last executing test programs: 3.530646783s ago: executing program 2 (id=489): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) open$dir(&(0x7f00000002c0)='./control/file0\x00', 0x80040, 0x0) unlink(&(0x7f00000001c0)='./control/file0\x00') rmdir(&(0x7f0000000040)='./control\x00') r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @multicast1}, 0x10) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x19, 0xf, &(0x7f0000000000)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0xf}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_emit_ethernet(0x120, &(0x7f0000000100)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xeb, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@response={0x2, 0x0, 0x0, "82d18160f7d8dda36479a6b179161b4bbff2d0508977b3928ebd2dee05607d17", "0194bd7b1b0303c5ba7f602606a285b3", {"30da2d58da817f8a5f77a23de36a2164", "3b33cfa231a427159c7b9f0eceb155f0"}}}}}}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000000)={0x1fe}, &(0x7f0000000040), 0x0) rmdir(&(0x7f000001f7c0)='./control\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) getrandom(0x0, 0x0, 0x0) setfsuid(0x0) 3.084871902s ago: executing program 1 (id=497): syz_open_dev$dri(0x0, 0x0, 0x0) syz_open_dev$dri(0x0, 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0}, 0x20) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_FWD_MASK={0x6}]}}}]}, 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@RTM_NEWMDB={0x38, 0x54, 0x1e5, 0x0, 0x0, {0x7, r6}, [@MDBA_SET_ENTRY={0x20, 0x1, {r6, 0x0, 0x0, 0x0, {@ip4=@broadcast, 0x86dd}}}]}, 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b26, &(0x7f0000000000)={'bond_slave_0\x00', @remote}) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)}, 0x0) 3.03700412s ago: executing program 1 (id=499): socket$netlink(0x10, 0x3, 0x0) getpid() r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000002c80)={0x0, 0x0, &(0x7f0000002c40)={&(0x7f0000003180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01080000e0030000000e02000000090001007300803000000000080002400000000214000000110001"], 0x50}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETTABLE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x1, 0xa, 0x301}, 0x14}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0) readv(r1, &(0x7f0000000380)=[{&(0x7f0000000340)=""/22, 0x16}], 0x1) sched_setscheduler(0x0, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$bind(0x0, 0x0, 0x0, 0x0, 0x0) mount$bind(0x0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000040), 0x1000001, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000140)={0x980912}) 2.961685156s ago: executing program 1 (id=501): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x4c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_TYPE={0xa, 0x7, 'route\x00'}]}], {0x14, 0x10}}, 0x94}}, 0x0) 2.907723491s ago: executing program 3 (id=502): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) r1 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x0) ioctl$CEC_S_MODE(r1, 0x40046109, &(0x7f0000000180)=0x80) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) readv(r0, &(0x7f0000000040), 0x0) bind$inet(r2, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) recvmmsg(r2, &(0x7f0000000dc0)=[{{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f0000004780)=""/102400, 0x19000}, {&(0x7f0000000a80)=""/228, 0xe4}], 0x2}}, {{0x0, 0x0, &(0x7f0000000cc0)=[{&(0x7f0000000880)=""/231, 0xe7}, {&(0x7f0000000340)=""/41, 0x29}], 0x0, &(0x7f0000000d00)=""/154, 0x9a}}], 0x2, 0x2000, 0x0) 2.856237405s ago: executing program 1 (id=503): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f0000001340)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x101099, 0x0) mount(&(0x7f0000000100)=@nullb, &(0x7f0000000240)='./file0/file0/..\x00', &(0x7f0000000280)='omfs\x00', 0x0, &(0x7f0000000340)=',arrier') 2.855566841s ago: executing program 3 (id=504): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], 0x0}, 0x90) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[], &(0x7f0000000240)='syzkaller\x00'}, 0x90) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={r1, r0, 0x1, 0x0, @void}, 0x10) r2 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0x0) 2.763813478s ago: executing program 1 (id=505): fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000300)={0xc, 0x4, 0x4, 0xa, 0x0, 0x1}, 0x48) socket$vsock_stream(0x28, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001240)=[{&(0x7f0000001200)="e4ab", 0x2}], 0x1}, 0x2404c881) recvmsg(r2, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x2) 2.719083735s ago: executing program 3 (id=506): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = dup(r0) ioctl$BINDER_GET_EXTENDED_ERROR(r1, 0x127d, 0x0) 2.63044004s ago: executing program 3 (id=507): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001640)='/sys/kernel/address_bits', 0x0, 0x0) read$FUSE(r0, &(0x7f0000001780)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) sched_setaffinity(r1, 0x0, 0x0) 2.630065797s ago: executing program 3 (id=508): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000c07850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000001140)='ext4_allocate_inode\x00', r0}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000000)='ext4_allocate_inode\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000400)='ext4_allocate_inode\x00', r4}, 0x10) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close(r2) close(r5) 2.41599547s ago: executing program 2 (id=509): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r2, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0x2fd, 0x0, 0x0, 0x0, 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@ipv6_newroute={0x38, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_OIF={0x8, 0x4, r1}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x7}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @SEG6_LOCAL_ACTION={0x8, 0x1, 0x7}}]}, 0x38}}, 0x0) r4 = getpid() process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) syz_open_procfs(r4, &(0x7f0000001380)='net/sctp\x00') bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) r8 = socket(0x15, 0x5, 0x0) socket(0x23, 0x5, 0x0) recvmsg$can_j1939(r8, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x12100) ioctl$sock_rose_SIOCADDRT(r8, 0x890b, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r10, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x34, r10, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @random="7212e1434a10"}, @chandef_params]}, 0x34}}, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@data_frame={@msdu=@type01={{0x0, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1}, {0x9}, @broadcast, @from_mac=@broadcast, @device_b, {0x1, 0x9}}}, 0x18) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan0\x00'}) r12 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r12, 0x8933, &(0x7f00000000c0)={'vxcan1\x00'}) socket$nl_netfilter(0x10, 0x3, 0xc) 1.738552865s ago: executing program 1 (id=511): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect(0x0, 0x34, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x92, 0xdf, 0x55, 0x10, 0x5ac, 0x9226, 0xb289, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x22, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0xe9, 0x0, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "d77b5d2898"}]}}]}}]}}]}}, 0x0) syz_usb_disconnect(0xffffffffffffffff) syz_usb_control_io(r1, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$EVIOCRMFF(r0, 0x550c, 0x0) 1.647308667s ago: executing program 3 (id=512): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000240), 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000540)={[], [{@defcontext={'defcontext', 0x3d, 'sysadm_u'}}]}) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000003000)={0x2}, 0x2) fcntl$setstatus(r0, 0x4, 0x2000) ppoll(&(0x7f00000001c0)=[{r0}], 0x1, &(0x7f0000000200), 0x0, 0x0) r1 = syz_usb_connect$cdc_ncm(0x0, 0x90, &(0x7f0000000600)=ANY=[@ANYBLOB="17010000020000102505a1a440000102030109027e00020100c0000904000001020d0000052406000105240000000d240f0100000000000000000006241a00001c08241c03000900000e2407320300060009020008c900202e174354dd490905810300000000000904010000020d00000904010102020d0000090582020000000000090503020000004000"/154], 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_buf(r2, 0x1, 0x1f, 0x0, &(0x7f00000000c0)) syz_usb_control_io(r1, 0x0, 0x0) fsopen(&(0x7f0000000040)='sockfs\x00', 0x0) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100004b028ee7000000000000ea04850000007b000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000380), 0x208e24b) lseek(0xffffffffffffffff, 0x0, 0x5) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="b4050000000000006110b0000000000063510800000000009500090000000000827573595f16aaba19dee4850fad9dc34ae0ec78734eb5ff8c80d4457498c5a7b0c59abd315c61996d140187d64787b68c0a1b3e361a405ed57dc367c33abfd46e35"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85}, 0x52) r5 = creat(&(0x7f0000000380)='./bus\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0), 0x48) ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000300)={'team0\x00', 0x0}) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x1ff, 0x7, 0x101, 0x20, r5, 0xffffc000, '\x00', r6, r5, 0x4, 0x3, 0x1, 0x5}, 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000100000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={0x0, r8}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[], 0x0, 0x52}, 0x20) 1.326438547s ago: executing program 2 (id=513): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) getrlimit(0x0, &(0x7f0000000280)) 1.323134849s ago: executing program 2 (id=514): mount$overlay(0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x54) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000100)={r2}, 0xc) 