] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.433311][ T5990] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.436512][ T5990] bridge_slave_1: entered allmulticast mode [ 53.440426][ T5990] bridge_slave_1: entered promiscuous mode [ 53.467192][ T5981] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.555840][ T5990] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.581072][ T5980] team0: Port device team_slave_0 added [ 53.588312][ T5989] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.596048][ T5990] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.625781][ T5980] team0: Port device team_slave_1 added [ 53.630038][ T5989] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.665205][ T5981] team0: Port device team_slave_0 added [ 53.772649][ T5981] team0: Port device team_slave_1 added [ 53.776184][ T5980] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.779074][ T5980] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.787612][ T5980] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.819084][ T5990] team0: Port device team_slave_0 added [ 53.847007][ T5980] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.849744][ T5980] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.860333][ T5980] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.866239][ T5989] team0: Port device team_slave_0 added [ 53.871391][ T5990] team0: Port device team_slave_1 added [ 53.902248][ T5989] team0: Port device team_slave_1 added [ 53.932856][ T5981] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.936372][ T5981] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.948037][ T5981] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.013276][ T5981] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.016962][ T5981] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.029702][ T5981] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.058664][ T5990] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.061763][ T5990] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.075611][ T5990] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.080595][ T5990] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.083554][ T5990] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.093682][ T5990] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.115739][ T5989] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.118077][ T5989] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.128631][ T5989] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.137471][ T5989] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.139746][ T5989] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.148399][ T5989] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.180757][ T5980] hsr_slave_0: entered promiscuous mode [ 54.183314][ T5980] hsr_slave_1: entered promiscuous mode [ 54.227581][ T5981] hsr_slave_0: entered promiscuous mode [ 54.230353][ T5981] hsr_slave_1: entered promiscuous mode [ 54.233952][ T5981] debugfs: 'hsr0' already exists in 'hsr' [ 54.237006][ T5981] Cannot create hsr debugfs directory [ 54.351621][ T5990] hsr_slave_0: entered promiscuous mode [ 54.354302][ T5990] hsr_slave_1: entered promiscuous mode [ 54.356898][ T5990] debugfs: 'hsr0' already exists in 'hsr' [ 54.359145][ T5990] Cannot create hsr debugfs directory [ 54.457049][ T5989] hsr_slave_0: entered promiscuous mode [ 54.460294][ T5989] hsr_slave_1: entered promiscuous mode [ 54.463302][ T5989] debugfs: 'hsr0' already exists in 'hsr' [ 54.465653][ T5989] Cannot create hsr debugfs directory [ 54.564672][ T5339] Bluetooth: hci2: command tx timeout [ 54.564678][ T63] Bluetooth: hci3: command tx timeout [ 54.572865][ T5339] Bluetooth: hci0: command tx timeout [ 54.572899][ T63] Bluetooth: hci1: command tx timeout [ 54.905340][ T5980] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 54.914718][ T5980] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 54.932528][ T5980] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 54.939560][ T5980] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 54.987258][ T5981] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 54.995620][ T5981] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 55.002761][ T5981] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 55.018244][ T5981] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 55.084717][ T5990] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 55.091664][ T5990] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 55.099749][ T5990] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 55.106754][ T5990] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 55.181994][ T5989] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 55.192236][ T5989] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 55.205098][ T5989] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 55.217093][ T5989] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 55.235550][ T5980] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.283971][ T5980] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.301052][ T5981] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.308962][ T1188] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.311639][ T1188] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.325687][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.328074][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.352377][ T5981] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.364651][ T1188] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.367720][ T1188] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.382562][ T1138] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.384935][ T1138] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.395703][ T5990] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.441013][ T5990] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.449148][ T81] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.452207][ T81] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.471439][ T1138] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.475046][ T1138] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.489170][ T5989] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.523673][ T5989] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.534158][ T1138] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.537241][ T1138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.548538][ T1188] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.550990][ T1188] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.590000][ T5990] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 55.596326][ T5990] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.647676][ T5989] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.687265][ T5981] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.699714][ T5980] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.757586][ T5980] veth0_vlan: entered promiscuous mode [ 55.765660][ T5981] veth0_vlan: entered promiscuous mode [ 55.779935][ T5981] veth1_vlan: entered promiscuous mode [ 55.785518][ T5980] veth1_vlan: entered promiscuous mode [ 55.809540][ T5990] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.856148][ T5980] veth0_macvtap: entered promiscuous mode [ 55.859855][ T5981] veth0_macvtap: entered promiscuous mode [ 55.867438][ T5989] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.878043][ T5981] veth1_macvtap: entered promiscuous mode [ 55.888030][ T5980] veth1_macvtap: entered promiscuous mode [ 55.928345][ T5981] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.936628][ T5980] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.943740][ T5990] veth0_vlan: entered promiscuous mode [ 55.948064][ T5981] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.955354][ T5980] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.976620][ T1138] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.981581][ T1138] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.987271][ T1138] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.995533][ T1138] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.998482][ T1138] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.006383][ T5990] veth1_vlan: entered promiscuous mode [ 56.015354][ T1138] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.024735][ T5989] veth0_vlan: entered promiscuous mode [ 56.034917][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.037669][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.065879][ T5989] veth1_vlan: entered promiscuous mode [ 56.098193][ T5990] veth0_macvtap: entered promiscuous mode [ 56.131191][ T81] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.135535][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.138437][ T81] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.139450][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.148108][ T5990] veth1_macvtap: entered promiscuous mode [ 56.184072][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.187852][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.196097][ T5989] veth0_macvtap: entered promiscuous mode [ 56.203879][ T5990] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.215976][ T5990] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.219286][ T5989] veth1_macvtap: entered promiscuous mode [ 56.219381][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.225170][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.238441][ T1138] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.240111][ T5981] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 56.241513][ T1138] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.260519][ T1138] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.264705][ T1138] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.271563][ T5989] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.291492][ T5989] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.321793][ T1143] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.327766][ T1143] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.330285][ T6074] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3'. [ 56.331529][ T1143] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.338347][ T1143] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.401771][ T81] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.405400][ T81] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.405847][ T6078] syz.1.5 uses obsolete (PF_INET,SOCK_PACKET) [ 56.436984][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.441351][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.474955][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.478385][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.494313][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.497071][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.643853][ T63] Bluetooth: hci1: command tx timeout [ 56.646428][ T63] Bluetooth: hci0: command tx timeout [ 56.648505][ T63] Bluetooth: hci2: command tx timeout [ 56.656328][ T63] Bluetooth: hci3: command tx timeout [ 56.722648][ T6096] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9'. [ 56.798254][ T6096] hsr_slave_0 (unregistering): left promiscuous mode [ 56.862992][ T10] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 57.029869][ T10] usb 6-1: unable to get BOS descriptor or descriptor too short [ 57.033407][ T10] usb 6-1: no configurations [ 57.035387][ T10] usb 6-1: can't read configurations, error -22 [ 57.872080][ T10] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 58.021311][ T6144] netlink: 'syz.0.27': attribute type 10 has an invalid length. [ 58.025633][ T6144] netlink: 40 bytes leftover after parsing attributes in process `syz.0.27'. [ 58.026691][ T10] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 58.029509][ T6144] dummy0: entered promiscuous mode [ 58.034840][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 58.036832][ T6144] bridge0: port 3(dummy0) entered blocking state [ 58.040322][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 58.042446][ T6144] bridge0: port 3(dummy0) entered disabled state [ 58.047582][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 58.050864][ T6144] dummy0: entered allmulticast mode [ 58.057536][ T10] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 58.058295][ T6144] bridge0: port 3(dummy0) entered blocking state [ 58.061507][ T10] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 58.064432][ T6144] bridge0: port 3(dummy0) entered forwarding state [ 58.068031][ T10] usb 6-1: Manufacturer: syz [ 58.075066][ T10] usb 6-1: config 0 descriptor?? [ 58.253670][ T6067] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 58.403370][ T6067] usb 8-1: Using ep0 maxpacket: 32 [ 58.408468][ T6067] usb 8-1: config 0 has an invalid interface number: 12 but max is 0 [ 58.411985][ T6067] usb 8-1: config 0 has no interface number 0 [ 58.415074][ T6067] usb 8-1: config 0 interface 12 has no altsetting 0 [ 58.421469][ T6067] usb 8-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 58.428163][ T6067] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 58.432659][ T6067] usb 8-1: Product: syz [ 58.435138][ T6067] usb 8-1: Manufacturer: syz [ 58.437222][ T6067] usb 8-1: SerialNumber: syz [ 58.443646][ T6067] usb 8-1: config 0 descriptor?? [ 58.451312][ T6067] f81534 8-1:0.12: required endpoints missing [ 58.491920][ T10] appleir 0003:05AC:8243.0002: unknown main item tag 0x0 [ 58.502226][ T10] appleir 0003:05AC:8243.0002: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 58.668369][ T29] usb 8-1: USB disconnect, device number 2 [ 58.722987][ T63] Bluetooth: hci0: command tx timeout [ 58.723591][ T5986] Bluetooth: hci1: command tx timeout [ 58.732855][ T5986] Bluetooth: hci3: command tx timeout [ 58.733962][ T63] Bluetooth: hci2: command tx timeout [ 58.767139][ T6069] usb 6-1: USB disconnect, device number 3 [ 60.335727][ T6221] input: syz0 as /devices/virtual/input/input5 [ 60.813278][ T63] Bluetooth: hci2: command tx timeout [ 60.813613][ T5986] Bluetooth: hci3: command tx timeout [ 60.814855][ T5339] Bluetooth: hci0: command tx timeout [ 60.814889][ T5339] Bluetooth: hci1: command tx timeout [ 61.210474][ T6249] netlink: 4 bytes leftover after parsing attributes in process `syz.2.67'. [ 61.448425][ T6194] Set syz1 is full, maxelem 65536 reached [ 61.476725][ T40] audit: type=1326 audit(1756196380.818:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6257 comm="syz.3.71" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70fe579 code=0x0 [ 61.849128][ T6272] process 'syz.1.76' launched './file0' with NULL argv: empty string added [ 62.134434][ T6288] netlink: 8 bytes leftover after parsing attributes in process `syz.1.83'. [ 62.355728][ T6298] block nbd0: Unsupported socket: shutdown callout must be supported. [ 62.421127][ T6302] netlink: 4 bytes leftover after parsing attributes in process `syz.1.89'. [ 62.964095][ T1343] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 63.148866][ T1343] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 63.156100][ T1343] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 63.159966][ T1343] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 63.165138][ T1343] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 63.173976][ T6317] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 63.181393][ T1343] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 63.259729][ T6350] Bluetooth: MGMT ver 1.23 [ 63.377016][ T6362] netlink: 'syz.0.116': attribute type 1 has an invalid length. [ 63.392548][ T10] usb 8-1: USB disconnect, device number 3 [ 63.463927][ T6366] 8021q: adding VLAN 0 to HW filter on device bond2 [ 63.467971][ T6366] bond1: (slave bond2): making interface the new active one [ 63.470643][ T6366] bond1: (slave bond2): Enslaving as an active interface with an up link [ 63.870818][ T6382] Bluetooth: hci0: too big key_count value 34945 [ 63.887949][ T6384] netlink: 4 bytes leftover after parsing attributes in process `syz.0.124'. [ 63.949907][ T6388] netlink: 32 bytes leftover after parsing attributes in process `syz.2.126'. [ 63.954173][ T6388] bridge: RTM_NEWNEIGH with invalid ether address [ 63.957485][ T6388] Zero length message leads to an empty skb [ 64.259700][ T6422] netlink: 12 bytes leftover after parsing attributes in process `syz.1.137'. [ 64.274322][ T6422] vxlan0: entered promiscuous mode [ 64.281040][ T41] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 64.284176][ T41] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 64.287727][ T41] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 64.292651][ T41] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 64.650602][ T6439] netlink: 8 bytes leftover after parsing attributes in process `syz.0.146'. [ 65.002254][ T6464] netlink: 84 bytes leftover after parsing attributes in process `syz.3.157'. [ 65.293897][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 65.346986][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2c2!!! [ 65.351363][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 65.418685][ T6488] bridge0: port 3(dummy0) entered disabled state [ 65.421668][ T6488] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.427045][ T6488] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.475500][ T6214] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 65.561950][ T6488] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 65.581012][ T6488] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 65.659801][ T6214] usb 8-1: Using ep0 maxpacket: 16 [ 65.670964][ T6214] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 65.685721][ T6214] usb 8-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 65.689340][ T6214] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 65.692240][ T6214] usb 8-1: Product: syz [ 65.694238][ T6214] usb 8-1: Manufacturer: syz [ 65.696508][ T6214] usb 8-1: SerialNumber: syz [ 65.701526][ T6214] usb 8-1: config 0 descriptor?? [ 65.710154][ T6214] hub 8-1:0.0: bad descriptor, ignoring hub [ 65.712443][ T6214] hub 8-1:0.0: probe with driver hub failed with error -5 [ 65.721621][ T6214] input: syz syz as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input6 [ 65.817546][ T13] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.821318][ T13] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.827612][ T13] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.835237][ T13] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.948064][ T6510] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 66.633066][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.636793][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.641145][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.645669][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.673043][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.848372][ T6569] input: syz1 as /devices/virtual/input/input7 [ 67.274787][ T6597] netlink: 4 bytes leftover after parsing attributes in process `syz.2.205'. [ 67.293153][ T6597] netlink: 4 bytes leftover after parsing attributes in process `syz.2.205'. [ 67.792492][ T6626] netlink: 24 bytes leftover after parsing attributes in process `syz.0.212'. [ 67.888878][ T6636] syzkaller1: entered promiscuous mode [ 67.890832][ T6636] syzkaller1: entered allmulticast mode [ 68.993820][ T1457] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 69.145242][ T1457] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 69.149918][ T1457] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 69.153801][ T1457] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.164723][ T1457] usb 7-1: config 0 descriptor?? [ 69.429641][ T1457] usbhid 7-1:0.0: can't add hid device: -71 [ 69.432242][ T1457] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 69.441408][ T1457] usb 7-1: USB disconnect, device number 2 [ 69.487105][ T839] usb 8-1: USB disconnect, device number 4 [ 69.863124][ T6068] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 69.902845][ T1457] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 70.022883][ T6068] usb 6-1: Using ep0 maxpacket: 16 [ 70.027626][ T6068] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 70.035094][ T6068] usb 6-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 70.039043][ T6068] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 70.042411][ T6068] usb 6-1: Product: syz [ 70.044387][ T6068] usb 6-1: Manufacturer: syz [ 70.046448][ T6068] usb 6-1: SerialNumber: syz [ 70.051018][ T6068] usb 6-1: config 0 descriptor?? [ 70.056778][ T6068] hub 6-1:0.0: bad descriptor, ignoring hub [ 70.058949][ T1457] usb 7-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 70.059429][ T6068] hub 6-1:0.0: probe with driver hub failed with error -5 [ 70.063394][ T1457] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 70.070758][ T6068] input: syz syz as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input8 [ 70.071020][ T1457] usb 7-1: Product: syz [ 70.077766][ T1457] usb 7-1: Manufacturer: syz [ 70.080439][ T1457] usb 7-1: SerialNumber: syz [ 70.085709][ T1457] usb 7-1: config 0 descriptor?? [ 70.203633][ T6069] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 70.301598][ T1457] usb 7-1: USB disconnect, device number 3 [ 70.362909][ T6069] usb 5-1: Using ep0 maxpacket: 8 [ 70.365992][ T6069] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 70.370052][ T6069] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 70.374495][ T6069] usb 5-1: config 0 interface 0 has no altsetting 0 [ 70.377246][ T6069] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 70.380614][ T6069] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.385088][ T6069] usb 5-1: config 0 descriptor?? [ 70.483404][ T1343] usb 6-1: USB disconnect, device