last executing test programs: 4.994467772s ago: executing program 1 (id=2088): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c00)=ANY=[@ANYBLOB="240000001200010a080000000000000007"], 0x24}}, 0x0) 4.094119778s ago: executing program 1 (id=2093): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xf39c}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x4030560b, &(0x7f0000000000)={0x0, 0x0, 0x0}) bind$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0), 0x4) sendto$unix(0xffffffffffffffff, &(0x7f0000000100)='v', 0x1, 0x0, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x4c, &(0x7f00000000c0)=0x4, 0x4) recvmmsg(0xffffffffffffffff, &(0x7f0000001d00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/67, 0x43}}], 0x1, 0x0, 0x0) 3.857153945s ago: executing program 0 (id=2097): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) 3.025574634s ago: executing program 1 (id=2103): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, 0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = epoll_create1(0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)={0xe000001a}) read$char_usb(r2, &(0x7f0000001980)=""/179, 0xb3) write$char_usb(r2, 0x0, 0x0) mkdirat(r2, &(0x7f0000000180)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.current\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r3, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r5) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) writev(r4, &(0x7f0000000800)=[{&(0x7f0000000c00)="89e7ee2c7cdad9b4b47381c988a8", 0xe}, {&(0x7f00000005c0)="c2c10b270d21", 0x6}], 0x2) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r2, &(0x7f0000000000)) write$UHID_CREATE2(r2, &(0x7f0000000580)=ANY=[@ANYBLOB="0b00000073797a3000ba2fdda67700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000aa000100060000000700000040000000ffffffffcec23482a78f0388e86c761b0dfb640c839c588e0348c02cde1b7e3666ac901b8defc5d3d08db2cba1c9cec8a965ed055ee890aece78da858d72893e012263af80f677c6c461c921880c950f2202fdd0198a909d50d506b2d8c4e3659884ad10465341b6850f63b1d5c9a360ec20333c99a9a1a9b00106e9e8bac3fb7ad0e39de7ef5b388100a44ca6b0358c8893fdbe79dea3d8d53aa19ef90d7ff60aae9cea5341719cd3caa92841923d99549729036f48ee87cfd58775d030e8efddbfedfa44ffd78421f2a906e62501000000000000009d6d28e3eb8cece5f87ca490304313fcbf6599825a0515f1cbf34727c577b17bc4c3266f78020704c02e0d0e4acad6bdc29dbeedfbc7549161fb015fa45e0d198358ffc77e815aa1ad56c423d8e54c316a82b80ae91a1683993bc6ef2328d934be542a75f48511c94f59ea90575a000acefb147c7d6e169085a04e667f41de"], 0x1c2) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) r6 = socket$nl_crypto(0x10, 0x3, 0x15) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r6, 0x10e, 0x1, 0x0, 0x0) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000a40)={&(0x7f0000000300)=@un=@abs, 0x80, 0x0, 0x0, &(0x7f0000003740)=[{0x44, 0x109, 0x7, "54180e66dc28d0c24237d79a26d607e785fb17ccb20897688ef7ca7555bd17b959064f66bbe48c6f6eb1364ecf13bae79a0dc175b91b49"}, {0x24, 0x1, 0x0, "18ed16df4964c75e955c7efad51947590b9a6d8ae33c92"}, {0xc}], 0x74}, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) 2.911361496s ago: executing program 0 (id=2107): mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d56549b, 0x0, [0xfffffffffffffffc, 0xa475, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.202455535s ago: executing program 3 (id=2113): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d56549b, 0x0, [0xfffffffffffffffc, 0xa475, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.888633699s ago: executing program 0 (id=2114): mknod(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mknod(&(0x7f0000000140)='./file0\x00', 0x8001420, 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = open(&(0x7f00000002c0)='./bus\x00', 0x42202, 0x0) splice(r0, 0x0, r1, 0x0, 0xffffffe1, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f00000000c0)) r3 = open$dir(&(0x7f0000000180)='./file0\x00', 0x7e, 0x0) writev(r3, &(0x7f0000000280)=[{&(0x7f0000000300)="e7", 0x1}], 0x1) 1.731446787s ago: executing program 0 (id=2115): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) 1.524684877s ago: executing program 2 (id=2116): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x2, 0x4, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 1.419176466s ago: executing program 2 (id=2117): syz_emit_ethernet(0x92, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd608a37f2005c2cfefe8000000000000000000000000000bbfe8000"/52], 0x0) 1.418959203s ago: executing program 2 (id=2118): mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d56549b, 0x0, [0xfffffffffffffffc, 0xa475]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.24700523s ago: executing program 2 (id=2119): syz_emit_ethernet(0x3b2, &(0x7f00000009c0)={@link_local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "a80300", 0x37c, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a741e54006598080a8030000004023493b87aafaff0500ffffffe723732472eefa45ad96579269748e254c1e4a948b580a9bc430d3be27df3e34060000ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000100000000001995319c00"}, {0x0, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5c6186c0d3baa75af390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5acaa556b9f30dcab2b90aa235a670670ffc5dc49dfb58d89310000000000"}, {0x0, 0xb, "d47ae6e8805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x7, "fcf98a102ec1876d4e6fa3b20519bbaa8a029cee00b8d3485e3b63ed09bdb581c9fe68a356f542b043059ff05932e740e077e1d16212fb"}, {0x0, 0x14, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa76ffff9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4828288e62afbf03269f1f98aea6a58cf45d7c5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c258a6f"}, {0x0, 0x4, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02c226a6bc"}]}}}}}}, 0x0) 1.147988035s ago: executing program 2 (id=2120): socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000001c0)={'gretap0\x00', &(0x7f0000000140)={'syztnl2\x00', 0x0, 0xb0, 0x700, 0x61, 0x2, {{0xd, 0x4, 0x3, 0x6, 0x34, 0x64, 0x0, 0x1, 0x29, 0x0, @multicast2, @loopback, {[@generic={0x7, 0xc, "56171eb5b118fcaa4c89"}, @cipso={0x86, 0x12, 0x3, [{0x7, 0xc, "fd632fab5061f3282c57"}]}]}}}}}) sync_file_range(0xffffffffffffffff, 0x4, 0x0, 0x0) creat(0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f0000000340)={0x0, @l2tp={0x2, 0x0, @empty}, @in={0x2, 0x0, @rand_addr=0x800000}, @isdn}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x7ff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x99) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) syz_usb_connect$hid(0x0, 0x6c, 0x0, 0x0) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) eventfd(0x0) r4 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$DVD_READ_STRUCT(r4, 0x5390, &(0x7f0000000a40)=@manufact={0x4, 0x0, 0x800, "4f152a409fc6db1f4ba2ce636cb8dbcca5e70903fecf2058c0a4b1af0b913b15609cb7e69d3edde6a9f8e6a8419b2bac628bf42f7e03279e3f5eb28803e97b5842d0b8356d4df0cee1441f97ad55c6e1f7ff1e2b8c3fa22d452bf08165b43df2207da43435a849cec10a366a37119fd49ab5affc4836ecc0b10b8f7399ccd68b515635393e3250c4953bae2ed78f8853e4f78d323e2b834b42337d8427d9cd9c109d960522e48015d1cd04ebd8d3fcdba17c01602916820501eaed7a8cfab347736a457616fc179d26c33837dc0a6bce6295c037a5896e9fb0c07b06dd93b2c56e1482b512968aa5b8c9f523a91c417bc04f58e77d2e9e093f9dfd64039aea2dc7e36cf9b624757111ff5207f21b34bc06d1c34b75e77cecbee896f17125de86ceeff26a4b492e04e9b1156fc1c4f7726a50a55a4ac2cece4f1ffc7f1e632594ed86fcfbd6b91d24ebb8cc3160b598de01fd48b9c559525280ac670d2b3cd3a21a955c2c6c33c1710058a98900b12117fbf55e075d977c8266bf918bc4f67bbddf51dc1c59dec710ebf3fe124c01d20f12c4a794881d047ce9a5b02dfa2c6d7b91abf9dd968d0b443641d0c02566045625d8649c32b3ba68e0a49bcd7eb1ad9b4da2a27f0b4c32a296d7b3c03913fd7e73829a8a623fe80b9eb93c673aa5a03026fb6b29d9deee572ff39839db9a05028c8daf61125b0da60df30528a70fed6cb745655acc847431d933ce40e4047871bad3b1f9947311f271ff930d04baa07db65dbca042deff532d4e68e239f867e2d9bc92189970583dbee1384d94c1e0e8b8460991b9950399b4a36feb61b174889cfd708e2333894753820a66345747e7f42b3de880a0799df44f0fd3c50709798923995bfb8c8b8215b108b51a3bc682b4b2dcfb463b7d257a4c68d226f0a2dd49d3815b1f807d066f9e7c01fcc85915e0caf915e179ebe6c0093d5d82c00e647bb0d7851d39bb507027c23575625924d4ca0d99447b827c72160ed2df1d854751fd9febb5f80ce3ad254a4d8c109e4ed5a8bcd8bcb3047e464de713f7c2f88527b42da9545d29318bac78bf12a836159f2392d2469270de7412dedefba4eb8ee8b9a58e704f8a751bc6ad5a3a984cebdc004ac8f6ab1138b5aa376f176f88031377956129b07daf14a8544575ecbed6f75c71a5ae23151007b405e26ad63ca137112e87bf589f4337b20873854bdf3c6b08f726b399a59b46a68afd8169134eb8b877b3cffc8c37868a4181f8a38dd8687c8ee4a42a9175332a21ca7912ad30d2590d27be1409cc4477cc87354c84906446ce58143da469be3bcfdcb794a75b122984bf6f34cb6c922716699a566328fad7dd43b9deaabca91ab1c2e7977a541a33d26b30c0fde83c03a1d3c95adb64992e19f9ca7c08f8d7ac37974e5f20b0127c3c45f5c12fee23f77ae140643d8a312191c43760a260725b6d9e2517ff5cee03bfc58501fb51830fe05d90a83f39318b39b1dba3f1204dcf86e76d3717bf6e768bac07deb7aff2f1117115b8a0affe7ea06f3f1807aca3ace12fe07bee4a64a7be8400bcc923030ddcadf15743f4e79d6bfb0b3389787605f3ed78febd990f1d028c9ac48b169bdab38eb722e6caac7558ba91cf50b986ee6d7a7960866795fb942754fc674f576c78b58b5afb6677dbeac6bcc2aebe70b4622d38aad4218dd4d4f28b9e84f8ecc9a20434ff7c9c875011055fe8d2bfbba2fbdc70a4cfed4c9333d9cf4560bf6db1cfccfead1a2e07f72f18a7aee57835a5d5c8c46b3725381a8939794882779653ad335fa874017b0c921ebee1a7f0f76154fda24ec9b83a08a6aefdf3b012883591e3007f3bd327fb9d0441077d6d6791e2bf7b16ef9136d176eea9e8869f45981c12f80c86ec672b4f48600c5cfefdd90508330e3dc8632c28f5cc694993591c6bf4d817918d6ef7790416709a3d36e1ebd751dce62cae8d2bdc4a95a9a53e24602e85c4e9999a5ae5f838abfd40c0d24acbfe3f25fa4141d6826a0f7f6562da34e26738377ec307a0434b6a0c6e045d4ee28cc8fc3377a662aa1f5c05e6717827e87917e6402985fa878b3039cb9f77c6246d484d3554ff03e102ec20584afc24f380fd7c3869db78d70360ba94ea8f7b49deabdeec87141eed2db17b2af0012c0b1449fb9b6b06739e771eb141b3663065c80704862a00cb0152894d3a180ecaef540677c490174b5f8ca7af5a2d39f7787b7bd45607f967cec43ef0b9710965ab19567a88bf50ca416ab2e05d4b7c2f6b7118bc9969a47045098ffb80f577bb466d71986ee9f4f060556ec9bcefc7ba910bd7737f912dbdfe0511c11d4d163f7b80911518b7e73f077f3cb5f674c50cce669c8358102507edd6ef5aef31d2435f839fee2379e2b0169a72bc23114309155e55829b25818ba0ff158e107ce00a403acfbde3d0e2a16edda8d47cec64659fe636b1f65d2c11944c1647d4a652057d465412f9aaadb994b053a6a647b7779e5406641134fd02cdd46bb01200634507a4da1256c872dbdbafdc6febdf522e65b5e96a897040f9fe3cfb179e0a556a646445a38bd63b062bea254808dc13ea3a9324f3c458c4f01aa4ec671d0cfd06f52695a9db4d36110e7caab7255f46d22a16517cb3a3488a4489ed2977b1f9b08f14e61938a5fbc22e27b07ff3e14a755e94372ad2778fa3ee53068152f180abbb1047ab9a7b2e32fe06827f29af2fd5ba9170224ce92ed5e9ef06dcfa8e91d704daec89eb835f6d67f933ed58c937db776ec167524fa1d77d7fe405153f7c37e22cefe2f1939e85a2119a52c5f267b85b1d21fb6b71fcbfec03864e12a04c93ea64d0cf4b50432449404a5608a6f01e04bd6c4e543b812f23a32fb808807c9aded68b8528"}) 1.112665706s ago: executing program 3 (id=2121): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) 814.754305ms ago: executing program 3 (id=2122): ioctl$IOC_WATCH_QUEUE_SET_FILTER(0xffffffffffffffff, 0x5761, &(0x7f0000000840)=ANY=[]) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x2}) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000140)={0x8000, 0x1, 0x4}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000040)=0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) socket$rds(0x15, 0x5, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) memfd_create(0x0, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r5, 0x0, 0xf3a, 0x0) write$cgroup_pid(r5, &(0x7f0000000040), 0x12) splice(r4, 0x0, r2, 0x0, 0x20000000009, 0x0) write$binfmt_misc(r5, 0x0, 0x4) write(r2, 0x0, 0x0) 716.353011ms ago: executing program 0 (id=2123): ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0) syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYRES64, @ANYRES32, @ANYRES8, @ANYRESHEX], 0x4e) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000280), 0x20000, 0x0) ioctl$SNDCTL_DSP_GETODELAY(0xffffffffffffffff, 0x80045017, 0x0) syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="04040b144d48270cbdeccc9e056c"], 0xe) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x5) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r4 = socket(0x22, 0x0, 0x4) getsockname(r4, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000200)=0x40000000) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r6 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f0000000440)={0x0, 0x0, r7, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f00000004c0)={r8, 0x0, 0x0, 0x0, 0x1, [0x0], [0x0, 0x0, 0xd1b0], [], [0xffffffffffffffff, 0x8000000000000001, 0x0, 0x6]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0xf, 0xb2}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f0000000080)={r9, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r10}) close_range(r0, 0xffffffffffffffff, 0x0) 573.912408ms ago: executing program 0 (id=2124): signalfd(0xffffffffffffffff, &(0x7f0000000000)={[0x2b4b]}, 0x8) syz_io_uring_setup(0x0, &(0x7f0000000400)={0x0, 0x0, 0x4, 0x2}, 0x0, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, 0x0}) pwritev2(0xffffffffffffffff, &(0x7f00000012c0)=[{&(0x7f0000000100)="7270aa3f0c63ef31716980d71af481e691d156e5c690c37493c965008b713ed133a85027d43b49d05b8ec0e538f674752205f76fb42632a5233a7d64e1cea692029b6a", 0x43}], 0x1, 0x0, 0x0, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000ac0)={0x1, 0x0, [{0x0, 0xd3, &(0x7f0000000780)=""/211}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=""/253, 0x0, &(0x7f0000000600)=""/91}) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f00000001c0)={0x28, 0x0, 0x0, @my=0x1}, 0x10) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000080)) syz_usb_connect(0x0, 0x24, &(0x7f0000000340)={{0x12, 0x1, 0x0, 0x32, 0xe, 0xa5, 0x8, 0x5dc, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x54, 0xa2, 0x3e}}]}}]}}, 0x0) 476.991423ms ago: executing program 3 (id=2125): mknod(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mknod(&(0x7f0000000140)='./file0\x00', 0x8001420, 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = open(&(0x7f00000002c0)='./bus\x00', 0x42202, 0x0) splice(r0, 0x0, r1, 0x0, 0xffffffe1, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f00000000c0)) r3 = open$dir(&(0x7f0000000180)='./file0\x00', 0x7e, 0x0) writev(r3, &(0x7f0000000280)=[{&(0x7f0000000300)="e7", 0x1}], 0x1) 476.65373ms ago: executing program 1 (id=2126): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00'}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2, 0x2}, 0x10) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00'}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r2, r3, 0x2, 0x2}, 0x10) socket$l2tp(0x2, 0x2, 0x73) 476.538329ms ago: executing program 1 (id=2127): syz_emit_ethernet(0x92, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd608a37f2005c2cfefe8000000000000000000000000000bbfe8000"/52], 0x0) 377.154369ms ago: executing program 3 (id=2128): syz_emit_ethernet(0x3b4, &(0x7f00000009c0)={@link_local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "a80300", 0x37e, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a741e54006598080a8030000004023493b87aafaff0500ffffffe723732472eefa45ad96579269748e254c1e4a948b580a9bc430d3be27df3e34060000ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000100000000001995319c00"}, {0x0, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5c6186c0d3baa75af390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5acaa556b9f30dcab2b90aa235a670670ffc5dc49dfb58d89310000000000"}, {0x0, 0xb, "d47ae6e8805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x7, "fcf98a102ec1876d4e6fa3b20519bbaa8a029cee00b8d3485e3b63ed09bdb581c9fe68a356f542b043059ff05932e740e077e1d16212fb"}, {0x0, 0x14, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa76ffff9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4828288e62afbf03269f1f98aea6a58cf45d7c5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c258a6f"}, {0x0, 0x4, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02c226a6bce65f"}]}}}}}}, 0x0) 376.799341ms ago: executing program 3 (id=2129): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x203, 0x8401) r1 = fcntl$dupfd(r0, 0x0, r0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e0000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000c00)='ext4_journal_start\x00', r2}, 0x10) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000340)={0x82, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) modify_ldt$write2(0x11, &(0x7f0000000000)={0x290, 0x20000000}, 0x10) socket$inet6(0xa, 0x0, 0x0) modify_ldt$write2(0x11, &(0x7f0000000480), 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xffffffffffffffff) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)) socketpair$unix(0x1, 0x2, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r4) sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)={0x20, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0xc, 0x2, 0x0, 0x0, @str='nl80211\x00'}]}, 0x20}}, 0x0) 75.918699ms ago: executing program 1 (id=2130): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x203, 0x8401) r2 = fcntl$dupfd(r1, 0x0, r1) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e0000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000c00)='ext4_journal_start\x00', r3}, 0x10) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000340)={0x82, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) modify_ldt$write2(0x11, &(0x7f0000000000)={0x290, 0x20000000}, 0x10) socket$inet6(0xa, 0x0, 0x0) modify_ldt$write2(0x11, &(0x7f0000000480), 0x10) modify_ldt$write(0x1, &(0x7f0000000500), 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10) add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xffffffffffffffff) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)={0x20, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0xc, 