1.235641539s ago: executing program 2 (id=515): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000200)={'vxcan1\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1}, 0x18) sendmsg$can_j1939(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x1d, 0x0, 0x0, {0x0, 0x1ee}}, 0x18, &(0x7f00000004c0)={&(0x7f0000000140)='\x00', 0x8}}, 0x0) 1.235280563s ago: executing program 2 (id=516): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0x5b15, 0x0) 777.777708ms ago: executing program 0 (id=517): r0 = socket$kcm(0x10, 0x3, 0x10) recvmsg$kcm(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x700, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000035000b0fd25a806c8c6f94f90d24fc60", 0x33fe0}], 0x1, 0x0, 0x0, 0x20000000}, 0x0) 657.913822ms ago: executing program 0 (id=518): r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000801000000000000004000000850000008b00000095"], &(0x7f00000001c0)='syzkaller\x00'}, 0x90) ioctl$CDROMREADAUDIO(r0, 0x31e, &(0x7f0000002140)={@msf={0xc5}, 0x0, 0x0, 0x0}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) copy_file_range(r0, &(0x7f0000000100)=0x2, r1, &(0x7f0000000140)=0x582, 0x0, 0x0) ioctl$KVM_HYPERV_EVENTFD(r3, 0xc048aec8, &(0x7f0000000080)={0x6}) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000003c0)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000deff00000000e6ffffff00"}}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_SETPLANE(r4, 0xc03064b7, &(0x7f0000000a00)={r8, r6, r7, 0x0, 0x1}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000040)={[0x0, 0x0, 0xfffffffffffffffe, 0xffffffffffffffce, 0x10, 0xff, 0x4, 0x9, 0xb6cd, 0x101, 0x101, 0x7, 0x1, 0xfffffffffffffffd, 0x8001, 0x3ff], 0xe002, 0x2}) 456.975235ms ago: executing program 0 (id=519): mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x2000, 0x1) 406.594734ms ago: executing program 0 (id=520): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000c07850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000001140)='ext4_allocate_inode\x00', r0}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000000)='ext4_allocate_inode\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000400)='ext4_allocate_inode\x00', r4}, 0x10) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close(r2) close(r5) 305.1897ms ago: executing program 0 (id=521): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) shmat(0xffffffffffffffff, &(0x7f00007d1000/0x4000)=nil, 0x0) 0s ago: executing program 0 (id=522): r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000440)=0xffffffffffffffff, 0x4) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0) write$FUSE_WRITE(r1, &(0x7f00000000c0)={0x18}, 0xfdef) r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x10, 0xffffffffffffffff, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r4, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="02c8000c00080002"], 0x11) r5 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', &(0x7f0000000040), 0x18) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_TYPE={0x5}, @NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8}]}}}]}]}], {0x14}}, 0x8c}}, 0x0) faccessat2(r5, &(0x7f0000000480)='./file0\x00', 0x0, 0x0) umount2(&(0x7f0000001540)='./file0\x00', 0x2) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002f40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_REG_PROTO_MIN={0x8}, @NFTA_NAT_FAMILY={0x8}, @NFTA_NAT_TYPE={0x8, 0x1, 0x1, 0x0, 0x1}]}}}]}]}], {0x14}}, 0x80}}, 0x0) dup3(r2, r3, 0x0) sendmsg$IPSET_CMD_GET_BYNAME(r1, &(0x7f0000000540)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x50, 0xe, 0x6, 0x3, 0x0, 0x0, {0x2, 0x0, 0x8}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0xc890}, 0x40) ioctl$BTRFS_IOC_FS_INFO(r0, 0x8400941f, &(0x7f0000000040)) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:56539' (ED25519) to the list of known hosts. [ 49.229615][ T5163] cgroup: Unknown subsys name 'net' [ 49.366289][ T5163] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 50.732166][ T5163] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 55.774137][ T5212] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 55.780637][ T5212] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 55.785180][ T5212] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 55.788884][ T5212] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 55.792563][ T5212] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 55.798160][ T5217] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 55.802418][ T5221] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 55.802464][ T5217] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 55.802589][ T5220] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 55.803833][ T5220] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 55.804860][ T5220] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 55.805278][ T5220] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 55.808716][ T5221] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 55.809112][ T5217] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 55.819695][ T4646] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 55.823508][ T5221] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 55.827951][ T5220] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 55.838730][ T5220] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 55.854651][ T5221] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 55.868942][ T5221] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 55.872632][ T5221] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 55.876448][ T5221] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 55.887000][ T5221] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 55.899005][ T5221] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 56.255903][ T5207] chnl_net:caif_netlink_parms(): no params data found [ 56.266034][ T5208] chnl_net:caif_netlink_parms(): no params data found [ 56.458686][ T5213] chnl_net:caif_netlink_parms(): no params data found [ 56.465984][ T5222] chnl_net:caif_netlink_parms(): no params data found [ 56.595222][ T5208] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.599244][ T5208] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.602608][ T5208] bridge_slave_0: entered allmulticast mode [ 56.606520][ T5208] bridge_slave_0: entered promiscuous mode [ 56.611853][ T5208] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.614777][ T5208] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.617900][ T5208] bridge_slave_1: entered allmulticast mode [ 56.625061][ T5208] bridge_slave_1: entered promiscuous mode [ 56.629040][ T5207] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.632058][ T5207] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.636416][ T5207] bridge_slave_0: entered allmulticast mode [ 56.640512][ T5207] bridge_slave_0: entered promiscuous mode [ 56.707825][ T5207] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.711054][ T5207] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.714195][ T5207] bridge_slave_1: entered allmulticast mode [ 56.718177][ T5207] bridge_slave_1: entered promiscuous mode [ 56.780115][ T5208] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.835119][ T5208] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.881220][ T5207] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.964260][ T5208] team0: Port device team_slave_0 added [ 56.972264][ T5207] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.005568][ T5213] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.009020][ T5213] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.012004][ T5213] bridge_slave_0: entered allmulticast mode [ 57.015784][ T5213] bridge_slave_0: entered promiscuous mode [ 57.021671][ T5208] team0: Port device team_slave_1 added [ 57.065972][ T5222] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.069107][ T5222] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.072204][ T5222] bridge_slave_0: entered allmulticast mode [ 57.075995][ T5222] bridge_slave_0: entered promiscuous mode [ 57.083403][ T5213] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.086454][ T5213] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.089839][ T5213] bridge_slave_1: entered allmulticast mode [ 57.093654][ T5213] bridge_slave_1: entered promiscuous mode [ 57.164970][ T5207] team0: Port device team_slave_0 added [ 57.168483][ T5222] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.171580][ T5222] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.174670][ T5222] bridge_slave_1: entered allmulticast mode [ 57.178700][ T5222] bridge_slave_1: entered promiscuous mode [ 57.204857][ T5208] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 57.207572][ T5208] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.220519][ T5208] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.237141][ T5207] team0: Port device team_slave_1 added [ 57.318103][ T5208] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.321346][ T5208] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.332281][ T5208] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.366224][ T5222] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.373174][ T5213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.381330][ T5213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.474072][ T5222] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.506815][ T5213] team0: Port device team_slave_0 added [ 57.510205][ T5207] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 57.512706][ T5207] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.524455][ T5207] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.576786][ T5213] team0: Port device team_slave_1 added [ 57.580018][ T5207] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.583193][ T5207] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.594945][ T5207] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.633740][ T5208] hsr_slave_0: entered promiscuous mode [ 57.639817][ T5208] hsr_slave_1: entered promiscuous mode [ 57.701826][ T5213] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 57.704846][ T5213] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.718322][ T5213] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.726973][ T5222] team0: Port device team_slave_0 added [ 57.733820][ T5222] team0: Port device team_slave_1 added [ 57.755878][ T5213] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.758888][ T5213] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.768883][ T5213] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.868902][ T5215] Bluetooth: hci2: command tx timeout [ 57.870498][ T5221] Bluetooth: hci0: command tx timeout [ 57.879499][ T5221] Bluetooth: hci1: command tx timeout [ 57.909279][ T5222] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 57.912401][ T5222] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.923391][ T5222] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.930063][ T5222] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.933077][ T5222] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.944374][ T5222] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.958493][ T5221] Bluetooth: hci3: command tx timeout [ 57.985405][ T5207] hsr_slave_0: entered promiscuous mode [ 57.991886][ T5207] hsr_slave_1: entered promiscuous mode [ 57.995177][ T5207] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 57.998781][ T5207] Cannot create hsr debugfs directory [ 58.040140][ T5213] hsr_slave_0: entered promiscuous mode [ 58.043631][ T5213] hsr_slave_1: entered promiscuous mode [ 58.046917][ T5213] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 58.050434][ T5213] Cannot create hsr debugfs directory [ 58.245811][ T5222] hsr_slave_0: entered promiscuous mode [ 58.252961][ T5222] hsr_slave_1: entered promiscuous mode [ 58.256278][ T5222] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 58.259743][ T5222] Cannot create hsr debugfs directory [ 58.570612][ T5208] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 58.593845][ T5208] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 58.635242][ T5208] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 58.651765][ T5208] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 58.695780][ T5207] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 58.704555][ T5207] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 58.716952][ T5207] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 58.723441][ T5207] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 58.788316][ T5213] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 58.795056][ T5213] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 58.818856][ T5213] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 58.827166][ T5213] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 58.896942][ T5222] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 58.907546][ T5222] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 58.918032][ T5222] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 58.943937][ T5222] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 59.014413][ T5208] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.070467][ T5208] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.076628][ T5207] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.093484][ T30] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.096166][ T30] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.107160][ T5213] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.129073][ T5213] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.135783][ T816] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.139207][ T816] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.155104][ T5207] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.180891][ T816] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.184820][ T816] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.191626][ T816] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.194825][ T816] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.211153][ T816] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.214216][ T816] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.231189][ T816] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.234185][ T816] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.247245][ T5222] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.311181][ T5222] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.339831][ T1128] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.342540][ T1128] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.362594][ T816] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.366472][ T816] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.426372][ T5222] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 59.527306][ T5213] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.571955][ T5208] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.585265][ T5213] veth0_vlan: entered promiscuous mode [ 59.595588][ T5207] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.620438][ T5213] veth1_vlan: entered promiscuous mode [ 59.657879][ T5222] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.675062][ T5208] veth0_vlan: entered promiscuous mode [ 59.707624][ T5207] veth0_vlan: entered promiscuous mode [ 59.716568][ T5213] veth0_macvtap: entered promiscuous mode [ 59.722840][ T5213] veth1_macvtap: entered promiscuous mode [ 59.726772][ T5208] veth1_vlan: entered promiscuous mode [ 59.747528][ T5207] veth1_vlan: entered promiscuous mode [ 59.765676][ T5208] veth0_macvtap: entered promiscuous mode [ 59.785515][ T5213] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.793000][ T5208] veth1_macvtap: entered promiscuous mode [ 59.805507][ T5213] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.826161][ T5213] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.831133][ T5213] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.834174][ T5213] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.837775][ T5213] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.868980][ T5208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.872817][ T5208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.881611][ T5208] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.893563][ T5207] veth0_macvtap: entered promiscuous mode [ 59.900003][ T5222] veth0_vlan: entered promiscuous mode [ 59.911784][ T5222] veth1_vlan: entered promiscuous mode [ 59.929179][ T5208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.933936][ T5208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.941148][ T5208] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.953965][ T5207] veth1_macvtap: entered promiscuous mode [ 59.959387][ T5221] Bluetooth: hci0: command tx timeout [ 59.961283][ T5215] Bluetooth: hci1: command tx timeout [ 59.961310][ T5220] Bluetooth: hci2: command tx timeout [ 59.971499][ T5208] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.975146][ T5208] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.979817][ T5208] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.983022][ T5208] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.016355][ T5207] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.020999][ T5207] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.024619][ T5207] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.028428][ T5215] Bluetooth: hci3: command tx timeout [ 60.029365][ T5207] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.035782][ T5207] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.060249][ T3086] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.060443][ T5207] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.063405][ T3086] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.068010][ T5207] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.074235][ T5207] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.078123][ T5207] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.082908][ T5207] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.108967][ T5222] veth0_macvtap: entered promiscuous mode [ 60.131029][ T5207] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.134735][ T5207] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.137941][ T5207] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.141530][ T5207] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.146822][ T5222] veth1_macvtap: entered promiscuous mode [ 60.160988][ T3086] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.164407][ T3086] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.182610][ T5222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.187252][ T5222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.191741][ T5222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.196291][ T5222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.201193][ T5222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.205849][ T5222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.212376][ T5222] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.224044][ T1091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.227319][ T1091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.241172][ T5222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.245649][ T5222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.249766][ T5222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.253598][ T5222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.257332][ T5222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.261126][ T5222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.265909][ T5222] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.288107][ T5222] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.294248][ T5222] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.298067][ T5222] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.302989][ T5222] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.312191][ T1154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.315699][ T1154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.361814][ T1154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.365958][ T1154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.425113][ T1110] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.438163][ T1110] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.490311][ T3086] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.493061][ T3086] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.517941][ T3086] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.528696][ T3086] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.792306][ T5294] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11'. [ 60.796379][ T5294] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11'. [ 60.970631][ T5306] syz.1.16 uses obsolete (PF_INET,SOCK_PACKET) [ 61.246216][ T5314] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 61.306269][ T5314] netlink: 8 bytes leftover after parsing attributes in process `syz.1.20'. [ 61.551017][ T5326] nbd: must specify a device to reconfigure [ 61.981117][ C0] vxcan0: j1939_tp_rxtimer: 0xffff88800012dc00: rx timeout, send abort [ 61.986348][ C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff88800012dc00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 62.029326][ T5215] Bluetooth: hci2: command tx timeout [ 62.029342][ T5221] Bluetooth: hci0: command tx timeout [ 62.038577][ T5221] Bluetooth: hci1: command tx timeout [ 62.061230][ T5336] netlink: 8 bytes leftover after parsing attributes in process `syz.3.31'. [ 62.108721][ T5221] Bluetooth: hci3: command tx timeout [ 62.367666][ T5351] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 62.371937][ T5351] overlayfs: failed to set xattr on upper [ 62.371934][ T5249] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 62.374637][ T5351] overlayfs: ...falling back to redirect_dir=nofollow. [ 62.386052][ T5351] overlayfs: ...falling back to index=off. [ 62.389116][ T5351] overlayfs: ...falling back to uuid=null. [ 62.563080][ T5249] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 62.566944][ T5249] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 62.570984][ T5249] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 62.574552][ T5249] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.586704][ T5340] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 62.872288][ T5268] usb 5-1: USB disconnect, device number 2 [ 63.531168][ T5373] netlink: 'syz.0.44': attribute type 2 has an invalid length. [ 63.770567][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88802b5f7c00: rx timeout, send abort [ 63.773928][ C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff88802b5f7c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 63.851929][ T39] audit: type=1326 audit(1721101064.547:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5394 comm="syz.0.52" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73f8579 code=0x7ffc0000 [ 63.862245][ T39] audit: type=1326 audit(1721101064.547:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5394 comm="syz.0.52" exe="/syz-executor" sig=0 arch=40000003 syscall=41 compat=1 ip=0xf73f8579 code=0x7ffc0000 [ 63.876234][ T5391] syz.1.49: attempt to access beyond end of device [ 63.876234][ T5391] nbd1: rw=0, sector=2, nr_sectors = 1 limit=0 [ 63.877039][ T39] audit: type=1326 audit(1721101064.547:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5394 comm="syz.0.52" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73f8579 code=0x7ffc0000 [ 63.894706][ T39] audit: type=1326 audit(1721101064.547:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5394 comm="syz.0.52" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73f8579 code=0x7ffc0000 [ 63.905261][ T39] audit: type=1326 audit(1721101064.547:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5394 comm="syz.0.52" exe="/syz-executor" sig=0 arch=40000003 syscall=293 compat=1 ip=0xf73f8579 code=0x7ffc0000 [ 63.914888][ T39] audit: type=1326 audit(1721101064.547:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5394 comm="syz.0.52" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73f8579 code=0x7ffc0000 [ 63.924322][ T39] audit: type=1326 audit(1721101064.547:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5394 comm="syz.0.52" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73f8579 code=0x7ffc0000 [ 63.933059][ T39] audit: type=1326 audit(1721101064.557:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5394 comm="syz.0.52" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf73f8579 code=0x7ffc0000 [ 63.941490][ T39] audit: type=1326 audit(1721101064.557:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5394 comm="syz.0.52" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73f8579 code=0x7ffc0000 [ 63.953033][ T39] audit: type=1326 audit(1721101064.557:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5394 comm="syz.0.52" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73f8579 code=0x7ffc0000 [ 64.108776][ T5215] Bluetooth: hci2: command tx timeout [ 64.108821][ T5220] Bluetooth: hci0: command tx timeout [ 64.111133][ T5221] Bluetooth: hci1: command tx timeout [ 64.118343][ T5269] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 64.198416][ T5221] Bluetooth: hci3: command tx timeout [ 64.311085][ T5269] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 64.332660][ T5269] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 64.337384][ T5269] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 64.341445][ T5269] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.353681][ T5393] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 64.670142][ T5216] usb 8-1: USB disconnect, device number 2 [ 64.746617][ T5401] netlink: 'syz.0.54': attribute type 2 has an invalid length. [ 65.424596][ T5423] can0: slcan on ptm0. [ 66.068565][ T56] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 66.290318][ T56] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 66.295986][ T56] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 66.301726][ T5418] can0 (unregistered): slcan off ptm0. [ 66.310823][ T56] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 66.315253][ T56] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.323290][ T5441] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 66.438475][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.442671][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.644976][ T5216] usb 8-1: USB disconnect, device number 3 [ 67.063796][ T5481] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 67.066528][ T5481] overlayfs: failed to set xattr on upper [ 67.071271][ T5481] overlayfs: ...falling back to redirect_dir=nofollow. [ 67.074070][ T5481] overlayfs: ...falling back to index=off. [ 67.076335][ T5481] overlayfs: ...falling back to uuid=null. [ 67.258395][ T5216] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 67.459163][ T5216] usb 8-1: Using ep0 maxpacket: 8 [ 67.467012][ T5216] usb 8-1: config 0 has no interfaces? [ 67.472678][ T5216] usb 8-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 67.477581][ T5216] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.491532][ T5216] usb 8-1: config 0 descriptor?? [ 67.841841][ T5268] usb 8-1: USB disconnect, device number 4 [ 68.401079][ T5520] netlink: 24 bytes leftover after parsing attributes in process `syz.0.101'. [ 68.404794][ T5520] netlink: 24 bytes leftover after parsing attributes in process `syz.0.101'. [ 68.532195][ T5528] netlink: 36 bytes leftover after parsing attributes in process `syz.3.105'. [ 68.605350][ T5525] overlay: Unknown parameter 'subj_role' [ 68.812678][ T5533] random: crng reseeded on system resumption [ 69.013148][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 69.378651][ T5552] netlink: 36 bytes leftover after parsing attributes in process `syz.3.115'. [ 69.616299][ T1154] Bluetooth: hci4: Frame reassembly failed (-84) [ 70.105633][ T5568] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 70.201524][ T5573] netlink: 24 bytes leftover after parsing attributes in process `syz.0.124'. [ 70.205442][ T5573] netlink: 24 bytes leftover after parsing attributes in process `syz.0.124'. [ 70.225785][ T5575] netlink: 36 bytes leftover after parsing attributes in process `syz.1.125'. [ 70.455775][ T5579] binder: 5578:5579 ioctl c0306201 0 returned -14 [ 70.465888][ T5220] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260 [ 70.748900][ T5591] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 70.953415][ T5602] netlink: 36 bytes leftover after parsing attributes in process `syz.1.136'. [ 71.301843][ T5220] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 71.340219][ T5626] tmpfs: Unknown parameter 'mp' [ 71.347532][ T5626] netlink: 'syz.1.147': attribute type 10 has an invalid length. [ 71.351215][ T5626] ipvlan1: entered promiscuous mode [ 71.358892][ T5220] Bluetooth: hci0: unexpected event 0x34 length: 10 > 6 [ 71.360969][ T5626] team0: Device ipvlan1 failed to register rx_handler [ 71.368143][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 71.368726][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 71.384096][ T5624] netlink: 1264 bytes