last executing test programs: 12.579043004s ago: executing program 0 (id=2054): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000001680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000100000024000300"], 0xe84}}, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = getpid() r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ipv6_route\x00') lseek(r4, 0xae7d, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff}, 0x80) r6 = add_key(&(0x7f0000000140)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r6, r7, 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, r6, r5, 0xffffffff) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)) ioctl$VIDIOC_DV_TIMINGS_CAP(0xffffffffffffffff, 0xc0905664, &(0x7f0000000640)={0x0, 0x0, '\x00', @bt={0x7, 0x0, 0x2, 0xe093, 0x7fffffffffffffff, 0x2, 0xb, 0xc}}) read$FUSE(r4, &(0x7f0000006240)={0x2020, 0x0, 0x0, 0x0}, 0x2020) fstat(r4, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000600)={{0x0, r8, r9, 0x0, 0x0, 0x18, 0x7}, 0x80000000, 0x10000, 0x3, 0xfffffffffffffffc, r2, r2, 0x1}) openat$pmem0(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$BLKFLSBUF(0xffffffffffffffff, 0x1261, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) r10 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00') read$FUSE(r10, 0x0, 0x0) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7221], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102]}, 0x45c) ioctl$UI_SET_PROPBIT(r0, 0x5501, 0x0) 11.236857882s ago: executing program 0 (id=2059): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x20, 0x1, 0x1c8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000580], 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="000000000000000000000000000000000000000f38bb23dd23f44100000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff010000001d00000000000000000065727370616e3000000000000000000062726964676530000000000000000000b43b24af61af8e2f000000000000000065716c00000000000000000000000000ffffffffffff000000000000aaaaaaaaaa000000000000000000a000000010010000380100006d61726b5f6d00000000000000000000000000000000000000000000000000000c0000000400000001000000000100006e666c6f670000000000000000000000000000000000000000000000000000004c0000006d8000000900090000000000b80eba8ec4468a0538ee0eed5dd9119d918668afa6c019b085be3837595dc113ccf27499f7202a2b59394b2619bcf57ec99b9abb99943198532b0b7bdd0f61e5726564697265637400000000000000000000000000000000000000000000000004000000fdffffff"]}, 0x218) read$FUSE(0xffffffffffffffff, &(0x7f0000002340)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) move_pages(r3, 0x1, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_setup(0x71d3, &(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0) r5 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000080)={'nicvf0\x00', 0x3666b165f8ff1357}) ioctl$TUNGETVNETLE(r6, 0x400454de, &(0x7f0000001940)) ioctl$SNDRV_PCM_IOCTL_FORWARD(r5, 0x4161, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x2a80c3, 0x0) r7 = syz_io_uring_setup(0x23b, &(0x7f0000000280)={0x0, 0x0, 0x10100, 0x0, 0xfffffffe}, 0x0, &(0x7f0000000140)) io_uring_enter(r7, 0x0, 0x0, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000045c0)={0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x4}, 0x0, &(0x7f0000004640)={0xf8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000000)={0x2, &(0x7f00000000c0)=[{0x3c}, {0x6}]}) r9 = epoll_create(0x7) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, 0xffffffffffffffff, &(0x7f0000000a00)) write$binfmt_misc(r8, &(0x7f0000000140)=ANY=[], 0x4) mmap$dsp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000b, 0x8012, r4, 0x0) 11.089770328s ago: executing program 3 (id=2060): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x5}]}}, 0x0, 0x2a}, 0x20) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) close(r1) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) r3 = socket$inet6(0xa, 0x3, 0x2f) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000003c0)={{{@in6=@dev, @in6=@remote, 0x0, 0x8, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x6c}, 0x0, @in6=@local}}, 0xe8) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000da29b5408205c4005fac000000010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r5, 0x0, 0x0) close(r1) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000180)={r4, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x67, 0x8, 0xd6ba5602775ea2d6, 0x0}}, 0x10) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r6, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r6}, 0x0, 0x0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r6, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10) r8 = socket$netlink(0x10, 0x3, 0x0) connect$tipc(r1, &(0x7f00000002c0)=@name={0x1e, 0x2, 0x1, {{0x660314cfb23f2c1, 0x2}, 0x2}}, 0x10) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000001c0)={'veth1_to_batadv\x00', 0x0}) unshare(0x62040200) r10 = gettid() sendmsg$nl_route(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005f00)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r9, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r10], 0x28}}, 0x0) bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, r0, 0x4002, 0x5}, 0x48) 9.17969486s ago: executing program 3 (id=2064): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/address_bits', 0x0, 0x0) r1 = syz_io_uring_setup(0x0, &(0x7f0000000440)={0x0, 0x2, 0x10100, 0x1, 0x6ee}, &(0x7f00000000c0)=0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='comm\x00') faccessat2(r3, &(0x7f0000000040)='\x00', 0x1, 0x1300) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000002000000000000000000000105cfae287f00000000000000000000850001000000"], 0x0, 0x36, 0x0, 0x0, 0xfffffffd}, 0x20) write$P9_RLCREATE(0xffffffffffffffff, &(0x7f0000000140)={0x18, 0xf, 0x1, {{0x80, 0x3, 0x8}, 0x1}}, 0x18) openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x88001, 0x0) r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x80, 0x82) r7 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00') openat$cgroup_int(r7, &(0x7f0000000040)='io.bfq.weight\x00', 0x2, 0x0) renameat2(r6, &(0x7f0000000200)='./file0\x00', r7, &(0x7f0000000240)='./file0\x00', 0x0) r8 = signalfd4(r5, &(0x7f0000000000), 0x8, 0x0) write$P9_ROPEN(r8, 0x0, 0x0) r9 = mq_open(&(0x7f0000000280)='io.bfq.weight\x00', 0xc2, 0x0, &(0x7f00000002c0)={0x400, 0xa5, 0x4800, 0x8}) ioctl$BTRFS_IOC_START_SYNC(r9, 0x80089418, &(0x7f0000000300)) r10 = openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x1e5002, 0x0) write(r10, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) syz_io_uring_submit(r2, 0x0, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x6, r10, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0}}) io_uring_enter(r1, 0x46f6, 0x0, 0x0, 0x0, 0x0) statx(r0, &(0x7f00000000c0)='.\x00', 0x0, 0xf4ff4b5601ea7c14, &(0x7f0000000180)) r11 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r11, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=@newtaction={0x74, 0x30, 0xb, 0x0, 0x0, {}, [{0x60, 0x1, [@m_ct={0x5c, 0x1, 0x0, 0x0, {{0x7}, {0x34, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x0, 0x0, 0x4}}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x74}}, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x5a300) 7.039367101s ago: executing program 0 (id=2069): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = getpid() r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d0000006700000005000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, 0x0, 0x0, 0x0) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) prctl$PR_SET_THP_DISABLE(0x41, 0x9) sendto$inet6(r0, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c) shutdown(r0, 0x1) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_int(r3, 0x29, 0x13, &(0x7f0000000040)=0x1, 0x4) ioctl$sock_SIOCBRADDBR(r3, 0x89a0, &(0x7f0000000040)='team_slave_0\x00') openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) io_uring_setup(0x497c, &(0x7f00000001c0)) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0) getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) 6.669400701s ago: executing program 0 (id=2070): write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x40) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x3) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000018c0)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58) accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r0, &(0x7f0000005280)=[{{0x0, 0x0, &(0x7f0000005240)=[{&(0x7f0000000000)="03d1"}], 0x1}}], 0x1, 0x14) ioctl$SNDCTL_DSP_GETOPTR(0xffffffffffffffff, 0x80044d76, &(0x7f0000000080)) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d39"]) chdir(&(0x7f0000000100)='./file0\x00') open(0x0, 0x3430c2, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f00000004c0), 0xb) dup3(r4, r3, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x26e1, 0x0) close(r5) socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_mems\x00', 0x275a, 0x0) 6.607649344s ago: executing program 2 (id=2071): write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x40) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x3) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmmsg(r0, &(0x7f0000005280)=[{{0x0, 0x0, &(0x7f0000005240)=[{&(0x7f0000000000)="03d1"}], 0x1}}], 0x1, 0x14) ioctl$SNDCTL_DSP_GETOPTR(0xffffffffffffffff, 0x80044d76, &(0x7f0000000080)) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB]) chdir(&(0x7f0000000100)='./file0\x00') open(0x0, 0x3430c2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f00000004c0), 0xb) dup3(r3, r2, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x26e1, 0x0) close(r4) socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_mems\x00', 0x275a, 0x0) 5.769809813s ago: executing program 2 (id=2072): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x5}]}}, 0x0, 0x2a}, 0x20) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) close(r1) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) r3 = socket$inet6(0xa, 0x3, 0x2f) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000003c0)={{{@in6=@dev, @in6=@remote, 0x0, 0x8, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x6c}, 0x0, @in6=@local}}, 0xe8) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000da29b5408205c4005fac000000010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r5, 0x0, 0x0) close(r1) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000180)={r4, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x67, 0x8, 0xd6ba5602775ea2d6, 0x0}}, 0x10) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r6, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r6}, 0x0, 0x0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r6, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10) r8 = socket$netlink(0x10, 0x3, 0x0) connect$tipc(r1, &(0x7f00000002c0)=@name={0x1e, 0x2, 0x1, {{0x660314cfb23f2c1, 0x2}, 0x2}}, 0x10) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000001c0)={'veth1_to_batadv\x00', 0x0}) unshare(0x62040200) r10 = gettid() sendmsg$nl_route(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005f00)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r9, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r10], 0x28}}, 0x0) bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, r0, 0x4002, 0x5}, 0x48) 5.709812818s ago: executing program 0 (id=2073): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x5}]}}, 0x0, 0x2a}, 0x20) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) close(r1) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) r3 = socket$inet6(0xa, 0x3, 0x2f) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000003c0)={{{@in6=@dev, @in6=@remote, 0x0, 0x8, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x6c}, 0x0, @in6=@local}}, 0xe8) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000da29b5408205c4005fac000000010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r5, 0x0, 0x0) close(r1) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000180)={r4, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x67, 0x8, 0xd6ba5602775ea2d6, 0x0}}, 0x10) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r6, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r6}, 0x0, 0x0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r6, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10) r8 = socket$netlink(0x10, 0x3, 0x0) connect$tipc(r1, &(0x7f00000002c0)=@name={0x1e, 0x2, 0x1, {{0x660314cfb23f2c1, 0x2}, 0x2}}, 0x10) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000001c0)={'veth1_to_batadv\x00', 0x0}) unshare(0x62040200) r10 = gettid() sendmsg$nl_route(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005f00)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r9, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r10], 0x28}}, 0x0) bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, r0, 0x4002, 0x5}, 0x48) 4.805037894s ago: executing program 3 (id=2074): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$kcm(0x10, 0x3, 0x10) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000140)={0x0, 0x0}) sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x68) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x0) ioctl$I2C_FUNCS(r4, 0x705, &(0x7f0000000240)=0x1d4) preadv(r3, &(0x7f00000001c0)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) syz_open_dev$I2C(&(0x7f0000000100), 0x7e3a, 0x101100) socket(0x0, 0x2, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) r6 = userfaultfd(0x1) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040)) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f00002d7000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000a88000/0x2000)=nil, 0x3) ioctl$UFFDIO_WRITEPROTECT(r6, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000800000/0x800000)=nil, 0x802000}, 0x2}) ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000400)={&(0x7f0000b36000/0x12000)=nil, &(0x7f0000841000/0x4000)=nil, 0x12000}) r8 = fcntl$dupfd(r6, 0x0, r6) ioctl$UFFDIO_CONTINUE(r8, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}, 0x1}) syz_io_uring_setup(0x6866, &(0x7f00000003c0)={0x0, 0x0, 0x200, 0x0, 0x10}, &(0x7f0000000080), &(0x7f0000000140)) close_range(r5, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030021000b63d25a80648c2594f90124fc60350c030b022e0009083582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x3000}, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81e8943c, 0x0) 4.109084082s ago: executing program 3 (id=2076): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x0, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r2, 0x84, 0x65, &(0x7f00000001c0), 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r5 = dup3(0xffffffffffffffff, r4, 0x0) recvmmsg(r5, &(0x7f0000000240)=[{{&(0x7f0000000080)=@nfc_llcp, 0x80, 0x0, 0x0, &(0x7f0000000440)=""/174, 0xae}, 0xb}], 0x1, 0x2, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000000), 0x4) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r7) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r7, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r7, 0x0) r8 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) close_range(r6, 0xffffffffffffffff, 0x0) r9 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0) sendmsg$NFC_CMD_ACTIVATE_TARGET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010023010000341a00001c00000008000100", @ANYRES32, @ANYBLOB="0800040000000000080003"], 0x2c}}, 0x0) 4.019062361s ago: executing program 0 (id=2078): socket$alg(0x26, 0x5, 0x0) syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setscheduler(0x0, 0x0, &(0x7f0000000240)=0x7) getpid() sched_setscheduler(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[], 0xc4}, 0x1, 0x0, 0x0, 0x4840}, 0x80) sendmsg$NFT_MSG_GETTABLE(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="24000000010a01020000000000000e84d150000908000240000000000800024000000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x50) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) mount(&(0x7f0000000200)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000300)='./file0\x00', &(0x7f0000000340)='nfs\x00', 0x204000c, &(0x7f0000000380)='&+\x00') copy_file_range(r5, 0x0, r0, 0x0, 0x0, 0x0) syz_emit_ethernet(0x4a, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = openat$cgroup_freezer_state(r6, &(0x7f0000000140), 0x2, 0x0) write$cgroup_freezer_state(r7, &(0x7f0000000040)='FROZEN\x00', 0x7) read(r7, &(0x7f00000000c0)=""/29, 0x1d) r8 = openat$cgroup_procs(r6, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r8, &(0x7f0000000240), 0x12) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f00000004c0)=ANY=[]) 4.018010097s ago: executing program 2 (id=2079): r0 = getpid() r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe55}, 0x80) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB], &(0x7f0000000140)='GPL\x00'}, 0x90) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r3, &(0x7f0000000040), 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB="affb282cbeeb9587d7e2f0b6095d4f07f9ce", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x0, 0x1}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r5 = openat$null(0xffffffffffffff9c, 0x0, 0x1, 0x0) sendfile(r5, r4, 0x0, 0x80009) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81e8943c, &(0x7f0000000480)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, &(0x7f0000000680)={r6, 0x4}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r2, 0xc0709411, &(0x7f0000000340)={{r6, 0x800, 0xd3af, 0x3, 0x4, 0x2, 0x1, 0x7, 0x690c, 0xc, 0xfffffffa, 0xa6, 0x3, 0x9, 0x800000000}, 0x50, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r7 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) ioctl$NBD_SET_TIMEOUT(r7, 0xab09, 0x5) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r7, 0xab00, r8) ioctl$NBD_DO_IT(r7, 0xab03) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) r9 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b06d25a806c8c6f94f90424fc600400037a0a000900050282c137153e370e0c1180fc0b10000300", 0x33fe0}], 0x1}, 0x0) 2.996107266s ago: executing program 3 (id=2081): write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x40) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x3) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000018c0)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58) accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r0, &(0x7f0000005280)=[{{0x0, 0x0, &(0x7f0000005240)=[{&(0x7f0000000000)="03d1"}], 0x1}}], 0x1, 0x14) ioctl$SNDCTL_DSP_GETOPTR(0xffffffffffffffff, 0x80044d76, &(0x7f0000000080)) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030"]) chdir(&(0x7f0000000100)='./file0\x00') open(0x0, 0x3430c2, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f00000004c0), 0xb) dup3(r4, r3, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x26e1, 0x0) close(r5) socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_mems\x00', 0x275a, 0x0) 2.896620697s ago: executing program 2 (id=2082): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000240)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x10, 0x0, 0x4c, 0x0, {}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0xa, {0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000140)) openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_GETODELAY(0xffffffffffffffff, 0x80045017, 0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8) fcntl$addseals(0xffffffffffffffff, 0x409, 0x7) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x6}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, 0x0) io_uring_setup(0x4d63, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1}) r3 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, r3, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) munlock(&(0x7f000099f000/0x2000)=nil, 0x2000) r4 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) ioctl$SIOCAX25CTLCON(r4, 0x541b, &(0x7f00000000c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, 0x0, 0x0, 0x0, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) close(0xffffffffffffffff) bpf$MAP_CREATE(0x0, 0x0, 0x0) openat$nvram(0xffffff9c, &(0x7f0000000000), 0x14001, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r3) 2.339750632s ago: executing program 1 (id=2083): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = getpid() r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d0000006700000005000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) prctl$PR_SET_THP_DISABLE(0x41, 0x9) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c) shutdown(r0, 