last executing test programs: 4.660400762s ago: executing program 0 (id=766): r0 = getpid() sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) r1 = syz_open_procfs(r0, &(0x7f0000000040)='smaps\x00') read$FUSE(r1, &(0x7f0000000640)={0x2020}, 0x2020) 4.660180441s ago: executing program 0 (id=767): r0 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r0, &(0x7f0000000100)=[{&(0x7f00000000c0)='4', 0x1}], 0x1) syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x20042) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) 4.56013596s ago: executing program 0 (id=768): unshare(0x8020000) r0 = semget$private(0x0, 0x4000, 0x391) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000140)) semctl$IPC_RMID(r0, 0x0, 0x0) 4.510202121s ago: executing program 0 (id=769): getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="043e1f0a00"], 0x22) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000540), 0xfffffdd8) 3.910437989s ago: executing program 1 (id=773): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) 3.910225698s ago: executing program 1 (id=774): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) socketpair$unix(0x1, 0x3, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x19) ioctl$KVM_GET_PIT2(r2, 0x8070ae9f, &(0x7f0000000300)) set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff) r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0xc0) ftruncate(r3, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r5, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x1000}, {0x0}], 0x2}}], 0x1, 0x700, 0x0) sendfile(r4, r3, 0x0, 0x578410eb) syz_open_dev$admmidi(&(0x7f0000000000), 0x20, 0x0) r6 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x80383, 0x0) syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r7, r8, 0x0) ioctl$SNDCTL_SEQ_PANIC(r6, 0x5100) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) pipe(0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @thr={&(0x7f0000000300), &(0x7f0000000380)="c75f16175bb69c4013d0479f629c0ba46ff8ac8dc98098b878545ed70bb5bc1bacf36b28b91a23b1365fa8e67059f7c1fc1ade5eb855207f7066f96bdafb14234e8d9afeee1f3fd22e4b4fe5a61f4afde21805ae5206b87bb22d882df14583a3e6616fce86827ba486d004155a4450ce7bc978b14dadd17103787da46b699548"}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000280)={0xfeff, 0x8, 0x8, 0xfffe, 0x11, "0100000000000080"}) 2.742280759s ago: executing program 2 (id=775): ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @vbi={0x6, 0x2, 0xc7a, 0x38414762, [0x3, 0x7], [0x2, 0x6], 0x2}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYRES64], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x0) read$msr(r0, &(0x7f0000019540)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x4040) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = getegid() fchown(r0, 0x0, r3) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) syz_open_dev$usbfs(&(0x7f0000000480), 0xd, 0x141341) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) r5 = socket(0x10, 0x80002, 0x0) connect$inet6(r5, 0x0, 0x0) sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r4, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$binfmt_aout(r6, &(0x7f0000000340)=ANY=[], 0xff2e) ioctl$TCXONC(r6, 0x540a, 0x2) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000100)) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0x9}}}, 0x24}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) 2.741175537s ago: executing program 1 (id=777): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000580)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000005c0)={0x28, r1, 0x1, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x23}]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x0) 2.738324945s ago: executing program 3 (id=778): r0 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r0, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_io_uring_setup(0x23a, &(0x7f00000004c0)={0x0, 0x1c2a, 0x10100, 0x2, 0x0, 0x0, r2}, &(0x7f0000000180)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r6 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0) readv(r6, &(0x7f00000018c0)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x1) r7 = socket$nl_rdma(0x10, 0x3, 0x14) r8 = socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x10) sendmsg$RDMA_NLDEV_CMD_SET(r7, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x20000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x44850}, 0x8000) r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r8, &(0x7f0000000540)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000500)={&(0x7f0000000340)={0x14, r9, 0x100, 0x70bd2c, 0x9}, 0x14}, 0x1, 0x0, 0x0, 0x2}, 0x40801) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700144f8d1773a9e0ab16f912632600"/60], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) syz_emit_ethernet(0xd2, &(0x7f00000000c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbfd137b07daa786dd65000000009c1100fc010000000000000000000000000001ff0200000000000000000000000000014e204e22009c90780100000001000000627101eacc10ca6d093bd4577d5d2ae087978621d3b3a2f7707ab6c9f1a27133f3d48c2a6ff47404661725fffb72fab0704cd53365f4a6bf682a93433a6db658c01fe85934b1ad810abc525ab09f287d95d97c0cadc8c751ed7ef36e3db46bb501bc122f9983a006facab04d9fd416645c6bc6031b2570cdcd5f1d9c4c55ec153ce1c27a9aa07b66137c6249"], 0x0) sendmsg$RDMA_NLDEV_CMD_SET(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)={0x28, 0x1402, 0x1, 0x70bd2c, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x24000841}, 0x800) r10 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x5414c2, 0x90) close(r10) open_tree(r10, &(0x7f0000000640)='\x00', 0x89901) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r11, &(0x7f0000000040)={0x0, 0x8, &(0x7f0000000080)={&(0x7f00000000c0)={0x80, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SEQ_ADJ_ORIG={0x1c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x2}, @CTA_SEQADJ_CORRECTION_POS={0x9}, @CTA_SEQADJ_OFFSET_AFTER={0x8}]}]}, 0x80}}, 0x0) 2.69645529s ago: executing program 1 (id=779): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYRES64=r1], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000440)='io_uring_complete\x00', r2}, 0x18) syz_io_uring_setup(0xfce, &(0x7f00000003c0)={0x0, 0x3, 0x1, 0x2, 0x220}, &(0x7f0000000700)=0x0, &(0x7f00000002c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) socket$packet(0x11, 0x3, 0x300) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r4, &(0x7f0000000040)={0x18, 0x0, {0x8001, @multicast, 'gre0\x00'}}, 0x1e) sendmmsg(r4, &(0x7f0000002340), 0x1, 0x4000001) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x56d2e8977593cb0b, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000300)='syzkaller\x00', 0x77740933, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = syz_open_dev$ttys(0xc, 0x2, 0x0) r7 = syz_open_dev$ptys(0xc, 0x3, 0x0) ioctl$TIOCVHANGUP(r7, 0x5437, 0x0) dup2(r7, r6) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="280000001800010000000000000000000a00200000000004001100000c00090081000003", @ANYRES32=0x0, @ANYBLOB="ea39d924ecca16f3894e9c75a871097552812936089e9fa9d52bd8e4639aa003d2d98abcb213a90058847386620a46f581c076986896637e66202931dfd5f5"], 0x28}, 0x1, 0x0, 0x0, 0x41}, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) r8 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$RTC_WKALM_SET(r8, 0x4028700f, &(0x7f00000000c0)={0x1, 0x0, {0x1b, 0x26, 0x12, 0xf, 0xb, 0x64, 0x4, 0x89}}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0xff0a) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) 1.859621802s ago: executing program 2 (id=780): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000004c0)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x16, 0x11, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x100}, [@call={0x85, 0x0, 0x0, 0x7b}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffe}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xb6}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @flow_dissector=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0x10, 0x10, &(0x7f00000006c0)="0000000005000000", &(0x7f0000000700)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 1.85940062s ago: executing program 0 (id=781): openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 1.859286524s ago: executing program 2 (id=782): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'geneve1\x00', 0x0}) sendto$packet(r0, 0x0, 0x0, 0x4c001, &(0x7f00000002c0)={0x11, 0x86dd, r1, 0x1, 0xd, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x14) 1.858551077s ago: executing program 3 (id=783): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) socketpair$unix(0x1, 0x3, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x19) ioctl$KVM_GET_PIT2(r2, 0x8070ae9f, &(0x7f0000000300)) set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff) r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0xc0) ftruncate(r3, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r5, &(0x7f00000034c0), 0x0, 0x700, 0x0) sendfile(r4, r3, 0x0, 0x578410eb) syz_open_dev$admmidi(&(0x7f0000000000), 0x20, 0x0) r6 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x80383, 0x0) syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r7, r8, 0x0) ioctl$SNDCTL_SEQ_PANIC(r6, 0x5100) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) pipe(0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @thr={&(0x7f0000000300), &(0x7f0000000380)="c75f16175bb69c4013d0479f629c0ba46ff8ac8dc98098b878545ed70bb5bc1bacf36b28b91a23b1365fa8e67059f7c1fc1ade5eb855207f7066f96bdafb14234e8d9afeee1f3fd22e4b4fe5a61f4afde21805ae5206b87bb22d882df14583a3e6616fce86827ba486d004155a4450ce7bc978b14dadd17103787da46b699548"}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000280)={0xfeff, 0x8, 0x8, 0xfffe, 0x11, "0100000000000080"}) 1.775704879s ago: executing program 1 (id=784): ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @vbi={0x6, 0x2, 0xc7a, 0x38414762, [0x3, 0x7], [0x2, 0x6], 0x2}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYRES64], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x0) read$msr(r0, &(0x7f0000019540)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x4040) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe160, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) writev(0xffffffffffffffff, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = getegid() fchown(r0, 0x0, r3) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) syz_open_dev$usbfs(&(0x7f0000000480), 0xd, 0x141341) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) r5 = socket(0x10, 0x80002, 0x0) connect$inet6(r5, 0x0, 0x0) sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r4, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$binfmt_aout(r6, &(0x7f0000000340)=ANY=[], 0xff2e) ioctl$TCXONC(r6, 0x540a, 0x2) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000100)) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0x9}}}, 0x24}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) 1.775180313s ago: executing program 2 (id=785): ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @vbi={0x6, 0x2, 0xc7a, 0x38414762, [0x3, 0x7], [0x2, 0x6], 0x2}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYRES64], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x0) read$msr(r0, &(0x7f0000019540)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0xe160, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) writev(0xffffffffffffffff, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) fchown(r0, 0x0, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) syz_open_dev$usbfs(&(0x7f0000000480), 0xd, 0x141341) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) r4 = socket(0x10, 0x80002, 0x0) connect$inet6(r4, 0x0, 0x0) sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$binfmt_aout(r5, &(0x7f0000000340)=ANY=[], 0xff2e) ioctl$TCXONC(r5, 0x540a, 0x2) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000100)) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0x9}}}, 0x24}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) 910.287996ms ago: executing program 0 (id=786): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) socketpair$unix(0x1, 0x3, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x19) ioctl$KVM_GET_PIT2(r2, 0x8070ae9f, &(0x7f0000000300)) set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff) r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0xc0) ftruncate(r3, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r5, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x1000}, {0x0}], 0x2}}], 0x1, 0x700, 0x0) sendfile(r4, r3, 0x0, 0x578410eb) syz_open_dev$admmidi(&(0x7f0000000000), 0x20, 0x0) r6 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x80383, 0x0) syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r7, r8, 0x0) ioctl$SNDCTL_SEQ_PANIC(r6, 0x5100) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) pipe(0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @thr={&(0x7f0000000300), &(0x7f0000000380)="c75f16175bb69c4013d0479f629c0ba46ff8ac8dc98098b878545ed70bb5bc1bacf36b28b91a23b1365fa8e67059f7c1fc1ade5eb855207f7066f96bdafb14234e8d9afeee1f3fd22e4b4fe5a61f4afde21805ae5206b87bb22d882df14583a3e6616fce86827ba486d004155a4450ce7bc978b14dadd17103787da46b699548"}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000280)={0xfeff, 0x8, 0x8, 0xfffe, 0x11, "0100000000000080"}) 693.600291ms ago: executing program 2 (id=787): r0 = socket(0x2, 0x3, 0xff) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) sendmmsg$unix(r0, &(0x7f0000000040)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200060c1}}], 0x1, 0x0) 611.168433ms ago: executing program 2 (id=788): syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587", @ANYRES16], 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r0, &(0x7f0000000040)=""/4081, 0xff1) 480.115952ms ago: executing program 3 (id=789): syz_open_procfs(0x0, &(0x7f0000000140)='net/vlan/vlan1\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.current\x00', 0x26e1, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) preadv2(r0, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x100000}], 0xc4, 0x0, 0x0, 0x9) 407.663672ms ago: executing program 3 (id=790): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) syz_emit_ethernet(0x4a, &(0x7f0000000380)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd604dd308001406fffe8000000000000000000000000000aafe8000000000000000000000000000aa00004001", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5002"], 0x0) 407.193388ms ago: executing program 3 (id=791): r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)={0x30, r0, 0x603, 0x70bd2f, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5}, @ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0xf}]}, 0x30}}, 0x10) 350.378171ms ago: executing program 3 (id=792): r0 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r0, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_io_uring_setup(0x23a, &(0x7f00000004c0)={0x0, 0x1c2a, 0x10100, 0x2, 0x0, 0x0, r2}, &(0x7f0000000180)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r6 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0) readv(r6, &(0x7f00000018c0)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x1) r7 = socket$nl_rdma(0x10, 0x3, 0x14) r8 = socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x10) sendmsg$RDMA_NLDEV_CMD_SET(r7, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x20000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x44850}, 0x8000) r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r8, &(0x7f0000000540)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000500)={&(0x7f0000000340)={0x14, r9, 0x100, 0x70bd2c, 0x9}, 0x14}, 0x1, 0x0, 0x0, 0x2}, 0x40801) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700144f8d1773a9e0ab16f912632600"/60], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) syz_emit_ethernet(0xd2, &(0x7f00000000c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbfd137b07daa786dd65000000009c1100fc010000000000000000000000000001ff0200000000000000000000000000014e204e22009c90780100000001000000627101eacc10ca6d093bd4577d5d2ae087978621d3b3a2f7707ab6c9f1a27133f3d48c2a6ff47404661725fffb72fab0704cd53365f4a6bf682a93433a6db658c01fe85934b1ad810abc525ab09f287d95d97c0cadc8c751ed7ef36e3db46bb501bc122f9983a006facab04d9fd416645c6bc6031b2570cdcd5f1d9c4c55ec153ce1c27a9aa07b66137c6249"], 