last executing test programs: 13.146322309s ago: executing program 1 (id=812): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000003c0)={'batadv_slave_1\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000400)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000680)={0x2c, r1, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r2}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x3c}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000080}, 0x2400d884) 13.073003454s ago: executing program 1 (id=814): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000020000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r1, 0x0, 0x5}, 0x18) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 13.036164873s ago: executing program 1 (id=816): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x20400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000001b0300ff"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYBLOB="01000000000000009004"]) 12.85836761s ago: executing program 1 (id=820): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x48) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x227) 12.78940137s ago: executing program 1 (id=822): mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x14) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@redirect_dir_off}]}) 12.439481444s ago: executing program 1 (id=825): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r1, 0xfffffffd, 0x0, 0x30, 0x0, @in6={0xa, 0x4e20, 0x70c1, @empty, 0x7}, @ib={0x1b, 0x0, 0x0, {"7d0300"}, 0x0, 0x0, 0x376060b0}}}, 0x118) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000001c0)={0x7, 0x8, 0xfa00, {r1, 0x9}}, 0x10) close(r0) 12.366055936s ago: executing program 32 (id=825): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r1, 0xfffffffd, 0x0, 0x30, 0x0, @in6={0xa, 0x4e20, 0x70c1, @empty, 0x7}, @ib={0x1b, 0x0, 0x0, {"7d0300"}, 0x0, 0x0, 0x376060b0}}}, 0x118) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000001c0)={0x7, 0x8, 0xfa00, {r1, 0x9}}, 0x10) close(r0) 1.19813394s ago: executing program 0 (id=991): socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7}, 0x50) unshare(0x20060400) r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200040010000800014004000000", 0x58}], 0x1) 1.136969752s ago: executing program 0 (id=993): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000280)={0x100000011, @multicast2, 0x0, 0x0, 'nq\x00', 0x4, 0x1000, 0x40048}, 0x2c) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac1414aa00000000000000001400020002000000e000000200000000000004000d0001007564703a73"], 0x54}}, 0x0) 1.128914868s ago: executing program 0 (id=1002): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="034886dd0900300003003000000060ce902d9f0c2f0081e949b93897bc3b0000000000007d01ff020000000000000000000000000001120022eb"], 0xfdef) 986.439211ms ago: executing program 0 (id=996): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x33, @loopback}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000000)="480000001400190d09004beafd0d36020a8429000b4e230f4e230000a2bc5603ca00000f7f89004e002050da742dac0000000101ff05020003000200000000000100000000005839", 0x48}], 0x1) 908.544203ms ago: executing program 0 (id=997): syz_open_dev$radio(&(0x7f0000000100), 0x2, 0x2) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) ioctl$VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f00000000c0)={0xf0f041}) write$tcp_congestion(r0, 0x0, 0x0) 908.104933ms ago: executing program 0 (id=998): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) r1 = fcntl$dupfd(r0, 0x406, r0) ioctl$TCFLSH(r0, 0x400455c8, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0x6) 538.652482ms ago: executing program 4 (id=1005): r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x8000, 0x2) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) ioctl$vim2m_VIDIOC_EXPBUF(r0, 0x402c560b, &(0x7f0000000040)={0x2}) 467.3251ms ago: executing program 4 (id=1007): r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @mcast2, 0x5}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x20088004, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @remote, 0x7}, 0x1c) sendto$inet6(r0, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffd6, 0xc001, 0x0, 0xffffffffffffff0c) setsockopt$inet6_udp_int(r0, 0x11, 0x1, &(0x7f0000000080), 0x4) 448.311182ms ago: executing program 4 (id=1010): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f00000005c0)={r2, 0x6, 0x2}, 0x8) 401.781862ms ago: executing program 4 (id=1011): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000500)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@dev, 0x0, 0x2}, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r1, 0x400452c8, &(0x7f0000000100)) 357.8912ms ago: executing program 2 (id=1013): syz_open_dev$radio(&(0x7f0000000100), 0x2, 0x2) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) ioctl$VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f00000000c0)={0xf0f041}) write$tcp_congestion(r0, 0x0, 0x0) 341.336378ms ago: executing program 4 (id=1021): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000005c0)='syz_tun\x00', 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000844, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x3a, &(0x7f00000000c0)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x2c, 0x64, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0x10, 0x0, 0x0, 0x0, {[@sack_perm={0x4, 0x2}]}}}}}}}, 0x0) 294.865335ms ago: executing program 2 (id=1014): r0 = signalfd4(0xffffffffffffffff, &(0x7f00000003c0)={[0x1fffffffff]}, 0x8, 0x0) r1 = syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x3416, 0x13100}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) signalfd4(r0, &(0x7f0000000140), 0x8, 0x0) 290.237426ms ago: executing program 4 (id=1015): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x33, @loopback}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000000)="480000001400190d09004beafd0d36020a8429000b4e230f4e230000a2bc5603ca00000f7f89004e002050da742dac0000000101ff05020003000200000000000100000000005839", 0x48}], 0x1) 288.176739ms ago: executing program 2 (id=1016): mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x0) io_setup(0x1, &(0x7f0000000b80)=0x0) io_submit(r1, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 204.35077ms ago: executing program 3 (id=1018): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0) write$cgroup_freezer_state(r1, &(0x7f0000000040)='FROZEN\x00', 0x7) mkdirat$cgroup(r0, &(0x7f00000000c0)='syz1\x00', 0x1ff) 149.963481ms ago: executing program 3 (id=1019): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f00000005c0)={r2, 0x6, 0x2}, 0x8) 147.342563ms ago: executing program 3 (id=1020): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000280)={0x100000011, @multicast2, 0x0, 0x0, 'nq\x00', 0x4, 0x1000, 0x40048}, 0x2c) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac1414aa00000000000000001400020002000000e000000200000000000004000d0001007564703a73"], 0x54}}, 0x0) 144.565589ms ago: executing program 2 (id=1028): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r1, &(0x7f0000000080)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, 0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}}, 0x1c) 103.017039ms ago: executing program 2 (id=1022): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000000000004001"]) 95.185974ms ago: executing program 3 (id=1023): setresuid(0x0, 0xee01, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpgid(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000140)={0x2, r2}) sendmmsg$unix(r0, &(0x7f0000006c40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="11", 0x1}], 0x1}}], 0x1, 0x40015) 29.24183ms ago: executing program 3 (id=1024): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000780)='devpts\x00', 0x0, 0x0) mount$binder(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x28, &(0x7f0000000240)={[{}]}) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00') read$FUSE(r0, &(0x7f0000002140)={0x2020}, 0x2100) 26.761674ms ago: executing program 3 (id=1025): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000005c0)='syz_tun\x00', 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000844, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x3a, &(0x7f00000000c0)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x2c, 0x64, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0x10, 0x0, 0x0, 0x0, {[@sack_perm={0x4, 0x2}]}}}}}}}, 0x0) 0s ago: executing program 2 (id=1026): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000380)={0x40, r2, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x6, 0x13, [{0x6}, {0x60, 0x1}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x80c1}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:16829' (ED25519) to the list of known hosts. [ 41.292121][ T5871] cgroup: Unknown subsys name 'net' [ 41.450168][ T5871] cgroup: Unknown subsys name 'cpuset' [ 41.455046][ T5871] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 42.474826][ T5871] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.876699][ T5956] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 45.881071][ T5956] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 45.884445][ T5956] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 45.888462][ T5956] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 45.891104][ T5956] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 45.893861][ T5967] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 45.898651][ T5967] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 45.901223][ T5967] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 45.913546][ T5966] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 45.915994][ T5966] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 45.922516][ T5963] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 45.927805][ T5963] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 45.936255][ T63] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 45.936456][ T5963] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 45.939470][ T63] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 45.941792][ T5963] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 45.943478][ T63] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 45.945466][ T5963] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 45.950628][ T63] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 45.957891][ T63] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 46.242475][ T5955] chnl_net:caif_netlink_parms(): no params data found [ 46.282018][ T5959] chnl_net:caif_netlink_parms(): no params data found [ 46.375255][ T5969] chnl_net:caif_netlink_parms(): no params data found [ 46.399558][ T5964] chnl_net:caif_netlink_parms(): no params data found [ 46.475617][ T5959] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.478813][ T5959] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.481205][ T5959] bridge_slave_0: entered allmulticast mode [ 46.483855][ T5959] bridge_slave_0: entered promiscuous mode [ 46.517289][ T5955] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.519758][ T5955] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.522038][ T5955] bridge_slave_0: entered allmulticast mode [ 46.524596][ T5955] bridge_slave_0: entered promiscuous mode [ 46.544586][ T5959] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.546898][ T5959] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.549364][ T5959] bridge_slave_1: entered allmulticast mode [ 46.552078][ T5959] bridge_slave_1: entered promiscuous mode [ 46.559379][ T5955] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.561660][ T5955] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.563895][ T5955] bridge_slave_1: entered allmulticast mode [ 46.566447][ T5955] bridge_slave_1: entered promiscuous mode [ 46.645234][ T5955] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.653247][ T5959] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.698748][ T5955] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.730438][ T5959] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.733600][ T5964] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.736607][ T5964] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.739729][ T5964] bridge_slave_0: entered allmulticast mode [ 46.743401][ T5964] bridge_slave_0: entered promiscuous mode [ 46.747026][ T5964] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.749564][ T5964] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.751922][ T5964] bridge_slave_1: entered allmulticast mode [ 46.754535][ T5964] bridge_slave_1: entered promiscuous mode [ 46.783812][ T5969] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.786173][ T5969] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.788625][ T5969] bridge_slave_0: entered allmulticast mode [ 46.791746][ T5969] bridge_slave_0: entered promiscuous mode [ 46.840106][ T5969] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.842660][ T5969] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.844969][ T5969] bridge_slave_1: entered allmulticast mode [ 46.847838][ T5969] bridge_slave_1: entered promiscuous mode [ 46.893963][ T5955] team0: Port device team_slave_0 added [ 46.935922][ T5959] team0: Port device team_slave_0 added [ 46.940832][ T5964] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.945423][ T5955] team0: Port device team_slave_1 added [ 46.950433][ T5969] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.954247][ T5959] team0: Port device team_slave_1 added [ 46.958440][ T5964] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.978082][ T5969] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.066342][ T5955] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.068785][ T5955] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.076649][ T5955] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.099490][ T5959] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.101884][ T5959] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.110078][ T5959] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.115400][ T5964] team0: Port device team_slave_0 added [ 47.119287][ T5955] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.121515][ T5955] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.129737][ T5955] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.135163][ T5969] team0: Port device team_slave_0 added [ 47.137676][ T5959] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.140407][ T5959] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.149055][ T5959] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.153519][ T5964] team0: Port device team_slave_1 added [ 47.186033][ T5969] team0: Port device team_slave_1 added [ 47.207589][ T5964] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.210357][ T5964] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.221132][ T5964] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.226607][ T5964] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.228844][ T5964] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.238580][ T5964] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.268413][ T5969] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.270666][ T5969] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.279565][ T5969] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.285665][ T5969] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.288896][ T5969] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.299621][ T5969] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.379021][ T5959] hsr_slave_0: entered promiscuous mode [ 47.381348][ T5959] hsr_slave_1: entered promiscuous mode [ 47.387276][ T5955] hsr_slave_0: entered promiscuous mode [ 47.392714][ T5955] hsr_slave_1: entered promiscuous mode [ 47.394803][ T5955] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.397247][ T5955] Cannot create hsr debugfs directory [ 47.540480][ T5969] hsr_slave_0: entered promiscuous mode [ 47.542649][ T5969] hsr_slave_1: entered promiscuous mode [ 47.544779][ T5969] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.547227][ T5969] Cannot create hsr debugfs directory [ 47.553672][ T5964] hsr_slave_0: entered promiscuous mode [ 47.556846][ T5964] hsr_slave_1: entered promiscuous mode [ 47.561654][ T5964] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.564824][ T5964] Cannot create hsr debugfs directory [ 47.918394][ T5966] Bluetooth: hci1: command tx timeout [ 47.997749][ T5966] Bluetooth: hci3: command tx timeout [ 47.998135][ T63] Bluetooth: hci0: command tx timeout [ 47.998474][ T5962] Bluetooth: hci2: command tx timeout [ 48.016320][ T5955] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 48.025662][ T5955] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 48.032517][ T5955] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 48.039585][ T5955] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 48.089946][ T5964] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 48.098818][ T5964] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 48.110816][ T5964] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 48.117060][ T5964] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 48.185024][ T5969] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 48.192223][ T5969] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 48.197196][ T5969] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 48.202430][ T5969] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 48.275001][ T5959] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 48.281138][ T5959] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 48.289476][ T5959] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 48.296067][ T5959] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 48.324870][ T5955] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.339979][ T5964] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.366841][ T5955] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.374809][ T79] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.377148][ T79] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.392073][ T5964] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.409284][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.411816][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.416050][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.418356][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.432588][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.435601][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.455397][ T5969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.486612][ T5969] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.508138][ T5959] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.517356][ T5964] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 48.522374][ T5964] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 48.529828][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.532226][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.548683][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.551047][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.558547][ T5959] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.567149][ T79] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.570355][ T79] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.590265][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.593235][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.674474][ T5964] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.719521][ T5964] veth0_vlan: entered promiscuous mode [ 48.731434][ T5955] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.735819][ T5964] veth1_vlan: entered promiscuous mode [ 48.761010][ T5964] veth0_macvtap: entered promiscuous mode [ 48.771685][ T5964] veth1_macvtap: entered promiscuous mode [ 48.798948][ T5959] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.814563][ T5964] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.819548][ T5955] veth0_vlan: entered promiscuous mode [ 48.824172][ T5969] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.828705][ T5964] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.835715][ T5964] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.838920][ T5964] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.841540][ T5964] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.844188][ T5964] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.856904][ T5955] veth1_vlan: entered promiscuous mode [ 48.926503][ T5959] veth0_vlan: entered promiscuous mode [ 48.935560][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.939665][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.954652][ T5955] veth0_macvtap: entered promiscuous mode [ 48.962267][ T5969] veth0_vlan: entered promiscuous mode [ 48.967132][ T5955] veth1_macvtap: entered promiscuous mode [ 48.967881][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.970938][ T5959] veth1_vlan: entered promiscuous mode [ 48.971239][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.984958][ T5969] veth1_vlan: entered promiscuous mode [ 48.990435][ T5955] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.002956][ T5955] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.009673][ T5964] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 49.012549][ T5955] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.016852][ T5955] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.019973][ T5955] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.022675][ T5955] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.036925][ T5959] veth0_macvtap: entered promiscuous mode [ 49.044796][ T5959] veth1_macvtap: entered promiscuous mode [ 49.049339][ T5969] veth0_macvtap: entered promiscuous mode [ 49.061674][ T5969] veth1_macvtap: entered promiscuous mode [ 49.074568][ T5959] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.089766][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.091032][ T5959] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.093069][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.096833][ T5959] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.101208][ T5959] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.104136][ T5959] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.106882][ T5959] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.116332][ T5969] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.133560][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.136764][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.141079][ T5969] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.145535][ T5969] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.150106][ T5969] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.153218][ T5969] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.155911][ T5969] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.216690][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.220675][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.233122][ T6050] capability: warning: `syz.2.6' uses deprecated v2 capabilities in a way that may be insecure [ 49.239901][ T6050] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 49.243303][ T6050] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 49.246820][ T6050] overlayfs: failed to set uuid (2/file1, err=-13); falling back to uuid=null. [ 49.250500][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.250516][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.260699][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.264453][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.286582][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.290491][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.362876][ T6059] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 49.585936][ T40] audit: type=1326 audit(1752550783.813:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6075 comm="syz.2.16" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 49.594200][ T40] audit: type=1326 audit(1752550783.813:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6075 comm="syz.2.16" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 49.603276][ T40] audit: type=1326 audit(1752550783.823:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6075 comm="syz.2.16" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 49.611751][ T40] audit: type=1326 audit(1752550783.823:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6075 comm="syz.2.16" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 49.620081][ T40] audit: type=1326 audit(1752550783.823:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6075 comm="syz.2.16" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 49.628334][ T40] audit: type=1326 audit(1752550783.823:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6075 comm="syz.2.16" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 