0x2, 0x0, 0x0, @str='nl80211\x00'}]}, 0x20}}, 0x0) 0s ago: executing program 2 (id=2131): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0xc0189436, 0x1000000000000) r0 = getpid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00'}, 0x10) process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r1 = syz_open_procfs(0x0, 0x0) preadv(r1, &(0x7f0000000300)=[{&(0x7f0000000580)=""/181, 0xb5}], 0x1, 0x1002, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={0x0, 0x14c}}, 0x0) openat$cgroup_ro(r1, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400), 0x0, &(0x7f0000000080)=[{&(0x7f0000008480)=""/85, 0x55}], 0x1, 0x0) r4 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@newqdisc={0x38, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pie={{0x8}, {0xc, 0x2, [@TCA_PIE_BETA={0x8}]}}]}, 0x38}}, 0x0) kernel console output (not intermixed with test programs): ribute type 1 has an invalid length. [ 71.514692][ T6036] hpfs: Bad magic ... probably not HPFS [ 71.542531][ T55] usb 5-1: usb_control_msg returned -32 [ 71.548449][ T55] usbtmc 5-1:16.0: can't read capabilities [ 71.565447][ T55] usb 5-1: USB disconnect, device number 2 [ 71.800530][ T6039] fuse: Unknown parameter '' [ 71.898924][ T6046] ptrace attach of "/syz-executor exec"[5195] was attempted by "/syz-executor exec"[6046] [ 72.216824][ T6062] program syz.1.202 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 72.236151][ T6064] hpfs: Bad magic ... probably not HPFS [ 72.447291][ T1279] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 72.494027][ T6068] fuse: Unknown parameter '' [ 72.605508][ T6073] ptrace attach of "/syz-executor exec"[5191] was attempted by "/syz-executor exec"[6073] [ 72.640264][ T1279] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 72.645039][ T1279] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 72.667203][ T1279] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 64 [ 72.679979][ T1279] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 72.684856][ T1279] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 72.693908][ T1279] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 72.699516][ T1279] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 72.703512][ T1279] usb 7-1: Product: syz [ 72.704983][ T1279] usb 7-1: Manufacturer: syz [ 72.706672][ T1279] usb 7-1: SerialNumber: syz [ 72.824723][ T6080] netlink: 'syz.0.208': attribute type 1 has an invalid length. [ 72.827475][ T6080] __nla_validate_parse: 5 callbacks suppressed [ 72.827483][ T6080] netlink: 240 bytes leftover after parsing attributes in process `syz.0.208'. [ 72.841407][ T6077] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [ 72.933303][ T6059] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 72.941061][ T1279] cdc_ncm 7-1:1.0: bind() failure [ 72.951306][ T1279] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found [ 72.954195][ T1279] cdc_ncm 7-1:1.1: bind() failure [ 72.961026][ T1279] usb 7-1: USB disconnect, device number 2 [ 73.104998][ T6095] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 73.123062][ T6095] random: crng reseeded on system resumption [ 73.209882][ T6100] hpfs: Bad magic ... probably not HPFS [ 73.278760][ T6102] ptrace attach of "/syz-executor exec"[5203] was attempted by "/syz-executor exec"[6102] [ 73.484424][ T6104] fuse: Unknown parameter '' [ 73.679593][ T6116] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 73.996155][ T6128] syz.3.222 uses obsolete (PF_INET,SOCK_PACKET) [ 74.033178][ T6130] random: crng reseeded on system resumption [ 74.136007][ T6134] hpfs: Bad magic ... probably not HPFS [ 74.197823][ T6138] ptrace attach of "/syz-executor exec"[5194] was attempted by "/syz-executor exec"[6138] [ 74.447383][ T6157] netlink: 'syz.2.233': attribute type 10 has an invalid length. [ 74.458339][ T6157] batman_adv: batadv0: Adding interface: hsr_slave_0 [ 74.461000][ T6157] batman_adv: batadv0: The MTU of interface hsr_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.474814][ T6157] batman_adv: batadv0: Not using interface hsr_slave_0 (retrying later): interface not active [ 74.990290][ T6178] ptrace attach of "/syz-executor exec"[5203] was attempted by "/syz-executor exec"[6178] [ 75.182894][ T6182] netlink: 44 bytes leftover after parsing attributes in process `syz.3.239'. [ 75.189775][ T6182] netlink: 12 bytes leftover after parsing attributes in process `syz.3.239'. [ 75.494760][ T6199] random: crng reseeded on system resumption [ 75.650932][ T6204] netlink: 'syz.1.245': attribute type 10 has an invalid length. [ 75.661306][ T6204] batman_adv: batadv0: Adding interface: hsr_slave_0 [ 75.663628][ T6204] batman_adv: batadv0: The MTU of interface hsr_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.672879][ T6204] batman_adv: batadv0: Not using interface hsr_slave_0 (retrying later): interface not active [ 76.046289][ T6213] capability: warning: `syz.1.248' uses deprecated v2 capabilities in a way that may be insecure [ 77.113019][ T5205] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 77.118525][ T5205] CPU: 2 PID: 5205 Comm: kworker/u33:7 Not tainted 6.10.0-rc5-syzkaller-00280-g27b31deb900d #0 [ 77.122793][ T5205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 77.127225][ T5205] Workqueue: hci1 hci_rx_work [ 77.129200][ T5205] Call Trace: [ 77.130612][ T5205] [ 77.131863][ T5205] dump_stack_lvl+0x16c/0x1f0 [ 77.133908][ T5205] sysfs_warn_dup+0x7f/0xa0 [ 77.135808][ T5205] sysfs_create_dir_ns+0x24d/0x2b0 [ 77.137952][ T5205] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 77.140352][ T5205] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 77.142587][ T5205] ? do_raw_spin_unlock+0x172/0x230 [ 77.144775][ T5205] kobject_add_internal+0x2c8/0x990 [ 77.146979][ T5205] kobject_add+0x16f/0x240 [ 77.148869][ T5205] ? __pfx_kobject_add+0x10/0x10 [ 77.150975][ T5205] ? do_raw_spin_unlock+0x172/0x230 [ 77.153181][ T5205] ? kobject_put+0xbe/0x5b0 [ 77.155143][ T5205] device_add+0x289/0x1a70 [ 77.157140][ T5205] ? __pfx_dev_set_name+0x10/0x10 [ 77.159131][ T5205] ? __pfx_device_add+0x10/0x10 [ 77.160830][ T5205] ? mgmt_send_event_skb+0x2f0/0x460 [ 77.162753][ T5205] hci_conn_add_sysfs+0x17e/0x230 [ 77.164864][ T5205] le_conn_complete_evt+0xfc7/0x1cf0 [ 77.167226][ T5205] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 77.169598][ T5205] ? trace_contention_end+0xea/0x140 [ 77.171823][ T5205] hci_le_enh_conn_complete_evt+0x23d/0x380 [ 77.174340][ T5205] ? skb_pull_data+0x166/0x210 [ 77.176371][ T5205] hci_le_meta_evt+0x2e2/0x5d0 [ 77.178380][ T5205] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 77.181100][ T5205] hci_event_packet+0x664/0x1190 [ 77.183037][ T5205] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 77.184802][ T5205] ? __pfx_hci_event_packet+0x10/0x10 [ 77.186648][ T5205] ? mark_held_locks+0x9f/0xe0 [ 77.188260][ T5205] ? kcov_remote_start+0x3d1/0x6e0 [ 77.190037][ T5205] ? lockdep_hardirqs_on+0x7c/0x110 [ 77.191888][ T5205] hci_rx_work+0x2c4/0x1610 [ 77.193448][ T5205] process_one_work+0x958/0x1ad0 [ 77.195150][ T5205] ? __pfx_lock_acquire+0x10/0x10 [ 77.196843][ T5205] ? __pfx_process_one_work+0x10/0x10 [ 77.198651][ T5205] ? assign_work+0x1a0/0x250 [ 77.200208][ T5205] worker_thread+0x6c8/0xf30 [ 77.201830][ T5205] ? __kthread_parkme+0x148/0x220 [ 77.203536][ T5205] ? __pfx_worker_thread+0x10/0x10 [ 77.205279][ T5205] kthread+0x2c1/0x3a0 [ 77.206693][ T5205] ? _raw_spin_unlock_irq+0x23/0x50 [ 77.208451][ T5205] ? __pfx_kthread+0x10/0x10 [ 77.210023][ T5205] ret_from_fork+0x45/0x80 [ 77.211577][ T5205] ? __pfx_kthread+0x10/0x10 [ 77.213149][ T5205] ret_from_fork_asm+0x1a/0x30 [ 77.214754][ T5205] [ 77.216493][ T5205] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 77.222240][ T5205] Bluetooth: hci1: failed to register connection device [ 77.655034][ T6239] netlink: 'syz.0.257': attribute type 10 has an invalid length. [ 77.664111][ T6239] batman_adv: batadv0: Adding interface: hsr_slave_0 [ 77.667948][ T6239] batman_adv: batadv0: The MTU of interface hsr_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.676295][ T6239] batman_adv: batadv0: Not using interface hsr_slave_0 (retrying later): interface not active [ 77.945655][ T6248] random: crng reseeded on system resumption [ 78.644911][ T6280] netlink: 4 bytes leftover after parsing attributes in process `syz.3.266'. [ 78.736153][ T6279] netlink: 'syz.2.267': attribute type 10 has an invalid length. [ 79.187469][ T5198] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 79.345190][ T6294] mmap: syz.0.271 (6294) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 80.139778][ T6301] Cannot find set identified by id 0 to match [ 80.405244][ T6311] netlink: 48 bytes leftover after parsing attributes in process `syz.3.276'. [ 80.468440][ T6321] netlink: 4 bytes leftover after parsing attributes in process `syz.0.279'. [ 81.065691][ T5205] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 81.069740][ T5205] CPU: 2 PID: 5205 Comm: kworker/u33:7 Not tainted 6.10.0-rc5-syzkaller-00280-g27b31deb900d #0 [ 81.073832][ T5205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 81.077006][ T5205] Workqueue: hci3 hci_rx_work [ 81.078429][ T5205] Call Trace: [ 81.079412][ T5205] [ 81.080288][ T5205] dump_stack_lvl+0x16c/0x1f0 [ 81.082002][ T5205] sysfs_warn_dup+0x7f/0xa0 [ 81.083706][ T5205] sysfs_create_dir_ns+0x24d/0x2b0 [ 81.085827][ T5205] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 81.087902][ T5205] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 81.090056][ T5205] ? do_raw_spin_unlock+0x172/0x230 [ 81.092183][ T5205] kobject_add_internal+0x2c8/0x990 [ 81.094215][ T5205] kobject_add+0x16f/0x240 [ 81.095968][ T5205] ? __pfx_kobject_add+0x10/0x10 [ 81.097748][ T5205] ? do_raw_spin_unlock+0x172/0x230 [ 81.099730][ T5205] ? kobject_put+0xbe/0x5b0 [ 81.101508][ T5205] device_add+0x289/0x1a70 [ 81.102899][ T5205] ? __pfx_dev_set_name+0x10/0x10 [ 81.104379][ T5205] ? __pfx_device_add+0x10/0x10 [ 81.105828][ T5205] ? mgmt_send_event_skb+0x2f0/0x460 [ 81.107390][ T5205] hci_conn_add_sysfs+0x17e/0x230 [ 81.108851][ T5205] le_conn_complete_evt+0xfc7/0x1cf0 [ 81.110398][ T5205] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 81.112140][ T5205] ? trace_contention_end+0xea/0x140 [ 81.113813][ T5205] hci_le_enh_conn_complete_evt+0x23d/0x380 [ 81.115630][ T5205] ? skb_pull_data+0x166/0x210 [ 81.117093][ T5205] hci_le_meta_evt+0x2e2/0x5d0 [ 81.118571][ T5205] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 81.120615][ T5205] hci_event_packet+0x664/0x1190 [ 81.122591][ T5205] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 81.124387][ T5205] ? __pfx_hci_event_packet+0x10/0x10 [ 81.126016][ T5205] ? mark_held_locks+0x9f/0xe0 [ 81.127500][ T5205] ? kcov_remote_start+0x3d1/0x6e0 [ 81.129067][ T5205] ? lockdep_hardirqs_on+0x7c/0x110 [ 81.130656][ T5205] hci_rx_work+0x2c4/0x1610 [ 81.132062][ T5205] process_one_work+0x958/0x1ad0 [ 81.133619][ T5205] ? __pfx_lock_acquire+0x10/0x10 [ 81.135406][ T5205] ? __pfx_process_one_work+0x10/0x10 [ 81.137538][ T5205] ? assign_work+0x1a0/0x250 [ 81.139469][ T5205] worker_thread+0x6c8/0xf30 [ 81.141450][ T5205] ? __kthread_parkme+0x148/0x220 [ 81.143657][ T5205] ? __pfx_worker_thread+0x10/0x10 [ 81.145802][ T5205] kthread+0x2c1/0x3a0 [ 81.147489][ T5205] ? _raw_spin_unlock_irq+0x23/0x50 [ 81.149261][ T5205] ? __pfx_kthread+0x10/0x10 [ 81.150717][ T5205] ret_from_fork+0x45/0x80 [ 81.152082][ T5205] ? __pfx_kthread+0x10/0x10 [ 81.153479][ T5205] ret_from_fork_asm+0x1a/0x30 [ 81.154940][ T5205] [ 81.157917][ T5205] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 81.162845][ T5205] Bluetooth: hci3: failed to register connection device [ 81.369128][ T815] cfg80211: failed to load regulatory.db [ 82.124401][ T6377] netlink: 20 bytes leftover after parsing attributes in process `syz.2.290'. [ 82.636654][ T6389] netlink: 4 bytes leftover after parsing attributes in process `syz.3.292'. [ 83.211858][ T6416] netlink: 'syz.1.302': attribute type 7 has an invalid length. [ 83.215758][ T5205] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 83.226085][ T6416] : entered promiscuous mode [ 83.228288][ T5205] CPU: 2 PID: 5205 Comm: kworker/u33:7 Not tainted 6.10.0-rc5-syzkaller-00280-g27b31deb900d #0 [ 83.231872][ T5205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 83.235528][ T5205] Workqueue: hci2 hci_rx_work [ 83.237173][ T5205] Call Trace: [ 83.238314][ T5205] [ 83.239348][ T5205] dump_stack_lvl+0x16c/0x1f0 [ 83.241224][ T5205] sysfs_warn_dup+0x7f/0xa0 [ 83.243014][ T5205] sysfs_create_dir_ns+0x24d/0x2b0 [ 83.244793][ T5205] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 83.247094][ T5205] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 83.249656][ T5205] ? do_raw_spin_unlock+0x172/0x230 [ 83.252432][ T5205] kobject_add_internal+0x2c8/0x990 [ 83.254404][ T5205] kobject_add+0x16f/0x240 [ 83.256115][ T5205] ? __pfx_kobject_add+0x10/0x10 [ 83.257834][ T5205] ? do_raw_spin_unlock+0x172/0x230 [ 83.259691][ T5205] ? kobject_put+0xbe/0x5b0 [ 83.261370][ T5205] device_add+0x289/0x1a70 [ 83.262900][ T5205] ? __pfx_dev_set_name+0x10/0x10 [ 83.264642][ T5205] ? __pfx_device_add+0x10/0x10 [ 83.266293][ T5205] ? mgmt_send_event_skb+0x2f0/0x460 [ 83.268213][ T5205] hci_conn_add_sysfs+0x17e/0x230 [ 83.270099][ T5205] le_conn_complete_evt+0xfc7/0x1cf0 [ 83.272445][ T5205] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 83.274975][ T5205] ? trace_contention_end+0xea/0x140 [ 83.277255][ T5205] hci_le_enh_conn_complete_evt+0x23d/0x380 [ 83.279431][ T5205] ? skb_pull_data+0x166/0x210 [ 83.281332][ T5205] hci_le_meta_evt+0x2e2/0x5d0 [ 83.283273][ T5205] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 83.285513][ T5205] hci_event_packet+0x664/0x1190 [ 83.287272][ T5205] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 83.289076][ T5205] ? __pfx_hci_event_packet+0x10/0x10 [ 83.291009][ T5205] ? mark_held_locks+0x9f/0xe0 [ 83.293134][ T5205] ? kcov_remote_start+0x3d1/0x6e0 [ 83.295434][ T5205] ? lockdep_hardirqs_on+0x7c/0x110 [ 83.297871][ T5205] hci_rx_work+0x2c4/0x1610 [ 83.300129][ T5205] process_one_work+0x958/0x1ad0 [ 83.302357][ T5205] ? __pfx_lock_acquire+0x10/0x10 [ 83.304534][ T5205] ? __pfx_process_one_work+0x10/0x10 [ 83.306848][ T5205] ? assign_work+0x1a0/0x250 [ 83.308836][ T5205] worker_thread+0x6c8/0xf30 [ 83.310899][ T5205] ? __kthread_parkme+0x148/0x220 [ 83.312622][ T5205] ? __pfx_worker_thread+0x10/0x10 [ 83.314284][ T5205] kthread+0x2c1/0x3a0 [ 83.315667][ T5205] ? _raw_spin_unlock_irq+0x23/0x50 [ 83.317446][ T5205] ? __pfx_kthread+0x10/0x10 [ 83.319010][ T5205] ret_from_fork+0x45/0x80 [ 83.320639][ T5205] ? __pfx_kthread+0x10/0x10 [ 83.322248][ T5205] ret_from_fork_asm+0x1a/0x30 [ 83.323944][ T5205] [ 83.328815][ T5205] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 83.334596][ T5205] Bluetooth: hci2: failed to register connection device [ 84.556354][ T6438] netlink: 4 bytes leftover after parsing attributes in process `syz.2.308'. [ 85.379601][ T5205] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 85.498985][ T84] Bluetooth: hci4: Frame reassembly failed (-84) [ 86.804363][ T6503] netlink: 4 bytes leftover after parsing attributes in process `syz.2.322'. [ 87.507304][ T5198] Bluetooth: hci4: command 0x1003 tx timeout [ 87.507438][ T5205] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 87.717514][ T6524] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [ 87.874809][ T5205] Bluetooth: Unknown LE signaling command 0x08 [ 87.879430][ T5205] Bluetooth: Wrong link type (-22) [ 88.276107][ T6544] 9pnet_fd: Insufficient options for proto=fd [ 88.296666][ T6544] vivid-001: disconnect [ 88.310215][ T6543] vivid-001: reconnect [ 88.512514][ T5198] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.520671][ T5198] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.526772][ T5198] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.536365][ T5198] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.541858][ T5198] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 88.548066][ T5198] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.730941][ T6564] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [ 88.828252][ T1087] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.934884][ T1087] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.558729][ T6575] netlink: 6 bytes leftover after parsing attributes in process `syz.3.342'. [ 89.615480][ T6578] syz.3.342[6578] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 89.615633][ T6578] syz.3.342[6578] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 89.903551][ T6554] chnl_net:caif_netlink_parms(): no params data found [ 90.639525][ T5205] Bluetooth: hci2: command tx timeout [ 90.972557][ T1087] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.087080][ T1087] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.147909][ T6554] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.151054][ T6554] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.153997][ T6554] bridge_slave_0: entered allmulticast mode [ 91.193396][ T6554] bridge_slave_0: entered promiscuous mode [ 91.200545][ T6554] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.207379][ T6554] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.210919][ T6554] bridge_slave_1: entered allmulticast mode [ 91.218427][ T6554] bridge_slave_1: entered promiscuous mode [ 91.374448][ T6554] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.386509][ T6554] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.589617][ T6554] team0: Port device team_slave_0 added [ 91.599920][ T1087] bridge_slave_1: left allmulticast mode [ 91.608087][ T1087] bridge_slave_1: left promiscuous mode [ 91.611935][ T1087] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.623694][ T1087] bridge_slave_0: left allmulticast mode [ 91.625615][ T1087] bridge_slave_0: left promiscuous mode [ 91.637375][ T1087] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.034569][ T6609] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [ 92.180639][ T1087] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 92.196696][ T1087] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 92.211531][ T1087] bond0 (unregistering): Released all slaves [ 92.223728][ T6554] team0: Port device team_slave_1 added [ 92.301493][ T6554] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.304418][ T6554] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.314266][ T6554] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.333302][ T6554] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.335678][ T6554] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.348168][ T6554] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.417927][ T6554] hsr_slave_0: entered promiscuous mode [ 92.421251][ T6554] hsr_slave_1: entered promiscuous mode [ 92.423794][ T6554] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.426970][ T6554] Cannot create hsr debugfs directory [ 92.707409][ T5205] Bluetooth: hci2: command tx timeout [ 94.647712][ T1087] hsr_slave_0: left promiscuous mode [ 94.651853][ T1087] hsr_slave_1: left promiscuous mode [ 94.654970][ T1087] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 94.660364][ T1087] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 94.663927][ T1087] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 94.667290][ T1087] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 94.670454][ T1087] batman_adv: batadv0: Removing interface: hsr_slave_0 [ 94.703148][ T1087] veth1_macvtap: left promiscuous mode [ 94.706191][ T1087] veth0_macvtap: left promiscuous mode [ 94.709073][ T1087] veth1_vlan: left promiscuous mode [ 94.711539][ T1087] veth0_vlan: left promiscuous mode [ 94.789129][ T5205] Bluetooth: hci2: command tx timeout [ 94.963180][ T6649] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [ 95.275981][ T6662] fuse: Bad value for 'fd' [ 95.753125][ T1087] team0 (unregistering): Port device team_slave_1 removed [ 95.833789][ T1087] team0 (unregistering): Port device team_slave_0 removed [ 96.877285][ T5205] Bluetooth: hci2: command tx timeout [ 98.914494][ T6709] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [ 99.752765][ T6554] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 99.763256][ T6554] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 99.787841][ T6554] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 99.794931][ T6554] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 99.894553][ T6554] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.922224][ T6554] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.930567][ T55] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.933408][ T55] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.946085][ T826] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.948615][ T826] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.988603][ T6554] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 100.140052][ T6554] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.803746][ T6554] veth0_vlan: entered promiscuous mode [ 101.826166][ T6554] veth1_vlan: entered promiscuous mode [ 101.866958][ T6554] veth0_macvtap: entered promiscuous mode [ 101.874087][ T6554] veth1_macvtap: entered promiscuous mode [ 101.889974][ T6554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 101.894999][ T6554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.899342][ T6554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 101.903167][ T6554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.908133][ T6554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 101.912307][ T6554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.919922][ T6554] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.936027][ T6554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 101.941113][ T6554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.946162][ T6554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 101.953381][ T6554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.956971][ T6554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 101.962211][ T6554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.968626][ T6554] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.976203][ T6554] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.980644][ T6554] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.984437][ T6554] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.988505][ T6554] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.073126][ T84] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.084607][ T84] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.118702][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.121859][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.556954][ T5198] Bluetooth: hci4: sending frame failed (-49) [ 102.560974][ T5205] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 110.743946][ T6854] bridge0: entered promiscuous mode [ 110.746370][ T6854] bridge0: entered allmulticast mode [ 111.197624][ T6894] netlink: 'syz.3.421': attribute type 8 has an invalid length. [ 111.240631][ T39] kauditd_printk_skb: 30 callbacks suppressed [ 111.240646][ T39] audit: type=1800 audit(1719725024.129:42): pid=6899 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.423" name="file0" dev="sda1" ino=1954 res=0 errno=0 [ 111.720233][ T39] audit: type=1800 audit(1719725024.609:43): pid=6936 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.441" name="file0" dev="sda1" ino=1965 res=0 errno=0 [ 112.371793][ T6988] netlink: 4 bytes leftover after parsing attributes in process `syz.3.457'. [ 112.374881][ T6988] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 112.760983][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 113.030524][ T7018] netlink: 8 bytes leftover after parsing attributes in process `syz.1.469'. [ 113.043042][ T7018] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 113.046334][ T7018] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 113.049810][ T7018] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 113.053304][ T7018] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 113.056417][ T7018] vxlan0: entered promiscuous mode [ 113.058319][ T7018] vxlan0: entered allmulticast mode [ 113.249510][ T7026] netlink: 188 bytes leftover after parsing attributes in process `syz.1.473'. [ 113.356228][ T7030] netlink: 4 bytes leftover after parsing attributes in process `syz.1.475'. [ 113.463203][ T39] audit: type=1326 audit(1719725026.349:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7035 comm="syz.0.479" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 113.470978][ T39] audit: type=1326 audit(1719725026.349:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7035 comm="syz.0.479" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 113.478566][ T39] audit: type=1326 audit(1719725026.359:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7035 comm="syz.0.479" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 113.486366][ T39] audit: type=1326 audit(1719725026.359:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7035 comm="syz.0.479" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 113.494325][ T39] audit: type=1326 audit(1719725026.359:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7035 comm="syz.0.479" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 113.532277][ T39] audit: type=1326 audit(1719725026.359:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7035 comm="syz.0.479" exe="/syz-executor" sig=0 arch=40000003 syscall=367 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 113.547160][ T39] audit: type=1326 audit(1719725026.359:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7035 comm="syz.0.479" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 113.567834][ T39] audit: type=1326 audit(1719725026.359:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7035 comm="syz.0.479" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 113.714609][ T7062] syz.1.491[7062] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 113.714762][ T7062] syz.1.491[7062] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 114.034178][ T7080] overlayfs: missing 'lowerdir' [ 114.346860][ T7110] syzkaller0: entered promiscuous mode [ 114.349122][ T7110] syzkaller0: entered allmulticast mode [ 114.792934][ T5198] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 114.803437][ T5198] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 114.806548][ T5198] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 114.810747][ T5198] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 114.814115][ T5198] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 114.816658][ T5198] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 115.651345][ T43] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 115.656040][ T43] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.793127][ T43] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 115.796748][ T43] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.821552][ T7178] pim6reg1: entered promiscuous mode [ 115.823626][ T7178] pim6reg1: entered allmulticast mode [ 115.915366][ T43] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 115.927918][ T43] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.036815][ T43] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 116.044254][ T43] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.084656][ T7143] chnl_net:caif_netlink_parms(): no params data found [ 116.243756][ T5198] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 116.248333][ T5198] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 116.256669][ T5198] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 116.258170][ T7231] fuse: Invalid rootmode [ 116.260759][ T5198] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 116.264824][ T5198] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 116.269842][ T5198] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 116.276715][ T39] audit: type=1804 audit(1719725029.159:52): pid=7231 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.564" name="/syzkaller.OfDb3O/34/file0" dev="sda1" ino=1955 res=1 errno=0 [ 116.349471][ T7143] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.352683][ T7143] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.355956][ T7143] bridge_slave_0: entered allmulticast mode [ 116.368599][ T7143] bridge_slave_0: entered promiscuous mode [ 116.372386][ T7143] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.375570][ T7143] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.379387][ T7143] bridge_slave_1: entered allmulticast mode [ 116.382893][ T7143] bridge_slave_1: entered promiscuous mode [ 116.412774][ T43] bridge_slave_1: left allmulticast mode [ 116.415814][ T43] bridge_slave_1: left promiscuous mode [ 116.418265][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.425068][ T43] bridge_slave_0: left allmulticast mode [ 116.427113][ T43] bridge_slave_0: left promiscuous mode [ 116.429310][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.743859][ T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 116.749586][ T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 116.763493][ T43] bond0 (unregistering): Released all slaves [ 116.836079][ T43] : left promiscuous mode [ 116.867375][ T5198] Bluetooth: hci3: command tx timeout [ 116.931316][ T7143] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 116.955769][ T7143] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 117.284691][ T7262] netlink: 5 bytes leftover after parsing attributes in process `syz.2.573'. [ 117.288301][ T7262] 0XD: renamed from gretap0 (while UP) [ 117.299091][ T7262] 0XD: entered allmulticast mode [ 117.372067][ T7143] team0: Port device team_slave_0 added [ 117.376371][ T7143] team0: Port device team_slave_1 added [ 117.481195][ T7143] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 117.483538][ T7143] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.501532][ T7143] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 117.511452][ T7143] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 117.518448][ T7143] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.539549][ T7143] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 117.660567][ T7143] hsr_slave_0: entered promiscuous mode [ 117.668627][ T7143] hsr_slave_1: entered promiscuous mode [ 117.671520][ T7143] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 117.674116][ T7143] Cannot create hsr debugfs directory [ 117.764456][ T43] hsr_slave_0: left promiscuous mode [ 117.770696][ T43] hsr_slave_1: left promiscuous mode [ 117.773462][ T43] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 117.776861][ T43] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 117.781996][ T43] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 117.785337][ T43] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 117.789925][ T43] batman_adv: batadv0: Removing interface: hsr_slave_0 [ 117.813467][ T43] veth1_macvtap: left promiscuous mode [ 117.815420][ T43] veth0_macvtap: left promiscuous mode [ 117.817882][ T43] veth1_vlan: left promiscuous mode [ 117.819682][ T43] veth0_vlan: left promiscuous mode [ 118.309543][ T5198] Bluetooth: hci4: command tx timeout [ 118.550133][ T43] team0 (unregistering): Port device team_slave_1 removed [ 118.614739][ T7302] netlink: 'syz.0.587': attribute type 1 has an invalid length. [ 118.619577][ T7302] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.587'. [ 118.672446][ T43] team0 (unregistering): Port device team_slave_0 removed [ 118.957150][ T5198] Bluetooth: hci3: command tx timeout [ 119.515933][ T7229] chnl_net:caif_netlink_parms(): no params data found [ 119.529410][ T7315] tipc: Started in network mode [ 119.531276][ T7315] tipc: Node identity aaaaaaaaaa35, cluster identity 4711 [ 119.533915][ T7315] tipc: Enabled bearer , priority 0 [ 119.680869][ T7326] netlink: 36 bytes leftover after parsing attributes in process `syz.0.595'. [ 119.899472][ T7229] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.903657][ T7229] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.906199][ T7229] bridge_slave_0: entered allmulticast mode [ 119.915962][ T7229] bridge_slave_0: entered promiscuous mode [ 119.921154][ T7342] netlink: 64 bytes leftover after parsing attributes in process `syz.0.598'. [ 120.008630][ T7229] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.012369][ T7229] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.018313][ T7229] bridge_slave_1: entered allmulticast mode [ 120.022435][ T7229] bridge_slave_1: entered promiscuous mode [ 120.127928][ T7229] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 120.139617][ T7229] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 120.225655][ T7229] team0: Port device team_slave_0 added [ 120.232576][ T7229] team0: Port device team_slave_1 added [ 120.278670][ T7229] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 120.281133][ T7229] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 120.291425][ T7229] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 120.314520][ T43] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.324053][ T7229] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 120.326548][ T7229] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 120.337245][ T7229] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 120.384583][ T7229] hsr_slave_0: entered promiscuous mode [ 120.387724][ T5198] Bluetooth: hci4: command tx timeout [ 120.391582][ T7229] hsr_slave_1: entered promiscuous mode [ 120.394420][ T7229] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 120.398347][ T7229] Cannot create hsr debugfs directory [ 120.417955][ T43] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.496128][ T43] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.520262][ T7143] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 120.525456][ T7143] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 120.529752][ T5239] tipc: Node number set to 10463914 [ 120.540247][ T7143] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 120.545612][ T7143] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 120.584447][ T43] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.701282][ T7143] 8021q: adding VLAN 0 to HW filter on device bond0 [ 120.726825][ T7365] netlink: 4 bytes leftover after parsing attributes in process `syz.0.606'. [ 120.760775][ T7143] 8021q: adding VLAN 0 to HW filter on device team0 [ 120.789606][ T43] bridge_slave_1: left allmulticast mode [ 120.791769][ T43] bridge_slave_1: left promiscuous mode [ 120.794246][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.803569][ T43] bridge_slave_0: left allmulticast mode [ 120.805720][ T43] bridge_slave_0: left promiscuous mode [ 120.808230][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.040464][ T5198] Bluetooth: hci3: command tx timeout [ 121.209956][ T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 121.216741][ T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 121.224608][ T43] bond0 (unregistering): Released all slaves [ 121.232859][ T43] bond1 (unregistering): Released all slaves [ 121.270040][ T5239] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.273183][ T5239] bridge0: port 1(bridge_slave_0) entered forwarding state [ 121.292048][ T5239] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.294523][ T5239] bridge0: port 2(bridge_slave_1) entered