0x1) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_int(r3, 0x29, 0x13, &(0x7f0000000040)=0x1, 0x4) ioctl$sock_SIOCBRADDBR(r3, 0x89a0, &(0x7f0000000040)='team_slave_0\x00') openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) io_uring_setup(0x497c, &(0x7f00000001c0)) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0) getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) 2.139655125s ago: executing program 3 (id=2084): socket$xdp(0x2c, 0x3, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x10, &(0x7f0000000180), 0x4) connect$inet6(0xffffffffffffffff, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) madvise(&(0x7f000018e000/0x3000)=nil, 0x3000, 0x1) r0 = io_uring_setup(0x0, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000ec0)=ANY=[@ANYBLOB="500000008287b55a29215b0206050000000000000000000000000011000300686173683a69702c706f7274000000000900020073797a320000000005000400000000000500010006000000"], 0x50}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000780), 0x7f, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f0000000140)={0x11, 0x1, 0x0, "8eb8a828e93b07f1dd06da7a41bfeac48048beb159fbba176fb1de26098c68d9"}) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x4000) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000240)={0x0, 0x1000000}) r4 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io(r4, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_disconnect(r4) flistxattr(r0, &(0x7f0000000040)=""/44, 0x2c) r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r5, 0x5b03, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in=@remote, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee01}}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x0) sendmsg$nl_xfrm(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@flushpolicy={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@policy_type={0xa, 0x10, {0x1}}]}, 0x1c}}, 0x0) 1.369654544s ago: executing program 1 (id=2085): mkdirat(0xffffffffffffff9c, 0x0, 0x0) syz_io_uring_setup(0x601, &(0x7f0000000380)={0x0, 0x33c5, 0x10, 0x3, 0x27b}, &(0x7f00000000c0), &(0x7f0000000400)) r0 = socket(0x1, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) connect$l2tp6(r0, &(0x7f0000000180)={0xa, 0x0, 0xa, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7fffffff}, 0x20) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000480)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="4900330080000000ffffffffffff08021100000050505050505000000000000000000000000000000100040600000000000025030000002a01003c0400"], 0x68}}, 0x40080) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1f"], 0x118) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a34000000030a01010000000000000000020000050c0002400000000000000001"], 0x5c}}, 0x0) r6 = getpgrp(0x0) syz_pidfd_open(r6, 0x0) pidfd_send_signal(r5, 0x2c, &(0x7f0000000500)={0x10000, 0x16}, 0x4) r7 = socket$kcm(0x10, 0x0, 0x10) sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x8100000}, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x101}, @NFTA_NG_DREG={0x8}, @NFTA_NG_TYPE={0x8}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0xffffffd9}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r9 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r9, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 1.229745673s ago: executing program 1 (id=2086): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = getpid() r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d0000006700000005000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{0x0}], 0x1, 0x0) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) prctl$PR_SET_THP_DISABLE(0x41, 0x9) sendto$inet6(r0, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c) shutdown(r0, 0x1) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_int(r3, 0x29, 0x13, &(0x7f0000000040)=0x1, 0x4) ioctl$sock_SIOCBRADDBR(r3, 0x89a0, &(0x7f0000000040)='team_slave_0\x00') openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) io_uring_setup(0x497c, &(0x7f00000001c0)) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0) getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) 919.000006ms ago: executing program 1 (id=2087): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = getpid() r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d0000006700000005000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640), 0x0, 0x0) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) prctl$PR_SET_THP_DISABLE(0x41, 0x9) sendto$inet6(r0, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c) shutdown(r0, 0x1) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_int(r3, 0x29, 0x13, &(0x7f0000000040)=0x1, 0x4) ioctl$sock_SIOCBRADDBR(r3, 0x89a0, &(0x7f0000000040)='team_slave_0\x00') openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) io_uring_setup(0x497c, &(0x7f00000001c0)) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0) getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) 702.415672ms ago: executing program 1 (id=2088): r0 = socket(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = socket$nl_generic(0x11, 0x3, 0x10) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000000c0)=@nat={'nat\x00', 0x19, 0x1, 0x178, [], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB]}, 0x50) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), r1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000280)={'batadv0\x00', 0x0}) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000002c0)={&(0x7f0000000f80)=ANY=[@ANYBLOB="0005002b085ca3906313b808f4d0d3f3cadc0f00000000000000e8c41298090016f3ff0e335106d5309ed28bfc682f5cd9244bfa86f6933b0f980875539881348216e984ba09b6914bb757d32820e96054da2043cc104331f76e9a13c828540bc85f453178f8c5d2591e01981963edd0aed066f7649916e57633025f80f8ae86e5b94839a889b1779b6471698dc045bcf405d25b74264786d65b6cf935325330aec5ca136f2338", @ANYBLOB="000227bd700000dcdf250c000000740403807c0003802c00018004000300050002000000000008000100060000000500020000000000070002002c400000040003004c000180110002002f6465762f6e65742f74756e00000000040003000a0002002b2f3a2624000000080002006e61740004000300040003000a0002007663616e30000000080001001b00000024000500c5720d683317249248ce195ef05ce75a544d9a74de66a8b430cd470459fee0009401038028000180080001000600000004000300080001000800000008000100050000000500020000000000240001800800010004000000080001001000000008000100feffffff08000100c40c0000440001800f00020073797a6b616c6c657231000008000100ff010000040003000400030008000100010000000400030008000100aac9000004000300080001000a000000600001800800010000000000110002002f6465762f6e65742f74756e0000000008000100fbffffff040003000500020000000000110002002f6465762f6e65742f74756e00000000080002002d7b5d00080001000600000008000100f8ffffff380001800400030008000100030000000400030008000100010001000400030007000200235e000008000100000000000700020028240000140001800a0002002b21297d5e000000040003000c00018008000100445c00001c0001800400030008000100020000000500020000000000040003002c0001800400030008000100000000000800010004000000110002002f6465762f6e65742f74756e00000000530004003cae9a6625efbf1c08e1a7192d335e6f7731631ba702556bf6805a7d5dea74994f4d61434a37fadd8c8fdf12ac7bf0a1fa01de9f56f4f0b9b5062a7f83c2d2508ccc0f85a7203861a9601a959b8f1400f40003803c00018008000100070000000f00020073797a6b616c6c6572310000040003000a0002007663616e3000000008000100340000000800010000000000140001800800010006000000040003000400030020000180110002002f6465762f6e65742f74756e0000000008000100ff0300003c000180110002002f6465762f6e65742f74756e000000000d0002002d5e5e28215c297b00000000110002002f6465762f6e65742f74756e000000000c0001800800010001800000200001800f00020073797a6b616c6c65723100000a0002007663616e30000000100001800800010005000000040003000800018004000300f4000500fb62142afff3b55f4924619f820efee5dcbef196d85a455c796e0fedaab8095747b4f08718d2df2ea9912ead5ba99dd78e7344df63c42b4aa1f894b72081d58f81e328c87e114ac96fc226e97b728753a64ff60fa9f0cb677d81b82edb301790d5239b95b6410eb936926b743a699f69476afc5fafbabba2ac22b4f6aed010640e0e9e8347581332fd4e5a86cb31b6a9cc8471885a8d9a819fd0cde63bf98a6a2d44befa72f1432f7346880e3798948d55f259808f73cf5099be870c4baa6df1afd7345ef2f8", @ANYRES32=r2], 0x500}, 0x1, 0x0, 0x0, 0x40000}, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) r3 = getpid() bpf$PROG_LOAD(0x5, 0x0, 0x0) process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'vcan0\x00'}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40841, 0x0) r5 = socket$kcm(0x2, 0xa, 0x2) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000100)) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r8 = socket$kcm(0xa, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffc3) ioctl$sock_kcm_SIOCKCMCLONE(r8, 0x8916, &(0x7f0000000000)) dup3(r7, r6, 0x0) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, &(0x7f00000001c0)) write$tun(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB="00001b1de4356c052e79aaaaaaaaaaaa88a800008100000086dd6017785c00182f0000000000000000000000000000000000fe80000000000000000000000000000e800086dd"], 0xfdef) 679.33373ms ago: executing program 2 (id=2089): r0 = syz_open_dev$I2C(&(0x7f00000002c0), 0x1, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000800)={'bridge0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2400000070000100000000000300000007000000", @ANYRES32=r5, @ANYBLOB="0c0001800800017fe4a10a1ce43e130002000400"], 0x24}}, 0x0) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=@bridge_getvlan={0x18, 0x72, 0x333}, 0x18}}, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r7, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001a00)={0x38, r8, 0x1, 0x0, 0x0, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x38}}, 0x0) sendmsg$NBD_CMD_RECONFIGURE(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x1c, r8, 0x181, 0x0, 0x0, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWRULE={0x38, 0x6, 0xa, 0x409, 0x0, 0x0, {0x7}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x3, 0x0, 0x0, {0x5, 0x0, 0x3}, [@NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x1}, @NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x4}, @NFTA_RULE_USERDATA={0xf, 0x7, 0x1, 0x0, "a2eca097ab1a9f645fdaa0"}]}], {0x14}}, 0xa0}}, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$smc(&(0x7f0000000140), r9) r11 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xa) r12 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r12}, 0x10) r13 = userfaultfd(0x801) ioctl$UFFDIO_API(r13, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r13, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) r14 = userfaultfd(0x801) ioctl$UFFDIO_API(r14, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_COPY(r14, 0xc028aa03, &(0x7f0000000180)={&(0x7f0000bea000/0x3000)=nil, &(0x7f00005e8000/0x4000)=nil, 0x3000}) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$SMC_PNETID_ADD(r11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x40, r10, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'geneve1\x00'}]}, 0x40}}, 0x0) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000001100)={&(0x7f0000001200)=[{0x0, 0x3000, 0x0, 0x0}, {0x0, 0xf5ff, 0x1, &(0x7f0000001140)="b5"}], 0x2}) 391.041973ms ago: executing program 2 (id=2090): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = getpid() r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d0000006700000005000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) prctl$PR_SET_THP_DISABLE(0x41, 0x9) sendto$inet6(r0, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c) shutdown(r0, 0x1) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_int(r3, 0x29, 0x13, &(0x7f0000000040)=0x1, 0x4) ioctl$sock_SIOCBRADDBR(r3, 0x89a0, &(0x7f0000000040)='team_slave_0\x00') openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) io_uring_setup(0x497c, &(0x7f00000001c0)) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0) getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) 0s ago: executing program 1 (id=2091): write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x40) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x3) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmmsg(r0, &(0x7f0000005280)=[{{0x0, 0x0, &(0x7f0000005240)=[{&(0x7f0000000000)="03d1"}], 0x1}}], 0x1, 0x14) ioctl$SNDCTL_DSP_GETOPTR(0xffffffffffffffff, 0x80044d76, &(0x7f0000000080)) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e79"]) chdir(&(0x7f0000000100)='./file0\x00') open(0x0, 0x3430c2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f00000004c0), 0xb) dup3(r3, r2, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x26e1, 0x0) close(r4) socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_mems\x00', 0x275a, 0x0) kernel console output (not intermixed with test programs): 1.588736][T11193] netlink: 'syz.1.1382': attribute type 9 has an invalid length. [ 501.592747][T11193] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.1382'. [ 501.885045][T11199] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1383'. [ 502.184716][ T5347] block nbd1: Receive control failed (result -104) [ 502.191687][T11194] block nbd1: shutting down sockets [ 502.730188][T11205] netlink: 'syz.0.1384': attribute type 9 has an invalid length. [ 502.737980][T11205] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1384'. [ 502.972311][T11210] vivid-003: ================= START STATUS ================= [ 502.976675][T11210] vivid-003: Radio HW Seek Mode: Bounded [ 502.984261][T11210] vivid-003: Radio Programmable HW Seek: false [ 502.988485][T11210] vivid-003: RDS Rx I/O Mode: Block I/O [ 502.998344][T11210] vivid-003: Generate RBDS Instead of RDS: false [ 503.001085][T11210] vivid-003: RDS Reception: true [ 503.014990][T11210] vivid-003: RDS Program Type: 0 inactive [ 503.059385][T11210] vivid-003: RDS PS Name: inactive [ 503.081947][T11210] vivid-003: RDS Radio Text: inactive [ 503.089336][T11210] vivid-003: RDS Traffic Announcement: false inactive [ 503.107798][T11210] vivid-003: RDS Traffic Program: false inactive [ 503.112120][T11210] vivid-003: RDS Music: false inactive [ 503.120461][T11210] vivid-003: ================== END STATUS ================== [ 503.300204][ T5347] block nbd0: Receive control failed (result -104) [ 503.315893][T11202] block nbd0: shutting down sockets [ 503.876329][T11217] netlink: 'syz.0.1387': attribute type 9 has an invalid length. [ 503.879380][T11217] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1387'. [ 504.122135][T11220] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1388'. [ 504.137931][T11220] 9pnet_fd: p9_fd_create_tcp (11220): problem binding to privport [ 504.154116][ T39] audit: type=1326 audit(1724839979.118:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11219 comm="syz.3.1388" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf746e579 code=0x0 [ 504.489017][ T5347] block nbd0: Receive control failed (result -104) [ 504.492675][T11218] block nbd0: shutting down sockets [ 504.599352][T11222] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1389'. [ 504.608249][T11222] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1389'. [ 505.149369][ T39] audit: type=1326 audit(1724839980.118:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11233 comm="syz.3.1392" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf746e579 code=0x0 [ 505.428139][ T5405] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 505.625387][ T5405] usb 5-1: Using ep0 maxpacket: 8 [ 505.638039][ T5405] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 505.642942][ T5405] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 505.665358][ T5405] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 505.681596][ T5405] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 505.687968][ T5405] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 505.691878][ T5405] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 505.714899][ T5405] hub 5-1:1.0: bad descriptor, ignoring hub [ 505.717776][ T5405] hub 5-1:1.0: probe with driver hub failed with error -5 [ 505.721303][ T5405] cdc_wdm 5-1:1.0: skipping garbage [ 505.723630][ T5405] cdc_wdm 5-1:1.0: skipping garbage [ 505.735527][ T5405] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 505.737869][ T5405] cdc_wdm 5-1:1.0: Unknown control protocol [ 505.906452][T11239] netlink: 'syz.1.1393': attribute type 9 has an invalid length. [ 505.909696][T11239] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.1393'. [ 506.085739][T11243] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1394'. [ 506.448533][ T5347] block nbd1: Receive control failed (result -104) [ 506.453760][T11242] block nbd1: shutting down sockets [ 506.570528][T11248] netlink: 'syz.3.1395': attribute type 9 has an invalid length. [ 506.573856][T11248] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1395'. [ 506.629669][ T5405] usb 5-1: USB disconnect, device number 22 [ 506.811291][ T1377] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.813783][ T1377] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.051864][T11254] netlink: 'syz.2.1397': attribute type 9 has an invalid length. [ 507.063496][T11254] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1397'. [ 507.156211][ T5347] block nbd3: Receive control failed (result -104) [ 507.166029][T11249] block nbd3: shutting down sockets [ 507.242464][T11256] netlink: 'syz.1.1396': attribute type 15 has an invalid length. [ 507.478313][T11259] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1398'. [ 507.619139][T11261] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1399'. [ 507.759106][ T66] block nbd2: Receive control failed (result -104) [ 507.763282][T11253] block nbd2: shutting down sockets [ 507.817600][T11265] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1400'. [ 508.136086][T11275] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1402'. [ 508.354618][ T39] audit: type=1326 audit(1724839983.318:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11271 comm="syz.0.1403" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 508.406540][ T39] audit: type=1326 audit(1724839983.318:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11271 comm="syz.0.1403" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 508.436752][ T39] audit: type=1326 audit(1724839983.328:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11271 comm="syz.0.1403" exe="/syz-executor" sig=0 arch=40000003 syscall=163 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 508.458198][ T39] audit: type=1326 audit(1724839983.328:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11271 comm="syz.0.1403" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 508.467937][ T39] audit: type=1326 audit(1724839983.328:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11271 comm="syz.0.1403" exe="/syz-executor" sig=0 arch=40000003 syscall=162 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 508.483021][T11279] netlink: 'syz.1.1404': attribute type 9 has an invalid length. [ 508.493770][T11279] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.1404'. [ 508.499337][ T39] audit: type=1326 audit(1724839983.328:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11271 comm="syz.0.1403" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 508.499380][ T39] audit: type=1326 audit(1724839983.328:689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11271 comm="syz.0.1403" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 508.966944][T11283] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1405'. [ 509.044117][ T66] block nbd1: Receive control failed (result -104) [ 509.049327][T11280] block nbd1: shutting down sockets [ 509.507352][T11293] netlink: 'syz.2.1409': attribute type 9 has an invalid length. [ 509.510855][T11293] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1409'. [ 509.605818][ T57] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 509.656723][T11297] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1411'. [ 509.747393][T11305] input: syz0 as /devices/virtual/input/input15 [ 509.786962][ T57] usb 6-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 509.793615][ T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 509.803616][ T57] usb 6-1: config 0 descriptor?? [ 509.856819][T11304] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 509.987335][T11312] netlink: 'syz.3.1414': attribute type 9 has an invalid length. [ 509.990824][T11312] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1414'. [ 510.148199][ T66] block nbd2: Receive control failed (result -104) [ 510.154380][T11298] block nbd2: shutting down sockets [ 510.383395][ T5407] usb 6-1: USB disconnect, device number 21 [ 