49.636332][ T40] audit: type=1326 audit(1752550783.843:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6075 comm="syz.2.16" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 49.643789][ T40] audit: type=1326 audit(1752550783.843:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6075 comm="syz.2.16" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 49.651618][ T40] audit: type=1326 audit(1752550783.863:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6075 comm="syz.2.16" exe="/syz-executor" sig=0 arch=40000003 syscall=76 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 49.658075][ T40] audit: type=1326 audit(1752550783.863:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6075 comm="syz.2.16" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 49.837086][ T6095] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 49.893998][ T6102] warning: `syz.2.26' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 50.008230][ T63] Bluetooth: hci1: command tx timeout [ 50.077767][ T63] Bluetooth: hci2: command tx timeout [ 50.077864][ T5966] Bluetooth: hci3: command tx timeout [ 50.078711][ T5962] Bluetooth: hci0: command tx timeout [ 50.408971][ T6137] block nbd1: shutting down sockets [ 50.616628][ T6151] netlink: 'syz.1.47': attribute type 1 has an invalid length. [ 50.621163][ T6151] netlink: 'syz.1.47': attribute type 2 has an invalid length. [ 50.623672][ T6151] netlink: 32 bytes leftover after parsing attributes in process `syz.1.47'. [ 50.653634][ T6156] netlink: 8 bytes leftover after parsing attributes in process `syz.3.49'. [ 50.670804][ T6158] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 50.673665][ T6158] IPv6: NLM_F_CREATE should be set when creating new route [ 50.676032][ T6158] IPv6: NLM_F_CREATE should be set when creating new route [ 50.681336][ T6158] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 50.689183][ T6158] Zero length message leads to an empty skb [ 50.891787][ T6180] netlink: 'syz.2.60': attribute type 29 has an invalid length. [ 50.896949][ T6180] netlink: 'syz.2.60': attribute type 29 has an invalid length. [ 50.900843][ T6180] netlink: 4 bytes leftover after parsing attributes in process `syz.2.60'. [ 50.930798][ T6183] netlink: 'syz.0.61': attribute type 19 has an invalid length. [ 51.251467][ T6209] syz.1.72 uses obsolete (PF_INET,SOCK_PACKET) [ 52.077741][ T6220] netlink: 4 bytes leftover after parsing attributes in process `syz.0.76'. [ 52.077804][ T5966] Bluetooth: hci1: command tx timeout [ 52.084295][ T6220] netlink: 24 bytes leftover after parsing attributes in process `syz.0.76'. [ 52.157732][ T5966] Bluetooth: hci0: command tx timeout [ 52.168144][ T5966] Bluetooth: hci2: command tx timeout [ 52.168177][ T63] Bluetooth: hci3: command tx timeout [ 52.312655][ T6239] Bluetooth: MGMT ver 1.23 [ 52.314641][ T6239] Bluetooth: hci0: expected 2 bytes, got 7 bytes [ 52.628412][ T6041] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 52.791374][ T6041] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 52.795504][ T6041] usb 6-1: config 0 interface 0 has no altsetting 0 [ 52.801112][ T6041] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 52.804931][ T6041] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 52.808678][ T6041] usb 6-1: Product: syz [ 52.810451][ T6041] usb 6-1: Manufacturer: syz [ 52.812382][ T6041] usb 6-1: SerialNumber: syz [ 52.817247][ T6041] usb 6-1: config 0 descriptor?? [ 52.829416][ T6041] usb 6-1: selecting invalid altsetting 0 [ 53.033929][ T5960] usb 6-1: USB disconnect, device number 2 [ 53.318239][ T6290] bond0: entered promiscuous mode [ 53.319931][ T6290] bond_slave_0: entered promiscuous mode [ 53.321838][ T6290] bond_slave_1: entered promiscuous mode [ 53.795718][ T6314] bond0: entered promiscuous mode [ 53.797680][ T6314] bond_slave_0: entered promiscuous mode [ 53.804534][ T6314] bond_slave_1: entered promiscuous mode [ 53.874427][ T6320] team_slave_0: entered promiscuous mode [ 53.876957][ T6320] team_slave_1: entered promiscuous mode [ 53.880504][ T6320] macsec1: entered promiscuous mode [ 53.882238][ T6320] team0: entered promiscuous mode [ 53.884426][ T6320] macsec1: entered allmulticast mode [ 53.886628][ T6320] team0: entered allmulticast mode [ 53.888489][ T6320] team_slave_0: entered allmulticast mode [ 53.890356][ T6320] team_slave_1: entered allmulticast mode [ 53.946018][ T6328] netlink: 4 bytes leftover after parsing attributes in process `syz.1.124'. [ 53.990618][ T6333] netlink: 40 bytes leftover after parsing attributes in process `syz.1.129'. [ 54.112632][ T6346] loop2: detected capacity change from 0 to 7 [ 54.118357][ T6346] Dev loop2: unable to read RDB block 7 [ 54.120265][ T6346] loop2: unable to read partition table [ 54.122183][ T6346] loop2: partition table beyond EOD, truncated [ 54.124182][ T6346] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 54.157801][ T63] Bluetooth: hci1: command tx timeout [ 54.237559][ T5966] Bluetooth: hci2: command tx timeout [ 54.238546][ T5962] Bluetooth: hci3: command tx timeout [ 54.239449][ T5966] Bluetooth: hci0: command tx timeout [ 54.520090][ T6367] mmap: syz.1.142 (6367) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 54.907504][ T29] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 54.969397][ T63] block nbd3: Receive control failed (result -32) [ 54.969593][ T6348] block nbd3: shutting down sockets [ 55.081630][ T6383] input: syz0 as /devices/virtual/input/input5 [ 55.218822][ T6389] netlink: 64 bytes leftover after parsing attributes in process `syz.0.153'. [ 55.300770][ T6375] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 55.305513][ T6375] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 55.317170][ T29] usb 7-1: unable to get BOS descriptor or descriptor too short [ 55.320511][ T29] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 55.323185][ T29] usb 7-1: can't read configurations, error -71 [ 55.494830][ T6403] netlink: 8 bytes leftover after parsing attributes in process `syz.0.159'. [ 55.510493][ T6405] Illegal XDP return value 3848345594 on prog (id 18) dev syz_tun, expect packet loss! [ 55.705483][ T6423] netlink: 8 bytes leftover after parsing attributes in process `syz.3.169'. [ 55.857561][ T839] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 55.876534][ T6430] netlink: 'syz.3.172': attribute type 1 has an invalid length. [ 55.965980][ T6436] overlayfs: workdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 56.008351][ T839] usb 5-1: Using ep0 maxpacket: 8 [ 56.011612][ T839] usb 5-1: config 0 interface 0 has no altsetting 0 [ 56.013754][ T839] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 56.016526][ T839] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 56.020712][ T839] usb 5-1: config 0 descriptor?? [ 56.387519][ T29] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 56.435830][ T839] mcp2221 0003:04D8:00DD.0002: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 56.537476][ T29] usb 7-1: Using ep0 maxpacket: 32 [ 56.540720][ T29] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 56.544189][ T6450] netlink: 8 bytes leftover after parsing attributes in process `syz.1.181'. [ 56.550052][ T29] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 56.553116][ T29] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 56.555640][ T29] usb 7-1: Product: syz [ 56.556966][ T29] usb 7-1: Manufacturer: syz [ 56.558655][ T29] usb 7-1: SerialNumber: syz [ 56.561668][ T29] usb 7-1: config 0 descriptor?? [ 56.563661][ T6446] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 56.640537][ T6041] usb 5-1: USB disconnect, device number 2 [ 56.880998][ T29] usb 7-1: USB disconnect, device number 3 [ 58.272992][ T5991] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 58.443784][ T5991] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 58.456206][ T5991] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 58.461078][ T5991] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 58.466128][ T5991] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 58.471892][ T5991] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 58.478686][ T5991] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 58.479724][ T1336] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 58.484608][ T5991] usb 7-1: config 0 descriptor?? [ 58.488408][ T6509] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 58.490314][ T6545] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 58.549085][ T6550] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 58.638337][ T1336] usb 6-1: Using ep0 maxpacket: 16 [ 58.643040][ T1336] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 58.648021][ T1336] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 58.651935][ T1336] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 58.657144][ T1336] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 58.660892][ T1336] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 58.666220][ T1336] usb 6-1: config 0 descriptor?? [ 58.906384][ T5991] plantronics 0003:047F:FFFF.0003: reserved main item tag 0xd [ 58.913593][ T5991] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 59.083831][ T1336] input: HID 0955:7214 Haptics as /devices/virtual/input/input7 [ 59.103959][ T1336] shield 0003:0955:7214.0004: Registered Thunderstrike controller [ 59.108538][ T1336] shield 0003:0955:7214.0004: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.1-1/input0 [ 59.171374][ T5960] usb 7-1: USB disconnect, device number 4 [ 59.285555][ T9] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 59.285978][ T29] usb 6-1: USB disconnect, device number 3 [ 59.290496][ T9] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 59.295076][ T9] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 59.298805][ T9] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 59.826627][ T6572] netlink: 96 bytes leftover after parsing attributes in process `syz.2.234'. [ 60.197487][ T29] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 60.199085][ T6600] syzkaller1: entered promiscuous mode [ 60.202242][ T6600] syzkaller1: entered allmulticast mode [ 60.368189][ T29] usb 7-1: Using ep0 maxpacket: 8 [ 60.371935][ T29] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 60.374924][ T29] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 60.379411][ T29] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 60.382733][ T29] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 60.385720][ T29] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 60.389702][ T29] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 60.392443][ T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 60.427540][ T5991] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 60.605176][ T29] usb 7-1: usb_control_msg returned -32 [ 60.607150][ T29] usbtmc 7-1:16.0: can't read capabilities [ 60.607566][ T5991] usb 6-1: Using ep0 maxpacket: 8 [ 60.612443][ T5991] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 60.615280][ T5991] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 60.618994][ T5991] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 60.622509][ T5991] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 60.625671][ T5991] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 60.629897][ T5991] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 60.633191][ T5991] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 60.846789][ T5991] usb 6-1: usb_control_msg returned -32 [ 60.848668][ T5991] usbtmc 6-1:16.0: can't read capabilities [ 61.162022][ T5991] usb 7-1: USB disconnect, device number 5 [ 63.208551][ T1020] usb 6-1: USB disconnect, device number 4 [ 63.255348][ T1223] Bluetooth: hci4: Frame reassembly failed (-84) [ 63.257529][ T6614] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.254'. [ 63.259755][ T6610] Bluetooth: hci4: Frame reassembly failed (-84) [ 63.379872][ T6621] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 64.287505][ T5991] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 64.467562][ T5991] usb 5-1: Using ep0 maxpacket: 8 [ 64.471444][ T5991] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 64.474848][ T5991] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 64.479333][ T5991] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 64.483296][ T5991] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 64.487315][ T5991] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 64.516126][ T5991] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 