forwarding state [ 121.623296][ T7143] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 121.656528][ T43] hsr_slave_0: left promiscuous mode [ 121.659993][ T43] hsr_slave_1: left promiscuous mode [ 121.678243][ T43] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 121.681385][ T43] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 121.687581][ T43] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 121.690685][ T43] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 121.743607][ T43] veth1_macvtap: left promiscuous mode [ 121.746223][ T43] veth0_macvtap: left promiscuous mode [ 121.756030][ T43] veth1_vlan: left promiscuous mode [ 121.758337][ T43] veth0_vlan: left promiscuous mode [ 122.471016][ T5198] Bluetooth: hci4: command tx timeout [ 123.003698][ T43] team0 (unregistering): Port device team_slave_1 removed [ 123.107291][ T5198] Bluetooth: hci3: command tx timeout [ 123.146085][ T43] team0 (unregistering): Port device team_slave_0 removed [ 124.068996][ T7143] veth0_vlan: entered promiscuous mode [ 124.080023][ T7143] veth1_vlan: entered promiscuous mode [ 124.161109][ T7143] veth0_macvtap: entered promiscuous mode [ 124.174295][ T7229] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 124.182642][ T7143] veth1_macvtap: entered promiscuous mode [ 124.217408][ T7229] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 124.225557][ T7143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 124.229980][ T7143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.233298][ T7143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 124.236797][ T7143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.242095][ T7143] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 124.244923][ T7229] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 124.254127][ T7143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.259003][ T7143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.263091][ T7143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.266935][ T7143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.271906][ T7143] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 124.274603][ T7229] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 124.294698][ T7143] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.307688][ T7143] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.311442][ T7143] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.315019][ T7143] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.402812][ T1088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.410425][ T1088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.435638][ T1089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.443112][ T1089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.470269][ T7229] 8021q: adding VLAN 0 to HW filter on device bond0 [ 124.491426][ T7229] 8021q: adding VLAN 0 to HW filter on device team0 [ 124.501192][ T5239] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.503890][ T5239] bridge0: port 1(bridge_slave_0) entered forwarding state [ 124.528119][ T7249] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.530671][ T7249] bridge0: port 2(bridge_slave_1) entered forwarding state [ 124.547861][ T5198] Bluetooth: hci4: command tx timeout [ 124.700643][ T7229] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 124.731321][ T7229] veth0_vlan: entered promiscuous mode [ 124.741578][ T7229] veth1_vlan: entered promiscuous mode [ 124.776201][ T7229] veth0_macvtap: entered promiscuous mode [ 124.783140][ T7229] veth1_macvtap: entered promiscuous mode [ 124.799653][ T7229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 124.803626][ T7229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.806935][ T7229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 124.810974][ T7229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.814113][ T7229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 124.819542][ T7229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.824279][ T7229] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 124.832580][ T7229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.836138][ T7229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.842559][ T7229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.848091][ T7229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.851684][ T7229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.855077][ T7229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.862629][ T7229] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 124.877302][ T7229] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.880356][ T7229] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.883465][ T7229] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.886813][ T7229] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.970069][ T1088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.974116][ T1088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.021425][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.028878][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.351979][ T39] audit: type=1804 audit(1719725039.239:53): pid=7458 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.633" name="/syzkaller.JBZLTk/168/bus" dev="sda1" ino=1954 res=1 errno=0 [ 126.359458][ T39] audit: type=1800 audit(1719725039.239:54): pid=7458 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.633" name="bus" dev="sda1" ino=1954 res=0 errno=0 [ 127.027197][ T39] audit: type=1326 audit(1719725039.909:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7496 comm="syz.2.650" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7499579 code=0x0 [ 127.450945][ T39] audit: type=1326 audit(1719725040.339:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7519 comm="syz.3.658" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf746e579 code=0x0 [ 127.583113][ T7527] netlink: 4 bytes leftover after parsing attributes in process `syz.1.660'. [ 127.591564][ T7527] netlink: 104 bytes leftover after parsing attributes in process `syz.1.660'. [ 127.595515][ T7527] netlink: 104 bytes leftover after parsing attributes in process `syz.1.660'. [ 128.417269][ T7555] usb usb8: usbfs: process 7555 (syz.1.672) did not claim interface 0 before use [ 128.426622][ T7557] netlink: 4 bytes leftover after parsing attributes in process `syz.3.671'. [ 128.440562][ T7557] netlink: 4 bytes leftover after parsing attributes in process `syz.3.671'. [ 128.450095][ T7557] netlink: 104 bytes leftover after parsing attributes in process `syz.3.671'. [ 128.453349][ T7557] netlink: 104 bytes leftover after parsing attributes in process `syz.3.671'. [ 128.609315][ T7571] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 131.682775][ T7602] netlink: 4 bytes leftover after parsing attributes in process `syz.0.690'. [ 131.698696][ T7602] netlink: 4 bytes leftover after parsing attributes in process `syz.0.690'. [ 131.723778][ T7602] netlink: 104 bytes leftover after parsing attributes in process `syz.0.690'. [ 132.549594][ T1354] ieee802154 phy1 wpan1: encryption failed: -22 [ 136.243364][ T7635] __nla_validate_parse: 1 callbacks suppressed [ 136.243375][ T7635] netlink: 4 bytes leftover after parsing attributes in process `syz.2.703'. [ 136.268098][ T7635] netlink: 4 bytes leftover after parsing attributes in process `syz.2.703'. [ 136.279559][ T7635] netlink: 104 bytes leftover after parsing attributes in process `syz.2.703'. [ 136.287314][ T7635] netlink: 104 bytes leftover after parsing attributes in process `syz.2.703'. [ 141.747288][ T39] audit: type=1326 audit(1719725054.629:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7672 comm="syz.2.720" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7499579 code=0x0 [ 145.116301][ T7749] capability: warning: `syz.1.744' uses 32-bit capabilities (legacy support in use) [ 145.131228][ T7749] syz.1.744[7749] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 145.131313][ T7749] syz.1.744[7749] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 145.157512][ T7751] netlink: 'syz.2.746': attribute type 4 has an invalid length. [ 146.205624][ T7786] binder: 7785:7786 ioctl c0306201 20000680 returned -14 [ 146.249987][ T7788] netlink: 'syz.2.760': attribute type 28 has an invalid length. [ 146.255317][ T7788] netlink: 64138 bytes leftover after parsing attributes in process `syz.2.760'. [ 146.411620][ T7795] netlink: 168 bytes leftover after parsing attributes in process `syz.0.763'. [ 146.415791][ T7795] netlink: 'syz.0.763': attribute type 2 has an invalid length. [ 146.429889][ T7795] netlink: 60 bytes leftover after parsing attributes in process `syz.0.763'. [ 146.970629][ T7817] netlink: 'syz.3.765': attribute type 4 has an invalid length. [ 147.023560][ T7821] netlink: 'syz.1.771': attribute type 1 has an invalid length. [ 147.257302][ T5244] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 147.438995][ T5244] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 147.442566][ T5244] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 147.445835][ T5244] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.451017][ T5244] usb 5-1: config 0 descriptor?? [ 147.456004][ T5244] pwc: Askey VC010 type 2 USB webcam detected. [ 147.701709][ T7851] overlayfs: failed to clone lowerpath [ 147.718144][ T7851] overlayfs: failed to clone lowerpath [ 147.870793][ T5198] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 147.874337][ T5198] CPU: 2 PID: 5198 Comm: kworker/u33:4 Not tainted 6.10.0-rc5-syzkaller-00280-g27b31deb900d #0 [ 147.877866][ T5198] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 147.881555][ T5198] Workqueue: hci0 hci_rx_work [ 147.883625][ T5198] Call Trace: [ 147.884866][ T5198] [ 147.885913][ T5198] dump_stack_lvl+0x16c/0x1f0 [ 147.887580][ T5198] sysfs_warn_dup+0x7f/0xa0 [ 147.889200][ T5198] sysfs_create_dir_ns+0x24d/0x2b0 [ 147.891019][ T5198] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 147.892916][ T5198] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 147.895021][ T5198] ? do_raw_spin_unlock+0x172/0x230 [ 147.896861][ T5198] kobject_add_internal+0x2c8/0x990 [ 147.898725][ T5198] kobject_add+0x16f/0x240 [ 147.900506][ T5198] ? __pfx_kobject_add+0x10/0x10 [ 147.902438][ T5198] ? do_raw_spin_unlock+0x172/0x230 [ 147.904439][ T5198] ? kobject_put+0xbe/0x5b0 [ 147.906169][ T5198] device_add+0x289/0x1a70 [ 147.907998][ T5198] ? __pfx_dev_set_name+0x10/0x10 [ 147.909908][ T5198] ? __pfx_device_add+0x10/0x10 [ 147.911731][ T5198] ? mgmt_send_event_skb+0x2f0/0x460 [ 147.913531][ T5198] hci_conn_add_sysfs+0x17e/0x230 [ 147.915273][ T5198] le_conn_complete_evt+0xfc7/0x1cf0 [ 147.917121][ T5198] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 147.919110][ T5198] ? trace_contention_end+0xea/0x140 [ 147.920923][ T5198] hci_le_conn_complete_evt+0x23c/0x370 [ 147.922854][ T5198] hci_le_meta_evt+0x2e2/0x5d0 [ 147.924891][ T5198] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 147.927243][ T5198] hci_event_packet+0x664/0x1190 [ 147.928978][ T5198] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 147.930850][ T5198] ? __pfx_hci_event_packet+0x10/0x10 [ 147.932791][ T5198] ? mark_held_locks+0x9f/0xe0 [ 147.934605][ T5198] ? kcov_remote_start+0x3d1/0x6e0 [ 147.936564][ T5198] ? lockdep_hardirqs_on+0x7c/0x110 [ 147.938687][ T5198] hci_rx_work+0x2c4/0x1610 [ 147.940334][ T5198] process_one_work+0x958/0x1ad0 [ 147.942302][ T5198] ? __pfx_lock_acquire+0x10/0x10 [ 147.944655][ T5198] ? __pfx_process_one_work+0x10/0x10 [ 147.946878][ T5198] ? assign_work+0x1a0/0x250 [ 147.948497][ T5198] worker_thread+0x6c8/0xf30 [ 147.950108][ T5198] ? __pfx_worker_thread+0x10/0x10 [ 147.952171][ T5198] kthread+0x2c1/0x3a0 [ 147.954284][ T5198] ? _raw_spin_unlock_irq+0x23/0x50 [ 147.957078][ T5198] ? __pfx_kthread+0x10/0x10 [ 147.959023][ T5198] ret_from_fork+0x45/0x80 [ 147.960600][ T5198] ? __pfx_kthread+0x10/0x10 [ 147.962464][ T5198] ret_from_fork_asm+0x1a/0x30 [ 147.964545][ T5198] [ 147.967616][ T5198] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 147.973484][ T5198] Bluetooth: hci0: failed to register connection device [ 148.051821][ T7811] mkiss: ax0: crc mode is auto. [ 148.070862][ T5244] pwc: recv_control_msg error -32 req 02 val 2b00 [ 148.077212][ T5244] pwc: recv_control_msg error -32 req 02 val 2700 [ 148.299786][ T7811] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 148.307492][ T7811] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 148.360263][ T7874] netlink: 'syz.2.789': attribute type 4 has an invalid length. [ 148.390966][ T5244] pwc: recv_control_msg error -71 req 04 val 1000 [ 148.393503][ T5244] pwc: recv_control_msg error -71 req 04 val 1300 [ 148.396069][ T5244] pwc: recv_control_msg error -71 req 04 val 1400 [ 148.398750][ T5244] pwc: recv_control_msg error -71 req 02 val 2000 [ 148.401718][ T5244] pwc: recv_control_msg error -71 req 02 val 2100 [ 148.404178][ T5244] pwc: recv_control_msg error -71 req 04 val 1500 [ 148.406631][ T5244] pwc: recv_control_msg error -71 req 02 val 2500 [ 148.409729][ T5244] pwc: recv_control_msg error -71 req 02 val 2400 [ 148.413049][ T5244] pwc: recv_control_msg error -71 req 02 val 2600 [ 148.416302][ T5244] pwc: recv_control_msg error -71 req 02 val 2900 [ 148.420122][ T5244] pwc: recv_control_msg error -71 req 02 val 2800 [ 148.422954][ T5244] pwc: recv_control_msg error -71 req 04 val 1100 [ 148.425464][ T5244] pwc: recv_control_msg error -71 req 04 val 1200 [ 148.445101][ T5244] pwc: Registered as video71. [ 148.452629][ T5244] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb5/5-1/input/input5 [ 148.466234][ T5244] usb 5-1: USB disconnect, device number 3 [ 149.024707][ T7890] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 149.683447][ T7920] syz.1.810 (pid 7920) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 149.814447][ T7926] netlink: 'syz.3.808': attribute type 4 has an invalid length. [ 149.996190][ T7931] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 150.000204][ T5198] Bluetooth: hci0: command tx timeout [ 150.255644][ T7944] binder: BINDER_SET_CONTEXT_MGR already set [ 150.259821][ T7944] binder: 7943:7944 ioctl 4018620d 200001c0 returned -16 [ 150.302509][ T7947] binder: 7946:7947 ioctl c0306201 20000680 returned -14 [ 150.805095][ T7966] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 151.431470][ T7991] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 151.517415][ T58] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 151.727410][ T58] usb 7-1: Using ep0 maxpacket: 8 [ 151.730695][ T58] usb 7-1: config 0 interface 0 has no altsetting 0 [ 151.732991][ T58] usb 7-1: New USB device found, idVendor=0fe9, idProduct=db51, bcdDevice=79.b0 [ 151.736085][ T58] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.744604][ T58] usb 7-1: config 0 descriptor?? [ 151.749187][ T58] dvb-usb: found a 'DViCO FusionHDTV DVB-T Dual USB' in warm state. [ 151.752236][ T58] dvb-usb: bulk message failed: -22 (2/0) [ 151.761304][ T58] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 151.768051][ T58] dvbdev: DVB: registering new adapter (DViCO FusionHDTV DVB-T Dual USB) [ 151.771773][ T58] usb 7-1: media controller created [ 151.785517][ T58] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 151.796660][ T58] usb 7-1: selecting invalid altsetting 0 [ 151.799191][ T58] cxusb: set interface failed [ 151.800903][ T58] dvb-usb: bulk message failed: -22 (1/0) [ 151.821527][ T58] DVB: Unable to find symbol mt352_attach() [ 151.824108][ T58] dvb-usb: bulk message failed: -22 (5/0) [ 151.827297][ T58] zl10353_read_register: readreg error (reg=127, ret==-121) [ 151.830234][ T58] dvb-usb: no frontend was attached by 'DViCO FusionHDTV DVB-T Dual USB' [ 151.890691][ T58] rc_core: IR keymap rc-dvico-mce not found [ 151.893634][ T58] Registered IR keymap rc-empty [ 151.902106][ T58] rc rc0: DViCO FusionHDTV DVB-T Dual USB as /devices/platform/dummy_hcd.2/usb7/7-1/rc/rc0 [ 151.919564][ T58] input: DViCO FusionHDTV DVB-T Dual USB as /devices/platform/dummy_hcd.2/usb7/7-1/rc/rc0/input6 [ 151.935907][ T58] dvb-usb: schedule remote query interval to 100 msecs. [ 151.939149][ T58] dvb-usb: DViCO FusionHDTV DVB-T Dual USB successfully initialized and connected. [ 151.966666][ T8] usb 7-1: USB disconnect, device number 3 [ 152.014069][ T8021] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 152.054651][ T8] dvb-usb: DViCO FusionHDTV DVB-T Dual USB successfully deinitialized and disconnected. [ 152.255290][ T39] audit: type=1804 audit(1719725065.139:58): pid=8030 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.851" name="/syzkaller.I4HzTP/67/file1" dev="sda1" ino=1960 res=1 errno=0 [ 152.267278][ T39] audit: type=1804 audit(1719725065.139:59): pid=8030 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.851" name="/syzkaller.I4HzTP/67/file1" dev="sda1" ino=1960 res=1 errno=0 [ 152.318074][ T39] audit: type=1804 audit(1719725065.199:60): pid=8033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.851" name="/syzkaller.I4HzTP/67/file1" dev="sda1" ino=1960 res=1 errno=0 [ 152.595029][ T8045] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 152.602631][ T8047] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 152.614800][ T8045] infiniband Syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 153.026061][ T8071] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 153.335737][ T8078] infiniband Syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 153.336756][ T39] audit: type=1326 audit(1719725066.219:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8079 comm="syz.1.870" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7493579 code=0x0 [ 153.673351][ T8095] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 153.795501][ T8105] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.798926][ T8105] bridge0: port 1(bridge_slave_0) entered forwarding state [ 153.906552][ T8120] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 154.141554][ T39] audit: type=1804 audit(1719725067.029:62): pid=8134 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.893" name="/syzkaller.OfDb3O/137/file0" dev="sda1" ino=1964 res=1 errno=0 [ 154.496039][ T8147] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 154.837156][ T55] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 155.058790][ T55] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 155.063082][ T55] usb 6-1: New USB device found, idVendor=0499, idProduct=1035, bcdDevice=56.12 [ 155.066352][ T55] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.072077][ T55] usb 6-1: config 0 descriptor?? [ 155.120795][ T55] snd-usb-audio 6-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 155.158409][ T8167] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 155.175777][ T5206] udevd[5206]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 155.287148][ T5199] usb 6-1: USB disconnect, device number 2 [ 155.936867][ T8178] infiniband syz1: set down [ 155.940286][ T8178] infiniband syz1: added ipvlan0 [ 155.979059][ T8178] RDS/IB: syz1: added [ 155.983988][ T8178] smc: adding ib device syz1 with port count 1 [ 155.986559][ T8178] smc: ib device syz1 port 1 has pnetid [ 156.117885][ T8194] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 156.466572][ T8216] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 157.121022][ T8239] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 157.503173][ T8267] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 157.571368][ T5198] block nbd3: Receive control failed (result -107) [ 157.700231][ T8264] block nbd3: shutting down sockets [ 157.794284][ T63] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 158.120001][ T8289] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 158.534127][ T8317] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 158.669216][ T8328] netlink: 4 bytes leftover after parsing attributes in process `syz.0.975'. [ 158.792047][ T8339] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 158.887238][ T8346] Bluetooth: hci1: Frame reassembly failed (-84) [ 158.891670][ T1088] Bluetooth: hci1: Frame reassembly failed (-84) [ 159.556674][ T8366] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 160.547151][ T5239] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 160.638460][ T8389] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 160.737166][ T5239] usb 8-1: Using ep0 maxpacket: 32 [ 160.742515][ T5239] usb 8-1: unable to get BOS descriptor or descriptor too short [ 160.749105][ T5239] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 160.754557][ T5239] usb 8-1: New USB device found, idVendor=05cc, idProduct=3352, bcdDevice=bd.ea [ 160.758064][ T5239] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.760790][ T5239] usb 8-1: Product: syz [ 160.762221][ T5239] usb 8-1: Manufacturer: syz [ 160.763803][ T5239] usb 8-1: SerialNumber: syz [ 160.766746][ T5239] usb 8-1: config 0 descriptor?? [ 160.773232][ T5239] usb 8-1: [ueagle-atm] ADSL device founded vid (0X5CC) pid (0X3352) Rev (0XBDEA): ADI930 [ 160.947279][ T5205] Bluetooth: hci1: command 0x1003 tx timeout [ 160.951454][ T5198] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 160.958922][ T5239] usb 8-1: reset high-speed USB device number 2 using dummy_hcd [ 161.073122][ T8418] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 161.667388][ T5239] usb 8-1: device descriptor read/64, error -71 [ 161.847214][ T39] audit: type=1804 audit(1719725074.729:63): pid=8457 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1030" name="/syzkaller.JBZLTk/255/bus" dev="sda1" ino=1965 res=1 errno=0 [ 161.967504][ T5239] usb 8-1: reset high-speed USB device number 2 using dummy_hcd [ 162.156816][ T5239] usb 8-1: unable to get BOS descriptor or descriptor too short [ 162.163569][ T5239] usb 8-1: device firmware changed [ 162.167653][ T5239] usb 8-1: [ueagle-atm] pre-firmware device, uploading firmware [ 162.170914][ T5239] usb 8-1: [ueagle-atm] loading firmware ueagle-atm/adi930.fw [ 162.181770][ T5239] usb 8-1: USB disconnect, device number 2 [ 162.193513][ T58] usb 8-1: Direct firmware load for ueagle-atm/adi930.fw failed with error -2 [ 162.197721][ T58] usb 8-1: Falling back to sysfs fallback for: ueagle-atm/adi930.fw [ 162.201301][ T58] kobject: kobject_add_internal failed for firmware (error: -2 parent: 8-1) [ 162.206193][ T58] firmware ueagle-atm!adi930.fw: fw_load_sysfs_fallback: device_register failed [ 162.210541][ T58] usb 8-1: [UEAGLE-ATM] firmware is not available [ 164.047134][ T8530] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1058'. [ 164.994995][ T8560] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1068'. [ 165.120596][ T8567] overlayfs: failed to resolve './file1': -2 [ 165.188072][ T5244] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 165.348358][ T5198] Bluetooth: hci0: command 0x0406 tx timeout [ 165.367646][ T5244] usb 8-1: Using ep0 maxpacket: 8 [ 165.371952][ T5244] usb 8-1: config index 0 descriptor too short (expected 5924, got 36) [ 165.374678][ T5244] usb 8-1: config 250 has an invalid interface number: 228 but max is -1 [ 165.377789][ T5244] usb 8-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 165.380969][ T5244] usb 8-1: config 250 has no interface number 0 [ 165.382950][ T5244] usb 8-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 165.386334][ T5244] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 165.389454][ T5244] usb 8-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 165.392552][ T5244] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 165.395532][ T5244] usb 8-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 165.399893][ T5244] usb 8-1: config 250 interface 228 has no altsetting 0 [ 165.404015][ T5244] usb 8-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 165.406685][ T5244] usb 8-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 165.409310][ T5244] usb 8-1: Product: syz [ 165.410568][ T5244] usb 8-1: SerialNumber: syz [ 165.420875][ T5244] hub 8-1:250.228: bad descriptor, ignoring hub [ 165.424053][ T5244] hub 8-1:250.228: probe with driver hub failed with error -5 [ 165.634665][ T5244] usblp 8-1:250.228: usblp0: USB Bidirectional printer dev 3 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 166.088337][ T826] usb 8-1: USB disconnect, device number 3 [ 166.090038][ T8587] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1080'. [ 166.094494][ T826] usblp0: removed [ 166.164655][ T8589] overlayfs: failed to resolve './file1': -2 [ 166.508352][ T57] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 166.664419][ T8610] overlayfs: failed to resolve './file1': -2 [ 166.668130][ T8606] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1089'. [ 166.690427][ T57] usb 6-1: Using ep0 maxpacket: 32 [ 166.705240][ T57] usb 6-1: config index 0 descriptor too short (expected 35577, got 27) [ 166.721539][ T57] usb 6-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 166.737314][ T57] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 166.741343][ T57] usb 6-1: config 1 has no interface number 0 [ 166.744117][ T57] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 166.752861][ T57] usb 6-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 166.759575][ T57] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 166.768990][ T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.781456][ T57] snd_usb_pod 6-1:1.1: Line 6 Pocket POD found [ 166.990888][ T57] snd_usb_pod 6-1:1.1: set_interface failed [ 166.993252][ T57] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected [ 167.000584][ T57] snd_usb_pod 6-1:1.1: probe with driver snd_usb_pod failed with error -71 [ 167.008030][ T57] usb 6-1: USB disconnect, device number 3 [ 167.220038][ T8636] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1102'. [ 167.411174][ T8645] rdma_rxe: rxe_newlink: failed to add syzkaller0 [ 167.640202][ T8656] syz.1.1111[8656] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 167.640440][ T8656] syz.1.1111[8656] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 167.764949][ T8666] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1116'. [ 167.818953][ T39] audit: type=1326 audit(1719725080.709:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8667 comm="syz.0.1117" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x0 [ 168.576637][ T8701] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1129'. [ 168.617465][ T8703] overlayfs: failed to resolve './file0': -2 [ 169.129423][ T8722] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1136'. [ 169.133544][ T8722] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1136'. [ 169.256022][ T8728] overlayfs: failed to resolve './file0': -2 [ 169.943424][ T8750] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1147'. [ 169.947338][ T8750] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1147'. [ 169.979563][ T8753] overlayfs: failed to resolve './file0': -2 [ 170.756333][ T8778] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1158'. [ 170.760206][ T8778] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1158'. [ 170.919567][ T8786] overlayfs: failed to resolve './file0': -2 [ 171.249558][ T8802] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1168'. [ 171.253549][ T8802] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1168'. [ 171.937642][ T8826] overlayfs: failed to resolve './file0': -2 [ 171.989016][ T8829] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1177'. [ 171.993133][ T8829] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1177'. [ 172.370522][ T8852] overlayfs: failed to resolve './file0': -2 [ 172.452750][ T57] kernel write not supported for file bpf-prog (pid: 57 comm: kworker/2:1) [ 172.609812][ T8863] netlink: 'syz.2.1191': attribute type 10 has an invalid length. [ 172.629649][ T8863] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 173.010166][ T5241] kernel write not supported for file bpf-prog (pid: 5241 comm: kworker/0:5) [ 173.089816][ T8883] netlink: 'syz.0.1200': attribute type 10 has an invalid length. [ 173.107707][ T8883] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 173.410425][ T5244] kernel write not supported for file bpf-prog (pid: 5244 comm: kworker/2:3) [ 173.537987][ T8916] netlink: 'syz.0.1214': attribute type 10 has an invalid length. [ 173.955303][ T5244] kernel write not supported for file bpf-prog (pid: 5244 comm: kworker/2:3) [ 174.035997][ T8947] netlink: 'syz.3.1225': attribute type 10 has an invalid length. [ 174.048567][ T8947] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 175.207192][ T58] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 175.407554][ T58] usb 5-1: Using ep0 maxpacket: 8 [ 175.411842][ T58] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 175.415178][ T58] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 175.427253][ T58] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 255 [ 175.431566][ T58] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 175.438274][ T58] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 175.442632][ T58] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.537240][ T5241] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 175.563657][ T9045] overlayfs: failed to resolve './file1': -2 [ 175.711626][ T58] usb 5-1: usb_control_msg returned -71 [ 175.714050][ T58] usbtmc 5-1:16.0: can't read capabilities [ 175.722811][ T58] usb 5-1: USB disconnect, device number 4 [ 175.741268][ T5241] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 175.745218][ T5241] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 175.752294][ T5241] usb 8-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 4.00 [ 175.756300][ T5241] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.763950][ T5241] usb 8-1: config 0 descriptor?? [ 176.019830][ T9072] overlayfs: failed to resolve './file1': -2 [ 176.189720][ T5241] wacom 0003:056A:00F8.0002: hidraw1: USB HID v0.00 Device [HID 056a:00f8] on usb-dummy_hcd.3-1/input0 [ 176.393997][ T5244] usb 8-1: USB disconnect, device number 4 [ 176.620509][ T57] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 176.819562][ T57] usb 7-1: Using ep0 maxpacket: 8 [ 176.823147][ T57] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 176.826019][ T57] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 176.829967][ T57] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 176.833624][ T57] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 176.837290][ T57] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 176.841707][ T57] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 176.845259][ T57] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.863268][ T9093] overlayfs: failed to resolve './file1': -2 [ 177.054715][ T57] usb 7-1: usb_control_msg returned -32 [ 177.057391][ T57] usbtmc 7-1:16.0: can't read capabilities [ 177.241621][ T9113] __nla_validate_parse: 2 callbacks suppressed [ 177.241634][ T9113] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1292'. [ 177.249131][ T9113] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1292'. [ 177.618993][ T9119] usbtmc 7-1:16.0: usb_control_msg returned -32 [ 177.626740][ T57] usb 7-1: USB disconnect, device number 4 [ 177.865928][ T9136] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1301'. [ 177.870023][ T9136] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1301'. [ 178.169110][ T9159] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1311'. [ 178.173295][ T9159] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1311'. [ 178.478631][ T9186] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1323'. [ 178.482148][ T9186] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1323'. [ 178.780522][ T9208] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1332'. [ 178.784204][ T9208] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1332'. [ 180.024235][ T9259] Illegal XDP return value 4294967274 on prog (id 286) dev N/A, expect packet loss! [ 181.619559][ T9332] overlayfs: missing 'lowerdir' [ 182.650878][ T9364] overlayfs: missing 'lowerdir' [ 182.889572][ T9379] bad cache= option: none [ 182.889572][ T9379] [ 182.892444][ T9379] CIFS: VFS: bad cache= option: none [ 182.958643][ T5205] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 182.964048][ T5205] Bluetooth: hci4: Injecting HCI hardware error event [ 182.969428][ T5205] Bluetooth: hci4: hardware error 0x00 [ 183.679285][ T5198] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 183.683788][ T5198] Bluetooth: hci3: Injecting HCI hardware error event [ 183.689506][ T5198] Bluetooth: hci3: hardware error 0x00 [ 183.771185][ T9388] overlayfs: missing 'lowerdir' [ 183.875025][ T9394] __nla_validate_parse: 8 callbacks suppressed [ 183.875043][ T9394] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1405'. [ 184.333875][ T9414] overlayfs: missing 'workdir' [ 184.753520][ T9434] overlayfs: missing 'workdir' [ 184.775145][ T9432] netlink: 'syz.0.1421': attribute type 3 has an invalid length. [ 184.854075][ T9440] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 184.965324][ T9440] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.027553][ T5205] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 185.054446][ T9440] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.145985][ T9440] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.239413][ T9440] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.254015][ T9440] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.267991][ T9440] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.282733][ T9440] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.605582][ T5205] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 185.610473][ T5205] Bluetooth: hci2: Injecting HCI hardware error event [ 185.615975][ T5205] Bluetooth: hci2: hardware error 0x00 [ 185.747293][ T5198] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 185.961804][ T9460] overlayfs: missing 'workdir' [ 186.549968][ T9469] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.630844][ T9469] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.746292][ T9469] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.906663][ T9469] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.488405][ T9480] overlayfs: missing 'lowerdir' [ 187.667197][ T5205] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 190.010032][ T9500] overlayfs: missing 'lowerdir' [ 191.124398][ T9469] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.159507][ T9469] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.166597][ T9469] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.188041][ T9469] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.953651][ T9523] overlayfs: missing 'lowerdir' [ 193.035386][ T9547] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 193.039390][ T9547] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 193.303237][ T9555] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.413530][ T9555] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.544985][ T9555] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.642787][ T9555] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.998098][ T1354] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.199401][ T9574] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 195.203522][ T9574] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 196.198017][ T9594] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 196.207083][ T9594] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 197.001721][ T9555] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.013750][ T9555] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.026183][ T9555] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.050216][ T9555] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.311335][ T9613] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 198.490049][ T9637] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.500374][ T9639] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 198.599561][ T9637] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.674850][ T9637] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.746977][ T9637] bond0: (slave netdevsim0): Releasing backup interface [ 198.754073][ T9637] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.889044][ T9637] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.902438][ T9637] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.917407][ T9637] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.928802][ T9637] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.308656][ T9662] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 200.582470][ T9692] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 200.652372][ T9694] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.747353][ T9694] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.017315][ T826] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 201.219995][ T826] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 201.225553][ T826] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 201.229729][ T826] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 201.233611][ T826] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 201.236664][ T826] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.500450][ T826] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -12 [ 201.504894][ T826] usb 5-1: USB disconnect, device number 5 [ 201.552019][ T5163] udevd[5163]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb5/5-1/5-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 201.862247][ T9718] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 202.389160][ T5198] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 202.411395][ T5198] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 202.421797][ T5198] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 202.432550][ T5198] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 202.435784][ T5198] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 202.439207][ T5198] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 202.566431][ T9694] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 202.681892][ T9694] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 202.816379][ T9727] chnl_net:caif_netlink_parms(): no params data found [ 202.916468][ T9727] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.919095][ T9727] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.922001][ T9727] bridge_slave_0: entered allmulticast mode [ 202.926085][ T9727] bridge_slave_0: entered promiscuous mode [ 202.934256][ T9727] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.938035][ T9727] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.941583][ T9727] bridge_slave_1: entered allmulticast mode [ 202.945983][ T9727] bridge_slave_1: entered promiscuous mode [ 202.993366][ T9727] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 202.998971][ T9727] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 203.046388][ T9727] team0: Port device team_slave_0 added [ 203.052454][ T9727] team0: Port device team_slave_1 added [ 203.088779][ T9727] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 203.091272][ T9727] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 203.100256][ T9727] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 203.105354][ T9727] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 203.108572][ T9727] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 203.118711][ T9727] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 203.171553][ T9727] hsr_slave_0: entered promiscuous mode [ 203.174262][ T9727] hsr_slave_1: entered promiscuous mode [ 203.176966][ T9727] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 203.180514][ T9727] Cannot create hsr debugfs directory [ 203.189519][ T9694] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.217407][ T9694] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.252521][ T9694] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.273213][ T9694] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.322045][ T9747] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 203.341582][ T9727] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.451527][ T9727] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.537304][ T9727] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.619790][ T9727] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.245614][ T9767] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 204.467221][ T5198] Bluetooth: hci1: command tx timeout [ 204.928989][ T9727] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 204.951931][ T9727] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 204.956856][ T9727] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 204.969444][ T9727] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 205.054607][ T9727] 8021q: adding VLAN 0 to HW filter on device bond0 [ 205.067418][ T9727] 8021q: adding VLAN 0 to HW filter on device team0 [ 205.073607][ T5244] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.076176][ T5244] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.086734][ T5244] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.089496][ T5244] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.116250][ T9727] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 205.215424][ T9727] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 205.253006][ T9727] veth0_vlan: entered promiscuous mode [ 205.271314][ T9727] veth1_vlan: entered promiscuous mode [ 205.301140][ T9727] veth0_macvtap: entered promiscuous mode [ 205.308435][ T9727] veth1_macvtap: entered promiscuous mode [ 205.324176][ T9727] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.328670][ T9727] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.332103][ T9727] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.335591][ T9727] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.339524][ T9727] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.343443][ T9727] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.346824][ T9727] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.351075][ T9727] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.355482][ T9727] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 205.363253][ T9727] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.366913][ T9727] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.371558][ T9727] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.375510][ T9727] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.380623][ T9727] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.384210][ T9727] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.390711][ T9727] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.394203][ T9727] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.398869][ T9727] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 205.405986][ T9727] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.409379][ T9727] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.412217][ T9727] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.415171][ T9727] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.463923][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.474160][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.510505][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.513630][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.863066][ T9792] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 206.547635][ T5198] Bluetooth: hci1: command tx timeout [ 207.803013][ T9823] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 207.814979][ T9825] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1573'. [ 207.819174][ T9825] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1573'. [ 208.177819][ T9836] netlink: 'syz.1.1578': attribute type 3 has an invalid length. [ 208.180595][ T9836] netlink: 16150 bytes leftover after parsing attributes in process `syz.1.1578'. [ 208.220628][ T9838] mac80211_hwsim hwsim13 CTY<: renamed from wlan1 (while UP) [ 208.616794][ T9849] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 208.624072][ T9851] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1585'. [ 208.627507][ T9851] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1585'. [ 208.628094][ T5198] Bluetooth: hci1: command tx timeout [ 210.225703][ T9872] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 210.608830][ T9878] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1596'. [ 210.611824][ T9878] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1596'. [ 210.707397][ T5198] Bluetooth: hci1: command tx timeout [ 212.401373][ T9900] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 213.107386][ T9912] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1608'. [ 213.117275][ T9912] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1608'. [ 213.599391][ T9920] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 214.147310][ T9930] netlink: 'syz.2.1616': attribute type 25 has an invalid length. [ 214.194381][ T9932] netlink: 208216 bytes leftover after parsing attributes in process `syz.2.1621'. [ 214.199194][ T9932] openvswitch: netlink: Message has 4 unknown bytes. [ 214.297820][ T39] audit: type=1804 audit(1719725127.179:65): pid=9936 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1623" name="/syzkaller.bcOOGa/16/file0" dev="sda1" ino=1964 res=1 errno=0 [ 214.372585][ T9938] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 214.597168][ T9950] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1620'. [ 214.600913][ T9950] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1620'. [ 214.789870][ T9961] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 216.097228][ T9983] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1639'. [ 216.100314][ T9983] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1639'. [ 216.302576][ T9994] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 216.547405][T10001] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1648'. [ 216.550367][T10001] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1648'. [ 218.256109][T10022] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 218.438419][T10030] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1657'. [ 218.441439][T10030] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1657'. [ 220.189811][T10066] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 220.537491][T10072] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1669'. [ 220.540570][T10072] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1669'. [ 221.116595][T10089] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 221.240870][T10096] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1678'. [ 221.244468][T10096] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1678'. [ 222.565777][T10116] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 222.852351][T10120] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1688'. [ 222.857218][T10120] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1688'. [ 223.932538][T10142] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 224.062848][T10147] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1697'. [ 224.077364][T10147] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1697'. [ 224.519666][T10165] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 224.755680][T10182] syz.0.1712[10182] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 224.755766][T10182] syz.0.1712[10182] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 224.789821][T10186] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 224.801090][T10185] syz.3.1713[10185] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 224.801200][T10185] syz.3.1713[10185] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 225.046843][T10211] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 225.222369][T10230] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1735'. [ 225.352592][T10240] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 225.947226][ T5244] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 226.137172][ T5244] usb 8-1: Using ep0 maxpacket: 8 [ 226.142689][ T5244] usb 8-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 226.145655][ T5244] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 226.148829][ T5244] usb 8-1: Product: syz [ 226.150359][ T5244] usb 8-1: Manufacturer: syz [ 226.152165][ T5244] usb 8-1: SerialNumber: syz [ 226.155594][ T5244] usb 8-1: config 0 descriptor?? [ 226.300806][T10269] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 226.347258][ T5199] usb 6-1: new full-speed USB device number 4 using dummy_hcd [ 226.374591][ T5244] usb 8-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 226.376607][ T39] audit: type=1326 audit(1719725139.259:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10270 comm="syz.2.1751" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73cb579 code=0x0 [ 226.548515][ T5199] usb 6-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 226.555891][ T5199] usb 6-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.40 [ 226.559666][ T5199] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 226.562569][ T5199] usb 6-1: Product: syz [ 226.564017][ T5199] usb 6-1: Manufacturer: ࠶䈪퉢巜같ަ㠺휞㏟㮉뀂倓냨䲒ﺨ [ 226.566874][ T5199] usb 6-1: SerialNumber: syz [ 226.567536][T10273] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9) [ 226.571115][T10273] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 226.576973][T10273] vhci_hcd vhci_hcd.0: Device attached [ 226.787957][ T5199] usbhid 6-1:1.0: can't add hid device: -71 [ 226.790313][ T5199] usbhid 6-1:1.0: probe with driver usbhid failed with error -71 [ 226.795524][ T5199] usb 6-1: USB disconnect, device number 4 [ 226.847522][ T5241] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 226.907349][ T5237] usb 18-1: SetAddress Request (2) to port 0 [ 226.909767][ T5237] usb 18-1: new SuperSpeed USB device number 2 using vhci_hcd [ 227.027201][ T5241] usb 5-1: Using ep0 maxpacket: 32 [ 227.030572][ T5241] usb 5-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 227.033673][ T5241] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.037731][ T5241] usb 5-1: config 0 descriptor?? [ 227.041518][ T5241] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 227.207405][T10275] vhci_hcd: connection reset by peer [ 227.212254][ T1087] vhci_hcd: stop threads [ 227.214591][ T1087] vhci_hcd: release socket [ 227.217505][ T1087] vhci_hcd: disconnect device [ 227.586795][ T5244] dvb_usb_rtl28xxu 8-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 227.592306][ T5244] usb 8-1: USB disconnect, device number 5 [ 227.694999][T10286] TCP: request_sock_TCPv6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 227.886012][T10294] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 228.328118][ T55] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 228.517209][ T55] usb 6-1: Using ep0 maxpacket: 8 [ 228.523698][ T55] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 228.528081][ T55] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.535684][ T55] usb 6-1: Product: syz [ 228.537798][ T55] usb 6-1: Manufacturer: syz [ 228.540070][ T55] usb 6-1: SerialNumber: syz [ 228.544240][ T55] usb 6-1: config 0 descriptor?? [ 228.671799][ T5241] usb 5-1: USB disconnect, device number 6 [ 228.756854][ T55] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 228.819121][T10323] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 229.167243][ T5241] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 229.357457][ T5241] usb 7-1: Using ep0 maxpacket: 32 [ 229.369628][ T5241] usb 7-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=10.fe [ 229.372861][ T5241] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.375810][ T5241] usb 7-1: Product: syz [ 229.379181][ T5241] usb 7-1: Manufacturer: syz [ 229.381185][ T5241] usb 7-1: SerialNumber: syz [ 229.385231][ T5241] usb 7-1: config 0 descriptor?? [ 229.390888][ T5241] ati_remote2 7-1:0.0: ati_remote2_probe(): interface 0 must have an endpoint [ 229.573268][ T55] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 229.584455][ T55] usb 6-1: USB disconnect, device number 5 [ 229.595893][ T5241] usb 7-1: USB disconnect, device number 5 [ 230.167822][T10344] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 230.507241][ T5238] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 230.537248][ T5241] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 230.687152][ T5238] usb 7-1: Using ep0 maxpacket: 16 [ 230.692952][ T5238] usb 7-1: New USB device found, idVendor=0b05, idProduct=1736, bcdDevice= d.f1 [ 230.696083][ T5238] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.698944][ T5238] usb 7-1: Product: syz [ 230.700365][ T5238] usb 7-1: Manufacturer: syz [ 230.702472][ T5238] usb 7-1: SerialNumber: syz [ 230.706484][ T5238] usb 7-1: config 0 descriptor?? [ 230.722375][ T5241] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 230.726701][ T5241] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 230.730497][ T5241] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 230.735735][ T5241] usb 5-1: config 0 descriptor?? [ 230.740178][ T5241] pwc: Askey VC010 type 2 USB webcam detected. [ 230.921080][ T5238] dvb-usb: found a 'Asus My Cinema-U3000Hybrid' in cold state, will try to