leftover after parsing attributes in process `syz.0.146'. [ 71.489069][ T5630] netlink: 36 bytes leftover after parsing attributes in process `syz.0.149'. [ 71.554810][ T1356] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.557970][ T1356] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.628414][ T5220] Bluetooth: hci4: command 0x1003 tx timeout [ 71.631723][ T5221] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 71.817732][ T5646] tmpfs: Unknown parameter 'mp' [ 71.830547][ T5646] netlink: 'syz.0.157': attribute type 10 has an invalid length. [ 71.834589][ T5646] ipvlan1: entered promiscuous mode [ 71.847394][ T5646] team0: Device ipvlan1 failed to register rx_handler [ 71.854721][ T5220] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 71.857754][ T5215] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 71.869242][ T5215] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 71.883748][ T5215] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 71.900782][ T5215] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 71.904055][ T5215] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 71.907667][ T5215] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 71.916137][ T5221] Bluetooth: hci3: unexpected event 0x34 length: 10 > 6 [ 72.166741][ T5647] chnl_net:caif_netlink_parms(): no params data found [ 72.234061][ T1154] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.334414][ T5663] binder: 5661:5663 ioctl c0306201 0 returned -14 [ 72.336030][ T5671] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 72.364117][ T1154] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.506821][ T1154] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.524581][ T5647] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.531535][ T5647] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.534853][ T5647] bridge_slave_0: entered allmulticast mode [ 72.538706][ T5647] bridge_slave_0: entered promiscuous mode [ 72.544551][ T5647] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.547793][ T5647] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.558017][ T5647] bridge_slave_1: entered allmulticast mode [ 72.562313][ T5647] bridge_slave_1: entered promiscuous mode [ 72.649243][ T1154] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.691281][ T5647] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.701756][ T5647] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.718356][ T5268] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 72.791040][ T5647] team0: Port device team_slave_0 added [ 72.797033][ T5647] team0: Port device team_slave_1 added [ 72.885605][ T5647] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.890486][ T5647] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.906452][ T5647] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.929404][ T5647] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.929819][ T5268] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 72.932846][ T5647] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.939396][ T5268] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 72.953295][ T5647] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.969475][ T5268] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 72.976607][ T5268] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 72.985423][ T5680] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 73.010581][ T5695] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 73.141152][ T1154] bridge_slave_1: left allmulticast mode [ 73.143928][ T1154] bridge_slave_1: left promiscuous mode [ 73.147883][ T1154] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.173620][ T1154] bridge_slave_0: left allmulticast mode [ 73.176201][ T1154] bridge_slave_0: left promiscuous mode [ 73.183664][ T1154] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.224421][ T5699] binder_alloc: 5698: binder_alloc_buf size -592 failed, no address space [ 73.228111][ T5699] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 73.331049][ T5248] usb 8-1: USB disconnect, device number 5 [ 73.558579][ T5268] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 73.602165][ T1154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 73.612116][ T1154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 73.618896][ T1154] bond0 (unregistering): Released all slaves [ 73.667609][ T5647] hsr_slave_0: entered promiscuous mode [ 73.673052][ T5647] hsr_slave_1: entered promiscuous mode [ 73.676084][ T5647] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 73.681652][ T5647] Cannot create hsr debugfs directory [ 73.748592][ T5268] usb 5-1: Using ep0 maxpacket: 8 [ 73.757256][ T5268] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 73.768256][ T5268] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 73.774422][ T5268] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 73.782206][ T5268] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 73.790626][ T5268] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 73.796779][ T5268] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 73.950684][ T5215] Bluetooth: hci4: command tx timeout [ 74.021398][ T5268] usb 5-1: usb_control_msg returned -32 [ 74.024318][ T5268] usbtmc 5-1:16.0: can't read capabilities [ 74.418478][ T1154] hsr_slave_0: left promiscuous mode [ 74.440801][ T1154] hsr_slave_1: left promiscuous mode [ 74.444240][ T1154] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 74.448069][ T1154] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 74.453969][ T1154] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 74.457330][ T1154] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 74.493847][ T1154] veth1_macvtap: left promiscuous mode [ 74.496720][ T1154] veth0_macvtap: left promiscuous mode [ 74.499789][ T1154] veth1_vlan: left promiscuous mode [ 74.502248][ T1154] veth0_vlan: left promiscuous mode [ 75.195308][ T1154] team0 (unregistering): Port device team_slave_1 removed [ 75.294914][ T1154] team0 (unregistering): Port device team_slave_0 removed [ 75.706439][ T5741] Driver unsupported XDP return value 0 on prog (id 39) dev N/A, expect packet loss! [ 75.905683][ T5745] process 'syz.1.192' launched './file0' with NULL argv: empty string added [ 76.028598][ T5215] Bluetooth: hci4: command tx timeout [ 76.236770][ T5758] warning: `syz.3.196' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 76.284967][ T5647] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 76.290181][ T816] usb 5-1: USB disconnect, device number 3 [ 76.311907][ T5647] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 76.339878][ T5647] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 76.356525][ T5647] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 76.481440][ T5647] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.502296][ T5647] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.515697][ T826] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.522170][ T826] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.543608][ T5268] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.546524][ T5268] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.749235][ T5782] netlink: 'syz.3.204': attribute type 1 has an invalid length. [ 76.790062][ T5647] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.834706][ T5647] veth0_vlan: entered promiscuous mode [ 76.844195][ T5647] veth1_vlan: entered promiscuous mode [ 76.894448][ T5647] veth0_macvtap: entered promiscuous mode [ 76.926377][ T5647] veth1_macvtap: entered promiscuous mode [ 76.928356][ T8] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 76.972027][ T5647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.976633][ T5647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.981692][ T5647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.986102][ T5647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.991849][ T5647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.996759][ T5647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.006814][ T5647] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.016577][ T5647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.021756][ T5647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.025347][ T5647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.030340][ T5647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.034294][ T5647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.040254][ T5647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.054026][ T5647] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.066265][ T5647] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.070750][ T5647] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.074603][ T5647] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.078480][ T5647] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.108320][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 77.112373][ T8] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 77.116538][ T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 77.120523][ T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 77.123204][ T5827] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING [ 77.128883][ T8] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 77.128909][ T8] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 77.153917][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.179207][ T3086] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.183371][ T3086] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.202334][ T1154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.205655][ T1154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.379418][ T8] usb 5-1: usb_control_msg returned -32 [ 77.382241][ T8] usbtmc 5-1:16.0: can't read capabilities [ 77.586461][ T5838] netlink: 'syz.2.218': attribute type 1 has an invalid length. [ 78.108627][ T5215] Bluetooth: hci4: command tx timeout [ 78.152730][ T5859] dccp_xmit_packet: Payload too large (65475) for featneg. [ 78.212057][ T5862] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING [ 79.679051][ T5216] usb 5-1: USB disconnect, device number 4 [ 79.745132][ T5920] syz.1.254: attempt to access beyond end of device [ 79.745132][ T5920] loop1: rw=0, sector=64, nr_sectors = 2 limit=0 [ 79.750652][ T5920] isofs_fill_super: bread failed, dev=loop1, iso_blknum=16, block=32 [ 80.188577][ T5215] Bluetooth: hci4: command tx timeout [ 80.458515][ T5763] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 80.658365][ T5763] usb 7-1: Using ep0 maxpacket: 8 [ 80.679358][ T5763] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 80.683333][ T5763] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 80.687739][ T5763] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 80.691574][ T5763] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 80.696317][ T5763] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 80.700026][ T5763] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.720213][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 80.801415][ T5951] __nla_validate_parse: 1 callbacks suppressed [ 80.801429][ T5951] netlink: 264 bytes leftover after parsing attributes in process `syz.0.268'. [ 80.809978][ T5951] netlink: 64 bytes leftover after parsing attributes in process `syz.0.268'. [ 80.813438][ T5951] tipc: Invalid UDP bearer configuration [ 80.813644][ T5951] tipc: Enabling of bearer rejected, failed to enable media [ 80.952371][ T5763] usb 7-1: usb_control_msg returned -32 [ 80.954868][ T5763] usbtmc 7-1:16.0: can't read capabilities [ 81.174065][ T5964] netlink: 'syz.1.274': attribute type 3 has an invalid length. [ 81.178878][ T5964] netlink: 48 bytes leftover after parsing attributes in process `syz.1.274'. [ 81.331833][ T5974] netlink: 264 bytes leftover after parsing attributes in process `syz.0.277'. [ 81.335736][ T5974] netlink: 64 bytes leftover after parsing attributes in process `syz.0.277'. [ 81.341215][ T5974] tipc: Invalid UDP bearer configuration [ 81.341261][ T5974] tipc: Enabling of bearer rejected, failed to enable media [ 82.355559][ T5995] netlink: 264 bytes leftover after parsing attributes in process `syz.3.287'. [ 82.360853][ T5995] netlink: 64 bytes leftover after parsing attributes in process `syz.3.287'. [ 82.360870][ T5995] tipc: Invalid UDP bearer configuration [ 82.360910][ T5995] tipc: Enabling of bearer rejected, failed to enable media [ 82.557101][ T6013] ptrace attach of "/syz-executor exec"[5207] was attempted by "/syz-executor exec"[6013] [ 82.628140][ T6017] netlink: 264 bytes leftover after parsing attributes in process `syz.3.297'. [ 82.633129][ T6017] netlink: 64 bytes leftover after parsing attributes in process `syz.3.297'. [ 82.637086][ T6017] tipc: Invalid UDP bearer configuration [ 82.637159][ T6017] tipc: Enabling of bearer rejected, failed to enable media [ 83.183688][ T5268] usb 7-1: USB disconnect, device number 2 [ 83.568065][ T6047] netlink: 264 bytes leftover after parsing attributes in process `syz.3.309'. [ 83.573604][ T6047] tipc: Invalid UDP bearer configuration [ 83.573650][ T6047] tipc: Enabling of bearer rejected, failed to enable media [ 83.834449][ T6056] netlink: 'syz.2.312': attribute type 1 has an invalid length. [ 84.024526][ T6063] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 84.565486][ T6102] Cannot find add_set index 0 as target [ 84.897605][ T6121] Cannot find add_set index 0 as target [ 85.216955][ T6135] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 86.386457][ T6165] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 86.553797][ T5215] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 86.558819][ T5215] CPU: 3 PID: 5215 Comm: kworker/u33:3 Not tainted 6.10.0-syzkaller-01059-g1467b49869df #0 [ 86.563128][ T5215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.567997][ T5215] Workqueue: hci2 hci_rx_work [ 86.570508][ T5215] Call Trace: [ 86.572274][ T5215] [ 86.573899][ T5215] dump_stack_lvl+0x16c/0x1f0 [ 86.577393][ T5215] sysfs_warn_dup+0x7f/0xa0 [ 86.579730][ T5215] sysfs_create_dir_ns+0x24d/0x2b0 [ 86.582217][ T5215] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 86.584863][ T5215] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 86.587266][ T5215] ? do_raw_spin_unlock+0x172/0x230 [ 86.589394][ T5215] kobject_add_internal+0x2c8/0x990 [ 86.591765][ T5215] kobject_add+0x16f/0x240 [ 86.594378][ T5215] ? __pfx_kobject_add+0x10/0x10 [ 86.596643][ T5215] ? do_raw_spin_unlock+0x172/0x230 [ 86.600005][ T5215] ? kobject_put+0xbe/0x5b0 [ 86.602545][ T6171] __nla_validate_parse: 1 callbacks suppressed [ 86.602558][ T6171] netlink: 12 bytes leftover after parsing attributes in process `syz.3.362'. [ 86.602694][ T5215] device_add+0x289/0x1a70 [ 86.611056][ T5215] ? __pfx_dev_set_name+0x10/0x10 [ 86.611086][ T5215] ? __pfx_device_add+0x10/0x10 [ 86.611108][ T5215] ? mgmt_send_event_skb+0x2f0/0x460 [ 86.618264][ T5215] hci_conn_add_sysfs+0x17e/0x230 [ 86.620701][ T5215] le_conn_complete_evt+0xfc7/0x1cf0 [ 86.623009][ T5215] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 86.625505][ T5215] ? trace_contention_end+0xea/0x140 [ 86.628321][ T5215] hci_le_enh_conn_complete_evt+0x23d/0x380 [ 86.630961][ T5215] ? skb_pull_data+0x166/0x210 [ 86.633152][ T5215] hci_le_meta_evt+0x2e2/0x5d0 [ 86.635196][ T5215] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 86.638525][ T5215] hci_event_packet+0x664/0x1190 [ 86.640691][ T5215] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 86.642881][ T5215] ? __pfx_hci_event_packet+0x10/0x10 [ 86.645100][ T5215] ? mark_held_locks+0x9f/0xe0 [ 86.647245][ T5215] ? kcov_remote_start+0x3d1/0x6e0 [ 86.649454][ T5215] ? lockdep_hardirqs_on+0x7c/0x110 [ 86.651681][ T5215] hci_rx_work+0x2c4/0x1610 [ 86.653535][ T5215] process_one_work+0x958/0x1ad0 [ 86.655200][ T5215] ? __pfx_lock_acquire+0x10/0x10 [ 86.657482][ T5215] ? __pfx_process_one_work+0x10/0x10 [ 86.659752][ T5215] ? assign_work+0x1a0/0x250 [ 86.661645][ T5215] worker_thread+0x6c8/0xf20 [ 86.663490][ T5215] ? __pfx_worker_thread+0x10/0x10 [ 86.665405][ T5215] kthread+0x2c1/0x3a0 [ 86.667229][ T5215] ? _raw_spin_unlock_irq+0x23/0x50 [ 86.669489][ T5215] ? __pfx_kthread+0x10/0x10 [ 86.671795][ T5215] ret_from_fork+0x45/0x80 [ 86.674011][ T5215] ? __pfx_kthread+0x10/0x10 [ 86.676171][ T5215] ret_from_fork_asm+0x1a/0x30 [ 86.678696][ T5215] [ 86.680980][ T5215] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 86.686607][ T5215] Bluetooth: hci2: failed to register connection device [ 86.743542][ T6175] netlink: 28 bytes leftover after parsing attributes in process `syz.3.364'. [ 86.754344][ T6175] mmap: syz.3.364 (6175) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 86.912967][ T57] cfg80211: failed to load regulatory.db [ 87.528478][ T6197] ======================================================= [ 87.528478][ T6197] WARNING: The mand mount option has been deprecated and [ 87.528478][ T6197] and is ignored by this kernel. Remove the mand [ 87.528478][ T6197] option from the mount to silence this warning. [ 87.528478][ T6197] ======================================================= [ 87.749117][ T6202] openvswitch: netlink: EtherType 200 is less than min 600 [ 87.767574][ T6202] ip6gretap0 speed is unknown, defaulting to 1000 [ 87.773028][ T6202] ip6gretap0 speed is unknown, defaulting to 1000 [ 87.779357][ T6202] ip6gretap0 speed is unknown, defaulting to 1000 [ 87.787717][ T6202] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 87.800514][ T6202] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 87.826578][ T6202] ip6gretap0 speed is unknown, defaulting to 1000 [ 87.837153][ T6202] ip6gretap0 speed is unknown, defaulting to 1000 [ 87.849957][ T6202] ip6gretap0 speed is unknown, defaulting to 1000 [ 87.857146][ T6202] ip6gretap0 speed is unknown, defaulting to 1000 [ 88.597724][ T6231] netlink: 'syz.2.380': attribute type 3 has an invalid length. [ 88.601792][ T6231] netlink: 48 bytes leftover after parsing attributes in process `syz.2.380'. [ 88.810078][ T6238] openvswitch: netlink: EtherType 200 is less than min 600 [ 89.061671][ T6250] netlink: 40 bytes leftover after parsing attributes in process `syz.3.395'. [ 89.122685][ T6256] overlayfs: failed to clone lowerpath [ 89.523907][ T6277] netlink: 40 bytes leftover after parsing attributes in process `syz.3.405'. [ 89.561219][ T6279] netlink: 4 bytes leftover after parsing attributes in process `syz.3.406'. [ 89.834513][ T6289] netlink: 'syz.3.410': attribute type 2 has an invalid length. [ 89.837725][ T6289] netlink: 723 bytes leftover after parsing attributes in process `syz.3.410'. [ 90.283355][ T6301] netlink: 40 bytes leftover after parsing attributes in process `syz.3.415'. [ 90.332924][ T6303] netlink: 4 bytes leftover after parsing attributes in process `syz.3.416'. [ 90.598401][ T6311] netlink: 'syz.3.419': attribute type 2 has an invalid length. [ 90.602752][ T6311] netlink: 723 bytes leftover after parsing attributes in process `syz.3.419'. [ 90.763851][ C0] vkms_vblank_simulate: vblank timer overrun [ 90.973865][ T6326] futex_wake_op: syz.3.425 tries to shift op by -1; fix this program [ 91.256422][ T5221] Bluetooth: unknown link type 32 [ 91.259238][ T5221] Bluetooth: hci4: connection err: -111 [ 92.470531][ T6359] netlink: 'syz.1.435': attribute type 3 has an invalid length. [ 92.474290][ T6359] __nla_validate_parse: 2 callbacks suppressed [ 92.474308][ T6359] netlink: 48 bytes leftover after parsing attributes in process `syz.1.435'. [ 