510.605947][ T5347] block nbd3: Receive control failed (result -104) [ 510.609968][T11308] block nbd3: shutting down sockets [ 511.507541][T11335] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 512.905263][ T57] usb 8-1: new high-speed USB device number 19 using dummy_hcd [ 513.097230][ T57] usb 8-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 513.102519][ T57] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 513.108986][ T57] usb 8-1: config 0 descriptor?? [ 513.465206][ T10] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 513.645314][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 513.660028][ T57] usb 8-1: USB disconnect, device number 19 [ 513.666782][ T10] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 513.670688][ T10] usb 5-1: config 246 descriptor has 1 excess byte, ignoring [ 513.677078][ T10] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 513.681212][ T10] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 513.687504][ T10] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 513.705542][ T10] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 513.710825][ T10] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 513.721393][ T10] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 513.725046][ T10] usb 5-1: config 246 descriptor has 1 excess byte, ignoring [ 513.731177][ T10] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 513.735397][ T10] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 513.740832][ T10] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 513.751889][ T10] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 513.756999][ T10] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 513.774383][ T10] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 513.780492][ T10] usb 5-1: config 246 descriptor has 1 excess byte, ignoring [ 513.790693][ T10] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 513.795512][ T10] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 513.801014][ T10] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 513.809010][ T10] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 513.813858][ T10] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 513.850090][ T10] usb 5-1: string descriptor 0 read error: -22 [ 513.862819][ T10] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 513.871896][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 513.910232][ T10] adutux 5-1:246.0: ADU100 now attached to /dev/usb/adutux0 [ 514.495630][T11368] __nla_validate_parse: 4 callbacks suppressed [ 514.495647][T11368] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1431'. [ 514.962061][T11372] 9pnet_fd: Insufficient options for proto=fd [ 514.987056][T11373] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1432'. [ 515.091715][ T5406] usb 5-1: USB disconnect, device number 23 [ 515.244603][T11376] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1434'. [ 516.088416][T11387] netlink: 'syz.2.1437': attribute type 9 has an invalid length. [ 516.093853][T11387] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1437'. [ 516.338618][T11392] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 516.626302][T11396] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1439'. [ 516.643839][ T5347] block nbd2: Receive control failed (result -104) [ 516.671304][T11391] block nbd2: shutting down sockets [ 517.126699][T11400] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1440'. [ 517.424347][T11406] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1442'. [ 518.209014][T11410] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1443'. [ 518.368495][T11417] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1445'. [ 519.897684][T11433] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1450'. [ 519.998840][T11437] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1451'. [ 520.704437][T11441] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1452'. [ 520.950409][T11445] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1454'. [ 521.146301][T11452] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1456'. [ 521.530893][T11460] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1458'. [ 521.859984][T11467] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1461'. [ 521.896737][T11467] 9pnet_fd: p9_fd_create_tcp (11467): problem binding to privport [ 521.906031][T11465] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 521.927525][ T39] audit: type=1326 audit(1724839996.888:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11466 comm="syz.2.1461" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fb0579 code=0x0 [ 522.285272][ T5405] usb 8-1: new high-speed USB device number 20 using dummy_hcd [ 522.476286][ T5405] usb 8-1: Using ep0 maxpacket: 8 [ 522.483838][ T5405] usb 8-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 522.488132][ T5405] usb 8-1: config 246 descriptor has 1 excess byte, ignoring [ 522.491572][ T5405] usb 8-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 522.496468][ T5405] usb 8-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 522.501475][ T5405] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 522.505900][ T5405] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 522.510002][ T5405] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 522.519749][ T5405] usb 8-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 522.524800][ T5405] usb 8-1: config 246 descriptor has 1 excess byte, ignoring [ 522.531913][ T5405] usb 8-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 522.544254][ T5405] usb 8-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 522.553311][ T5405] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 522.562136][ T5405] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 522.569187][ T5405] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 522.581629][ T5405] usb 8-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 522.594194][ T5405] usb 8-1: config 246 descriptor has 1 excess byte, ignoring [ 522.598932][T11473] netlink: 'syz.1.1462': attribute type 9 has an invalid length. [ 522.601987][T11473] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.1462'. [ 522.602716][ T5405] usb 8-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 522.635016][ T5405] usb 8-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 522.643508][ T5405] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 522.649827][ T5405] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 522.654691][ T5405] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 522.679834][ T5405] usb 8-1: string descriptor 0 read error: -22 [ 522.690905][ T5405] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 522.694897][ T5405] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 522.717924][T11472] netlink: 'syz.0.1463': attribute type 9 has an invalid length. [ 522.722387][T11472] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1463'. [ 522.747548][ T5405] adutux 8-1:246.0: ADU100 now attached to /dev/usb/adutux0 [ 523.084149][ T5347] block nbd1: Receive control failed (result -104) [ 523.087614][T11469] block nbd1: shutting down sockets [ 523.111346][T11477] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1464'. [ 523.309696][ T66] block nbd0: Receive control failed (result -104) [ 523.314729][T11474] block nbd0: shutting down sockets [ 524.035301][ T57] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 524.203268][ T5405] usb 8-1: USB disconnect, device number 20 [ 524.215481][ T57] usb 6-1: Using ep0 maxpacket: 8 [ 524.220150][ T57] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 524.226973][ T57] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 524.231167][ T57] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 524.236828][ T57] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 524.241903][ T57] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 524.246113][ T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 524.254099][ T57] hub 6-1:1.0: bad descriptor, ignoring hub [ 524.257927][ T57] hub 6-1:1.0: probe with driver hub failed with error -5 [ 524.263156][ T57] cdc_wdm 6-1:1.0: skipping garbage [ 524.271228][ T57] cdc_wdm 6-1:1.0: skipping garbage [ 524.275477][ T57] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 524.278592][ T57] cdc_wdm 6-1:1.0: Unknown control protocol [ 524.863880][T11505] 9pnet_fd: p9_fd_create_tcp (11505): problem binding to privport [ 524.875291][ T39] audit: type=1326 audit(1724839999.838:691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11504 comm="syz.3.1472" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf746e579 code=0x0 [ 524.975177][ T1300] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 525.177445][ T1300] usb 5-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 525.181296][ T1300] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 525.186616][ T1300] usb 5-1: config 0 descriptor?? [ 525.730222][ T5389] usb 5-1: USB disconnect, device number 24 [ 525.758744][T11507] netlink: 'syz.2.1473': attribute type 9 has an invalid length. [ 525.762854][T11507] __nla_validate_parse: 1 callbacks suppressed [ 525.762866][T11507] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1473'. [ 526.458674][ T66] block nbd2: Receive control failed (result -104) [ 526.462716][T11509] block nbd2: shutting down sockets [ 526.705898][ T30] usb 6-1: USB disconnect, device number 22 [ 526.795027][T11524] xt_NFQUEUE: number of total queues is 0 [ 526.881515][T11525] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 526.968858][ T39] audit: type=1326 audit(1724840001.938:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11526 comm="syz.1.1478" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f72579 code=0x0 [ 527.363083][T11535] vivid-000: disconnect [ 527.822018][T11541] netlink: 'syz.3.1481': attribute type 9 has an invalid length. [ 527.831568][T11531] vivid-000: reconnect [ 527.845303][T11541] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1481'. [ 528.074744][T11547] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1483'. [ 528.293159][ C3] vkms_vblank_simulate: vblank timer overrun [ 528.347220][T11550] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1482'. [ 528.410278][ T66] block nbd3: Receive control failed (result -104) [ 528.429303][T11542] block nbd3: shutting down sockets [ 529.065866][T11565] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1495'. [ 529.218426][T11558] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1486'. [ 529.535205][ T8] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 529.749608][ T8] usb 7-1: Using ep0 maxpacket: 8 [ 529.753981][ T8] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 529.759399][ T8] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 529.764890][ T8] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 529.777593][ T8] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 529.783287][ T8] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 529.798224][ T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 529.808108][ T8] hub 7-1:1.0: bad descriptor, ignoring hub [ 529.810822][ T8] hub 7-1:1.0: probe with driver hub failed with error -5 [ 529.816190][ T8] cdc_wdm 7-1:1.0: skipping garbage [ 529.818709][ T8] cdc_wdm 7-1:1.0: skipping garbage [ 529.833687][ T8] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 529.841323][ T8] cdc_wdm 7-1:1.0: Unknown control protocol [ 530.132678][T11577] bridge0: port 2(bridge_slave_1) entered disabled state [ 530.136352][T11577] bridge0: port 1(bridge_slave_0) entered disabled state [ 530.235184][ T57] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 530.425202][ T57] usb 6-1: Using ep0 maxpacket: 32 [ 530.430053][ T57] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 530.437525][ T57] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 530.441100][ T57] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 530.444278][ T57] usb 6-1: Product: syz [ 530.446517][ T57] usb 6-1: Manufacturer: syz [ 530.448525][ T57] usb 6-1: SerialNumber: syz [ 530.452386][ T57] usb 6-1: config 0 descriptor?? [ 530.455506][T11580] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 530.625726][ T8] usb 7-1: USB disconnect, device number 22 [ 530.692225][ T5407] usb 6-1: USB disconnect, device number 23 [ 531.587016][T11589] netlink: 'syz.2.1493': attribute type 9 has an invalid length. [ 531.590092][T11589] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1493'. [ 532.107309][T11595] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1496'. [ 532.215164][ T66] block nbd2: Receive control failed (result -104) [ 532.224269][T11590] block nbd2: shutting down sockets [ 533.228875][T11609] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1500'. [ 533.602882][T11617] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1502'. [ 533.643882][T11617] Êü: entered promiscuous mode [ 533.761797][T11613] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 533.934704][T11619] trusted_key: syz.2.1503 sent an empty control message without MSG_MORE. [ 534.245377][ T30] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 534.435191][ T30] usb 6-1: Using ep0 maxpacket: 8 [ 534.450437][ T30] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 534.460730][ T30] usb 6-1: config 246 descriptor has 1 excess byte, ignoring [ 534.464190][ T30] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 534.479603][ T30] usb 6-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 534.489348][ T30] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 534.500889][ T30] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 534.526613][ T30] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 534.537135][ T30] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 534.540653][ T30] usb 6-1: config 246 descriptor has 1 excess byte, ignoring [ 534.543736][ T30] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 534.561367][ T30] usb 6-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 534.575211][ T30] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 534.581754][ T30] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 534.595308][ T30] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 534.601053][ T30] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 534.604917][ T30] usb 6-1: config 246 descriptor has 1 excess byte, ignoring [ 534.615150][ T30] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 534.619880][ T30] usb 6-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 534.632249][ T30] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 534.637597][ T30] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 534.657757][ T30] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 534.673403][ T30] usb 6-1: string descriptor 0 read error: -22 [ 534.678809][ T30] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 534.686727][ T30] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 534.704934][ T30] adutux 6-1:246.0: ADU100 now attached to /dev/usb/adutux0 [ 535.380812][T11642] netlink: 'syz.3.1507': attribute type 9 has an invalid length. [ 535.384382][T11642] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1507'. [ 535.989053][ T66] block nbd3: Receive control failed (result -104) [ 535.993151][T11638] block nbd3: shutting down sockets [ 536.182428][ T2785] usb 6-1: USB disconnect, device number 24 [ 536.723715][T11653] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1511'. [ 536.955771][ T10] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 537.791903][ T10] usb 7-1: unable to get BOS descriptor or descriptor too short [ 537.796804][ T10] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 537.811210][ T10] usb 7-1: can't read configurations, error -71 [ 538.405853][T11678] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1517'. [ 538.720879][T11681] netlink: 'syz.2.1518': attribute type 9 has an invalid length. [ 538.724354][T11681] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1518'. [ 539.367511][ T66] block nbd2: Receive control failed (result -104) [ 539.376452][T11682] block nbd2: shutting down sockets [ 539.617976][T11687] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1521'. [ 539.675627][T11687] 9pnet_fd: p9_fd_create_tcp (11687): problem binding to privport [ 539.698277][ T39] audit: type=1326 audit(1724840014.668:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11686 comm="syz.1.1521" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f72579 code=0x0 [ 539.773829][T11694] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1523'. [ 539.993560][T11695] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1522'. [ 540.188086][T11697] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.477415][T11701] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1524'. [ 540.481732][T11701] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 540.517291][ T8] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 540.695351][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 540.702589][ T8] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 540.707279][ T8] usb 5-1: config 246 descriptor has 1 excess byte, ignoring [ 540.710591][ T8] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 540.714261][ T8] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 540.724225][ T8] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 540.730070][T11705] netlink: 'syz.3.1525': attribute type 9 has an invalid length. [ 540.733408][T11705] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1525'. [ 540.746922][ T8] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 540.775309][ T8] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 540.787497][ T8] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 540.795187][ T57] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 540.815203][ T8] usb 5-1: config 246 descriptor has 1 excess byte, ignoring [ 540.818589][ T8] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 540.823058][ T8] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 540.901620][ T8] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 540.906796][ T8] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 540.911979][ T8] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 540.943343][ T8] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 540.949282][ T8] usb 5-1: config 246 descriptor has 1 excess byte, ignoring [ 540.953737][ T8] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 540.958602][ T8] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 540.964292][ T8] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 540.979036][ T8] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 540.983928][ T8] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 540.996944][ T8] usb 5-1: string descriptor 0 read error: -22 [ 540.997221][ T57] usb 7-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 540.999423][ T8] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 541.005147][ T57] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 541.007564][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 541.043928][ T8] adutux 5-1:246.0: ADU100 now attached to /dev/usb/adutux0 [ 541.046776][ T57] usb 7-1: config 0 descriptor?? [ 541.375611][ T66] block nbd3: Receive control failed (result -104) [ 541.382291][T11706] block nbd3: shutting down sockets [ 541.733702][ T1300] usb 7-1: USB disconnect, device number 25 [ 541.763072][T11715] netlink: 'syz.3.1528': attribute type 9 has an invalid length. [ 541.767633][T11715] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1528'. [ 542.375235][ T66] block nbd3: Receive control failed (result -104) [ 542.391099][T11712] block nbd3: shutting down sockets [ 542.505397][T11721] 9pnet_virtio: no channels available for device syz [ 542.552906][ T10] usb 5-1: USB disconnect, device number 25 [ 543.128598][T11728] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1533'. [ 543.215217][ T10] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 543.227256][T11728] 9pnet_fd: p9_fd_create_tcp (11728): problem binding to privport [ 543.241038][ T39] audit: type=1326 audit(1724840018.208:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11727 comm="syz.2.1533" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fb0579 code=0x0 [ 543.418589][T11731] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1534'. [ 543.428455][ T10] usb 6-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 543.432639][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 