load a firmware [ 230.942896][ T5238] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 230.946461][ T5238] dib0700: firmware download failed at 7 with -22 [ 230.953027][ T5238] usb 7-1: USB disconnect, device number 6 [ 231.068625][T10367] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 231.349012][ T5241] pwc: recv_control_msg error -71 req 02 val 2700 [ 231.352449][ T5241] pwc: recv_control_msg error -71 req 02 val 2c00 [ 231.355626][ T5241] pwc: recv_control_msg error -71 req 04 val 1000 [ 231.358836][ T5241] pwc: recv_control_msg error -71 req 04 val 1300 [ 231.361871][ T5241] pwc: recv_control_msg error -71 req 04 val 1400 [ 231.364936][ T5241] pwc: recv_control_msg error -71 req 02 val 2000 [ 231.368827][ T5241] pwc: recv_control_msg error -71 req 02 val 2100 [ 231.372068][ T5241] pwc: recv_control_msg error -71 req 04 val 1500 [ 231.374457][ T5241] pwc: recv_control_msg error -71 req 02 val 2500 [ 231.376813][ T5241] pwc: recv_control_msg error -71 req 02 val 2400 [ 231.379641][ T5241] pwc: recv_control_msg error -71 req 02 val 2600 [ 231.382310][ T5241] pwc: recv_control_msg error -71 req 02 val 2900 [ 231.384884][ T5241] pwc: recv_control_msg error -71 req 02 val 2800 [ 231.387653][ T5241] pwc: recv_control_msg error -71 req 04 val 1100 [ 231.390447][ T5241] pwc: recv_control_msg error -71 req 04 val 1200 [ 231.396319][ T5241] pwc: Registered as video71. [ 231.401051][ T5241] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb5/5-1/input/input10 [ 231.410758][ T5241] usb 5-1: USB disconnect, device number 7 [ 231.592510][T10388] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 231.816637][ T8] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 232.000730][ T5237] usb 18-1: device descriptor read/8, error -110 [ 232.007801][ T8] usb 6-1: Using ep0 maxpacket: 16 [ 232.012426][ T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 232.017348][ T8] usb 6-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 232.021780][ T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.028842][ T8] usb 6-1: config 0 descriptor?? [ 232.125126][T10410] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 232.386268][T10383] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1794'. [ 232.391178][T10383] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1794'. [ 232.417771][ T5237] usb usb18-port1: attempt power cycle [ 232.428027][T10383] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1794'. [ 232.431338][T10383] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1794'. [ 232.493008][T10383] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1794'. [ 232.495889][T10383] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1794'. [ 232.516623][ T8] usbhid 6-1:0.0: can't add hid device: -71 [ 232.518876][ T8] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 232.531601][ T8] usb 6-1: USB disconnect, device number 6 [ 232.764424][T10428] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 232.823285][T10434] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 232.911264][T10440] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 233.079294][ T5237] usb usb18-port1: unable to enumerate USB device [ 233.181348][T10460] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 233.385196][T10485] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 233.593789][ T5237] IPVS: starting estimator thread 0... [ 233.644459][T10513] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 233.687341][T10507] IPVS: using max 36 ests per chain, 86400 per kthread [ 233.795386][T10523] tipc: Failed to remove unknown binding: 66,1,1/0:35073369/35073371 [ 233.803677][T10523] tipc: Failed to remove unknown binding: 66,1,1/0:35073369/35073371 [ 233.849405][T10533] vcan0: entered allmulticast mode [ 233.886445][T10537] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 234.052984][T10564] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 234.214263][T10583] netlink: 134312 bytes leftover after parsing attributes in process `syz.1.1881'. [ 234.234918][T10583] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 234.240078][T10583] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 234.259690][T10586] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 234.532555][T10612] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 234.750224][T10640] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 234.820992][T10648] ptrace attach of "/syz-executor exec"[9727] was attempted by ""[10648] [ 234.871926][ T39] audit: type=1326 audit(1719725147.759:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10654 comm="syz.0.1914" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 234.902017][ T39] audit: type=1326 audit(1719725147.759:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10654 comm="syz.0.1914" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 234.910965][ T39] audit: type=1326 audit(1719725147.769:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10654 comm="syz.0.1914" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 234.922267][ T39] audit: type=1326 audit(1719725147.769:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10654 comm="syz.0.1914" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 234.933096][ T39] audit: type=1326 audit(1719725147.769:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10654 comm="syz.0.1914" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 234.943118][ T39] audit: type=1326 audit(1719725147.769:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10654 comm="syz.0.1914" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 234.959219][ T39] audit: type=1326 audit(1719725147.769:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10654 comm="syz.0.1914" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 234.967212][ T39] audit: type=1326 audit(1719725147.769:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10654 comm="syz.0.1914" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x7ffc0000 [ 235.010546][T10665] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 235.187232][ T8] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 235.399560][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 235.403532][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 235.417157][ T8] usb 5-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 235.420330][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.427569][ T8] usb 5-1: config 0 descriptor?? [ 235.844478][ T8] hid-multitouch 0003:0EEF:72D0.0003: unknown main item tag 0x0 [ 235.852073][ T8] hid-multitouch 0003:0EEF:72D0.0003: hidraw1: USB HID v0.00 Device [HID 0eef:72d0] on usb-dummy_hcd.0-1/input0 [ 235.959973][ T39] audit: type=1800 audit(1719725148.849:75): pid=10709 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1937" name="file1" dev="sda1" ino=1949 res=0 errno=0 [ 236.062579][ T8] usb 5-1: USB disconnect, device number 8 [ 236.267991][T10719] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 237.398433][ T5205] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 237.404414][ T5205] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 237.408787][ T5205] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 237.414953][ T5205] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 237.419843][ T5205] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 237.423328][ T5205] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 237.733431][T10736] chnl_net:caif_netlink_parms(): no params data found [ 237.877784][T10736] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.881692][T10736] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.885508][T10736] bridge_slave_0: entered allmulticast mode [ 237.890260][T10736] bridge_slave_0: entered promiscuous mode [ 237.895065][T10736] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.898850][T10736] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.902975][T10736] bridge_slave_1: entered allmulticast mode [ 237.907914][T10736] bridge_slave_1: entered promiscuous mode [ 237.964560][T10736] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 237.969879][T10736] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 238.043646][T10736] team0: Port device team_slave_0 added [ 238.047821][T10736] team0: Port device team_slave_1 added [ 238.116002][T10736] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 238.127100][T10736] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 238.135069][T10736] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 238.146216][ T39] audit: type=1326 audit(1719725151.029:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10756 comm="syz.2.1958" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73cb579 code=0x7ffc0000 [ 238.155391][T10736] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 238.167309][T10736] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 238.175896][T10736] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 238.266494][T10736] hsr_slave_0: entered promiscuous mode [ 238.272455][T10736] hsr_slave_1: entered promiscuous mode [ 238.275657][T10736] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 238.280552][T10736] Cannot create hsr debugfs directory [ 238.546953][T10736] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.645167][T10736] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.726412][T10736] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.827443][T10736] bond0: (slave netdevsim0): Releasing backup interface [ 238.833824][T10736] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.033909][T10736] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 239.038925][T10736] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 239.052740][T10736] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 239.059776][T10736] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 239.153715][T10736] 8021q: adding VLAN 0 to HW filter on device bond0 [ 239.171485][T10736] 8021q: adding VLAN 0 to HW filter on device team0 [ 239.181633][ T55] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.185220][ T55] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.205691][ T5244] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.208346][ T5244] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.472464][T10736] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 239.507292][ T5198] Bluetooth: hci0: command tx timeout [ 239.527122][ T5198] Bluetooth: hci1: Unknown advertising packet type: 0x70 [ 239.527188][ T5198] Bluetooth: hci1: Malformed LE Event: 0x0d [ 239.563412][T10736] veth0_vlan: entered promiscuous mode [ 239.587704][T10736] veth1_vlan: entered promiscuous mode [ 239.619391][T10736] veth0_macvtap: entered promiscuous mode [ 239.626765][T10736] veth1_macvtap: entered promiscuous mode [ 239.645412][T10736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 239.650054][T10736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.654199][T10736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 239.659824][T10736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.664004][T10736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 239.668456][T10736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.672700][T10736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 239.678579][T10736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.687826][T10736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 239.692482][T10736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.699593][T10736] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 239.716418][T10736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.721340][T10736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.731690][T10736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.736218][T10736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.739701][T10736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.743555][T10736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.747178][T10736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.751106][T10736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.755798][T10736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.759612][T10736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.766155][T10736] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 239.771793][T10736] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.775990][T10736] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.781378][T10736] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.784738][T10736] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.869620][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 239.872810][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 239.909912][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 239.913717][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.770094][ T65] Bluetooth: hci0: command tx timeout [ 241.770133][ T5198] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 241.772665][ T5205] Bluetooth: hci2: command 0x1003 tx timeout [ 242.508263][T10858] netlink: 'syz.1.1993': attribute type 7 has an invalid length. [ 244.023624][ T5198] Bluetooth: hci0: command tx timeout [ 244.402792][ T8] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 244.587299][ T5244] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 244.598423][ T8] usb 8-1: Using ep0 maxpacket: 32 [ 244.603769][ T8] usb 8-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 244.607119][ T8] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 244.611630][ T8] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 244.615442][ T8] usb 8-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 244.621629][ T8] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 244.624680][ T8] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.627677][ T8] usb 8-1: Product: syz [ 244.629244][ T8] usb 8-1: Manufacturer: syz [ 244.633402][ T8] usb 8-1: SerialNumber: syz [ 244.792842][ T5244] usb 5-1: Using ep0 maxpacket: 16 [ 244.797638][ T5244] usb 5-1: New USB device found, idVendor=0557, idProduct=4000, bcdDevice=53.e0 [ 244.801635][ T5244] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.806783][ T5244] usb 5-1: Product: syz [ 244.808383][ T5244] usb 5-1: Manufacturer: syz [ 244.810063][ T5244] usb 5-1: SerialNumber: syz [ 244.812812][ T5244] usb 5-1: config 0 descriptor?? [ 244.866581][ T8] usb 8-1: 2:1 : unknown format tag 0x0 is detected. processed as MPEG. [ 244.876037][ T8] usb 8-1: found format II with max.bitrate = 0, frame size=0 [ 244.878763][ T8] usb 8-1: 2:1 : unknown format tag 0x0 is detected. processed as MPEG. [ 244.883035][ T8] usb 8-1: found format II with max.bitrate = 0, frame size=0 [ 244.925021][ T8] usb 8-1: USB disconnect, device number 6 [ 245.060236][ T5244] kaweth 5-1:0.0: Firmware present in device. [ 245.088532][T10929] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2027'. [ 245.159002][T10934] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc. [ 245.183985][ T5163] udevd[5163]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 245.264972][ T5244] kaweth 5-1:0.0: Statistics collection: 0 [ 245.267017][ T5244] kaweth 5-1:0.0: Multicast filter limit: 0 [ 245.269158][ T5244] kaweth 5-1:0.0: MTU: 0 [ 245.270838][ T5244] kaweth 5-1:0.0: Read MAC address 00:00:00:00:00:00 [ 245.715545][ T5244] kaweth 5-1:0.0: Error setting SOFS wait [ 245.718265][ T5244] kaweth 5-1:0.0: probe with driver kaweth failed with error -5 [ 245.723746][ T5244] usb 5-1: USB disconnect, device number 9 [ 245.734594][ T13] Bluetooth: hci2: Frame reassembly failed (-84) [ 245.742440][ T13] Bluetooth: hci2: Frame reassembly failed (-84) [ 246.266365][ T5205] Bluetooth: hci0: command tx timeout [ 246.685646][T10962] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2038'. [ 247.913147][ T5205] Bluetooth: hci2: command 0x1003 tx timeout [ 247.913177][ T5198] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 248.139211][T10988] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2047'. [ 248.848688][ T43] Bluetooth: hci2: Frame reassembly failed (-84) [ 250.095189][T11027] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 251.033898][ T5205] Bluetooth: hci2: command 0x1003 tx timeout [ 251.034092][ T5198] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 251.443965][T11063] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 251.877560][T11077] overlayfs: failed to resolve './file0': -2 [ 252.467964][ T43] Bluetooth: hci2: Frame reassembly failed (-84) [ 252.470426][ T43] Bluetooth: hci2: Frame reassembly failed (-84) [ 253.122784][T11086] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2078'. [ 253.126768][T11086] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2078'. [ 253.446113][T11097] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 254.143055][T11107] overlayfs: failed to resolve './file0': -2 [ 254.621864][T11120] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2088'. [ 254.677388][ T5205] Bluetooth: hci2: command 0x1003 tx timeout [ 254.678521][ T5198] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 255.487787][T11120] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2088'. [ 255.670157][T11138] overlayfs: failed to resolve './file0': -2 [ 256.489800][T11155] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2101'. [ 256.497789][T11155] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2101'. [ 256.767550][ T1354] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.382157][T11184] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 258.947543][ T5198] Bluetooth: hci0: unexpected event 0x04 length: 11 > 10 [ 258.947562][ T5198] Bluetooth: unknown link type 5 [ 258.951944][ T5198] Bluetooth: hci0: connection err: -111 [ 259.397305][ T5241] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 