92.638680][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.844714][ T6366] netlink: 12 bytes leftover after parsing attributes in process `syz.0.438'. [ 95.716288][ C1] vcan0: j1939_tp_rxtimer: 0xffff88802b74b800: rx timeout, send abort [ 95.720394][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88802b74b800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 95.748292][ T6429] ata3.00: invalid multi_count 1 ignored [ 96.227597][ T6444] Bluetooth: MGMT ver 1.22 [ 96.348328][ T6457] ata3.00: invalid multi_count 1 ignored [ 96.355212][ T6456] input: syz0 as /devices/virtual/input/input5 [ 96.558889][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 96.872130][ T6482] input: syz0 as /devices/virtual/input/input6 [ 98.393570][ T6541] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 99.269573][ T5763] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 99.344575][ T6557] vxcan1: tx address claim with dest, not broadcast [ 99.368323][ T5270] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 99.458347][ T5763] usb 8-1: Using ep0 maxpacket: 16 [ 99.462533][ T5763] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 99.466807][ T5763] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 99.470452][ T5763] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 99.480659][ T5763] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 99.483784][ T5763] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.486483][ T5763] usb 8-1: Product: syz [ 99.487997][ T5763] usb 8-1: Manufacturer: syz [ 99.491965][ T5763] usb 8-1: SerialNumber: syz [ 99.499735][ T5763] cdc_ncm 8-1:1.0: skipping garbage [ 99.502116][ T5763] cdc_ncm 8-1:1.0: CDC Union missing and no IAD found [ 99.504879][ T5763] cdc_ncm 8-1:1.0: bind() failure [ 99.548403][ T5270] usb 6-1: Using ep0 maxpacket: 16 [ 99.553958][ T5270] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 99.558922][ T5270] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87 [ 99.563387][ T5270] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 152, changing to 11 [ 99.567463][ T5270] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 8285, setting to 1024 [ 99.572124][ T5270] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 99.580290][ T5270] usb 6-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89 [ 99.584109][ T5270] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.587382][ T5270] usb 6-1: Product: syz [ 99.589272][ T5270] usb 6-1: Manufacturer: syz [ 99.591363][ T5270] usb 6-1: SerialNumber: syz [ 99.597614][ T5270] usb 6-1: config 0 descriptor?? [ 99.661479][ T816] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 99.848376][ T816] usb 7-1: Using ep0 maxpacket: 8 [ 99.852310][ T816] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 99.856481][ T816] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 99.860734][ T816] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 99.864914][ T816] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 99.870033][ T5270] appledisplay 6-1:0.0: Error while getting initial brightness: -110 [ 99.870250][ T816] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 99.875213][ T5270] appledisplay 6-1:0.0: probe with driver appledisplay failed with error -110 [ 99.876773][ T816] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.946401][ T6564] ata3.00: invalid multi_count 1 ignored [ 100.109081][ T816] usb 7-1: usb_control_msg returned -32 [ 100.111586][ T816] usbtmc 7-1:16.0: can't read capabilities [ 100.700275][ T5215] BUG: workqueue leaked atomic, lock or RCU: kworker/u33:3[5215] [ 100.700275][ T5215] preempt=0x00000000 lock=0->1 RCU=0->0 workfn=hci_rx_work [ 100.711214][ T5215] 1 lock held by kworker/u33:3/5215: [ 100.713637][ T5215] #0: ffff888000708518 (&chan->lock/1){+.+.}-{3:3}, at: l2cap_recv_frame+0x14f2/0x8e10 [ 100.718071][ T5215] CPU: 3 PID: 5215 Comm: kworker/u33:3 Not tainted 6.10.0-syzkaller-01059-g1467b49869df #0 [ 100.722273][ T5215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 SYZFAIL: failed to recv rpc [ 100.726944][ T5215] Workqueue: hci0 hci_rx_work fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 100.729385][ T5215] Call Trace: [ 100.730778][ T5215] [ 100.732140][ T5215] dump_stack_lvl+0x16c/0x1f0 [ 100.734169][ T5215] process_one_work+0x1170/0x1ad0 [ 100.736538][ T5215] ? __pfx_hci_rx_work+0x10/0x10 [ 100.739006][ T5215] ? __pfx_hci_rx_work+0x10/0x10 [ 100.741225][ T5215] ? __pfx_hci_rx_work+0x10/0x10 [ 100.743398][ T5215] ? __pfx_process_one_work+0x10/0x10 [ 100.745762][ T5215] ? assign_work+0x1a0/0x250 [ 100.747796][ T5215] worker_thread+0x6c8/0xf20 [ 100.749840][ T5215] ? __pfx_worker_thread+0x10/0x10 [ 100.752143][ T5215] kthread+0x2c1/0x3a0 [ 100.753888][ T5215] ? _raw_spin_unlock_irq+0x23/0x50 [ 100.755933][ T5215] ? __pfx_kthread+0x10/0x10 [ 100.757759][ T5215] ret_from_fork+0x45/0x80 [ 100.759509][ T5215] ? __pfx_kthread+0x10/0x10 [ 100.761349][ T5215] ret_from_fork_asm+0x1a/0x30 [ 100.763257][ T5215] [ 101.068989][ T5215] [ 101.070073][ T5215] ====================================================== [ 101.073080][ T5215] WARNING: possible circular locking dependency detected [ 101.076103][ T5215] 6.10.0-syzkaller-01059-g1467b49869df #0 Not tainted [ 101.078767][ T5215] ------------------------------------------------------ [ 101.081651][ T5215] kworker/u33:3/5215 is trying to acquire lock: [ 101.083920][ T5215] ffff88800d79b148 ((wq_completion)hci4#2){+.+.}-{0:0}, at: process_one_work+0x11f0/0x1ad0 [ 101.088089][ T5215] [ 101.088089][ T5215] but task is already holding lock: [ 101.090910][ T5215] ffff888000708518 (&chan->lock/1){+.+.}-{3:3}, at: l2cap_recv_frame+0x14f2/0x8e10 [ 101.095292][ T5215] [ 101.095292][ T5215] which lock already depends on the new lock. [ 101.095292][ T5215] [ 101.099523][ T5215] [ 101.099523][ T5215] the existing dependency chain (in reverse order) is: [ 101.103136][ T5215] [ 101.103136][ T5215] -> #2 (&chan->lock/1){+.+.}-{3:3}: [ 101.105945][ T5215] __mutex_lock+0x175/0x9c0 [ 101.107997][ T5215] l2cap_recv_frame+0x14f2/0x8e10 [ 101.110165][ T5215] l2cap_recv_acldata+0x9ac/0xb60 [ 101.112349][ T5215] hci_rx_work+0xaa7/0x1610 [ 101.114324][ T5215] process_one_work+0x958/0x1ad0 [ 101.116466][ T5215] worker_thread+0x6c8/0xf20 [ 101.118381][ T5215] kthread+0x2c1/0x3a0 [ 101.120112][ T5215] ret_from_fork+0x45/0x80 [ 101.122104][ T5215] ret_from_fork_asm+0x1a/0x30 [ 101.124431][ T5215] [ 101.124431][ T5215] -> #1 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}: [ 101.128383][ T5215] process_one_work+0x8c4/0x1ad0 [ 101.130847][ T5215] worker_thread+0x6c8/0xf20 [ 101.133045][ T5215] kthread+0x2c1/0x3a0 [ 101.135040][ T5215] ret_from_fork+0x45/0x80 [ 101.137173][ T5215] ret_from_fork_asm+0x1a/0x30 [ 101.139404][ T5215] [ 101.139404][ T5215] -> #0 ((wq_completion)hci4#2){+.+.}-{0:0}: [ 101.142887][ T5215] __lock_acquire+0x2478/0x3b30 [ 101.145177][ T5215] lock_acquire+0x1b1/0x560 [ 101.147356][ T5215] process_one_work+0x1220/0x1ad0 [ 101.151854][ T5215] worker_thread+0x6c8/0xf20 [ 101.153915][ T5215] kthread+0x2c1/0x3a0 [ 101.156092][ T5215] ret_from_fork+0x45/0x80 [ 101.158373][ T5215] ret_from_fork_asm+0x1a/0x30 [ 101.160689][ T5215] [ 101.160689][ T5215] other info that might help us debug this: [ 101.160689][ T5215] [ 101.165078][ T5215] Chain exists of: [ 101.165078][ T5215] (wq_completion)hci4#2 --> (work_completion)(&hdev->rx_work) --> &chan->lock/1 [ 101.165078][ T5215] [ 101.171511][ T5215] Possible unsafe locking scenario: [ 101.171511][ T5215] [ 101.174849][ T5215] CPU0 CPU1 [ 101.177288][ T5215] ---- ---- [ 101.179661][ T5215] lock(&chan->lock/1); [ 101.181554][ T5215] lock((work_completion)(&hdev->rx_work)); [ 101.185321][ T5215] lock(&chan->lock/1); [ 101.188328][ T5215] lock((wq_completion)hci4#2); [ 101.190516][ T5215] [ 101.190516][ T5215] *** DEADLOCK *** [ 101.190516][ T5215] [ 101.194065][ T5215] 1 lock held by kworker/u33:3/5215: [ 101.196321][ T5215] #0: ffff888000708518 (&chan->lock/1){+.+.}-{3:3}, at: l2cap_recv_frame+0x14f2/0x8e10 [ 101.200362][ T5215] [ 101.200362][ T5215] stack backtrace: [ 101.202615][ T5215] CPU: 2 PID: 5215 Comm: kworker/u33:3 Not tainted 6.10.0-syzkaller-01059-g1467b49869df #0 [ 101.206341][ T5215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 101.210502][ T5215] Workqueue: hci4 hci_cmd_timeout [ 101.212376][ T5215] Call Trace: [ 101.213738][ T5215] [ 101.214930][ T5215] dump_stack_lvl+0x116/0x1f0 [ 101.216867][ T5215] check_noncircular+0x31a/0x400 [ 101.218792][ T5215] ? __pfx_check_noncircular+0x10/0x10 [ 101.220897][ T5215] ? lockdep_lock+0xc6/0x200 [ 101.222439][ T5215] ? __pfx_lockdep_lock+0x10/0x10 [ 101.224477][ T5215] __lock_acquire+0x2478/0x3b30 [ 101.226509][ T5215] ? __pfx___lock_acquire+0x10/0x10 [ 101.228701][ T5215] ? __pfx_mark_lock+0x10/0x10 [ 101.230751][ T5215] lock_acquire+0x1b1/0x560 [ 101.232683][ T5215] ? process_one_work+0x11f0/0x1ad0 [ 101.234833][ T5215] ? __pfx_lock_acquire+0x10/0x10 [ 101.237060][ T5215] ? __pfx_lock_release+0x10/0x10 [ 101.239160][ T5215] ? mark_held_locks+0x9f/0xe0 [ 101.241166][ T5215] ? process_one_work+0x11f0/0x1ad0 [ 101.243358][ T5215] process_one_work+0x1220/0x1ad0 [ 101.245257][ T5215] ? process_one_work+0x11f0/0x1ad0 [ 101.247469][ T5215] ? __pfx_lock_acquire+0x10/0x10 [ 101.249615][ T5215] ? __pfx_process_one_work+0x10/0x10 [ 101.252006][ T5215] ? assign_work+0x1a0/0x250 [ 101.253825][ T5215] worker_thread+0x6c8/0xf20 [ 101.255346][ T5215] ? __pfx_worker_thread+0x10/0x10 [ 101.257634][ T5215] kthread+0x2c1/0x3a0 [ 101.259204][ T5215] ? _raw_spin_unlock_irq+0x23/0x50 [ 101.261318][ T5215] ? __pfx_kthread+0x10/0x10 [ 101.263175][ T5215] ret_from_fork+0x45/0x80 [ 101.264989][ T5215] ? __pfx_kthread+0x10/0x10 [ 101.266692][ T5215] ret_from_fork_asm+0x1a/0x30 [ 101.268429][ T5215] [ 101.269955][ T5215] Bluetooth: hci4: command tx timeout [ 101.272181][ T5215] BUG: workqueue leaked atomic, lock or RCU: kworker/u33:3[5215] [ 101.272181][ T5215] preempt=0x00000000 lock=1->0 RCU=0->0 workfn=hci_cmd_timeout [ 101.278754][ T5215] INFO: lockdep is turned off. [ 101.280920][ T5215] CPU: 3 PID: 5215 Comm: kworker/u33:3 Not tainted 6.10.0-syzkaller-01059-g1467b49869df #0 [ 101.285280][ T5215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 101.289399][ T5215] Workqueue: hci4 hci_cmd_timeout [ 101.291528][ T5215] Call Trace: [ 101.293027][ T5215] [ 101.294352][ T5215] dump_stack_lvl+0x16c/0x1f0 [ 101.296479][ T5215] process_one_work+0x1170/0x1ad0 [ 101.298318][ T5215] ? __pfx_hci_cmd_timeout+0x10/0x10 [ 101.300516][ T5215] ? __pfx_hci_cmd_timeout+0x10/0x10 [ 101.302695][ T5215] ? __pfx_hci_cmd_timeout+0x10/0x10 [ 101.304491][ T5215] ? __pfx_process_one_work+0x10/0x10 [ 101.306398][ T5215] ? assign_work+0x1a0/0x250 [ 101.308319][ T5215] worker_thread+0x6c8/0xf20 [ 101.310029][ T5215] ? __pfx_worker_thread+0x10/0x10 [ 101.312198][ T5215] kthread+0x2c1/0x3a0 [ 101.313791][ T5215] ? _raw_spin_unlock_irq+0x23/0x50 [ 101.315795][ T5215] ? __pfx_kthread+0x10/0x10 [ 101.317968][ T5215] ret_from_fork+0x45/0x80 [ 101.320008][ T5215] ? __pfx_kthread+0x10/0x10 [ 101.321993][ T5215] ret_from_fork_asm+0x1a/0x30 [ 101.324059][ T5215] [ 101.372860][ T5270] usb 6-1: USB disconnect, device number 2 [ 101.382587][ T3086] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.465182][ T3086] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.535864][ T3086] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.594360][ T3086] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.692819][ T3086] bridge_slave_1: left allmulticast mode [ 101.695408][ T3086] bridge_slave_1: left promiscuous mode [ 101.698089][ T3086] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.705241][ T3086] bridge_slave_0: left allmulticast mode [ 101.707760][ T3086] bridge_slave_0: left promiscuous mode [ 101.712682][ T3086] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.863628][ T3086] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 101.868822][ T3086] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 101.873424][ T3086] bond0 (unregistering): Released all slaves [ 102.231988][ T3086] hsr_slave_0: left promiscuous mode [ 102.235058][ T3086] hsr_slave_1: left promiscuous mode [ 102.238150][ T3086] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 102.241681][ T3086] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 102.245744][ T3086] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 102.248400][ T3086] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 102.253092][ T3086] veth1_macvtap: left promiscuous mode [ 102.255519][ T3086] veth0_macvtap: left promiscuous mode [ 102.257834][ T3086] veth1_vlan: left promiscuous mode [ 102.260190][ T3086] veth0_vlan: left promiscuous mode [ 102.520193][ T3086] team0 (unregistering): Port device team_slave_1 removed [ 102.558977][ T3086] team0 (unregistering): Port device team_slave_0 removed [ 103.229961][ T3086] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.296051][ T3086] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.385371][ T3086] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.492970][ T3086] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.641472][ T3086] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.692581][ T3086] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.746719][ T3086] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.813658][ T3086] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.983897][ T3086] bridge_slave_1: left allmulticast mode [ 103.986333][ T3086] bridge_slave_1: left promiscuous mode [ 103.989141][ T3086] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.993660][ T3086] bridge_slave_0: left allmulticast mode [ 103.995855][ T3086] bridge_slave_0: left promiscuous mode [ 103.998786][ T3086] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.004672][ T3086] bridge_slave_1: left allmulticast mode [ 104.007039][ T3086] bridge_slave_1: left promiscuous mode [ 104.010121][ T3086] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.015267][ T3086] bridge_slave_0: left allmulticast mode [ 104.017753][ T3086] bridge_slave_0: left promiscuous mode [ 104.021853][ T3086] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.424217][ T3086] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 104.430451][ T3086] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 104.436174][ T3086] bond0 (unregistering): Released all slaves [ 104.446855][ T3086] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 104.452838][ T3086] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 104.457892][ T3086] bond0 (unregistering): Released all slaves [ 104.485368][ T5763] ip6gretap0 speed is unknown, defaulting to 1000 [ 104.975982][ T3086] hsr_slave_0: left promiscuous mode [ 104.978926][ T3086] hsr_slave_1: left promiscuous mode [ 104.981718][ T3086] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 104.984832][ T3086] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 104.989061][ T3086] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 104.991813][ T3086] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 104.997705][ T3086] hsr_slave_0: left promiscuous mode [ 105.001993][ T3086] hsr_slave_1: left promiscuous mode [ 105.005140][ T3086] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 105.011560][ T3086] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 105.015352][ T3086] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 105.018676][ T3086] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 105.024947][ T3086] veth1_macvtap: left promiscuous mode [ 105.027417][ T3086] veth0_macvtap: left promiscuous mode [ 105.029975][ T3086] veth1_vlan: left promiscuous mode [ 105.032259][ T3086] veth0_vlan: left promiscuous mode [ 105.035578][ T3086] veth1_macvtap: left promiscuous mode [ 105.037977][ T3086] veth0_macvtap: left promiscuous mode [ 105.041234][ T3086] veth1_vlan: left promiscuous mode [ 105.043510][ T3086] veth0_vlan: left promiscuous mode [ 105.353898][ T3086] team0 (unregistering): Port device team_slave_1 removed [ 105.394769][ T3086] team0 (unregistering): Port device team_slave_0 removed [ 105.767971][ T3086] team0 (unregistering): Port device team_slave_1 removed [ 105.821009][ T3086] team0 (unregistering): Port device team_slave_0 removed VM DIAGNOSIS: 03:38:21 Registers: info registers vcpu 0 CPU#0 RAX=00000000000de5a5 RBX=0000000000000000 RCX=ffffffff8adc4c89 RDX=0000000000000000 RSI=ffffffff8b2cb960 RDI=ffffffff8b8ff900 RBP=fffffbfff1b12af8 RSP=ffffffff8d807e20 R8 =0000000000000001 R9 =ffffed1005806fdd R10=ffff88802c037eeb R11=0000000000000000 R12=0000000000000000 R13=ffffffff8d8957c0 R14=ffffffff8fe30518 R15=0000000000000000 RIP=ffffffff8adc607f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000057d8e4c0 CR3=0000000056156000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=00000000000a4f69 RBX=0000000000000001 RCX=ffffffff8adc4c89 RDX=0000000000000000 RSI=ffffffff8b2cb960 RDI=ffffffff8b8ff900 RBP=ffffed1002ce9910 RSP=ffffc90000477e08 R8 =0000000000000001 R9 =ffffed1005826fdd R10=ffff88802c137eeb R11=0000000000000000 R12=0000000000000001 R13=ffff88801674c880 R14=ffffffff8fe30518 R15=0000000000000000 RIP=ffffffff8adc607f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020003000 CR3=00000000464d6000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=0000000000000024 RCX=ffffffff8489a1d5 RDX=ffff88801f7ba440 RSI=0000000000000024 RDI=000000000000003f RBP=ffff88802a59481c RSP=ffffc90003b0f4d0 R8 =0000000000000007 R9 =000000000000000f R10=0000000000000024 R11=ffff88802a59481a R12=0000000000000024 R13=ffff88802a59481d R14=ffff88802a59481d R15=ffff88805dc19d62 RIP=ffffffff818e95d0 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fac3a8a4d00 ffffffff 00c00000 GS =0000 ffff88802c200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005604ff5b5000 CR3=0000000029d50000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=78a6d2f578a6d2f5 78a6d2f578a6d2f5 78a6d2f578a6d2f5 78a6d2f578a6d2f5 78a6d2f578a6d2f5 78a6d2f578a6d2f5 78a6d2f578a6d2f5 78a6d2f578a6d2f5 ZMM22=039ae7a7039ae7a7 039ae7a7039ae7a7 039ae7a7039ae7a7 039ae7a7039ae7a7 039ae7a7039ae7a7 039ae7a7039ae7a7 039ae7a7039ae7a7 039ae7a7039ae7a7 ZMM23=3a5aa9213a5aa921 3a5aa9213a5aa921 3a5aa9213a5aa921 3a5aa9213a5aa921 3a5aa9213a5aa921 3a5aa9213a5aa921 3a5aa9213a5aa921 3a5aa9213a5aa921 ZMM24=b9472bcbb9472bcb b9472bcbb9472bcb b9472bcbb9472bcb b9472bcbb9472bcb b9472bcbb9472bcb b9472bcbb9472bcb b9472bcbb9472bcb b9472bcbb9472bcb ZMM25=4d4b85924d4b8592 4d4b85924d4b8592 4d4b85924d4b8592 4d4b85924d4b8592 4d4b85924d4b8592 4d4b85924d4b8592 4d4b85924d4b8592 4d4b85924d4b8592 ZMM26=059f46f3059f46f3 059f46f3059f46f3 059f46f3059f46f3 059f46f3059f46f3 059f46f3059f46f3 059f46f3059f46f3 059f46f3059f46f3 059f46f3059f46f3 ZMM27=899fe071899fe071 899fe071899fe071 899fe071899fe071 899fe071899fe071 899fe071899fe071 899fe071899fe071 899fe071899fe071 899fe071899fe071 ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=b5040000b5040000 b5040000b5040000 b5040000b5040000 b5040000b5040000 b5040000b5040000 b5040000b5040000 b5040000b5040000 b5040000b5040000 info registers vcpu 3 CPU#3 RAX=0000000000000063 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84f9c365 RDI=ffffffff94d64f80 RBP=ffffffff94d64f40 RSP=ffffc900032bf888 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000014 R12=0000000000000000 R13=0000000000000063 R14=ffffffff84f9c300 R15=0000000000000000 RIP=ffffffff84f9c38f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f5cefda4 CR3=000000001cd24000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000