number 4 [ 70.800538][ T6069] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 70.803830][ T6069] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 70.806076][ T6069] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 70.808616][ T6069] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 70.811086][ T6069] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 70.814221][ T6069] mcp2221 0003:04D8:00DD.0003: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 71.003166][ T54] usb 5-1: USB disconnect, device number 2 [ 71.316492][ T40] audit: type=1800 audit(1756196390.658:3): pid=6742 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.265" name="bus" dev="9p" ino=35913846 res=0 errno=0 [ 71.429033][ T6069] IPVS: starting estimator thread 0... [ 71.513244][ T6752] IPVS: using max 38 ests per chain, 91200 per kthread [ 71.602663][ T6760] netlink: 32 bytes leftover after parsing attributes in process `syz.3.271'. [ 71.705575][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 71.708977][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 71.752264][ T41] IPVS: stop unused estimator thread 0... [ 72.238158][ T6790] tls_set_device_offload_rx: netdev not found [ 72.329193][ T40] audit: type=1800 audit(1756196391.668:4): pid=6796 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.294" name="bus" dev="9p" ino=35913846 res=0 errno=0 [ 72.651735][ T6808] netlink: 28 bytes leftover after parsing attributes in process `syz.1.292'. [ 73.335815][ T6850] 9pnet: p9_errstr2errno: server reported unknown error n$[ [ 73.335815][ T6850] Q&|xXX 1 [ 81.270130][ T63] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.274070][ T63] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.278218][ T63] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.280761][ T7198] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 81.291666][ T63] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.322537][ T41] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 81.327753][ T41] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.372884][ T6067] usb 7-1: new full-speed USB device number 5 using dummy_hcd [ 81.429619][ T41] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 81.434782][ T41] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.482776][ T40] audit: type=1326 audit(1756196400.818:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7208 comm="syz.3.464" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe579 code=0x7ffc0000 [ 81.502868][ T40] audit: type=1326 audit(1756196400.818:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7208 comm="syz.3.464" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe579 code=0x7ffc0000 [ 81.519001][ T40] audit: type=1326 audit(1756196400.828:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7208 comm="syz.3.464" exe="/syz-executor" sig=0 arch=40000003 syscall=432 compat=1 ip=0xf70fe579 code=0x7ffc0000 [ 81.529270][ T40] audit: type=1326 audit(1756196400.828:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7208 comm="syz.3.464" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe579 code=0x7ffc0000 [ 81.538540][ T40] audit: type=1326 audit(1756196400.828:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7208 comm="syz.3.464" exe="/syz-executor" sig=0 arch=40000003 syscall=304 compat=1 ip=0xf70fe579 code=0x7ffc0000 [ 81.550843][ T40] audit: type=1326 audit(1756196400.828:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7208 comm="syz.3.464" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe579 code=0x7ffc0000 [ 81.569584][ T6067] usb 7-1: unable to get BOS descriptor or descriptor too short [ 81.588141][ T40] audit: type=1326 audit(1756196400.828:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7208 comm="syz.3.464" exe="/syz-executor" sig=0 arch=40000003 syscall=305 compat=1 ip=0xf70fe579 code=0x7ffc0000 [ 81.597906][ T6067] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 81.601826][ T6067] usb 7-1: can't read configurations, error -71 [ 81.611172][ T40] audit: type=1326 audit(1756196400.828:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7208 comm="syz.3.464" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe579 code=0x7ffc0000 [ 81.632888][ T40] audit: type=1326 audit(1756196400.828:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7208 comm="syz.3.464" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe579 code=0x7ffc0000 [ 81.755326][ T7199] chnl_net:caif_netlink_parms(): no params data found [ 81.770645][ T41] bridge_slave_1: left allmulticast mode [ 81.773736][ T41] bridge_slave_1: left promiscuous mode [ 81.777376][ T41] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.790844][ T41] bridge_slave_0: left allmulticast mode [ 81.799782][ T41] bridge_slave_0: left promiscuous mode [ 81.806089][ T41] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.374746][ T1457] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 82.416868][ T41] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 82.428602][ T41] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 82.437017][ T41] bond0 (unregistering): Released all slaves [ 82.526174][ T1457] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 82.531500][ T1457] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 82.536433][ T1457] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 82.540459][ T1457] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 82.548029][ T1457] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 82.551778][ T1457] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 82.555702][ T1457] usb 8-1: Manufacturer: syz [ 82.560589][ T1457] usb 8-1: config 0 descriptor?? [ 82.592268][ T7199] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.595732][ T7199] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.599071][ T7199] bridge_slave_0: entered allmulticast mode [ 82.602959][ T7199] bridge_slave_0: entered promiscuous mode [ 82.609155][ T7199] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.611768][ T7199] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.614823][ T7199] bridge_slave_1: entered allmulticast mode [ 82.617748][ T7199] bridge_slave_1: entered promiscuous mode [ 82.666862][ T7199] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.685780][ T7199] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.790382][ T7199] team0: Port device team_slave_0 added [ 82.792665][ T40] audit: type=1326 audit(1756196402.128:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7247 comm="syz.0.474" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf708e579 code=0x0 [ 82.796246][ T7199] team0: Port device team_slave_1 added [ 82.851776][ T7199] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.855303][ T7199] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.867104][ T7199] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.873471][ T7199] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.876422][ T7199] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.887265][ T7199] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.948656][ T41] hsr_slave_0: left promiscuous mode [ 82.951116][ T41] hsr_slave_1: left promiscuous mode [ 82.953720][ T41] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 82.956395][ T41] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 82.960282][ T41] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 82.963135][ T41] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 82.978630][ T1457] appleir 0003:05AC:8243.0005: unknown main item tag 0x0 [ 82.983065][ T1457] appleir 0003:05AC:8243.0005: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 82.999046][ T41] veth1_macvtap: left promiscuous mode [ 83.001685][ T41] veth0_macvtap: left promiscuous mode [ 83.004935][ T41] veth1_vlan: left promiscuous mode [ 83.007738][ T41] veth0_vlan: left promiscuous mode [ 83.373537][ T5986] Bluetooth: hci0: command tx timeout [ 83.626480][ T41] team0 (unregistering): Port device team_slave_1 removed [ 83.718441][ T41] team0 (unregistering): Port device team_slave_0 removed [ 84.120248][ T7284] loop2: detected capacity change from 0 to 7 [ 84.146498][ T7284] Dev loop2: unable to read RDB block 7 [ 84.152570][ T7284] loop2: AHDI p1 p2 p3 [ 84.154298][ T7284] loop2: partition table partially beyond EOD, truncated [ 84.160501][ T7284] loop2: p1 start 1601398130 is beyond EOD, truncated [ 84.163160][ T7284] loop2: p2 start 1702059890 is beyond EOD, truncated [ 84.322046][ T7199] hsr_slave_0: entered promiscuous mode [ 84.324873][ T7199] hsr_slave_1: entered promiscuous mode [ 84.327498][ T7199] debugfs: 'hsr0' already exists in 'hsr' [ 84.330423][ T7199] Cannot create hsr debugfs directory [ 84.519552][ T7199] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 84.529036][ T7199] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 84.534401][ T7199] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 84.540369][ T7199] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 84.642090][ T7199] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.660434][ T7306] Driver unsupported XDP return value 0 on prog (id 73) dev N/A, expect packet loss! [ 84.664411][ T7199] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.686247][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.690226][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.713543][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.716912][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.977594][ T7199] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.986667][ T7330] netlink: 28 bytes leftover after parsing attributes in process `syz.0.498'. [ 85.035097][ T34] usb 8-1: USB disconnect, device number 5 [ 85.183636][ T7199] veth0_vlan: entered promiscuous mode [ 85.185136][ T7354] Invalid ELF header len 8 [ 85.196327][ T7199] veth1_vlan: entered promiscuous mode [ 85.236243][ T7199] veth0_macvtap: entered promiscuous mode [ 85.242622][ T7199] veth1_macvtap: entered promiscuous mode [ 85.259523][ T7199] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.269994][ T7199] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.290532][ T56] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.298298][ T56] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.310096][ T56] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.316034][ T56] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.371979][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.375250][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.402389][ T1143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.406997][ T1143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.443127][ T5986] Bluetooth: hci0: command tx timeout [ 85.495981][ T7383] Bluetooth: MGMT ver 1.23 [ 85.882958][ T6067] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 86.052971][ T6067] usb 9-1: Using ep0 maxpacket: 32 [ 86.056951][ T6067] usb 9-1: config 239 has an invalid