259.531703][ T13] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.596915][ T5241] usb 5-1: Using ep0 maxpacket: 8 [ 259.601774][ T5241] usb 5-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice= 0.01 [ 259.607175][ T5241] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.615524][ T5241] usb 5-1: config 0 descriptor?? [ 259.618707][ T5241] ums-jumpshot 5-1:0.0: USB Mass Storage device detected [ 259.619350][ T13] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.636765][ T5241] ums-jumpshot 5-1:0.0: Quirks match for vid 05dc pid 0001: 2 [ 259.696186][ T13] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.724102][ T5205] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 259.728545][ T5205] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 259.731648][ T5205] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 259.735334][ T5205] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 259.738491][ T5205] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 259.741143][ T5205] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 259.746599][T11241] ================================================================== [ 259.749362][T11241] BUG: KASAN: slab-use-after-free in skb_release_data+0x8dd/0x980 [ 259.752331][T11241] Read of size 8 at addr ffff88802a514990 by task syz-executor/11241 [ 259.757124][T11241] [ 259.758585][T11241] CPU: 3 PID: 11241 Comm: syz-executor Not tainted 6.10.0-rc5-syzkaller-00280-g27b31deb900d #0 [ 259.763132][T11241] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 259.766794][T11241] Call Trace: [ 259.767934][T11241] SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 259.768946][T11241] dump_stack_lvl+0x116/0x1f0 [ 259.770657][T11241] print_report+0xc3/0x620 [ 259.772620][T11241] ? __virt_addr_valid+0x5e/0x580 [ 259.774883][T11241] ? __phys_addr+0xc6/0x150 [ 259.777038][T11241] kasan_report+0xd9/0x110 [ 259.778648][T11241] ? skb_release_data+0x8dd/0x980 [ 259.780387][T11241] ? skb_release_data+0x8dd/0x980 [ 259.782801][T11241] skb_release_data+0x8dd/0x980 [ 259.785237][T11241] ? __hci_req_sync+0x61d/0x980 [ 259.787495][T11241] ? rcu_is_watching+0x12/0xc0 [ 259.789845][T11241] kfree_skb_reason+0x12b/0x210 [ 259.792093][T11241] __hci_req_sync+0x61d/0x980 [ 259.794274][T11241] ? __pfx___hci_req_sync+0x10/0x10 [ 259.796673][T11241] ? hci_req_sync+0x3f/0xd0 [ 259.798780][T11241] ? find_held_lock+0x2d/0x110 [ 259.800987][T11241] hci_req_sync+0x97/0xd0 [ 259.802653][T11241] ? __pfx_hci_scan_req+0x10/0x10 [ 259.804366][T11241] hci_dev_cmd+0x634/0x960 [ 259.805911][T11241] ? __pfx_hci_dev_cmd+0x10/0x10 [ 259.807604][T11241] ? bpf_lsm_capable+0x9/0x10 [ 259.809220][T11241] ? security_capable+0x98/0xd0 [ 259.810840][T11241] hci_sock_ioctl+0x4f3/0x880 [ 259.812569][T11241] ? __pfx_hci_sock_ioctl+0x10/0x10 [ 259.814482][T11241] hci_sock_compat_ioctl+0x68/0x80 [ 259.816237][T11241] compat_sock_ioctl+0x181/0x7f0 [ 259.817999][T11241] ? __pfx_hci_sock_compat_ioctl+0x10/0x10 [ 259.820008][T11241] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 259.822116][T11241] ? __fget_files+0x256/0x400 [ 259.824263][T11241] ? bpf_lsm_file_ioctl_compat+0x9/0x10 [ 259.826776][T11241] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 259.829264][T11241] __do_compat_sys_ioctl+0x2c3/0x330 [ 259.831673][T11241] __do_fast_syscall_32+0x73/0x120 [ 259.833486][T11241] do_fast_syscall_32+0x32/0x80 [ 259.835154][T11241] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 259.837344][T11241] RIP: 0023:0xf7470579 [ 259.838763][T11241] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 259.846673][T11241] RSP: 002b:00000000ff891cd4 EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 259.850440][T11241] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000400448dd [ 259.854018][T11241] RDX: 00000000ff891d24 RSI: 00000000f745cff4 RDI: 0000000000000002 [ 259.857525][T11241] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 259.860961][T11241] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 259.863697][T11241] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 259.866348][T11241] [ 259.867411][T11241] [ 259.868230][T11241] Allocated by task 5198: [ 259.869709][T11241] kasan_save_stack+0x33/0x60 [ 259.871360][T11241] kasan_save_track+0x14/0x30 [ 259.872973][T11241] __kasan_slab_alloc+0x89/0x90 [ 259.874638][T11241] kmem_cache_alloc_noprof+0x121/0x2f0 [ 259.876478][T11241] skb_clone+0x190/0x3f0 [ 259.877936][T11241] hci_cmd_work+0x66a/0x710 [ 259.879504][T11241] process_one_work+0x958/0x1ad0 [ 259.881255][T11241] worker_thread+0x6c8/0xf30 [ 259.883322][T11241] kthread+0x2c1/0x3a0 [ 259.884837][T11241] ret_from_fork+0x45/0x80 [ 259.886781][T11241] ret_from_fork_asm+0x1a/0x30 [ 259.888985][T11241] [ 259.890099][T11241] Freed by task 5198: [ 259.891757][T11241] kasan_save_stack+0x33/0x60 [ 259.893366][T11241] kasan_save_track+0x14/0x30 [ 259.895457][T11241] kasan_save_free_info+0x3b/0x60 [ 259.897714][T11241] poison_slab_object+0xf7/0x160 [ 259.899996][T11241] __kasan_slab_free+0x32/0x50 [ 259.902168][T11241] kmem_cache_free+0x12f/0x3a0 [ 259.904349][T11241] kfree_skbmem+0x10e/0x200 [ 259.906444][T11241] kfree_skb_reason+0x138/0x210 [ 259.908649][T11241] hci_req_sync_complete+0x16c/0x270 [ 259.911038][T11241] hci_event_packet+0x963/0x1190 [ 259.913300][T11241] hci_rx_work+0x2c4/0x1610 [ 259.915377][T11241] process_one_work+0x958/0x1ad0 [ 259.917639][T11241] worker_thread+0x6c8/0xf30 [ 259.919768][T11241] kthread+0x2c1/0x3a0 [ 259.921573][T11241] ret_from_fork+0x45/0x80 [ 259.923093][T11241] ret_from_fork_asm+0x1a/0x30 [ 259.924731][T11241] [ 259.925575][T11241] The buggy address belongs to the object at ffff88802a5148c0 [ 259.925575][T11241] which belongs to the cache skbuff_head_cache of size 240 [ 259.930428][T11241] The buggy address is located 208 bytes inside of [ 259.930428][T11241] freed 240-byte region [ffff88802a5148c0, ffff88802a5149b0) [ 259.935105][T11241] [ 259.935925][T11241] The buggy address belongs to the physical page: [ 259.938090][T11241] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2a514 [ 259.941104][T11241] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 259.944880][T11241] memcg:ffff88801259b801 [ 259.946824][T11241] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 259.950245][T11241] page_type: 0xffffefff(slab) [ 259.952369][T11241] raw: 00fff00000000040 ffff8880167f2780 dead000000000100 dead000000000122 [ 259.956223][T11241] raw: 0000000000000000 0000000000190019 00000001ffffefff ffff88801259b801 [ 259.959963][T11241] head: 00fff00000000040 ffff8880167f2780 dead000000000100 dead000000000122 [ 259.963209][T11241] head: 0000000000000000 0000000000190019 00000001ffffefff ffff88801259b801 [ 259.966548][T11241] head: 00fff00000000001 ffffea0000a94501 ffffffffffffffff 0000000000000000 [ 259.969891][T11241] head: ffff888000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 259.972986][T11241] page dumped because: kasan: bad access detected [ 259.975149][T11241] page_owner tracks the page as allocated [ 259.977069][T11241] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 826, tgid 826 (kworker/1:2), ts 171758393532, free_ts 170247002124 [ 259.984616][T11241] post_alloc_hook+0x2d1/0x350 [ 259.986263][T11241] get_page_from_freelist+0x1353/0x2e50 [ 259.988152][T11241] __alloc_pages_noprof+0x22b/0x2460 [ 259.989958][T11241] alloc_slab_page+0x56/0x110 [ 259.991717][T11241] new_slab+0x84/0x260 [ 259.993587][T11241] ___slab_alloc+0xdac/0x1870 [ 259.995725][T11241] __slab_alloc.constprop.0+0x56/0xb0 [ 259.998156][T11241] kmem_cache_alloc_node_noprof+0xed/0x310 [ 260.000813][T11241] __alloc_skb+0x2b3/0x380 [ 260.002865][T11241] nsim_dev_trap_report_work+0x2a4/0xc80 [ 260.005011][T11241] process_one_work+0x958/0x1ad0 [ 260.006728][T11241] worker_thread+0x6c8/0xf30 [ 260.008308][T11241] kthread+0x2c1/0x3a0 [ 260.009707][T11241] ret_from_fork+0x45/0x80 [ 260.011276][T11241] ret_from_fork_asm+0x1a/0x30 [ 260.013430][T11241] page last free pid 8765 tgid 8764 stack trace: [ 260.016257][T11241] free_unref_page+0x64a/0xe40 [ 260.018458][T11241] __mmdrop+0xd5/0x470 [ 260.020323][T11241] __mmput+0x40a/0x4d0 [ 260.022126][T11241] mmput+0x62/0x70 [ 260.023413][T11241] do_exit+0x9b7/0x2ba0 [ 260.024830][T11241] do_group_exit+0xd3/0x2a0 [ 260.026384][T11241] get_signal+0x25c3/0x2670 [ 260.027937][T11241] arch_do_signal_or_restart+0x90/0x7e0 [ 260.029812][T11241] syscall_exit_to_user_mode+0x14a/0x2a0 [ 260.031903][T11241] __do_fast_syscall_32+0x80/0x120 [ 260.034262][T11241] do_fast_syscall_32+0x32/0x80 [ 260.036501][T11241] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 260.039390][T11241] [ 260.040487][T11241] Memory state around the buggy address: [ 260.043014][T11241] ffff88802a514880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 260.046613][T11241] ffff88802a514900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 260.050245][T11241] >ffff88802a514980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 260.053835][T11241] ^ [ 260.055944][T11241] ffff88802a514a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 260.059576][T11241] ffff88802a514a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 260.063093][T11241] ================================================================== [ 260.080747][T11241] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 260.083638][T11241] CPU: 3 PID: 11241 Comm: syz-executor Not tainted 6.10.0-rc5-syzkaller-00280-g27b31deb900d #0 [ 260.087509][T11241] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 260.091190][T11241] Call Trace: [ 260.092372][T11241] [ 260.093399][T11241] dump_stack_lvl+0x3d/0x1f0 [ 260.094992][T11241] panic+0x6f5/0x7a0 [ 260.096330][T11241] ? __pfx_panic+0x10/0x10 [ 260.097874][T11241] ? preempt_schedule_thunk+0x1a/0x30 [ 260.099719][T11241] ? preempt_schedule_common+0x44/0xc0 [ 260.101698][T11241] ? check_panic_on_warn+0x1f/0xb0 [ 260.104024][T11241] check_panic_on_warn+0xab/0xb0 [ 260.106280][T11241] end_report+0x117/0x180 [ 260.108259][T11241] kasan_report+0xe9/0x110 [ 260.110326][T11241] ? skb_release_data+0x8dd/0x980 [ 260.112261][T11241] ? skb_release_data+0x8dd/0x980 [ 260.114003][T11241] skb_release_data+0x8dd/0x980 [ 260.115676][T11241] ? __hci_req_sync+0x61d/0x980 [ 260.117375][T11241] ? rcu_is_watching+0x12/0xc0 [ 260.119045][T11241] kfree_skb_reason+0x12b/0x210 [ 260.120703][T11241] __hci_req_sync+0x61d/0x980 [ 260.122622][T11241] ? __pfx___hci_req_sync+0x10/0x10 [ 260.124359][T11241] ? hci_req_sync+0x3f/0xd0 [ 260.125921][T11241] ? find_held_lock+0x2d/0x110 [ 260.127570][T11241] hci_req_sync+0x97/0xd0 [ 260.129046][T11241] ? __pfx_hci_scan_req+0x10/0x10 [ 260.130769][T11241] hci_dev_cmd+0x634/0x960 [ 260.132485][T11241] ? __pfx_hci_dev_cmd+0x10/0x10 [ 260.134191][T11241] ? bpf_lsm_capable+0x9/0x10 [ 260.135803][T11241] ? security_capable+0x98/0xd0 [ 260.137471][T11241] hci_sock_ioctl+0x4f3/0x880 [ 260.139093][T11241] ? __pfx_hci_sock_ioctl+0x10/0x10 [ 260.140880][T11241] hci_sock_compat_ioctl+0x68/0x80 [ 260.143133][T11241] compat_sock_ioctl+0x181/0x7f0 [ 260.145389][T11241] ? __pfx_hci_sock_compat_ioctl+0x10/0x10 [ 260.148020][T11241] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 260.150460][T11241] ? __fget_files+0x256/0x400 [ 260.152261][T11241] ? bpf_lsm_file_ioctl_compat+0x9/0x10 [ 260.154157][T11241] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 260.156049][T11241] __do_compat_sys_ioctl+0x2c3/0x330 [ 260.157864][T11241] __do_fast_syscall_32+0x73/0x120 [ 260.159642][T11241] do_fast_syscall_32+0x32/0x80 [ 260.161555][T11241] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 260.164340][T11241] RIP: 0023:0xf7470579 [ 260.166247][T11241] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 260.175400][T11241] RSP: 002b:00000000ff891cd4 EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 260.179209][T11241] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000400448dd [ 260.182400][T11241] RDX: 00000000ff891d24 RSI: 00000000f745cff4 RDI: 0000000000000002 [ 260.185110][T11241] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 260.187806][T11241] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 260.190504][T11241] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 260.193902][T11241] [ 260.195868][T11241] Kernel Offset: disabled [ 260.197842][T11241] Rebooting in 86400 seconds.. VM DIAGNOSIS: 05:26:12 Registers: info registers vcpu 0 CPU#0 RAX=dffffc0000000000 RBX=0000000000000000 RCX=0000000000000000 RDX=1ffff110042715f5 RSI=000000000000000a RDI=ffff88802138afa0 RBP=0000000000000000 RSP=ffffc9002765f970 R8 =0000000000000001 R9 =0000000000000000 R10=000000000000000f R11=0000000000000000 R12=ffffffff8da764e8 R13=0000000000000000 R14=ffff88802138af98 R15=000000000000000a RIP=ffffffff816c70fe RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802c000000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0050 ffffc9002773a000 00001487 00008200 DPL=0 LDT TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c328e9b CR3=00000000668c2000 CR4=00350ef0 DR0=fffffffffffffffc DR1=000000000000a475 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000003a600000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffc90003f79000 RDX=0000000000000000 RSI=ffffffff8b8fb7e0 RDI=ffffffff8d494b48 RBP=ffff8880152d7000 RSP=ffffc9002681f780 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=0000000000000017 R13=0000000000000000 R14=ffff88801d5e09c0 R15=0000000000000000 RIP=ffffffff81750b70 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802c100000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020b4e000 CR3=0000000056f2a000 CR4=00350ef0 DR0=fffffffffffffffc DR1=000000000000a475 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=ffffffff942378b0 RBX=0000000000000000 RCX=0000000000000001 RDX=0000000000000003 RSI=0000000000000004 RDI=ffff888023683ed0 RBP=0000000000000001 RSP=ffffc90003ce7b18 R8 =0000000000000001 R9 =0000000000000000 R10=ffffffff8fe2a557 R11=0000000000000000 R12=ffff888023683ec8 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff816c6fc6 RFL=00000097 [--S-APC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fd6f3d8bd00 ffffffff 00c00000 GS =0000 ffff88802c200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00005609b85a3000 CR3=000000001df8c000 CR4=00350ef0 DR0=fffffffffffffffc DR1=000000000000a475 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=b07fbaf1b07fbaf1 b07fbaf1b07fbaf1 b07fbaf1b07fbaf1 b07fbaf1b07fbaf1 b07fbaf1b07fbaf1 b07fbaf1b07fbaf1 b07fbaf1b07fbaf1 b07fbaf1b07fbaf1 ZMM22=52bf7b0e52bf7b0e 52bf7b0e52bf7b0e 52bf7b0e52bf7b0e 52bf7b0e52bf7b0e 52bf7b0e52bf7b0e 52bf7b0e52bf7b0e 52bf7b0e52bf7b0e 52bf7b0e52bf7b0e ZMM23=faec2ed3faec2ed3 faec2ed3faec2ed3 faec2ed3faec2ed3 faec2ed3faec2ed3 faec2ed3faec2ed3 faec2ed3faec2ed3 faec2ed3faec2ed3 faec2ed3faec2ed3 ZMM24=d12a2341d12a2341 d12a2341d12a2341 d12a2341d12a2341 d12a2341d12a2341 d12a2341d12a2341 d12a2341d12a2341 d12a2341d12a2341 d12a2341d12a2341 ZMM25=8f9505db8f9505db 8f9505db8f9505db 8f9505db8f9505db 8f9505db8f9505db 8f9505db8f9505db 8f9505db8f9505db 8f9505db8f9505db 8f9505db8f9505db ZMM26=d257281ed257281e d257281ed257281e d257281ed257281e d257281ed257281e d257281ed257281e d257281ed257281e d257281ed257281e d257281ed257281e ZMM27=9bb2d6e59bb2d6e5 9bb2d6e59bb2d6e5 9bb2d6e59bb2d6e5 9bb2d6e59bb2d6e5 9bb2d6e59bb2d6e5 9bb2d6e59bb2d6e5 9bb2d6e59bb2d6e5 9bb2d6e59bb2d6e5 ZMM28=000000400000003f 0000003e0000003d 0000003c0000003b 0000003a00000039 0000003800000037 0000003600000035 0000003400000033 0000003200000031 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=af0b0000af0b0000 af0b0000af0b0000 af0b0000af0b0000 af0b0000af0b0000 af0b0000af0b0000 af0b0000af0b0000 af0b0000af0b0000 af0b0000af0b0000 info registers vcpu 3 CPU#3 RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff84f94db0 RDI=ffffffff94d5c040 RBP=ffffffff94d5c000 RSP=ffffc9000cfdf4b0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3561323038386552 R12=0000000000000000 R13=ffffffff94d5c000 R14=ffffffff94d5c050 R15=0000000000000018 RIP=ffffffff84f94dd7 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802c300000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7fc9434 CR3=00000000545d4000 CR4=00350ef0 DR0=fffffffffffffffc DR1=000000000000a475 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000004080 Opmask01=00000000ffffee00 Opmask02=000000000000ffdf Opmask03=2040000404420020 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffeca29b150 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0000 ffffffffffffffff ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 df68b9e011b217af 7373253763351fdf ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373737373737142 7373737373737373 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5f697363732f6575 6575716b726f772f 6c6175747269762f 736563697665642f ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6f742079617272 6120656c75722079 7261726f706d6574 002a3f005b3f2a00 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4a4a51055c445757 440540495057055c 5744574a55484051 000f1a005b1a0f00 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 0000000000000000 0000000000000036 5f666d745f697363 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000564174516f40 0000564174516f00 0000000000000041 000000000000302e ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000037 000056441047dac1 0000000000000021 0000003177617264 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 26483b3a3a264b3b 3a0a00307f617930 382432273f397b27 697a787c69303b7e ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692054524f50202c 2064696c61696d20 0070253a20252054 524f504d49005452 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692020520050202c 2025204f504d4900 0061253a20252000 2527204d49005452 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000