last executing test programs: 2.366776506s ago: executing program 1 (id=2718): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) lseek(r2, 0x2, 0x0) getdents64(r2, 0x0, 0x22) 2.294348534s ago: executing program 1 (id=2728): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c) set_mempolicy(0x4005, &(0x7f0000000080)=0x3, 0x2) ioctl$BTRFS_IOC_SYNC(0xffffffffffffffff, 0x9408, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000000)=@req3={0x410000, 0x100000001, 0x210000, 0x1, 0xb}, 0x1c) 814.557323ms ago: executing program 1 (id=2733): r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x1, 0x3}, 0x18, 0x0) landlock_restrict_self(r2, 0x1) mknodat(r1, &(0x7f0000000180)='./file0\x00', 0x0, 0x0) linkat(r1, &(0x7f0000000380)='./file0\x00', r1, &(0x7f0000000080)='./bus\x00', 0x1400) 733.098806ms ago: executing program 1 (id=2736): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x1, 0x1, 0x0, 0x0, 0x0, 0xd5e855c9ff29405c}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001800)) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f00000000c0)) 559.245208ms ago: executing program 0 (id=2727): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x68, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0x0, 0xffe0}, {}, {0x7, 0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0x38, 0x2, [@TCA_FLOW_EMATCHES={0x34, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x7}}, @TCA_EMATCH_TREE_LIST={0x28, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x24, 0x1, 0x0, 0x0, {{0x8, 0x9, 0x40}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x3}, @TCA_EM_IPT_MATCH_DATA={0x4}, @TCA_EM_IPT_MATCH_NAME={0xb}]}}]}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x10}, 0x2008c014) 554.94017ms ago: executing program 1 (id=2741): r0 = gettid() timer_create(0x7, &(0x7f0000000780)={0x0, 0x3f, 0x4, @tid=r0}, &(0x7f0000000000)=0x0) clock_gettime(0x5, &(0x7f0000000800)={0x0, 0x0}) r4 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r4, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x1832b, 0x0) timer_settime(r1, 0x1, &(0x7f0000000840)={{r2, r3+10000000}, {0x0, 0x989680}}, 0x0) rt_sigaction(0x3f, &(0x7f0000000940)={&(0x7f00000008c0)="c46279340cdbc4c261ad9a0c000000c4c2d503f264430fae54bcc0660f638d9b540000c482c5ac2c566742d0430366f30fbae70040d9fa90", 0x40000001, 0x0, {[0x40]}}, 0x0, 0x8, &(0x7f0000000a80)) 508.28477ms ago: executing program 2 (id=2738): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg$unix(r1, &(0x7f00000009c0)=[{{0x0, 0x0, &(0x7f0000000a80)=[{&(0x7f0000003900)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) sendmsg$NL80211_CMD_SET_WOWLAN(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000008ac0)=ANY=[], 0xff8}, 0x1, 0x0, 0x0, 0x2404e0d0}, 0x404c845) sendmsg$alg(r1, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x28c0}, 0x20000000) 437.055541ms ago: executing program 0 (id=2740): r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x1, 0x3}, 0x18, 0x0) landlock_restrict_self(r2, 0x1) mknodat(r1, &(0x7f0000000180)='./file0\x00', 0x0, 0x0) linkat(r1, &(0x7f0000000380)='./file0\x00', r1, &(0x7f0000000080)='./bus\x00', 0x1400) 436.880733ms ago: executing program 1 (id=2742): r0 = socket$alg(0x26, 0x5, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x0, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000000000007112370000000000950000000000000089e2d90aa1795cc26efb1dacf01150510936875c66d6a7d6eb12d4cdbc5c0ce0d29df91940d8ca08008e7aa5b3c9a10909d6e18b263131bf965f55746df5189a2e23905ae4dc5340e0eb74eb523d5b77a763cccb768b4453c8b1b1dd0a71983b5c2cfe11f3d30228772b0b798ebaf5abde2ce3ec34f8c6f13ee1f181ac563ba7a7edc9be94452da6d7eb67ae3243cb393245efd0dd21de9553cbd1a8516282de458c44d1ddae97af584de743d44ed18d20dd3b2c42cf1e8b27788dfc562367d46197198cd19fda89a6feca6c738b1d4b2522"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) r1 = syz_usb_connect(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f010400000009058303"], 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000080)=0xb309) syz_usb_ep_write$ath9k_ep2(r1, 0x83, 0x8, &(0x7f0000000080)=ANY=[]) syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 432.79386ms ago: executing program 0 (id=2743): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) write$tun(r0, &(0x7f0000001240)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x0, 0x14}, @ipv4=@udp={{0x6, 0x4, 0x3, 0x1b, 0x65, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x1a}, {[@timestamp={0x44, 0x4, 0x1c, 0x0, 0x6}]}}, {0x4e20, 0x4e20, 0x4d, 0x0, @wg=@data={0x4, 0x2, 0x8, "e8771ac366586e56f446dcd22ec94c672f1cd650516a2fbeddd0cb5cffc4ef63a1c2be9551171e48bb8559ac9077c099289048d76d"}}}}, 0x73) 429.09696ms ago: executing program 2 (id=2749): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x68, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0x0, 0xffe0}, {}, {0x7, 0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0x38, 0x2, [@TCA_FLOW_EMATCHES={0x34, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x7}}, @TCA_EMATCH_TREE_LIST={0x28, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x24, 0x1, 0x0, 0x0, {{0x8, 0x9, 0x40}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x3}, @TCA_EM_IPT_MATCH_DATA={0x4}, @TCA_EM_IPT_MATCH_NAME={0xb}]}}]}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x10}, 0x2008c014) 304.02972ms ago: executing program 3 (id=2747): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = syz_io_uring_setup(0x88d, &(0x7f0000000140)={0x0, 0xaee2, 0x80, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000100)=0x10000) ioctl$TCSETS(r0, 0x5402, &(0x7f00000000c0)={0xffffffff, 0x0, 0x0, 0xffffffff, 0x0, "0400"}) 298.747324ms ago: executing program 0 (id=2756): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) lseek(r2, 0x2, 0x0) getdents64(r2, 0x0, 0x22) 237.814647ms ago: executing program 3 (id=2748): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0x4, 0xa, 0x40}, 0x50) close(0x3) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000004000000e27f000001"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000004c0), &(0x7f0000000380), 0x5, r1}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) 237.682444ms ago: executing program 0 (id=2750): r0 = gettid() timer_create(0x7, &(0x7f0000000780)={0x0, 0x3f, 0x4, @tid=r0}, &(0x7f0000000000)=0x0) clock_gettime(0x5, &(0x7f0000000800)={0x0, 0x0}) r4 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r4, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x1832b, 0x0) timer_settime(r1, 0x1, &(0x7f0000000840)={{r2, r3+10000000}, {0x0, 0x989680}}, 0x0) rt_sigaction(0x3f, &(0x7f0000000940)={&(0x7f00000008c0)="c46279340cdbc4c261ad9a0c000000c4c2d503f264430fae54bcc0660f638d9b540000c482c5ac2c566742d0430366f30fbae70040d9fa90", 0x40000001, 0x0, {[0x40]}}, 0x0, 0x8, &(0x7f0000000a80)) 237.628906ms ago: executing program 2 (id=2751): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000180), 0x1, 0xa2242) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000000)=0xfffffffb) r2 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) ioctl$int_in(r2, 0x5421, &(0x7f0000000000)=0x3) connect$bt_rfcomm(r2, &(0x7f00000001c0)={0x1f, @any, 0xb}, 0xa) close_range(r0, 0xffffffffffffffff, 0x0) 234.015327ms ago: executing program 3 (id=2752): r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x1, 0x3}, 0x18, 0x0) landlock_restrict_self(r2, 0x1) mknodat(r1, &(0x7f0000000180)='./file0\x00', 0x0, 0x0) linkat(r1, &(0x7f0000000380)='./file0\x00', r1, &(0x7f0000000080)='./bus\x00', 0x1400) 163.693504ms ago: executing program 3 (id=2753): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg$unix(r1, &(0x7f00000009c0)=[{{0x0, 0x0, &(0x7f0000000a80)=[{&(0x7f0000003900)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) sendmsg$NL80211_CMD_SET_WOWLAN(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000008ac0)=ANY=[], 0xff8}, 0x1, 0x0, 0x0, 0x2404e0d0}, 0x404c845) sendmsg$alg(r1, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x28c0}, 0x20000000) 163.534931ms ago: executing program 2 (id=2754): r0 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r3 = socket(0x200000000000011, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'vlan1\x00', 0x0}) bind$packet(r3, &(0x7f0000000080)={0x11, 0xd, r4, 0x1, 0x0, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x14) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r3, 0x0, 0x0}) io_uring_enter(r0, 0xd00, 0x7e15, 0x0, 0x0, 0x30) 163.368311ms ago: executing program 0 (id=2755): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @local}, 0x7}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000016c0)={0x14, r2, 0x4, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4001) setsockopt$inet6_tcp_int(r1, 0x6, 0xc, &(0x7f0000000000)=0x9, 0x4) 103.890658ms ago: executing program 3 (id=2757): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x68, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0x0, 0xffe0}, {}, {0x7, 0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0x38, 0x2, [@TCA_FLOW_EMATCHES={0x34, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x7}}, @TCA_EMATCH_TREE_LIST={0x28, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x24, 0x1, 0x0, 0x0, {{0x8, 0x9, 0x40}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x3}, @TCA_EM_IPT_MATCH_DATA={0x4}, @TCA_EM_IPT_MATCH_NAME={0xb}]}}]}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x10}, 0x2008c014) 102.762431ms ago: executing program 2 (id=2758): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) write$tun(r0, &(0x7f0000001240)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x0, 0x14}, @ipv4=@udp={{0x6, 0x4, 0x3, 0x1b, 0x65, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x1a}, {[@timestamp={0x44, 0x4, 0x1c, 0x0, 0x6}]}}, {0x4e20, 0x4e20, 0x4d, 0x0, @wg=@data={0x4, 0x2, 0x8, "e8771ac366586e56f446dcd22ec94c672f1cd650516a2fbeddd0cb5cffc4ef63a1c2be9551171e48bb8559ac9077c099289048d76d"}}}}, 0x73) 110.101µs ago: executing program 2 (id=2759): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = syz_io_uring_setup(0x88d, &(0x7f0000000140)={0x0, 0xaee2, 0x80, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000100)=0x10000) ioctl$TCSETS(r0, 0x5402, &(0x7f00000000c0)={0xffffffff, 0x0, 0x0, 0xffffffff, 0x0, "0400"}) 0s ago: executing program 3 (id=2760): r0 = epoll_create1(0x0) r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000040)='GPL\x00'}, 0x94) r3 = epoll_create1(0x0) r4 = fcntl$dupfd(r3, 0x2, 0xffffffffffffffff) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000200)=ANY=[@ANYRES32=r4, @ANYRES32=r2, @ANYBLOB="11"], 0x14) bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000140)={@cgroup=r1, r2, 0x11, 0x0, r1}, 0x11) 0s ago: executing program 3 (id=2761): r0 = landlock_create_ruleset(&(0x7f0000000100)={0x3002, 0x3, 0x2}, 0x18, 0x0) landlock_restrict_self(r0, 0x6) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = getpgid(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000140)={0x2, r3}) sendmmsg$unix(r1, &(0x7f0000006c40)=[{{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000008c0)='\x00', 0x1}], 0x1}}], 0x1, 0x408b1) kernel console output (not intermixed with test programs): T24] usb 7-1: Using ep0 maxpacket: 8 [ 63.238146][ T24] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 63.240641][ T24] usb 7-1: config 0 has no interface number 0 [ 63.242940][ T24] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 63.246337][ T24] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 63.249868][ T24] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 63.253214][ T24] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 63.257375][ T24] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 63.260139][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 63.263797][ T24] usb 7-1: config 0 descriptor?? [ 63.267583][ T24] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 63.433501][ T5975] Bluetooth: hci1: command tx timeout [ 63.609785][ T6567] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.263500][ T5979] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 65.414691][ T5979] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 65.418245][ T5979] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 65.421334][ T5979] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 65.424373][ T5979] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 65.428472][ T6583] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 65.432587][ T6567] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.432741][ T5979] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 65.513598][ T5975] Bluetooth: hci1: command tx timeout [ 65.516566][ T6578] usb 7-1: USB disconnect, device number 3 [ 65.519746][ T6578] ldusb 7-1:0.55: LD USB Device #0 now disconnected [ 65.758571][ T2296] usb 8-1: USB disconnect, device number 3 [ 65.933939][ T6567] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.009031][ T6567] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.108755][ T60] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.116309][ T13] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.122664][ T13] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.129120][ T60] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.243522][ T6058] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 67.408864][ T6058] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 67.412622][ T6058] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 67.415945][ T6058] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 67.418749][ T6058] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.422853][ T6616] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 67.426678][ T6058] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 67.593857][ T5975] Bluetooth: hci1: command tx timeout [ 67.764341][ T6073] usb 5-1: USB disconnect, device number 2 [ 68.563564][ T24] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 68.713542][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 68.716452][ T24] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 68.719035][ T24] usb 5-1: config 0 has no interface number 0 [ 68.721030][ T24] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 68.724551][ T24] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 68.728121][ T24] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 68.731510][ T24] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 68.735612][ T24] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 68.738402][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 68.741986][ T24] usb 5-1: config 0 descriptor?? [ 68.746329][ T24] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 69.253911][ T5974] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 69.415274][ T5974] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 69.418718][ T5974] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 69.421748][ T5974] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 69.425099][ T5974] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.429187][ T6651] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 69.432903][ T5974] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 69.485128][ T6667] Bluetooth: MGMT ver 1.23 [ 69.754725][ T6058] usb 7-1: USB disconnect, device number 4 [ 70.613678][ T24] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 70.775501][ T24] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 70.778978][ T24] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 70.782209][ T24] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 70.785139][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.789842][ T6692] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 70.795997][ T24] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 70.876414][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.878496][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.034530][ T6073] usb 5-1: USB disconnect, device number 3 [ 71.038326][ T6073] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 71.110172][ T24] usb 6-1: USB disconnect, device number 3 [ 71.633586][ T6073] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 71.793481][ T6073] usb 8-1: Using ep0 maxpacket: 8 [ 71.796706][ T6073] usb 8-1: config 0 has an invalid interface number: 55 but max is 0 [ 71.799248][ T6073] usb 8-1: config 0 has no interface number 0 [ 71.801315][ T6073] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 71.804959][ T6073] usb 8-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 71.809393][ T6073] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 71.813784][ T6073] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 71.818822][ T6073] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 71.822350][ T6073] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 71.827531][ T6073] usb 8-1: config 0 descriptor?? [ 71.831581][ T6073] ldusb 8-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 71.973560][ T5974] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 72.135647][ T5974] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 72.139883][ T5974] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 72.143782][ T5974] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 72.147223][ T5974] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 72.152295][ T6748] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 72.156704][ T5974] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 72.508676][ T10] usb 6-1: USB disconnect, device number 4 [ 73.261142][ T6796] netlink: 48 bytes leftover after parsing attributes in process `syz.2.285'. [ 74.085352][ T5979] usb 8-1: USB disconnect, device number 4 [ 74.089022][ T5979] ldusb 8-1:0.55: LD USB Device #0 now disconnected [ 74.448322][ T6825] netlink: 48 bytes leftover after parsing attributes in process `syz.0.290'. [ 74.632044][ T6849] netlink: 48 bytes leftover after parsing attributes in process `syz.3.303'. [ 74.664345][ T24] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 74.814995][ T24] usb 6-1: Using ep0 maxpacket: 8 [ 74.817828][ T24] usb 6-1: config 0 has an invalid interface number: 55 but max is 0 [ 74.820340][ T24] usb 6-1: config 0 has no interface number 0 [ 74.822257][ T24] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 74.825876][ T24] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 74.829474][ T24] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 74.832844][ T24] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 74.838220][ T24] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 74.841034][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.848540][ T24] usb 6-1: config 0 descriptor?? [ 74.852221][ T24] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 77.115212][ T24] usb 6-1: USB disconnect, device number 5 [ 77.118468][ T24] ldusb 6-1:0.55: LD USB Device #0 now disconnected [ 77.481310][ T6874] netlink: 48 bytes leftover after parsing attributes in process `syz.1.314'. [ 77.512735][ T6882] process 'syz.0.326' launched './file0' with NULL argv: empty string added [ 77.582348][ T6892] netlink: 8 bytes leftover after parsing attributes in process `syz.2.323'. [ 77.620784][ T6897] mmap: syz.2.327 (6897) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 77.780430][ T6917] netlink: 8 bytes leftover after parsing attributes in process `syz.1.334'. [ 78.973180][ T6954] netlink: 8 bytes leftover after parsing attributes in process `syz.3.345'. [ 79.274758][ T6985] netlink: 8 bytes leftover after parsing attributes in process `syz.0.361'. [ 81.116299][ T59] cfg80211: failed to load regulatory.db [ 81.354706][ T7122] netlink: 'syz.0.422': attribute type 1 has an invalid length. [ 81.357198][ T7122] netlink: 'syz.0.422': attribute type 4 has an invalid length. [ 81.359672][ T7122] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.422'. [ 81.840939][ T7147] netlink: 'syz.1.434': attribute type 1 has an invalid length. [ 81.843378][ T7147] netlink: 'syz.1.434': attribute type 4 has an invalid length. [ 81.846030][ T7147] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.434'. [ 81.946355][ T7155] netlink: 'syz.3.445': attribute type 1 has an invalid length. [ 81.948812][ T7155] netlink: 'syz.3.445': attribute type 4 has an invalid length. [ 81.951175][ T7155] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.445'. [ 82.299911][ T7182] netlink: 'syz.2.449': attribute type 1 has an invalid length. [ 82.302389][ T7182] netlink: 'syz.2.449': attribute type 4 has an invalid length. [ 82.305199][ T7182] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.449'. [ 83.045047][ T7227] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 83.049280][ T7227] netlink: 'syz.0.470': attribute type 12 has an invalid length. [ 83.051710][ T7227] netlink: 'syz.0.470': attribute type 29 has an invalid length. [ 83.054436][ T7227] netlink: 148 bytes leftover after parsing attributes in process `syz.0.470'. [ 83.057202][ T7227] netlink: 59 bytes leftover after parsing attributes in process `syz.0.470'. [ 83.060154][ T7227] Zero length message leads to an empty skb [ 83.305622][ T7263] netlink: 148 bytes leftover after parsing attributes in process `syz.3.484'. [ 83.308492][ T7263] netlink: 59 bytes leftover after parsing attributes in process `syz.3.484'. [ 84.115595][ T7296] netlink: 20 bytes leftover after parsing attributes in process `syz.0.501'. [ 84.116598][ T7297] netlink: 148 bytes leftover after parsing attributes in process `syz.1.500'. [ 84.121216][ T7297] netlink: 59 bytes leftover after parsing attributes in process `syz.1.500'. [ 84.149845][ T7300] syz.0.502: attempt to access beyond end of device [ 84.149845][ T7300] loop1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 84.155464][ T7300] SQUASHFS error: Failed to read block 0x0: -5 [ 84.775499][ T7323] netlink: 148 bytes leftover after parsing attributes in process `syz.2.513'. [ 84.778979][ T7323] netlink: 59 bytes leftover after parsing attributes in process `syz.2.513'. [ 84.803009][ T7328] syz.3.515: attempt to access beyond end of device [ 84.803009][ T7328] loop7: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 84.808366][ T7328] SQUASHFS error: Failed to read block 0x0: -5 [ 84.933714][ T7336] block nbd2: NBD_DISCONNECT [ 84.935560][ T7336] block nbd2: Send disconnect failed -22 [ 84.937988][ T7336] block nbd2: Send disconnect failed -22 [ 84.940196][ T7333] block nbd2: Disconnected due to user request. [ 84.942246][ T7333] block nbd2: shutting down sockets [ 84.988546][ T7343] netlink: 120 bytes leftover after parsing attributes in process `syz.3.522'. [ 84.992043][ T7344] netlink: 24 bytes leftover after parsing attributes in process `syz.2.523'. [ 84.995011][ T7344] netlink: 4 bytes leftover after parsing attributes in process `syz.2.523'. [ 85.100357][ T7353] netlink: 120 bytes leftover after parsing attributes in process `syz.2.534'. [ 85.658739][ T7360] syz.1.528: attempt to access beyond end of device [ 85.658739][ T7360] loop3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 85.662858][ T7360] SQUASHFS error: Failed to read block 0x0: -5 [ 85.723933][ T7357] block nbd3: NBD_DISCONNECT [ 85.725492][ T7357] block nbd3: Send disconnect failed -22 [ 85.727290][ T7357] block nbd3: Send disconnect failed -22 [ 85.729610][ T7354] block nbd3: Disconnected due to user request. [ 85.731607][ T7354] block nbd3: shutting down sockets [ 86.627266][ T7386] netlink: 120 bytes leftover after parsing attributes in process `syz.0.539'. [ 86.656596][ T7388] validate_nla: 9 callbacks suppressed [ 86.656605][ T7388] netlink: 'syz.0.540': attribute type 1 has an invalid length. [ 86.660792][ T7388] netlink: 'syz.0.540': attribute type 2 has an invalid length. [ 86.663172][ T7388] netlink: 'syz.0.540': attribute type 3 has an invalid length. [ 86.672247][ T12] Bluetooth: hci4: Frame reassembly failed (-90) [ 88.713585][ T5975] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 88.713636][ T5987] Bluetooth: hci4: command 0x1003 tx timeout [ 89.260918][ T7405] syz.2.542: attempt to access beyond end of device [ 89.260918][ T7405] loop5: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 89.265099][ T7405] SQUASHFS error: Failed to read block 0x0: -5 [ 89.378104][ T7424] __nla_validate_parse: 2 callbacks suppressed [ 89.378116][ T7424] netlink: 120 bytes leftover after parsing attributes in process `syz.1.554'. [ 89.384168][ T7411] block nbd0: NBD_DISCONNECT [ 89.386157][ T7411] block nbd0: Send disconnect failed -22 [ 89.388471][ T7411] block nbd0: Send disconnect failed -22 [ 89.391367][ T7409] block nbd0: Disconnected due to user request. [ 89.394846][ T7409] block nbd0: shutting down sockets [ 89.411341][ T7427] netlink: 24 bytes leftover after parsing attributes in process `syz.1.555'. [ 89.416200][ T7427] netlink: 'syz.1.555': attribute type 1 has an invalid length. [ 89.418641][ T7427] netlink: 'syz.1.555': attribute type 2 has an invalid length. [ 89.421709][ T7427] netlink: 'syz.1.555': attribute type 3 has an invalid length. [ 89.425287][ T7427] netlink: 4 bytes leftover after parsing attributes in process `syz.1.555'. [ 89.603617][ T7438] block nbd1: NBD_DISCONNECT [ 89.605160][ T7438] block nbd1: Send disconnect failed -22 [ 89.606935][ T7438] block nbd1: Send disconnect failed -22 [ 89.609856][ T7434] block nbd1: Disconnected due to user request. [ 89.613152][ T7434] block nbd1: shutting down sockets [ 89.703515][ T67] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 89.858159][ T67] usb 7-1: unable to get BOS descriptor or descriptor too short [ 89.860722][ T67] usb 7-1: no configurations [ 89.862278][ T67] usb 7-1: can't read configurations, error -22 [ 90.382604][ T7441] netlink: 104 bytes leftover after parsing attributes in process `syz.3.561'. [ 90.445101][ T7454] netlink: 24 bytes leftover after parsing attributes in process `syz.3.569'. [ 90.448490][ T7454] netlink: 'syz.3.569': attribute type 1 has an invalid length. [ 90.451288][ T7454] netlink: 'syz.3.569': attribute type 2 has an invalid length. [ 90.455230][ T7454] netlink: 'syz.3.569': attribute type 3 has an invalid length. [ 90.457625][ T7454] netlink: 4 bytes leftover after parsing attributes in process `syz.3.569'. [ 90.553633][ T7464] block nbd2: Device being setup by another task [ 90.556866][ T7458] block nbd2: NBD_DISCONNECT [ 90.558463][ T7458] block nbd2: Send disconnect failed -22 [ 90.560702][ T7456] block nbd2: Disconnected due to user request. [ 90.562753][ T7456] block nbd2: shutting down sockets [ 90.793501][ T5979] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 90.981172][ T5979] usb 8-1: unable to get BOS descriptor or descriptor too short [ 90.983748][ T5979] usb 8-1: no configurations [ 90.985224][ T5979] usb 8-1: can't read configurations, error -22 [ 91.514184][ T5987] Bluetooth: hci4: command 0x1003 tx timeout [ 91.514367][ T5975] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 92.225242][ T7491] block nbd3: NBD_DISCONNECT [ 92.227197][ T7491] block nbd3: Send disconnect failed -22 [ 92.229468][ T7491] block nbd3: Send disconnect failed -22 [ 92.232488][ T7489] block nbd3: Disconnected due to user request. [ 92.235671][ T7489] block nbd3: shutting down sockets [ 92.274004][ T60] Bluetooth: hci4: Frame reassembly failed (-90) [ 92.403711][ T2296] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 92.569873][ T2296] usb 5-1: unable to get BOS descriptor or descriptor too short [ 92.572341][ T2296] usb 5-1: no configurations [ 92.573997][ T2296] usb 5-1: can't read configurations, error -22 [ 93.983910][ T7523] netlink: 'syz.2.598': attribute type 1 has an invalid length. [ 93.986583][ T7523] netlink: 56 bytes leftover after parsing attributes in process `syz.2.598'. [ 94.313581][ T5975] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 94.891788][ T7548] netlink: 'syz.0.611': attribute type 1 has an invalid length. [ 94.894378][ T7548] netlink: 56 bytes leftover after parsing attributes in process `syz.0.611'. [ 94.923616][ T24] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 95.090652][ T24] usb 6-1: unable to get BOS descriptor or descriptor too short [ 95.093118][ T24] usb 6-1: no configurations [ 95.094811][ T24] usb 6-1: can't read configurations, error -22 [ 95.739129][ T46] Bluetooth: hci4: Frame reassembly failed (-84) [ 95.742025][ T46] Bluetooth: hci4: Frame reassembly failed (-90) [ 96.410946][ T7577] netlink: 'syz.3.622': attribute type 1 has an invalid length. [ 96.413407][ T7577] netlink: 56 bytes leftover after parsing attributes in process `syz.3.622'. [ 97.753592][ T5975] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 97.753928][ T5987] Bluetooth: hci4: command 0x1003 tx timeout [ 98.377427][ T7605] netlink: 'syz.1.635': attribute type 1 has an invalid length. [ 98.379971][ T7605] netlink: 56 bytes leftover after parsing attributes in process `syz.1.635'. [ 98.409623][ T7611] netlink: 8 bytes leftover after parsing attributes in process `syz.3.639'. [ 98.545449][ T7629] netlink: 8 bytes leftover after parsing attributes in process `syz.0.654'. [ 98.667160][ T5987] block nbd3: Receive control failed (result -32) [ 98.725324][ T7632] block nbd3: shutting down sockets [ 100.473517][ T5975] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 100.473548][ T5987] Bluetooth: hci4: command 0x1003 tx timeout [ 101.118575][ T5975] block nbd0: Receive control failed (result -32) [ 101.125432][ T7640] block nbd0: shutting down sockets [ 101.149813][ T7660] netlink: 8 bytes leftover after parsing attributes in process `syz.2.657'. [ 101.160568][ T1140] Bluetooth: hci4: Frame reassembly failed (-84) [ 101.162664][ T46] Bluetooth: hci4: Frame reassembly failed (-84) [ 101.302591][ T7678] loop7: detected capacity change from 0 to 7 [ 101.305570][ T7680] input: syz0 as /devices/virtual/input/input7 [ 101.492236][ T7678] Dev loop7: unable to read RDB block 7 [ 101.494277][ T7690] support for the xor transformation has been removed. [ 101.499625][ C1] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 101.502773][ C1] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 101.503509][ T7678] loop7: unable to read partition table [ 101.507799][ T7678] loop7: partition table beyond EOD, truncated [ 101.509754][ T7678] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 101.751772][ T7695] input: syz0 as /devices/virtual/input/input8 [ 101.895592][ T5987] block nbd1: Receive control failed (result -32) [ 101.953825][ T7698] block nbd1: shutting down sockets [ 101.988423][ T7703] netlink: 8 bytes leftover after parsing attributes in process `syz.1.673'. [ 103.193498][ T5975] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 103.193760][ T5987] Bluetooth: hci4: command 0x1003 tx timeout [ 103.736591][ T7713] loop7: detected capacity change from 0 to 7 [ 103.792432][ T7717] input: syz0 as /devices/virtual/input/input9 [ 103.921546][ T7713] Dev loop7: unable to read RDB block 7 [ 103.923383][ T7723] support for the xor transformation has been removed. [ 103.925647][ T7713] loop7: unable to read partition table [ 103.927685][ T7713] loop7: partition table beyond EOD, truncated [ 103.930063][ T7713] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 103.931542][ C2] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 103.937368][ C2] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 104.162922][ T5975] block nbd2: Receive control failed (result -32) [ 104.184649][ T7730] block nbd2: shutting down sockets [ 104.345714][ T7753] input: syz0 as /devices/virtual/input/input10 [ 104.376710][ T7758] loop7: detected capacity change from 0 to 7 [ 104.549920][ T7761] support for the xor transformation has been removed. [ 104.549963][ T7758] Dev loop7: unable to read RDB block 7 [ 104.552779][ C3] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 104.554038][ T7758] loop7: unable to read partition table [ 104.556886][ C3] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 104.558752][ T7758] loop7: partition table beyond EOD, truncated [ 104.563156][ T7758] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 104.993511][ T53] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 105.054460][ T7791] loop7: detected capacity change from 0 to 7 [ 105.103564][ T10] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 105.155039][ T53] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 105.159305][ T53] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 105.162953][ T53] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 105.166657][ T53] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.173306][ T7766] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 105.178432][ T53] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 105.255571][ T10] usb 8-1: config 0 has no interfaces? [ 105.256328][ T7798] support for the xor transformation has been removed. [ 105.256364][ T7791] Dev loop7: unable to read RDB block 7 [ 105.256386][ T7791] loop7: unable to read partition table [ 105.256480][ T7791] loop7: partition table beyond EOD, truncated [ 105.256489][ T7791] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 105.257558][ T10] usb 8-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 105.260747][ C3] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 105.262029][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.264229][ C3] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 105.284963][ T10] usb 8-1: config 0 descriptor?? [ 105.380105][ T53] usb 7-1: USB disconnect, device number 7 [ 105.390534][ T6578] kernel write not supported for file /register (pid: 6578 comm: kworker/3:4) [ 105.490564][ T29] usb 8-1: USB disconnect, device number 7 [ 106.185121][ T7825] loop7: detected capacity change from 0 to 7 [ 106.381607][ T7836] support for the xor transformation has been removed. [ 106.382361][ T7825] Dev loop7: unable to read RDB block 7 [ 106.384660][ C1] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 106.385670][ T7825] loop7: unable to read partition table [ 106.388696][ C1] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 106.393193][ T7825] loop7: partition table beyond EOD, truncated [ 106.395341][ T7825] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 106.544345][ T7847] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.733'. [ 106.584631][ T10] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 106.586072][ T7849] loop7: detected capacity change from 0 to 7 [ 106.613510][ T29] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 106.755266][ T10] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 106.758683][ T10] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 106.761765][ T10] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 106.764996][ T7849] Dev loop7: unable to read RDB block 7 [ 106.765048][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.765390][ T7851] support for the xor transformation has been removed. [ 106.765627][ C2] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 106.765644][ C2] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 106.766788][ T7849] loop7: unable to read partition table [ 106.770812][ T7843] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 106.771450][ T7849] loop7: partition table beyond EOD, [ 106.775290][ T29] usb 7-1: config 0 has no interfaces? [ 106.776052][ T10] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 106.776953][ T7849] truncated [ 106.778820][ T29] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 106.780951][ T7849] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 106.782648][ T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.798556][ T29] usb 7-1: config 0 descriptor?? [ 106.980568][ T10] usb 5-1: USB disconnect, device number 6 [ 106.986466][ T7843] 9pnet_fd: Insufficient options for proto=fd [ 107.006929][ T29] usb 7-1: USB disconnect, device number 8 [ 107.523891][ T7857] loop7: detected capacity change from 0 to 7 [ 107.582471][ T7872] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.742'. [ 107.620797][ T7877] ======================================================= [ 107.620797][ T7877] WARNING: The mand mount option has been deprecated and [ 107.620797][ T7877] and is ignored by this kernel. Remove the mand [ 107.620797][ T7877] option from the mount to silence this warning. [ 107.620797][ T7877] ======================================================= [ 107.708346][ T7857] Dev loop7: unable to read RDB block 7 [ 107.708553][ T7878] support for the xor transformation has been removed. [ 107.710200][ T7857] loop7: unable to read partition table [ 107.712464][ C0] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 107.714897][ T7857] loop7: partition table beyond EOD, [ 107.717182][ C0] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 107.721477][ T7857] truncated [ 107.722489][ T7857] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 107.843409][ T7896] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.754'. [ 107.933552][ T24] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 107.967413][ T7905] warning: `syz.3.758' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 107.973483][ T53] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 108.087386][ T24] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 108.090789][ T24] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 108.094208][ T24] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 108.097011][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.102235][ T7883] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 108.106801][ T24] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 108.124762][ T53] usb 5-1: config 0 has no interfaces? [ 108.126502][ T53] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 108.129342][ T53] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.132897][ T53] usb 5-1: config 0 descriptor?? [ 108.310223][ T2296] usb 6-1: USB disconnect, device number 8 [ 108.314100][ T53] kernel write not supported for file /register (pid: 53 comm: kworker/3:1) [ 108.340037][ T53] usb 5-1: USB disconnect, device number 7 [ 108.868402][ T7924] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.763'. [ 108.898264][ T5987] Bluetooth: hci4: sending frame failed (-49) [ 108.900899][ T5975] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 109.963716][ T2296] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 110.033490][ T10] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 110.114796][ T2296] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 110.118256][ T2296] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 110.121290][ T2296] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 110.124200][ T2296] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.128168][ T7933] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 110.131871][ T2296] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 110.194653][ T10] usb 6-1: config 0 has no interfaces? [ 110.196392][ T10] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 110.199170][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.202758][ T10] usb 6-1: config 0 descriptor?? [ 110.337791][ T6578] usb 8-1: USB disconnect, device number 8 [ 110.347574][ T7933] 9pnet_fd: Insufficient options for proto=fd [ 110.410546][ T29] usb 6-1: USB disconnect, device number 9 [ 111.194479][ T29] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 111.355548][ T29] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 111.358943][ T29] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 111.361964][ T29] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 111.364834][ T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.368916][ T7952] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 111.372773][ T29] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 111.577420][ T10] usb 5-1: USB disconnect, device number 8 [ 111.579872][ T29] kernel write not supported for file /register (pid: 29 comm: kworker/1:0) [ 111.753565][ T5987] Bluetooth: hci4: command 0x1003 tx timeout [ 111.756130][ T5975] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 112.201954][ T5987] Bluetooth: hci4: sending frame failed (-49) [ 112.204425][ T5975] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 115.033926][ T5975] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 116.529560][ T8131] syz_tun: entered allmulticast mode [ 116.535795][ T8130] syz_tun: left allmulticast mode [ 116.981889][ T8161] syz_tun: entered allmulticast mode [ 116.990214][ T8160] syz_tun: left allmulticast mode [ 117.055462][ T8172] 9pnet: p9_errstr2errno: server reported unknown error pA;KZ44/@qk [ 117.516489][ T8191] syz_tun: entered allmulticast mode [ 117.519500][ T8189] syz_tun: left allmulticast mode [ 117.662931][ T8208] 9pnet: p9_errstr2errno: server reported unknown error pA;KZ44/@qk [ 117.821494][ T8220] syz_tun: entered allmulticast mode [ 117.826345][ T8219] syz_tun: left allmulticast mode [ 117.933733][ T8240] 9pnet: p9_errstr2errno: server reported unknown error pA;KZ44/@qk [ 118.294456][ T8288] 9pnet: p9_errstr2errno: server reported unknown error pA;KZ44/@qk [ 118.594838][ T40] audit: type=1326 audit(1755268245.967:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8320 comm="syz.3.945" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 118.601492][ T40] audit: type=1326 audit(1755268245.967:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8320 comm="syz.3.945" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 118.611910][ T40] audit: type=1326 audit(1755268245.967:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8320 comm="syz.3.945" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 118.621180][ T40] audit: type=1326 audit(1755268245.967:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8320 comm="syz.3.945" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 118.632890][ T40] audit: type=1326 audit(1755268245.967:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8320 comm="syz.3.945" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 118.633065][ T8325] netlink: 'syz.2.947': attribute type 10 has an invalid length. [ 118.639670][ T40] audit: type=1326 audit(1755268245.967:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8320 comm="syz.3.945" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 118.645959][ T8325] netlink: 40 bytes leftover after parsing attributes in process `syz.2.947'. [ 118.652039][ T40] audit: type=1326 audit(1755268245.967:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8320 comm="syz.3.945" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 118.658755][ T40] audit: type=1326 audit(1755268245.967:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8320 comm="syz.3.945" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 118.663334][ T8325] team0: Port device geneve0 added [ 118.666330][ T40] audit: type=1326 audit(1755268245.967:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8320 comm="syz.3.945" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 118.675112][ T40] audit: type=1326 audit(1755268245.967:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8320 comm="syz.3.945" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 119.515042][ T8332] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 119.518193][ T8332] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 119.522653][ T8332] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 119.525541][ T8332] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 119.527478][ T8332] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 119.530605][ T8332] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 119.533792][ T8332] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 119.535793][ T8332] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 119.538429][ T8332] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 119.540834][ T8332] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 119.542748][ T8332] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 119.546165][ T8332] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 119.550460][ T5987] Bluetooth: hci4: sending frame failed (-49) [ 119.553411][ T5975] Bluetooth: hci4: Entering manufacturer mode failed (-49) [ 119.584812][ T8365] netlink: 'syz.3.964': attribute type 10 has an invalid length. [ 119.588125][ T8365] netlink: 40 bytes leftover after parsing attributes in process `syz.3.964'. [ 119.597592][ T8365] team0: Port device geneve0 added [ 119.910025][ T8389] bond1: entered allmulticast mode [ 119.912016][ T8389] 8021q: adding VLAN 0 to HW filter on device bond1 [ 119.914790][ T8389] bridge0: port 3(bond1) entered blocking state [ 119.916905][ T8389] bridge0: port 3(bond1) entered disabled state [ 119.920294][ T8389] bond1: entered promiscuous mode [ 119.922420][ T8389] bridge0: port 3(bond1) entered blocking state [ 119.925241][ T8389] bridge0: port 3(bond1) entered forwarding state [ 119.934551][ T46] bridge0: port 3(bond1) entered disabled state [ 120.135920][ T8415] netlink: 'syz.0.982': attribute type 10 has an invalid length. [ 120.138364][ T8415] netlink: 40 bytes leftover after parsing attributes in process `syz.0.982'. [ 120.147046][ T8415] team0: Port device geneve0 added [ 120.769067][ T8396] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 120.771078][ T8396] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 120.773040][ T8396] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 120.775080][ T8396] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 120.778585][ T5987] Bluetooth: hci4: sending frame failed (-49) [ 120.781202][ T5975] Bluetooth: hci4: Entering manufacturer mode failed (-49) [ 120.835006][ T8448] bond1: entered allmulticast mode [ 120.836910][ T8448] 8021q: adding VLAN 0 to HW filter on device bond1 [ 120.839367][ T8448] bridge0: port 3(bond1) entered blocking state [ 120.841422][ T8448] bridge0: port 3(bond1) entered disabled state [ 120.844588][ T8448] bond1: entered promiscuous mode [ 120.847132][ T8448] bridge0: port 3(bond1) entered blocking state [ 120.849875][ T8448] bridge0: port 3(bond1) entered forwarding state [ 120.939088][ T1140] bridge0: port 3(bond1) entered disabled state [ 122.669868][ T8483] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 122.672563][ T8483] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 122.674844][ T8483] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 122.676872][ T8483] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 122.681055][ T5987] Bluetooth: hci4: sending frame failed (-49) [ 122.683678][ T5975] Bluetooth: hci4: Entering manufacturer mode failed (-49) [ 122.766267][ T8495] bond1: entered allmulticast mode [ 122.768127][ T8495] 8021q: adding VLAN 0 to HW filter on device bond1 [ 122.770497][ T8495] bridge0: port 3(bond1) entered blocking state [ 122.772539][ T8495] bridge0: port 3(bond1) entered disabled state [ 122.775652][ T8495] bond1: entered promiscuous mode [ 122.777488][ T8495] bridge0: port 3(bond1) entered blocking state [ 122.779480][ T8495] bridge0: port 3(bond1) entered forwarding state [ 122.787410][ T12] bridge0: port 3(bond1) entered disabled state [ 122.791019][ T8496] syzkaller1: entered promiscuous mode [ 122.792769][ T8496] syzkaller1: entered allmulticast mode [ 123.243687][ T24] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 123.409678][ T24] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 123.412698][ T24] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 123.416733][ T24] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 123.419516][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.628874][ T24] usb 5-1: usb_control_msg returned -32 [ 123.630712][ T24] usbtmc 5-1:16.0: can't read capabilities [ 123.993567][ T5975] Bluetooth: hci3: command 0x0c1a tx timeout [ 124.506853][ T8521] bond2: entered allmulticast mode [ 124.508752][ T8521] 8021q: adding VLAN 0 to HW filter on device bond2 [ 124.511148][ T8521] bridge0: port 4(bond2) entered blocking state [ 124.514001][ T8521] bridge0: port 4(bond2) entered disabled state [ 124.517092][ T8521] bond2: entered promiscuous mode [ 124.519000][ T8521] bridge0: port 4(bond2) entered blocking state [ 124.520981][ T8521] bridge0: port 4(bond2) entered forwarding state [ 124.616217][ T8535] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.1026'. [ 124.639273][ T8537] bond2: entered allmulticast mode [ 124.641128][ T8537] 8021q: adding VLAN 0 to HW filter on device bond2 [ 124.643629][ T8537] bridge0: port 4(bond2) entered blocking state [ 124.645660][ T8537] bridge0: port 4(bond2) entered disabled state [ 124.648618][ T8537] bond2: entered promiscuous mode [ 124.650468][ T8537] bridge0: port 4(bond2) entered blocking state [ 124.652466][ T8537] bridge0: port 4(bond2) entered forwarding state [ 124.713554][ T5975] Bluetooth: hci2: command 0x0c1a tx timeout [ 124.713633][ T5987] Bluetooth: hci1: command 0x0c1a tx timeout [ 124.713654][ T5989] Bluetooth: hci0: command 0x0c1a tx timeout [ 124.845685][ T13] bridge0: port 4(bond2) entered disabled state [ 124.849286][ T13] bridge0: port 4(bond2) entered disabled state [ 125.359011][ T8526] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 125.361068][ T8526] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 125.363018][ T8526] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 125.365245][ T8526] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 125.663924][ T8573] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 126.016707][ T6073] usb 5-1: USB disconnect, device number 9 [ 126.441005][ T5974] libceph: connect (1)[c::]:6789 error -101 [ 126.443083][ T5974] libceph: mon0 (1)[c::]:6789 connect error [ 126.703847][ T5974] libceph: connect (1)[c::]:6789 error -101 [ 126.705906][ T5974] libceph: mon0 (1)[c::]:6789 connect error [ 126.752697][ T8595] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 126.755192][ T8595] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 126.757145][ T8595] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 126.759158][ T8595] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 126.763236][ T5975] Bluetooth: hci4: sending frame failed (-49) [ 126.766084][ T5987] Bluetooth: hci4: Entering manufacturer mode failed (-49) [ 127.213721][ T5974] libceph: connect (1)[c::]:6789 error -101 [ 127.215752][ T5974] libceph: mon0 (1)[c::]:6789 connect error [ 127.270932][ T8638] ceph: No mds server is up or the cluster is laggy [ 127.637407][ T8682] cgroup: fork rejected by pids controller in /syz0 [ 127.764837][ T8693] hsr0: entered promiscuous mode [ 127.767176][ T8693] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1091'. [ 127.771837][ T8693] hsr_slave_0: left promiscuous mode [ 127.775108][ T8693] hsr_slave_1: left promiscuous mode [ 127.788190][ T8693] hsr0 (unregistering): left promiscuous mode [ 127.893334][ T8705] netlink: 348 bytes leftover after parsing attributes in process `syz.2.1098'. [ 127.992459][ T12] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.048375][ T12] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.073569][ T5987] Bluetooth: hci3: command 0x0c1a tx timeout [ 128.121338][ T12] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.188897][ T5975] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 128.192042][ T5975] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 128.194827][ T5975] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 128.198004][ T5975] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 128.200611][ T5975] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 128.209087][ T12] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.300945][ T8734] chnl_net:caif_netlink_parms(): no params data found [ 128.311243][ T12] bond1: left promiscuous mode [ 128.312952][ T12] bridge0: port 3(bond1) entered disabled state [ 128.317593][ T12] bridge_slave_1: left allmulticast mode [ 128.319396][ T12] bridge_slave_1: left promiscuous mode [ 128.321219][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.326724][ T12] bridge_slave_0: left allmulticast mode [ 128.328529][ T12] bridge_slave_0: left promiscuous mode [ 128.330379][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.439280][ T12] team0: Port device geneve0 removed [ 128.557219][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 128.561213][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 128.564964][ T12] bond0 (unregistering): Released all slaves [ 128.612100][ T12] bond1 (unregistering): Released all slaves [ 128.668261][ T8734] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.670575][ T8734] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.672840][ T8734] bridge_slave_0: entered allmulticast mode [ 128.675624][ T8734] bridge_slave_0: entered promiscuous mode [ 128.679185][ T8734] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.681462][ T8734] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.683977][ T8734] bridge_slave_1: entered allmulticast mode [ 128.686579][ T8734] bridge_slave_1: entered promiscuous mode [ 128.717018][ T8734] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 128.721376][ T8734] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 128.750475][ T8734] team0: Port device team_slave_0 added [ 128.755619][ T8734] team0: Port device team_slave_1 added [ 128.784031][ T8734] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 128.786208][ T8734] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 128.793516][ T5975] Bluetooth: hci1: command 0x0c1a tx timeout [ 128.794174][ T5987] Bluetooth: hci0: command 0x0c1a tx timeout [ 128.796840][ T8734] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 128.802019][ T8734] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 128.804138][ T8734] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 128.811317][ T8734] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 128.848193][ T8734] hsr_slave_0: entered promiscuous mode [ 128.850379][ T8734] hsr_slave_1: entered promiscuous mode [ 129.417373][ T8734] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 129.421250][ T8734] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 129.425415][ T8734] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 129.429182][ T8734] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 129.472841][ T8734] 8021q: adding VLAN 0 to HW filter on device bond0 [ 129.481431][ T8734] 8021q: adding VLAN 0 to HW filter on device team0 [ 129.489920][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.492710][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 129.501027][ T92] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.503113][ T92] bridge0: port 2(bridge_slave_1) entered forwarding state [ 129.506727][ T40] kauditd_printk_skb: 41 callbacks suppressed [ 129.506736][ T40] audit: type=1326 audit(1755268512.871:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8778 comm="syz.3.1124" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x0 [ 129.602468][ T8734] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 129.623153][ T8734] veth0_vlan: entered promiscuous mode [ 129.629287][ T8734] veth1_vlan: entered promiscuous mode [ 129.641866][ T8734] veth0_macvtap: entered promiscuous mode [ 129.646599][ T8734] veth1_macvtap: entered promiscuous mode [ 129.654517][ T8734] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 129.660290][ T8734] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 129.666231][ T46] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.668819][ T46] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.671602][ T46] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.674464][ T46] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.699016][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.701856][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.712634][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.715276][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 130.153531][ T5987] Bluetooth: hci3: command 0x0c1a tx timeout [ 130.233668][ T5987] Bluetooth: hci2: command tx timeout [ 130.442478][ T8808] syzkaller1: entered promiscuous mode [ 130.444380][ T8808] syzkaller1: entered allmulticast mode [ 130.462241][ T8812] input: syz0 as /devices/virtual/input/input11 [ 130.492095][ T8814] "syz.1.1136" (8814) uses obsolete ecb(arc4) skcipher [ 130.498410][ T40] audit: type=1326 audit(1755268513.861:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8815 comm="syz.3.1137" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70ee579 code=0x0 [ 130.602781][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 130.605694][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 130.610988][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 130.613303][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 130.643818][ T12] veth1_macvtap: left promiscuous mode [ 130.645444][ T12] veth0_macvtap: left promiscuous mode [ 130.873582][ T5987] Bluetooth: hci1: command 0x0c1a tx timeout [ 130.875525][ T5975] Bluetooth: hci0: command 0x0c1a tx timeout [ 131.242958][ T12] team0 (unregistering): Port device team_slave_1 removed [ 131.325019][ T12] team0 (unregistering): Port device team_slave_0 removed [ 132.250187][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805ff09c00: rx timeout, send abort [ 132.252823][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805ff0ac00: rx timeout, send abort [ 132.255531][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805ff09c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 132.260641][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805ff0ac00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 132.287607][ T40] audit: type=1326 audit(1755268515.651:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8863 comm="syz.1.1157" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf708e579 code=0x0 [ 132.329319][ T5987] Bluetooth: hci2: command tx timeout [ 132.331256][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.333716][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.441539][ T1329] libceph: connect (1)[c::]:6789 error -101 [ 132.446434][ T1329] libceph: mon0 (1)[c::]:6789 connect error [ 132.495948][ T2296] libceph: connect (1)[c::]:6789 error -101 [ 132.498445][ T2296] libceph: mon0 (1)[c::]:6789 connect error [ 132.548723][ T8898] sock: sock_set_timeout: `syz.0.1174' (pid 8898) tries to set negative timeout [ 132.703663][ T6578] libceph: connect (1)[c::]:6789 error -101 [ 132.705648][ T6578] libceph: mon0 (1)[c::]:6789 connect error [ 132.763679][ T2296] libceph: connect (1)[c::]:6789 error -101 [ 132.766179][ T2296] libceph: mon0 (1)[c::]:6789 connect error [ 132.904822][ T1329] usb 8-1: new full-speed USB device number 9 using dummy_hcd [ 133.055900][ T1329] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 133.058678][ T1329] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 133.062379][ T1329] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 133.065044][ T1329] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.223878][ T6578] libceph: connect (1)[c::]:6789 error -101 [ 133.225745][ T6578] libceph: mon0 (1)[c::]:6789 connect error [ 133.270127][ T8885] ceph: No mds server is up or the cluster is laggy [ 133.270133][ T8894] ceph: No mds server is up or the cluster is laggy [ 133.274196][ T2296] libceph: connect (1)[c::]:6789 error -101 [ 133.277207][ T2296] libceph: mon0 (1)[c::]:6789 connect error [ 133.277434][ T1329] usb 8-1: usb_control_msg returned -32 [ 133.281189][ T1329] usbtmc 8-1:16.0: can't read capabilities [ 133.529577][ T8924] syzkaller1: entered promiscuous mode [ 133.531365][ T8924] syzkaller1: entered allmulticast mode [ 133.820623][ T8942] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.1189'. [ 133.914539][ T8951] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1203'. [ 134.393685][ T5987] Bluetooth: hci2: command tx timeout [ 135.670117][ T67] usb 8-1: USB disconnect, device number 9 [ 135.695022][ T8956] syzkaller1: entered promiscuous mode [ 135.696792][ T8956] syzkaller1: entered allmulticast mode [ 135.933824][ T1329] usb 6-1: new full-speed USB device number 10 using dummy_hcd [ 136.105916][ T1329] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 136.108705][ T1329] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 136.112303][ T1329] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 136.115122][ T1329] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.326012][ T1329] usb 6-1: usb_control_msg returned -32 [ 136.327649][ T1329] usbtmc 6-1:16.0: can't read capabilities [ 136.473788][ T5987] Bluetooth: hci2: command tx timeout [ 138.704064][ T2296] usb 6-1: USB disconnect, device number 10 [ 139.214868][ T8998] @: renamed from vlan0 (while UP) [ 139.563514][ T2296] usb 8-1: new full-speed USB device number 10 using dummy_hcd [ 139.714671][ T2296] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 139.717812][ T2296] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 139.721837][ T2296] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 139.725938][ T2296] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.935692][ T2296] usb 8-1: usb_control_msg returned -32 [ 139.937508][ T2296] usbtmc 8-1:16.0: can't read capabilities [ 141.392428][ T9050] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 142.066936][ T9081] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 142.339104][ T10] usb 8-1: USB disconnect, device number 10 [ 142.653529][ T2296] usb 7-1: new full-speed USB device number 9 using dummy_hcd [ 142.804709][ T2296] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 142.807984][ T2296] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 142.811965][ T2296] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 142.814901][ T2296] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.023853][ T2296] usb 7-1: usb_control_msg returned -32 [ 143.025702][ T2296] usbtmc 7-1:16.0: can't read capabilities [ 145.421725][ T24] usb 7-1: USB disconnect, device number 9 [ 145.857258][ T2296] libceph: connect (1)[c::]:6789 error -101 [ 145.859244][ T2296] libceph: mon0 (1)[c::]:6789 connect error [ 146.115110][ T1329] libceph: connect (1)[c::]:6789 error -101 [ 146.117100][ T1329] libceph: mon0 (1)[c::]:6789 connect error [ 146.623699][ T2296] libceph: connect (1)[c::]:6789 error -101 [ 146.625777][ T2296] libceph: mon0 (1)[c::]:6789 connect error [ 146.687730][ T9167] ceph: No mds server is up or the cluster is laggy [ 146.815477][ T2296] libceph: connect (1)[c::]:6789 error -101 [ 146.817495][ T2296] libceph: mon0 (1)[c::]:6789 connect error [ 147.073775][ T2296] libceph: connect (1)[c::]:6789 error -101 [ 147.075775][ T2296] libceph: mon0 (1)[c::]:6789 connect error [ 147.596760][ T10] libceph: connect (1)[c::]:6789 error -101 [ 147.603186][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 147.646246][ T9190] ceph: No mds server is up or the cluster is laggy [ 150.380317][ T67] libceph: connect (1)[c::]:6789 error -101 [ 150.382283][ T67] libceph: mon0 (1)[c::]:6789 connect error [ 150.643709][ T67] libceph: connect (1)[c::]:6789 error -101 [ 150.645692][ T67] libceph: mon0 (1)[c::]:6789 connect error [ 151.156225][ T67] libceph: connect (1)[c::]:6789 error -101 [ 151.158780][ T67] libceph: mon0 (1)[c::]:6789 connect error [ 151.210964][ T9218] ceph: No mds server is up or the cluster is laggy [ 151.375512][ T1329] libceph: connect (1)[c::]:6789 error -101 [ 151.377434][ T1329] libceph: mon0 (1)[c::]:6789 connect error [ 151.454154][ T9254] cgroup: fork rejected by pids controller in /syz2 [ 151.643698][ T1329] libceph: connect (1)[c::]:6789 error -101 [ 151.645668][ T1329] libceph: mon0 (1)[c::]:6789 connect error [ 152.154309][ T1329] libceph: connect (1)[c::]:6789 error -101 [ 152.156284][ T1329] libceph: mon0 (1)[c::]:6789 connect error [ 152.205910][ T9248] ceph: No mds server is up or the cluster is laggy [ 152.323087][ T9276] hsr0: entered promiscuous mode [ 152.325840][ T9276] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1326'. [ 152.328800][ T9276] hsr_slave_0: left promiscuous mode [ 152.331427][ T9276] hsr_slave_1: left promiscuous mode [ 152.339838][ T9276] hsr0 (unregistering): left promiscuous mode [ 152.496517][ T1168] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.568642][ T1168] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.637397][ T1168] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.706456][ T1168] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.810559][ T1168] bridge_slave_1: left allmulticast mode [ 152.812378][ T1168] bridge_slave_1: left promiscuous mode [ 152.814362][ T1168] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.818115][ T1168] bridge_slave_0: left allmulticast mode [ 152.819893][ T1168] bridge_slave_0: left promiscuous mode [ 152.821710][ T1168] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.913399][ T1168] team0: Port device geneve0 removed [ 153.048249][ T1168] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 153.052546][ T1168] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 153.056169][ T1168] bond0 (unregistering): Released all slaves [ 154.402931][ T9281] cgroup: fork rejected by pids controller in /syz3 [ 154.530412][ T5975] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 154.535021][ T5975] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 154.537607][ T9299] hsr0: entered promiscuous mode [ 154.537957][ T5975] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 154.539826][ T9299] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1337'. [ 154.542103][ T5975] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 154.546562][ T9299] hsr_slave_0: left promiscuous mode [ 154.547682][ T5975] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 154.550467][ T9299] hsr_slave_1: left promiscuous mode [ 154.560911][ T9299] hsr0 (unregistering): left promiscuous mode [ 154.659688][ T9296] chnl_net:caif_netlink_parms(): no params data found [ 154.749522][ T9296] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.752679][ T9296] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.758571][ T9296] bridge_slave_0: entered allmulticast mode [ 154.761248][ T9296] bridge_slave_0: entered promiscuous mode [ 154.771660][ T1168] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 154.774244][ T1168] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 154.776881][ T1168] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 154.779217][ T1168] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 154.790676][ T1168] veth1_macvtap: left promiscuous mode [ 154.792505][ T1168] veth0_macvtap: left promiscuous mode [ 154.814367][ T5989] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 154.817659][ T5989] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 154.820200][ T5989] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 154.829652][ T5989] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 154.833548][ T5989] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 155.173682][ T1168] team0 (unregistering): Port device team_slave_1 removed [ 155.219668][ T1168] team0 (unregistering): Port device team_slave_0 removed [ 155.562622][ T9296] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.565551][ T9296] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.567845][ T9296] bridge_slave_1: entered allmulticast mode [ 155.570424][ T9296] bridge_slave_1: entered promiscuous mode [ 155.599836][ T9296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 155.604584][ T9296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 155.635321][ T9296] team0: Port device team_slave_0 added [ 155.640242][ T9296] team0: Port device team_slave_1 added [ 155.680806][ T9296] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 155.683087][ T9296] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 155.691123][ T9296] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 155.698241][ T9296] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 155.701036][ T9296] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 155.713333][ T9296] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 155.757835][ T9296] hsr_slave_0: entered promiscuous mode [ 155.760516][ T9296] hsr_slave_1: entered promiscuous mode [ 155.763044][ T9296] debugfs: 'hsr0' already exists in 'hsr' [ 155.765426][ T9296] Cannot create hsr debugfs directory [ 155.864099][ T9312] chnl_net:caif_netlink_parms(): no params data found [ 155.939860][ T9312] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.942144][ T9312] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.944639][ T9312] bridge_slave_0: entered allmulticast mode [ 155.947231][ T9312] bridge_slave_0: entered promiscuous mode [ 155.950307][ T9312] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.952541][ T9312] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.955312][ T9312] bridge_slave_1: entered allmulticast mode [ 155.957859][ T9312] bridge_slave_1: entered promiscuous mode [ 155.990215][ T9312] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 155.998376][ T9312] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 156.028797][ T9312] team0: Port device team_slave_0 added [ 156.031923][ T9312] team0: Port device team_slave_1 added [ 156.061049][ T9312] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 156.063257][ T9312] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.071351][ T9312] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 156.076584][ T9312] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 156.078752][ T9312] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.086818][ T9312] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 156.125578][ T9312] hsr_slave_0: entered promiscuous mode [ 156.127797][ T9312] hsr_slave_1: entered promiscuous mode [ 156.129813][ T9312] debugfs: 'hsr0' already exists in 'hsr' [ 156.131599][ T9312] Cannot create hsr debugfs directory [ 156.204401][ T1168] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.281626][ T1168] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.391154][ T1168] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.447192][ T1168] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.519934][ T1168] bond2: left promiscuous mode [ 156.521600][ T1168] bridge0: port 4(bond2) entered disabled state [ 156.524909][ T1168] bond1: left promiscuous mode [ 156.526495][ T1168] bridge0: port 3(bond1) entered disabled state [ 156.530220][ T1168] bridge_slave_1: left allmulticast mode [ 156.532008][ T1168] bridge_slave_1: left promiscuous mode [ 156.533927][ T1168] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.537266][ T1168] bridge_slave_0: left allmulticast mode [ 156.539037][ T1168] bridge_slave_0: left promiscuous mode [ 156.541030][ T1168] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.566143][ T5987] Bluetooth: hci0: command tx timeout [ 156.630353][ T1168] team0: Port device geneve0 removed [ 156.728042][ T1168] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 156.731882][ T1168] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 156.736057][ T1168] bond0 (unregistering): Released all slaves [ 156.780638][ T1168] bond1 (unregistering): Released all slaves [ 156.825588][ T1168] bond2 (unregistering): Released all slaves [ 156.883585][ T5987] Bluetooth: hci3: command tx timeout [ 157.264476][ T9296] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 157.268406][ T9296] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 157.272173][ T9296] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 157.279571][ T9296] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 157.307004][ T9312] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 157.310982][ T9312] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 157.315087][ T9312] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 157.318859][ T9312] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 157.360430][ T9296] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.370780][ T9296] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.377116][ T1069] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.379366][ T1069] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.387476][ T8848] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.389735][ T8848] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.400412][ T9312] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.415652][ T9312] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.422127][ T1069] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.424431][ T1069] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.431444][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.433754][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.515138][ T9296] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.540277][ T9312] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.545609][ T9296] veth0_vlan: entered promiscuous mode [ 157.551982][ T9296] veth1_vlan: entered promiscuous mode [ 157.568283][ T9312] veth0_vlan: entered promiscuous mode [ 157.575438][ T9296] veth0_macvtap: entered promiscuous mode [ 157.578565][ T9312] veth1_vlan: entered promiscuous mode [ 157.582037][ T9296] veth1_macvtap: entered promiscuous mode [ 157.591698][ T9296] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 157.600550][ T9296] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 157.608359][ T60] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.611128][ T60] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.614908][ T9312] veth0_macvtap: entered promiscuous mode [ 157.617292][ T60] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.620915][ T60] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.627174][ T9312] veth1_macvtap: entered promiscuous mode [ 157.647192][ T9312] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 157.656749][ T9312] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 157.663291][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.666246][ T1140] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.666279][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 157.669039][ T1140] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.683619][ T1140] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.688411][ T1140] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.695185][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.697677][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 157.716326][ T8848] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.718849][ T8848] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 157.728899][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.731390][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 157.762636][ T9345] netlink: 348 bytes leftover after parsing attributes in process `syz.1.1341'. [ 157.846957][ T9357] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1346'. [ 157.955567][ T9370] hsr0: entered promiscuous mode [ 157.957663][ T9370] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1357'. [ 157.961812][ T9370] hsr_slave_0: left promiscuous mode [ 157.969429][ T9370] hsr_slave_1: left promiscuous mode [ 157.981458][ T9370] hsr0 (unregistering): left promiscuous mode [ 158.065656][ T9377] netlink: 348 bytes leftover after parsing attributes in process `syz.3.1353'. [ 158.633580][ T5987] Bluetooth: hci0: command tx timeout [ 158.742474][ T1168] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 158.744949][ T1168] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 158.747816][ T1168] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 158.750131][ T1168] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 158.755962][ T1168] veth1_macvtap: left promiscuous mode [ 158.757718][ T1168] veth0_macvtap: left promiscuous mode [ 158.928965][ T9400] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1365'. [ 158.955143][ T5987] Bluetooth: hci3: command tx timeout [ 159.198325][ T1168] team0 (unregistering): Port device team_slave_1 removed [ 159.257871][ T1168] team0 (unregistering): Port device team_slave_0 removed [ 160.723559][ T5987] Bluetooth: hci0: command tx timeout [ 160.895615][ T40] audit: type=1326 audit(1755269568.259:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9471 comm="syz.0.1397" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x0 [ 161.033491][ T5987] Bluetooth: hci3: command tx timeout [ 162.793826][ T5987] Bluetooth: hci0: command tx timeout [ 162.817756][ T9512] syzkaller1: entered promiscuous mode [ 162.819513][ T9512] syzkaller1: entered allmulticast mode [ 162.820553][ T9514] "syz.2.1424" (9514) uses obsolete ecb(arc4) skcipher [ 163.062834][ T40] audit: type=1326 audit(1755269570.419:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9519 comm="syz.1.1419" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x0 [ 163.123629][ T5987] Bluetooth: hci3: command tx timeout [ 163.224346][ T9528] input: syz0 as /devices/virtual/input/input12 [ 163.660898][ T40] audit: type=1326 audit(1755269571.019:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9540 comm="syz.2.1427" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70de579 code=0x0 [ 163.681999][ T9543] syzkaller1: entered promiscuous mode [ 163.683851][ T9543] syzkaller1: entered allmulticast mode [ 163.941961][ T9552] "syz.0.1431" (9552) uses obsolete ecb(arc4) skcipher [ 163.986753][ T9556] input: syz0 as /devices/virtual/input/input13 [ 164.022135][ T9559] "syz.0.1443" (9559) uses obsolete ecb(arc4) skcipher [ 164.170730][ T9566] input: syz0 as /devices/virtual/input/input14 [ 164.305746][ T9575] syzkaller1: entered promiscuous mode [ 164.307590][ T9575] syzkaller1: entered allmulticast mode [ 164.466058][ T9588] "syz.1.1447" (9588) uses obsolete ecb(arc4) skcipher [ 164.562026][ T9592] syzkaller1: entered promiscuous mode [ 164.564483][ T9592] syzkaller1: entered allmulticast mode [ 164.567522][ T9594] input: syz0 as /devices/virtual/input/input15 [ 165.080231][ T40] audit: type=1326 audit(1755269572.439:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9620 comm="syz.1.1458" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf708e579 code=0x0 [ 166.235379][ C0] vcan0: j1939_tp_rxtimer: 0xffff88804e5b1800: rx timeout, send abort [ 166.237981][ C0] vcan0: j1939_tp_rxtimer: 0xffff88804e5b0c00: rx timeout, send abort [ 166.240611][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88804e5b1800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 166.245604][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88804e5b0c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 166.346016][ T40] audit: type=1326 audit(1755269573.709:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9642 comm="syz.3.1471" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf703e579 code=0x0 [ 167.382044][ T6073] libceph: connect (1)[c::]:6789 error -101 [ 167.385301][ T6073] libceph: mon0 (1)[c::]:6789 connect error [ 167.433376][ T6073] libceph: connect (1)[c::]:6789 error -101 [ 167.435486][ T6073] libceph: mon0 (1)[c::]:6789 connect error [ 167.643746][ T6073] libceph: connect (1)[c::]:6789 error -101 [ 167.645747][ T6073] libceph: mon0 (1)[c::]:6789 connect error [ 167.694305][ T6073] libceph: connect (1)[c::]:6789 error -101 [ 167.696316][ T6073] libceph: mon0 (1)[c::]:6789 connect error [ 167.923987][ C0] vcan0: j1939_tp_rxtimer: 0xffff888027587000: rx timeout, send abort [ 167.926656][ C0] vcan0: j1939_tp_rxtimer: 0xffff888027586800: rx timeout, send abort [ 167.929259][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888027587000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 167.933740][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888027586800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 167.960905][ T40] audit: type=1326 audit(1755269575.319:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9693 comm="syz.2.1488" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70de579 code=0x0 [ 168.157042][ T6073] libceph: connect (1)[c::]:6789 error -101 [ 168.159045][ T6073] libceph: mon0 (1)[c::]:6789 connect error [ 168.214259][ T9685] ceph: No mds server is up or the cluster is laggy [ 168.215089][ T6073] libceph: connect (1)[c::]:6789 error -101 [ 168.215279][ T9688] ceph: No mds server is up or the cluster is laggy [ 168.222973][ T6073] libceph: mon0 (1)[c::]:6789 connect error [ 168.458169][ T6073] libceph: connect (1)[c::]:6789 error -101 [ 168.460172][ T6073] libceph: mon0 (1)[c::]:6789 connect error [ 168.463322][ T9729] sock: sock_set_timeout: `syz.3.1509' (pid 9729) tries to set negative timeout [ 168.508916][ T6058] libceph: connect (1)[c::]:6789 error -101 [ 168.511369][ T6058] libceph: mon0 (1)[c::]:6789 connect error [ 168.725114][ T6073] libceph: connect (1)[c::]:6789 error -101 [ 168.727106][ T6073] libceph: mon0 (1)[c::]:6789 connect error [ 168.783772][ T6058] libceph: connect (1)[c::]:6789 error -101 [ 168.785752][ T6058] libceph: mon0 (1)[c::]:6789 connect error [ 169.233815][ T29] libceph: connect (1)[c::]:6789 error -101 [ 169.236140][ T29] libceph: mon0 (1)[c::]:6789 connect error [ 169.288179][ T9725] ceph: No mds server is up or the cluster is laggy [ 169.288195][ T9732] ceph: No mds server is up or the cluster is laggy [ 169.293725][ T6058] libceph: connect (1)[c::]:6789 error -101 [ 169.295808][ T6058] libceph: mon0 (1)[c::]:6789 connect error [ 169.338680][ T29] libceph: connect (1)[c::]:6789 error -101 [ 169.340709][ T29] libceph: mon0 (1)[c::]:6789 connect error [ 169.400689][ T6578] libceph: connect (1)[c::]:6789 error -101 [ 169.402660][ T6578] libceph: mon0 (1)[c::]:6789 connect error [ 169.593797][ T6058] libceph: connect (1)[c::]:6789 error -101 [ 169.595883][ T6058] libceph: mon0 (1)[c::]:6789 connect error [ 169.663712][ T29] libceph: connect (1)[c::]:6789 error -101 [ 169.665735][ T29] libceph: mon0 (1)[c::]:6789 connect error [ 170.104438][ T6058] libceph: connect (1)[c::]:6789 error -101 [ 170.106406][ T6058] libceph: mon0 (1)[c::]:6789 connect error [ 170.169116][ T9747] ceph: No mds server is up or the cluster is laggy [ 170.169118][ T9739] ceph: No mds server is up or the cluster is laggy [ 170.173965][ T29] libceph: connect (1)[c::]:6789 error -101 [ 170.174105][ T29] libceph: mon0 (1)[c::]:6789 connect error [ 170.418159][ T9764] sock: sock_set_timeout: `syz.1.1521' (pid 9764) tries to set negative timeout [ 170.451425][ T6058] libceph: connect (1)[c::]:6789 error -101 [ 170.453373][ T6058] libceph: mon0 (1)[c::]:6789 connect error [ 170.502586][ T6058] libceph: connect (1)[c::]:6789 error -101 [ 170.504769][ T6058] libceph: mon0 (1)[c::]:6789 connect error [ 170.727579][ T6058] libceph: connect (1)[c::]:6789 error -101 [ 170.729560][ T6058] libceph: mon0 (1)[c::]:6789 connect error [ 170.763712][ T6058] libceph: connect (1)[c::]:6789 error -101 [ 170.765658][ T6058] libceph: mon0 (1)[c::]:6789 connect error [ 171.234760][ T24] libceph: connect (1)[c::]:6789 error -101 [ 171.236734][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 171.273804][ T24] libceph: connect (1)[c::]:6789 error -101 [ 171.276123][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 171.284307][ T9776] ceph: No mds server is up or the cluster is laggy [ 171.284362][ T9772] ceph: No mds server is up or the cluster is laggy [ 171.320862][ T40] audit: type=1326 audit(1755269578.679:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9783 comm="syz.2.1528" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 171.327923][ T40] audit: type=1326 audit(1755269578.679:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9783 comm="syz.2.1528" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 171.337813][ T40] audit: type=1326 audit(1755269578.679:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9783 comm="syz.2.1528" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 171.344618][ T40] audit: type=1326 audit(1755269578.679:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9783 comm="syz.2.1528" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 171.351100][ T40] audit: type=1326 audit(1755269578.679:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9783 comm="syz.2.1528" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 171.359847][ T40] audit: type=1326 audit(1755269578.679:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9783 comm="syz.2.1528" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 171.366610][ T40] audit: type=1326 audit(1755269578.679:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9783 comm="syz.2.1528" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 171.373104][ T40] audit: type=1326 audit(1755269578.679:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9783 comm="syz.2.1528" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 171.373806][ T9790] netlink: 'syz.1.1531': attribute type 10 has an invalid length. [ 171.380475][ T40] audit: type=1326 audit(1755269578.679:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9783 comm="syz.2.1528" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 171.382359][ T9790] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1531'. [ 171.389464][ T40] audit: type=1326 audit(1755269578.699:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9783 comm="syz.2.1528" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 171.389521][ T40] audit: type=1326 audit(1755269578.699:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9783 comm="syz.2.1528" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 171.389545][ T40] audit: type=1326 audit(1755269578.699:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9783 comm="syz.2.1528" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 171.389566][ T40] audit: type=1326 audit(1755269578.709:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9783 comm="syz.2.1528" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 171.389585][ T40] audit: type=1326 audit(1755269578.709:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9783 comm="syz.2.1528" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 171.389607][ T40] audit: type=1326 audit(1755269578.709:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9783 comm="syz.2.1528" exe="/syz-executor" sig=0 arch=40000003 syscall=312 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 171.455825][ T9790] team0: Port device geneve0 added [ 171.751854][ T9844] netlink: 240 bytes leftover after parsing attributes in process `syz.0.1551'. [ 171.859897][ T9847] af_packet: tpacket_rcv: packet too big, clamped from 32 to 4294967272. macoff=96 [ 171.995086][ T9868] netlink: 240 bytes leftover after parsing attributes in process `syz.1.1570'. [ 172.415509][ T9912] netlink: 240 bytes leftover after parsing attributes in process `syz.3.1583'. [ 172.646018][ T9939] netlink: 240 bytes leftover after parsing attributes in process `syz.2.1595'. [ 173.523257][ T9985] binder: 9984:9985 ioctl c0306201 800001c0 returned -22 [ 174.389354][T10015] binder: 10013:10015 ioctl c0306201 800001c0 returned -22 [ 175.678483][T10047] binder: 10045:10047 ioctl c0306201 800001c0 returned -22 [ 176.790211][T10076] binder: 10073:10076 ioctl c0306201 800001c0 returned -22 [ 178.971905][T10156] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1704'. [ 179.866947][T10183] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.1707'. [ 180.065338][ T839] IPVS: starting estimator thread 0... [ 180.068211][T10201] tipc: Started in network mode [ 180.069906][T10201] tipc: Node identity ac1414aa, cluster identity 4711 [ 180.072574][T10201] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 180.075273][T10201] tipc: Enabled bearer , priority 10 [ 180.164089][T10202] IPVS: using max 45 ests per chain, 108000 per kthread [ 180.204416][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 180.343573][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 180.493480][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 180.643521][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 180.734510][T10209] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.1719'. [ 180.741253][ T2296] IPVS: starting estimator thread 0... [ 180.745869][T10212] tipc: Started in network mode [ 180.747473][T10212] tipc: Node identity ac1414aa, cluster identity 4711 [ 180.749862][T10212] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 180.752031][T10212] tipc: Enabled bearer , priority 10 [ 180.783479][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 180.843944][T10215] IPVS: using max 45 ests per chain, 108000 per kthread [ 180.883540][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 180.923480][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 181.023556][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 181.064448][ T839] tipc: Node number set to 2886997162 [ 181.847669][T10244] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.1732'. [ 181.850199][ T2296] IPVS: starting estimator thread 0... [ 181.853702][T10245] tipc: Started in network mode [ 181.855353][T10245] tipc: Node identity ac1414aa, cluster identity 4711 [ 181.857860][T10245] tipc: Enabled bearer , priority 10 [ 181.863512][ T2296] tipc: Node number set to 2886997162 [ 181.953862][T10247] IPVS: using max 45 ests per chain, 108000 per kthread [ 182.042834][ T24] IPVS: starting estimator thread 0... [ 182.047646][T10279] tipc: Started in network mode [ 182.047662][T10279] tipc: Node identity ac1414aa, cluster identity 4711 [ 182.047908][T10279] tipc: Enabled bearer , priority 10 [ 182.154090][T10280] IPVS: using max 45 ests per chain, 108000 per kthread [ 182.863508][ T2296] tipc: Node number set to 2886997162 [ 183.173501][ T839] tipc: Node number set to 2886997162 [ 185.113504][ C1] net_ratelimit: 37 callbacks suppressed [ 185.113517][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 185.193481][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 185.913530][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 185.916343][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 186.153483][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 186.233589][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 186.768112][T10543] fuse: Bad value for 'fd' [ 186.769106][T10531] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 186.771653][T10531] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 186.773685][T10531] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 186.776458][T10531] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 186.779305][T10531] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 186.781310][T10531] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 186.784056][T10531] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 186.786948][T10531] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 186.788935][T10531] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 186.791399][T10531] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 186.953484][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 186.955756][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 187.193483][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 187.283478][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 187.309116][T10566] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 187.311241][T10566] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 187.313247][T10566] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 187.315603][T10566] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 187.517491][T10587] Bluetooth: MGMT ver 1.23 [ 187.755401][T10597] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 187.757933][T10597] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 187.760005][T10597] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 187.762031][T10597] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 188.742705][T10628] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 188.745424][T10628] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 188.747331][T10628] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 188.749333][T10628] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 189.023202][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 189.023213][ T40] audit: type=1326 audit(1755269596.379:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10678 comm="syz.2.1926" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 