interface number: 45 but max is 0 [ 86.060716][ T6067] usb 9-1: config 239 has no interface number 0 [ 86.063714][ T6067] usb 9-1: config 239 interface 45 has no altsetting 0 [ 86.068843][ T6067] usb 9-1: New USB device found, idVendor=048d, idProduct=9135, bcdDevice=ff.f3 [ 86.072837][ T6067] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.076201][ T6067] usb 9-1: Product: syz [ 86.078084][ T6067] usb 9-1: Manufacturer: syz [ 86.080118][ T6067] usb 9-1: SerialNumber: syz [ 86.297302][ T6067] usb 9-1: USB disconnect, device number 2 [ 86.326815][ T53] cfg80211: failed to load regulatory.db [ 86.528459][ T7419] Bluetooth: hci0: unsupported parameter 542 [ 86.531578][ T7419] Bluetooth: hci0: unsupported parameter 32768 [ 86.534350][ T7419] Bluetooth: hci0: unsupported parameter 542 [ 86.536893][ T7419] Bluetooth: hci0: unsupported parameter 32768 [ 86.550535][ T7422] netlink: 8 bytes leftover after parsing attributes in process `syz.0.530'. [ 86.567473][ T7422] vlan2: entered allmulticast mode [ 86.570095][ T7422] hsr0: entered allmulticast mode [ 86.575163][ T7422] hsr_slave_0: entered allmulticast mode [ 86.577482][ T7422] hsr_slave_1: entered allmulticast mode [ 86.593383][ T7427] netlink: 'syz.3.532': attribute type 4 has an invalid length. [ 86.606946][ T7427] netlink: 'syz.3.532': attribute type 4 has an invalid length. [ 86.848608][ T7445] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 86.852361][ T7445] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 86.860050][ T7445] vhci_hcd vhci_hcd.0: Device attached [ 87.102877][ T6067] usb 43-1: new low-speed USB device number 2 using vhci_hcd [ 87.113654][ T1457] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 87.117964][ T7460] mac80211_hwsim hwsim11 wlan0: entered promiscuous mode [ 87.121418][ T7460] macsec1: entered promiscuous mode [ 87.124443][ T7460] macsec1: entered allmulticast mode [ 87.126720][ T7460] mac80211_hwsim hwsim11 wlan0: entered allmulticast mode [ 87.273060][ T1457] usb 8-1: Using ep0 maxpacket: 16 [ 87.283035][ T1457] usb 8-1: config 0 has no interfaces? [ 87.285751][ T1457] usb 8-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 87.289048][ T1457] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.292641][ T1457] usb 8-1: config 0 descriptor?? [ 87.456168][ T7429] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 87.504775][ T7446] usb 43-1: recv xbuf, 0 [ 87.508740][ T56] vhci_hcd: stop threads [ 87.510530][ T56] vhci_hcd: release socket [ 87.513455][ T56] vhci_hcd: disconnect device [ 87.513653][ T53] usb 8-1: USB disconnect, device number 6 [ 87.572936][ T6067] vhci_hcd: vhci_device speed not set [ 88.105323][ T7489] capability: warning: `syz.3.558' uses deprecated v2 capabilities in a way that may be insecure [ 88.112396][ T7489] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 88.117973][ T7489] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 88.393589][ T7505] netlink: 120 bytes leftover after parsing attributes in process `syz.0.566'. [ 89.204304][ T7523] netlink: 156 bytes leftover after parsing attributes in process `syz.4.574'. [ 89.951492][ T7562] dummy0: left allmulticast mode [ 89.954056][ T7562] bridge0: port 3(dummy0) entered disabled state [ 89.962963][ T7562] batman_adv: batadv0: Adding interface: dummy0 [ 89.965649][ T7562] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 90.356218][ T7582] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.600'. [ 90.531742][ T7547] syz.2.584: vmalloc error: size 18874368, failed to allocated page array size 36864, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 90.539061][ T7547] CPU: 3 UID: 0 PID: 7547 Comm: syz.2.584 Not tainted syzkaller #0 PREEMPT(full) [ 90.539078][ T7547] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 90.539086][ T7547] Call Trace: [ 90.539090][ T7547] [ 90.539095][ T7547] dump_stack_lvl+0x16c/0x1f0 [ 90.539146][ T7547] warn_alloc+0x248/0x3a0 [ 90.539171][ T7547] ? __pfx_warn_alloc+0x10/0x10 [ 90.539192][ T7547] ? hash_ipport4_resize+0x1b4/0x1b10 [ 90.539211][ T7547] ? __vmalloc_node_noprof+0xad/0xf0 [ 90.539227][ T7547] __vmalloc_node_range_noprof+0x101b/0x14b0 [ 90.539244][ T7547] ? hash_ipport4_resize+0x1b4/0x1b10 [ 90.539267][ T7547] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 90.539282][ T7547] ? ___kmalloc_large_node+0xed/0x160 [ 90.539305][ T7547] __kvmalloc_node_noprof+0x30a/0x620 [ 90.539319][ T7547] ? hash_ipport4_resize+0x1b4/0x1b10 [ 90.539338][ T7547] ? hash_ipport4_resize+0x1b4/0x1b10 [ 90.539359][ T7547] ? hash_ipport4_resize+0x1b4/0x1b10 [ 90.539377][ T7547] hash_ipport4_resize+0x1b4/0x1b10 [ 90.539397][ T7547] ? __pfx_hash_ipport4_add+0x10/0x10 [ 90.539415][ T7547] ? __pfx_hash_ipport4_uadt+0x10/0x10 [ 90.539438][ T7547] ? __pfx_hash_ipport4_resize+0x10/0x10 [ 90.539459][ T7547] call_ad.constprop.0+0x36d/0x940 [ 90.539473][ T7547] ? __pfx_hash_ipport4_resize+0x10/0x10 [ 90.539493][ T7547] ? __pfx_call_ad.constprop.0+0x10/0x10 [ 90.539505][ T7547] ? __pfx___nla_validate_parse+0x10/0x10 [ 90.539526][ T7547] ? __nla_parse+0x40/0x60 [ 90.539540][ T7547] ip_set_ad.constprop.0.isra.0+0x3ce/0x870 [ 90.539558][ T7547] ? __pfx_ip_set_ad.constprop.0.isra.0+0x10/0x10 [ 90.539573][ T7547] ? srcu_gp_start_if_needed+0xda0/0xe70 [ 90.539606][ T7547] ? find_held_lock+0x2b/0x80 [ 90.539624][ T7547] nfnetlink_rcv_msg+0x9fc/0x1200 [ 90.539643][ T7547] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 90.539659][ T7547] ? consume_skb+0xcc/0x100 [ 90.539693][ T7547] ? __pfx___dev_queue_xmit+0x10/0x10 [ 90.539711][ T7547] netlink_rcv_skb+0x155/0x420 [ 90.539729][ T7547] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 90.539743][ T7547] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 90.539768][ T7547] ? ns_capable+0xd7/0x110 [ 90.539784][ T7547] nfnetlink_rcv+0x1b3/0x430 [ 90.539796][ T7547] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 90.539809][ T7547] ? netlink_deliver_tap+0x1ae/0xd30 [ 90.539828][ T7547] netlink_unicast+0x5aa/0x870 [ 90.539848][ T7547] ? __pfx_netlink_unicast+0x10/0x10 [ 90.539866][ T7547] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 90.539888][ T7547] netlink_sendmsg+0x8d1/0xdd0 [ 90.539908][ T7547] ? __pfx_netlink_sendmsg+0x10/0x10 [ 90.539928][ T7547] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 90.539944][ T7547] ____sys_sendmsg+0xa95/0xc70 [ 90.539964][ T7547] ? __pfx_____sys_sendmsg+0x10/0x10 [ 90.539975][ T7547] ? get_compat_msghdr+0x11a/0x170 [ 90.539998][ T7547] ___sys_sendmsg+0x134/0x1d0 [ 90.540016][ T7547] ? __pfx____sys_sendmsg+0x10/0x10 [ 90.540041][ T7547] ? find_held_lock+0x2b/0x80 [ 90.540063][ T7547] __sys_sendmsg+0x16d/0x220 [ 90.540080][ T7547] ? __pfx___sys_sendmsg+0x10/0x10 [ 90.540097][ T7547] ? __ia32_sys_futex_time32+0x1d9/0x460 [ 90.540122][ T7547] ? rcu_is_watching+0x12/0xc0 [ 90.540137][ T7547] __do_fast_syscall_32+0x7c/0x3a0 [ 90.540157][ T7547] do_fast_syscall_32+0x32/0x80 [ 90.540174][ T7547] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 90.540190][ T7547] RIP: 0023:0xf70de579 [ 90.540201][ T7547] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 90.540213][ T7547] RSP: 002b:00000000f54ce55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 90.540225][ T7547] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800002c0 [ 90.540233][ T7547] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 90.540240][ T7547] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 90.540247][ T7547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 90.540254][ T7547] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 90.540269][ T7547] [ 90.540273][ T7547] Mem-Info: [ 90.680836][ T7547] active_anon:16847 inactive_anon:14 isolated_anon:0 [ 90.680836][ T7547] active_file:3604 inactive_file:28242 isolated_file:0 [ 90.680836][ T7547] unevictable:1768 dirty:323 writeback:0 [ 90.680836][ T7547] slab_reclaimable:6405 slab_unreclaimable:57394 [ 90.680836][ T7547] mapped:23556 shmem:13301 pagetables:1275 [ 90.680836][ T7547] sec_pagetables:306 bounce:0 [ 90.680836][ T7547] kernel_misc_reclaimable:0 [ 90.680836][ T7547] free:53375 free_pcp:9138 free_cma:0 [ 90.696870][ T7547] Node 0 active_anon:948kB inactive_anon:20kB active_file:88kB inactive_file:44kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:5516kB dirty:20kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8484kB pagetables:1760kB sec_pagetables:1124kB all_unreclaimable? yes Balloon:0kB [ 90.712814][ T7547] Node 1 active_anon:66440kB inactive_anon:36kB active_file:14328kB inactive_file:112924kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:88708kB dirty:1272kB writeback:0kB shmem:49668kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:4596kB pagetables:3264kB sec_pagetables:100kB all_unreclaimable? no Balloon:0kB [ 90.725268][ T7547] Node 0 DMA free:2260kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:288kB local_pcp:28kB free_cma:0kB [ 90.737737][ T7547] lowmem_reserve[]: 0 288 288 288 288 [ 90.739632][ T7547] Node 0 DMA32 free:18564kB boost:2048kB min:15268kB low:18572kB high:21876kB reserved_highatomic:4096KB free_highatomic:124KB active_anon:956kB inactive_anon:16kB active_file:88kB inactive_file:44kB unevictable:3536kB writepending:20kB present:1032196kB managed:295136kB mlocked:0kB bounce:0kB free_pcp:11460kB local_pcp:3772kB free_cma:0kB [ 90.751791][ T7547] lowmem_reserve[]: 0 0 0 0 0 [ 90.753770][ T7547] Node 1 DMA32 free:192676kB boost:0kB min:47140kB low:58924kB high:70708kB reserved_highatomic:0KB free_highatomic:0KB active_anon:66432kB inactive_anon:36kB active_file:14328kB inactive_file:112924kB unevictable:3536kB writepending:1280kB present:1048432kB managed:948220kB mlocked:0kB bounce:0kB free_pcp:25248kB local_pcp:7972kB free_cma:0kB [ 90.766752][ T7547] lowmem_reserve[]: 0 0 0 0 0 [ 90.768802][ T7547] Node 0 DMA: 27*4kB (U) 23*8kB (U) 3*16kB (U) 8*32kB (U) 0*64kB 1*128kB (U) 0*256kB 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 2260kB [ 90.773927][ T7547] Node 0 DMA32: 226*4kB (UMEH) 96*8kB (UMEH) 254*16kB (UM) 144*32kB (UMEH) 70*64kB (UME) 21*128kB (UME) 4*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18536kB [ 90.779718][ T7547] Node 1 DMA32: 207*4kB (ME) 229*8kB (ME) 90*16kB (ME) 52*32kB (M) 262*64kB (UME) 359*128kB (UME) 199*256kB (UME) 77*512kB (UME) 27*1024kB (UM) 3*2048kB (UM) 0*4096kB = 192644kB [ 90.785531][ T7547] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 90.788670][ T7547] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 90.791828][ T7547] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 90.795514][ T7547] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 90.799097][ T7547] 45400 total pagecache pages [ 90.800955][ T7547] 257 pages in swap cache [ 90.803059][ T7547] Free swap = 97628kB [ 90.804639][ T7547] Total swap = 124996kB [ 90.806081][ T7547] 524155 pages RAM [ 90.807415][ T7547] 0 pages HighMem/MovableOnly [ 90.809754][ T7547] 209476 pages