0x0) sendmsg$RDMA_NLDEV_CMD_SET(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)={0x28, 0x1402, 0x1, 0x70bd2c, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x24000841}, 0x800) r10 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x5414c2, 0x90) close(r10) open_tree(r10, &(0x7f0000000640)='\x00', 0x89901) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r11, &(0x7f0000000040)={0x0, 0x8, &(0x7f0000000080)={&(0x7f00000000c0)={0x80, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SEQ_ADJ_ORIG={0x1c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x2}, @CTA_SEQADJ_CORRECTION_POS={0x9}, @CTA_SEQADJ_OFFSET_AFTER={0x8}]}]}, 0x80}}, 0x0) 0s ago: executing program 1 (id=793): r0 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r0, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_io_uring_setup(0x23a, &(0x7f00000004c0)={0x0, 0x1c2a, 0x10100, 0x2, 0x0, 0x0, r2}, &(0x7f0000000180)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r6 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0) readv(r6, &(0x7f00000018c0)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x1) r7 = socket$nl_rdma(0x10, 0x3, 0x14) r8 = socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x10) sendmsg$RDMA_NLDEV_CMD_SET(r7, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000600)={0x0}, 0x1, 0x0, 0x0, 0x44850}, 0x8000) r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r8, &(0x7f0000000540)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000500)={&(0x7f0000000340)={0x14, r9, 0x100, 0x70bd2c, 0x9}, 0x14}, 0x1, 0x0, 0x0, 0x2}, 0x40801) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700144f8d1773a9e0ab16f912632600"/60], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) syz_emit_ethernet(0xd2, &(0x7f00000000c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbfd137b07daa786dd65000000009c1100fc010000000000000000000000000001ff0200000000000000000000000000014e204e22009c90780100000001000000627101eacc10ca6d093bd4577d5d2ae087978621d3b3a2f7707ab6c9f1a27133f3d48c2a6ff47404661725fffb72fab0704cd53365f4a6bf682a93433a6db658c01fe85934b1ad810abc525ab09f287d95d97c0cadc8c751ed7ef36e3db46bb501bc122f9983a006facab04d9fd416645c6bc6031b2570cdcd5f1d9c4c55ec153ce1c27a9aa07b66137c6249"], 0x0) sendmsg$RDMA_NLDEV_CMD_SET(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)={0x28, 0x1402, 0x1, 0x70bd2c, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x24000841}, 0x800) r10 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x5414c2, 0x90) close(r10) open_tree(r10, &(0x7f0000000640)='\x00', 0x89901) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r11, &(0x7f0000000040)={0x0, 0x8, &(0x7f0000000080)={&(0x7f00000000c0)={0x80, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SEQ_ADJ_ORIG={0x1c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x2}, @CTA_SEQADJ_CORRECTION_POS={0x9}, @CTA_SEQADJ_OFFSET_AFTER={0x8}]}]}, 0x80}}, 0x0) 0s ago: executing program 0 (id=794): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000) syz_clone3(&(0x7f0000001880)={0x0, 0x0, 0x0, 0x0, {0x800}, 0x0, 0x0, 0x0, 0x0}, 0x58) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:37757' (ED25519) to the list of known hosts. [ 57.136545][ T5945] cgroup: Unknown subsys name 'net' [ 57.301311][ T5945] cgroup: Unknown subsys name 'cpuset' [ 57.307950][ T5945] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 58.341136][ T5945] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 62.871495][ T5958] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.876554][ T5958] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.880344][ T5958] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.884304][ T5958] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.887661][ T5958] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 62.892858][ T5962] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 62.900789][ T5964] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 62.904511][ T5966] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 62.906168][ T5964] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 62.908000][ T5966] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 62.910914][ T5964] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 62.913327][ T5966] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 62.918079][ T5964] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 62.919856][ T5966] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 62.922770][ T5964] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 62.928202][ T5964] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 62.932851][ T5971] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 62.937040][ T5314] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 62.950763][ T5314] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 62.955347][ T5314] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 63.316110][ T5956] chnl_net:caif_netlink_parms(): no params data found [ 63.389007][ T5967] chnl_net:caif_netlink_parms(): no params data found [ 63.437329][ T5960] chnl_net:caif_netlink_parms(): no params data found [ 63.509132][ T5965] chnl_net:caif_netlink_parms(): no params data found [ 63.652627][ T5967] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.655516][ T5967] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.659800][ T5967] bridge_slave_0: entered allmulticast mode [ 63.663279][ T5967] bridge_slave_0: entered promiscuous mode [ 63.670328][ T5956] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.672807][ T5956] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.675777][ T5956] bridge_slave_0: entered allmulticast mode [ 63.680132][ T5956] bridge_slave_0: entered promiscuous mode [ 63.688716][ T5967] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.691198][ T5967] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.693686][ T5967] bridge_slave_1: entered allmulticast mode [ 63.696917][ T5967] bridge_slave_1: entered promiscuous mode [ 63.716477][ T5956] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.718818][ T5956] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.721130][ T5956] bridge_slave_1: entered allmulticast mode [ 63.723921][ T5956] bridge_slave_1: entered promiscuous mode [ 63.848860][ T5960] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.851755][ T5960] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.854720][ T5960] bridge_slave_0: entered allmulticast mode [ 63.858927][ T5960] bridge_slave_0: entered promiscuous mode [ 63.867320][ T5967] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.923919][ T5956] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.933147][ T5956] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.937199][ T5960] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.940013][ T5960] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.942807][ T5960] bridge_slave_1: entered allmulticast mode [ 63.946647][ T5960] bridge_slave_1: entered promiscuous mode [ 63.952596][ T5967] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.955841][ T5965] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.960233][ T5965] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.962694][ T5965] bridge_slave_0: entered allmulticast mode [ 63.965450][ T5965] bridge_slave_0: entered promiscuous mode [ 63.969322][ T5965] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.971996][ T5965] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.974444][ T5965] bridge_slave_1: entered allmulticast mode [ 63.977855][ T5965] bridge_slave_1: entered promiscuous mode [ 64.103862][ T5960] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.133399][ T5967] team0: Port device team_slave_0 added [ 64.169332][ T5956] team0: Port device team_slave_0 added [ 64.174309][ T5960] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.180039][ T5967] team0: Port device team_slave_1 added [ 64.184473][ T5965] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.190299][ T5956] team0: Port device team_slave_1 added [ 64.233160][ T5965] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.300844][ T5960] team0: Port device team_slave_0 added [ 64.350478][ T5956] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.353915][ T5956] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 64.365222][ T5956] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.373057][ T5960] team0: Port device team_slave_1 added [ 64.375880][ T5967] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.380046][ T5967] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 64.389508][ T5967] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.425407][ T5956] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.428754][ T5956] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 64.441904][ T5956] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.467007][ T5967] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.469932][ T5967] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 64.480660][ T5967] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.488757][ T5965] team0: Port device team_slave_0 added [ 64.499618][ T5965] team0: Port device team_slave_1 added [ 64.522995][ T5960] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.525398][ T5960] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 64.536440][ T5960] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.543400][ T5960] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.546712][ T5960] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 64.558129][ T5960] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.672348][ T5956] hsr_slave_0: entered promiscuous mode [ 64.675712][ T5956] hsr_slave_1: entered promiscuous mode [ 64.679856][ T5965] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.682703][ T5965] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 64.694795][ T5965] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.701126][ T5965] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.704067][ T5965] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 64.719690][ T5965] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.814689][ T5967] hsr_slave_0: entered promiscuous mode [ 64.819609][ T5967] hsr_slave_1: entered promiscuous mode [ 64.822272][ T5967] debugfs: 'hsr0' already exists in 'hsr' [ 64.824920][ T5967] Cannot create hsr debugfs directory [ 64.832706][ T5960] hsr_slave_0: entered promiscuous mode [ 64.836137][ T5960] hsr_slave_1: entered promiscuous mode [ 64.839508][ T5960] debugfs: 'hsr0' already exists in 'hsr' [ 64.841334][ T5960] Cannot create hsr debugfs directory [ 64.997165][ T5958] Bluetooth: hci0: command tx timeout [ 64.997176][ T5314] Bluetooth: hci1: command tx timeout [ 65.006874][ T5958] Bluetooth: hci2: command tx timeout [ 65.007526][ T5314] Bluetooth: hci3: command tx timeout [ 65.022254][ T5965] hsr_slave_0: entered promiscuous mode [ 65.025216][ T5965] hsr_slave_1: entered promiscuous mode [ 65.030371][ T5965] debugfs: 'hsr0' already exists in 'hsr' [ 65.032812][ T5965] Cannot create hsr debugfs directory [ 65.378159][ T5967] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 65.388796][ T5967] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 65.396268][ T5967] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 65.421353][ T5967] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 65.464837][ T5960] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 65.472119][ T5960] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 65.491551][ T5960] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 65.507586][ T5960] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.546689][ T5956] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 65.554910][ T5956] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 65.562339][ T5956] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 65.572157][ T5956] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 65.653974][ T5965] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 65.660438][ T5965] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 65.668724][ T5965] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 65.677771][ T5965] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 65.752014][ T5967] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.804387][ T5960] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.821350][ T5967] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.833742][ T5956] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.840519][ T1142] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.843847][ T1142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.855370][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.858039][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.864941][ T5960] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.881499][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.883879][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.908340][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.912702][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.939982][ T5956] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.969363][ T72] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.972485][ T72] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.981887][ T5965] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.009782][ T1186] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.012981][ T1186] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.050860][ T5965] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.085866][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.089437][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.100361][ T5956] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 66.110972][ T72] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.113441][ T72] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.180957][ T5965] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 66.215856][ T5960] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.230804][ T5967] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.278210][ T5956] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.290139][ T5960] veth0_vlan: entered promiscuous mode [ 66.311923][ T5960] veth1_vlan: entered promiscuous mode [ 66.325185][ T5967] veth0_vlan: entered promiscuous mode [ 66.344986][ T5965] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.348881][ T5967] veth1_vlan: entered promiscuous mode [ 66.362681][ T5956] veth0_vlan: entered promiscuous mode [ 66.377956][ T5956] veth1_vlan: entered promiscuous mode [ 66.383946][ T5960] veth0_macvtap: entered promiscuous mode [ 66.402309][ T5960] veth1_macvtap: entered promiscuous mode [ 66.420737][ T5965] veth0_vlan: entered promiscuous mode [ 66.426315][ T5967] veth0_macvtap: entered promiscuous mode [ 66.437066][ T5967] veth1_macvtap: entered promiscuous mode [ 66.444120][ T5960] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.448085][ T5965] veth1_vlan: entered promiscuous mode [ 66.464225][ T5960] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.486969][ T5956] veth0_macvtap: entered promiscuous mode [ 66.491665][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.494989][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.507007][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.510167][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.517493][ T5967] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.527870][ T5956] veth1_macvtap: entered promiscuous mode [ 66.534158][ T5967] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.560383][ T46] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.567335][ T46] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.571730][ T46] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.590505][ T46] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.606948][ T5965] veth0_macvtap: entered promiscuous mode [ 66.611948][ T5956] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.616766][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.621870][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.622443][ T5965] veth1_macvtap: entered promiscuous mode [ 66.636206][ T5956] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.664112][ T1142] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.669378][ T1142] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.688045][ T1142] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.690881][ T1142] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.695520][ T72] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.697660][ T5965] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.699565][ T72] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.727175][ T5965] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.727732][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.733431][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.764684][ T1053] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.770269][ T5960] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 66.777734][ T1053] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.781841][ T1053] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.793910][ T1186] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.800364][ T1186] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.809397][ T1053] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.839831][ T6046] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1'. [ 66.873825][ T1142] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.879090][ T1142] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.918301][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.925700][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.973133][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.986162][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.019804][ T6050] syz.2.5 uses obsolete (PF_INET,SOCK_PACKET) [ 67.023786][ T6051] : renamed from bond0 (while UP) [ 67.059728][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.063055][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.106506][ T5314] Bluetooth: hci2: command tx timeout [ 67.109364][ T5314] Bluetooth: hci1: command tx timeout [ 67.112140][ T5314] Bluetooth: hci0: command tx timeout [ 67.114273][ T5314] Bluetooth: hci3: command tx timeout [ 67.354577][ T839] hid-generic 00A0:0008:0003.0002: unknown main item tag 0x7 [ 67.372219][ T839] hid-generic 00A0:0008:0003.0002: item fetching failed at offset 14/15 [ 67.391790][ T839] hid-generic 00A0:0008:0003.0002: probe with driver hid-generic failed with error -22 [ 67.717047][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 67.819037][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 67.921458][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 67.925025][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 67.929080][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 67.932789][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 68.023822][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 68.028314][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 68.032022][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 68.035582][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 69.167512][ T5970] Bluetooth: hci3: command tx timeout [ 69.167553][ T5314] Bluetooth: hci0: command tx timeout [ 69.167613][ T5958] Bluetooth: hci1: command tx timeout [ 69.167641][ T5958] Bluetooth: hci2: command tx timeout [ 69.376652][ T6072] ALSA: mixer_oss: invalid OSS volume '' [ 69.978623][ T1021] IPVS: starting estimator thread 0... [ 70.106878][ T6104] IPVS: using max 45 ests per chain, 108000 per kthread [ 70.107394][ T1021] IPVS: starting estimator thread 0... [ 70.206433][ T6113] IPVS: using max 30 ests per chain, 72000 per kthread [ 70.701953][ T6120] capability: warning: `syz.1.11' uses deprecated v2 capabilities in a way that may be insecure [ 71.000922][ T6139] overlayfs: failed to resolve './file0': -2 [ 71.237140][ T5314] Bluetooth: hci3: command tx timeout [ 71.237165][ T5971] Bluetooth: hci2: command tx timeout [ 71.240830][ T5314] Bluetooth: hci1: command tx timeout [ 71.242510][ T5970] Bluetooth: hci0: command tx timeout [ 71.267943][ T6144] pim6reg: entered allmulticast mode [ 71.276817][ T6143] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 71.280251][ T6143] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 71.296443][ T6143] vhci_hcd vhci_hcd.0: Device attached [ 71.569670][ T40] audit: type=1800 audit(1759650279.681:2): pid=6123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.10" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 71.686548][ T29] usb 38-1: SetAddress Request (2) to port 0 [ 71.688478][ T6153] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 71.690714][ T29] usb 38-1: new SuperSpeed USB device number 2 using vhci_hcd [ 71.798253][ T6130] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 72.046585][ T6153] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14'. [ 72.050074][ T6153] bridge_slave_1: left allmulticast mode [ 72.052543][ T6153] bridge_slave_1: left promiscuous mode [ 72.055623][ T6153] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.073704][ T6153] bridge_slave_0: left allmulticast mode [ 72.076213][ T6153] bridge_slave_0: left promiscuous mode [ 72.077206][ T6153] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.090541][ T6145] vhci_hcd: connection reset by peer [ 72.093697][ T1053] vhci_hcd: stop threads [ 72.095540][ T1053] vhci_hcd: release socket [ 72.098292][ T1053] vhci_hcd: disconnect device [ 72.606917][ T6163] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 72.609241][ T6163] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 72.629487][ T6163] vhci_hcd vhci_hcd.0: Device attached [ 72.907941][ T1334] usb 42-1: SetAddress Request (2) to port 0 [ 72.927946][ T1334] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd [ 73.279946][ T6164] vhci_hcd: connection reset by peer [ 73.283771][ T1142] vhci_hcd: stop threads [ 73.287539][ T1142] vhci_hcd: release socket [ 73.292191][ T1142] vhci_hcd: disconnect device [ 74.705793][ T6173] ALSA: mixer_oss: invalid OSS volume '' [ 75.058041][ T6188] Zero length message leads to an empty skb [ 75.606594][ T5958] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 75.610142][ T5958] Bluetooth: hci3: Injecting HCI hardware error event [ 75.614337][ T5958] Bluetooth: hci3: hardware error 0x00 [ 75.763607][ T6193] block device autoloading is deprecated and will be removed. [ 76.097765][ T6199] binder: 6198:6199 ioctl 80189439 80000180 returned -22 [ 76.211640][ T6201] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.307161][ T6201] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.516476][ T6048] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 76.536692][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.576641][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.640363][ T6201] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.711252][ T6048] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 76.715522][ T6048] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 76.719513][ T6048] usb 7-1: Product: syz [ 76.720892][ T6048] usb 7-1: Manufacturer: syz [ 76.722505][ T6048] usb 7-1: SerialNumber: syz [ 76.744236][ T6201] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.745854][ T6048] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 76.757344][ T29] usb 38-1: device descriptor read/8, error -110 [ 76.790313][ T55] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 76.925180][ T1053] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.016037][ T1053] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.037813][ T1053] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.051059][ T1053] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.349005][ T53] Process accounting resumed [ 77.498399][ T54] usb 7-1: USB disconnect, device number 2 [ 77.598416][ T6212] warning: `syz.1.24' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 77.621210][ T29] usb usb38-port1: attempt power cycle [ 77.717066][ T5958] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 77.878631][ T55] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive [ 77.881995][ T55] ath9k_htc: Failed to initialize the device [ 77.888336][ T54] usb 7-1: ath9k_htc: USB layer deinitialized [ 78.019361][ T6219] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 78.114483][ T1334] usb 42-1: device descriptor read/8, error -110 [ 78.187357][ T29] usb usb38-port1: unable to enumerate USB device [ 78.776653][ T1334] usb usb42-port1: attempt power cycle [ 78.839700][ T6221] netlink: 4 bytes leftover after parsing attributes in process `syz.3.26'. [ 78.844381][ T6221] bridge_slave_1: left allmulticast mode [ 78.848014][ T6221] bridge_slave_1: left promiscuous mode [ 78.859602][ T6221] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.898462][ T6221] bridge_slave_0: left allmulticast mode [ 78.931162][ T6221] bridge_slave_0: left promiscuous mode [ 78.955028][ T6221] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.018091][ T6233] netlink: 8 bytes leftover after parsing attributes in process `syz.2.29'. [ 79.349912][ T1334] usb usb42-port1: unable to enumerate USB device [ 79.994282][ T6235] ALSA: mixer_oss: invalid OSS volume '' [ 80.352353][ T6243] syz.0.31: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 80.360252][ T6243] CPU: 1 UID: 0 PID: 6243 Comm: syz.0.31 Not tainted syzkaller #0 PREEMPT(full) [ 80.360278][ T6243] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 80.360289][ T6243] Call Trace: [ 80.360296][ T6243] [ 80.360304][ T6243] dump_stack_lvl+0x16c/0x1f0 [ 80.360333][ T6243] warn_alloc+0x248/0x3a0 [ 80.360355][ T6243] ? __pfx_warn_alloc+0x10/0x10 [ 80.360372][ T6243] ? lockdep_hardirqs_on+0x7c/0x110 [ 80.360409][ T6243] ? kasan_save_stack+0x42/0x60 [ 80.360430][ T6243] ? kasan_save_stack+0x33/0x60 [ 80.360452][ T6243] ? kasan_save_track+0x14/0x30 [ 80.360478][ T6243] ? xskq_create+0x52/0x1d0 [ 80.360496][ T6243] ? xsk_setsockopt+0x792/0x9a0 [ 80.360522][ T6243] ? do_sock_setsockopt+0xf3/0x1d0 [ 80.360543][ T6243] ? xskq_create+0xfb/0x1d0 [ 80.360561][ T6243] __vmalloc_node_range_noprof+0xfbc/0x1480 [ 80.360598][ T6243] ? xskq_create+0xfb/0x1d0 [ 80.360622][ T6243] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 80.360656][ T6243] ? xskq_create+0xfb/0x1d0 [ 80.360674][ T6243] vmalloc_user_noprof+0x9e/0xe0 [ 80.360701][ T6243] ? xskq_create+0xfb/0x1d0 [ 80.360720][ T6243] xskq_create+0xfb/0x1d0 [ 80.360740][ T6243] xsk_setsockopt+0x792/0x9a0 [ 80.360768][ T6243] ? __pfx_xsk_setsockopt+0x10/0x10 [ 80.360795][ T6243] ? find_held_lock+0x2b/0x80 [ 80.360817][ T6243] ? aa_sock_opt_perm+0xfd/0x1c0 [ 80.360844][ T6243] ? __pfx_xsk_setsockopt+0x10/0x10 [ 80.360873][ T6243] do_sock_setsockopt+0xf3/0x1d0 [ 80.360896][ T6243] __sys_setsockopt+0x120/0x1a0 [ 80.360927][ T6243] __ia32_sys_setsockopt+0xbc/0x160 [ 80.360953][ T6243] ? lockdep_hardirqs_on+0x7c/0x110 [ 80.360974][ T6243] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 80.360996][ T6243] __do_fast_syscall_32+0x7c/0x300 [ 80.361020][ T6243] do_fast_syscall_32+0x32/0x80 [ 80.361040][ T6243] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 80.361063][ T6243] RIP: 0023:0xf70de579 [ 80.361078][ T6243] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 80.361093][ T6243] RSP: 002b:00000000f54ad55c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 80.361111][ T6243] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 000000000000011b [ 80.361121][ T6243] RDX: 0000000000000002 RSI: 0000000080000900 RDI: 0000000000000004 [ 80.361131][ T6243] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 80.361140][ T6243] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 80.361150][ T6243] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 80.361174][ T6243] [ 80.361265][ T6243] Mem-Info: [ 80.479161][ T6243] active_anon:6218 inactive_anon:3 isolated_anon:0 [ 80.479161][ T6243] active_file:3514 inactive_file:36148 isolated_file:0 [ 80.479161][ T6243] unevictable:1768 dirty:99 writeback:0 [ 80.479161][ T6243] slab_reclaimable:9872 slab_unreclaimable:50404 [ 80.479161][ T6243] mapped:26675 shmem:2309 pagetables:1066 [ 80.479161][ T6243] sec_pagetables:303 bounce:0 [ 80.479161][ T6243] kernel_misc_reclaimable:0 [ 80.479161][ T6243] free:67883 free_pcp:6293 free_cma:0 [ 80.498302][ T6243] Node 0 active_anon:2228kB inactive_anon:12kB active_file:20kB inactive_file:8kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:36kB dirty:0kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB kernel_stack:9300kB pagetables:1420kB sec_pagetables:1132kB all_unreclaimable? no Balloon:0kB [ 80.524388][ T6243] Node 1 active_anon:22644kB inactive_anon:0kB active_file:14036kB inactive_file:144584kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:106664kB dirty:396kB writeback:0kB shmem:5700kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB kernel_stack:3660kB pagetables:2844kB sec_pagetables:80kB all_unreclaimable? no Balloon:0kB [ 80.532926][ T6245] Bluetooth: MGMT ver 1.23 [ 80.539868][ T6243] Node 0 DMA free:2060kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:388kB local_pcp:8kB free_cma:0kB [ 80.552088][ T6243] lowmem_reserve[]: 0 295 295 295 295 [ 80.554125][ T6243] Node 0 DMA32 free:16824kB boost:0kB min:13564kB low:16952kB high:20340kB reserved_highatomic:0KB free_highatomic:0KB active_anon:2228kB inactive_anon:12kB active_file:20kB inactive_file:8kB unevictable:3536kB writepending:0kB zspages:0kB present:1032196kB managed:302244kB mlocked:0kB bounce:0kB free_pcp:5132kB local_pcp:532kB free_cma:0kB [ 80.566304][ T6243] lowmem_reserve[]: 0 0 0 0 0 [ 80.568511][ T6243] Node 1 DMA32 free:247448kB boost:0kB min:47140kB low:58924kB high:70708kB reserved_highatomic:0KB free_highatomic:0KB active_anon:23944kB inactive_anon:0kB active_file:14036kB inactive_file:144584kB unevictable:3536kB writepending:440kB zspages:3272kB present:1048432kB managed:948220kB mlocked:0kB bounce:0kB free_pcp:18760kB local_pcp:2452kB free_cma:0kB [ 80.583478][ T6243] lowmem_reserve[]: 0 0 0 0 0 [ 80.585525][ T6243] Node 0 DMA: 18*4kB (UM) 15*8kB (U) 4*16kB (UM) 2*32kB (U) 3*64kB (UM) 2*128kB (M) 1*256kB (M) 0*512kB 1*1024kB (M) 0*2048kB 0*4096kB = 2048kB [ 80.591997][ T6243] Node 0 DMA32: 2*4kB (UE) 30*8kB (UME) 39*16kB (ME) 61*32kB (UME) 64*64kB (UME) 23*128kB (UME) 9*256kB (UME) 5*512kB (UM) 2*1024kB (UM) 0*2048kB 0*4096kB = 16776kB [ 80.599471][ T6243] Node 1 DMA32: 448*4kB (UME) 117*8kB (UME) 164*16kB (UM) 348*32kB (UME) 188*64kB (UME) 71*128kB (UME) 35*256kB (UME) 11*512kB (UME) 6*1024kB (ME) 2*2048kB (UM) 45*4096kB (UM) = 246760kB [ 80.608325][ T6243] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 80.612180][ T6243] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 80.615906][ T6243] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 80.621369][ T6243] Node 1 hugepages_total=6 hugepages_free=1 hugepages_surp=4 hugepages_size=2048kB [ 80.624890][ T6243] 43485 total pagecache pages [ 80.626491][ T6243] 168 pages in swap cache [ 80.628261][ T6243] Free swap = 102456kB [ 80.629611][ T6243] Total swap = 124996kB [ 80.630922][ T6243] 524155 pages RAM [ 80.632389][ T6243] 0 pages HighMem/MovableOnly [ 80.634005][ T6243] 207699 pages reserved [ 80.635484][ T6243] 0 pages cma reserved [ 82.200008][ T1334] IPVS: starting estimator thread 0... [ 82.286538][ T6262] IPVS: using max 24 ests per chain, 57600 per kthread [ 82.943787][ T6272] binder: 6271:6272 ioctl 80189439 80000180 returned -22 [ 83.068858][ T6274] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.104067][ T6275] netlink: 'syz.3.37': attribute type 1 has an invalid length. [ 83.177810][ T6274] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.276077][ T6274] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.360014][ T6048] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 83.367654][ T6274] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.462444][ T61] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.465820][ T61] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.477097][ T61] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.488773][ T61] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.549815][ T6048] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 83.553824][ T6048] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.566533][ T6048] usb 5-1: Product: syz [ 83.569351][ T6048] usb 5-1: Manufacturer: syz [ 83.571208][ T6048] usb 5-1: SerialNumber: syz [ 83.590099][ T6048] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 83.607839][ T34] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 83.979494][ T6048] usb 5-1: USB disconnect, device number 2 [ 84.676488][ T34] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 84.680650][ T34] ath9k_htc: Failed to initialize the device [ 84.687220][ T6048] usb 5-1: ath9k_htc: USB layer deinitialized [ 85.097039][ T6281] ALSA: mixer_oss: invalid OSS volume '' [ 85.693122][ T6297] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 85.704218][ T6297] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 86.025926][ T6302] netlink: 4 bytes leftover after parsing attributes in process `syz.2.43'. [ 86.050924][ T6302] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 86.050924][ T6302] program syz.2.43 not setting count and/or reply_len properly [ 86.607293][ T10] cfg80211: failed to load regulatory.db [ 87.393533][ T6315] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 87.485730][ T6044] Process accounting resumed [ 87.560122][ T6315] netlink: 'syz.1.46': attribute type 8 has an invalid length. [ 88.768149][ T1334] IPVS: starting estimator thread 0... [ 88.876622][ T6327] IPVS: using max 36 ests per chain, 86400 per kthread [ 89.021928][ T6330] netlink: 20 bytes leftover after parsing attributes in process `syz.0.55'. [ 89.027224][ T6330] netlink: 'syz.0.55': attribute type 1 has an invalid length. [ 89.029759][ T6330] netlink: 4 bytes leftover after parsing attributes in process `syz.0.55'. [ 89.816465][ T6343] netlink: 20 bytes leftover after parsing attributes in process `syz.3.49'. [ 89.842176][ T6343] netlink: 'syz.3.49': attribute type 1 has an invalid length. [ 89.845198][ T6343] netlink: 4 bytes leftover after parsing attributes in process `syz.3.49'. [ 94.528003][ T5958] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 94.532217][ T5958] CPU: 0 UID: 0 PID: 5958 Comm: kworker/u33:2 Not tainted syzkaller #0 PREEMPT(full) [ 94.532240][ T5958] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 94.532283][ T5958] Workqueue: hci1 hci_rx_work [ 94.532310][ T5958] Call Trace: [ 94.532319][ T5958] [ 94.532328][ T5958] dump_stack_lvl+0x16c/0x1f0 [ 94.532353][ T5958] sysfs_warn_dup+0x7f/0xa0 [ 94.532376][ T5958] sysfs_create_dir_ns+0x24b/0x2b0 [ 94.532400][ T5958] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 94.532421][ T5958] ? find_held_lock+0x2b/0x80 [ 94.532444][ T5958] ? do_raw_spin_unlock+0x172/0x230 [ 94.532466][ T5958] kobject_add_internal+0x2c4/0x9b0 [ 94.532495][ T5958] kobject_add+0x16e/0x240 [ 94.532519][ T5958] ? __pfx_kobject_add+0x10/0x10 [ 94.532541][ T5958] ? do_raw_spin_unlock+0x172/0x230 [ 94.532556][ T5958] ? kobject_put+0xab/0x5a0 [ 94.532588][ T5958] device_add+0x288/0x1aa0 [ 94.532608][ T5958] ? __pfx_dev_set_name+0x10/0x10 [ 94.532630][ T5958] ? __pfx_device_add+0x10/0x10 [ 94.532652][ T5958] ? mgmt_send_event_skb+0x2fb/0x460 [ 94.532675][ T5958] hci_conn_add_sysfs+0x17e/0x230 [ 94.532698][ T5958] le_conn_complete_evt+0x1260/0x2150 [ 94.532727][ T5958] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 94.532741][ T5958] ? hci_event_packet+0x459/0x11c0 [ 94.532762][ T5958] hci_le_conn_complete_evt+0x23c/0x370 [ 94.532782][ T5958] hci_le_meta_evt+0x357/0x5e0 [ 94.532798][ T5958] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 94.532815][ T5958] hci_event_packet+0x682/0x11c0 [ 94.532831][ T5958] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 94.532853][ T5958] ? __pfx_hci_event_packet+0x10/0x10 [ 94.532878][ T5958] ? kcov_remote_start+0x3d9/0x6d0 [ 94.532903][ T5958] hci_rx_work+0x2c5/0x16b0 [ 94.532924][ T5958] ? rcu_is_watching+0x12/0xc0 [ 94.532951][ T5958] process_one_work+0x9cc/0x1b70 [ 94.532980][ T5958] ? __pfx_process_one_work+0x10/0x10 [ 94.533000][ T5958] ? assign_work+0x1a0/0x250 [ 94.533019][ T5958] worker_thread+0x6c8/0xf10 [ 94.533046][ T5958] ? __kthread_parkme+0x19e/0x250 [ 94.533066][ T5958] ? __pfx_worker_thread+0x10/0x10 [ 94.533084][ T5958] kthread+0x3c5/0x780 [ 94.533102][ T5958] ? __pfx_kthread+0x10/0x10 [ 94.533120][ T5958] ? rcu_is_watching+0x12/0xc0 [ 94.533136][ T5958] ? __pfx_kthread+0x10/0x10 [ 94.533154][ T5958] ret_from_fork+0x56a/0x730 [ 94.533172][ T5958] ? __pfx_kthread+0x10/0x10 [ 94.533189][ T5958] ret_from_fork_asm+0x1a/0x30 [ 94.533220][ T5958] [ 94.533444][ T5958] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 94.649736][ T5958] Bluetooth: hci1: failed to register connection device [ 95.244891][ T6392] netlink: 20 bytes leftover after parsing attributes in process `syz.2.59'. [ 95.249518][ T6392] netlink: 'syz.2.59': attribute type 1 has an invalid length. [ 95.252223][ T6392] netlink: 4 bytes leftover after parsing attributes in process `syz.2.59'. [ 96.676669][ T5971] Bluetooth: hci1: command tx timeout [ 96.702152][ T6399] ALSA: mixer_oss: invalid OSS volume '' [ 97.116748][ T6416] random: crng reseeded on system resumption [ 98.073440][ T6426] netlink: 4 bytes leftover after parsing attributes in process `syz.0.67'. [ 98.082891][ T6426] bridge_slave_1: left allmulticast mode [ 98.086993][ T6426] bridge_slave_1: left promiscuous mode [ 98.098505][ T6426] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.317373][ T6426] bridge_slave_0: left allmulticast mode [ 98.319289][ T6426] bridge_slave_0: left promiscuous mode [ 98.321438][ T6426] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.548311][ T6435] netlink: 4 bytes leftover after parsing attributes in process `syz.3.70'. [ 99.268637][ T6449] process 'syz.2.73' launched './file2' with NULL argv: empty string added [ 100.325756][ T6457] netlink: 4 bytes leftover after parsing attributes in process `syz.1.74'. [ 101.604793][ T6462] ALSA: mixer_oss: invalid OSS volume '' [ 102.035129][ T6482] netlink: 4 bytes leftover after parsing attributes in process `syz.2.78'. [ 102.176440][ T6482] bridge_slave_1: left allmulticast mode [ 102.179372][ T6482] bridge_slave_1: left promiscuous mode [ 102.181379][ T6482] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.187035][ T6482] bridge_slave_0: left allmulticast mode [ 102.188886][ T6482] bridge_slave_0: left promiscuous mode [ 102.191086][ T6482] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.591124][ T6495] program syz.0.79 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 102.604303][ T6495] nfs: Unknown parameter 'syzkaller1' [ 102.888012][ T6491] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 102.917800][ T6491] netlink: 'syz.3.80': attribute type 8 has an invalid length. [ 104.792057][ T6509] infiniband syz1: set active [ 104.795721][ T6509] infiniband syz1: added syz_tun [ 104.864019][ T6509] RDS/IB: syz1: added [ 104.868273][ T6512] netlink: 'syz.3.83': attribute type 2 has an invalid length. [ 104.871304][ T6512] netlink: 12 bytes leftover after parsing attributes in process `syz.3.83'. [ 104.882906][ T6512] netlink: 16 bytes leftover after parsing attributes in process `syz.3.83'. [ 105.027622][ T6513] netlink: 4 bytes leftover after parsing attributes in process `syz.0.84'. [ 105.414402][ T6522] netlink: 4 bytes leftover after parsing attributes in process `syz.1.85'. [ 107.595466][ T6544] afs: Unknown parameter 'dynck' [ 107.598512][ T6544] netlink: 24 bytes leftover after parsing attributes in process `syz.2.90'. [ 109.206701][ T6562] netlink: 4 bytes leftover after parsing attributes in process `syz.2.93'. [ 110.194365][ T6579] netlink: 4 bytes leftover after parsing attributes in process `syz.2.96'. [ 110.682089][ T6587] netlink: 4 bytes leftover after parsing attributes in process `syz.1.97'. [ 113.397635][ T34] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 113.556623][ T34] usb 8-1: Using ep0 maxpacket: 8 [ 113.574204][ T34] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 113.596685][ T34] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 113.601239][ T34] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 113.605292][ T34] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 113.656623][ T34] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 113.672732][ T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.097460][ T6626] netlink: 4 bytes leftover after parsing attributes in process `syz.1.103'. [ 115.554174][ T34] usb 8-1: usb_control_msg returned -71 [ 115.557810][ T34] usbtmc 8-1:16.0: can't read capabilities [ 115.578093][ T34] usb 8-1: USB disconnect, device number 2 [ 115.649686][ T6633] binder: 6632:6633 ioctl 80189439 80000180 returned -22 [ 115.851266][ T6636] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.892681][ T40] audit: type=1326 audit(1759650324.001:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6638 comm="syz.0.105" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 115.912812][ T40] audit: type=1326 audit(1759650324.001:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6638 comm="syz.0.105" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 115.920943][ T40] audit: type=1326 audit(1759650324.001:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6638 comm="syz.0.105" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 115.930631][ T40] audit: type=1326 audit(1759650324.021:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6638 comm="syz.0.105" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 115.939190][ T40] audit: type=1326 audit(1759650324.021:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6638 comm="syz.0.105" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 115.946600][ T40] audit: type=1326 audit(1759650324.021:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6638 comm="syz.0.105" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 115.954694][ T40] audit: type=1326 audit(1759650324.021:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6638 comm="syz.0.105" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 115.967010][ T40] audit: type=1326 audit(1759650324.021:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6638 comm="syz.0.105" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 115.984418][ T40] audit: type=1326 audit(1759650324.021:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6638 comm="syz.0.105" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 115.995022][ T40] audit: type=1326 audit(1759650324.021:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6638 comm="syz.0.105" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 116.005472][ T6636] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.066425][ T839] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 116.234180][ T839] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 116.239215][ T839] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.243277][ T839] usb 8-1: Product: syz [ 116.245135][ T839] usb 8-1: Manufacturer: syz [ 116.247782][ T839] usb 8-1: SerialNumber: syz [ 116.262325][ T839] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 116.541893][ T6044] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 116.798704][ T839] usb 8-1: USB disconnect, device number 3 [ 117.154580][ T6636] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.532614][ T6636] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.648242][ T6044] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive [ 117.706024][ T6044] ath9k_htc: Failed to initialize the device [ 117.731758][ T839] usb 8-1: ath9k_htc: USB layer deinitialized [ 118.004848][ T72] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.008423][ T72] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.012277][ T72] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.024637][ T72] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.259947][ T6645] netlink: 4 bytes leftover after parsing attributes in process `syz.2.107'. [ 118.405300][ T6651] netlink: 4 bytes leftover after parsing attributes in process `syz.0.108'. [ 120.214988][ T6672] netlink: 'syz.2.109': attribute type 1 has an invalid length. [ 120.675552][ T6675] bond1: (slave geneve2): making interface the new active one [ 120.706611][ T6675] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 120.722416][ T46] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 20004 - 0 [ 120.725965][ T46] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 20004 - 0 [ 120.729905][ T46] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 20004 - 0 [ 120.733636][ T46] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 20004 - 0 [ 122.515606][ T6697] netlink: 4 bytes leftover after parsing attributes in process `syz.2.117'. [ 123.600305][ T6715] netlink: 4 bytes leftover after parsing attributes in process `syz.3.119'. [ 124.379034][ T6719] comedi comedi0: rti802: I/O port conflict (0x4f27,4) [ 124.731001][ T6722] netlink: 4 bytes leftover after parsing attributes in process `syz.3.121'. [ 124.816128][ T6730] netlink: 'syz.0.122': attribute type 1 has an invalid length. [ 124.837026][ T6730] 8021q: adding VLAN 0 to HW filter on device bond0 [ 124.861230][ T6730] netlink: 4 bytes leftover after parsing attributes in process `syz.0.122'. [ 125.108187][ T6730] bond0 (unregistering): Released all slaves [ 125.186754][ T839] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 125.338899][ T839] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 125.343000][ T839] usb 5-1: config 0 interface 0 has no altsetting 0 [ 125.350999][ T839] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 125.355673][ T839] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.378866][ T839] usb 5-1: Product: syz [ 125.381156][ T839] usb 5-1: Manufacturer: syz [ 125.383603][ T839] usb 5-1: SerialNumber: syz [ 125.418757][ T839] usb 5-1: config 0 descriptor?? [ 125.431799][ T839] usb 5-1: selecting invalid altsetting 0 [ 126.197427][ T6745] netlink: 4 bytes leftover after parsing attributes in process `syz.2.125'. [ 126.516552][ T5958] Bluetooth: hci2: command 0x0405 tx timeout [ 126.566801][ T40] kauditd_printk_skb: 310 callbacks suppressed [ 126.566814][ T40] audit: type=1326 audit(1759650334.681:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6750 comm="syz.3.126" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 126.577053][ T40] audit: type=1326 audit(1759650334.691:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6750 comm="syz.3.126" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 126.583861][ T40] audit: type=1326 audit(1759650334.691:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6750 comm="syz.3.126" exe="/syz-executor" sig=0 arch=40000003 syscall=138 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 126.591784][ T40] audit: type=1326 audit(1759650334.691:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6750 comm="syz.3.126" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 126.600064][ T40] audit: type=1326 audit(1759650334.691:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6750 comm="syz.3.126" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 126.644480][ T40] audit: type=1326 audit(1759650334.691:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6750 comm="syz.3.126" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 126.653174][ T40] audit: type=1326 audit(1759650334.691:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6750 comm="syz.3.126" exe="/syz-executor" sig=0 arch=40000003 syscall=104 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 126.661079][ T40] audit: type=1326 audit(1759650334.691:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6750 comm="syz.3.126" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 126.672518][ T40] audit: type=1326 audit(1759650334.691:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6750 comm="syz.3.126" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 126.680611][ T40] audit: type=1326 audit(1759650334.691:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6750 comm="syz.3.126" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 127.062004][ T6751] netlink: 'syz.3.126': attribute type 3 has an invalid length. [ 127.065350][ T6751] netlink: 'syz.3.126': attribute type 1 has an invalid length. [ 127.090201][ T6751] syz.3.126 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 127.265486][ T6751] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10) [ 127.269310][ T6751] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 127.273653][ T6751] vhci_hcd vhci_hcd.0: Device attached [ 127.297061][ T6751] batman_adv: batadv0: Adding interface: gretap1 [ 127.299856][ T6751] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 127.313568][ T6751] batman_adv: batadv0: Interface activated: gretap1 [ 127.489893][ T6763] vhci_hcd: connection closed [ 127.495938][ T1053] vhci_hcd: stop threads [ 127.500414][ T1053] vhci_hcd: release socket [ 127.502181][ T1053] vhci_hcd: disconnect device [ 127.536577][ T55] usb 43-1: new low-speed USB device number 2 using vhci_hcd [ 127.539905][ T55] usb 43-1: enqueue for inactive port 0 [ 127.616495][ T55] vhci_hcd: vhci_device speed not set [ 127.685275][ T6765] delete_channel: no stack [ 127.715735][ T34] usb 5-1: USB disconnect, device number 3 [ 127.917143][ T6782] netlink: 20 bytes leftover after parsing attributes in process `syz.0.132'. [ 127.921509][ T6782] netlink: 'syz.0.132': attribute type 1 has an invalid length. [ 127.924554][ T6782] netlink: 4 bytes leftover after parsing attributes in process `syz.0.132'. [ 128.644962][ T6792] netlink: 4 bytes leftover after parsing attributes in process `syz.1.131'. [ 129.998340][ T6804] netlink: 4 bytes leftover after parsing attributes in process `syz.0.135'. [ 131.429783][ T6825] delete_channel: no stack [ 132.066705][ T6842] netlink: 20 bytes leftover after parsing attributes in process `syz.3.142'. [ 132.071514][ T6842] netlink: 'syz.3.142': attribute type 1 has an invalid length. [ 132.074870][ T6842] netlink: 4 bytes leftover after parsing attributes in process `syz.3.142'. [ 134.245474][ T6856] netlink: 4 bytes leftover after parsing attributes in process `syz.3.145'. [ 134.391472][ T5958] Bluetooth: hci2: unexpected event for opcode 0x0403 [ 134.472999][ T40] kauditd_printk_skb: 314 callbacks suppressed [ 134.473026][ T40] audit: type=1326 audit(1759650342.581:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6879 comm="syz.3.151" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 134.483061][ T40] audit: type=1326 audit(1759650342.581:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6879 comm="syz.3.151" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 134.492484][ T40] audit: type=1326 audit(1759650342.581:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6879 comm="syz.3.151" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 134.500902][ T40] audit: type=1326 audit(1759650342.591:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6879 comm="syz.3.151" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 134.510130][ T40] audit: type=1326 audit(1759650342.591:651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6879 comm="syz.3.151" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 134.520328][ T40] audit: type=1326 audit(1759650342.591:652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6879 comm="syz.3.151" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 134.530693][ T40] audit: type=1326 audit(1759650342.591:653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6879 comm="syz.3.151" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 134.541405][ T40] audit: type=1326 audit(1759650342.591:654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6879 comm="syz.3.151" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 134.551029][ T40] audit: type=1326 audit(1759650342.591:655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6879 comm="syz.3.151" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 134.564200][ T40] audit: type=1326 audit(1759650342.591:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6879 comm="syz.3.151" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000 [ 134.917405][ T6881] netlink: 4 bytes leftover after parsing attributes in process `syz.2.147'. [ 137.347371][ T6904] netlink: 20 bytes leftover after parsing attributes in process `syz.0.154'. [ 137.358608][ T6904] netlink: 'syz.0.154': attribute type 1 has an invalid length. [ 137.361950][ T6904] netlink: 4 bytes leftover after parsing attributes in process `syz.0.154'. [ 137.810266][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.813039][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.398204][ T6912] netlink: 4 bytes leftover after parsing attributes in process `syz.3.157'. [ 138.590415][ T6930] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input5 [ 139.203721][ T6942] netlink: 4 bytes leftover after parsing attributes in process `syz.2.163'. [ 140.138177][ T6961] netlink: 4 bytes leftover after parsing attributes in process `syz.1.164'. [ 140.172615][ T6963] netlink: 20 bytes leftover after parsing attributes in process `syz.3.166'. [ 140.179282][ T6963] netlink: 'syz.3.166': attribute type 1 has an invalid length. [ 140.182635][ T6963] netlink: 4 bytes leftover after parsing attributes in process `syz.3.166'. [ 141.036570][ T1334] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 141.186461][ T1334] usb 7-1: Using ep0 maxpacket: 8 [ 141.190546][ T1334] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 141.194857][ T1334] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 141.200118][ T1334] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 141.204664][ T1334] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 141.211542][ T1334] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 141.215366][ T1334] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.261315][ T6973] netlink: 4 bytes leftover after parsing attributes in process `syz.0.171'. [ 141.399221][ T6983] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 142.007947][ T6988] netlink: 8 bytes leftover after parsing attributes in process `syz.3.173'. [ 142.533002][ T6995] netlink: 4 bytes leftover after parsing attributes in process `syz.1.174'. [ 143.290008][ T1334] usb 7-1: usb_control_msg returned -71 [ 143.292292][ T1334] usbtmc 7-1:16.0: can't read capabilities [ 143.407833][ T1334] usb 7-1: USB disconnect, device number 3 [ 143.454170][ T7001] netlink: 20 bytes leftover after parsing attributes in process `syz.2.175'. [ 143.460840][ T7001] netlink: 'syz.2.175': attribute type 1 has an invalid length. [ 143.463941][ T7001] netlink: 4 bytes leftover after parsing attributes in process `syz.2.175'. [ 143.795724][ T7015] netlink: 20 bytes leftover after parsing attributes in process `syz.0.178'. [ 143.803819][ T7015] netlink: 'syz.0.178': attribute type 1 has an invalid length. [ 143.808030][ T7015] netlink: 4 bytes leftover after parsing attributes in process `syz.0.178'. [ 144.739416][ T7031] kAFS: No cell specified [ 145.317203][ T7038] netlink: 'syz.0.181': attribute type 1 has an invalid length. [ 145.470675][ T7042] bond0: (slave geneve2): making interface the new active one [ 145.513418][ T7042] bond0: (slave geneve2): Enslaving as an active interface with an up link [ 145.517442][ T1177] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 20004 - 0 [ 145.521481][ T1177] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 20004 - 0 [ 145.524482][ T1177] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 20004 - 0 [ 145.528310][ T1177] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 20004 - 0 [ 145.674202][ T7045] __nla_validate_parse: 3 callbacks suppressed [ 145.674214][ T7045] netlink: 4 bytes leftover after parsing attributes in process `syz.3.184'. [ 146.261054][ T7058] syz.3.187(7058): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 146.386882][ T7051] netlink: 4 bytes leftover after parsing attributes in process `syz.0.185'. [ 146.458718][ T7067] netlink: 20 bytes leftover after parsing attributes in process `syz.3.189'. [ 146.474807][ T7067] netlink: 'syz.3.189': attribute type 1 has an invalid length. [ 146.477877][ T7067] netlink: 4 bytes leftover after parsing attributes in process `syz.3.189'. [ 147.260319][ T7081] netlink: 20 bytes leftover after parsing attributes in process `syz.0.193'. [ 147.279047][ T7081] netlink: 'syz.0.193': attribute type 1 has an invalid length. [ 147.282350][ T7081] netlink: 4 bytes leftover after parsing attributes in process `syz.0.193'. [ 147.371655][ T7086] netlink: 20 bytes leftover after parsing attributes in process `syz.3.194'. [ 147.379025][ T7086] netlink: 'syz.3.194': attribute type 1 has an invalid length. [ 147.382255][ T7086] netlink: 4 bytes leftover after parsing attributes in process `syz.3.194'. [ 148.564816][ T7104] netlink: 'syz.1.195': attribute type 1 has an invalid length. [ 148.641313][ T7103] netlink: 4 bytes leftover after parsing attributes in process `syz.3.198'. [ 149.311828][ T40] kauditd_printk_skb: 227 callbacks suppressed [ 149.311838][ T40] audit: type=1326 audit(1759650363.422:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7111 comm="syz.2.201" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 149.321854][ T40] audit: type=1326 audit(1759650363.422:885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7111 comm="syz.2.201" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 149.328852][ T40] audit: type=1326 audit(1759650363.422:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7111 comm="syz.2.201" exe="/syz-executor" sig=0 arch=40000003 syscall=399 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 149.339634][ T40] audit: type=1326 audit(1759650363.422:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7111 comm="syz.2.201" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 149.356874][ T40] audit: type=1326 audit(1759650363.422:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7111 comm="syz.2.201" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 149.591363][ T7120] netlink: 20 bytes leftover after parsing attributes in process `syz.3.202'. [ 149.596158][ T7120] netlink: 'syz.3.202': attribute type 1 has an invalid length. [ 150.375227][ T7128] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input6 [ 150.971933][ T7107] bond1: (slave geneve2): making interface the new active one [ 151.092989][ T7138] __nla_validate_parse: 1 callbacks suppressed [ 151.093002][ T7138] netlink: 20 bytes leftover after parsing attributes in process `syz.3.205'. [ 151.098861][ T7138] netlink: 'syz.3.205': attribute type 1 has an invalid length. [ 151.101571][ T7138] netlink: 4 bytes leftover after parsing attributes in process `syz.3.205'. [ 151.167264][ T7142] netlink: 20 bytes leftover after parsing attributes in process `syz.0.206'. [ 151.174763][ T7142] netlink: 'syz.0.206': attribute type 1 has an invalid length. [ 151.177539][ T7142] netlink: 4 bytes leftover after parsing attributes in process `syz.0.206'. [ 151.207442][ T7107] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 151.218916][ T46] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 151.222935][ T46] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 151.227125][ T46] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 151.231784][ T46] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 151.407927][ T7145] netlink: 'syz.1.207': attribute type 2 has an invalid length. [ 151.908678][ T7152] netlink: 4 bytes leftover after parsing attributes in process `syz.1.210'. [ 152.271140][ T7166] netlink: 4 bytes leftover after parsing attributes in process `syz.0.212'. [ 153.044034][ T5958] Bluetooth: hci2: unexpected event for opcode 0x080f [ 153.219440][ T7181] netlink: 'syz.2.216': attribute type 1 has an invalid length. [ 153.222512][ T7181] netlink: 'syz.2.216': attribute type 2 has an invalid length. [ 153.236478][ T7174] netlink: 20 bytes leftover after parsing attributes in process `syz.1.213'. [ 153.293491][ T7174] netlink: 'syz.1.213': attribute type 1 has an invalid length. [ 153.298783][ T7174] netlink: 4 bytes leftover after parsing attributes in process `syz.1.213'. [ 153.350451][ T7189] netlink: 'syz.2.219': attribute type 1 has an invalid length. [ 153.352989][ T7189] netlink: 'syz.2.219': attribute type 2 has an invalid length. [ 153.630386][ T7193] netlink: 4 bytes leftover after parsing attributes in process `syz.0.220'. [ 154.248858][ T7212] netlink: 20 bytes leftover after parsing attributes in process `syz.3.225'. [ 154.254063][ T7212] netlink: 'syz.3.225': attribute type 1 has an invalid length. [ 154.690177][ T7216] netlink: 'syz.2.227': attribute type 1 has an invalid length. [ 154.693945][ T7216] netlink: 'syz.2.227': attribute type 2 has an invalid length. [ 154.755661][ T7220] netlink: 'syz.2.229': attribute type 8 has an invalid length. [ 155.915403][ T7249] netlink: 'syz.3.237': attribute type 1 has an invalid length. [ 156.943846][ T7268] __nla_validate_parse: 3 callbacks suppressed [ 156.943864][ T7268] netlink: 20 bytes leftover after parsing attributes in process `syz.2.243'. [ 156.954773][ T7268] netlink: 'syz.2.243': attribute type 1 has an invalid length. [ 156.959008][ T7268] netlink: 4 bytes leftover after parsing attributes in process `syz.2.243'. [ 157.077495][ T5958] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 157.080354][ T5958] Bluetooth: hci2: Injecting HCI hardware error event [ 157.084822][ T5971] Bluetooth: hci2: hardware error 0x00 [ 157.591756][ T7270] netlink: 4 bytes leftover after parsing attributes in process `syz.0.244'. [ 157.789686][ T7288] netlink: 'syz.2.250': attribute type 1 has an invalid length. [ 157.793035][ T7288] netlink: 'syz.2.250': attribute type 2 has an invalid length. [ 158.144263][ T7293] netlink: 4 bytes leftover after parsing attributes in process `syz.2.252'. [ 158.186486][ T40] audit: type=1326 audit(1759650372.272:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7298 comm="syz.1.253" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 158.199860][ T40] audit: type=1326 audit(1759650372.272:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7298 comm="syz.1.253" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 158.209655][ T40] audit: type=1326 audit(1759650372.272:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7298 comm="syz.1.253" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 158.220957][ T40] audit: type=1326 audit(1759650372.312:892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7298 comm="syz.1.253" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 158.230333][ T40] audit: type=1326 audit(1759650372.312:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7298 comm="syz.1.253" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 158.240570][ T40] audit: type=1326 audit(1759650372.312:894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7298 comm="syz.1.253" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 158.249776][ T40] audit: type=1326 audit(1759650372.312:895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7298 comm="syz.1.253" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 158.260471][ T40] audit: type=1326 audit(1759650372.312:896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7298 comm="syz.1.253" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 158.269029][ T40] audit: type=1326 audit(1759650372.312:897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7298 comm="syz.1.253" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 158.277637][ T40] audit: type=1326 audit(1759650372.312:898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7298 comm="syz.1.253" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 158.400771][ T7304] netlink: 20 bytes leftover after parsing attributes in process `syz.3.254'. [ 158.408766][ T7304] netlink: 'syz.3.254': attribute type 1 has an invalid length. [ 158.412290][ T7304] netlink: 4 bytes leftover after parsing attributes in process `syz.3.254'. [ 158.856546][ T24] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 159.006488][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 159.013799][ T24] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 159.018968][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 159.023122][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 159.027223][ T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 159.031971][ T24] usb 5-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 159.034857][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.040105][ T24] usb 5-1: config 0 descriptor?? [ 159.050167][ T24] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input7 [ 159.067112][ T5348] pxrc 5-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 159.073146][ T5348] pxrc 5-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 159.082768][ T5348] pxrc 5-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 159.093901][ T5959] pxrc 5-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 159.099791][ T5348] pxrc 5-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 159.105317][ T5348] pxrc 5-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 159.115551][ T5348] pxrc 5-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 159.120502][ T5348] pxrc 5-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 159.156488][ T5971] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 159.258396][ T7307] pxrc 5-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 159.263212][ T24] usb 5-1: USB disconnect, device number 4 [ 159.856045][ T7321] trusted_key: encrypted_key: keylen parameter is missing [ 160.750177][ T7325] netlink: 'syz.2.262': attribute type 1 has an invalid length. [ 160.753320][ T7325] netlink: 5452 bytes leftover after parsing attributes in process `syz.2.262'. [ 160.879500][ T7333] netlink: 'syz.2.264': attribute type 1 has an invalid length. [ 162.129631][ T7340] netlink: 20 bytes leftover after parsing attributes in process `syz.3.265'. [ 162.189395][ T7340] netlink: 'syz.3.265': attribute type 1 has an invalid length. [ 162.192102][ T7340] netlink: 4 bytes leftover after parsing attributes in process `syz.3.265'. [ 165.696725][ T7390] netlink: 20 bytes leftover after parsing attributes in process `syz.0.277'. [ 165.702286][ T7390] netlink: 'syz.0.277': attribute type 1 has an invalid length. [ 165.705493][ T7390] netlink: 4 bytes leftover after parsing attributes in process `syz.0.277'. [ 165.730588][ T7391] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 166.105575][ T7397] netlink: 20 bytes leftover after parsing attributes in process `syz.1.279'. [ 166.226687][ T7396] netlink: 'syz.1.279': attribute type 1 has an invalid length. [ 166.229894][ T7396] netlink: 4 bytes leftover after parsing attributes in process `syz.1.279'. [ 166.721936][ T5971] Bluetooth: hci0: unexpected cc 0x203c length: 9 > 1 [ 167.200319][ T7411] netlink: 4 bytes leftover after parsing attributes in process `syz.1.285'. [ 168.052385][ T7422] netlink: 'syz.1.287': attribute type 8 has an invalid length. [ 168.314103][ T7435] netlink: 20 bytes leftover after parsing attributes in process `syz.1.289'. [ 168.320453][ T7435] netlink: 'syz.1.289': attribute type 1 has an invalid length. [ 168.323550][ T7435] netlink: 4 bytes leftover after parsing attributes in process `syz.1.289'. [ 168.377646][ T7430] netlink: 4 bytes leftover after parsing attributes in process `syz.0.291'. [ 168.586604][ T1334] usb 7-1: new full-speed USB device number 4 using dummy_hcd [ 168.709864][ T7454] netlink: 'syz.3.299': attribute type 1 has an invalid length. [ 168.738715][ T1334] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 4 [ 168.745482][ T1334] usb 7-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 168.748820][ T1334] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.752011][ T1334] usb 7-1: Product: syz [ 168.754834][ T1334] usb 7-1: Manufacturer: syz [ 168.757666][ T1334] usb 7-1: SerialNumber: syz [ 168.774784][ T1334] usb 7-1: config 0 descriptor?? [ 168.785669][ T1334] hub 7-1:0.0: bad descriptor, ignoring hub [ 168.789948][ T1334] hub 7-1:0.0: probe with driver hub failed with error -5 [ 168.808114][ T1334] input: syz syz as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/input/input8 [ 169.750254][ T7473] netlink: 4 bytes leftover after parsing attributes in process `syz.1.301'. [ 170.462377][ T7483] netlink: 20 bytes leftover after parsing attributes in process `syz.2.305'. [ 170.467857][ T7483] netlink: 'syz.2.305': attribute type 1 has an invalid length. [ 170.471130][ T7483] netlink: 4 bytes leftover after parsing attributes in process `syz.2.305'. [ 171.655937][ T7503] netlink: 20 bytes leftover after parsing attributes in process `syz.3.311'. [ 171.660586][ T7503] netlink: 'syz.3.311': attribute type 1 has an invalid length. [ 171.663133][ T7503] netlink: 4 bytes leftover after parsing attributes in process `syz.3.311'. [ 172.086448][ T7506] netlink: 4 bytes leftover after parsing attributes in process `syz.0.312'. [ 173.313787][ T1334] usb 7-1: USB disconnect, device number 4 [ 173.339456][ T7512] netlink: 4 bytes leftover after parsing attributes in process `syz.2.313'. [ 174.417156][ T7547] comedi comedi2: pcl711: I/O port conflict (0x4f27,16) [ 174.463080][ T7550] netlink: 20 bytes leftover after parsing attributes in process `syz.0.322'. [ 174.472938][ T7550] netlink: 'syz.0.322': attribute type 1 has an invalid length. [ 174.476554][ T7550] netlink: 4 bytes leftover after parsing attributes in process `syz.0.322'. [ 174.691669][ T7553] netlink: 8 bytes leftover after parsing attributes in process `syz.2.325'. [ 174.847857][ T7554] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input9 [ 177.305009][ T7594] netlink: 4 bytes leftover after parsing attributes in process `syz.0.345'. [ 178.153732][ T7607] netlink: 8 bytes leftover after parsing attributes in process `syz.1.338'. [ 179.422625][ T7614] netlink: 20 bytes leftover after parsing attributes in process `syz.0.340'. [ 179.435385][ T7614] netlink: 'syz.0.340': attribute type 1 has an invalid length. [ 179.439610][ T7614] netlink: 4 bytes leftover after parsing attributes in process `syz.0.340'. [ 179.628252][ T7629] netlink: 'syz.3.350': attribute type 1 has an invalid length. [ 182.685842][ T7679] netlink: 4 bytes leftover after parsing attributes in process `syz.3.363'. [ 182.749398][ T7666] netlink: 4 bytes leftover after parsing attributes in process `syz.0.362'. [ 182.790176][ T7681] netlink: 'syz.0.364': attribute type 8 has an invalid length. [ 183.056007][ T7709] netlink: 4 bytes leftover after parsing attributes in process `syz.1.376'. [ 183.163750][ T7713] netlink: 20 bytes leftover after parsing attributes in process `syz.2.374'. [ 183.174436][ T7713] netlink: 'syz.2.374': attribute type 1 has an invalid length. [ 183.177156][ T7713] netlink: 4 bytes leftover after parsing attributes in process `syz.2.374'. [ 183.292471][ T7705] netlink: 4 bytes leftover after parsing attributes in process `syz.0.375'. [ 183.786844][ T7725] netlink: 'syz.3.380': attribute type 8 has an invalid length. [ 183.882768][ T7733] netlink: 'syz.0.385': attribute type 3 has an invalid length. [ 183.975583][ T7740] netlink: 20 bytes leftover after parsing attributes in process `syz.0.387'. [ 183.989814][ T7740] netlink: 'syz.0.387': attribute type 1 has an invalid length. [ 183.992682][ T7740] netlink: 4 bytes leftover after parsing attributes in process `syz.0.387'. [ 184.124221][ T7754] netlink: 'syz.2.390': attribute type 1 has an invalid length. [ 184.632693][ T7776] netlink: 'syz.0.400': attribute type 10 has an invalid length. [ 184.643745][ T7776] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.648684][ T7776] : (slave team0): Enslaving as an active interface with an up link [ 184.846848][ T7763] __nla_validate_parse: 2 callbacks suppressed [ 184.846941][ T7763] netlink: 4 bytes leftover after parsing attributes in process `syz.3.395'. [ 184.943100][ T7789] netlink: 20 bytes leftover after parsing attributes in process `syz.2.404'. [ 184.960497][ T7789] netlink: 'syz.2.404': attribute type 1 has an invalid length. [ 184.963903][ T7789] netlink: 4 bytes leftover after parsing attributes in process `syz.2.404'. [ 185.462753][ T7810] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 185.465050][ T7810] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 185.478231][ T7810] vhci_hcd vhci_hcd.0: Device attached [ 185.484641][ T7811] vhci_hcd: unknown pdu 1 [ 185.490769][ T46] vhci_hcd: stop threads [ 185.493292][ T46] vhci_hcd: release socket [ 185.495661][ T46] vhci_hcd: disconnect device [ 185.532400][ T7786] netlink: 4 bytes leftover after parsing attributes in process `syz.0.403'. [ 185.725911][ T7813] netlink: 4 bytes leftover after parsing attributes in process `syz.1.410'. [ 185.956471][ T5958] Bluetooth: hci0: command 0x0406 tx timeout [ 186.411303][ T7838] netlink: 4 bytes leftover after parsing attributes in process `syz.2.413'. [ 187.356434][ T7851] netlink: 4 bytes leftover after parsing attributes in process `syz.3.423'. [ 187.697907][ T7864] netlink: 4 bytes leftover after parsing attributes in process `syz.1.428'. [ 188.519459][ T7894] comedi comedi0: pcl726: I/O port conflict (0x3,16) [ 188.704274][ T7911] netlink: 'syz.0.444': attribute type 8 has an invalid length. [ 188.991342][ T7906] netlink: 4 bytes leftover after parsing attributes in process `syz.1.435'. [ 189.705605][ T7940] netlink: 4 bytes leftover after parsing attributes in process `syz.0.453'. [ 190.323138][ T7946] netlink: 'syz.1.454': attribute type 1 has an invalid length. [ 190.325555][ T7946] netlink: 'syz.1.454': attribute type 2 has an invalid length. [ 190.742410][ T7954] netlink: 4 bytes leftover after parsing attributes in process `syz.0.456'. [ 192.007573][ T7985] comedi comedi0: driver 'ni_daq_700' does not support attach using comedi_config [ 192.054927][ T7977] netlink: 4 bytes leftover after parsing attributes in process `syz.0.462'. [ 192.075301][ T7987] netlink: 'syz.1.465': attribute type 1 has an invalid length. [ 192.078341][ T7987] netlink: 'syz.1.465': attribute type 2 has an invalid length. [ 192.547625][ T7997] wg2: entered promiscuous mode [ 192.549184][ T7997] wg2: entered allmulticast mode [ 192.672916][ T7990] netlink: 4 bytes leftover after parsing attributes in process `syz.2.466'. [ 192.903596][ T8005] netlink: 4 bytes leftover after parsing attributes in process `syz.3.470'. [ 193.961704][ T8033] netlink: 4 bytes leftover after parsing attributes in process `syz.3.475'. [ 194.794058][ T8042] netlink: 'syz.3.479': attribute type 1 has an invalid length. [ 194.797366][ T8042] netlink: 'syz.3.479': attribute type 2 has an invalid length. [ 195.443310][ T8050] netlink: 4 bytes leftover after parsing attributes in process `syz.3.481'. [ 196.266025][ T8057] netlink: 4 bytes leftover after parsing attributes in process `syz.0.482'. [ 196.276442][ T8069] netlink: 12 bytes leftover after parsing attributes in process `syz.3.486'. [ 196.540468][ T8073] netlink: 20 bytes leftover after parsing attributes in process `syz.3.487'. [ 196.547701][ T8073] netlink: 'syz.3.487': attribute type 1 has an invalid length. [ 196.551414][ T8073] netlink: 4 bytes leftover after parsing attributes in process `syz.3.487'. [ 197.346224][ T8084] netlink: 4 bytes leftover after parsing attributes in process `syz.0.491'. [ 197.456192][ T8099] random: crng reseeded on system resumption [ 197.806826][ T8111] netlink: 4 bytes leftover after parsing attributes in process `syz.3.497'. [ 197.882053][ T8107] netlink: 4 bytes leftover after parsing attributes in process `syz.2.498'. [ 197.982732][ T8117] netlink: 20 bytes leftover after parsing attributes in process `syz.1.500'. [ 197.994614][ T8117] netlink: 'syz.1.500': attribute type 1 has an invalid length. [ 197.998224][ T8117] netlink: 4 bytes leftover after parsing attributes in process `syz.1.500'. [ 198.014917][ T8121] netlink: 16215 bytes leftover after parsing attributes in process `syz.2.501'. [ 199.241092][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.244180][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.734792][ T8161] netlink: 'syz.1.511': attribute type 1 has an invalid length. [ 202.232411][ T8186] __nla_validate_parse: 4 callbacks suppressed [ 202.232437][ T8186] netlink: 20 bytes leftover after parsing attributes in process `syz.2.519'. [ 202.286827][ T8186] netlink: 'syz.2.519': attribute type 1 has an invalid length. [ 202.290718][ T8186] netlink: 4 bytes leftover after parsing attributes in process `syz.2.519'. [ 202.426781][ T8192] netlink: 4 bytes leftover after parsing attributes in process `syz.0.520'. [ 203.052616][ T8207] netlink: 4 bytes leftover after parsing attributes in process `syz.2.524'. [ 203.158053][ T8213] netlink: 20 bytes leftover after parsing attributes in process `syz.0.521'. [ 203.213984][ T8213] netlink: 'syz.0.521': attribute type 1 has an invalid length. [ 203.217029][ T8213] netlink: 4 bytes leftover after parsing attributes in process `syz.0.521'. [ 204.440646][ T8230] netlink: 4 bytes leftover after parsing attributes in process `syz.1.530'. [ 204.775708][ T8244] netlink: 20 bytes leftover after parsing attributes in process `syz.2.532'. [ 204.798262][ T8244] netlink: 'syz.2.532': attribute type 1 has an invalid length. [ 204.801588][ T8244] netlink: 4 bytes leftover after parsing attributes in process `syz.2.532'. [ 205.394490][ T8257] netlink: 20 bytes leftover after parsing attributes in process `syz.1.535'. [ 205.406744][ T8257] netlink: 'syz.1.535': attribute type 1 has an invalid length. [ 205.525851][ T8264] netlink: 'syz.2.538': attribute type 1 has an invalid length. [ 205.534669][ T8264] netlink: 'syz.2.538': attribute type 2 has an invalid length. [ 205.616409][ T6048] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 205.699694][ T8268] netlink: 'syz.2.540': attribute type 1 has an invalid length. [ 205.702680][ T8268] netlink: 'syz.2.540': attribute type 2 has an invalid length. [ 205.777854][ T6048] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 205.782057][ T6048] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 205.786077][ T6048] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 205.789912][ T6048] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 205.794967][ T6048] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 205.801170][ T6048] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 205.804982][ T6048] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 205.809062][ T6048] usb 8-1: Product: syz [ 205.811130][ T6048] usb 8-1: Manufacturer: syz [ 205.819750][ T6048] cdc_wdm 8-1:1.0: skipping garbage [ 205.821846][ T6048] cdc_wdm 8-1:1.0: skipping garbage [ 205.825637][ T6048] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 205.828366][ T6048] cdc_wdm 8-1:1.0: Unknown control protocol [ 206.059435][ T839] usb 8-1: USB disconnect, device number 4 [ 207.202357][ T8295] netlink: 'syz.2.546': attribute type 1 has an invalid length. [ 207.606502][ T6025] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 207.682125][ T8306] __nla_validate_parse: 5 callbacks suppressed [ 207.682214][ T8306] netlink: 20 bytes leftover after parsing attributes in process `syz.0.550'. [ 207.692180][ T8306] netlink: 'syz.0.550': attribute type 1 has an invalid length. [ 207.695225][ T8306] netlink: 4 bytes leftover after parsing attributes in process `syz.0.550'. [ 208.538992][ T6025] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 208.542670][ T6025] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 208.567163][ T6025] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 208.582094][ T6025] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 208.587340][ T6025] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 208.596511][ T6025] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 208.600146][ T6025] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 208.603367][ T6025] usb 8-1: Product: syz [ 208.605058][ T6025] usb 8-1: Manufacturer: syz [ 208.629565][ T6025] cdc_wdm 8-1:1.0: skipping garbage [ 208.631524][ T6025] cdc_wdm 8-1:1.0: skipping garbage [ 208.715608][ T6025] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 208.720486][ T6025] cdc_wdm 8-1:1.0: Unknown control protocol [ 208.915292][ T8318] netlink: 4 bytes leftover after parsing attributes in process `syz.2.554'. [ 208.988909][ T6025] usb 8-1: USB disconnect, device number 5 [ 209.135846][ T8319] netlink: 4 bytes leftover after parsing attributes in process `syz.0.555'. [ 