543.487118][ T10] usb 6-1: config 0 descriptor?? [ 544.166440][T11739] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1535'. [ 544.182115][T11736] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1535'. [ 544.227013][T11737] netlink: 'syz.2.1536': attribute type 9 has an invalid length. [ 544.231825][T11737] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1536'. [ 544.284139][ T10] usb 6-1: USB disconnect, device number 25 [ 544.880983][ T66] block nbd2: Receive control failed (result -104) [ 544.884592][T11740] block nbd2: shutting down sockets [ 544.965218][T11744] netlink: 'syz.0.1537': attribute type 9 has an invalid length. [ 544.969597][T11744] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1537'. [ 545.215356][ T10] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 545.435183][ T10] usb 6-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 545.439028][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 545.463924][ T10] usb 6-1: config 0 descriptor?? [ 545.593865][ T66] block nbd0: Receive control failed (result -104) [ 545.597897][T11747] block nbd0: shutting down sockets [ 545.845504][T11754] vivid-000: ================= START STATUS ================= [ 545.848811][T11754] vivid-000: Radio HW Seek Mode: Bounded [ 545.851092][T11754] vivid-000: Radio Programmable HW Seek: false [ 545.853551][T11754] vivid-000: RDS Rx I/O Mode: Block I/O [ 545.856150][T11754] vivid-000: Generate RBDS Instead of RDS: false [ 545.860419][T11754] vivid-000: RDS Reception: true [ 545.870739][T11754] vivid-000: RDS Program Type: 0 inactive [ 545.875032][T11754] vivid-000: RDS PS Name: inactive [ 545.880253][T11754] vivid-000: RDS Radio Text: inactive [ 545.882645][T11754] vivid-000: RDS Traffic Announcement: false inactive [ 545.904208][T11754] vivid-000: RDS Traffic Program: false inactive [ 545.908220][T11754] vivid-000: RDS Music: false inactive [ 545.917484][T11754] vivid-000: ================== END STATUS ================== [ 546.226492][ T57] usb 6-1: USB disconnect, device number 26 [ 547.101286][T11771] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1542'. [ 547.586383][T11775] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1543'. [ 547.742071][T11778] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1544'. [ 547.792910][T11778] 9pnet_fd: p9_fd_create_tcp (11778): problem binding to privport [ 547.813697][ T39] audit: type=1326 audit(1724840022.778:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11777 comm="syz.1.1544" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f72579 code=0x0 [ 548.615169][ T56] usb 8-1: new high-speed USB device number 21 using dummy_hcd [ 548.836168][ T56] usb 8-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 548.839766][ T56] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 548.847673][ T56] usb 8-1: config 0 descriptor?? [ 548.890808][T11789] netlink: 'syz.1.1549': attribute type 9 has an invalid length. [ 548.893758][T11789] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.1549'. [ 548.899251][T11787] bridge0: port 2(bridge_slave_1) entered disabled state [ 548.903590][T11787] bridge0: port 1(bridge_slave_0) entered disabled state [ 549.368936][ T5348] usb 8-1: USB disconnect, device number 21 [ 549.462053][ T66] block nbd1: Receive control failed (result -104) [ 549.476061][T11790] block nbd1: shutting down sockets [ 549.707371][T11794] netlink: 'syz.1.1550': attribute type 9 has an invalid length. [ 549.713788][T11794] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.1550'. [ 550.295178][ T5348] usb 8-1: new high-speed USB device number 22 using dummy_hcd [ 550.386567][T11795] block nbd1: shutting down sockets [ 550.485528][T11804] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1553'. [ 550.507137][ T5348] usb 8-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 550.511507][ T5348] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 550.534042][ T5348] usb 8-1: config 0 descriptor?? [ 550.868931][T11808] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1554'. [ 551.155713][ T1300] usb 8-1: USB disconnect, device number 22 [ 551.537594][T11821] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1557'. [ 551.588730][T11821] 9pnet_fd: p9_fd_create_tcp (11821): problem binding to privport [ 551.617379][ T39] audit: type=1326 audit(1724840026.568:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11819 comm="syz.1.1557" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f72579 code=0x0 [ 551.703207][T11820] vivid-000: ================= START STATUS ================= [ 551.713187][T11820] vivid-000: Radio HW Seek Mode: Bounded [ 551.718410][T11820] vivid-000: Radio Programmable HW Seek: false [ 551.721596][T11820] vivid-000: RDS Rx I/O Mode: Block I/O [ 551.735451][T11820] vivid-000: Generate RBDS Instead of RDS: false [ 551.738344][T11820] vivid-000: RDS Reception: true [ 551.740685][T11820] vivid-000: RDS Program Type: 0 inactive [ 551.748832][T11820] vivid-000: RDS PS Name: inactive [ 551.751538][T11820] vivid-000: RDS Radio Text: inactive [ 551.751565][T11820] vivid-000: RDS Traffic Announcement: false inactive [ 551.751661][T11820] vivid-000: RDS Traffic Program: false inactive [ 551.751685][T11820] vivid-000: RDS Music: false inactive [ 551.751709][T11820] vivid-000: ================== END STATUS ================== [ 552.040170][ T39] audit: type=1326 audit(1724840026.998:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11828 comm="syz.0.1559" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x0 [ 552.655228][ T1300] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 552.837268][ T1300] usb 6-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 552.843824][ T1300] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 552.862137][ T1300] usb 6-1: config 0 descriptor?? [ 553.209563][T11839] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1562'. [ 553.378084][ T5348] usb 6-1: USB disconnect, device number 27 [ 554.403754][T11860] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1567'. [ 555.741833][T11869] 9pnet_virtio: no channels available for device syz [ 557.435966][T11889] netlink: 'syz.0.1582': attribute type 9 has an invalid length. [ 557.439244][T11889] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1582'. [ 558.054468][ T66] block nbd0: Receive control failed (result -104) [ 558.058626][T11885] block nbd0: shutting down sockets [ 558.108017][T11894] vivid-000: ================= START STATUS ================= [ 558.111126][T11894] vivid-000: Radio HW Seek Mode: Bounded [ 558.113509][T11894] vivid-000: Radio Programmable HW Seek: false [ 558.117742][T11894] vivid-000: RDS Rx I/O Mode: Block I/O [ 558.123924][T11894] vivid-000: Generate RBDS Instead of RDS: false [ 558.127978][T11894] vivid-000: RDS Reception: true [ 558.130290][T11894] vivid-000: RDS Program Type: 0 inactive [ 558.132833][T11894] vivid-000: RDS PS Name: inactive [ 558.135666][T11894] vivid-000: RDS Radio Text: inactive [ 558.138732][T11894] vivid-000: RDS Traffic Announcement: false inactive [ 558.146803][T11894] vivid-000: RDS Traffic Program: false inactive [ 558.150086][T11894] vivid-000: RDS Music: false inactive [ 558.152420][T11894] vivid-000: ================== END STATUS ================== [ 558.468477][T11901] fuse: Unknown parameter '0x0000000000000011' [ 558.469625][T11904] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 558.477264][T11904] overlayfs: failed to set xattr on upper [ 558.480148][T11904] overlayfs: ...falling back to redirect_dir=nofollow. [ 558.483580][T11904] overlayfs: ...falling back to index=off. [ 558.487172][T11904] overlayfs: ...falling back to uuid=null. [ 560.369603][T11924] vivid-002: ================= START STATUS ================= [ 560.375855][T11924] vivid-002: Radio HW Seek Mode: Bounded [ 560.385175][T11924] vivid-002: Radio Programmable HW Seek: false [ 560.388128][T11924] vivid-002: RDS Rx I/O Mode: Block I/O [ 560.392109][T11924] vivid-002: Generate RBDS Instead of RDS: false [ 560.405296][T11924] vivid-002: RDS Reception: true [ 560.409560][T11924] vivid-002: RDS Program Type: 0 inactive [ 560.413211][T11924] vivid-002: RDS PS Name: inactive [ 560.416986][T11924] vivid-002: RDS Radio Text: inactive [ 560.426904][T11924] vivid-002: RDS Traffic Announcement: false inactive [ 560.457114][T11924] vivid-002: RDS Traffic Program: false inactive [ 560.474719][T11924] vivid-002: RDS Music: false inactive [ 560.492928][T11924] vivid-002: ================== END STATUS ================== [ 562.263815][T11949] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1587'. [ 562.383341][T11950] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1586'. [ 563.192358][ T57] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 563.400589][ T57] usb 6-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 563.404499][ T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 563.410238][ T57] usb 6-1: config 0 descriptor?? [ 563.460541][T11968] 9pnet_virtio: no channels available for device syz [ 564.003642][ T57] usb 6-1: USB disconnect, device number 28 [ 564.663809][T11978] sp0: Synchronizing with TNC [ 565.243781][T11983] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1597'. [ 566.740711][T12001] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1601'. [ 567.107098][T12004] netlink: 'syz.0.1603': attribute type 9 has an invalid length. [ 567.110514][T12004] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1603'. [ 567.308739][T12013] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1602'. [ 567.325251][T12012] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1602'. [ 567.584806][T12016] netlink: 'syz.1.1605': attribute type 5 has an invalid length. [ 567.749553][ T66] block nbd0: Receive control failed (result -104) [ 567.754447][T12011] block nbd0: shutting down sockets [ 568.252214][ T1377] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.256000][ T1377] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.718587][T12036] netlink: 'syz.1.1608': attribute type 9 has an invalid length. [ 568.722214][T12036] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.1608'. [ 569.152841][T12039] input: syz1 as /devices/virtual/input/input16 [ 569.324958][ T66] block nbd1: Receive control failed (result -104) [ 569.330606][T12035] block nbd1: shutting down sockets [ 569.646564][T12042] 9pnet_virtio: no channels available for device syz [ 571.026200][T12053] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1613'. [ 571.278814][T12062] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1615'. [ 571.301448][T12059] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1615'. [ 572.003621][T12069] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1617'. [ 572.272051][T12070] bridge0: port 2(bridge_slave_1) entered disabled state [ 572.275225][T12070] bridge0: port 1(bridge_slave_0) entered disabled state [ 572.619476][T12074] ubi0: attaching mtd0 [ 572.624020][T12074] ubi0: scanning is finished [ 572.649105][T12074] ubi0: empty MTD device detected [ 572.822662][T12074] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 572.832659][T12074] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 572.847510][T12074] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 572.850628][T12074] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 572.853744][T12074] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 572.860592][T12074] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 572.864102][T12074] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1159383739 [ 572.874330][T12074] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 572.884005][T12078] ubi0: background thread "ubi_bgt0d" started, PID 12078 [ 573.348838][T12082] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1621'. [ 573.646681][ T57] usb 8-1: new high-speed USB device number 23 using dummy_hcd [ 573.851127][ T57] usb 8-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 573.855448][ T57] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 573.865837][ T57] usb 8-1: config 0 descriptor?? [ 574.024196][T12097] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1627'. [ 574.547536][ T8] usb 8-1: USB disconnect, device number 23 [ 574.916376][T12108] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1636'. [ 575.425158][T12116] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1629'. [ 576.101781][T12127] bridge0: port 3(vlan2) entered blocking state [ 576.106024][T12127] bridge0: port 3(vlan2) entered disabled state [ 576.109953][T12127] vlan2: entered allmulticast mode [ 576.114868][T12127] vlan2: left allmulticast mode [ 576.118820][T12128] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 576.121948][T12128] overlayfs: failed to set xattr on upper [ 576.125355][T12128] overlayfs: ...falling back to redirect_dir=nofollow. [ 576.128865][T12128] overlayfs: ...falling back to index=off. [ 576.137159][T12128] overlayfs: ...falling back to uuid=null. [ 576.925041][T12138] netlink: 'syz.2.1635': attribute type 9 has an invalid length. [ 576.935532][T12138] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1635'. [ 577.249186][T12148] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1638'. [ 577.627350][ T66] block nbd2: Receive control failed (result -104) [ 577.634892][T12141] block nbd2: shutting down sockets [ 577.924659][T12158] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1641'. [ 577.933400][ T35] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 578.126661][ T35] usb 6-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 578.129850][ T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 578.136774][ T35] usb 6-1: config 0 descriptor?? [ 578.278485][T12163] sp0: Synchronizing with TNC [ 578.756873][ T1300] usb 6-1: USB disconnect, device number 29 [ 579.424145][T12180] 9pnet_fd: Insufficient options for proto=fd [ 579.458044][T12180] xt_CT: You must specify a L4 protocol and not use inversions on it [ 579.601669][T12189] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 579.604570][T12189] overlayfs: failed to set xattr on upper [ 579.608159][T12189] overlayfs: ...falling back to redirect_dir=nofollow. [ 579.613738][T12189] overlayfs: ...falling back to index=off. [ 579.616630][T12189] overlayfs: ...falling back to uuid=null. [ 579.648548][T12187] netlink: 'syz.3.1647': attribute type 9 has an invalid length. [ 579.651895][T12187] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1647'. [ 580.356200][ T66] block nbd3: Receive control failed (result -104) [ 580.359991][T12188] block nbd3: shutting down sockets [ 580.753912][T12196] input: syz1 as /devices/virtual/input/input17 [ 581.461012][T12210] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1652'. [ 582.569413][T12214] sp0: Synchronizing with TNC [ 582.875200][ T2785] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 583.077038][ T2785] usb 7-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 583.083099][ T2785] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 583.111268][ T2785] usb 7-1: config 0 descriptor?? [ 583.670411][ T2785] usb 7-1: USB disconnect, device number 26 [ 583.986535][T12243] netlink: 'syz.0.1658': attribute type 9 has an invalid length. [ 583.990039][T12243] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1658'. [ 584.125010][T12240] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1659'. [ 584.613077][ T66] block nbd0: Receive control failed (result -104) [ 584.619485][T12234] block nbd0: shutting down sockets [ 585.141926][T12261] input: syz1 as /devices/virtual/input/input18 [ 585.267666][T12262] random: crng reseeded on system resumption [ 587.979810][T12281] sp0: Synchronizing with TNC [ 588.856638][T12294] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1672'. [ 589.517094][T12299] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1673'. [ 589.808586][ T39] audit: type=1326 audit(1724840064.768:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12317 comm="syz.3.1678" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf746e579 code=0x0 [ 591.085654][T12343] vivid-000: ================= START STATUS ================= [ 591.089603][T12343] vivid-000: Radio HW Seek Mode: Bounded [ 591.092633][T12343] vivid-000: Radio Programmable HW Seek: false [ 591.105159][T12343] vivid-000: RDS Rx I/O Mode: Block I/O [ 591.132694][T12343] vivid-000: Generate RBDS Instead of RDS: false [ 591.156094][T12343] vivid-000: RDS Reception: true [ 591.158252][T12343] vivid-000: RDS Program Type: 0 inactive [ 591.160692][T12343] vivid-000: RDS PS Name: inactive [ 591.162935][T12343] vivid-000: RDS Radio Text: inactive [ 591.165336][T12343] vivid-000: RDS Traffic Announcement: false inactive [ 591.182739][T12343] vivid-000: RDS Traffic Program: false inactive [ 591.182774][T12343] vivid-000: RDS Music: false inactive [ 591.182801][T12343] vivid-000: ================== END STATUS ================== [ 591.648402][T12352] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1686'. [ 591.684596][ T1300] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 591.920404][ T1300] usb 5-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 591.925190][ T1300] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 591.930812][ T1300] usb 5-1: config 0 descriptor?? [ 592.474249][ T10] usb 5-1: USB disconnect, device number 26 [ 592.618704][T12363] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1688'. [ 592.716655][T12361] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1695'. [ 593.191201][T12369] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1689'. [ 593.336599][T12377] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1690'. [ 593.342152][T12375] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1690'. [ 594.832844][T12399] sp0: Synchronizing with TNC [ 595.325700][T12403] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1699'. [ 596.341810][T12414] vivid-001: ================= START STATUS ================= [ 596.350547][T12414] vivid-001: Radio HW Seek Mode: Bounded [ 596.353080][T12414] vivid-001: Radio Programmable HW Seek: false [ 596.364784][T12414] vivid-001: RDS Rx I/O Mode: Block I/O [ 596.379939][T12414] vivid-001: Generate RBDS Instead of RDS: false [ 596.383471][T12414] vivid-001: RDS Reception: true [ 596.385912][T12414] vivid-001: RDS Program Type: 0 inactive [ 596.391218][T12414] vivid-001: RDS PS Name: inactive [ 596.402716][T12414] vivid-001: RDS Radio Text: inactive [ 596.416264][T12414] vivid-001: RDS Traffic Announcement: false inactive [ 596.419963][T12414] vivid-001: RDS Traffic Program: false inactive [ 596.426963][T12414] vivid-001: RDS Music: false inactive [ 596.435465][T12414] vivid-001: ================== END STATUS ================== [ 596.436371][T12416] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1702'. [ 599.335277][ T5407] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 599.394347][T12453] bridge0: port 2(bridge_slave_1) entered disabled state [ 599.398381][T12453] bridge0: port 1(bridge_slave_0) entered disabled state [ 599.515270][ T5407] usb 5-1: Using ep0 maxpacket: 8 [ 599.535738][ T5407] usb 5-1: unable to get BOS descriptor or descriptor too short [ 599.545065][ T5407] usb 5-1: string descriptor 0 read error: -22 [ 599.547477][ T5407] usb 5-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d [ 599.551371][ T5407] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 599.559003][ T5407] usb 5-1: config 0 descriptor?? [ 599.721220][T12460] netlink: 'syz.2.1713': attribute type 9 has an invalid length. [ 599.724530][T12460] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1713'. [ 599.813732][T12456] netlink: 'syz.0.1712': attribute type 10 has an invalid length. [ 599.993819][ T5407] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware [ 600.080045][ T5407] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 600.093741][ T5407] dib0700: firmware download failed at 7 with -22 [ 600.109464][ T5407] usb 5-1: USB disconnect, device number 27 [ 600.253713][ T66] block nbd2: Receive control failed (result -104) [ 600.258311][T12459] block nbd2: shutting down sockets [ 600.502472][T12467] usb 1-1: USB disconnect, device number 2 [ 600.913068][T12473] netlink: 'syz.0.1716': attribute type 9 has an invalid length. [ 600.916873][T12473] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1716'. [ 600.982353][T12483] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1719'. [ 600.995278][T12480] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1719'. [ 601.012459][ T8] usb 8-1: new high-speed USB device number 24 using dummy_hcd [ 601.191845][T12484] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1720'. [ 601.198084][ T8] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 601.202767][ T8] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 601.213471][ T8] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 601.217779][ T8] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 601.225140][ T8] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 601.248328][ T8] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 601.354629][ T8] snd-usb-audio 8-1:27.0: probe with driver snd-usb-audio failed with error -12 [ 601.465930][ T66] block nbd0: Receive control failed (result -104) [ 601.469824][T12479] block nbd0: shutting down sockets [ 601.934512][T12500] netlink: 'syz.2.1723': attribute type 9 has an invalid length. [ 601.937954][T12500] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1723'. [ 602.550194][ T66] block nbd2: Receive control failed (result -104) [ 602.553027][T12498] block nbd2: shutting down sockets [ 603.719323][ T39] audit: type=1326 audit(1724840078.688:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12472 comm="syz.3.1717" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf746e579 code=0x7fc00000 [ 603.775927][ T5406] usb 8-1: USB disconnect, device number 24 [ 604.146053][T12517] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1728'. [ 604.315232][ T5406] usb 8-1: new high-speed USB device number 25 using dummy_hcd [ 604.539519][ T5406] usb 8-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 604.558320][ T5406] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 604.573060][ T5406] usb 8-1: Product: syz [ 604.581189][ T5406] usb 8-1: Manufacturer: syz [ 604.597427][ T5406] usb 8-1: SerialNumber: syz [ 604.610399][ T5406] usb 8-1: config 0 descriptor?? [ 604.841693][ T5406] usb 8-1: USB disconnect, device number 25 [ 605.230946][T12528] netlink: 'syz.1.1730': attribute type 9 has an invalid length. [ 605.234604][T12528] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.1730'. [ 605.837492][ T66] block nbd1: Receive control failed (result -104) [ 605.846039][T12526] block nbd1: shutting down sockets [ 606.333683][T12538] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1732'. [ 607.057952][T12547] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 607.061708][T12547] overlayfs: failed to set xattr on upper [ 607.064667][T12547] overlayfs: ...falling back to redirect_dir=nofollow. [ 607.071912][T12547] overlayfs: ...falling back to index=off. [ 607.074618][T12547] overlayfs: ...falling back to uuid=null. [ 607.125541][ T11] Bluetooth: hci4: Frame reassembly failed (-84) [ 608.225446][T12557] sp0: Synchronizing with TNC [ 609.126984][ T5347] Bluetooth: hci4: command 0x1003 tx timeout [ 609.131455][ T66] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 609.243969][T12576] veth1_macvtap: entered allmulticast mode [ 609.586319][T12580] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1739'. [ 610.303104][T12584] netlink: 'syz.1.1741': attribute type 9 has an invalid length. [ 610.307290][T12584] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.1741'. [ 610.607399][T12589] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1743'. [ 610.835211][ T57] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 610.883952][ T66] block nbd1: Receive control failed (result -104) [ 610.887859][T12585] block nbd1: shutting down sockets [ 610.953377][T12595] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 610.965469][T12595] overlayfs: failed to set xattr on upper [ 610.968115][T12595] overlayfs: ...falling back to redirect_dir=nofollow. [ 610.971122][T12595] overlayfs: ...falling back to index=off. [ 610.973654][T12595] overlayfs: ...falling back to uuid=null. [ 611.018045][ T57] usb 5-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 611.022410][ T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 611.034469][ T57] usb 5-1: config 0 descriptor?? [ 611.544997][ T5406] usb 5-1: USB disconnect, device number 28 [ 612.208848][T12606] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1748'. [ 612.364557][T12612] sp0: Synchronizing with TNC [ 613.621239][T12630] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1753'. [ 614.036408][T12637] netlink: 'syz.0.1754': attribute type 9 has an invalid length. [ 614.039709][T12637] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1754'. [ 614.589603][ T66] block nbd0: Receive control failed (result -104) [ 614.601088][T12638] block nbd0: shutting down sockets [ 615.185290][ T57] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 615.377147][ T57] usb 5-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 615.380666][ T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 615.386079][ T57] usb 5-1: config 0 descriptor?? [ 615.699484][T12652] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1759'. [ 615.996857][ T5405] usb 5-1: USB disconnect, device number 29 [ 616.876648][T12668] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1763'. [ 617.668521][T12676] netlink: 'syz.2.1765': attribute type 9 has an invalid length. [ 617.672203][T12676] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1765'. [ 618.346995][ T66] block nbd2: Receive control failed (result -104) [ 618.350913][T12679] block nbd2: shutting down sockets [ 619.096004][ T5347] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 619.127374][ T5347] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 619.136229][ T5347] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 619.146951][ T5347] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 619.152758][ T5347] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 619.157468][ T5347] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 619.198796][ T66] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 619.204643][ T66] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 619.208867][ T66] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 619.213849][ T66] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 619.218464][ T66] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 619.222886][ T66] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 619.488399][T12697] chnl_net:caif_netlink_parms(): no params data found [ 619.675182][T12697] bridge0: port 1(bridge_slave_0) entered blocking state [ 619.678347][T12697] bridge0: port 1(bridge_slave_0) entered disabled state [ 619.681443][T12697] bridge_slave_0: entered allmulticast mode [ 619.685161][T12697] bridge_slave_0: entered promiscuous mode [ 619.690966][T12697] bridge0: port 2(bridge_slave_1) entered blocking state [ 619.694542][T12697] bridge0: port 2(bridge_slave_1) entered disabled state [ 619.700135][T12697] bridge_slave_1: entered allmulticast mode [ 619.703364][T12697] bridge_slave_1: entered promiscuous mode [ 619.811905][T12697] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 619.834036][T12697] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 619.934492][T12697] team0: Port device team_slave_0 added [ 619.942434][T12697] team0: Port device team_slave_1 added [ 620.060403][T12697] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 620.062865][T12697] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 620.091737][T12697] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 620.107481][T12715] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1774'. [ 620.164889][T12697] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 620.168358][T12697] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 620.182163][T12697] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 620.336595][T12697] hsr_slave_0: entered promiscuous mode [ 620.356768][T12697] hsr_slave_1: entered promiscuous mode [ 620.370073][T12697] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 620.373473][T12697] Cannot create hsr debugfs directory [ 620.761644][T12697] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.932302][T12697] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 621.058525][T12697] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 621.217725][T12697] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 621.285391][ T66] Bluetooth: hci4: command tx timeout [ 621.436866][T12724] netlink: 'syz.2.1776': attribute type 10 has an invalid length. [ 621.440841][T12724] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1776'. [ 621.444797][T12724] bond0: entered promiscuous mode [ 621.455480][T12724] bond_slave_0: entered promiscuous mode [ 621.462523][T12724] bond_slave_1: entered promiscuous mode [ 621.469001][T12724] bridge0: port 3(bond0) entered blocking state [ 621.472301][T12724] bridge0: port 3(bond0) entered disabled state [ 621.478470][T12724] bond0: entered allmulticast mode [ 621.481486][T12724] bond_slave_0: entered allmulticast mode [ 621.484275][T12724] bond_slave_1: entered allmulticast mode [ 621.566817][T12730] overlayfs: overlapping lowerdir path [ 621.631824][T12697] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 621.673144][T12697] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 621.679924][T12697] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 621.689143][T12729] netlink: 'syz.1.1777': attribute type 3 has an invalid length. [ 621.692804][T12729] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1777'. [ 621.697266][T12697] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 621.798913][T12697] 8021q: adding VLAN 0 to HW filter on device bond0 [ 621.823703][T12697] 8021q: adding VLAN 0 to HW filter on device team0 [ 621.834616][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 621.838769][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 621.851850][ T1161] bridge0: port 2(bridge_slave_1) entered blocking state [ 621.856687][ T1161] bridge0: port 2(bridge_slave_1) entered forwarding state [ 621.929687][ T5405] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 622.149818][ T5405] usb 5-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 622.153728][ T5405] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 622.169724][ T5405] usb 5-1: config 0 descriptor?? [ 622.271314][T12697] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 622.558186][T12697] veth0_vlan: entered promiscuous mode [ 622.577125][T12697] veth1_vlan: entered promiscuous mode [ 622.644578][T12697] veth0_macvtap: entered promiscuous mode [ 622.695816][T12697] veth1_macvtap: entered promiscuous mode [ 622.739958][T12697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 622.745806][T12697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 622.750196][T12697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 622.756882][T12697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 622.761257][T12697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 622.767233][T12697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 622.771681][T12697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 622.777115][T12697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 622.783190][T12697] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 622.788296][ T1300] usb 5-1: USB disconnect, device number 30 [ 622.791929][T12697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 622.796397][T12697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 622.800294][T12697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 622.807240][T12697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 622.812242][T12697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 622.817893][T12697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 622.822309][T12697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 622.829166][T12697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 622.836676][T12697] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 622.844784][T12697] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 622.848808][T12697] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 622.854563][T12697] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 622.859843][T12697] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 622.994518][ T1102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 623.015445][ T1102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 623.062857][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 623.066421][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 623.116440][T12748] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1781'. [ 623.334440][T12752] 9pnet_virtio: no channels available for device syz [ 623.373816][ T66] Bluetooth: hci4: command tx timeout [ 623.732160][T12757] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1782'. [ 624.674030][T12773] netlink: 'syz.3.1786': attribute type 9 has an invalid length. [ 624.680679][T12773] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1786'. [ 625.228542][T12774] block nbd3: shutting down sockets [ 625.296180][T12778] netlink: 'syz.2.1787': attribute type 9 has an invalid length. [ 625.315310][T12778] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1787'. [ 625.455294][ T66] Bluetooth: hci4: command tx timeout [ 625.669237][T12782] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1789'. [ 625.837303][ T5347] block nbd2: Receive control failed (result -104) [ 625.838201][T12777] block nbd2: shutting down sockets [ 625.885268][T12734] usb 8-1: new high-speed USB device number 26 using dummy_hcd [ 625.965425][ T5407] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 626.087399][T12734] usb 8-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 626.091691][T12734] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 626.098386][T12734] usb 8-1: config 0 descriptor?? [ 626.125623][T12788] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1791'. [ 626.157823][ T5407] usb 5-1: config index 0 descriptor too short (expected 9533, got 36) [ 626.161542][ T5407] usb 5-1: config 161 has too many interfaces: 81, using maximum allowed: 32 [ 626.170612][ T5407] usb 5-1: config 161 has an invalid interface descriptor of length 7, skipping [ 626.174679][ T5407] usb 5-1: config 161 has an invalid descriptor of length 0, skipping remainder of the config [ 626.189764][ T5407] usb 5-1: config 161 has 0 interfaces, different from the descriptor's value: 81 [ 626.194337][ T5407] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00 [ 626.198619][ T5407] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 626.429198][ T5348] usb 5-1: USB disconnect, device number 31 [ 626.632604][ T5406] usb 8-1: USB disconnect, device number 26 [ 627.243794][T12799] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1794'. [ 627.291015][T12799] 9pnet_fd: p9_fd_create_tcp (12799): problem binding to privport [ 627.313687][ T39] audit: type=1326 audit(1724840102.278:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12798 comm="syz.0.1794" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x0 [ 627.335636][T12797] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1793'. [ 627.535713][ T5347] Bluetooth: hci4: command tx timeout [ 627.986843][T12817] netlink: 'syz.3.1799': attribute type 9 has an invalid length. [ 627.995643][T12817] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1799'. [ 628.470463][ T13] Bluetooth: hci5: Frame reassembly failed (-84) [ 628.473904][ T13] Bluetooth: hci5: Frame reassembly failed (-84) [ 628.612242][ T5347] block nbd3: Receive control failed (result -104) [ 628.613737][T12818] block nbd3: shutting down sockets [ 629.016037][ C2] vkms_vblank_simulate: vblank timer overrun [ 629.094992][T12832] overlayfs: overlapping lowerdir path [ 629.216425][T12833] netlink: 'syz.0.1803': attribute type 9 has an invalid length. [ 629.220175][T12833] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1803'. [ 629.698367][ T1377] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.701108][ T1377] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.825889][ T5347] block nbd0: Receive control failed (result -104) [ 629.830267][T12834] block nbd0: shutting down sockets [ 630.349375][T12837] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1804'. [ 630.516399][ T5347] Bluetooth: hci5: command 0x1003 tx timeout [ 630.588035][ C2] vkms_vblank_simulate: vblank timer overrun [ 630.649911][ T66] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 631.206413][T12840] openvswitch: netlink: Missing key (keys=44, expected=2000) [ 631.702002][T12846] 9pnet_fd: Insufficient options for proto=fd [ 631.720084][ T66] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 631.724443][ T66] Bluetooth: hci4: Injecting HCI hardware error event [ 631.728929][ T66] Bluetooth: hci4: hardware error 0x00 [ 632.223608][T12853] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1809'. [ 632.272084][T12853] 9pnet_fd: p9_fd_create_tcp (12853): problem binding to privport [ 632.287818][ T39] audit: type=1326 audit(1724840107.258:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12852 comm="syz.2.1809" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fb0579 code=0x0 [ 632.431274][T12854] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1808'. [ 632.966526][T12858] netlink: 'syz.0.1810': attribute type 9 has an invalid length. [ 632.969949][T12858] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1810'. [ 633.155245][ T5348] usb 8-1: new high-speed USB device number 27 using dummy_hcd [ 633.378351][T12864] netlink: 'syz.2.1812': attribute type 9 has an invalid length. [ 633.381884][T12864] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1812'. [ 633.404310][ T5348] usb 8-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 633.407733][ T5348] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 633.418892][ T5348] usb 8-1: config 0 descriptor?? [ 633.550395][ T5347] block nbd0: Receive control failed (result -104) [ 633.551947][T12861] block nbd0: shutting down sockets [ 633.777298][ T66] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 633.924544][T12871] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1813'. [ 633.946926][ T5358] block nbd2: Receive control failed (result -104) [ 633.951133][T12865] block nbd2: shutting down sockets [ 634.048110][ T5348] usb 8-1: USB disconnect, device number 27 [ 634.095003][ T66] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 634.100836][ T66] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 634.106132][ T66] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 634.110493][ T66] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 634.114265][ T66] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 634.118030][ T66] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 634.443430][T12872] chnl_net:caif_netlink_parms(): no params data found [ 634.555271][ T1300] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 634.641070][T12872] bridge0: port 1(bridge_slave_0) entered blocking state [ 634.643818][T12872] bridge0: port 1(bridge_slave_0) entered disabled state [ 634.647820][T12872] bridge_slave_0: entered allmulticast mode [ 634.652665][T12872] bridge_slave_0: entered promiscuous mode [ 634.729335][T12872] bridge0: port 2(bridge_slave_1) entered blocking state [ 634.735826][T12872] bridge0: port 2(bridge_slave_1) entered disabled state [ 634.755485][T12872] bridge_slave_1: entered allmulticast mode [ 634.772199][ T1300] usb 7-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 634.777247][ T1300] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.785995][T12872] bridge_slave_1: entered promiscuous mode [ 634.816236][ T1300] usb 7-1: config 0 descriptor?? [ 635.095167][T12872] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 635.118644][T12872] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 635.430379][T12872] team0: Port device team_slave_0 added [ 635.437629][T12872] team0: Port device team_slave_1 added [ 635.616550][T12872] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 635.620178][T12872] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 635.638474][T12872] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 635.664244][T12872] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 635.667852][T12872] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 635.680691][T12872] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 635.736340][ T2785] usb 7-1: USB disconnect, device number 27 [ 635.831453][T12872] hsr_slave_0: entered promiscuous mode [ 635.837690][T12872] hsr_slave_1: entered promiscuous mode [ 