reserved [ 90.811693][ T7547] 0 pages cma reserved [ 90.813020][ T54] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 90.819246][ T34] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 90.974479][ T54] usb 5-1: config index 0 descriptor too short (expected 45, got 36) [ 90.977795][ T54] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 90.981849][ T54] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 90.986046][ T54] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 90.989575][ T54] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 90.994401][ T54] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 90.998794][ T54] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.002602][ T34] usb 8-1: too many configurations: 9, using maximum allowed: 8 [ 91.007334][ T34] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 91.010214][ T34] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 91.014111][ T34] usb 8-1: config 0 interface 0 has no altsetting 0 [ 91.017717][ T34] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 91.020570][ T34] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 91.026259][ T34] usb 8-1: config 0 interface 0 has no altsetting 0 [ 91.029836][ T54] usb 5-1: config 0 descriptor?? [ 91.033180][ T34] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 91.033263][ T7589] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 91.036791][ T34] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 91.047133][ T34] usb 8-1: config 0 interface 0 has no altsetting 0 [ 91.051428][ T34] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 91.055878][ T34] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 91.060877][ T34] usb 8-1: config 0 interface 0 has no altsetting 0 [ 91.065596][ T34] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 91.069413][ T34] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 91.074251][ T34] usb 8-1: config 0 interface 0 has no altsetting 0 [ 91.078831][ T34] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 91.082977][ T34] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 91.087306][ T34] usb 8-1: config 0 interface 0 has no altsetting 0 [ 91.091714][ T34] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 91.096538][ T34] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 91.101289][ T34] usb 8-1: config 0 interface 0 has no altsetting 0 [ 91.106010][ T34] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 91.109886][ T34] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 91.114673][ T34] usb 8-1: config 0 interface 0 has no altsetting 0 [ 91.121983][ T34] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 91.126613][ T34] usb 8-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 91.129789][ T34] usb 8-1: Product: syz [ 91.131644][ T34] usb 8-1: Manufacturer: syz [ 91.134096][ T34] usb 8-1: SerialNumber: syz [ 91.143432][ T34] usb 8-1: config 0 descriptor?? [ 91.155797][ T34] yurex 8-1:0.0: USB YUREX device now attached to Yurex #0 [ 91.362461][ T34] usb 8-1: USB disconnect, device number 7 [ 91.366532][ T34] yurex 8-1:0.0: USB YUREX #0 now disconnected [ 91.468441][ T54] plantronics 0003:047F:FFFF.0006: reserved main item tag 0xd [ 91.480077][ T54] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 91.728548][ T54] usb 5-1: USB disconnect, device number 3 [ 91.852349][ T7653] 9pnet: p9_errstr2errno: server reported unknown error 1844674 [ 92.296008][ T7670] netlink: 12 bytes leftover after parsing attributes in process `syz.3.636'. [ 92.588170][ T7683] netlink: 8 bytes leftover after parsing attributes in process `syz.2.641'. [ 93.220832][ T7724] hsr0: entered allmulticast mode [ 93.223169][ T7724] hsr_slave_0: entered allmulticast mode [ 93.225654][ T7724] hsr_slave_1: entered allmulticast mode [ 93.231025][ T7724] hsr_slave_0: left promiscuous mode [ 93.236829][ T7724] hsr_slave_1: left promiscuous mode [ 93.252324][ T7724] hsr0 (unregistering): left allmulticast mode [ 93.606075][ T7748] fuse: Bad value for 'fd' [ 93.682806][ T5986] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 93.933652][ T839] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 94.102795][ T839] usb 5-1: Using ep0 maxpacket: 16 [ 94.106849][ T839] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 94.111326][ T839] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 94.122794][ T839] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 94.126987][ T839] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.132376][ T839] usb 5-1: config 0 descriptor?? [ 94.551627][ T839] HID 045e:07da: Invalid code 65791 type 1 [ 94.566519][ T839] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/0003:045E:07DA.0007/input/input12 [ 94.587431][ T839] microsoft 0003:045E:07DA.0007: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 94.758178][ T7829] overlayfs: failed to clone upperpath [ 94.811258][ T7834] overlayfs: failed to clone lowerpath [ 95.134901][ T7843] batadv_slave_1: entered promiscuous mode [ 95.169983][ T7843] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.240062][ T7843] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.255554][ T7854] netlink: 28 bytes leftover after parsing attributes in process `syz.3.714'. [ 95.259237][ T7854] netlink: 'syz.3.714': attribute type 7 has an invalid length. [ 95.262552][ T7854] netlink: 'syz.3.714': attribute type 8 has an invalid length. [ 95.266763][ T7854] netlink: 4 bytes leftover after parsing attributes in process `syz.3.714'. [ 95.321522][ T7843] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.356157][ T55] usb 5-1: USB disconnect, device number 4 [ 95.400334][ T7843] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.498265][ T1188] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.502402][ T1188] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.516515][ T1143] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.534348][ T1188] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.552317][ T7869] gtp0: entered promiscuous mode [ 95.607761][ T7841] batadv_slave_1: left promiscuous mode [ 96.452153][ T7936] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 96.475996][ T7940] syz_tun: entered allmulticast mode [ 96.480635][ T7938] syz_tun: left allmulticast mode [ 96.783374][ T7959] block nbd4: NBD_DISCONNECT [ 96.785271][ T7959] block nbd4: Send disconnect failed -107 [ 96.788273][ T7953] block nbd4: Disconnected due to user request. [ 96.792343][ T7953] block nbd4: shutting down sockets [ 96.923453][ T40] audit: type=1800 audit(1756196416.258:15): pid=7967 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.756" name="bus" dev="overlay" ino=311 res=0 errno=0 [ 97.043918][ T7976] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 97.048674][ T7976] overlayfs: failed to clone lowerpath [ 97.062162][ T7976] overlayfs: failed to clone upperpath [ 97.473527][ T8017] fuse: Bad value for 'fd' [ 98.541785][ T8057] overlayfs: failed to clone upperpath [ 98.973766][ T8075] netlink: 12 bytes leftover after parsing attributes in process `syz.4.792'. [ 99.796466][ T8106] vcan0: tx drop: invalid sa for name 0x0000000000000002 [ 99.838194][ T8109] netlink: 8 bytes leftover after parsing attributes in process `syz.4.806'. [ 99.857639][ T8109] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check. [ 99.920399][ T8116] overlayfs: failed to clone upperpath [ 100.049745][ T8127] netlink: 4 bytes leftover after parsing attributes in process `syz.3.813'. [ 100.060496][ T8127] vxlan0: entered promiscuous mode [ 100.064275][ T56] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 100.067616][ T56] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 100.071002][ T56] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 100.074389][ T56] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 100.434532][ T8134] vcan0: tx drop: invalid sa for name 0x0000000000000002 [ 100.596818][ T8153] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.599333][ T8153] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.672042][ T8153] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 100.684979][ T8153] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 100.853023][ T8154] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.884824][ T41] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.892934][ T56] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.899561][ T56] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.998907][ T8167] overlayfs: failed to clone upperpath [ 102.035387][ T8234] macsec1: entered promiscuous mode [ 102.037816][ T8234] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode [ 102.041254][ T8234] macsec1: entered allmulticast mode [ 102.046375][ T8234] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode [ 102.335369][ T8248] netlink: 12 bytes leftover after parsing attributes in process `syz.4.861'. [ 102.835538][ T8266] policy can only be matched on NF_INET_PRE_ROUTING [ 102.835557][ T8266] unable to load match [ 102.998706][ T8271] tipc: Failed to remove unknown binding: 66,1,1/0:1279518381/1279518383 [ 103.002466][ T8271] tipc: Failed to remove unknown binding: 66,1,1/0:1279518381/1279518383 [ 104.095986][ T8335] kvm: MWAIT instruction emulated as NOP! [ 104.438472][ T8355] netlink: 96 bytes leftover after parsing attributes in process `syz.2.908'. [ 105.321390][ T8417] all (unregistering): Released all slaves [ 105.464316][ T8429] netlink: 8 bytes leftover after parsing attributes in process `syz.2.939'. [ 105.468084][ T8429] netlink: 8 bytes leftover after parsing attributes in process `syz.2.939'. [ 106.815502][ T8537] Invalid ELF header magic: != ELF [ 106.837225][ T8542] trusted_key: syz.0.983 sent an empty control message without MSG_MORE. [ 107.297693][ T40] audit: type=1800 audit(1756196426.638:16): pid=8583 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1000" name="bus" dev="overlay" ino=1255 res=0 errno=0 [ 107.603334][ T8604] netlink: 47 bytes leftover after parsing attributes in process `syz.0.1008'. [ 108.079013][ T8637] netlink: 'syz.0.1021': attribute type 1 has an invalid length. [ 108.093191][ T8637] 8021q: adding VLAN 0 to HW filter on device bond3 [ 108.104864][ T8637] bond3: (slave gretap1): making interface the new active one [ 108.109138][ T8637] bond3: (slave gretap1): Enslaving as an active interface with an up link [ 108.179468][ T8650] netlink: 'syz.0.1028': attribute type 1 has an invalid length. [ 108.181879][ T8650] netlink: 'syz.0.1028': attribute type 4 has an invalid length. [ 108.184682][ T8650] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.1028'. [ 108.212134][ T8652] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1029'. [ 108.606979][ T8672] overlayfs: failed to clone upperpath [ 108.783396][ T8689] syz.4.1045 (8689) used greatest stack depth: 19736 bytes left [ 109.048750][ T8721] overlayfs: failed to clone upperpath [ 109.181587][ T8734] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1061'. [ 