189.031892][ T40] audit: type=1326 audit(1755269596.379:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10678 comm="syz.2.1926" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 189.039862][ T40] audit: type=1326 audit(1755269596.389:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10678 comm="syz.2.1926" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 189.048669][ T40] audit: type=1326 audit(1755269596.389:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10678 comm="syz.2.1926" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 189.055911][ T40] audit: type=1326 audit(1755269596.389:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10678 comm="syz.2.1926" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 189.064432][ T40] audit: type=1326 audit(1755269596.389:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10678 comm="syz.2.1926" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 189.072730][ T40] audit: type=1326 audit(1755269596.389:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10678 comm="syz.2.1926" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 189.079439][ T40] audit: type=1326 audit(1755269596.389:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10678 comm="syz.2.1926" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 189.086096][ T40] audit: type=1326 audit(1755269596.389:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10678 comm="syz.2.1926" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 189.087509][T10663] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 189.092722][ T40] audit: type=1326 audit(1755269596.399:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10678 comm="syz.2.1926" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 189.101945][T10663] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 189.104035][T10663] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 189.106355][T10663] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 189.391652][T10693] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 189.395027][T10693] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 189.397097][T10693] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 189.399130][T10693] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 190.297552][T10823] net_ratelimit: 10 callbacks suppressed [ 190.297564][T10823] openvswitch: netlink: IPv4 tun info is not correct [ 190.323537][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 190.393483][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 190.439469][T10848] openvswitch: netlink: IPv4 tun info is not correct [ 191.113515][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 191.115745][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 191.205565][T10879] openvswitch: netlink: IPv4 tun info is not correct [ 191.336236][T10900] openvswitch: netlink: IPv4 tun info is not correct [ 191.353494][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 191.443486][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 191.445860][ T5987] Bluetooth: hci3: command 0x0c1a tx timeout [ 191.445905][ T5989] Bluetooth: hci0: command 0x0c1a tx timeout [ 191.445929][ T5335] Bluetooth: hci1: command 0x0c1a tx timeout [ 191.445960][ T5975] Bluetooth: hci2: command 0x0c1a tx timeout [ 191.605118][ T5989] block nbd0: Receive control failed (result -32) [ 192.384755][ T5989] block nbd1: Receive control failed (result -32) [ 192.485216][ T6073] kernel read not supported for file /input/event1 (pid: 6073 comm: kworker/1:5) [ 193.513677][ T5975] Bluetooth: hci3: command 0x0c1a tx timeout [ 193.515670][ T5987] Bluetooth: hci2: command 0x0c1a tx timeout [ 193.523504][ T5987] Bluetooth: hci0: command 0x0c1a tx timeout [ 193.535974][ T5989] block nbd2: Receive control failed (result -32) [ 193.615909][T10991] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2071'. [ 193.619458][ T24] kernel read not supported for file /input/event1 (pid: 24 comm: kworker/2:0) [ 193.692377][T11000] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2082'. [ 193.743032][ T6058] kernel read not supported for file /input/event1 (pid: 6058 comm: kworker/0:4) [ 193.755096][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.757121][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.184698][ T5989] block nbd3: Receive control failed (result -32) [ 194.217429][T11021] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2085'. [ 194.309162][ T6058] kernel read not supported for file /input/event1 (pid: 6058 comm: kworker/0:4) [ 194.428184][T11050] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2096'. [ 194.495243][ T5989] block nbd4: Receive control failed (result -32) [ 195.174129][T11131] netlink: 'syz.3.2136': attribute type 1 has an invalid length. [ 195.177165][T11131] netlink: 'syz.3.2136': attribute type 2 has an invalid length. [ 195.180201][T11131] netlink: 244 bytes leftover after parsing attributes in process `syz.3.2136'. [ 195.184376][T11131] netlink: 'syz.3.2136': attribute type 1 has an invalid length. [ 195.187413][T11131] netlink: 'syz.3.2136': attribute type 2 has an invalid length. [ 195.190446][T11131] netlink: 244 bytes leftover after parsing attributes in process `syz.3.2136'. [ 195.415387][T11166] netlink: 'syz.1.2149': attribute type 1 has an invalid length. [ 195.418423][T11166] netlink: 'syz.1.2149': attribute type 2 has an invalid length. [ 195.421443][T11166] netlink: 244 bytes leftover after parsing attributes in process `syz.1.2149'. [ 195.444096][T11166] netlink: 'syz.1.2149': attribute type 1 has an invalid length. [ 195.447152][T11166] netlink: 'syz.1.2149': attribute type 2 has an invalid length. [ 195.450191][T11166] netlink: 244 bytes leftover after parsing attributes in process `syz.1.2149'. [ 195.523505][ C1] net_ratelimit: 14 callbacks suppressed [ 195.523518][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 195.604203][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 195.608461][ T5989] Bluetooth: hci0: command 0x0c1a tx timeout [ 195.610907][ T5989] Bluetooth: hci2: command 0x0c1a tx timeout [ 195.613325][ T5989] Bluetooth: hci3: command 0x0c1a tx timeout [ 195.675614][T11191] netlink: 'syz.0.2161': attribute type 1 has an invalid length. [ 195.678595][T11191] netlink: 'syz.0.2161': attribute type 2 has an invalid length. [ 195.681720][T11191] netlink: 244 bytes leftover after parsing attributes in process `syz.0.2161'. [ 195.687267][T11191] netlink: 244 bytes leftover after parsing attributes in process `syz.0.2161'. [ 195.774984][T11198] macvlan0: entered promiscuous mode [ 195.783090][T11198] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 195.923911][ T59] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 196.313623][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 196.315847][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 196.553616][ C2] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 196.643502][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 196.963856][T11232] 8021q: adding VLAN 0 to HW filter on device bond1 [ 196.994699][T11232] 8021q: adding VLAN 0 to HW filter on device bond1 [ 196.996998][T11232] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 197.000930][T11232] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 197.174652][ T59] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 197.353520][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 197.355807][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 197.593490][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 197.673684][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 198.219400][T11277] 8021q: adding VLAN 0 to HW filter on device bond1 [ 198.326521][T11277] 8021q: adding VLAN 0 to HW filter on device bond1 [ 198.328853][T11277] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 198.332750][T11277] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 198.335936][ T59] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 200.259981][T11319] __nla_validate_parse: 4 callbacks suppressed [ 200.259993][T11319] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2211'. [ 200.277851][T11319] 8021q: adding VLAN 0 to HW filter on device bond1 [ 200.306313][T11319] 8021q: adding VLAN 0 to HW filter on device bond1 [ 200.308660][T11319] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 200.312598][T11319] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 200.449046][ T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 200.713543][ C1] net_ratelimit: 10 callbacks suppressed [ 200.713557][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 200.803651][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 201.513535][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 201.515734][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 201.573709][ T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 201.575228][T11358] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2225'. [ 201.589882][T11358] 8021q: adding VLAN 0 to HW filter on device bond3 [ 201.612565][T11358] 8021q: adding VLAN 0 to HW filter on device bond3 [ 201.615130][T11364] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 201.615825][T11358] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address [ 201.621907][T11358] bond3: (slave vxcan3): Error -95 calling set_mac_address [ 201.622018][T11364] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 201.753483][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 201.843503][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 202.553591][ C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 202.555823][ C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 202.713831][ T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 202.740506][T11391] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 202.803493][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 202.883535][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 203.825097][T11422] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 203.844869][ T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 204.867524][ T1329] kernel read not supported for file /swradio1 (pid: 1329 comm: kworker/3:2) [ 204.976127][T11454] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 204.993585][ T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 205.913555][ C1] net_ratelimit: 10 callbacks suppressed [ 205.913596][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 205.999509][ T29] kernel read not supported for file /swradio3 (pid: 29 comm: kworker/1:0) [ 206.003503][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 206.153672][ T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 206.713564][ C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 206.715781][ C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 206.953564][ C2] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 207.033586][ C2] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 207.182963][ T10] kernel read not supported for file /swradio5 (pid: 10 comm: kworker/0:1) [ 207.375321][ T1329] kernel read not supported for file /swradio7 (pid: 1329 comm: kworker/3:2) [ 207.763528][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 207.765770][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 207.870371][T11597] Bluetooth: hci0: unsupported parameter 32780 [ 207.872370][T11597] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 208.003477][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 208.047577][T11623] Bluetooth: hci0: unsupported parameter 32780 [ 208.049597][T11623] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 208.060354][T11625] kvm: user requested TSC rate below hardware speed [ 208.064197][T11625] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer. [ 208.083535][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 208.253107][T11647] Bluetooth: hci0: unsupported parameter 32780 [ 208.256603][T11647] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 208.288109][T11650] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 208.541433][T11669] kvm: user requested TSC rate below hardware speed [ 208.547470][T11669] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer. [ 208.582707][T11674] Bluetooth: hci0: unsupported parameter 32780 [ 208.585719][T11674] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 208.714512][T11686] kvm: user requested TSC rate below hardware speed [ 208.719327][T11686] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer. [ 209.080252][T11704] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 209.283719][T11721] kvm: user requested TSC rate below hardware speed [ 209.290504][T11721] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer. [ 209.464898][T11735] kvm: user requested TSC rate below hardware speed [ 209.471646][T11735] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer. [ 209.603243][T11741] kvm: user requested TSC rate below hardware speed [ 209.610268][T11741] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer. [ 210.287368][T11745] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 211.113484][ C1] net_ratelimit: 10 callbacks suppressed [ 211.113499][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 211.193483][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 211.913483][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 211.916282][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 212.163484][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 212.243489][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 212.799823][ T1069] Bluetooth: (null): Invalid header checksum [ 212.801852][ T1069] Bluetooth: (null): Invalid header checksum [ 212.904945][ T8848] Bluetooth: (null): Invalid header checksum [ 212.923586][ T10] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 212.953728][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 212.955986][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 213.013647][ T8848] Bluetooth: (null): Invalid header checksum [ 213.084911][ T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 213.088163][ T10] usb 7-1: config 0 has no interfaces? [ 213.091650][ T10] usb 7-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 213.094673][ T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.097210][ T10] usb 7-1: Product: syz [ 213.098616][ T10] usb 7-1: Manufacturer: syz [ 213.100136][ T10] usb 7-1: SerialNumber: syz [ 213.103804][ T10] usb 7-1: config 0 descriptor?? [ 213.123643][ T1140] Bluetooth: (null): Invalid header checksum [ 213.203484][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 213.235128][ T46] Bluetooth: (null): Invalid header checksum [ 213.273486][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 213.308126][ T10] usb 7-1: USB disconnect, device number 10 [ 214.788967][T11892] trusted_key: syz.1.2448 sent an empty control message without MSG_MORE. [ 215.734421][ T1069] Bluetooth: (null): Invalid header checksum [ 215.736402][ T1069] Bluetooth: (null): Invalid header checksum [ 215.843667][ T1140] Bluetooth: (null): Invalid header checksum [ 215.873569][ T6058] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 215.954462][ T1140] Bluetooth: (null): Invalid header checksum [ 216.025112][ T6058] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 216.028276][ T6058] usb 5-1: config 0 has no interfaces? [ 216.031459][ T6058] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 216.034413][ T6058] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.036885][ T6058] usb 5-1: Product: syz [ 216.038219][ T6058] usb 5-1: Manufacturer: syz [ 216.039684][ T6058] usb 5-1: SerialNumber: syz [ 216.042659][ T6058] usb 5-1: config 0 descriptor?? [ 216.064102][ T1144] Bluetooth: (null): Invalid header checksum [ 216.173673][ T46] Bluetooth: (null): Invalid header checksum [ 216.256415][ T6058] usb 5-1: USB disconnect, device number 10 [ 216.313496][ C1] net_ratelimit: 10 callbacks suppressed [ 216.313508][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 216.403475][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 217.013689][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 217.074395][ T46] Bluetooth: (null): Invalid header checksum [ 217.076786][ T46] Bluetooth: (null): Invalid header checksum [ 217.113525][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 217.115747][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 217.187868][ T46] Bluetooth: (null): Invalid header checksum [ 217.203516][ T59] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 217.293638][ T8848] Bluetooth: (null): Invalid header checksum [ 217.354993][ T59] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 217.355761][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 217.358960][ T59] usb 6-1: config 0 has no interfaces? [ 217.363498][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 217.377017][ T59] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 217.382265][ T59] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.393591][ T59] usb 6-1: Product: syz [ 217.394947][ T59] usb 6-1: Manufacturer: syz [ 217.396419][ T59] usb 6-1: SerialNumber: syz [ 217.399030][ T59] usb 6-1: config 0 descriptor?? [ 217.404413][ T8848] Bluetooth: (null): Invalid header checksum [ 217.433508][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 217.514591][ T46] Bluetooth: (null): Invalid header checksum [ 217.623649][ T1069] Bluetooth: (null): Invalid header checksum [ 217.626185][ T59] usb 6-1: USB disconnect, device number 11 [ 218.153488][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 218.155766][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 218.343976][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 218.403484][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 218.434991][ T1140] Bluetooth: (null): Invalid header checksum [ 218.437469][ T1140] Bluetooth: (null): Invalid header checksum [ 218.473509][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 218.543761][ T1069] Bluetooth: (null): Invalid header checksum [ 218.564074][ T10] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 218.653742][ T1140] Bluetooth: (null): Invalid header checksum [ 218.713668][ T839] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 218.717167][ T10] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 218.720553][ T10] usb 8-1: config 0 has no interfaces? [ 218.723966][ T10] usb 