635.853417][T12872] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 635.881029][T12872] Cannot create hsr debugfs directory [ 636.176220][ T5358] Bluetooth: hci5: command tx timeout [ 636.198798][T12872] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 636.422727][T12872] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 636.484227][T12897] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1819'. [ 636.753614][T12872] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 636.872012][T12872] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 637.145355][T12872] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 637.172862][T12872] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 637.209555][T12872] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 637.238777][T12872] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 637.376233][T12872] 8021q: adding VLAN 0 to HW filter on device bond0 [ 637.424435][T12872] 8021q: adding VLAN 0 to HW filter on device team0 [ 637.458434][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 637.461567][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 637.478324][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 637.481701][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 637.556152][T12904] netlink: 'syz.3.1821': attribute type 9 has an invalid length. [ 637.569823][T12904] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1821'. [ 637.903820][T12907] netlink: 'syz.2.1822': attribute type 9 has an invalid length. [ 637.909941][T12907] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1822'. [ 637.989181][ T5358] block nbd3: Receive control failed (result -104) [ 638.009869][T12908] block nbd3: shutting down sockets [ 638.064241][T12872] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 638.207248][ T66] block nbd2: Receive control failed (result -104) [ 638.216005][T12911] block nbd2: shutting down sockets [ 638.255198][ T66] Bluetooth: hci5: command tx timeout [ 638.271029][T12872] veth0_vlan: entered promiscuous mode [ 638.327384][T12872] veth1_vlan: entered promiscuous mode [ 638.373986][T12872] veth0_macvtap: entered promiscuous mode [ 638.393617][T12872] veth1_macvtap: entered promiscuous mode [ 638.424179][T12872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 638.435216][T12872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.439421][T12872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 638.443959][T12872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.449994][T12872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 638.454437][T12872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.459176][T12872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 638.463645][T12872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.468437][T12872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 638.473250][T12872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.480682][T12872] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 638.496997][T12872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 638.502282][T12872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.507710][T12872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 638.512815][T12872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.517409][T12872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 638.521811][T12872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.526571][T12872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 638.531099][T12872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.535962][T12872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 638.540357][T12872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.549190][T12872] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 638.560905][T12872] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.564633][T12872] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.569545][T12872] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.573412][T12872] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.716579][ T5407] usb 8-1: new high-speed USB device number 28 using dummy_hcd [ 638.902682][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 638.906426][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 638.917327][ T5407] usb 8-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 638.920293][ T5407] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 638.924830][ T5407] usb 8-1: config 0 descriptor?? [ 638.981301][T12926] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1825'. [ 639.109838][T12925] netlink: 'syz.0.1826': attribute type 10 has an invalid length. [ 639.199277][ T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 639.203897][ T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 639.525435][ T5348] usb 8-1: USB disconnect, device number 28 [ 639.722893][T12931] input: syz0 as /devices/virtual/input/input19 [ 639.775224][ T35] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 639.964411][ T35] usb 7-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 639.968958][ T35] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 639.989224][ T35] usb 7-1: config 0 descriptor?? [ 640.335208][ T66] Bluetooth: hci5: command tx timeout [ 640.473445][T12941] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1828'. [ 640.812523][ T5407] usb 7-1: USB disconnect, device number 28 [ 641.956324][T12960] netlink: 'syz.2.1831': attribute type 9 has an invalid length. [ 641.967541][T12960] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1831'. [ 642.340941][ T66] block nbd2: Receive control failed (result -104) [ 642.351386][T12961] block nbd2: shutting down sockets [ 642.415350][ T66] Bluetooth: hci5: command tx timeout [ 642.920009][T12972] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1835'. [ 643.251639][T12975] syzkaller0: entered promiscuous mode [ 643.254278][T12975] syzkaller0: entered allmulticast mode [ 643.516678][T12977] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1836'. [ 643.588718][T12981] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1838'. [ 645.585864][T13006] netlink: 'syz.0.1843': attribute type 9 has an invalid length. [ 645.589818][T13006] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1843'. [ 645.956593][ T66] block nbd0: Receive control failed (result -104) [ 645.960608][T13007] block nbd0: shutting down sockets [ 648.564122][T13029] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1846'. [ 648.589930][T13032] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1848'. [ 648.647054][T13030] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1847'. [ 650.341442][T13054] netlink: 'syz.3.1852': attribute type 9 has an invalid length. [ 650.346028][T13054] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1852'. [ 650.785009][ T66] block nbd3: Receive control failed (result -104) [ 650.805004][T13058] block nbd3: shutting down sockets [ 651.041390][T13068] can0: slcan on ttyprintk. [ 651.275552][T13070] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1858'. [ 651.712463][T13085] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1859'. [ 652.585238][T13067] can0 (unregistered): slcan off ttyprintk. [ 652.915411][T13107] kernel profiling enabled (shift: 9) [ 652.942770][T13107] overlayfs: failed to resolve './file0/file0': -13 [ 653.270292][T13106] netlink: 'syz.2.1862': attribute type 3 has an invalid length. [ 653.273710][T13106] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1862'. [ 653.497248][T13119] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 653.505162][T13119] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 653.513153][T13119] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 654.032105][T13125] netlink: 'syz.3.1868': attribute type 13 has an invalid length. [ 654.036530][T13125] macvtap0: entered allmulticast mode [ 654.038794][T13125] veth0_macvtap: entered allmulticast mode [ 654.056721][T13125] macvtap0: refused to change device tx_queue_len [ 654.505368][ T5405] usb 8-1: new high-speed USB device number 29 using dummy_hcd [ 654.715701][ T5405] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 654.728084][ T5405] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 654.742183][ T5405] usb 8-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 654.754925][T13134] netlink: 'syz.0.1870': attribute type 9 has an invalid length. [ 654.755826][ T5405] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 654.812498][T13134] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1870'. [ 654.832330][ T5405] usb 8-1: config 0 descriptor?? [ 655.316819][ T66] block nbd0: Receive control failed (result -104) [ 655.321823][T13133] block nbd0: shutting down sockets [ 655.339408][ T5405] cm6533_jd 0003:0D8C:0022.0009: unknown main item tag 0x0 [ 655.342551][ T5405] cm6533_jd 0003:0D8C:0022.0009: unknown main item tag 0x0 [ 655.365468][ T5405] cm6533_jd 0003:0D8C:0022.0009: unknown main item tag 0x0 [ 655.375459][ T5405] cm6533_jd 0003:0D8C:0022.0009: unknown main item tag 0x0 [ 655.378897][ T5405] cm6533_jd 0003:0D8C:0022.0009: unknown main item tag 0x0 [ 655.383497][ T5405] cm6533_jd 0003:0D8C:0022.0009: No inputs registered, leaving [ 655.417758][ T5405] cm6533_jd 0003:0D8C:0022.0009: hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0 [ 655.554339][T13130] TCP: TCP_TX_DELAY enabled [ 655.719820][ T5849] usb 8-1: USB disconnect, device number 29 [ 656.002783][T13142] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1872'. [ 656.031897][T13143] netlink: 'syz.0.1879': attribute type 9 has an invalid length. [ 656.036261][T13143] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1879'. [ 656.103834][ C3] vkms_vblank_simulate: vblank timer overrun [ 656.513478][T13153] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1873'. [ 656.669124][ T66] block nbd0: Receive control failed (result -104) [ 656.682717][T13148] block nbd0: shutting down sockets [ 656.738309][T13151] mkiss: ax0: crc mode is auto. [ 657.375361][ T5406] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 657.582193][ T5406] usb 5-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 657.586272][ T5406] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 657.592454][ T5406] usb 5-1: config 0 descriptor?? [ 658.108300][ T5348] usb 5-1: USB disconnect, device number 32 [ 658.991216][T13172] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1878'. [ 659.053569][T13170] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1881'. [ 659.255006][T13179] netlink: 'syz.0.1877': attribute type 3 has an invalid length. [ 659.259043][T13179] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1877'. [ 659.498506][T13185] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1882'. [ 659.906314][ T5348] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 660.068413][T13191] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1884'. [ 660.126930][ T5348] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 660.132861][ T5348] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 660.145491][ T5348] usb 6-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 660.149905][ T5348] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 660.167197][ T5348] usb 6-1: config 0 descriptor?? [ 660.653212][ T5348] cm6533_jd 0003:0D8C:0022.000A: unknown main item tag 0x0 [ 660.656668][ T5348] cm6533_jd 0003:0D8C:0022.000A: unknown main item tag 0x0 [ 660.675186][ T5348] cm6533_jd 0003:0D8C:0022.000A: unknown main item tag 0x0 [ 660.715154][ T5348] cm6533_jd 0003:0D8C:0022.000A: unknown main item tag 0x0 [ 660.719580][ T5348] cm6533_jd 0003:0D8C:0022.000A: unknown main item tag 0x0 [ 660.737666][ T5348] cm6533_jd 0003:0D8C:0022.000A: No inputs registered, leaving [ 660.764223][ T5348] cm6533_jd 0003:0D8C:0022.000A: hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0 [ 660.811990][T13198] netlink: 'syz.0.1885': attribute type 9 has an invalid length. [ 660.831897][T13198] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1885'. [ 661.000985][ T5348] usb 6-1: USB disconnect, device number 30 [ 661.154092][ T66] block nbd0: Receive control failed (result -104) [ 661.162685][T13199] block nbd0: shutting down sockets [ 661.275269][ T10] usb 8-1: new high-speed USB device number 30 using dummy_hcd [ 661.528227][ T10] usb 8-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 661.531988][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 661.538406][ T10] usb 8-1: config 0 descriptor?? [ 661.813148][T13208] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1890'. [ 662.023869][T13212] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1891'. [ 662.144271][T13215] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1892'. [ 662.252005][ T1300] usb 8-1: USB disconnect, device number 30 [ 662.424062][T13225] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1894'. [ 662.555514][T13228] netlink: 'syz.2.1893': attribute type 9 has an invalid length. [ 662.559089][T13228] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1893'. [ 663.022940][T13234] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1895'. [ 663.123783][ T66] block nbd2: Receive control failed (result -104) [ 663.127766][T13227] block nbd2: shutting down sockets [ 663.190933][T13240] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1898'. [ 663.486860][T13243] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1899'. [ 663.548008][T13243] 9pnet_fd: p9_fd_create_tcp (13243): problem binding to privport [ 663.554250][ T39] audit: type=1326 audit(1724840138.518:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13242 comm="syz.3.1899" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf746e579 code=0x0 [ 664.329805][T13256] syz.2.1903 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 665.031767][T13272] netlink: 'syz.0.1908': attribute type 9 has an invalid length. [ 665.357325][T13277] __nla_validate_parse: 7 callbacks suppressed [ 665.357341][T13277] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1917'. [ 665.646554][T13271] block nbd0: shutting down sockets [ 666.024524][T13287] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1911'. [ 666.379050][T13297] 9pnet_fd: p9_fd_create_tcp (13297): problem binding to privport [ 666.399769][ T39] audit: type=1326 audit(1724840141.368:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13292 comm="syz.0.1913" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x0 [ 666.594404][T13293] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1913'. [ 666.842151][T13291] netlink: 'syz.2.1912': attribute type 3 has an invalid length. [ 666.856619][T13291] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1912'. [ 666.864395][T13296] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1914'. [ 667.936938][T13316] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1920'. [ 668.513282][T13323] netlink: 'syz.3.1922': attribute type 9 has an invalid length. [ 668.517439][T13323] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1922'. [ 668.545907][T13321] wg2: entered allmulticast mode [ 668.729809][T13321] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1921'. [ 669.092352][ T66] block nbd3: Receive control failed (result -104) [ 669.096389][T13324] block nbd3: shutting down sockets [ 669.901395][T13332] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1924'. [ 670.128449][T13342] overlayfs: overlapping lowerdir path [ 670.131658][T13339] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1927'. [ 670.216733][ T10] usb 7-1: new high-speed USB device number 29 using dummy_hcd [ 670.272696][T13340] netlink: 'syz.0.1926': attribute type 3 has an invalid length. [ 671.180968][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 671.186158][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 671.190264][ T10] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 671.194130][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 671.210569][ T10] usb 7-1: config 0 descriptor?? [ 671.427888][ T1300] usb 8-1: new high-speed USB device number 31 using dummy_hcd [ 671.609737][T13355] netlink: 'syz.0.1930': attribute type 9 has an invalid length. [ 671.613697][T13355] __nla_validate_parse: 1 callbacks suppressed [ 671.613706][T13355] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1930'. [ 671.621357][ T1300] usb 8-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 671.665493][ T1300] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 671.670811][ T1300] usb 8-1: config 0 descriptor?? [ 671.691841][ T10] cm6533_jd 0003:0D8C:0022.000B: unknown main item tag 0x0 [ 671.698134][ T10] cm6533_jd 0003:0D8C:0022.000B: unknown main item tag 0x0 [ 671.703633][ T10] cm6533_jd 0003:0D8C:0022.000B: unknown main item tag 0x0 [ 671.710694][ T10] cm6533_jd 0003:0D8C:0022.000B: unknown main item tag 0x0 [ 671.715509][ T10] cm6533_jd 0003:0D8C:0022.000B: unknown main item tag 0x0 [ 671.725746][ T10] cm6533_jd 0003:0D8C:0022.000B: No inputs registered, leaving [ 671.735235][ T10] cm6533_jd 0003:0D8C:0022.000B: hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0 [ 672.085183][ T2785] usb 7-1: USB disconnect, device number 29 [ 672.190707][ T66] block nbd0: Receive control failed (result -104) [ 672.200290][T13351] block nbd0: shutting down sockets [ 672.298960][T12938] usb 8-1: USB disconnect, device number 31 [ 672.738450][T13365] netlink: 'syz.0.1932': attribute type 9 has an invalid length. [ 672.741715][T13365] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1932'. [ 673.378559][ T66] block nbd0: Receive control failed (result -104) [ 673.382548][T13364] block nbd0: shutting down sockets [ 674.060524][T13376] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1936'. [ 674.183799][T13384] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 674.189347][T13384] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 674.193508][T13384] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 674.575059][T13392] overlayfs: overlapping lowerdir path [ 674.794663][T13391] netlink: 'syz.0.1939': attribute type 3 has an invalid length. [ 674.798434][T13391] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1939'. [ 675.920824][T13404] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1942'. [ 675.956208][T13405] netlink: 'syz.2.1941': attribute type 9 has an invalid length. [ 675.960465][T13405] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1941'. [ 676.005263][ T25] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 676.207263][ T25] usb 6-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 676.211105][ T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 676.228633][ T25] usb 6-1: config 0 descriptor?? [ 676.295833][T13412] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1945'. [ 676.347072][T13412] 9pnet_fd: p9_fd_create_tcp (13412): problem binding to privport [ 676.356666][ T39] audit: type=1326 audit(1724840151.328:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13410 comm="syz.3.1945" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf746e579 code=0x0 [ 676.486934][ T66] block nbd2: Receive control failed (result -104) [ 676.494539][T13407] block nbd2: shutting down sockets [ 676.833438][ T5348] usb 6-1: USB disconnect, device number 31 [ 676.918781][T13423] xt_CT: You must specify a L4 protocol and not use inversions on it [ 677.367976][T13427] netlink: 'syz.3.1948': attribute type 9 has an invalid length. [ 677.372733][T13427] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1948'. [ 677.784493][T13433] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1950'. [ 678.004305][ T66] block nbd3: Receive control failed (result -104) [ 678.013172][T13428] block nbd3: shutting down sockets [ 678.223051][T13437] netlink: 'syz.1.1951': attribute type 3 has an invalid length. [ 678.227217][T13437] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1951'. [ 679.308826][T13442] netlink: 'syz.3.1953': attribute type 9 has an invalid length. [ 679.312188][T13442] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1953'. [ 679.811479][T13447] netlink: 'syz.1.1954': attribute type 9 has an invalid length. [ 679.815041][T13447] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.1954'. [ 679.868663][ T66] block nbd3: Receive control failed (result -104) [ 679.876357][T13443] block nbd3: shutting down sockets [ 680.380058][ T5358] block nbd1: Receive control failed (result -104) [ 680.383687][T13446] block nbd1: shutting down sockets [ 681.265632][ T5348] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 681.447539][ T5348] usb 