210.157837][ T8343] netlink: 20 bytes leftover after parsing attributes in process `syz.0.560'. [ 210.189201][ T8343] netlink: 'syz.0.560': attribute type 1 has an invalid length. [ 210.193141][ T8343] netlink: 4 bytes leftover after parsing attributes in process `syz.0.560'. [ 212.879049][ T5971] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 212.879082][ T5971] Bluetooth: hci1: Malformed LE Event: 0x0d [ 214.508384][ T8404] netlink: 4 bytes leftover after parsing attributes in process `syz.3.577'. [ 215.505110][ T8409] netlink: 4 bytes leftover after parsing attributes in process `syz.0.575'. [ 215.761325][ T8420] netlink: 'syz.1.580': attribute type 1 has an invalid length. [ 215.764034][ T8420] netlink: 'syz.1.580': attribute type 2 has an invalid length. [ 216.348963][ T8437] netlink: 4 bytes leftover after parsing attributes in process `syz.1.586'. [ 217.137368][ T8456] netlink: 'syz.1.593': attribute type 1 has an invalid length. [ 217.140891][ T8456] netlink: 'syz.1.593': attribute type 2 has an invalid length. [ 217.720985][ T8462] netlink: 4 bytes leftover after parsing attributes in process `syz.3.595'. [ 217.761478][ T8459] netlink: 4 bytes leftover after parsing attributes in process `syz.1.596'. [ 217.887711][ T34] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 218.046513][ T34] usb 7-1: Using ep0 maxpacket: 32 [ 218.050576][ T34] usb 7-1: config index 0 descriptor too short (expected 156, got 27) [ 218.054243][ T34] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 218.059808][ T34] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 218.065260][ T34] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 218.071217][ T34] usb 7-1: config 0 interface 0 has no altsetting 0 [ 218.078289][ T34] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 218.083633][ T34] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 218.087872][ T34] usb 7-1: Product: syz [ 218.089630][ T34] usb 7-1: Manufacturer: syz [ 218.091560][ T34] usb 7-1: SerialNumber: syz [ 218.096953][ T34] usb 7-1: config 0 descriptor?? [ 218.106643][ T34] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 218.112697][ T34] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 218.328702][ T34] usb 7-1: USB disconnect, device number 5 [ 218.341842][ T34] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 218.850859][ T8496] netlink: 4 bytes leftover after parsing attributes in process `syz.3.602'. [ 220.042205][ T8509] netlink: 4 bytes leftover after parsing attributes in process `syz.0.607'. [ 220.098540][ T8513] netlink: 4 bytes leftover after parsing attributes in process `syz.2.608'. [ 220.860997][ T8551] netlink: 20 bytes leftover after parsing attributes in process `syz.1.616'. [ 220.866018][ T8551] netlink: 'syz.1.616': attribute type 1 has an invalid length. [ 220.868519][ T8551] netlink: 4 bytes leftover after parsing attributes in process `syz.1.616'. [ 221.055489][ T8554] netlink: 4 bytes leftover after parsing attributes in process `syz.2.615'. [ 222.251672][ T8558] netlink: 4 bytes leftover after parsing attributes in process `syz.2.617'. [ 222.386997][ T8560] netlink: 4 bytes leftover after parsing attributes in process `syz.1.618'. [ 222.427857][ T8574] netlink: 20 bytes leftover after parsing attributes in process `syz.2.619'. [ 222.437544][ T8574] netlink: 'syz.2.619': attribute type 1 has an invalid length. [ 222.440283][ T8574] netlink: 4 bytes leftover after parsing attributes in process `syz.2.619'. [ 223.857135][ T8598] netlink: 4 bytes leftover after parsing attributes in process `syz.2.627'. [ 225.449446][ T8623] netlink: 4 bytes leftover after parsing attributes in process `syz.2.631'. [ 226.076927][ T8628] netlink: 4 bytes leftover after parsing attributes in process `syz.1.634'. [ 226.547831][ T8651] netlink: 4 bytes leftover after parsing attributes in process `syz.2.640'. [ 226.648635][ T8663] netlink: 'syz.1.643': attribute type 1 has an invalid length. [ 226.653726][ T8663] netlink: 'syz.1.643': attribute type 2 has an invalid length. [ 226.657050][ T8663] netlink: 116 bytes leftover after parsing attributes in process `syz.1.643'. [ 227.843354][ T8674] netlink: 4 bytes leftover after parsing attributes in process `syz.0.646'. [ 228.129213][ T5971] Bluetooth: hci1: command tx timeout [ 228.857060][ T8705] netlink: 20 bytes leftover after parsing attributes in process `syz.0.654'. [ 228.873895][ T8705] netlink: 'syz.0.654': attribute type 1 has an invalid length. [ 228.877242][ T8705] netlink: 4 bytes leftover after parsing attributes in process `syz.0.654'. [ 229.993657][ T8727] netlink: 4 bytes leftover after parsing attributes in process `syz.3.656'. [ 230.409906][ T8736] netlink: 4 bytes leftover after parsing attributes in process `syz.2.660'. [ 231.426994][ T8746] netlink: 4 bytes leftover after parsing attributes in process `syz.1.664'. [ 231.519300][ T5971] Bluetooth: hci1: link tx timeout [ 231.521685][ T5971] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 231.604847][ T5958] Bluetooth: hci1: link tx timeout [ 231.607299][ T5958] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 231.640355][ T5958] Bluetooth: hci1: link tx timeout [ 231.642771][ T5958] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 231.676603][ T24] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 231.846509][ T24] usb 7-1: Using ep0 maxpacket: 32 [ 231.850351][ T24] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 231.878878][ T24] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 231.882262][ T24] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 231.885558][ T24] usb 7-1: Product: syz [ 231.891113][ T24] usb 7-1: Manufacturer: syz [ 231.892879][ T24] usb 7-1: SerialNumber: syz [ 231.901474][ T24] usb 7-1: config 0 descriptor?? [ 231.903614][ T8774] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 231.908109][ T24] hub 7-1:0.0: bad descriptor, ignoring hub [ 231.910699][ T24] hub 7-1:0.0: probe with driver hub failed with error -5 [ 232.244386][ T5958] Bluetooth: hci0: unexpected event 0x2f length: 509 > 260 [ 232.277067][ T24] usb 7-1: USB disconnect, device number 6 [ 232.321835][ T5958] Bluetooth: hci1: link tx timeout [ 232.324172][ T5958] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 232.345759][ T8788] netlink: 4 bytes leftover after parsing attributes in process `syz.0.673'. [ 232.361499][ T5958] Bluetooth: hci1: link tx timeout [ 232.364023][ T5958] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 232.436946][ T5958] Bluetooth: hci1: link tx timeout [ 232.438837][ T5958] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 232.445069][ T8802] netlink: 20 bytes leftover after parsing attributes in process `syz.1.675'. [ 232.462799][ T8802] netlink: 'syz.1.675': attribute type 1 has an invalid length. [ 232.465983][ T8802] netlink: 4 bytes leftover after parsing attributes in process `syz.1.675'. [ 232.692615][ T8806] netlink: 168 bytes leftover after parsing attributes in process `syz.2.676'. [ 233.112226][ T8820] netlink: 'syz.3.679': attribute type 1 has an invalid length. [ 233.115726][ T8820] netlink: 'syz.3.679': attribute type 2 has an invalid length. [ 233.146615][ T24] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 233.298348][ T24] usb 7-1: config 0 has no interfaces? [ 233.300810][ T24] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 233.304648][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.310425][ T24] usb 7-1: config 0 descriptor?? [ 233.402779][ T5958] Bluetooth: hci1: link tx timeout [ 233.405298][ T5958] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 233.531091][ T6048] usb 7-1: USB disconnect, device number 7 [ 233.556528][ T5958] Bluetooth: hci1: command 0x0406 tx timeout [ 233.693945][ T8828] netlink: 4 bytes leftover after parsing attributes in process `syz.3.682'. [ 234.008908][ T5971] Bluetooth: hci1: link tx timeout [ 234.439122][ T5971] Bluetooth: hci1: link tx timeout [ 234.532130][ T8850] netlink: 4 bytes leftover after parsing attributes in process `syz.0.688'. [ 234.795788][ T8865] netlink: 20 bytes leftover after parsing attributes in process `syz.2.691'. [ 234.802777][ T8865] netlink: 'syz.2.691': attribute type 1 has an invalid length. [ 234.806144][ T8865] netlink: 4 bytes leftover after parsing attributes in process `syz.2.691'. [ 234.852567][ T8855] netlink: 4 bytes leftover after parsing attributes in process `syz.0.689'. [ 236.467855][ T8893] __nla_validate_parse: 2 callbacks suppressed [ 236.467899][ T8893] netlink: 20 bytes leftover after parsing attributes in process `syz.1.695'. [ 236.474911][ T8893] netlink: 'syz.1.695': attribute type 1 has an invalid length. [ 236.477419][ T8893] netlink: 4 bytes leftover after parsing attributes in process `syz.1.695'. [ 236.483239][ T5971] Bluetooth: hci1: link tx timeout [ 237.176605][ T24] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 237.317537][ T5971] Bluetooth: hci1: link tx timeout [ 237.336658][ T24] usb 7-1: Using ep0 maxpacket: 8 [ 237.341055][ T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 237.346178][ T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 237.352993][ T24] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 237.357499][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.365360][ T24] usb 7-1: config 0 descriptor?? [ 237.564712][ T8908] netlink: 4 bytes leftover after parsing attributes in process `syz.0.701'. [ 237.595249][ T24] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 237.803164][ T8905] iowarrior 7-1:0.0: Error -90 while submitting URB [ 237.810648][ T24] usb 7-1: USB disconnect, device number 8 [ 238.009251][ T5971] Bluetooth: hci1: link tx timeout [ 238.167432][ T8916] netlink: 4 bytes leftover after parsing attributes in process `syz.1.702'. [ 238.910155][ T8951] netlink: 20 bytes leftover after parsing attributes in process `syz.2.710'. [ 238.935077][ T8951] netlink: 'syz.2.710': attribute type 1 has an invalid length. [ 238.938746][ T8951] netlink: 4 bytes leftover after parsing attributes in process `syz.2.710'. [ 239.228078][ T8937] netlink: 4 bytes leftover after parsing attributes in process `syz.3.708'. [ 239.302456][ T5971] Bluetooth: hci1: link tx timeout [ 239.894174][ T8961] netlink: 4 bytes leftover after parsing attributes in process `syz.0.714'. [ 239.934048][ T8973] netlink: 56 bytes leftover after parsing attributes in process `syz.1.716'. [ 240.034402][ T839] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 240.128741][ T8981] random: crng reseeded on system resumption [ 240.134847][ T8981] Hibernate inconsistent memory map detected! [ 240.152708][ T8981] PM: hibernation: Image mismatch: architecture specific data [ 240.207665][ T839] usb 8-1: Using ep0 maxpacket: 8 [ 240.211018][ T839] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 240.215971][ T839] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 240.220055][ T839] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 240.222883][ T839] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.227093][ T839] usb 8-1: config 0 descriptor?? [ 240.462607][ T839] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 240.664856][ T8969] iowarrior 8-1:0.0: Error -90 while submitting URB [ 240.675984][ T29] usb 8-1: USB disconnect, device number 6 [ 240.688875][ T5971] Bluetooth: hci1: link tx timeout [ 240.879234][ T8994] netlink: 4 bytes leftover after parsing attributes in process `syz.0.724'. [ 240.943786][ T9002] pimreg: entered allmulticast mode [ 240.951639][ T9002] pimreg: left allmulticast mode [ 241.576714][ T9018] netlink: 4 bytes leftover after parsing attributes in process `syz.3.730'. [ 241.721115][ T9025] netlink: 4 bytes leftover after parsing attributes in process `syz.2.728'. [ 241.987228][ T9030] netlink: 4 bytes leftover after parsing attributes in process `syz.0.732'. [ 242.013184][ T5971] Bluetooth: hci1: link tx timeout [ 242.860706][ T5971] Bluetooth: hci1: link tx timeout [ 243.236503][ T839] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 243.408441][ T9056] netlink: 'syz.0.738': attribute type 1 has an invalid length. [ 243.411126][ T9056] netlink: 'syz.0.738': attribute type 2 has an invalid length. [ 243.415799][ T839] usb 5-1: unable to get BOS descriptor or descriptor too short [ 243.420764][ T839] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 243.424033][ T839] usb 5-1: can't read configurations, error -71 [ 243.706785][ T5971] Bluetooth: hci1: link tx timeout [ 243.725283][ T9069] netlink: 4 bytes leftover after parsing attributes in process `syz.1.741'. [ 244.644064][ T9076] netlink: 4 bytes leftover after parsing attributes in process `syz.2.742'. [ 244.657847][ T9082] netlink: 4 bytes leftover after parsing attributes in process `syz.0.743'. [ 244.790681][ T9091] netlink: 4 bytes leftover after parsing attributes in process `syz.3.745'. [ 244.861184][ T5971] Bluetooth: hci1: link tx timeout [ 246.017857][ T5971] Bluetooth: hci1: link tx timeout [ 246.092023][ T5971] Bluetooth: hci0: Malformed HCI Event [ 246.536673][ T839] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 246.582293][ T9119] netlink: 4 bytes leftover after parsing attributes in process `syz.2.752'. [ 246.696536][ T839] usb 6-1: Using ep0 maxpacket: 8 [ 246.736901][ T839] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 246.740875][ T839] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 246.744199][ T839] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 246.766478][ T839] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 246.776675][ T839] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 246.779763][ T839] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 247.088955][ T839] usb 6-1: GET_CAPABILITIES returned 0 [ 247.091714][ T839] usbtmc 6-1:16.0: can't read capabilities [ 247.387455][ T839] usb 6-1: USB disconnect, device number 2 [ 247.665934][ T9134] netlink: 4 bytes leftover after parsing attributes in process `syz.2.756'. [ 248.029928][ T9150] netlink: 20 bytes leftover after parsing attributes in process `syz.0.758'. [ 248.066997][ T9150] netlink: 'syz.0.758': attribute type 1 has an invalid length. [ 248.069448][ T9150] netlink: 4 bytes leftover after parsing attributes in process `syz.0.758'. [ 248.095982][ T9158] netlink: 56 bytes leftover after parsing attributes in process `syz.2.763'. [ 248.259564][ T9166] netlink: 20 bytes leftover after parsing attributes in process `syz.2.765'. [ 248.265121][ T9166] netlink: 'syz.2.765': attribute type 1 has an invalid length. [ 248.267828][ T9166] netlink: 4 bytes leftover after parsing attributes in process `syz.2.765'. [ 248.346405][ T839] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 248.386465][ T24] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 248.502578][ T839] usb 8-1: unable to get BOS descriptor or descriptor too short [ 248.506190][ T839] usb 8-1: unable to read config index 0 descriptor/start: -71 [ 248.509082][ T839] usb 8-1: can't read configurations, error -71 [ 248.538139][ T24] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 248.542080][ T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 248.545530][ T24] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 248.549636][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.554001][ T24] usb 6-1: config 0 descriptor?? [ 248.562632][ T24] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 248.565500][ T24] dvb-usb: bulk message failed: -22 (3/0) [ 248.572591][ T24] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 248.576047][ T24] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 248.579393][ T24] usb 6-1: media controller created [ 248.583476][ T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 248.594391][ T24] dvb-usb: bulk message failed: -22 (6/0) [ 248.599900][ T24] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 248.605945][ T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb6/6-1/input/input10 [ 248.625281][ T24] dvb-usb: schedule remote query interval to 150 msecs. [ 248.628358][ T24] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 248.762734][ T29] usb 6-1: USB disconnect, device number 3 [ 248.781422][ T29] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 249.436690][ T9182] netlink: 4 bytes leftover after parsing attributes in process `syz.3.772'. [ 250.781155][ T9210] netlink: 20 bytes leftover after parsing attributes in process `syz.3.778'. [ 250.788210][ T9210] netlink: 'syz.3.778': attribute type 1 has an invalid length. [ 250.791074][ T9210] netlink: 4 bytes leftover after parsing attributes in process `syz.3.778'. [ 250.923181][ T9205] netlink: 4 bytes leftover after parsing attributes in process `syz.2.775'. [ 251.118033][ T5971] Bluetooth: hci1: Invalid handle: 0x98f0 > 0x0eff [ 252.966547][ T34] usb 7-1: new full-speed USB device number 9 using dummy_hcd [ 253.133439][ T9260] __nla_validate_parse: 2 callbacks suppressed [ 253.133477][ T9260] netlink: 20 bytes leftover after parsing attributes in process `syz.3.792'. [ 253.141709][ T34] usb 7-1: config index 0 descriptor too short (expected 156, got 27) [ 253.144851][ T34] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 253.157188][ T9260] netlink: 'syz.3.792': attribute type 1 has an invalid length. [ 253.159862][ T9260] netlink: 4 bytes leftover after parsing attributes in process `syz.3.792'. [ 253.163645][ T34] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 253.168930][ T34] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 253.175132][ T34] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 253.181871][ T34] usb 7-1: config 0 interface 0 has no altsetting 0 [ 253.191259][ T34] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 253.195928][ T34] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 253.200085][ T34] usb 7-1: Product: syz [ 253.201920][ T34] usb 7-1: Manufacturer: syz [ 253.203779][ T34] usb 7-1: SerialNumber: syz [ 253.210187][ T34] usb 7-1: config 0 descriptor?? [ 253.218884][ T9248] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 253.225688][ T34] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 253.230832][ T34] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 253.574291][ T9265] ================================================================== [ 253.577025][ T9265] BUG: KASAN: slab-out-of-bounds in __cpa_addr+0x1d3/0x220 [ 253.579465][ T9265] Read of size 8 at addr ffff888012c9c520 by task syz.0.794/9265 [ 253.584549][ T9265] [ 253.585347][ T9265] CPU: 1 UID: 0 PID: 9265 Comm: syz.0.794 Not tainted syzkaller #0 PREEMPT(full) [ 253.585362][ T9265] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 253.585369][ T9265] Call Trace: [ 253.585374][ T9265] [ 253.585379][ T9265] dump_stack_lvl+0x116/0x1f0 [ 253.585395][ T9265] print_report+0xcd/0x630 [ 253.585411][ T9265] ? __virt_addr_valid+0x81/0x610 [ 253.585428][ T9265] ? __phys_addr+0xe8/0x180 [ 253.585444][ T9265] ? __cpa_addr+0x1d3/0x220 [ 253.585455][ T9265] kasan_report+0xe0/0x110 [ 253.585469][ T9265] ? __cpa_addr+0x1d3/0x220 [ 253.585480][ T9265] __cpa_addr+0x1d3/0x220 [ 253.585491][ T9265] cpa_flush+0x28b/0x8a0 [ 253.585504][ T9265] ? __pfx_cpa_flush+0x10/0x10 [ 253.585516][ T9265] ? pgprot2cachemode+0x9a/0x130 [ 253.585531][ T9265] ? __pfx_pgprot2cachemode+0x10/0x10 [ 253.585546][ T9265] ? drm_gem_get_pages+0x6a0/0xa10 [ 253.585563][ T9265] change_page_attr_set_clr+0x34e/0x4a0 [ 253.585576][ T9265] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 253.585593][ T9265] _set_pages_array+0x1ab/0x2c0 [ 253.585606][ T9265] drm_gem_shmem_get_pages_locked+0x384/0x490 [ 253.585621][ T9265] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 253.585634][ T9265] ? __pfx___might_resched+0x10/0x10 [ 253.585649][ T9265] drm_gem_shmem_mmap+0xc9/0x550 [ 253.585662][ T9265] ? __pfx_drm_gem_shmem_object_mmap+0x10/0x10 [ 253.585675][ T9265] drm_gem_mmap_obj+0x1b5/0x560 [ 253.585690][ T9265] drm_gem_mmap+0x40b/0x620 [ 253.585705][ T9265] ? __pfx_drm_gem_mmap+0x10/0x10 [ 253.585719][ T9265] ? lockdep_init_map_type+0x5c/0x280 [ 253.585737][ T9265] __mmap_region+0x1306/0x27a0 [ 253.585749][ T9265] ? __pfx___mmap_region+0x10/0x10 [ 253.585760][ T9265] ? lockdep_hardirqs_on+0x7c/0x110 [ 253.585771][ T9265] ? finish_task_switch.isra.0+0x221/0xc10 [ 253.585784][ T9265] ? rcu_is_watching+0x12/0xc0 [ 253.585797][ T9265] ? trace_sched_exit_tp+0xd1/0x120 [ 253.585808][ T9265] ? __schedule+0x11a3/0x5de0 [ 253.585831][ T9265] ? __lock_acquire+0xb97/0x1ce0 [ 253.585848][ T9265] mmap_region+0x1ab/0x3f0 [ 253.585859][ T9265] ? __get_unmapped_area+0x267/0x440 [ 253.585874][ T9265] do_mmap+0xa3e/0x1210 [ 253.585889][ T9265] ? __pfx_do_mmap+0x10/0x10 [ 253.585902][ T9265] ? __pfx_down_write_killable+0x10/0x10 [ 253.585917][ T9265] vm_mmap_pgoff+0x29e/0x470 [ 253.585933][ T9265] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 253.585947][ T9265] ? __fget_files+0x20e/0x3c0 [ 253.585960][ T9265] ksys_mmap_pgoff+0x32c/0x5c0 [ 253.585973][ T9265] ? __ia32_sys_mmap_pgoff+0x11/0x1b0 [ 253.585988][ T9265] __do_fast_syscall_32+0x7c/0x300 [ 253.586002][ T9265] do_fast_syscall_32+0x32/0x80 [ 253.586014][ T9265] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 253.586028][ T9265] RIP: 0023:0xf70de579 [ 253.586045][ T9265] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 253.586057][ T9265] RSP: 002b:00000000f54ce55c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0 [ 253.586068][ T9265] RAX: ffffffffffffffda RBX: 0000000080001000 RCX: 0000000000004000 [ 253.586075][ T9265] RDX: 0000000000000004 RSI: 0000000000000011 RDI: 0000000000000003 [ 253.586082][ T9265] RBP: 0000000000100000 R08: 0000000000000000 R09: 0000000000000000 [ 253.586092][ T9265] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 253.586098][ T9265] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 253.586108][ T9265] [ 253.586112][ T9265] [ 253.638945][ T6004] usb 7-1: USB disconnect, device number 9 [ 253.640218][ T9265] Allocated by task 9265: [ 253.640228][ T9265] kasan_save_stack+0x33/0x60 [ 253.640246][ T9265] kasan_save_track+0x14/0x30 [ 253.640259][ T9265] __kasan_kmalloc+0xaa/0xb0 [ 253.640272][ T9265] __kvmalloc_node_noprof+0x3a3/0x9c0 [ 253.645029][ T6004] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 253.646028][ T9265] drm_gem_get_pages+0x144/0xa10 [ 253.646049][ T9265] drm_gem_shmem_get_pages_locked+0x1e6/0x490 [ 253.646063][ T9265] drm_gem_shmem_mmap+0xc9/0x550 [ 253.646075][ T9265] drm_gem_mmap_obj+0x1b5/0x560 [ 253.646089][ T9265] drm_gem_mmap+0x40b/0x620 [ 253.722356][ T9265] __mmap_region+0x1306/0x27a0 [ 253.723916][ T9265] mmap_region+0x1ab/0x3f0 [ 253.725414][ T9265] do_mmap+0xa3e/0x1210 [ 253.726996][ T9265] vm_mmap_pgoff+0x29e/0x470 [ 253.728929][ T9265] ksys_mmap_pgoff+0x32c/0x5c0 [ 253.731346][ T9265] __do_fast_syscall_32+0x7c/0x300 [ 253.733622][ T9265] do_fast_syscall_32+0x32/0x80 [ 253.735592][ T9265] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 253.737535][ T9265] [ 253.738291][ T9265] The buggy address belongs to the object at ffff888012c9c400 [ 253.738291][ T9265] which belongs to the cache kmalloc-512 of size 512 [ 253.743345][ T9265] The buggy address is located 0 bytes to the right of [ 253.743345][ T9265] allocated 288-byte region [ffff888012c9c400, ffff888012c9c520) [ 253.748332][ T9265] [ 253.749176][ T9265] The buggy address belongs to the physical page: [ 253.751451][ T9265] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12c9c [ 253.754252][ T9265] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 253.756999][ T9265] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 253.759595][ T9265] page_type: f5(slab) [ 253.761004][ T9265] raw: 00fff00000000040 ffff88801b042c80 dead000000000100 dead000000000122 [ 253.763993][ T9265] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 253.767000][ T9265] head: 00fff00000000040 ffff88801b042c80 dead000000000100 dead000000000122 [ 253.770110][ T9265] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 253.772836][ T9265] head: 00fff00000000002 ffffea00004b2701 00000000ffffffff 00000000ffffffff [ 253.775587][ T9265] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 253.778277][ T9265] page dumped because: kasan: bad access detected [ 253.780431][ T9265] page_owner tracks the page as allocated [ 253.782541][ T9265] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5960, tgid 5960 (syz-executor), ts 65871355259, free_ts 26799974941 [ 253.789818][ T9265] post_alloc_hook+0x1c0/0x230 [ 253.791676][ T9265] get_page_from_freelist+0x10a3/0x3a30 [ 253.793772][ T9265] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 253.795791][ T9265] alloc_pages_mpol+0x1fb/0x550 [ 253.797372][ T9265] new_slab+0x24a/0x360 [ 253.798735][ T9265] ___slab_alloc+0xdc4/0x1ae0 [ 253.800220][ T9265] __slab_alloc.constprop.0+0x63/0x110 [ 253.801936][ T9265] __kmalloc_noprof+0x501/0x880 [ 253.803457][ T9265] fib6_info_alloc+0x40/0x160 [ 253.804953][ T9265] ip6_route_info_create+0x14c/0x870 [ 253.806927][ T9265] ip6_route_add.part.0+0x22/0x1d0 [ 253.808602][ T9265] ip6_route_add+0x45/0x60 [ 253.810136][ T9265] addrconf_add_mroute+0x1dd/0x350 [ 253.812194][ T9265] addrconf_add_dev+0x14e/0x1c0 [ 253.813938][ T9265] inet6_addr_add+0xfe/0x960 [ 253.815529][ T9265] inet6_rtm_newaddr+0x1619/0x1c70 [ 253.817132][ T9265] page last free pid 5364 tgid 5364 stack trace: [ 253.819095][ T9265] __free_frozen_pages+0x7df/0x1160 [ 253.820831][ T9265] __put_partials+0x130/0x170 [ 253.822354][ T9265] qlist_free_all+0x4d/0x120 [ 253.823821][ T9265] kasan_quarantine_reduce+0x195/0x1e0 [ 253.825584][ T9265] __kasan_slab_alloc+0x69/0x90 [ 253.827135][ T9265] __kmalloc_noprof+0x2e8/0x880 [ 253.828682][ T9265] tomoyo_realpath_from_path+0xc2/0x6e0 [ 253.830531][ T9265] tomoyo_path_perm+0x274/0x460 [ 253.832397][ T9265] security_inode_getattr+0x116/0x290 [ 253.834208][ T9265] vfs_fstat+0x4b/0xe0 [ 253.835740][ T9265] __do_sys_newfstat+0x87/0x100 [ 253.837770][ T9265] do_syscall_64+0xcd/0x4b0 [ 253.839550][ T9265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.841526][ T9265] [ 253.842319][ T9265] Memory state around the buggy address: [ 253.844094][ T9265] ffff888012c9c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 253.846595][ T9265] ffff888012c9c480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 253.849343][ T9265] >ffff888012c9c500: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc [ 253.852043][ T9265] ^ [ 253.853934][ T9265] ffff888012c9c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 253.856689][ T9265] ffff888012c9c600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 253.859245][ T9265] ================================================================== [ 253.863872][ T9265] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 253.866279][ T9265] CPU: 1 UID: 0 PID: 9265 Comm: syz.0.794 Not tainted syzkaller #0 PREEMPT(full) [ 253.869211][ T9265] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 253.872760][ T9265] Call Trace: [ 253.874067][ T9265] [ 253.875205][ T9265] dump_stack_lvl+0x3d/0x1f0 [ 253.876859][ T9265] vpanic+0x640/0x6f0 [ 253.878170][ T9265] panic+0xca/0xd0 [ 253.879427][ T9265] ? __pfx_panic+0x10/0x10 [ 253.880944][ T9265] ? __cpa_addr+0x1d3/0x220 [ 253.882411][ T9265] ? preempt_schedule_common+0x44/0xc0 [ 253.884248][ T9265] ? preempt_schedule_thunk+0x16/0x30 [ 253.885940][ T9265] check_panic_on_warn+0xab/0xb0 [ 253.887571][ T9265] end_report+0x107/0x170 [ 253.889150][ T9265] kasan_report+0xee/0x110 [ 253.890915][ T9265] ? __cpa_addr+0x1d3/0x220 [ 253.892635][ T9265] __cpa_addr+0x1d3/0x220 [ 253.894182][ T9265] cpa_flush+0x28b/0x8a0 [ 253.895545][ T9265] ? __pfx_cpa_flush+0x10/0x10 [ 253.897047][ T9265] ? pgprot2cachemode+0x9a/0x130 [ 253.898607][ T9265] ? __pfx_pgprot2cachemode+0x10/0x10 [ 253.900278][ T9265] ? drm_gem_get_pages+0x6a0/0xa10 [ 253.901886][ T9265] change_page_attr_set_clr+0x34e/0x4a0 [ 253.903598][ T9265] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 253.905459][ T9265] _set_pages_array+0x1ab/0x2c0 [ 253.906980][ T9265] drm_gem_shmem_get_pages_locked+0x384/0x490 [ 253.909197][ T9265] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 253.911773][ T9265] ? __pfx___might_resched+0x10/0x10 [ 253.913706][ T9265] drm_gem_shmem_mmap+0xc9/0x550 [ 253.915516][ T9265] ? __pfx_drm_gem_shmem_object_mmap+0x10/0x10 [ 253.917477][ T9265] drm_gem_mmap_obj+0x1b5/0x560 [ 253.919106][ T9265] drm_gem_mmap+0x40b/0x620 [ 253.920584][ T9265] ? __pfx_drm_gem_mmap+0x10/0x10 [ 253.922222][ T9265] ? lockdep_init_map_type+0x5c/0x280 [ 253.923899][ T9265] __mmap_region+0x1306/0x27a0 [ 253.925452][ T9265] ? __pfx___mmap_region+0x10/0x10 [ 253.927123][ T9265] ? lockdep_hardirqs_on+0x7c/0x110 [ 253.928994][ T9265] ? finish_task_switch.isra.0+0x221/0xc10 [ 253.930952][ T9265] ? rcu_is_watching+0x12/0xc0 [ 253.932544][ T9265] ? trace_sched_exit_tp+0xd1/0x120 [ 253.934518][ T9265] ? __schedule+0x11a3/0x5de0 [ 253.936183][ T9265] ? __lock_acquire+0xb97/0x1ce0 [ 253.937871][ T9265] mmap_region+0x1ab/0x3f0 [ 253.939298][ T9265] ? __get_unmapped_area+0x267/0x440 [ 253.940996][ T9265] do_mmap+0xa3e/0x1210 [ 253.942401][ T9265] ? __pfx_do_mmap+0x10/0x10 [ 253.943948][ T9265] ? __pfx_down_write_killable+0x10/0x10 [ 253.945849][ T9265] vm_mmap_pgoff+0x29e/0x470 [ 253.947549][ T9265] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 253.949330][ T9265] ? __fget_files+0x20e/0x3c0 [ 253.951034][ T9265] ksys_mmap_pgoff+0x32c/0x5c0 [ 253.952853][ T9265] ? __ia32_sys_mmap_pgoff+0x11/0x1b0 [ 253.954615][ T9265] __do_fast_syscall_32+0x7c/0x300 [ 253.956431][ T9265] do_fast_syscall_32+0x32/0x80 [ 253.957991][ T9265] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 253.960171][ T9265] RIP: 0023:0xf70de579 [ 253.961625][ T9265] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 253.968290][ T9265] RSP: 002b:00000000f54ce55c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0 [ 253.970884][ T9265] RAX: ffffffffffffffda RBX: 0000000080001000 RCX: 0000000000004000 [ 253.973579][ T9265] RDX: 0000000000000004 RSI: 0000000000000011 RDI: 0000000000000003 [ 253.976098][ T9265] RBP: 0000000000100000 R08: 0000000000000000 R09: 0000000000000000 [ 253.978876][ T9265] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 253.981770][ T9265] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 253.984825][ T9265] [ 253.986527][ T9265] Kernel Offset: disabled [ 253.987914][ T9265] Rebooting in 86400 seconds.. VM DIAGNOSIS: 07:47:41 Registers: info registers vcpu 0 CPU#0 RAX=00000000009aa9f9 RBX=0000000000000000 RCX=ffffffff8b4e2a59 RDX=0000000000000000 RSI=ffffffff8d8245fd RDI=ffffffff8bd04640 RBP=fffffbfff1bd2f40 RSP=ffffffff8de07e08 R8 =0000000000000001 R9 =ffffed1005686655 R10=ffff88802b4332ab R11=0000000000000000 R12=0000000000000000 R13=ffffffff8de97a00 R14=ffffffff905ff190 R15=0000000000000000 RIP=ffffffff8b4e157f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097c6f000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000000c28c64c CR3=000000005e893000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85207d85 RDI=ffffffff9ab610a0 RBP=ffffffff9ab61060 RSP=ffffc90007f3ee30 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=0000000000000020 R14=ffffffff9ab61060 R15=ffffffff85207d20 RIP=ffffffff85207daf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097d6f000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f723522f CR3=000000005e988000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffff88802b5424c0 RCX=ffffffff81ae8ec1 RDX=ffff888026e2a480 RSI=ffffffff81ae8e9b RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc90006d4f888 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=dffffc0000000000 R13=ffffed10056a8499 R14=0000000000000001 R15=0000000000000001 RIP=ffffffff81ae8e9d RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097e6f000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000569ef414 CR3=000000000df80000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000002d9229 RBX=0000000000000003 RCX=ffffffff8b4e2a59 RDX=0000000000000000 RSI=ffffffff8d8245fd RDI=ffffffff8bd04640 RBP=ffffed1003768000 RSP=ffffc9000048fdf8 R8 =0000000000000001 R9 =ffffed10056e6655 R10=ffff88802b7332ab R11=0000000000000000 R12=0000000000000003 R13=ffff88801bb40000 R14=ffffffff905ff190 R15=0000000000000000 RIP=ffffffff8b4e157f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097f6f000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000080188000 CR3=00000000499fd000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000