64.517353][ T6653] netlink: 4 bytes leftover after parsing attributes in process `syz.3.272'. [ 64.519833][ T5991] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.737197][ T5991] usb 5-1: usb_control_msg returned -32 [ 64.739488][ T5991] usbtmc 5-1:16.0: can't read capabilities [ 65.051965][ T5991] kernel write not supported for file /uhid (pid: 5991 comm: kworker/2:3) [ 65.098775][ T6687] process 'syz.3.287' launched './file0' with NULL argv: empty string added [ 65.287574][ T5966] Bluetooth: hci4: command 0xfc11 tx timeout [ 65.287583][ T63] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 65.734722][ T6730] netlink: 4 bytes leftover after parsing attributes in process `syz.3.307'. [ 66.774222][ T6772] syzkaller1: entered promiscuous mode [ 66.776564][ T6772] syzkaller1: entered allmulticast mode [ 67.055329][ T6041] usb 5-1: USB disconnect, device number 3 [ 67.137639][ T53] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 67.247610][ T9] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 67.300017][ T53] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 67.304579][ T53] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 67.310235][ T53] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 67.325428][ T53] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 67.332431][ T53] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 67.335316][ T53] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 67.338074][ T53] usb 6-1: Manufacturer: syz [ 67.340756][ T53] usb 6-1: config 0 descriptor?? [ 67.407531][ T9] usb 8-1: Using ep0 maxpacket: 8 [ 67.411514][ T9] usb 8-1: config 0 interface 0 has no altsetting 0 [ 67.413575][ T9] usb 8-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 67.416334][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.420378][ T9] usb 8-1: config 0 descriptor?? [ 67.752550][ T53] appleir 0003:05AC:8243.0005: unknown main item tag 0x0 [ 67.757760][ T53] appleir 0003:05AC:8243.0005: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 67.831643][ T9] mcp2221 0003:04D8:00DD.0006: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0 [ 67.897752][ T6041] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 68.009554][ T5991] usb 6-1: USB disconnect, device number 5 [ 68.030790][ T6787] i2c i2c-2: unsupported multi-msg i2c transaction [ 68.035352][ T839] usb 8-1: USB disconnect, device number 2 [ 68.048420][ T6041] usb 5-1: Using ep0 maxpacket: 32 [ 68.052726][ T6041] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 68.056498][ T6041] usb 5-1: config 0 has no interface number 0 [ 68.062855][ T6041] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 68.065753][ T6041] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 68.068552][ T6041] usb 5-1: Product: syz [ 68.069893][ T6041] usb 5-1: Manufacturer: syz [ 68.071459][ T6041] usb 5-1: SerialNumber: syz [ 68.078256][ T6041] usb 5-1: config 0 descriptor?? [ 68.082271][ T6041] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 68.085545][ T6041] usb 5-1: selecting invalid altsetting 1 [ 68.087291][ T6041] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 68.095651][ T6041] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 68.099960][ T6041] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 68.103421][ T6041] usb 5-1: media controller created [ 68.123447][ T6041] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 69.164848][ T6856] netlink: 4 bytes leftover after parsing attributes in process `syz.2.362'. [ 69.173287][ T6856] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 69.176073][ T6856] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 69.178625][ T6856] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 69.181776][ T6856] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 69.202119][ T6856] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 69.205120][ T6856] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 69.208587][ T6856] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 69.208661][ T6041] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 69.211461][ T6856] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 69.219625][ T6041] zl10353_read_register: readreg error (reg=127, ret==-110) [ 69.248361][ T6812] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-32 [ 69.256939][ T6041] usb 5-1: USB disconnect, device number 4 [ 69.467470][ T6862] netlink: 4 bytes leftover after parsing attributes in process `syz.3.365'. [ 69.471201][ T6862] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address. [ 69.474734][ T6862] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (68719607821) [ 69.801417][ T40] kauditd_printk_skb: 5 callbacks suppressed [ 69.801431][ T40] audit: type=1326 audit(1752550804.033:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6868 comm="syz.0.368" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f51579 code=0x0 [ 69.812810][ T10] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 69.983264][ T10] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 69.988337][ T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 69.992819][ T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 69.996837][ T10] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 70.002858][ T10] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 70.006620][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.013040][ T10] usb 8-1: config 0 descriptor?? [ 70.082445][ T6878] loop2: detected capacity change from 0 to 7 [ 70.086557][ T6878] Dev loop2: unable to read RDB block 7 [ 70.088720][ T6878] loop2: AHDI p1 p2 [ 70.090003][ T6878] loop2: partition table partially beyond EOD, truncated [ 70.092635][ T6878] loop2: p1 size 4244635647 extends beyond EOD, truncated [ 70.112246][ T6117] udevd[6117]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 70.431361][ T10] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 70.434719][ T10] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 70.438369][ T10] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 70.441395][ T10] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 70.444514][ T10] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 70.449101][ T10] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 70.452200][ T10] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 70.467895][ T10] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 70.695272][ T839] usb 8-1: USB disconnect, device number 3 [ 70.801747][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.008551][ T6925] dummy0: entered promiscuous mode [ 71.012016][ T6925] bond0: entered promiscuous mode [ 71.014145][ T6925] bond_slave_0: entered promiscuous mode [ 71.016811][ T6925] bond_slave_1: entered promiscuous mode [ 71.020979][ T6925] hsr1: entered allmulticast mode [ 71.023150][ T6925] dummy0: entered allmulticast mode [ 71.025309][ T6925] bond0: entered allmulticast mode [ 71.027574][ T6925] bond_slave_0: entered allmulticast mode [ 71.029891][ T6925] bond_slave_1: entered allmulticast mode [ 71.093164][ T40] audit: type=1326 audit(1752550805.323:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6927 comm="syz.1.394" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 71.102188][ T40] audit: type=1326 audit(1752550805.323:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6927 comm="syz.1.394" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 71.112873][ T40] audit: type=1326 audit(1752550805.323:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6927 comm="syz.1.394" exe="/syz-executor" sig=0 arch=40000003 syscall=430 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 71.122420][ T40] audit: type=1326 audit(1752550805.323:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6927 comm="syz.1.394" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 71.131471][ T40] audit: type=1326 audit(1752550805.323:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6927 comm="syz.1.394" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 71.140415][ T40] audit: type=1326 audit(1752550805.323:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6927 comm="syz.1.394" exe="/syz-executor" sig=0 arch=40000003 syscall=431 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 71.149292][ T40] audit: type=1326 audit(1752550805.333:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6927 comm="syz.1.394" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 71.158569][ T40] audit: type=1326 audit(1752550805.333:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6927 comm="syz.1.394" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 71.165565][ T40] audit: type=1326 audit(1752550805.333:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6927 comm="syz.1.394" exe="/syz-executor" sig=0 arch=40000003 syscall=432 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 71.379615][ T6948] 9pnet: p9_errstr2errno: server reported unknown error @cF S+v3c/f [ 71.907914][ T5960] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 72.033269][ T63] Bluetooth: hci3: Malformed LE Event: 0x1b [ 72.067498][ T5960] usb 6-1: Using ep0 maxpacket: 8 [ 72.071168][ T5960] usb 6-1: config 0 interface 0 has no altsetting 0 [ 72.073633][ T5960] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 72.076402][ T5960] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 72.080161][ T5960] usb 6-1: config 0 descriptor?? [ 72.339988][ T6990] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input8 [ 72.418471][ T10] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 72.500132][ T5960] mcp2221 0003:04D8:00DD.0008: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0 [ 72.577800][ T10] usb 7-1: Using ep0 maxpacket: 16 [ 72.583171][ T10] usb 7-1: config 1 interface 0 altsetting 93 bulk endpoint 0x82 has invalid maxpacket 96 [ 72.589687][ T10] usb 7-1: config 1 interface 0 altsetting 93 bulk endpoint 0x3 has invalid maxpacket 8 [ 72.592811][ T10] usb 7-1: config 1 interface 0 altsetting 93 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 72.597535][ T10] usb 7-1: config 1 interface 0 has no altsetting 0 [ 72.600969][ T10] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 72.603914][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 72.606811][ T10] usb 7-1: SerialNumber: syz [ 72.611510][ T6985] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 72.614115][ T6985] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 72.647586][ T6041] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 72.698112][ T5960] usb 6-1: USB disconnect, device number 6 [ 72.817754][ T6041] usb 5-1: Using ep0 maxpacket: 8 [ 72.820933][ T6041] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 72.823645][ T6041] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 72.828165][ T10] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -71 [ 72.830800][ T6041] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 72.834012][ T6041] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 72.837004][ T6041] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 72.841471][ T6041] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 72.845864][ T10] usb 7-1: USB disconnect, device number 6 [ 72.849141][ T6041] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 73.033495][ T7020] pim6reg1: entered promiscuous mode [ 73.035270][ T7020] pim6reg1: entered allmulticast mode [ 73.061508][ T6041] usb 5-1: GET_CAPABILITIES returned 0 [ 73.063338][ T6041] usbtmc 5-1:16.0: can't read capabilities [ 73.116557][ T7022] geneve2: entered promiscuous mode [ 73.118807][ T7022] geneve2: entered allmulticast mode [ 73.272906][ T34] usb 5-1: USB disconnect, device number 5 [ 74.178466][ T34] usb 7-1: new full-speed USB device number 7 using dummy_hcd [ 74.300035][ T7100] 8021q: VLANs not supported on lo [ 74.349684][ T34] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 74.353955][ T34] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 74.359342][ T34] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 74.363337][ T34] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 74.369911][ T34] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 74.373651][ T34] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 74.376957][ T34] usb 7-1: Manufacturer: syz [ 74.383855][ T34] usb 7-1: config 0 descriptor?? [ 74.476896][ T7114] netlink: 'syz.0.477': attribute type 1 has an invalid length. [ 74.479691][ T7114] netlink: 'syz.0.477': attribute type 2 has an invalid length. [ 74.482839][ T7114] netlink: 32 bytes leftover after parsing attributes in process `syz.0.477'. [ 74.543726][ T7121] kvm_intel: kvm [7120]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x1 [ 74.650503][ T34] rc_core: IR keymap rc-hauppauge not found [ 74.652921][ T34] Registered IR keymap rc-empty [ 74.655311][ T34] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 74.687785][ T34] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 74.709806][ T34] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0 [ 74.716116][ T34] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input10 [ 74.743623][ T34] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 74.768998][ T34] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 74.798462][ T34] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 74.819575][ T34] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 74.838100][ T34] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 74.857911][ T34] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 74.877713][ T34] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 74.897591][ T34] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 74.917575][ T34] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 74.942570][ T34] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 74.960706][ T34] mceusb 7-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 74.963596][ T34] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 74.970395][ T34] usb 7-1: USB disconnect, device number 7 [ 74.979034][ T7151] binder: 7150:7151 ioctl c0306201 800003c0 returned -14 [ 75.247642][ T839] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 75.258085][ T7169] netlink: 'syz.3.502': attribute type 4 has an invalid length. [ 75.261428][ T7169] netlink: 32 bytes leftover after parsing attributes in process `syz.3.502'. [ 75.397566][ T839] usb 5-1: Using ep0 maxpacket: 32 [ 75.401014][ T839] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 75.405135][ T839] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 75.408965][ T839] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 75.412992][ T839] usb 5-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 75.415771][ T839] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.425944][ T839] usb 5-1: config 0 descriptor?? [ 75.478360][ T7186] block nbd2: shutting down sockets [ 75.592041][ T7197] netlink: 8 bytes leftover after parsing attributes in process `syz.2.512'. [ 75.863756][ T839] input: HID 0458:5011 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/0003:0458:5011.0009/input/input11 [ 75.944557][ T839] input: HID 0458:5011 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/0003:0458:5011.0009/input/input12 [ 75.954906][ T7219] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.524'. [ 75.991535][ T839] kye 0003:0458:5011.0009: input,hiddev0,hidraw1: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.0-1/input0 [ 76.180237][ T40] kauditd_printk_skb: 76 callbacks suppressed [ 76.180247][ T40] audit: type=1326 audit(1752550810.413:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7229 comm="syz.1.529" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fa8598 code=0x7ffc0000 [ 76.195726][ T40] audit: type=1326 audit(1752550810.413:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7229 comm="syz.1.529" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fa8598 code=0x7ffc0000 [ 76.207296][ T40] audit: type=1326 audit(1752550810.413:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7229 comm="syz.1.529" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fa8598 code=0x7ffc0000 [ 76.215584][ T40] audit: type=1326 audit(1752550810.413:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7229 comm="syz.1.529" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fa8598 code=0x7ffc0000 [ 76.222966][ T40] audit: type=1326 audit(1752550810.413:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7229 comm="syz.1.529" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fa8598 code=0x7ffc0000 [ 76.231155][ T40] audit: type=1326 audit(1752550810.413:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7229 comm="syz.1.529" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fa8598 code=0x7ffc0000 [ 76.240522][ T40] audit: type=1326 audit(1752550810.413:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7229 comm="syz.1.529" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fa8598 code=0x7ffc0000 [ 76.249495][ T40] audit: type=1326 audit(1752550810.413:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7229 comm="syz.1.529" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fa8598 code=0x7ffc0000 [ 76.256749][ T40] audit: type=1326 audit(1752550810.413:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7229 comm="syz.1.529" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fa8598 code=0x7ffc0000 [ 76.263557][ T40] audit: type=1326 audit(1752550810.413:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7229 comm="syz.1.529" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fa8598 code=0x7ffc0000 [ 76.465578][ T7245] bridge0: port 3(syz_tun) entered blocking state [ 76.469074][ T7245] bridge0: port 3(syz_tun) entered disabled state [ 76.471921][ T7245] syz_tun: entered allmulticast mode [ 76.475549][ T7245] syz_tun: entered promiscuous mode [ 76.483133][ T7245] bridge0: port 3(syz_tun) entered blocking state [ 76.485991][ T7245] bridge0: port 3(syz_tun) entered forwarding state [ 76.925953][ T7281] netlink: 8 bytes leftover after parsing attributes in process `syz.2.553'. [ 76.930217][ T7281] netlink: 'syz.2.553': attribute type 30 has an invalid length. [ 76.936092][ T7281] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 76.939499][ T7281] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 76.942459][ T7281] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 76.945166][ T7281] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 76.990146][ C3] kye 0003:0458:5011.0009: usb_submit_urb(ctrl) failed: -1 [ 77.144634][ T7305] syzkaller1: entered promiscuous mode [ 77.146639][ T7305] syzkaller1: entered allmulticast mode [ 77.615055][ T7331] syzkaller1: entered promiscuous mode [ 77.617762][ T7331] syzkaller1: entered allmulticast mode [ 77.784635][ T24] usb 5-1: USB disconnect, device number 6 [ 78.662891][ T7385] ubi0: attaching mtd0 [ 78.667587][ T7385] ubi0: scanning is finished [ 78.669631][ T7385] ubi0: empty MTD device detected [ 78.778940][ T7385] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 78.781462][ T7385] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 78.784029][ T7385] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 78.786376][ T7385] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 78.788881][ T7385] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 78.791123][ T7385] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 78.794777][ T7385] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 304100621 [ 78.798266][ T7385] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 78.802522][ T7395] ubi0: background thread "ubi_bgt0d" started, PID 7395 [ 78.802989][ T7388] ubi0: detaching mtd0 [ 78.828160][ T7388] ubi0: mtd0 is detached [ 80.117776][ T5991] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 80.269157][ T5991] usb 5-1: Using ep0 maxpacket: 8 [ 80.274625][ T5991] usb 5-1: config 0 interface 0 has no altsetting 0 [ 80.277300][ T5991] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 80.293256][ T5991] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.307884][ T5991] usb 5-1: config 0 descriptor?? [ 80.481968][ T7456] netlink: 4 bytes leftover after parsing attributes in process `syz.3.641'. [ 80.733245][ T5991] mcp2221 0003:04D8:00DD.000A: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 80.847514][ T7384] syz.2.599 (7384) used greatest stack depth: 20984 bytes left [ 80.934094][ T7439] i2c i2c-2: unsupported multi-msg i2c transaction [ 80.937944][ T839] usb 5-1: USB disconnect, device number 7 [ 81.048486][ T1327] cfg80211: failed to load regulatory.db [ 81.080359][ T34] kernel write not supported for file [eventfd] (pid: 34 comm: kworker/3:0) [ 81.505904][ T7483] netlink: 116 bytes leftover after parsing attributes in process `syz.3.642'. [ 81.543249][ T7488] ubi0: attaching mtd0 [ 81.545428][ T7488] ubi0: scanning is finished [ 81.635489][ T7488] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 81.637997][ T7488] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 81.640951][ T7488] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 81.643176][ T7488] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 81.645412][ T7488] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 81.663732][ T7488] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 81.667558][ T7488] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 304100621 [ 81.677591][ T7488] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 81.685110][ T7496] ubi0: background thread "ubi_bgt0d" started, PID 7496 [ 81.687360][ T7491] ubi0: detaching mtd0 [ 81.696308][ T7491] ubi0: mtd0 is detached [ 81.732819][ T7502] Bluetooth: hci4: Frame reassembly failed (-84) [ 81.734897][ T12] Bluetooth: hci4: Frame reassembly failed (-84) [ 81.795821][ T7506] netlink: 4 bytes leftover after parsing attributes in process `syz.3.655'. [ 81.801895][ T7506] ipvlan2: entered promiscuous mode [ 82.536537][ T7560] loop6: detected capacity change from 0 to 2098 [ 82.538994][ T7562] netlink: 28 bytes leftover after parsing attributes in process `syz.3.681'. [ 82.604080][ T40] kauditd_printk_skb: 602 callbacks suppressed [ 82.604090][ T40] audit: type=1326 audit(1752550816.833:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7566 comm="syz.3.684" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f41579 code=0x0 [ 82.701751][ T7574] syzkaller1: entered promiscuous mode [ 82.703482][ T7574] syzkaller1: entered allmulticast mode [ 82.799190][ T5963] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 82.802330][ T5963] Bluetooth: hci3: Injecting HCI hardware error event [ 82.805311][ T5962] Bluetooth: hci3: hardware error 0x00 [ 83.758828][ T5963] Bluetooth: hci4: command 0xfc11 tx timeout [ 83.761386][ T63] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 83.804255][ T7593] gre0: Master is either lo or non-ether device [ 83.919329][ T7605] kvm: apic: phys broadcast and lowest prio [ 83.996064][ T7607] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 83.997626][ T5966] Bluetooth: hci0: Opcode 0x1407 failed: -110 [ 83.999729][ T63] Bluetooth: hci0: command 0x1407 tx timeout [ 84.000641][ T7607] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.008688][ T5966] Bluetooth: hci0: Opcode 0x1407 failed: -110 [ 84.036469][ T12] Bluetooth: hci4: Frame reassembly failed (-84) [ 84.042513][ T7610] Bluetooth: hci4: Frame reassembly failed (-84) [ 84.102098][ T7607] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 84.106362][ T7607] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.107699][ T6983] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 84.168998][ T7607] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 84.173419][ T7607] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.247966][ T7607] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 84.252359][ T7607] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.277539][ T6983] usb 8-1: Using ep0 maxpacket: 32 [ 84.280389][ T6983] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 84.283549][ T6983] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 84.286358][ T6983] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 84.290624][ T6983] usb 8-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 84.293892][ T6983] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.299240][ T6983] usb 8-1: config 0 descriptor?? [ 84.325423][ T7607] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 84.328185][ T7607] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.338290][ T7607] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 84.340680][ T7607] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.348329][ T7607] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 84.350641][ T7607] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.361048][ T7607] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 84.363422][ T7607] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.715709][ T6983] input: HID 0458:5011 as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/0003:0458:5011.000B/input/input13 [ 84.780187][ T6983] input: HID 0458:5011 as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/0003:0458:5011.000B/input/input14 [ 84.795179][ T6983] kye 0003:0458:5011.000B: input,hiddev0,hidraw1: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.3-1/input0 [ 84.877839][ T5962] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 85.097980][ T7640] syzkaller1: entered promiscuous mode [ 85.100072][ T7640] syzkaller1: entered allmulticast mode [ 85.828478][ C1] kye 0003:0458:5011.000B: usb_submit_urb(ctrl) failed: -1 [ 86.077640][ T5966] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 86.077694][ T5962] Bluetooth: hci4: command 0xfc11 tx timeout [ 86.083077][ T63] Bluetooth: hci0: command 0x1407 tx timeout [ 86.491048][ T40] audit: type=1326 audit(1752550820.723:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7665 comm="syz.3.727" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f41579 code=0x0 [ 86.607559][ T34] usb 8-1: USB disconnect, device number 4 [ 86.625192][ T7679] 9pnet: p9_errstr2errno: server reported unknown error @cF S+v3c/f [ 86.955477][ T7691] netlink: 4 bytes leftover after parsing attributes in process `syz.0.739'. [ 87.333759][ T7715] gre0: Master is either lo or non-ether device [ 87.400150][ T7721] loop8: detected capacity change from 0 to 7 [ 87.407082][ T7721] Dev loop8: unable to read RDB block 7 [ 87.409289][ T7721] loop8: AHDI p1 p2 p3 [ 87.410883][ T7721] loop8: partition table partially beyond EOD, truncated [ 87.414528][ T7721] loop8: p1 start 1601398130 is beyond EOD, truncated [ 87.417023][ T7721] loop8: p2 start 1702059890 is beyond EOD, truncated [ 87.469330][ T6117] Dev loop8: unable to read RDB block 7 [ 87.471117][ T6117] loop8: AHDI p1 p2 p3 [ 87.472427][ T6117] loop8: partition table partially beyond EOD, truncated [ 87.474864][ T6117] loop8: p1 start 1601398130 is beyond EOD, truncated [ 87.477065][ T6117] loop8: p2 start 1702059890 is beyond EOD, truncated [ 87.481597][ T7721] Dev loop8: unable to read RDB block 7 [ 87.483529][ T7721] loop8: AHDI p1 p2 p3 [ 87.485009][ T7721] loop8: partition table partially beyond EOD, truncated [ 87.488055][ T7721] loop8: p1 start 1601398130 is beyond EOD, truncated [ 87.490530][ T7721] loop8: p2 start 1702059890 is beyond EOD, truncated [ 88.734365][ T7749] syzkaller1: entered promiscuous mode [ 88.736100][ T7749] syzkaller1: entered allmulticast mode [ 88.769745][ T7753] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.931223][ T7753] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.003740][ T7753] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.136954][ T7753] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.220687][ T40] audit: type=1326 audit(1752550823.453:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7763 comm="syz.2.774" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x0 [ 89.318656][ T7753] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.327340][ T7753] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.336430][ T7753] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.344282][ T7753] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.128448][ T40] audit: type=1326 audit(1752550824.363:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7782 comm="syz.0.782" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f51579 code=0x0 [ 90.975046][ T7792] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.791'. [ 91.057375][ T7800] batadv0: entered promiscuous mode [ 91.059594][ T7800] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 91.062724][ T7800] Cannot create hsr debugfs directory [ 91.064594][ T7800] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network [ 91.069096][ T7800] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 91.074319][ T7800] batadv0: left promiscuous mode [ 92.059651][ T7824] dummy0: entered promiscuous mode [ 92.063432][ T7824] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 92.066664][ T7824] Cannot create hsr debugfs directory [ 92.071258][ T7824] hsr1: Slave B (bond0) is not up; please bring it up to get a fully working HSR network [ 92.075511][ T7824] hsr1: entered allmulticast mode [ 92.077914][ T7824] dummy0: entered allmulticast mode [ 92.080122][ T7824] bond0: entered allmulticast mode [ 92.082420][ T7824] bond_slave_0: entered allmulticast mode [ 92.084837][ T7824] bond_slave_1: entered allmulticast mode [ 92.113606][ T7826] netlink: 4 bytes leftover after parsing attributes in process `syz.3.799'. [ 92.120009][ T7826] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.123868][ T7826] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.126911][ T7826] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.130406][ T7826] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.142011][ T7826] netdevsim netdevsim3 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 92.145484][ T7826] netdevsim netdevsim3 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 92.149519][ T7826] netdevsim netdevsim3 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 92.154289][ T7826] netdevsim netdevsim3 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 93.037923][ T7841] geneve2: entered promiscuous mode [ 93.039593][ T7841] geneve2: entered allmulticast mode [ 93.194232][ T7849] dummy0: entered promiscuous mode [ 93.198984][ T7849] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 93.202897][ T7849] Cannot create hsr debugfs directory [ 93.205534][ T7849] hsr1: Slave B (bond0) is not up; please bring it up to get a fully working HSR network [ 93.209882][ T7849] hsr1: entered allmulticast mode [ 93.211975][ T7849] dummy0: entered allmulticast mode [ 93.214072][ T7849] bond0: entered allmulticast mode [ 93.216203][ T7849] bond_slave_0: entered allmulticast mode [ 93.219950][ T7849] bond_slave_1: entered allmulticast mode [ 93.667606][ T10] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 93.817473][ T56] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 93.817533][ T10] usb 7-1: Using ep0 maxpacket: 8 [ 93.823666][ T10] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 93.827158][ T10] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 93.830568][ T10] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 93.833614][ T10] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 93.837916][ T10] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 93.840932][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.928585][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.968385][ T56] usb 8-1: Using ep0 maxpacket: 32 [ 93.972109][ T56] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 93.975347][ T56] usb 8-1: config 0 has no interface number 0 [ 93.985869][ T56] usb 8-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 93.991277][ T56] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.994674][ T56] usb 8-1: Product: syz [ 93.996445][ T56] usb 8-1: Manufacturer: syz [ 94.003500][ T56] usb 8-1: SerialNumber: syz [ 94.008030][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.017315][ T56] usb 8-1: config 0 descriptor?? [ 94.022412][ T56] usb 8-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 94.026089][ T56] usb 8-1: selecting invalid altsetting 1 [ 94.028488][ T56] usb 8-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 94.033080][ T56] usb 8-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 94.037246][ T56] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 94.040700][ T56] usb 8-1: media controller created [ 94.056079][ T56] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 94.067750][ T10] usb 7-1: GET_CAPABILITIES returned 0 [ 94.069800][ T10] usbtmc 7-1:16.0: can't read capabilities [ 94.090874][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.148668][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.196258][ T5962] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 94.200400][ T5962] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 94.204573][ T5962] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 94.207679][ T5962] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 94.211435][ T5962] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 94.310521][ T12] bridge_slave_1: left allmulticast mode [ 94.312597][ T12] bridge_slave_1: left promiscuous mode [ 94.314977][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.321069][ T12] bridge_slave_0: left allmulticast mode [ 94.323358][ T12] bridge_slave_0: left promiscuous mode [ 94.325711][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.637349][ T12] bond0 (unregistering): left promiscuous mode [ 94.640051][ T12] bond_slave_0: left promiscuous mode [ 94.642533][ T12] bond_slave_1: left promiscuous mode [ 94.646427][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 94.656977][ T12] bond_slave_0: left allmulticast mode [ 94.661460][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 94.664847][ T12] bond_slave_1: left allmulticast mode [ 94.667247][ T12] bond0 (unregistering): Released all slaves [ 94.780224][ T7885] chnl_net:caif_netlink_parms(): no params data found [ 94.982350][ T7885] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.991971][ T7885] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.995228][ T7885] bridge_slave_0: entered allmulticast mode [ 95.004810][ T7885] bridge_slave_0: entered promiscuous mode [ 95.008654][ T7885] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.011134][ T7885] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.013347][ T7885] bridge_slave_1: entered allmulticast mode [ 95.016895][ T7885] bridge_slave_1: entered promiscuous mode [ 95.082611][ T7885] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.088812][ T7885] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.117840][ T56] usb 8-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 95.120186][ T56] zl10353_read_register: readreg error (reg=127, ret==-110) [ 95.138425][ T7876] usb 8-1: dvb_usb_ce6230: usb_control_msg() failed=-32 [ 95.146093][ T7885] team0: Port device team_slave_0 added [ 95.167599][ T56] usb 8-1: USB disconnect, device number 5 [ 95.225395][ T7885] team0: Port device team_slave_1 added [ 95.253463][ T12] dummy0: left promiscuous mode [ 95.259846][ T12] hsr_slave_0: left promiscuous mode [ 95.262656][ T12] hsr_slave_1: left promiscuous mode [ 95.265399][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 95.268620][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 95.272720][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 95.275745][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 95.304375][ T12] veth1_macvtap: left promiscuous mode [ 95.306857][ T12] veth0_macvtap: left promiscuous mode [ 95.310313][ T12] veth1_vlan: left promiscuous mode [ 95.312636][ T12] veth0_vlan: left promiscuous mode [ 95.918832][ T12] team0 (unregistering): Port device team_slave_1 removed [ 95.986726][ T12] team0 (unregistering): Port device team_slave_0 removed [ 96.238318][ T63] Bluetooth: hci0: command tx timeout [ 96.449243][ T6041] usb 7-1: USB disconnect, device number 8 [ 96.510901][ T7885] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.513846][ T7885] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.524588][ T7885] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.528529][ T7915] netlink: 'syz.2.831': attribute type 1 has an invalid length. [ 96.531513][ T7915] netlink: 'syz.2.831': attribute type 2 has an invalid length. [ 96.533982][ T7915] netlink: 32 bytes leftover after parsing attributes in process `syz.2.831'. [ 96.537473][ T7885] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.546705][ T7885] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.558243][ T7885] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.646388][ T7885] hsr_slave_0: entered promiscuous mode [ 96.648640][ T7885] hsr_slave_1: entered promiscuous mode [ 96.651134][ T7885] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 96.653907][ T7885] Cannot create hsr debugfs directory [ 96.679873][ T7928] netlink: 4 bytes leftover after parsing attributes in process `syz.3.837'. [ 96.853944][ T7885] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 96.859992][ T7885] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 96.863942][ T7885] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 96.867778][ T7885] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 96.928901][ T7885] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.943160][ T7885] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.948246][ T1223] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.950546][ T1223] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.957674][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.959902][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.007886][ T1327] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 97.047604][ T56] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 97.057531][ T5960] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 97.107364][ T7885] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.167546][ T1327] usb 8-1: Using ep0 maxpacket: 8 [ 97.177675][ T1327] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 97.182851][ T1327] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 97.185942][ T1327] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 97.189271][ T1327] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 97.193401][ T1327] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 97.196655][ T1327] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.207520][ T5960] usb 7-1: Using ep0 maxpacket: 16 [ 97.211808][ T5960] usb 7-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 97.214806][ T5960] usb 7-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 180, changing to 11 [ 97.219402][ T56] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 97.219715][ T5960] usb 7-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid maxpacket 26584, setting to 1024 [ 97.223074][ T56] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 97.223100][ T56] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 97.223111][ T56] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.226553][ T5960] usb 7-1: config 0 interface 0 has no altsetting 0 [ 97.234184][ T56] usb 5-1: config 0 descriptor?? [ 97.236985][ T5960] usb 7-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 97.241858][ T5960] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.244356][ T5960] usb 7-1: Product: syz [ 97.245718][ T5960] usb 7-1: Manufacturer: syz [ 97.247233][ T5960] usb 7-1: SerialNumber: syz [ 97.250825][ T5960] usb 7-1: config 0 descriptor?? [ 97.253472][ T7945] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 97.276214][ T7885] veth0_vlan: entered promiscuous mode [ 97.284154][ T7885] veth1_vlan: entered promiscuous mode [ 97.311590][ T7885] veth0_macvtap: entered promiscuous mode [ 97.316154][ T7885] veth1_macvtap: entered promiscuous mode [ 97.330916][ T7885] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.340313][ T7885] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.346996][ T7885] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.351772][ T7885] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.355038][ T7885] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.357913][ T7885] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.395548][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.398014][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.410052][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.412642][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.414212][ T1327] usb 8-1: GET_CAPABILITIES returned 0 [ 97.416871][ T1327] usbtmc 8-1:16.0: can't read capabilities [ 97.458117][ T7945] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 97.462872][ T5960] input: syz syz as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/input/input15 [ 97.645865][ T56] cm6533_jd 0003:0D8C:0022.000C: unknown main item tag 0x0 [ 97.648099][ T56] cm6533_jd 0003:0D8C:0022.000C: unknown main item tag 0x0 [ 97.650252][ T56] cm6533_jd 0003:0D8C:0022.000C: unknown main item tag 0x0 [ 97.652592][ T56] cm6533_jd 0003:0D8C:0022.000C: unknown main item tag 0x0 [ 97.654644][ T56] cm6533_jd 0003:0D8C:0022.000C: unknown main item tag 0x0 [ 97.663459][ T56] cm6533_jd 0003:0D8C:0022.000C: hiddev1,hidraw1: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0 [ 97.736047][ T56] usb 7-1: USB disconnect, device number 9 [ 97.848803][ T10] usb 5-1: USB disconnect, device number 8 [ 98.328460][ T63] Bluetooth: hci0: command tx timeout [ 98.441185][ T8046] block nbd0: shutting down sockets [ 98.495948][ T8055] binfmt_misc: register: failed to install interpreter file ./file0 [ 98.583195][ T8060] kvm_intel: kvm [8059]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x1 [ 98.707263][ T8063] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 98.726893][ T8068] netlink: 4 bytes leftover after parsing attributes in process `syz.0.870'. [ 98.727491][ T7307] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 98.878111][ T7307] usb 7-1: Using ep0 maxpacket: 8 [ 98.881891][ T7307] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 98.885010][ T7307] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 98.888983][ T7307] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 98.892209][ T7307] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 98.896269][ T7307] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 98.901434][ T7307] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 98.905167][ T7307] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.982506][ T8083] netlink: 8 bytes leftover after parsing attributes in process `syz.0.875'. [ 99.121778][ T7307] usb 7-1: usb_control_msg returned -32 [ 99.123695][ T7307] usbtmc 7-1:16.0: can't read capabilities [ 99.474061][ T8087] usbtmc 8-1:16.0: INITIATE_CLEAR returned 0 [ 99.677100][ T56] usb 8-1: USB disconnect, device number 6 [ 100.407567][ T63] Bluetooth: hci0: command tx timeout [ 100.476697][ T8109] netlink: 36 bytes leftover after parsing attributes in process `syz.4.886'. [ 100.497514][ T6022] usb 8-1: new full-speed USB device number 7 using dummy_hcd [ 100.649499][ T6022] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 100.653759][ T6022] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 100.659134][ T6022] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 100.663024][ T6022] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 100.670659][ T6022] usb 8-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 100.674445][ T6022] usb 8-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 100.677912][ T6022] usb 8-1: Manufacturer: syz [ 100.682114][ T6022] usb 8-1: config 0 descriptor?? [ 100.947573][ T6022] rc_core: IR keymap rc-hauppauge not found [ 100.950059][ T6022] Registered IR keymap rc-empty [ 100.952691][ T6022] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 100.967573][ T6022] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 100.989231][ T6022] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0 [ 100.995529][ T6022] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0/input16 [ 101.003259][ T6022] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 101.027585][ T6022] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 101.047672][ T6022] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 101.077633][ T6022] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 101.107529][ T6022] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 101.127560][ T6022] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 101.147540][ T6022] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 101.167579][ T6022] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 101.187572][ T6022] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 101.207533][ T6022] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 101.229078][ T6022] mceusb 8-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 101.232764][ T6022] mceusb 8-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 101.240197][ T6022] usb 8-1: USB disconnect, device number 7 [ 101.504451][ T1327] usb 7-1: USB disconnect, device number 10 [ 102.079575][ T8203] input input17: cannot allocate more than FF_MAX_EFFECTS effects [ 102.164602][ T8213] netlink: 28 bytes leftover after parsing attributes in process `syz.0.932'. [ 102.170096][ T8213] netlink: 'syz.0.932': attribute type 7 has an invalid length. [ 102.173102][ T8213] netlink: 'syz.0.932': attribute type 8 has an invalid length. [ 102.176615][ T8213] netlink: 4 bytes leftover after parsing attributes in process `syz.0.932'. [ 102.185901][ T8213] gretap0: entered promiscuous mode [ 102.189030][ T8213] batadv_slave_1: entered promiscuous mode [ 102.195298][ T8213] gretap0: left promiscuous mode [ 102.202348][ T8213] batadv_slave_1: left promiscuous mode [ 102.232909][ T1336] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 102.397627][ T1336] usb 8-1: Using ep0 maxpacket: 16 [ 102.409836][ T1336] usb 8-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 102.415415][ T1336] usb 8-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 180, changing to 11 [ 102.422909][ T1336] usb 8-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid maxpacket 26584, setting to 1024 [ 102.427780][ T1336] usb 8-1: config 0 interface 0 has no altsetting 0 [ 102.432984][ T1336] usb 8-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 102.436278][ T1336] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.439219][ T1336] usb 8-1: Product: syz [ 102.440803][ T1336] usb 8-1: Manufacturer: syz [ 102.442877][ T1336] usb 8-1: SerialNumber: syz [ 102.451431][ T1336] usb 8-1: config 0 descriptor?? [ 102.463671][ T8194] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 102.482165][ T63] Bluetooth: hci0: command tx timeout [ 102.677669][ T8194] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 102.681523][ T1336] input: syz syz as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input18 [ 102.975963][ T1336] usb 8-1: USB disconnect, device number 8 [ 103.428289][ T8251] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 103.716576][ T8266] syzkaller1: entered promiscuous mode [ 103.719611][ T8266] syzkaller1: entered allmulticast mode [ 103.720449][ T8268] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.950'. [ 103.740991][ T8266] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 6 [ 103.806464][ T8272] sch_tbf: burst 19920 is lower than device lo mtu (65550) ! [ 104.050122][ T8297] sch_tbf: burst 19920 is lower than device lo mtu (65550) ! [ 104.138795][ T8305] input input19: cannot allocate more than FF_MAX_EFFECTS effects [ 104.147075][ T8307] syzkaller1: entered promiscuous mode [ 104.149999][ T8307] syzkaller1: entered allmulticast mode [ 104.574247][ T8337] input input20: cannot allocate more than FF_MAX_EFFECTS effects [ 104.729488][ T8343] input: syz1 as /devices/virtual/input/input21 [ 105.257152][ T10] IPVS: starting estimator thread 0... [ 105.260267][ T8371] tipc: Started in network mode [ 105.262310][ T8371] tipc: Node identity ac1414aa, cluster identity 4711 [ 105.265121][ T8371] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 105.267477][ T8371] tipc: Enabled bearer , priority 10 [ 105.279665][ T8373] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.992'. [ 105.283831][ T8369] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.992'. [ 105.357842][ T8372] IPVS: using max 43 ests per chain, 103200 per kthread [ 105.399115][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 105.484801][ T8382] vivid-001: disconnect [ 105.487370][ T8381] vivid-001: reconnect [ 105.532095][ T8384] Bluetooth: hci4: Frame reassembly failed (-84) [ 105.534271][ T46] Bluetooth: hci4: Frame reassembly failed (-84) [ 105.537528][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 105.677582][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 105.817489][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 105.925905][ T8401] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 105.931088][ T8402] Dead loop on virtual device ip6_vti0, fix it urgently! [ 105.934581][ T8402] Dead loop on virtual device ip6_vti0, fix it urgently! [ 105.937743][ T8402] Dead loop on virtual device ip6_vti0, fix it urgently! [ 105.941143][ T8402] Dead loop on virtual device ip6_vti0, fix it urgently! [ 105.943941][ T8402] Dead loop on virtual device ip6_vti0, fix it urgently! [ 105.973106][ T839] IPVS: starting estimator thread 0... [ 105.978337][ T8404] tipc: Started in network mode [ 105.980856][ T8404] tipc: Node identity ac1414aa, cluster identity 4711 [ 105.984092][ T8404] tipc: Enabled bearer , priority 10 [ 106.057652][ T8405] IPVS: using max 27 ests per chain, 64800 per kthread [ 106.069747][ T8413] vivid-000: disconnect [ 106.072135][ T8412] vivid-000: reconnect [ 106.281351][ T1327] IPVS: starting estimator thread 0... [ 106.285939][ T8430] tipc: Started in network mode [ 