110.107290][ T8792] 9pnet_fd: Insufficient options for proto=fd [ 110.272274][ T8801] netlink: 'syz.3.1091': attribute type 1 has an invalid length. [ 110.303969][ T8801] bond1: (slave geneve2): making interface the new active one [ 110.306918][ T8801] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 110.310331][ T1143] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 110.315253][ T1143] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 110.319288][ T1143] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 110.330211][ T1143] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 110.598861][ T8830] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1101'. [ 110.620522][ T8832] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1103'. [ 110.629051][ T8832] macvtap1: entered promiscuous mode [ 110.631189][ T8832] erspan0: entered promiscuous mode [ 110.634210][ T8832] macvtap1: entered allmulticast mode [ 110.636356][ T8832] erspan0: entered allmulticast mode [ 110.825737][ T8832] erspan0: left allmulticast mode [ 110.827426][ T8832] erspan0: left promiscuous mode [ 111.581361][ T8866] ======================================================= [ 111.581361][ T8866] WARNING: The mand mount option has been deprecated and [ 111.581361][ T8866] and is ignored by this kernel. Remove the mand [ 111.581361][ T8866] option from the mount to silence this warning. [ 111.581361][ T8866] ======================================================= [ 112.670093][ T8902] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1132'. [ 112.671329][ T839] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 112.687594][ T839] hid-generic 0000:0000:0000.0008: hidraw1: HID v0.00 Device [syz1] on syz0 [ 112.726364][ T8905] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1133'. [ 112.731179][ T8905] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1133'. [ 112.962906][ T63] Bluetooth: hci4: command 0x1003 tx timeout [ 112.966008][ T5986] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 113.126835][ T8920] netlink: 'syz.0.1140': attribute type 1 has an invalid length. [ 113.148410][ T8920] 8021q: adding VLAN 0 to HW filter on device bond4 [ 113.171513][ T8920] bond4: (slave gretap2): making interface the new active one [ 113.177709][ T8920] bond4: (slave gretap2): Enslaving as an active interface with an up link [ 113.285743][ T8933] syzkaller1: entered promiscuous mode [ 113.287740][ T8933] syzkaller1: entered allmulticast mode [ 113.819176][ T8977] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 113.821467][ T8977] overlayfs: failed to set xattr on upper [ 113.824100][ T8977] overlayfs: ...falling back to redirect_dir=nofollow. [ 113.826176][ T8977] overlayfs: ...falling back to index=off. [ 113.829392][ T8977] overlayfs: ...falling back to uuid=null. [ 113.831257][ T8977] overlayfs: maximum fs stacking depth exceeded [ 114.028859][ T9000] netlink: 'syz.3.1175': attribute type 7 has an invalid length. [ 114.032214][ T9000] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1175'. [ 114.164758][ T9015] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1181'. [ 114.256745][ T9020] netlink: 47 bytes leftover after parsing attributes in process `syz.3.1182'. [ 114.310274][ T9030] netlink: 'syz.3.1185': attribute type 1 has an invalid length. [ 114.335260][ T9030] 8021q: adding VLAN 0 to HW filter on device bond2 [ 114.358876][ T9030] bond2: (slave gretap1): making interface the new active one [ 114.364114][ T9030] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 114.400958][ T9034] netlink: 47 bytes leftover after parsing attributes in process `syz.4.1195'. [ 114.516028][ T9047] overlayfs: failed to clone upperpath [ 114.517402][ T9044] netlink: 'syz.3.1191': attribute type 6 has an invalid length. [ 114.522420][ T9044] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1191'. [ 114.531849][ T40] audit: type=1326 audit(1756196433.868:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9048 comm="syz.4.1192" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x0 [ 115.031485][ T9081] overlayfs: failed to clone upperpath [ 115.224995][ T9091] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3897524436 (7795048872 ns) > initial count (2759807172 ns). Using initial count to start timer. [ 115.231952][ T9091] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3996681224 (15986724896 ns) > initial count (3709615788 ns). Using initial count to start timer. [ 115.328649][ T9096] netlink: 'syz.0.1212': attribute type 9 has an invalid length. [ 115.505398][ T9103] gtp0: entered promiscuous mode [ 115.582843][ T54] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 115.742800][ T54] usb 5-1: Using ep0 maxpacket: 16 [ 115.748305][ T54] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 115.752283][ T54] usb 5-1: config 1 has no interface number 1 [ 115.755210][ T54] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 122, changing to 7 [ 115.763143][ T54] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 115.766836][ T54] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.769337][ T54] usb 5-1: Product: syz [ 115.770828][ T54] usb 5-1: Manufacturer: syz [ 115.772515][ T54] usb 5-1: SerialNumber: syz [ 115.991650][ T54] usb 5-1: 2:1: invalid format type 0x1002 is detected, processed as PCM [ 115.995224][ T54] usb 5-1: 2:1 : sample bitwidth 82 in over sample bytes 4 [ 115.997866][ T54] usb 5-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 116.012498][ T54] usb 5-1: USB disconnect, device number 5 [ 116.536916][ T9148] [ 116.538025][ T9148] ===================================================== [ 116.540995][ T9153] netlink: 'syz.0.1235': attribute type 1 has an invalid length. [ 116.541666][ T9148] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 116.547683][ T9148] syzkaller #0 Not tainted [ 116.550445][ T9148] ----------------------------------------------------- [ 116.554358][ T9148] syz.4.1234/9148 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 116.557507][ T9148] ffffffff8e20c098 (tasklist_lock){.+.+}-{3:3}, at: send_sigurg+0xed/0xc80 [ 116.560559][ T9153] bond5: (slave bridge1): making interface the new active one [ 116.561182][ T9148] [ 116.561182][ T9148] and this task is already holding: [ 116.566441][ T9148] ffff888026893f20 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x5f/0xc80 [ 116.570205][ T9148] which would create a new lock dependency: [ 116.572668][ T9148] (&f_owner->lock){....}-{3:3} -> (tasklist_lock){.+.+}-{3:3} [ 116.573662][ T9153] bond5: (slave bridge1): Enslaving as an active interface with an up link [ 116.575818][ T9148] [ 116.575818][ T9148] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 116.583335][ T9148] (&dev->event_lock#2){..-.}-{3:3} [ 116.583377][ T9148] [ 116.583377][ T9148] ... which became SOFTIRQ-irq-safe at: [ 116.589143][ T9148] lock_acquire+0x179/0x350 [ 116.590970][ T9148] _raw_spin_lock_irqsave+0x3a/0x60 [ 116.592650][ T9148] input_event+0x74/0xd0 [ 116.594305][ T9148] hidinput_report_event+0xb2/0x100 [ 116.596579][ T9148] hid_report_raw_event+0x268/0x1290 [ 116.599294][ T9148] __hid_input_report.constprop.0+0x33f/0x450 [ 116.601988][ T9148] hid_irq_in+0x35e/0x870 [ 116.603865][ T9148] __usb_hcd_giveback_urb+0x38b/0x610 [ 116.606066][ T9148] usb_hcd_giveback_urb+0x39b/0x450 [ 116.608051][ T9148] dummy_timer+0x1814/0x3a30 [ 116.610800][ T9148] __hrtimer_run_queues+0x1ff/0xad0 [ 116.612974][ T9148] hrtimer_run_softirq+0x17d/0x350 [ 116.615226][ T9148] handle_softirqs+0x219/0x8e0 [ 116.617181][ T9148] __irq_exit_rcu+0x109/0x170 [ 116.619371][ T9148] irq_exit_rcu+0x9/0x30 [ 116.620941][ T9148] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 116.623378][ T9148] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 116.626153][ T9148] lock_acquire+0x62/0x350 [ 116.628119][ T9148] unwind_next_frame+0xd1/0x20a0 [ 116.630269][ T9148] arch_stack_walk+0x94/0x100 [ 116.631798][ T9148] stack_trace_save+0x8e/0xc0 [ 116.633308][ T9148] kasan_save_stack+0x33/0x60 [ 116.635128][ T9148] kasan_save_track+0x14/0x30 [ 116.637167][ T9148] kasan_save_free_info+0x3b/0x60 [ 116.639450][ T9148] __kasan_slab_free+0x60/0x70 [ 116.641518][ T9148] kfree+0x2b4/0x4d0 [ 116.643594][ T9148] raw_ioctl+0xab6/0x2c30 [ 116.646026][ T9148] __ia32_compat_sys_ioctl+0x242/0x370 [ 116.648441][ T9148] __do_fast_syscall_32+0x7c/0x3a0 [ 116.650945][ T9148] do_fast_syscall_32+0x32/0x80 [ 116.653170][ T9148] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 116.656768][ T9148] [ 116.656768][ T9148] to a SOFTIRQ-irq-unsafe lock: [ 116.660132][ T9148] (tasklist_lock){.+.+}-{3:3} [ 116.660162][ T9148] [ 116.660162][ T9148] ... which became SOFTIRQ-irq-unsafe at: [ 116.665161][ T9148] ... [ 116.665168][ T9148] lock_acquire+0x179/0x350 [ 116.667573][ T9148] _raw_read_lock+0x5f/0x70 [ 116.669035][ T9148] __do_wait+0x105/0x890 [ 116.670491][ T9148] do_wait+0x21e/0x5a0 [ 116.671819][ T9148] kernel_wait+0x9f/0x160 [ 116.673234][ T9148] call_usermodehelper_exec_work+0xf1/0x170 [ 116.675246][ T9148] process_one_work+0x9cf/0x1b70 [ 116.677030][ T9148] worker_thread+0x6c8/0xf10 [ 116.678818][ T9148] kthread+0x3c5/0x780 [ 116.680265][ T9148] ret_from_fork+0x5d4/0x6f0 [ 116.681944][ T9148] ret_from_fork_asm+0x1a/0x30 [ 116.684092][ T9148] [ 116.684092][ T9148] other info that might help us debug this: [ 116.684092][ T9148] [ 116.688412][ T9148] Chain exists of: [ 116.688412][ T9148] &dev->event_lock#2 --> &f_owner->lock --> tasklist_lock [ 116.688412][ T9148] [ 116.693139][ T9148] Possible interrupt unsafe locking scenario: [ 116.693139][ T9148] [ 116.695713][ T9148] CPU0 CPU1 [ 116.697518][ T9148] ---- ---- [ 116.699512][ T9148] lock(tasklist_lock); [ 116.701013][ T9148] local_irq_disable(); [ 116.703996][ T9148] lock(&dev->event_lock#2); [ 116.706580][ T9148] lock(&f_owner->lock); [ 116.709257][ T9148] [ 116.710864][ T9148] lock(&dev->event_lock#2); [ 116.712784][ T9148] [ 116.712784][ T9148] *** DEADLOCK *** [ 116.712784][ T9148] [ 116.716145][ T9148] 2 locks held by syz.4.1234/9148: [ 116.718572][ T9148] #0: ffff8880135ee440 (&u->lock){+.+.}-{3:3}, at: unix_stream_sendmsg+0xd35/0x1340 [ 116.722704][ T9148] #1: ffff888026893f20 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x5f/0xc80 [ 116.726699][ T9148] [ 116.726699][ T9148] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 116.731294][ T9148] -> (&dev->event_lock#2){..-.