5-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 681.451920][ T5348] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 681.461806][ T5348] usb 5-1: config 0 descriptor?? [ 681.618395][T13465] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1959'. [ 681.773679][T13470] netlink: 'syz.2.1960': attribute type 9 has an invalid length. [ 681.782649][T13470] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1960'. [ 682.061713][ T2785] usb 5-1: USB disconnect, device number 33 [ 682.103591][T13477] ======================================================= [ 682.103591][T13477] WARNING: The mand mount option has been deprecated and [ 682.103591][T13477] and is ignored by this kernel. Remove the mand [ 682.103591][T13477] option from the mount to silence this warning. [ 682.103591][T13477] ======================================================= [ 682.277493][T13473] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 682.352668][ T5358] block nbd2: Receive control failed (result -104) [ 682.369098][T13469] block nbd2: shutting down sockets [ 682.866663][T13487] netlink: 'syz.3.1963': attribute type 9 has an invalid length. [ 682.869818][T13487] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1963'. [ 683.143946][T13488] netlink: 'syz.2.1964': attribute type 9 has an invalid length. [ 683.162016][T13488] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1964'. [ 683.236453][T13498] __find_get_block_slow() failed. block=144115188075855872, b_blocknr=0, b_state=0x00106019, b_size=4096, device sda1 blocksize: 4096 [ 683.243772][T13498] grow_buffers: requested out-of-range block 144115188075855872 for device sda1 [ 683.251627][T13498] EXT4-fs warning (device sda1): ext4_resize_fs:2018: can't read last block, resize aborted [ 683.479787][ T5358] block nbd3: Receive control failed (result -104) [ 683.480030][T13491] block nbd3: shutting down sockets [ 683.498160][ T66] block nbd2: Receive control failed (result -104) [ 683.502479][T13492] block nbd2: shutting down sockets [ 684.208226][T13512] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1970'. [ 684.243421][ C0] vkms_vblank_simulate: vblank timer overrun [ 684.320240][T13510] netlink: 'syz.0.1969': attribute type 10 has an invalid length. [ 684.336535][T13510] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1969'. [ 684.356369][T13510] bond0: entered promiscuous mode [ 684.359574][T13510] bond_slave_0: entered promiscuous mode [ 684.362559][T13510] bond_slave_1: entered promiscuous mode [ 684.397258][T13510] bridge0: port 3(bond0) entered blocking state [ 684.408777][T13510] bridge0: port 3(bond0) entered disabled state [ 684.415431][T13510] bond0: entered allmulticast mode [ 684.427709][T13510] bond_slave_0: entered allmulticast mode [ 684.430767][T13510] bond_slave_1: entered allmulticast mode [ 684.751713][T13521] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1973'. [ 684.785822][T13519] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 685.123654][T13530] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 685.135257][T13530] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 685.145947][T13530] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 685.509755][T13537] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1976'. [ 686.031599][T13550] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1979'. [ 686.171207][T13552] netlink: 'syz.0.1978': attribute type 9 has an invalid length. [ 686.174790][T13552] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1978'. [ 686.501937][T13559] netlink: 'syz.1.1980': attribute type 3 has an invalid length. [ 686.506008][T13559] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1980'. [ 686.700169][ T66] block nbd0: Receive control failed (result -104) [ 686.754089][T13553] block nbd0: shutting down sockets [ 686.941485][T13567] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1982'. [ 688.547954][T13586] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1987'. [ 689.006187][T13592] 9pnet_fd: p9_fd_create_tcp (13592): problem binding to privport [ 689.046157][ T39] audit: type=1326 audit(1724840164.018:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13591 comm="syz.1.1988" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f72579 code=0x0 [ 689.320753][T13600] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 689.324780][T13600] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 689.328966][T13600] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 689.403326][T13599] netlink: 'syz.0.1997': attribute type 9 has an invalid length. [ 689.407229][T13599] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1997'. [ 689.495186][ T2785] usb 7-1: new high-speed USB device number 30 using dummy_hcd [ 689.722419][ T2785] usb 7-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 689.761518][ T2785] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 689.778119][ T2785] usb 7-1: config 0 descriptor?? [ 689.962821][ T66] block nbd0: Receive control failed (result -104) [ 689.970743][T13601] block nbd0: shutting down sockets [ 690.287598][T13606] futex_wake_op: syz.1.1991 tries to shift op by -1; fix this program [ 690.324040][ T10] usb 7-1: USB disconnect, device number 30 [ 690.736430][T13616] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2002'. [ 690.902458][T13623] xt_CT: You must specify a L4 protocol and not use inversions on it [ 691.138707][ T1377] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.142272][ T1377] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.659081][ T39] audit: type=1326 audit(1724840166.628:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13642 comm="syz.0.1996" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 691.692154][ T39] audit: type=1326 audit(1724840166.638:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13642 comm="syz.0.1996" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 691.725199][ T39] audit: type=1326 audit(1724840166.638:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13642 comm="syz.0.1996" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 691.747040][ T39] audit: type=1326 audit(1724840166.638:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13642 comm="syz.0.1996" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 691.765245][ T39] audit: type=1326 audit(1724840166.638:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13642 comm="syz.0.1996" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 691.774544][ T39] audit: type=1326 audit(1724840166.638:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13642 comm="syz.0.1996" exe="/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 691.783479][ T39] audit: type=1326 audit(1724840166.638:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13642 comm="syz.0.1996" exe="/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 691.793155][ T39] audit: type=1326 audit(1724840166.638:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13642 comm="syz.0.1996" exe="/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 691.808827][ T39] audit: type=1326 audit(1724840166.638:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13642 comm="syz.0.1996" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 692.650733][T13653] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2000'. [ 692.740839][T13657] netlink: 'syz.0.1999': attribute type 9 has an invalid length. [ 692.744983][T13657] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1999'. [ 693.285032][ T66] block nbd0: Receive control failed (result -104) [ 693.285203][ T35] usb 7-1: new high-speed USB device number 31 using dummy_hcd [ 693.295630][T13656] block nbd0: shutting down sockets [ 693.472707][ T35] usb 7-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 693.485332][ T35] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 693.497617][ T35] usb 7-1: config 0 descriptor?? [ 694.065601][ T2785] usb 7-1: USB disconnect, device number 31 [ 694.572241][T13680] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2008'. [ 694.804123][T13685] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2010'. [ 694.917335][T13690] netlink: 'syz.0.2011': attribute type 3 has an invalid length. [ 694.921427][T13690] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.2011'. [ 694.961152][T13689] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2011'. [ 695.369586][T13693] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2012'. [ 695.561474][T13699] netlink: 'syz.0.2013': attribute type 3 has an invalid length. [ 695.565138][T13699] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.2013'. [ 695.904707][T13708] input: syz0 as /devices/virtual/input/input21 [ 696.004795][T13706] input: syz0 as /devices/virtual/input/input22 [ 696.308385][T13710] ip_tunnel: non-ECT from 172.30.0.4 with TOS=0x2 [ 696.613637][T13714] netlink: 'syz.2.2018': attribute type 9 has an invalid length. [ 696.627549][T13714] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2018'. [ 696.945307][ T5406] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 697.017739][T13720] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2020'. [ 697.129507][ T5406] usb 5-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 697.133724][ T5406] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 697.146182][ T66] block nbd2: Receive control failed (result -104) [ 697.150477][ T5406] usb 5-1: config 0 descriptor?? [ 697.157105][T13716] block nbd2: shutting down sockets [ 697.668193][ T1300] usb 5-1: USB disconnect, device number 34 [ 698.276567][T13734] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 698.283041][T13734] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 698.288824][T13734] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 700.130636][T13756] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 700.235153][ T39] kauditd_printk_skb: 53 callbacks suppressed [ 700.235170][ T39] audit: type=1800 audit(1724840175.198:768): pid=13760 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2028" name="bus" dev="overlay" ino=398 res=0 errno=0 [ 700.413082][T13762] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2030'. [ 700.535408][T13767] netlink: 'syz.1.2029': attribute type 9 has an invalid length. [ 700.539057][T13767] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.2029'. [ 701.132326][ T66] block nbd1: Receive control failed (result -104) [ 701.146188][T13766] block nbd1: shutting down sockets [ 701.345808][T13773] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2032'. [ 701.492637][ T5407] usb 8-1: new high-speed USB device number 32 using dummy_hcd [ 701.709227][ T5407] usb 8-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 701.713180][ T5407] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 701.727263][ T5407] usb 8-1: config 0 descriptor?? [ 701.887207][T13786] use of bytesused == 0 is deprecated and will be removed in the future, [ 701.892393][T13786] use the actual size instead. [ 701.957144][ T1300] libceph: connect (1)[c::]:6789 error -101 [ 701.960929][ T1300] libceph: mon0 (1)[c::]:6789 connect error [ 701.977829][ T1300] libceph: connect (1)[c::]:6789 error -101 [ 701.980478][ T1300] libceph: mon0 (1)[c::]:6789 connect error [ 702.017505][ T66] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 702.022521][ T66] Bluetooth: hci5: Injecting HCI hardware error event [ 702.027138][ T66] Bluetooth: hci5: hardware error 0x00 [ 702.103836][T13791] input: syz0 as /devices/virtual/input/input23 [ 702.163328][T13791] netlink: 332 bytes leftover after parsing attributes in process `syz.1.2037'. [ 702.167546][T13791] netlink: 160 bytes leftover after parsing attributes in process `syz.1.2037'. [ 702.260305][ T1300] libceph: connect (1)[c::]:6789 error -101 [ 702.262489][ T1300] libceph: mon0 (1)[c::]:6789 connect error [ 702.282653][ T5348] usb 8-1: USB disconnect, device number 32 [ 702.776982][ T5407] libceph: connect (1)[c::]:6789 error -101 [ 702.783447][ T5407] libceph: mon0 (1)[c::]:6789 connect error [ 702.803690][T13788] ceph: No mds server is up or the cluster is laggy [ 703.188912][T13802] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2040'. [ 703.354442][T13806] input: syz0 as /devices/virtual/input/input24 [ 703.822897][T13812] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2042'. [ 703.967557][ T5358] Bluetooth: hci5: Malformed HCI Event [ 704.085269][ T66] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 704.205320][T13819] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2044'. [ 704.473545][T13826] netlink: 'syz.2.2043': attribute type 9 has an invalid length. [ 704.478020][T13826] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2043'. [ 704.666386][T13832] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 704.671373][T13832] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 704.685173][T13832] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 704.701045][T13824] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 704.785968][T12734] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 704.857200][ T66] block nbd2: Receive control failed (result -104) [ 704.866636][T13820] block nbd2: shutting down sockets [ 704.987100][T12734] usb 5-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 704.992249][T12734] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 705.003466][T12734] usb 5-1: config 0 descriptor?? [ 705.045297][ T5405] usb 8-1: new high-speed USB device number 33 using dummy_hcd [ 705.278299][T13837] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2048'. [ 705.325230][ T5405] usb 8-1: Using ep0 maxpacket: 8 [ 705.358774][ T5405] usb 8-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 705.362959][ T5405] usb 8-1: config 246 descriptor has 1 excess byte, ignoring [ 705.366152][ T5405] usb 8-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 705.391412][ T5405] usb 8-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 705.396657][ T5405] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 705.401389][ T5405] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 705.437230][ T5405] usb 8-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 705.441126][ T5405] usb 8-1: config 246 descriptor has 1 excess byte, ignoring [ 705.459452][ T5405] usb 8-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 705.488593][ T5405] usb 8-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 705.563494][ T5405] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 705.587295][ T5405] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 705.619531][ T5405] usb 8-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 705.623445][ T5405] usb 8-1: config 246 descriptor has 1 excess byte, ignoring [ 705.626753][ T5405] usb 8-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 705.648115][ T5405] usb 8-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 705.670438][ T5405] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 705.678265][ T5406] usb 5-1: USB disconnect, device number 35 [ 705.700621][ T5405] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 705.716621][ T5405] usb 8-1: string descriptor 0 read error: -22 [ 705.722319][ T5405] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 705.726768][ T5405] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 705.744059][ T5405] adutux 8-1:246.0: interrupt endpoints not found [ 705.873943][T13848] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2051'. [ 706.046124][T13850] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 706.052203][T13850] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 706.056149][T13850] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 706.060124][T13850] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 706.647256][T13853] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2052'. [ 706.970436][T13860] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2053'. [ 707.145386][T13861] input: syz0 as /devices/virtual/input/input25 [ 707.245287][T13864] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2055'. [ 707.651482][ T2785] usb 8-1: USB disconnect, device number 33 [ 707.814369][T13870] netlink: 'syz.2.2056': attribute type 9 has an invalid length. [ 707.824468][T13870] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2056'. [ 708.040993][T13869] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2057'. [ 708.309065][T13873] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2058'. [ 708.354825][ T66] block nbd2: Receive control failed (result -104) [ 708.359285][T13867] block nbd2: shutting down sockets [ 708.695215][ T2785] usb 8-1: new high-speed USB device number 34 using dummy_hcd [ 708.766227][ T39] audit: type=1326 audit(1724840183.738:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13875 comm="syz.0.2059" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x0 [ 708.887637][ T2785] usb 8-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 708.891823][ T2785] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 708.935271][ T2785] usb 8-1: config 0 descriptor?? [ 709.601062][T12938] usb 8-1: USB disconnect, device number 34 [ 709.801152][T13893] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2063'. [ 709.805056][T13893] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 709.809303][T13893] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 709.821667][T13893] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 709.831655][T13893] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 711.440586][T13906] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2067'. [ 711.471595][T13906] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2067'. [ 711.550748][T13906] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2067'. [ 711.869037][T13912] input: syz0 as /devices/virtual/input/input26 [ 712.065477][T13914] ip_tunnel: non-ECT from 172.30.0.2 with TOS=0x2 [ 712.574255][T13917] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2069'. [ 712.859203][T13922] 9pnet: Unknown protocol version 9 [ 714.015185][ T2785] usb 7-1: new high-speed USB device number 32 using dummy_hcd [ 714.025175][ T5407] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 714.205578][ T2785] usb 7-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 714.209660][ T2785] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 714.214531][ T5407] usb 5-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 714.218050][ T2785] usb 7-1: config 0 descriptor?? [ 714.219277][ T5407] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 714.231890][ T5407] usb 5-1: config 0 descriptor?? [ 714.808347][ T5348] usb 5-1: USB disconnect, device number 36 [ 714.811375][T12938] usb 7-1: USB disconnect, device number 32 [ 715.221712][T13940] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2075'. [ 715.446734][T13945] 9pnet_fd: p9_fd_create_tcp (13945): problem binding to privport [ 715.485911][ T39] audit: type=1326 audit(1724840190.458:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13944 comm="syz.1.2077" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f72579 code=0x0 [ 715.551438][ C3] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 715.705483][T13951] netlink: 'syz.2.2079': attribute type 9 has an invalid length. [ 715.708697][T13951] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2079'. [ 716.321711][ T5358] block nbd2: Receive control failed (result -104) [ 716.326816][T13952] block nbd2: shutting down sockets [ 716.591491][T13962] 9pnet: Unknown protocol version 9p200 [ 716.600606][T13964] netlink: 'syz.2.2082': attribute type 10 has an invalid length. [ 716.603884][T13964] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 716.612075][T13964] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 717.446758][T13971] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2083'. [ 717.805284][ T2785] usb 8-1: new high-speed USB device number 35 using dummy_hcd [ 717.995170][ T2785] usb 8-1: Using ep0 maxpacket: 8 [ 718.006552][ T2785] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 718.009779][ T2785] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 718.013109][ T2785] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 718.024453][ T2785] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 718.029667][ T2785] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 718.037737][ T2785] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 718.041548][ T2785] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 718.314813][ T2785] usb 8-1: usb_control_msg returned -32 [ 718.320121][ T2785] usbtmc 8-1:16.0: can't read capabilities [ 718.370356][ T2785] usb 8-1: USB disconnect, device number 35 [ 718.380976][T13979] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2086'. [ 718.582741][T13970] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2084'. [ 718.594037][T13982] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2087'. [ 718.866863][T13988] nbd: device at index 2 is going down [ 719.279941][T13996] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2090'. [ 719.467294][ C0] ================================================================== [ 719.471075][ C0] BUG: KASAN: slab-use-after-free in __lock_acquire+0x2de0/0x3cb0 [ 719.476736][ C0] Read of size 8 at addr ffff8880787fa418 by task kworker/0:4/5849 [ 719.481936][ C0] [ 719.482896][ C0] CPU: 0 UID: 0 PID: 5849 Comm: kworker/0:4 Not tainted 6.11.0-rc5-syzkaller-00057-g86987d84b968 #0 [ 719.487625][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 719.491714][ C0] Workqueue: wg-crypt-wg0 wg_packet_encrypt_worker [ 719.494161][ C0] Call Trace: [ 719.495637][ C0] [ 719.496857][ C0] dump_stack_lvl+0x116/0x1f0 [ 719.498594][ C0] print_report+0xc3/0x620 [ 719.500392][ C0] ? __virt_addr_valid+0x5e/0x590 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 719.502326][ C0] ? __phys_addr+0xc6/0x150 [ 719.504462][ C0] kasan_report+0xd9/0x110 [ 719.506541][ C0] ? __lock_acquire+0x2de0/0x3cb0 [ 719.508792][ C0] ? __lock_acquire+0x2de0/0x3cb0 [ 719.511026][ C0] __lock_acquire+0x2de0/0x3cb0 [ 719.513156][ C0] ? try_to_wake_up+0x5d7/0x13e0 [ 719.515321][ C0] ? __pfx_lock_release+0x10/0x10 [ 719.517481][ C0] ? rcu_is_watching+0x12/0xc0 [ 719.519649][ C0] ? __smp_call_single_queue+0x174/0x1e0 [ 719.522079][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 719.524214][ C0] ? do_raw_spin_unlock+0x172/0x230 [ 719.526371][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 719.528814][ C0] lock_acquire+0x1b1/0x560 [ 719.530793][ C0] ? p9_req_put+0xaf/0x250 [ 719.532563][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 719.534716][ C0] ? __raw_callee_save___pv_queued_spin_unlock_slowpath+0x15/0x30 [ 719.537935][ C0] ? select_task_rq_fair+0x360/0x44b0 [ 719.540285][ C0] ? do_raw_spin_unlock+0x53/0x230 [ 719.542506][ C0] ? .slowpath+0x9/0x18 [ 719.544420][ C0] _raw_spin_lock_irqsave+0x3a/0x60 [ 719.546890][ C0] ? p9_req_put+0xaf/0x250 [ 719.548840][ C0] p9_req_put+0xaf/0x250 [ 719.550734][ C0] req_done+0x1e7/0x2f0 [ 719.556010][ C0] ? __pfx_req_done+0x10/0x10 [ 719.558223][ C0] ? __pfx_req_done+0x10/0x10 [ 719.560288][ C0] vring_interrupt+0x31b/0x400 [ 719.562332][ C0] ? __pfx_vring_interrupt+0x10/0x10 [ 719.564731][ C0] __handle_irq_event_percpu+0x229/0x7c0 [ 719.567567][ C0] handle_irq_event+0xab/0x1e0 [ 719.569803][ C0] handle_edge_irq+0x263/0xd10 [ 719.571909][ C0] __common_interrupt+0xdf/0x250 [ 719.574051][ C0] common_interrupt+0xab/0xd0 [ 719.576619][ C0] [ 719.577914][ C0] [ 719.579260][ C0] asm_common_interrupt+0x26/0x40 [ 719.581735][ C0] RIP: 0010:preempt_schedule_irq+0x4c/0x90 [ 719.584390][ C0] Code: df 55 65 48 8b 2d 54 06 fd 74 53 48 89 eb 48 c1 eb 03 48 01 c3 bf 01 00 00 00 e8 8f c3 54 f6 e8 3a 8c 8b f6 fb bf 01 00 00 00 4f a3 ff ff 9c 58 fa f6 c4 02 75 1e bf 01 00 00 00 e8 bd 67 54 [ 719.592860][ C0] RSP: 0018:ffffc900207c72e8 EFLAGS: 00000202 [ 719.595567][ C0] RAX: 000000000012acd9 RBX: ffffed1002d75488 RCX: 1ffffffff28c409f [ 719.599009][ C0] RDX: 0000000000000000 RSI: ffffffff8b4cd060 RDI: 0000000000000001 [ 719.602417][ C0] RBP: ffff888016baa440 R08: 0000000000000001 R09: fffffbfff28b6b02 [ 719.606204][ C0] R10: ffffffff945b5817 R11: 0000000000000000 R12: 0000000000000000 [ 719.610022][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 719.613330][ C0] ? preempt_schedule_irq+0x46/0x90 [ 719.615479][ C0] irqentry_exit+0x36/0x90 [ 719.617433][ C0] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 719.619801][ C0] RIP: 0010:chacha20poly1305_crypt_sg_inplace+0x400/0xb50 [ 719.622885][ C0] Code: c2 84 c9 0f 95 c0 84 c2 0f 85 35 07 00 00 41 8b 47 18 49 8d 7f 1c 48 b9 00 00 00 00 00 fc ff df 89 84 24 e8 00 00 00 48 89 f8 <48> c1 e8 03 0f b6 14 08 49 8d 47 1f 48 89 c6 48 c1 ee 03 0f b6 0c [ 719.631187][ C0] RSP: 0018:ffffc900207c73b0 EFLAGS: 00000246 [ 719.633811][ C0] RAX: ffff88805780a03c RBX: dffffc0000000000 RCX: dffffc0000000000 [ 719.637334][ C0] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff88805780a03c [ 719.640996][ C0] RBP: ffffc900207c7718 R08: 0000000000000007 R09: 000000007fffffff [ 719.644780][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 719.648426][ C0] R13: 0000000000000075 R14: 0000000000000000 R15: ffff88805780a020 [ 719.652191][ C0] ? __pfx_chacha20poly1305_crypt_sg_inplace+0x10/0x10 [ 719.655550][ C0] ? __skb_to_sgvec+0x523/0xa30 [ 719.658194][ C0] chacha20poly1305_encrypt_sg_inplace+0x3e/0x50 [ 719.661050][ C0] encrypt_packet+0x720/0x8e0 [ 719.663179][ C0] ? __pfx_encrypt_packet+0x10/0x10 [ 719.665480][ C0] ? hlock_class+0x4e/0x130 [ 719.667728][ C0] ? wg_packet_encrypt_worker+0x27d/0xb60 [ 719.671266][ C0] ? mark_held_locks+0x9f/0xe0 [ 719.673857][ C0] ? wg_packet_encrypt_worker+0x27d/0xb60 [ 719.676738][ C0] ? __local_bh_enable_ip+0xa4/0x120 [ 719.679326][ C0] wg_packet_encrypt_worker+0x2ec/0xb60 [ 719.682523][ C0] ? __pfx_wg_packet_encrypt_worker+0x10/0x10 [ 719.685767][ C0] process_one_work+0x958/0x1ad0 [ 719.688209][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 719.690919][ C0] ? __pfx_process_one_work+0x10/0x10 [ 719.694130][ C0] ? assign_work+0x1a0/0x250 [ 719.696738][ C0] worker_thread+0x6c8/0xed0 [ 719.699570][ C0] ? __pfx_worker_thread+0x10/0x10 [ 719.702710][ C0] kthread+0x2c1/0x3a0 [ 719.705209][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 719.708358][ C0] ? __pfx_kthread+0x10/0x10 [ 719.710292][ C0] ret_from_fork+0x45/0x80 [ 719.711992][ C0] ? __pfx_kthread+0x10/0x10 [ 719.713436][ C0] ret_from_fork_asm+0x1a/0x30 [ 719.715062][ C0] [ 719.716375][ C0] [ 719.717381][ C0] Allocated by task 14000: [ 719.719301][ C0] kasan_save_stack+0x33/0x60 [ 719.721621][ C0] kasan_save_track+0x14/0x30 [ 719.723845][ C0] __kasan_kmalloc+0xaa/0xb0 [ 719.725861][ C0] p9_client_create+0xcf/0x11b0 [ 719.727930][ C0] v9fs_session_init+0x1f8/0x1a80 [ 719.730123][ C0] v9fs_mount+0xc6/0xa50 [ 719.731860][ C0] legacy_get_tree+0x109/0x220 [ 719.733890][ C0] vfs_get_tree+0x8f/0x380 [ 719.735869][ C0] path_mount+0x6e1/0x1f10 [ 719.737805][ C0] __ia32_sys_mount+0x292/0x310 [ 719.740026][ C0] __do_fast_syscall_32+0x73/0x120 [ 719.742206][ C0] do_fast_syscall_32+0x32/0x80 [ 719.744580][ C0] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 719.747880][ C0] [ 719.749155][ C0] Freed by task 14000: [ 719.751292][ C0] kasan_save_stack+0x33/0x60 [ 719.753467][ C0] kasan_save_track+0x14/0x30 [ 719.755492][ C0] kasan_save_free_info+0x3b/0x60 [ 719.757631][ C0] poison_slab_object+0xf7/0x160 [ 719.760284][ C0] __kasan_slab_free+0x32/0x50 [ 719.762289][ C0] kfree+0x12a/0x3b0 [ 719.764118][ C0] p9_client_create+0x9ca/0x11b0 [ 719.766167][ C0] v9fs_session_init+0x1f8/0x1a80 [ 719.768338][ C0] v9fs_mount+0xc6/0xa50 [ 719.770178][ C0] legacy_get_tree+0x109/0x220 [ 719.772190][ C0] vfs_get_tree+0x8f/0x380 [ 719.773918][ C0] path_mount+0x6e1/0x1f10 [ 719.776020][ C0] __ia32_sys_mount+0x292/0x310 [ 719.778052][ C0] __do_fast_syscall_32+0x73/0x120 [ 719.780567][ C0] do_fast_syscall_32+0x32/0x80 [ 719.782808][ C0] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 719.785442][ C0] [ 719.786347][ C0] The buggy address belongs to the object at ffff8880787fa400 [ 719.786347][ C0] which belongs to the cache kmalloc-512 of size 512 [ 719.791880][ C0] The buggy address is located 24 bytes inside of [ 719.791880][ C0] freed 512-byte region [ffff8880787fa400, ffff8880787fa600) [ 719.798035][ C0] [ 719.799143][ C0] The buggy address belongs to the physical page: [ 719.802425][ C0] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x787f8 [ 719.807362][ C0] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 719.812745][ C0] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 719.817322][ C0] page_type: 0xfdffffff(slab) [ 719.819905][ C0] raw: 04fff00000000040 ffff888015842c80 ffffea0001afea00 dead000000000002 [ 719.824411][ C0] raw: 0000000000000000 0000000080100010 00000001fdffffff 0000000000000000 [ 719.828713][ C0] head: 04fff00000000040 ffff888015842c80 ffffea0001afea00 dead000000000002 [ 719.832802][ C0] head: 0000000000000000 0000000080100010 00000001fdffffff 0000000000000000 [ 719.836782][ C0] head: 04fff00000000002 ffffea0001e1fe01 ffffffffffffffff 0000000000000000 [ 719.840681][ C0] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 719.844580][ C0] page dumped because: kasan: bad access detected [ 719.847716][ C0] page_owner tracks the page as allocated [ 719.850259][ C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 13740, tgid 13732 (syz.1.2024), ts 698422727570, free_ts 698099890988 [ 719.861638][ C0] post_alloc_hook+0x2d1/0x350 [ 719.863835][ C0] get_page_from_freelist+0x1351/0x2e50 [ 719.866309][ C0] __alloc_pages_noprof+0x22b/0x2460 [ 719.868686][ C0] alloc_slab_page+0x4e/0xf0 [ 719.870670][ C0] new_slab+0x84/0x260 [ 719.872570][ C0] ___slab_alloc+0xdac/0x1870 [ 719.874782][ C0] __slab_alloc.constprop.0+0x56/0xb0 [ 719.877145][ C0] __kmalloc_noprof+0x379/0x410 [ 719.879274][ C0] copy_splice_read+0x1a8/0xb80 [ 719.881465][ C0] do_splice_read+0x2cf/0x380 [ 719.883617][ C0] splice_direct_to_actor+0x2a4/0xa40 [ 719.885909][ C0] do_splice_direct+0x17e/0x250 [ 719.887935][ C0] do_sendfile+0xb1e/0xe50 [ 719.889906][ C0] __ia32_compat_sys_sendfile+0x1e7/0x230 [ 719.892459][ C0] __do_fast_syscall_32+0x73/0x120 [ 719.894739][ C0] do_fast_syscall_32+0x32/0x80 [ 719.896858][ C0] page last free pid 13733 tgid 13732 stack trace: [ 719.899619][ C0] free_unref_page+0x64a/0xe40 [ 719.901758][ C0] qlist_free_all+0x4e/0x140 [ 719.903834][ C0] kasan_quarantine_reduce+0x192/0x1e0 [ 719.906423][ C0] __kasan_slab_alloc+0x69/0x90 [ 719.908430][ C0] kmem_cache_alloc_noprof+0x121/0x2f0 [ 719.913864][ C0] ptlock_alloc+0x1f/0x70 [ 719.915543][ C0] pte_alloc_one+0x74/0x370 [ 719.917246][ C0] __pte_alloc+0x6e/0x3a0 [ 719.919160][ C0] __handle_mm_fault+0x4e15/0x5350 [ 719.921276][ C0] handle_mm_fault+0x44e/0x7b0 [ 719.923653][ C0] __get_user_pages+0x475/0x15c0 [ 719.925713][ C0] __gup_longterm_locked+0x22e/0x1b30 [ 719.927860][ C0] pin_user_pages_remote+0xee/0x150 [ 719.929940][ C0] process_vm_rw_core.constprop.0+0x439/0x9f0 [ 719.932170][ C0] process_vm_rw+0x301/0x360 [ 719.933867][ C0] __ia32_sys_process_vm_readv+0xdf/0x1b0 [ 719.935945][ C0] [ 719.936833][ C0] Memory state around the buggy address: [ 719.938696][ C0] ffff8880787fa300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 719.942078][ C0] ffff8880787fa380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 719.945481][ C0] >ffff8880787fa400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 719.948983][ C0] ^ [ 719.951283][ C0] ffff8880787fa480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 719.955109][ C0] ffff8880787fa500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 719.958493][ C0] ================================================================== [ 719.962330][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 719.965691][ C0] CPU: 0 UID: 0 PID: 5849 Comm: kworker/0:4 Not tainted 6.11.0-rc5-syzkaller-00057-g86987d84b968 #0 [ 719.970571][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 719.975174][ C0] Workqueue: wg-crypt-wg0 wg_packet_encrypt_worker [ 719.978325][ C0] Call Trace: [ 719.979895][ C0] [ 719.981209][ C0] dump_stack_lvl+0x3d/0x1f0 [ 719.983648][ C0] panic+0x6dc/0x7c0 [ 719.985411][ C0] ? __pfx_panic+0x10/0x10 [ 719.987670][ C0] ? rcu_is_watching+0x12/0xc0 [ 719.990449][ C0] ? __pfx_lock_release+0x10/0x10 [ 719.992725][ C0] ? check_panic_on_warn+0x1f/0xb0 [ 719.995073][ C0] check_panic_on_warn+0xab/0xb0 [ 719.997146][ C0] end_report+0x117/0x180 [ 719.999041][ C0] kasan_report+0xe9/0x110 [ 720.001408][ C0] ? __lock_acquire+0x2de0/0x3cb0 [ 720.004035][ C0] ? __lock_acquire+0x2de0/0x3cb0 [ 720.006233][ C0] __lock_acquire+0x2de0/0x3cb0 [ 720.008661][ C0] ? try_to_wake_up+0x5d7/0x13e0 [ 720.010835][ C0] ? __pfx_lock_release+0x10/0x10 [ 720.013211][ C0] ? rcu_is_watching+0x12/0xc0 [ 720.015300][ C0] ? __smp_call_single_queue+0x174/0x1e0 [ 720.018089][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 720.020789][ C0] ? do_raw_spin_unlock+0x172/0x230 [ 720.023785][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 720.026136][ C0] lock_acquire+0x1b1/0x560 [ 720.027607][ C0] ? p9_req_put+0xaf/0x250 [ 720.028957][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 720.030757][ C0] ? __raw_callee_save___pv_queued_spin_unlock_slowpath+0x15/0x30 [ 720.034207][ C0] ? select_task_rq_fair+0x360/0x44b0 [ 720.036579][ C0] ? do_raw_spin_unlock+0x53/0x230 [ 720.038409][ C0] ? .slowpath+0x9/0x18 [ 720.040212][ C0] _raw_spin_lock_irqsave+0x3a/0x60 [ 720.042388][ C0] ? p9_req_put+0xaf/0x250 [ 720.044192][ C0] p9_req_put+0xaf/0x250 [ 720.045955][ C0] req_done+0x1e7/0x2f0 [ 720.047650][ C0] ? __pfx_req_done+0x10/0x10 [ 720.049596][ C0] ? __pfx_req_done+0x10/0x10 [ 720.051601][ C0] vring_interrupt+0x31b/0x400 [ 720.054035][ C0] ? __pfx_vring_interrupt+0x10/0x10 [ 720.056474][ C0] __handle_irq_event_percpu+0x229/0x7c0 [ 720.058949][ C0] handle_irq_event+0xab/0x1e0 [ 720.061654][ C0] handle_edge_irq+0x263/0xd10 [ 720.064015][ C0] __common_interrupt+0xdf/0x250 [ 720.066765][ C0] common_interrupt+0xab/0xd0 [ 720.069273][ C0] [ 720.071015][ C0] [ 720.072728][ C0] asm_common_interrupt+0x26/0x40 [ 720.075665][ C0] RIP: 0010:preempt_schedule_irq+0x4c/0x90 [ 720.079065][ C0] Code: df 55 65 48 8b 2d 54 06 fd 74 53 48 89 eb 48 c1 eb 03 48 01 c3 bf 01 00 00 00 e8 8f c3 54 f6 e8 3a 8c 8b f6 fb bf 01 00 00 00 4f a3 ff ff 9c 58 fa f6 c4 02 75 1e bf 01 00 00 00 e8 bd 67 54 [ 720.089087][ C0] RSP: 0018:ffffc900207c72e8 EFLAGS: 00000202 [ 720.092008][ C0] RAX: 000000000012acd9 RBX: ffffed1002d75488 RCX: 1ffffffff28c409f [ 720.096334][ C0] RDX: 0000000000000000 RSI: ffffffff8b4cd060 RDI: 0000000000000001 [ 720.101417][ C0] RBP: ffff888016baa440 R08: 0000000000000001 R09: fffffbfff28b6b02 [ 720.105760][ C0] R10: ffffffff945b5817 R11: 0000000000000000 R12: 0000000000000000 [ 720.109093][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 720.112344][ C0] ? preempt_schedule_irq+0x46/0x90 [ 720.114468][ C0] irqentry_exit+0x36/0x90 [ 720.117257][ C0] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 720.119620][ C0] RIP: 0010:chacha20poly1305_crypt_sg_inplace+0x400/0xb50 [ 720.122673][ C0] Code: c2 84 c9 0f 95 c0 84 c2 0f 85 35 07 00 00 41 8b 47 18 49 8d 7f 1c 48 b9 00 00 00 00 00 fc ff df 89 84 24 e8 00 00 00 48 89 f8 <48> c1 e8 03 0f b6 14 08 49 8d 47 1f 48 89 c6 48 c1 ee 03 0f b6 0c [ 720.132518][ C0] RSP: 0018:ffffc900207c73b0 EFLAGS: 00000246 [ 720.136221][ C0] RAX: ffff88805780a03c RBX: dffffc0000000000 RCX: dffffc0000000000 [ 720.140104][ C0] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff88805780a03c [ 720.143532][ C0] RBP: ffffc900207c7718 R08: 0000000000000007 R09: 000000007fffffff [ 720.146996][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 720.150355][ C0] R13: 0000000000000075 R14: 0000000000000000 R15: ffff88805780a020 [ 720.153829][ C0] ? __pfx_chacha20poly1305_crypt_sg_inplace+0x10/0x10 [ 720.156573][ C0] ? __skb_to_sgvec+0x523/0xa30 [ 720.159098][ C0] chacha20poly1305_encrypt_sg_inplace+0x3e/0x50 [ 720.161980][ C0] encrypt_packet+0x720/0x8e0 [ 720.164480][ C0] ? __pfx_encrypt_packet+0x10/0x10 [ 720.167150][ C0] ? hlock_class+0x4e/0x130 [ 720.169395][ C0] ? wg_packet_encrypt_worker+0x27d/0xb60 [ 720.172488][ C0] ? mark_held_locks+0x9f/0xe0 [ 720.174500][ C0] ? wg_packet_encrypt_worker+0x27d/0xb60 [ 720.176857][ C0] ? __local_bh_enable_ip+0xa4/0x120 [ 720.179486][ C0] wg_packet_encrypt_worker+0x2ec/0xb60 [ 720.182005][ C0] ? __pfx_wg_packet_encrypt_worker+0x10/0x10 [ 720.184477][ C0] process_one_work+0x958/0x1ad0 [ 720.186550][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 720.189138][ C0] ? __pfx_process_one_work+0x10/0x10 [ 720.191749][ C0] ? assign_work+0x1a0/0x250 [ 720.194490][ C0] worker_thread+0x6c8/0xed0 [ 720.197407][ C0] ? __pfx_worker_thread+0x10/0x10 [ 720.199580][ C0] kthread+0x2c1/0x3a0 [ 720.201351][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 720.204472][ C0] ? __pfx_kthread+0x10/0x10 [ 720.206735][ C0] ret_from_fork+0x45/0x80 [ 720.208876][ C0] ? __pfx_kthread+0x10/0x10 [ 720.211586][ C0] ret_from_fork_asm+0x1a/0x30 [ 720.213988][ C0] [ 720.216135][ C0] Kernel Offset: disabled [ 720.218487][ C0] Rebooting in 86400 seconds.. VM DIAGNOSIS: 10:16:34 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000039 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84fa7a25 RDI=ffffffff9511c240 RBP=ffffffff9511c200 RSP=ffffc90000007610 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3730383838666666 R12=0000000000000000 R13=0000000000000039 R14=ffffffff84fa79c0 R15=0000000000000000 RIP=ffffffff84fa7a4f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000203c1000 CR3=000000004f572000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=00000000013d53ff RBX=0000000000000001 RCX=ffffffff8b057f59 RDX=0000000000000000 RSI=ffffffff8b4cd060 RDI=ffffffff8bb059e0 RBP=ffffed1002ce1910 RSP=ffffc90000477e08 R8 =0000000000000001 R9 =ffffed1005826fd9 R10=ffff88802c137ecb R11=0000000000000000 R12=0000000000000001 R13=ffff88801670c880 R14=ffffffff901147d8 R15=0000000000000000 RIP=ffffffff8b05934f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c379d00 CR3=000000004adb2000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=000001b4fe7cc9fe RBX=ffff88802c2283c0 RCX=00000000000006e0 RDX=00000000000001b4 RSI=ffff88802c2283c0 RDI=00000000001e84b1 RBP=00000000001e84b1 RSP=ffffc90000540ec0 R8 =0000000000000005 R9 =000000000000003f R10=0000000000000019 R11=0000000000000000 R12=0000000000000000 R13=0000000000000019 R14=0000000000000000 R15=000000a78077c00a RIP=ffffffff8139f235 RFL=00000007 [-----PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c2ab9b6 CR3=000000004aaec000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000004bbdad RBX=0000000000000003 RCX=ffffffff8b057f59 RDX=0000000000000000 RSI=ffffffff8b4cd060 RDI=ffffffff8bb059e0 RBP=ffffed1002cf4488 RSP=ffffc90000497e08 R8 =0000000000000001 R9 =ffffed1005866fd9 R10=ffff88802c337ecb R11=0000000000000000 R12=0000000000000003 R13=ffff8880167a2440 R14=ffffffff901147d8 R15=0000000000000000 RIP=ffffffff8b05934f RFL=00000242 [---Z---] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020bff000 CR3=000000004aaec000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 ZMM17=8498437ea2cc5473 1b96a9192d22e9e1 8498437ea2cc5473 1b96a9192d22e9e1 8498437ea2cc5473 1b96a9192d22e9e1 8498437ea2cc5473 1b96a9192d22e9e1 ZMM18=3386fb67d1cc22ba 01acb59d652449ff 3386fb67d1cc22ba 01acb59d652449ff 3386fb67d1cc22ba 01acb59d652449ff 3386fb67d1cc22ba 01acb59d652449ff ZMM19=9614000000000000 000000000000002d 9614000000000000 000000000000002c 9614000000000000 000000000000002b 9614000000000000 000000000000002a ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=1b96a9191b96a919 1b96a9191b96a919 1b96a9191b96a919 1b96a9191b96a919 1b96a9191b96a919 1b96a9191b96a919 1b96a9191b96a919 1b96a9191b96a919 ZMM22=a2cc5473a2cc5473 a2cc5473a2cc5473 a2cc5473a2cc5473 a2cc5473a2cc5473 a2cc5473a2cc5473 a2cc5473a2cc5473 a2cc5473a2cc5473 a2cc5473a2cc5473 ZMM23=8498437e8498437e 8498437e8498437e 8498437e8498437e 8498437e8498437e 8498437e8498437e 8498437e8498437e 8498437e8498437e 8498437e8498437e ZMM24=652449ff652449ff 652449ff652449ff 652449ff652449ff 652449ff652449ff 652449ff652449ff 652449ff652449ff 652449ff652449ff 652449ff652449ff ZMM25=01acb59d01acb59d 01acb59d01acb59d 01acb59d01acb59d 01acb59d01acb59d 01acb59d01acb59d 01acb59d01acb59d 01acb59d01acb59d 01acb59d01acb59d ZMM26=d1cc22bad1cc22ba d1cc22bad1cc22ba d1cc22bad1cc22ba d1cc22bad1cc22ba d1cc22bad1cc22ba d1cc22bad1cc22ba d1cc22bad1cc22ba d1cc22bad1cc22ba ZMM27=3386fb673386fb67 3386fb673386fb67 3386fb673386fb67 3386fb673386fb67 3386fb673386fb67 3386fb673386fb67 3386fb673386fb67 3386fb673386fb67 ZMM28=000000300000002f 0000002e0000002d 0000002c0000002b 0000002a00000029 0000002800000027 0000002600000025 0000002400000023 0000002200000021 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=9614000096140000 9614000096140000 9614000096140000 9614000096140000 9614000096140000 9614000096140000 9614000096140000 9614000096140000