106.288396][ T8430] tipc: Node identity ac1414aa, cluster identity 4711 [ 106.290998][ T8430] tipc: Enabled bearer , priority 10 [ 106.367598][ T8432] IPVS: using max 43 ests per chain, 103200 per kthread [ 106.378658][ T1327] tipc: Node number set to 2886997162 [ 106.435858][ T8443] ------------[ cut here ]------------ [ 106.438518][ T8443] intf 08:02:11:00:00:00 [link=0]: bad STA 08:02:11:00:00:01 bandwidth 20 MHz (0) > channel config 5 MHz (6) [ 106.443946][ T8443] WARNING: CPU: 1 PID: 8443 at drivers/net/wireless/virtual/mac80211_hwsim.c:2650 mac80211_hwsim_sta_rc_update+0x60b/0x850 [ 106.449410][ T8443] Modules linked in: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 106.452446][ T8443] CPU: 1 UID: 0 PID: 8443 Comm: syz.2.1026 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 106.456961][ T8445] netlink: 348 bytes leftover after parsing attributes in process `syz.3.1027'. [ 106.457159][ T8443] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 106.465405][ T8443] RIP: 0010:mac80211_hwsim_sta_rc_update+0x60b/0x850 [ 106.468159][ T8443] Code: 8b 44 24 20 89 da 48 c7 c7 e0 5b 6b 8c 44 8b 89 a8 01 00 00 41 54 48 8d b0 72 04 00 00 41 55 44 8b 44 24 14 e8 16 50 74 fa 90 <0f> 0b 90 90 58 5a e9 36 fc ff ff e8 75 ff b4 fa e8 30 12 7e 04 31 [ 106.476138][ T8443] RSP: 0018:ffffc9000fc6f198 EFLAGS: 00010286 [ 106.478829][ T8443] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc90007b82000 [ 106.481430][ T8443] RDX: 0000000000080000 RSI: ffffffff817ab115 RDI: 0000000000000001 [ 106.483974][ T8443] RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000 [ 106.486572][ T8443] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000006 [ 106.489418][ T8443] R13: 0000000000000005 R14: ffff8880134bd020 R15: ffff88805e90b0a0 [ 106.492245][ T8443] FS: 0000000000000000(0000) GS:ffff888097620000(0063) knlGS:00000000f502eb40 [ 106.495141][ T8443] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 106.497481][ T8443] CR2: 000000005807c4c0 CR3: 000000004925b000 CR4: 0000000000352ef0 [ 106.500054][ T8443] Call Trace: [ 106.501192][ T8443] [ 106.502189][ T8443] mac80211_hwsim_sta_add+0xc9/0x2c0 [ 106.503902][ T8443] ? __pfx_mac80211_hwsim_sta_add+0x10/0x10 [ 106.505990][ T8443] drv_sta_state+0xa08/0x1940 [ 106.507622][ T8443] sta_info_insert_rcu+0xc8d/0x1b70 [ 106.509359][ T8443] sta_info_insert+0x16/0xd0 [ 106.510961][ T8443] ieee80211_add_station+0x46d/0x6c0 [ 106.513188][ T8443] nl80211_new_station+0x14c9/0x1c50 [ 106.515072][ T8443] ? __pfx_nl80211_new_station+0x10/0x10 [ 106.517616][ T8443] ? nl80211_pre_doit+0x1b0/0xb10 [ 106.519724][ T8443] genl_family_rcv_msg_doit+0x206/0x2f0 [ 106.522009][ T8443] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 106.524609][ T8443] ? trace_cap_capable+0x18d/0x200 [ 106.526875][ T8443] ? bpf_lsm_capable+0x9/0x10 [ 106.529043][ T8443] ? security_capable+0x7e/0x260 [ 106.531164][ T8443] ? ns_capable+0xd7/0x110 [ 106.533065][ T8443] genl_rcv_msg+0x55c/0x800 [ 106.535019][ T8443] ? __pfx_genl_rcv_msg+0x10/0x10 [ 106.537139][ T8443] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 106.538913][ T8443] ? __pfx_nl80211_new_station+0x10/0x10 [ 106.540696][ T8443] ? __pfx_nl80211_post_doit+0x10/0x10 [ 106.542977][ T8443] netlink_rcv_skb+0x155/0x420 [ 106.544991][ T8443] ? __pfx_genl_rcv_msg+0x10/0x10 [ 106.547103][ T8443] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 106.549461][ T8443] ? netlink_deliver_tap+0x1ae/0xd30 [ 106.551707][ T8443] genl_rcv+0x28/0x40 [ 106.553409][ T8443] netlink_unicast+0x58d/0x850 [ 106.555438][ T8443] ? __pfx_netlink_unicast+0x10/0x10 [ 106.557891][ T8443] netlink_sendmsg+0x8d1/0xdd0 [ 106.559835][ T8443] ? __pfx_netlink_sendmsg+0x10/0x10 [ 106.562040][ T8443] ? __import_iovec+0x1dd/0x650 [ 106.564167][ T8443] ____sys_sendmsg+0xa95/0xc70 [ 106.566196][ T8443] ? __pfx_____sys_sendmsg+0x10/0x10 [ 106.568568][ T8443] ? get_compat_msghdr+0x11a/0x170 [ 106.570759][ T8443] ? __pfx_futex_wake_mark+0x10/0x10 [ 106.572962][ T8443] ___sys_sendmsg+0x134/0x1d0 [ 106.574912][ T8443] ? __pfx____sys_sendmsg+0x10/0x10 [ 106.577102][ T8443] ? find_held_lock+0x2b/0x80 [ 106.579432][ T8443] __sys_sendmsg+0x16d/0x220 [ 106.581432][ T8443] ? __pfx___sys_sendmsg+0x10/0x10 [ 106.583589][ T8443] ? __ia32_sys_futex_time32+0x1d9/0x460 [ 106.585981][ T8443] ? rcu_is_watching+0x12/0xc0 [ 106.588137][ T8443] __do_fast_syscall_32+0x7c/0x3a0 [ 106.590425][ T8443] do_fast_syscall_32+0x32/0x80 [ 106.592498][ T8443] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 106.595163][ T8443] RIP: 0023:0xf703e579 [ 106.596902][ T8443] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 106.604594][ T8443] RSP: 002b:00000000f502e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 106.607531][ T8443] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080001080 [ 106.610713][ T8443] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 106.614019][ T8443] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 106.617284][ T8443] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 106.620640][ T8443] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 106.623938][ T8443] [ 106.625281][ T8443] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 106.628315][ T8443] CPU: 1 UID: 0 PID: 8443 Comm: syz.2.1026 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 106.633162][ T8443] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 106.637495][ T8443] Call Trace: [ 106.638904][ T8443] [ 106.640151][ T8443] dump_stack_lvl+0x3d/0x1f0 [ 106.642119][ T8443] panic+0x71c/0x800 [ 106.643774][ T8443] ? __pfx_panic+0x10/0x10 [ 106.645598][ T8443] ? show_trace_log_lvl+0x29b/0x3e0 [ 106.647247][ T8443] ? mac80211_hwsim_sta_rc_update+0x60b/0x850 [ 106.649139][ T8443] check_panic_on_warn+0xab/0xb0 [ 106.650724][ T8443] __warn+0xf6/0x3c0 [ 106.651959][ T8443] ? mac80211_hwsim_sta_rc_update+0x60b/0x850 [ 106.653817][ T8443] report_bug+0x3c3/0x580 [ 106.655165][ T8443] ? mac80211_hwsim_sta_rc_update+0x60b/0x850 [ 106.656971][ T8443] handle_bug+0x184/0x210 [ 106.658311][ T8443] exc_invalid_op+0x17/0x50 [ 106.659700][ T8443] asm_exc_invalid_op+0x1a/0x20 [ 106.661217][ T8443] RIP: 0010:mac80211_hwsim_sta_rc_update+0x60b/0x850 [ 106.663303][ T8443] Code: 8b 44 24 20 89 da 48 c7 c7 e0 5b 6b 8c 44 8b 89 a8 01 00 00 41 54 48 8d b0 72 04 00 00 41 55 44 8b 44 24 14 e8 16 50 74 fa 90 <0f> 0b 90 90 58 5a e9 36 fc ff ff e8 75 ff b4 fa e8 30 12 7e 04 31 [ 106.669142][ T8443] RSP: 0018:ffffc9000fc6f198 EFLAGS: 00010286 [ 106.670958][ T8443] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc90007b82000 [ 106.673348][ T8443] RDX: 0000000000080000 RSI: ffffffff817ab115 RDI: 0000000000000001 [ 106.675774][ T8443] RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000 [ 106.678222][ T8443] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000006 [ 106.680664][ T8443] R13: 0000000000000005 R14: ffff8880134bd020 R15: ffff88805e90b0a0 [ 106.683119][ T8443] ? __warn_printk+0x1a5/0x350 [ 106.684628][ T8443] ? mac80211_hwsim_sta_rc_update+0x60a/0x850 [ 106.686536][ T8443] mac80211_hwsim_sta_add+0xc9/0x2c0 [ 106.688184][ T8443] ? __pfx_mac80211_hwsim_sta_add+0x10/0x10 [ 106.690040][ T8443] drv_sta_state+0xa08/0x1940 [ 106.691535][ T8443] sta_info_insert_rcu+0xc8d/0x1b70 [ 106.693160][ T8443] sta_info_insert+0x16/0xd0 [ 106.694625][ T8443] ieee80211_add_station+0x46d/0x6c0 [ 106.696304][ T8443] nl80211_new_station+0x14c9/0x1c50 [ 106.697966][ T8443] ? __pfx_nl80211_new_station+0x10/0x10 [ 106.699726][ T8443] ? nl80211_pre_doit+0x1b0/0xb10 [ 106.701323][ T8443] genl_family_rcv_msg_doit+0x206/0x2f0 [ 106.703046][ T8443] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 106.704946][ T8443] ? trace_cap_capable+0x18d/0x200 [ 106.706558][ T8443] ? bpf_lsm_capable+0x9/0x10 [ 106.708033][ T8443] ? security_capable+0x7e/0x260 [ 106.709585][ T8443] ? ns_capable+0xd7/0x110 [ 106.710996][ T8443] genl_rcv_msg+0x55c/0x800 [ 106.712421][ T8443] ? __pfx_genl_rcv_msg+0x10/0x10 [ 106.713943][ T8443] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 106.715566][ T8443] ? __pfx_nl80211_new_station+0x10/0x10 [ 106.717324][ T8443] ? __pfx_nl80211_post_doit+0x10/0x10 [ 106.719030][ T8443] netlink_rcv_skb+0x155/0x420 [ 106.720535][ T8443] ? __pfx_genl_rcv_msg+0x10/0x10 [ 106.722108][ T8443] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 106.723677][ T8443] ? netlink_deliver_tap+0x1ae/0xd30 [ 106.725279][ T8443] genl_rcv+0x28/0x40 [ 106.726540][ T8443] netlink_unicast+0x58d/0x850 [ 106.727978][ T8443] ? __pfx_netlink_unicast+0x10/0x10 [ 106.729709][ T8443] netlink_sendmsg+0x8d1/0xdd0 [ 106.731546][ T8443] ? __pfx_netlink_sendmsg+0x10/0x10 [ 106.733656][ T8443] ? __import_iovec+0x1dd/0x650 [ 106.735515][ T8443] ____sys_sendmsg+0xa95/0xc70 [ 106.737389][ T8443] ? __pfx_____sys_sendmsg+0x10/0x10 [ 106.739597][ T8443] ? get_compat_msghdr+0x11a/0x170 [ 106.741757][ T8443] ? __pfx_futex_wake_mark+0x10/0x10 [ 106.743929][ T8443] ___sys_sendmsg+0x134/0x1d0 [ 106.745819][ T8443] ? __pfx____sys_sendmsg+0x10/0x10 [ 106.747902][ T8443] ? find_held_lock+0x2b/0x80 [ 106.749911][ T8443] __sys_sendmsg+0x16d/0x220 [ 106.751471][ T8443] ? __pfx___sys_sendmsg+0x10/0x10 [ 106.753186][ T8443] ? __ia32_sys_futex_time32+0x1d9/0x460 [ 106.754985][ T8443] ? rcu_is_watching+0x12/0xc0 [ 106.756514][ T8443] __do_fast_syscall_32+0x7c/0x3a0 [ 106.758397][ T8443] do_fast_syscall_32+0x32/0x80 [ 106.760452][ T8443] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 106.763049][ T8443] RIP: 0023:0xf703e579 [ 106.764334][ T8443] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 106.770336][ T8443] RSP: 002b:00000000f502e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 106.772913][ T8443] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080001080 [ 106.775488][ T8443] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 106.778292][ T8443] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 106.781439][ T8443] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 106.784678][ T8443] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 106.787165][ T8443] [ 106.788829][ T8443] Kernel Offset: disabled [ 106.790200][ T8443] Rebooting in 86400 seconds.. VM DIAGNOSIS: 03:40:40 Registers: info registers vcpu 0 CPU#0 RAX=0000000000142901 RBX=0000000000000000 RCX=ffffffff8b847c69 RDX=0000000000000000 RSI=ffffffff8de2c794 RDI=ffffffff8c157960 RBP=fffffbfff1c52ef0 RSP=ffffffff8e207e08 R8 =0000000000000001 R9 =ffffed1005646645 R10=ffff88802b23322b R11=0000000000000001 R12=0000000000000000 R13=ffffffff8e297780 R14=ffffffff90a9a150 R15=0000000000000000 RIP=ffffffff8b8467cf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097520000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080004000 CR3=000000005dc47000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000000000a RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85584895 RDI=ffffffff9b0ac980 RBP=ffffffff9b0ac940 RSP=ffffc9000fc6eaf0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=000000000000000a R14=ffffffff9b0ac940 R15=ffffffff85584830 RIP=ffffffff855848bf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097620000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000005807c4c0 CR3=000000004925b000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 EAX=00000002 EBX=f73d3ff4 ECX=ffffffff EDX=8ad4a67e ESI=f7404fe8 EDI=8ad4a682 EBP=f7f35610 ESP=ff95a9bc EIP=f70b9f1c EFL=00000246 [---Z-P-] CPL=3 II=0 A20=1 SMM=0 HLT=0 ES =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0023 00000000 ffffffff 00c0fb00 DPL=3 CS32 [-RA] SS =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] DS =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 00000000 ffffffff 00c00000 GS =0063 567c8440 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 00000000 ffffffff 00c00000 TR =0040 00091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c339ff7 CR3=000000005dc47000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000003 RBX=ffff888041164718 RCX=dffffc0000000000 RDX=0000000000000000 RSI=0000000000000004 RDI=ffff888041164718 RBP=0000000000000000 RSP=ffffc90002a9f750 R8 =0000000000000000 R9 =ffffed100822c8e3 R10=ffff88804116471b R11=0000000000000001 R12=ffff8880411646d0 R13=0000000000000001 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff822ce990 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097820000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7f66e40 CR3=0000000051b8c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f7403ff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000