8-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 218.726938][ T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.729534][ T10] usb 8-1: Product: syz [ 218.731003][ T10] usb 8-1: Manufacturer: syz [ 218.732564][ T10] usb 8-1: SerialNumber: syz [ 218.735515][ T10] usb 8-1: config 0 descriptor?? [ 218.763667][ T1140] Bluetooth: (null): Invalid header checksum [ 218.863501][ T839] usb 6-1: Using ep0 maxpacket: 8 [ 218.866875][ T839] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 218.870155][ T839] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 218.873648][ T1144] Bluetooth: (null): Invalid header checksum [ 218.873971][ T839] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 218.879586][ T839] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 218.883491][ T839] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 218.887337][ T839] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 218.892732][ T839] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 218.896655][ T839] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.902202][ T839] usbtmc 6-1:16.0: probe with driver usbtmc failed with error -22 [ 218.942254][ T10] usb 8-1: USB disconnect, device number 11 [ 219.234220][ T1329] usb 6-1: USB disconnect, device number 12 [ 219.794774][T12037] binder: 12035:12037 ioctl c0306201 80000380 returned -14 [ 219.910348][T12046] binder: 12044:12046 ioctl c0306201 80000380 returned -14 [ 219.995762][T12051] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2517'. [ 220.183531][ T839] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 220.353600][ T839] usb 8-1: Using ep0 maxpacket: 8 [ 220.356724][ T839] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 220.359325][ T839] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 220.362338][ T839] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 220.383578][ T839] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 220.386659][ T839] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 220.389684][ T839] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 220.393789][ T839] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 220.396818][ T839] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.414084][ T839] usbtmc 8-1:16.0: probe with driver usbtmc failed with error -22 [ 220.694305][ T10] usb 8-1: USB disconnect, device number 12 [ 221.392262][T12081] binder: 12078:12081 ioctl c0306201 80000380 returned -14 [ 221.417474][T12085] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2532'. [ 221.473669][ T1329] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 221.513503][ C1] net_ratelimit: 10 callbacks suppressed [ 221.513515][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 221.593494][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 221.642319][ T1329] usb 5-1: Using ep0 maxpacket: 8 [ 221.646108][ T1329] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 221.648670][ T1329] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 221.651675][ T1329] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 221.654913][ T1329] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 221.659006][ T1329] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 221.662030][ T1329] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 221.666060][ T1329] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 221.668861][ T1329] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.673493][ T1329] usbtmc 5-1:16.0: probe with driver usbtmc failed with error -22 [ 221.974816][ T1329] usb 5-1: USB disconnect, device number 11 [ 222.313485][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 222.315709][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 222.500245][T12106] binder: 12104:12106 ioctl c0306201 80000380 returned -14 [ 222.504890][T12108] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2545'. [ 222.553662][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 222.643571][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 222.727816][T12144] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2559'. [ 222.933523][ T839] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 223.083617][ T839] usb 7-1: Using ep0 maxpacket: 8 [ 223.087053][ T839] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 223.090735][ T839] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 223.094596][ T839] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 223.098389][ T839] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 223.101410][ T839] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 223.104493][ T839] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 223.108486][ T839] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 223.111280][ T839] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.116914][ T839] usbtmc 7-1:16.0: probe with driver usbtmc failed with error -22 [ 223.363480][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 223.365668][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 223.415069][ T10] usb 7-1: USB disconnect, device number 11 [ 223.593548][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 223.673501][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 224.119693][T12206] netlink: 51 bytes leftover after parsing attributes in process `syz.1.2598'. [ 224.235416][T12230] netlink: 51 bytes leftover after parsing attributes in process `syz.2.2604'. [ 224.378907][T12260] netlink: 51 bytes leftover after parsing attributes in process `syz.3.2616'. [ 224.416621][ T59] libceph: connect (1)[c::]:6789 error -101 [ 224.418595][ T59] libceph: mon0 (1)[c::]:6789 connect error [ 224.520434][T12267] ceph: No mds server is up or the cluster is laggy [ 224.569005][T12296] netlink: 51 bytes leftover after parsing attributes in process `syz.0.2632'. [ 224.772391][ T1329] libceph: connect (1)[c::]:6789 error -101 [ 224.774519][ T1329] libceph: mon0 (1)[c::]:6789 connect error [ 224.870236][T12320] ceph: No mds server is up or the cluster is laggy [ 225.084255][ T1329] libceph: connect (1)[c::]:6789 error -101 [ 225.086226][ T1329] libceph: mon0 (1)[c::]:6789 connect error [ 225.186126][T12357] ceph: No mds server is up or the cluster is laggy [ 225.483491][ T10] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 225.643487][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 225.647155][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 225.650625][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 225.654736][ T10] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 225.657535][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.661093][ T10] usb 6-1: config 0 descriptor?? [ 226.071836][ T10] HID 045e:07da: Invalid code 65791 type 1 [ 226.076857][ T10] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/0003:045E:07DA.0002/input/input16 [ 226.084094][ T10] microsoft 0003:045E:07DA.0002: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 226.713464][ C1] net_ratelimit: 10 callbacks suppressed [ 226.713477][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 226.793539][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 226.878899][ T839] usb 6-1: USB disconnect, device number 13 [ 227.523476][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 227.525737][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 227.530206][ T10] libceph: connect (1)[c::]:6789 error -101 [ 227.532160][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 227.629151][T12397] ceph: No mds server is up or the cluster is laggy [ 227.663625][ T10] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 227.703745][ T839] usb 8-1: new full-speed USB device number 13 using dummy_hcd [ 227.753539][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 227.833495][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 227.833676][ T10] usb 7-1: Using ep0 maxpacket: 16 [ 227.838524][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 227.841874][ T10] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 227.845963][ T10] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 227.848789][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.852338][ T10] usb 7-1: config 0 descriptor?? [ 227.864921][ T839] usb 8-1: config 1 interface 0 has no altsetting 0 [ 227.869298][ T839] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 227.872110][ T839] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.874631][ T839] usb 8-1: Product: syz [ 227.875943][ T839] usb 8-1: Manufacturer: syz [ 227.877400][ T839] usb 8-1: SerialNumber: syz [ 228.263287][ T10] HID 045e:07da: Invalid code 65791 type 1 [ 228.267689][ T10] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/0003:045E:07DA.0003/input/input17 [ 228.272935][ T10] microsoft 0003:045E:07DA.0003: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 228.286865][ T839] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 13 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 228.553477][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 228.555731][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 228.793585][ C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 228.873553][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 229.066601][ T839] usb 7-1: USB disconnect, device number 12 [ 230.464150][ T6073] usb 8-1: USB disconnect, device number 13 [ 230.468336][ T6073] usblp0: removed [ 231.293586][ T6073] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 231.443517][ T6073] usb 5-1: Using ep0 maxpacket: 16 [ 231.447052][ T6073] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 231.451278][ T6073] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 231.456455][ T6073] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 231.459928][ T6073] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.464119][ T6073] usb 5-1: config 0 descriptor?? [ 231.874041][ T6073] HID 045e:07da: Invalid code 65791 type 1 [ 231.878835][ T6073] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/0003:045E:07DA.0004/input/input18 [ 231.885855][ T6073] microsoft 0003:045E:07DA.0004: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 231.913545][ C1] net_ratelimit: 10 callbacks suppressed [ 231.913557][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 231.993477][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 232.677480][ T6073] usb 5-1: USB disconnect, device number 12 [ 232.713588][ C2] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 232.715856][ C2] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 232.953485][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 233.033483][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 233.713500][ T1329] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 233.753528][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 233.755833][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 233.863531][ T1329] usb 8-1: Using ep0 maxpacket: 16 [ 233.866430][ T1329] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 233.869773][ T1329] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 233.873750][ T1329] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 233.876537][ T1329] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.880144][ T1329] usb 8-1: config 0 descriptor?? [ 233.993484][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 234.073528][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 234.294514][ T1329] HID 045e:07da: Invalid code 65791 type 1 [ 234.298593][ T1329] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/0003:045E:07DA.0005/input/input19 [ 234.304173][ T1329] microsoft 0003:045E:07DA.0005: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 235.097593][ T1329] usb 8-1: USB disconnect, device number 14 [ 235.981499][T12569] syzkaller1: entered promiscuous mode [ 235.983274][T12569] syzkaller1: entered allmulticast mode [ 236.203541][ T6040] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 236.341540][T12604] syzkaller1: entered promiscuous mode [ 236.343330][T12604] syzkaller1: entered allmulticast mode [ 236.363588][ T6040] usb 6-1: Using ep0 maxpacket: 8 [ 236.367190][ T6040] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 236.369725][ T6040] usb 6-1: config 179 has no interface number 0 [ 236.371724][ T6040] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 236.375187][ T6040] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 236.378615][ T6040] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 236.381999][ T6040] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 236.386568][ T6040] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 236.389348][ T6040] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.394748][T12567] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 236.468972][T12612] [ 236.469795][T12612] ===================================================== [ 236.471960][T12612] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 236.474272][T12612] 6.17.0-rc1-syzkaller-00116-gd7ee5bdce789 #0 Not tainted [ 236.477287][T12612] ----------------------------------------------------- [ 236.480084][T12612] syz.3.2761/12612 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 236.482540][T12612] ffffffff8e20c098 (tasklist_lock){.+.+}-{3:3}, at: send_sigurg+0xed/0xc80 [ 236.485248][T12612] [ 236.485248][T12612] and this task is already holding: [ 236.487561][T12612] ffff888041be75a0 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x5f/0xc80 [ 236.490273][T12612] which would create a new lock dependency: [ 236.492124][T12612] (&f_owner->lock){....}-{3:3} -> (tasklist_lock){.+.+}-{3:3} [ 236.494482][T12612] [ 236.494482][T12612] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 236.497379][T12612] (&dev->event_lock#2){..-.}-{3:3} [ 236.497399][T12612] [ 236.497399][T12612] ... which became SOFTIRQ-irq-safe at: [ 236.501403][T12612] lock_acquire+0x179/0x350 [ 236.502896][T12612] _raw_spin_lock_irqsave+0x3a/0x60 [ 236.504564][T12612] input_event+0x74/0xd0 [ 236.505928][T12612] hidinput_report_event+0xb2/0x100 [ 236.507605][T12612] hid_report_raw_event+0x268/0x1290 [ 236.509302][T12612] __hid_input_report.constprop.0+0x33f/0x450 [ 236.511231][T12612] hid_irq_in+0x35e/0x870 [ 236.512653][T12612] __usb_hcd_giveback_urb+0x38d/0x6e0 [ 236.514364][T12612] usb_hcd_giveback_urb+0x39b/0x450 [ 236.516019][T12612] dummy_timer+0x1814/0x3a30 [ 236.517516][T12612] __hrtimer_run_queues+0x1ff/0xad0 [ 236.519176][T12612] hrtimer_run_softirq+0x17d/0x350 [ 236.520798][T12612] handle_softirqs+0x219/0x8e0 [ 236.522346][T12612] __irq_exit_rcu+0x109/0x170 [ 236.523849][T12612] irq_exit_rcu+0x9/0x30 [ 236.525213][T12612] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 236.527029][T12612] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 236.528922][T12612] pv_native_safe_halt+0xf/0x20 [ 236.530485][T12612] default_idle+0x13/0x20 [ 236.531897][T12612] default_idle_call+0x6d/0xb0 [ 236.533419][T12612] do_idle+0x391/0x510 [ 236.534736][T12612] cpu_startup_entry+0x4f/0x60 [ 236.536274][T12612] start_secondary+0x21d/0x2b0 [ 236.537812][T12612] common_startup_64+0x13e/0x148 [ 236.539412][T12612] [ 236.539412][T12612] to a SOFTIRQ-irq-unsafe lock: [ 236.541576][T12612] (tasklist_lock){.+.+}-{3:3} [ 236.541592][T12612] [ 236.541592][T12612] ... which became SOFTIRQ-irq-unsafe at: [ 236.545509][T12612] ... [ 236.545514][T12612] lock_acquire+0x179/0x350 [ 236.547841][T12612] _raw_read_lock+0x5f/0x70 [ 236.549304][T12612] __do_wait+0x105/0x890 [ 236.550690][T12612] do_wait+0x21e/0x5a0 [ 236.552008][T12612] kernel_wait+0x9f/0x160 [ 236.553424][T12612] call_usermodehelper_exec_work+0xf1/0x170 [ 236.555303][T12612] process_one_work+0x9cc/0x1b70 [ 236.556900][T12612] worker_thread+0x6c8/0xf10 [ 236.558387][T12612] kthread+0x3c2/0x780 [ 236.559702][T12612] ret_from_fork+0x5d4/0x6f0 [ 236.561193][T12612] ret_from_fork_asm+0x1a/0x30 [ 236.562738][T12612] [ 236.562738][T12612] other info that might help us debug this: [ 236.562738][T12612] [ 236.565883][T12612] Chain exists of: [ 236.565883][T12612] &dev->event_lock#2 --> &f_owner->lock --> tasklist_lock [ 236.565883][T12612] [ 236.569904][T12612] Possible interrupt unsafe locking scenario: [ 236.569904][T12612] [ 236.572459][T12612] CPU0 CPU1 [ 236.574138][T12612] ---- ---- [ 236.575807][T12612] lock(tasklist_lock); [ 236.577162][T12612] local_irq_disable(); [ 236.579258][T12612] lock(&dev->event_lock#2); [ 236.581501][T12612] lock(&f_owner->lock); [ 236.583621][T12612] [ 236.584729][T12612] lock(&dev->event_lock#2); [ 236.586288][T12612] [ 236.586288][T12612] *** DEADLOCK *** [ 236.586288][T12612] [ 236.588788][T12612] 2 locks held by syz.3.2761/12612: [ 236.590414][T12612] #0: ffff888050bf5340 (&u->lock){+.+.}-{3:3}, at: unix_stream_sendmsg+0xd35/0x1340 [ 236.593359][T12612] #1: ffff888041be75a0 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x5f/0xc80 [ 236.596213][T12612] [ 236.596213][T12612] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 236.599403][T12612] -> (&dev->event_lock#2){..-.}-{3:3} { [ 236.601247][T12612] IN-SOFTIRQ-W at: [ 236.602584][T12612] lock_acquire+0x179/0x350 [ 236.604663][T12612] _raw_spin_lock_irqsave+0x3a/0x60 [ 236.606983][T12612] input_event+0x74/0xd0 [ 236.608977][T12612] hidinput_report_event+0xb2/0x100 [ 236.611283][T12612] hid_report_raw_event+0x268/0x1290 [ 236.613608][T12612] __hid_input_report.constprop.0+0x33f/0x450 [ 236.616174][T12612] hid_irq_in+0x35e/0x870 [ 236.618212][T12612] __usb_hcd_giveback_urb+0x38d/0x6e0 [ 236.620552][T12612] usb_hcd_giveback_urb+0x39b/0x450 [ 236.622843][T12612] dummy_timer+0x1814/0x3a30 [ 236.624934][T12612] __hrtimer_run_queues+0x1ff/0xad0 [ 236.627248][T12612] hrtimer_run_softirq+0x17d/0x350 [ 236.629501][T12612] handle_softirqs+0x219/0x8e0 [ 236.631653][T12612] __irq_exit_rcu+0x109/0x170 [ 236.633790][T12612] irq_exit_rcu+0x9/0x30 [ 236.635783][T12612] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 236.638216][T12612] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 236.640717][T12612] pv_native_safe_halt+0xf/0x20 [ 236.642906][T12612] default_idle+0x13/0x20 [ 236.644925][T12612] default_idle_call+0x6d/0xb0 [ 236.647108][T12612] do_idle+0x391/0x510 [ 236.649047][T12612] cpu_startup_entry+0x4f/0x60 [ 236.651198][T12612] start_secondary+0x21d/0x2b0 [ 236.653357][T12612] common_startup_64+0x13e/0x148 [ 236.655555][T12612] INITIAL USE at: [ 236.656876][T12612] lock_acquire+0x179/0x350 [ 236.658930][T12612] _raw_spin_lock_irqsave+0x3a/0x60 [ 236.661197][T12612] input_inject_event+0x9f/0x3b0 [ 236.663388][T12612] led_set_brightness+0x217/0x290 [ 236.665578][T12612] kbd_led_trigger_activate+0xcb/0x110 [ 236.667946][T12612] led_trigger_set+0x59a/0xc50 [ 236.670079][T12612] led_trigger_set_default+0x1e0/0x2e0 [ 236.672420][T12612] led_classdev_register_ext+0x7b8/0xa10 [ 236.674826][T12612] input_leds_connect+0x552/0x8e0 [ 236.677030][T12612] input_attach_handler.isra.0+0x176/0x250 [ 236.679471][T12612] input_register_device+0xab9/0x1180 [ 236.681938][T12612] atkbd_connect+0x5f8/0xa40 [ 236.684030][T12612] serio_driver_probe+0x7c/0xd0 [ 236.686211][T12612] really_probe+0x241/0xa90 [ 236.688267][T12612] __driver_probe_device+0x1de/0x440 [ 236.690562][T12612] driver_probe_device+0x4c/0x1b0 [ 236.692757][T12612] __driver_attach+0x283/0x580 [ 236.694882][T12612] bus_for_each_dev+0x13e/0x1d0 [ 236.697035][T12612] serio_handle_event+0x335/0xc30 [ 236.699235][T12612] process_one_work+0x9cc/0x1b70 [ 236.701412][T12612] worker_thread+0x6c8/0xf10 [ 236.703494][T12612] kthread+0x3c2/0x780 [ 236.705425][T12612] ret_from_fork+0x5d4/0x6f0 [ 236.707530][T12612] ret_from_fork_asm+0x1a/0x30 [ 236.709646][T12612] } [ 236.710545][T12612] ... key at: [] __key.7+0x0/0x40 [ 236.712837][T12612] -> (&client->buffer_lock){....