}-{3:3} { [ 116.733786][ T9148] IN-SOFTIRQ-W at: [ 116.735597][ T9148] lock_acquire+0x179/0x350 [ 116.738631][ T9148] _raw_spin_lock_irqsave+0x3a/0x60 [ 116.742309][ T9148] input_event+0x74/0xd0 [ 116.744566][ T9148] hidinput_report_event+0xb2/0x100 [ 116.747711][ T9148] hid_report_raw_event+0x268/0x1290 [ 116.750080][ T9148] __hid_input_report.constprop.0+0x33f/0x450 [ 116.752735][ T9148] hid_irq_in+0x35e/0x870 [ 116.754808][ T9148] __usb_hcd_giveback_urb+0x38b/0x610 [ 116.757462][ T9148] usb_hcd_giveback_urb+0x39b/0x450 [ 116.759835][ T9148] dummy_timer+0x1814/0x3a30 [ 116.762581][ T9148] __hrtimer_run_queues+0x1ff/0xad0 [ 116.765683][ T9148] hrtimer_run_softirq+0x17d/0x350 [ 116.768901][ T9148] handle_softirqs+0x219/0x8e0 [ 116.771392][ T9148] __irq_exit_rcu+0x109/0x170 [ 116.773641][ T9148] irq_exit_rcu+0x9/0x30 [ 116.775675][ T9148] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 116.778726][ T9148] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 116.782128][ T9148] lock_acquire+0x62/0x350 [ 116.784912][ T9148] unwind_next_frame+0xd1/0x20a0 [ 116.787850][ T9148] arch_stack_walk+0x94/0x100 [ 116.790709][ T9148] stack_trace_save+0x8e/0xc0 [ 116.793638][ T9148] kasan_save_stack+0x33/0x60 [ 116.796792][ T9148] kasan_save_track+0x14/0x30 [ 116.799956][ T9148] kasan_save_free_info+0x3b/0x60 [ 116.803508][ T9148] __kasan_slab_free+0x60/0x70 [ 116.806465][ T9148] kfree+0x2b4/0x4d0 [ 116.809123][ T9148] raw_ioctl+0xab6/0x2c30 [ 116.811890][ T9148] __ia32_compat_sys_ioctl+0x242/0x370 [ 116.814653][ T9148] __do_fast_syscall_32+0x7c/0x3a0 [ 116.816948][ T9148] do_fast_syscall_32+0x32/0x80 [ 116.819156][ T9148] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 116.822033][ T9148] INITIAL USE at: [ 116.823647][ T9148] lock_acquire+0x179/0x350 [ 116.826446][ T9148] _raw_spin_lock_irqsave+0x3a/0x60 [ 116.829882][ T9148] input_inject_event+0x9f/0x3b0 [ 116.833119][ T9148] led_set_brightness+0x217/0x290 [ 116.836297][ T9148] kbd_led_trigger_activate+0xcb/0x110 [ 116.839488][ T9148] led_trigger_set+0x59a/0xc50 [ 116.842362][ T9148] led_trigger_set_default+0x1e0/0x2e0 [ 116.845500][ T9148] led_classdev_register_ext+0x7b8/0xa10 [ 116.848806][ T9148] input_leds_connect+0x552/0x8e0 [ 116.851753][ T9148] input_attach_handler.isra.0+0x173/0x250 [ 116.855050][ T9148] input_register_device+0xab9/0x1180 [ 116.858133][ T9148] atkbd_connect+0x5f8/0xa40 [ 116.861133][ T9148] serio_driver_probe+0x7f/0xd0 [ 116.864203][ T9148] really_probe+0x241/0xa90 [ 116.866932][ T9148] __driver_probe_device+0x1de/0x440 [ 116.870014][ T9148] driver_probe_device+0x4c/0x1b0 [ 116.872907][ T9148] __driver_attach+0x283/0x580 [ 116.875801][ T9148] bus_for_each_dev+0x13e/0x1d0 [ 116.878706][ T9148] serio_handle_event+0x335/0xc30 [ 116.881631][ T9148] process_one_work+0x9cf/0x1b70 [ 116.885027][ T9148] worker_thread+0x6c8/0xf10 [ 116.888169][ T9148] kthread+0x3c5/0x780 [ 116.890785][ T9148] ret_from_fork+0x5d4/0x6f0 [ 116.893568][ T9148] ret_from_fork_asm+0x1a/0x30 [ 116.896428][ T9148] } [ 116.897615][ T9148] ... key at: [] __key.7+0x0/0x40 [ 116.900795][ T9148] -> (&client->buffer_lock){....}-{3:3} { [ 116.903293][ T9148] INITIAL USE at: [ 116.904710][ T9148] lock_acquire+0x179/0x350 [ 116.907485][ T9148] _raw_spin_lock+0x2e/0x40 [ 116.910175][ T9148] evdev_pass_values+0x10e/0x9b0 [ 116.913154][ T9148] evdev_events+0x1bb/0x390 [ 116.915875][ T9148] input_pass_values+0x74b/0x880 [ 116.919078][ T9148] input_handle_event+0xf00/0x14d0 [ 116.921978][ T9148] input_inject_event+0x1e8/0x3b0 [ 116.924797][ T9148] evdev_write+0x2e1/0x440 [ 116.927811][ T9148] vfs_write+0x2a0/0x11d0 [ 116.930554][ T9148] ksys_write+0x1f8/0x250 [ 116.933064][ T9148] __do_fast_syscall_32+0x7c/0x3a0 [ 116.935885][ T9148] do_fast_syscall_32+0x32/0x80 [ 116.938913][ T9148] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 116.942654][ T9148] } [ 116.944023][ T9148] ... key at: [] __key.1+0x0/0x40 [ 116.947413][ T9148] ... acquired at: [ 116.948821][ T9148] _raw_spin_lock+0x2e/0x40 [ 116.950515][ T9148] evdev_pass_values+0x10e/0x9b0 [ 116.952792][ T9148] evdev_events+0x1bb/0x390 [ 116.954686][ T9148] input_pass_values+0x74b/0x880 [ 116.956399][ T9148] input_handle_event+0xf00/0x14d0 [ 116.958243][ T9148] input_inject_event+0x1e8/0x3b0 [ 116.960361][ T9148] evdev_write+0x2e1/0x440 [ 116.961908][ T9148] vfs_write+0x2a0/0x11d0 [ 116.963344][ T9148] ksys_write+0x1f8/0x250 [ 116.964916][ T9148] __do_fast_syscall_32+0x7c/0x3a0 [ 116.966668][ T9148] do_fast_syscall_32+0x32/0x80 [ 116.968563][ T9148] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 116.970908][ T9148] [ 116.971746][ T9148] -> (&new->fa_lock){....}-{3:3} { [ 116.973382][ T9148] INITIAL USE at: [ 116.974638][ T9148] lock_acquire+0x179/0x350 [ 116.976529][ T9148] _raw_write_lock_irq+0x36/0x50 [ 116.978769][ T9148] fasync_remove_entry+0xb2/0x1e0 [ 116.980966][ T9148] fasync_helper+0xaf/0xd0 [ 116.983014][ T9148] sock_fasync+0x92/0x140 [ 116.984888][ T9148] __fput+0x968/0xb70 [ 116.986656][ T9148] task_work_run+0x14d/0x240 [ 116.988597][ T9148] exit_to_user_mode_loop+0xeb/0x110 [ 116.991199][ T9148] __do_fast_syscall_32+0x2ac/0x3a0 [ 116.994913][ T9148] do_fast_syscall_32+0x32/0x80 [ 116.997402][ T9148] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 117.000735][ T9148] INITIAL READ USE at: [ 117.002216][ T9148] lock_acquire+0x179/0x350 [ 117.004418][ T9148] _raw_read_lock_irqsave+0x74/0x90 [ 117.006901][ T9148] kill_fasync+0x138/0x510 [ 117.009212][ T9148] lease_break_callback+0x23/0x30 [ 117.011604][ T9148] __break_lease+0x671/0x1810 [ 117.013903][ T9148] vfs_truncate+0x4d3/0x6e0 [ 117.016650][ T9148] __ia32_compat_sys_truncate+0x171/0x1e0 [ 117.020188][ T9148] __do_fast_syscall_32+0x7c/0x3a0 [ 117.023305][ T9148] do_fast_syscall_32+0x32/0x80 [ 117.025934][ T9148] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 117.029310][ T9148] } [ 117.030339][ T9148] ... key at: [] __key.0+0x0/0x40 [ 117.033480][ T9148] ... acquired at: [ 117.035228][ T9148] _raw_read_lock_irqsave+0x74/0x90 [ 117.037516][ T9148] kill_fasync+0x138/0x510 [ 117.039729][ T9148] evdev_pass_values+0x619/0x9b0 [ 117.041882][ T9148] evdev_events+0x1bb/0x390 [ 117.043885][ T9148] input_pass_values+0x74b/0x880 [ 117.046027][ T9148] input_handle_event+0xf00/0x14d0 [ 117.048288][ T9148] input_inject_event+0x1e8/0x3b0 [ 117.050615][ T9148] evdev_write+0x2e1/0x440 [ 117.052565][ T9148] vfs_write+0x2a0/0x11d0 [ 117.054506][ T9148] ksys_write+0x1f8/0x250 [ 117.056463][ T9148] __do_fast_syscall_32+0x7c/0x3a0 [ 117.058718][ T9148] do_fast_syscall_32+0x32/0x80 [ 117.060836][ T9148] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 117.063121][ T9148] [ 117.063913][ T9148] -> (&f_owner->lock){....}-{3:3} { [ 117.065936][ T9148] INITIAL USE at: [ 117.067439][ T9148] lock_acquire+0x179/0x350 [ 117.069454][ T9148] _raw_write_lock_irq+0x36/0x50 [ 117.071655][ T9148] __f_setown+0x61/0x3c0 [ 117.073708][ T9148] fcntl_dirnotify+0x7b1/0xb60 [ 117.076014][ T9148] do_fcntl+0xe62/0x15a0 [ 117.079129][ T9148] do_compat_fcntl64+0x367/0x710 [ 117.082502][ T9148] __do_fast_syscall_32+0x7c/0x3a0 [ 117.085615][ T9148] do_fast_syscall_32+0x32/0x80 [ 117.088287][ T9148] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 117.091070][ T9148] INITIAL READ USE at: [ 117.092779][ T9148] lock_acquire+0x179/0x350 [ 117.095296][ T9148] _raw_read_lock_irqsave+0x74/0x90 [ 117.098318][ T9148] send_sigio+0x31/0x3e0 [ 117.100954][ T9148] dnotify_handle_event+0x15e/0x2b0 [ 117.103972][ T9148] fsnotify_handle_inode_event.isra.0+0x1e2/0x3f0 [ 117.107493][ T9148] fsnotify+0x13d6/0x1dc0 [ 117.110136][ T9148] path_openat+0x1b50/0x2cb0 [ 117.112398][ T9148] do_filp_open+0x20b/0x470 [ 117.114444][ T9148] do_sys_openat2+0x11b/0x1d0 [ 117.116552][ T9148] __ia32_compat_sys_openat+0x16d/0x210 [ 117.119005][ T9148] __do_fast_syscall_32+0x7c/0x3a0 [ 117.121368][ T9148] do_fast_syscall_32+0x32/0x80 [ 117.124213][ T9148] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 117.127858][ T9148] } [ 117.128893][ T9148] ... key at: [] __key.1+0x0/0x40 [ 117.132052][ T9148] ... acquired at: [ 117.133570][ T9148] _raw_read_lock_irqsave+0x74/0x90 [ 117.135337][ T9148] send_sigio+0x31/0x3e0 [ 117.136790][ T9148] kill_fasync+0x214/0x510 [ 117.138250][ T9148] lease_break_callback+0x23/0x30 [ 117.139926][ T9148] __break_lease+0x671/0x1810 [ 117.141585][ T9148] vfs_truncate+0x4d3/0x6e0 [ 117.143227][ T9148] __ia32_compat_sys_truncate+0x171/0x1e0 [ 117.145170][ T9148] __do_fast_syscall_32+0x7c/0x3a0 [ 117.147139][ T9148] do_fast_syscall_32+0x32/0x80 [ 117.149280][ T9148] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 117.152011][ T9148] [ 117.152979][ T9148] [ 117.152979][ T9148] the dependencies between the lock to be acquired [ 117.152986][ T9148] and SOFTIRQ-irq-unsafe lock: [ 117.158218][ T9148] -> (tasklist_lock){.+.+}-{3:3} { [ 117.160447][ T9148] HARDIRQ-ON-R at: [ 117.162145][ T9148] lock_acquire+0x179/0x350 [ 117.164719][ T9148] _raw_read_lock+0x5f/0x70 [ 117.167359][ T9148] __do_wait+0x105/0x890 [ 117.169477][ T9148] do_wait+0x21e/0x5a0 [ 117.171298][ T9148] kernel_wait+0x9f/0x160 [ 117.173238][ T9148] call_usermodehelper_exec_work+0xf1/0x170 [ 117.175953][ T9148] process_one_work+0x9cf/0x1b70 [ 117.179091][ T9148] worker_thread+0x6c8/0xf10 [ 117.182157][ T9148] kthread+0x3c5/0x780 [ 117.184623][ T9148] ret_from_fork+0x5d4/0x6f0 [ 117.186804][ T9148] ret_from_fork_asm+0x1a/0x30 [ 117.189035][ T9148] SOFTIRQ-ON-R at: [ 117.190676][ T9148] lock_acquire+0x179/0x350 [ 117.193193][ T9148] _raw_read_lock+0x5f/0x70 [ 117.195717][ T9148] __do_wait+0x105/0x890 [ 117.198097][ T9148] do_wait+0x21e/0x5a0 [ 117.200395][ T9148] kernel_wait+0x9f/0x160 [ 117.202875][ T9148] call_usermodehelper_exec_work+0xf1/0x170 [ 117.205916][ T9148] process_one_work+0x9cf/0x1b70 [ 117.208662][ T9148] worker_thread+0x6c8/0xf10 [ 117.211254][ T9148] kthread+0x3c5/0x780 [ 117.213634][ T9148] ret_from_fork+0x5d4/0x6f0 [ 117.216307][ T9148] ret_from_fork_asm+0x1a/0x30 [ 117.218996][ T9148] INITIAL USE at: [ 117.220614][ T9148] lock_acquire+0x179/0x350 [ 117.223240][ T9148] _raw_write_lock_irq+0x36/0x50 [ 117.225477][ T9148] copy_process+0x4caf/0x7690 [ 117.228078][ T9148] kernel_clone+0xfc/0x930 [ 117.230601][ T9148] user_mode_thread+0xc7/0x110 [ 117.233226][ T9148] rest_init+0x23/0x2b0 [ 117.235588][ T9148] start_kernel+0x3ee/0x4d0 [ 117.238171][ T9148] x86_64_start_reservations+0x18/0x30 [ 117.241084][ T9148] x86_64_start_kernel+0x130/0x190 [ 117.243850][ T9148] common_startup_64+0x13e/0x148 [ 117.246788][ T9148] INITIAL READ USE at: [ 117.248625][ T9148] lock_acquire+0x179/0x350 [ 117.251340][ T9148] _raw_read_lock+0x5f/0x70 [ 117.254042][ T9148] __do_wait+0x105/0x890 [ 117.256692][ T9148] do_wait+0x21e/0x5a0 [ 117.259258][ T9148] kernel_wait+0x9f/0x160 [ 117.261881][ T9148] call_usermodehelper_exec_work+0xf1/0x170 [ 117.265713][ T9148] process_one_work+0x9cf/0x1b70 [ 117.269150][ T9148] worker_thread+0x6c8/0xf10 [ 117.272121][ T9148] kthread+0x3c5/0x780 [ 117.274703][ T9148] ret_from_fork+0x5d4/0x6f0 [ 117.277527][ T9148] ret_from_fork_asm+0x1a/0x30 [ 117.280367][ T9148] } [ 117.281481][ T9148] ... key at: [] tasklist_lock+0x18/0x40 [ 117.284695][ T9148] ... acquired at: [ 117.286322][ T9148] lock_acquire+0x179/0x350 [ 117.288325][ T9148] _raw_read_lock+0x5f/0x70 [ 117.290323][ T9148] send_sigurg+0xed/0xc80 [ 117.292250][ T9148] sk_send_sigurg+0x76/0x360 [ 117.294324][ T9148] unix_stream_sendmsg+0xfa5/0x1340 [ 117.296582][ T9148] ____sys_sendmsg+0xa95/0xc70 [ 117.298665][ T9148] ___sys_sendmsg+0x134/0x1d0 [ 117.300793][ T9148] __sys_sendmmsg+0x2f9/0x420 [ 117.302901][ T9148] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 117.305331][ T9148] __do_fast_syscall_32+0x7c/0x3a0 [ 117.307569][ T9148] do_fast_syscall_32+0x32/0x80 [ 117.309668][ T9148] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 117.312379][ T9148] [ 117.313417][ T9148] [ 117.313417][ T9148] stack backtrace: [ 117.315923][ T9148] CPU: 2 UID: 60928 PID: 9148 Comm: syz.4.1234 Not tainted syzkaller #0 PREEMPT(full) [ 117.315948][ T9148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 117.315961][ T9148] Call Trace: [ 117.315969][ T9148] [ 117.315977][ T9148] dump_stack_lvl+0x116/0x1f0 [ 117.316008][ T9148] check_irq_usage+0x7dc/0x920 [ 117.316039][ T9148] ? check_path.constprop.0+0x24/0x50 [ 117.316069][ T9148] ? __lock_acquire+0x12bc/0x1ce0 [ 117.316094][ T9148] __lock_acquire+0x12bc/0x1ce0 [ 117.316122][ T9148] lock_acquire+0x179/0x350 [ 117.316147][ T9148] ? send_sigurg+0xed/0xc80 [ 117.316179][ T9148] _raw_read_lock+0x5f/0x70 [ 117.316202][ T9148] ? send_sigurg+0xed/0xc80 [ 117.316229][ T9148] send_sigurg+0xed/0xc80 [ 117.316257][ T9148] ? find_held_lock+0x2b/0x80 [ 117.316279][ T9148] sk_send_sigurg+0x76/0x360 [ 117.316305][ T9148] unix_stream_sendmsg+0xfa5/0x1340 [ 117.316335][ T9148] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 117.316368][ T9148] ? __pfx_unix_stream_sendmsg+0x10/0x10 [ 117.316401][ T9148] ? __import_iovec+0x1dd/0x650 [ 117.316420][ T9148] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 117.316444][ T9148] ____sys_sendmsg+0xa95/0xc70 [ 117.316464][ T9148] ? __pfx_____sys_sendmsg+0x10/0x10 [ 117.316482][ T9148] ? get_compat_msghdr+0x11a/0x170 [ 117.316509][ T9148] ? futex_unqueue+0x133/0x2c0 [ 117.316533][ T9148] ___sys_sendmsg+0x134/0x1d0 [ 117.316560][ T9148] ? __pfx____sys_sendmsg+0x10/0x10 [ 117.316600][ T9148] __sys_sendmmsg+0x2f9/0x420 [ 117.316629][ T9148] ? __pfx___sys_sendmmsg+0x10/0x10 [ 117.316654][ T9148] ? __pfx_do_fcntl+0x10/0x10 [ 117.316681][ T9148] ? __pfx_do_futex+0x10/0x10 [ 117.316710][ T9148] ? xfd_validate_state+0x61/0x180 [ 117.316738][ T9148] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 117.316762][ T9148] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 117.316792][ T9148] __do_fast_syscall_32+0x7c/0x3a0 [ 117.316816][ T9148] do_fast_syscall_32+0x32/0x80 [ 117.316839][ T9148] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 117.316862][ T9148] RIP: 0023:0xf703e579 [ 117.316878][ T9148] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 117.316898][ T9148] RSP: 002b:00000000f542e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 117.316917][ T9148] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080006c40 [ 117.316929][ T9148] RDX: 0000000000000001 RSI: 00000000000408b1 RDI: 0000000000000000 [ 117.316940][ T9148] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 117.316951][ T9148] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 117.316962][ T9148] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 117.316979][ T9148] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 118.091278][ T1188] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 118.098953][ T1188] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.103571][ T1188] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 118.167019][ T1188] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 118.171269][ T1188] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.175885][ T1188] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 118.217293][ T1188] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 118.220518][ T1188] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.224505][ T1188] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 118.316643][ T1188] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 118.321218][ T1188] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.327375][ T1188] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 118.369656][ T1188] bridge_slave_1: left allmulticast mode [ 118.372551][ T1188] bridge_slave_1: left promiscuous mode [ 118.378230][ T1188] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.382621][ T1188] bridge_slave_0: left allmulticast mode [ 118.385160][ T1188] bridge_slave_0: left promiscuous mode [ 118.387757][ T1188] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.393927][ T1188] bridge_slave_1: left allmulticast mode [ 118.396377][ T1188] bridge_slave_1: left promiscuous mode [ 118.398957][ T1188] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.404550][ T1188] bridge_slave_0: left allmulticast mode [ 118.407063][ T1188] bridge_slave_0: left promiscuous mode [ 118.409618][ T1188] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.623919][ T1188] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 118.628641][ T1188] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 118.632879][ T1188] bond0 (unregistering): Released all slaves [ 118.654446][ T1188] bond2 (unregistering): (slave gretap1): Releasing active interface [ 118.665342][ T1188] bond1 (unregistering): (slave geneve2): Releasing active interface [ 118.817019][ T1188] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 118.821378][ T1188] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 118.825591][ T1188] bond0 (unregistering): Released all slaves [ 118.831232][ T1188] bond1 (unregistering): Released all slaves [ 118.839582][ T1188] bond2 (unregistering): Released all slaves [ 119.235107][ T1188] mac80211_hwsim hwsim6 wlan0 (unregistering): left allmulticast mode [ 119.237731][ T1188] mac80211_hwsim hwsim6 wlan0 (unregistering): left promiscuous mode [ 119.322072][ T1188] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 119.326150][ T1188] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 119.331426][ T1188] hsr_slave_1: left promiscuous mode [ 119.334003][ T1188] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 119.336911][ T1188] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 119.340150][ T1188] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 119.343217][ T1188] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 119.348575][ T1188] veth1_macvtap: left promiscuous mode [ 119.350742][ T1188] veth0_macvtap: left promiscuous mode [ 119.353053][ T1188] veth1_vlan: left promiscuous mode [ 119.355136][ T1188] veth0_vlan: left promiscuous mode [ 119.884560][ T1188] team0 (unregistering): Port device team_slave_1 removed [ 119.939539][ T1188] team0 (unregistering): Port device team_slave_0 removed [ 120.411813][ T1188] team0 (unregistering): Port device team_slave_1 removed [ 120.417672][ T1188] team0 (unregistering): Port device team_slave_0 removed [ 121.547031][ T1188] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.616753][ T1188] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.655913][ T1188] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.706362][ T1188] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.805602][ T1188] bridge_slave_1: left allmulticast mode [ 121.808104][ T1188] bridge_slave_1: left promiscuous mode [ 121.810551][ T1188] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.814932][ T1188] bridge_slave_0: left allmulticast mode [ 121.817353][ T1188] bridge_slave_0: left promiscuous mode [ 121.819945][ T1188] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.017024][ T1188] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 122.021737][ T1188] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 122.026331][ T1188] bond0 (unregistering): Released all slaves [ 122.282301][ T1188] mac80211_hwsim hwsim11 wlan0 (unregistering): left allmulticast mode [ 122.340129][ T1188] hsr_slave_0: left promiscuous mode [ 122.342950][ T1188] hsr_slave_1: left promiscuous mode [ 122.345526][ T1188] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 122.348666][ T1188] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 122.352422][ T1188] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 122.355722][ T1188] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 122.362093][ T1188] veth1_macvtap: left promiscuous mode [ 122.368057][ T1188] veth0_macvtap: left promiscuous mode [ 122.370905][ T1188] veth1_vlan: left promiscuous mode [ 122.373250][ T1188] veth0_vlan: left promiscuous mode [ 122.527481][ T1188] team0 (unregistering): Port device team_slave_1 removed [ 122.571700][ T1188] team0 (unregistering): Port device team_slave_0 removed VM DIAGNOSIS: 08:20:36 Registers: info registers vcpu 0 CPU#0 RAX=dffffc0000000000 RBX=ffff88801de84880 RCX=ffffc9000041f920 RDX=0000000000000000 RSI=ffff88801de84880 RDI=ffff88801de84cc4 RBP=ffffc9000041f8d0 RSP=ffffc9000041f7b0 R8 =0000000000000001 R9 =0000000000000000 R10=ffffc9000041f888 R11=0000000000002c10 R12=fffff52000083f13 R13=ffffc9000041f888 R14=ffffc9000041f888 R15=ffffc9000041f890 RIP=ffffffff81a0365a RFL=00000a03 [-O----C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880974c3000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000ff938fc0 CR3=0000000065a0f000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 EAX=8b8c104a EBX=00000000 ECX=8b8bc5f2 EDX=00018fff ESI=f7424fe8 EDI=f6c87008 EBP=f7f55610 ESP=ff9395b0 EIP=f70ce6fd EFL=00000282 [--S----] CPL=3 II=0 A20=1 SMM=0 HLT=0 ES =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0023 00000000 ffffffff 00c0fb00 DPL=3 CS32 [-RA] SS =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] DS =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 00000000 ffffffff 00c00000 GS =0063 5755d440 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 00000000 ffffffff 00c00000 TR =0040 0004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c3c526c CR3=000000002366d000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000054 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85617045 RDI=ffffffff9b0f9700 RBP=ffffffff9b0f96c0 RSP=ffffc90006e8f0e0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=0000000000000054 R14=ffffffff9b0f96c0 R15=ffffffff85616fe0 RIP=ffffffff8561706f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880976c3000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080006c40 CR3=000000006dff4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=dffffc0000000000 RBX=ffff88801dafc880 RCX=ffffffff914f4801 RDX=0000000000000000 RSI=ffffffff8c162c80 RDI=ffff88801dafccc4 RBP=ffff88801dafc880 RSP=ffffc900001e75b8 R8 =ffffffff914f484c R9 =0000000000000000 R10=ffffc900001e7658 R11=0000000000012035 R12=ffff88801dafc880 R13=ffffc900001e7658 R14=ffffc900001e79b8 R15=ffffc900001e768c RIP=ffffffff81a18123 RFL=00000a03 [-O----C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977c3000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002e91cffc CR3=0000000060d8f000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000