}-{3:3} { [ 236.714732][T12612] INITIAL USE at: [ 236.716017][T12612] lock_acquire+0x179/0x350 [ 236.718030][T12612] _raw_spin_lock+0x2e/0x40 [ 236.720015][T12612] evdev_pass_values+0x10e/0x9b0 [ 236.722141][T12612] evdev_events+0x1bb/0x390 [ 236.724125][T12612] input_pass_values+0x74e/0x880 [ 236.726262][T12612] input_handle_event+0xf00/0x14d0 [ 236.728430][T12612] input_event+0x8e/0xd0 [ 236.730353][T12612] uinput_write+0xb20/0xff0 [ 236.732363][T12612] vfs_write+0x29d/0x11d0 [ 236.734310][T12612] ksys_write+0x1f8/0x250 [ 236.736262][T12612] __do_fast_syscall_32+0x7c/0x3a0 [ 236.738432][T12612] do_fast_syscall_32+0x32/0x80 [ 236.740519][T12612] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 236.743067][T12612] } [ 236.743929][T12612] ... key at: [] __key.1+0x0/0x40 [ 236.746206][T12612] ... acquired at: [ 236.747471][T12612] _raw_spin_lock+0x2e/0x40 [ 236.748952][T12612] evdev_pass_values+0x10e/0x9b0 [ 236.750561][T12612] evdev_events+0x1bb/0x390 [ 236.752032][T12612] input_pass_values+0x74e/0x880 [ 236.753633][T12612] input_handle_event+0xf00/0x14d0 [ 236.755286][T12612] input_event+0x8e/0xd0 [ 236.756696][T12612] uinput_write+0xb20/0xff0 [ 236.758185][T12612] vfs_write+0x29d/0x11d0 [ 236.759614][T12612] ksys_write+0x1f8/0x250 [ 236.761042][T12612] __do_fast_syscall_32+0x7c/0x3a0 [ 236.762713][T12612] do_fast_syscall_32+0x32/0x80 [ 236.764290][T12612] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 236.766324][T12612] [ 236.767101][T12612] -> (&new->fa_lock){....}-{3:3} { [ 236.768742][T12612] INITIAL USE at: [ 236.770013][T12612] lock_acquire+0x179/0x350 [ 236.771961][T12612] _raw_write_lock_irq+0x36/0x50 [ 236.774040][T12612] fasync_remove_entry+0xb2/0x1e0 [ 236.776143][T12612] fasync_helper+0xaf/0xd0 [ 236.778075][T12612] lease_modify+0x232/0x500 [ 236.780019][T12612] generic_setlease+0x34b/0x1300 [ 236.782125][T12612] kernel_setlease+0x106/0x140 [ 236.784164][T12612] vfs_setlease+0x258/0x2d0 [ 236.786126][T12612] fcntl_setlease+0x497/0x5a0 [ 236.788143][T12612] do_fcntl+0x751/0x15a0 [ 236.790018][T12612] do_compat_fcntl64+0x367/0x710 [ 236.792095][T12612] __do_fast_syscall_32+0x7c/0x3a0 [ 236.794224][T12612] do_fast_syscall_32+0x32/0x80 [ 236.796286][T12612] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 236.798774][T12612] INITIAL READ USE at: [ 236.800180][T12612] lock_acquire+0x179/0x350 [ 236.802291][T12612] _raw_read_lock_irqsave+0x74/0x90 [ 236.802968][ T839] usb 6-1: USB disconnect, device number 14 [ 236.804572][T12612] kill_fasync+0x138/0x510 [ 236.804591][T12612] lease_break_callback+0x23/0x30 [ 236.804605][T12612] __break_lease+0x671/0x1810 [ 236.804613][T12612] vfs_truncate+0x4d3/0x6e0 [ 236.804626][T12612] __ia32_compat_sys_truncate+0x171/0x1e0 [ 236.817844][T12612] __do_fast_syscall_32+0x7c/0x3a0 [ 236.820129][T12612] do_fast_syscall_32+0x32/0x80 [ 236.822317][T12612] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 236.824922][T12612] } [ 236.825767][T12612] ... key at: [] __key.0+0x0/0x40 [ 236.827970][T12612] ... acquired at: [ 236.829160][T12612] _raw_read_lock_irqsave+0x74/0x90 [ 236.830846][T12612] kill_fasync+0x138/0x510 [ 236.832311][T12612] evdev_pass_values+0x619/0x9b0 [ 236.833911][T12612] evdev_events+0x1bb/0x390 [ 236.835385][T12612] input_pass_values+0x74e/0x880 [ 236.837000][T12612] input_handle_event+0xf00/0x14d0 [ 236.838657][T12612] input_inject_event+0x1e8/0x3b0 [ 236.840280][T12612] evdev_write+0x2e1/0x440 [ 236.841733][T12612] vfs_write+0x29d/0x11d0 [ 236.843168][T12612] ksys_write+0x1f8/0x250 [ 236.844591][T12612] __do_fast_syscall_32+0x7c/0x3a0 [ 236.846262][T12612] do_fast_syscall_32+0x32/0x80 [ 236.847849][T12612] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 236.849867][T12612] [ 236.850637][T12612] -> (&f_owner->lock){....}-{3:3} { [ 236.852303][T12612] INITIAL USE at: [ 236.853533][T12612] lock_acquire+0x179/0x350 [ 236.855443][T12612] _raw_write_lock_irq+0x36/0x50 [ 236.857481][T12612] __f_setown+0x61/0x3c0 [ 236.859306][T12612] generic_setlease+0xeef/0x1300 [ 236.861317][T12612] kernel_setlease+0x106/0x140 [ 236.863307][T12612] vfs_setlease+0x258/0x2d0 [ 236.865191][T12612] fcntl_setlease+0x3ed/0x5a0 [ 236.867164][T12612] do_fcntl+0x751/0x15a0 [ 236.868978][T12612] do_compat_fcntl64+0x367/0x710 [ 236.870997][T12612] __do_fast_syscall_32+0x7c/0x3a0 [ 236.873057][T12612] do_fast_syscall_32+0x32/0x80 [ 236.875055][T12612] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 236.877491][T12612] INITIAL READ USE at: [ 236.878852][T12612] lock_acquire+0x179/0x350 [ 236.880865][T12612] _raw_read_lock_irqsave+0x74/0x90 [ 236.883102][T12612] send_sigio+0x31/0x3e0 [ 236.885039][T12612] kill_fasync+0x214/0x510 [ 236.887069][T12612] lease_break_callback+0x23/0x30 [ 236.889227][T12612] __break_lease+0x671/0x1810 [ 236.891292][T12612] vfs_truncate+0x4d3/0x6e0 [ 236.893307][T12612] __ia32_compat_sys_truncate+0x171/0x1e0 [ 236.895704][T12612] __do_fast_syscall_32+0x7c/0x3a0 [ 236.897922][T12612] do_fast_syscall_32+0x32/0x80 [ 236.900036][T12612] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 236.902627][T12612] } [ 236.903444][T12612] ... key at: [] __key.1+0x0/0x40 [ 236.905632][T12612] ... acquired at: [ 236.906863][T12612] _raw_read_lock_irqsave+0x74/0x90 [ 236.908547][T12612] send_sigio+0x31/0x3e0 [ 236.909959][T12612] kill_fasync+0x214/0x510 [ 236.911417][T12612] lease_break_callback+0x23/0x30 [ 236.913056][T12612] __break_lease+0x671/0x1810 [ 236.914588][T12612] vfs_truncate+0x4d3/0x6e0 [ 236.916069][T12612] __ia32_compat_sys_truncate+0x171/0x1e0 [ 236.917929][T12612] __do_fast_syscall_32+0x7c/0x3a0 [ 236.919581][T12612] do_fast_syscall_32+0x32/0x80 [ 236.921163][T12612] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 236.923184][T12612] [ 236.923947][T12612] [ 236.923947][T12612] the dependencies between the lock to be acquired [ 236.923952][T12612] and SOFTIRQ-irq-unsafe lock: [ 236.928176][T12612] -> (tasklist_lock){.+.+}-{3:3} { [ 236.929786][T12612] HARDIRQ-ON-R at: [ 236.931058][T12612] lock_acquire+0x179/0x350 [ 236.932999][T12612] _raw_read_lock+0x5f/0x70 [ 236.934920][T12612] __do_wait+0x105/0x890 [ 236.936774][T12612] do_wait+0x21e/0x5a0 [ 236.938555][T12612] kernel_wait+0x9f/0x160 [ 236.940423][T12612] call_usermodehelper_exec_work+0xf1/0x170 [ 236.942753][T12612] process_one_work+0x9cc/0x1b70 [ 236.944792][T12612] worker_thread+0x6c8/0xf10 [ 236.946750][T12612] kthread+0x3c2/0x780 [ 236.948532][T12612] ret_from_fork+0x5d4/0x6f0 [ 236.950485][T12612] ret_from_fork_asm+0x1a/0x30 [ 236.952472][T12612] SOFTIRQ-ON-R at: [ 236.953726][T12612] lock_acquire+0x179/0x350 [ 236.955649][T12612] _raw_read_lock+0x5f/0x70 [ 236.957581][T12612] __do_wait+0x105/0x890 [ 236.959435][T12612] do_wait+0x21e/0x5a0 [ 236.961215][T12612] kernel_wait+0x9f/0x160 [ 236.963089][T12612] call_usermodehelper_exec_work+0xf1/0x170 [ 236.965417][T12612] process_one_work+0x9cc/0x1b70 [ 236.967490][T12612] worker_thread+0x6c8/0xf10 [ 236.969433][T12612] kthread+0x3c2/0x780 [ 236.971216][T12612] ret_from_fork+0x5d4/0x6f0 [ 236.973167][T12612] ret_from_fork_asm+0x1a/0x30 [ 236.975161][T12612] INITIAL USE at: [ 236.976402][T12612] lock_acquire+0x179/0x350 [ 236.978294][T12612] _raw_write_lock_irq+0x36/0x50 [ 236.980302][T12612] copy_process+0x4caf/0x7690 [ 236.982257][T12612] kernel_clone+0xfc/0x930 [ 236.984119][T12612] user_mode_thread+0xc7/0x110 [ 236.986089][T12612] rest_init+0x23/0x2b0 [ 236.987887][T12612] start_kernel+0x3ee/0x4d0 [ 236.989778][T12612] x86_64_start_reservations+0x18/0x30 [ 236.991951][T12612] x86_64_start_kernel+0x130/0x190 [ 236.994035][T12612] common_startup_64+0x13e/0x148 [ 236.996053][T12612] INITIAL READ USE at: [ 236.997416][T12612] lock_acquire+0x179/0x350 [ 236.999434][T12612] _raw_read_lock+0x5f/0x70 [ 237.001450][T12612] __do_wait+0x105/0x890 [ 237.003409][T12612] do_wait+0x21e/0x5a0 [ 237.005299][T12612] kernel_wait+0x9f/0x160 [ 237.007296][T12612] call_usermodehelper_exec_work+0xf1/0x170 [ 237.009718][T12612] process_one_work+0x9cc/0x1b70 [ 237.011872][T12612] worker_thread+0x6c8/0xf10 [ 237.013928][T12612] kthread+0x3c2/0x780 [ 237.015823][T12612] ret_from_fork+0x5d4/0x6f0 [ 237.017886][T12612] ret_from_fork_asm+0x1a/0x30 [ 237.019982][T12612] } [ 237.020799][T12612] ... key at: [] tasklist_lock+0x18/0x40 [ 237.023219][T12612] ... acquired at: [ 237.024425][T12612] lock_acquire+0x179/0x350 [ 237.025911][T12612] _raw_read_lock+0x5f/0x70 [ 237.027415][T12612] send_sigurg+0xed/0xc80 [ 237.028845][T12612] sk_send_sigurg+0x76/0x360 [ 237.030362][T12612] unix_stream_sendmsg+0xfa5/0x1340 [ 237.032043][T12612] ____sys_sendmsg+0xa95/0xc70 [ 237.033603][T12612] ___sys_sendmsg+0x134/0x1d0 [ 237.035156][T12612] __sys_sendmmsg+0x2f9/0x420 [ 237.036697][T12612] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 237.038529][T12612] __do_fast_syscall_32+0x7c/0x3a0 [ 237.040183][T12612] do_fast_syscall_32+0x32/0x80 [ 237.041761][T12612] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 237.043783][T12612] [ 237.044548][T12612] [ 237.044548][T12612] stack backtrace: [ 237.046410][T12612] CPU: 0 UID: 0 PID: 12612 Comm: syz.3.2761 Not tainted 6.17.0-rc1-syzkaller-00116-gd7ee5bdce789 #0 PREEMPT(full) [ 237.046425][T12612] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 237.046432][T12612] Call Trace: [ 237.046436][T12612] [ 237.046441][T12612] dump_stack_lvl+0x116/0x1f0 [ 237.046454][T12612] check_irq_usage+0x7dc/0x920 [ 237.046469][T12612] ? check_path.constprop.0+0x24/0x50 [ 237.046483][T12612] ? __lock_acquire+0x12bc/0x1ce0 [ 237.046495][T12612] __lock_acquire+0x12bc/0x1ce0 [ 237.046510][T12612] lock_acquire+0x179/0x350 [ 237.046523][T12612] ? send_sigurg+0xed/0xc80 [ 237.046538][T12612] _raw_read_lock+0x5f/0x70 [ 237.046549][T12612] ? send_sigurg+0xed/0xc80 [ 237.046562][T12612] send_sigurg+0xed/0xc80 [ 237.046576][T12612] ? find_held_lock+0x2b/0x80 [ 237.046587][T12612] sk_send_sigurg+0x76/0x360 [ 237.046598][T12612] unix_stream_sendmsg+0xfa5/0x1340 [ 237.046614][T12612] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 237.046631][T12612] ? __pfx_unix_stream_sendmsg+0x10/0x10 [ 237.046645][T12612] ? __import_iovec+0x1dd/0x650 [ 237.046655][T12612] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 237.046667][T12612] ____sys_sendmsg+0xa95/0xc70 [ 237.046682][T12612] ? __pfx_____sys_sendmsg+0x10/0x10 [ 237.046697][T12612] ? get_compat_msghdr+0x11a/0x170 [ 237.046710][T12612] ? futex_unqueue+0x133/0x2c0 [ 237.046723][T12612] ___sys_sendmsg+0x134/0x1d0 [ 237.046735][T12612] ? __pfx____sys_sendmsg+0x10/0x10 [ 237.046755][T12612] __sys_sendmmsg+0x2f9/0x420 [ 237.046768][T12612] ? __pfx___sys_sendmmsg+0x10/0x10 [ 237.046780][T12612] ? __pfx_do_fcntl+0x10/0x10 [ 237.046794][T12612] ? __pfx_do_futex+0x10/0x10 [ 237.046809][T12612] ? __pfx___ia32_sys_futex_time32+0x10/0x10 [ 237.046825][T12612] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 237.046837][T12612] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 237.046851][T12612] __do_fast_syscall_32+0x7c/0x3a0 [ 237.046864][T12612] do_fast_syscall_32+0x32/0x80 [ 237.046877][T12612] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 237.046889][T12612] RIP: 0023:0xf703e579 [ 237.046908][T12612] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 237.046918][T12612] RSP: 002b:00000000f542e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 237.046929][T12612] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080006c40 [ 237.046935][T12612] RDX: 0000000000000001 RSI: 00000000000408b1 RDI: 0000000000000000 [ 237.046941][T12612] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 237.046947][T12612] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 237.046953][T12612] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 237.046962][T12612] [ 237.113561][ C1] net_ratelimit: 8 callbacks suppressed [ 237.113576][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 237.115839][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 237.138472][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 237.140646][ C0] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 237.193504][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 238.153515][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 238.153544][ C2] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 238.158985][ C2] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 238.233513][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 239.193493][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 239.195510][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 242.313500][ C0] net_ratelimit: 10 callbacks suppressed [ 242.313546][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 242.317585][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 242.323488][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 242.403476][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 243.353592][ C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 243.363507][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 243.365553][ C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 243.433475][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 244.393521][ C2] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 244.395757][ C2] IPVS: nq: UDP 224.0.0.2:0 - no destination available VM DIAGNOSIS: 14:28:28 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000074 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85614085 RDI=ffffffff9b0f6600 RBP=ffffffff9b0f65c0 RSP=ffffc90003aff0e0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=722d302e37312e36 R12=0000000000000000 R13=0000000000000074 R14=ffffffff9b0f65c0 R15=ffffffff85614020 RIP=ffffffff856140af RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880974c6000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000800000c0 CR3=0000000028e07000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000904fdefff8 RBX=ffff88802b323a00 RCX=00000000000006e0 RDX=0000000000000090 RSI=ffff88802b323a00 RDI=000000000005339c RBP=000000000005339c RSP=ffffc90003d0fb00 R8 =0000000000000005 R9 =000000000000003f R10=0000000000000019 R11=ffffffff9b0399e0 R12=0000000000000001 R13=0000000000000001 R14=0000000000000019 R15=ffff88802b327c80 RIP=ffffffff81680db5 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880975c6000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f73d5014 CR3=00000000558ed000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffc90003ce0000 RDX=ffffc90003cdfe01 RSI=ffffc90003cdfe20 RDI=ffffc90003cdfe20 RBP=ffffc90003cdfe20 RSP=ffffc90003cdf190 R8 =0000000000000001 R9 =0000000000000000 R10=ffffc90003cdf208 R11=000000000001081a R12=ffffc90003cdf258 R13=ffffc90003cdf208 R14=ffffc90003cdfe50 R15=ffffc90003cdf23c RIP=ffffffff816aaa90 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fc446643300 ffffffff 00c00000 GS =0000 ffff8880976c6000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055b15ba24000 CR3=000000004b118000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000003bf12 0000003800000012 0004000000080024 002800000030003c ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000000c 0000002000000000 0000000000000000 0000000000000017 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 c1f208000388030e 000001cd00000006 0000000100000000 0000000000000acf ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0004808080808080 80a20800060670c8 0808000008000280 0208080000000002 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 10060a0174ac1fff fffff80800028003 100a800405100d80 02050a80020d8002 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 03800212ae080008 00749c0000000000 0000000000000001 ffffffffffffffff ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 e70803b803010800 03b0030a90080003 a003060800039803 1080080003900303 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0300000000000008 ffffffae00000000 ffffffff81e542c1 ffffffff81e54d9c ZMM25=0523fcda0523fcda 0523fcda0523fcda 0523fcda0523fcda 0523fcda0523fcda 0523fcda0523fcda 0523fcda0523fcda 0523fcda0523fcda 0523fcda0523fcda ZMM26=ea91990aea91990a ea91990aea91990a ea91990aea91990a ea91990aea91990a ea91990aea91990a ea91990aea91990a ea91990aea91990a ea91990aea91990a ZMM27=d36ac6f5d36ac6f5 d36ac6f5d36ac6f5 d36ac6f5d36ac6f5 d36ac6f5d36ac6f5 d36ac6f5d36ac6f5 d36ac6f5d36ac6f5 d36ac6f5d36ac6f5 d36ac6f5d36ac6f5 ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=5511000055110000 5511000055110000 5511000055110000 5511000055110000 5511000055110000 5511000055110000 5511000055110000 5511000055110000 info registers vcpu 3 CPU#3 EAX=f70a7640 EBX=ffffffff ECX=00000000 EDX=85576d6b ESI=85576d6b EDI=ffffffff EBP=f70a52d8 ESP=ff9472f0 EIP=f7117cd7 EFL=00000246 [---Z-P-] CPL=3 II=0 A20=1 SMM=0 HLT=0 ES =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0023 00000000 ffffffff 00c0fb00 DPL=3 CS32 [-RA] SS =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] DS =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 00000000 ffffffff 00c00000 GS =0063 57899440 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 00000000 ffffffff 00c00000 TR =0040 000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000578994c0 CR3=0000000066c01000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000