last executing test programs: 3m28.108803363s ago: executing program 1 (id=17335): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_int(r0, 0x0, 0x33, &(0x7f0000000300)=0x80000005, 0x4) listen(r0, 0x7) 3m28.040885442s ago: executing program 1 (id=17338): mkdir(&(0x7f0000000080)='./file1\x00', 0x0) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) setxattr$trusted_overlay_origin(&(0x7f0000000180)='./file1\x00', &(0x7f0000000340), 0x0, 0x0, 0x2) 3m28.040395048s ago: executing program 1 (id=17342): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000340)=0x1) ioctl$TCSETS(r0, 0x8925, 0x0) 3m27.920847014s ago: executing program 1 (id=17353): r0 = io_uring_setup(0x7625, &(0x7f0000000600)={0x0, 0x2187, 0x100, 0xfffffffd, 0x28b}) getrlimit(0x1, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_FILES(r0, 0x1e, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) 3m27.893361308s ago: executing program 1 (id=17354): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) fstat(r0, &(0x7f00000007c0)) 3m27.832110754s ago: executing program 1 (id=17357): mkdir(&(0x7f0000001c00)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x800400, &(0x7f0000000100)={[{@usrquota}, {@usrquota_block_hardlimit={'usrquota_block_hardlimit', 0x3d, [0x38]}}]}) chown(&(0x7f0000000240)='./file0\x00', 0xee00, 0x0) 3m12.367005838s ago: executing program 32 (id=17357): mkdir(&(0x7f0000001c00)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x800400, &(0x7f0000000100)={[{@usrquota}, {@usrquota_block_hardlimit={'usrquota_block_hardlimit', 0x3d, [0x38]}}]}) chown(&(0x7f0000000240)='./file0\x00', 0xee00, 0x0) 21.645349503s ago: executing program 3 (id=25625): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@private0, @in, 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in=@multicast1, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3}}, 0xe8) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)={0x2, 0x12, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 21.615342444s ago: executing program 3 (id=25626): r0 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0x0) keyctl$set_timeout(0x1d, r0, 0x0) 21.58666474s ago: executing program 3 (id=25629): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000940)={{0x0, 0x1000, 0x3}, 'syz0\x00'}) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x2) 21.567984453s ago: executing program 3 (id=25634): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x84000, 0x0) 21.494696224s ago: executing program 3 (id=25638): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)=@newlink={0x48, 0x10, 0x1, 0x70bd27, 0xa5dfdbfb, {0x0, 0x0, 0x0, r2, 0x64e10, 0x16201}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, r2, 0x840, 0x21030}}}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x404c080}, 0x40002) 21.416261871s ago: executing program 3 (id=25644): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)={0x58, r1, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [{{0x8, 0x1, r2}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x24004000}, 0x24040840) 21.379218s ago: executing program 33 (id=25644): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)={0x58, r1, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [{{0x8, 0x1, r2}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x24004000}, 0x24040840) 4.212264257s ago: executing program 5 (id=26196): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xa0d81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0xffffffff, 0x3, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x1e, 0x0, 0x6, 0x0, @tick, {}, {}, @raw32={[0x0, 0x0, 0x100000]}}], 0x1c) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000600)={0x0, 0x7a120, 0x60, {0x3, 0x103}, 0x0, 0x9}) 4.21210618s ago: executing program 5 (id=26198): r0 = syz_io_uring_setup(0x207, &(0x7f0000000340)={0x0, 0xa6cc, 0x10100}, &(0x7f0000000300), &(0x7f0000000100)=0x0) syz_io_uring_setup(0x4c6f, &(0x7f0000000580)={0x0, 0x6a93, 0x0, 0x0, 0x2b5}, &(0x7f0000000040)=0x0, &(0x7f00000002c0)) syz_io_uring_submit(r2, r1, &(0x7f0000000200)=@IORING_OP_SYMLINKAT={0x26, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000001740)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0/file0\x00'}) io_uring_enter(r0, 0x1849, 0x0, 0x0, 0x0, 0x0) 4.149436512s ago: executing program 5 (id=26200): write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000), 0xffffff6a) r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000340)=0x6, 0x4) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a0001000000ff7f0000000080"], 0x24}}, 0x0) 4.1491469s ago: executing program 5 (id=26202): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x84000, 0x0) 4.147566494s ago: executing program 5 (id=26204): mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000340)='./file0\x00', &(0x7f00000004c0), 0x700, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x4842, 0x0) writev(r0, &(0x7f0000000a40)=[{0x0}, {&(0x7f0000000e00)='t', 0x2fd200}, {0x0}, {&(0x7f0000001000)="d6", 0x20c00}], 0x21) 4.001151534s ago: executing program 5 (id=26209): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x225) 3.961562846s ago: executing program 34 (id=26209): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x225) 1.220725655s ago: executing program 4 (id=26237): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x13, 0x7, 0xc, 0x22, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 1.132739056s ago: executing program 4 (id=26239): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000027c0), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000002ac0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_ASSOCIATE(r0, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000002b00)={0x1c, r1, 0x1, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20004010}, 0x10) 1.132655472s ago: executing program 4 (id=26240): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000210018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000807b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.071165401s ago: executing program 4 (id=26241): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000000)="d1", 0x1, 0x24004000, &(0x7f0000000100)={0xa, 0x4e24, 0x7f, @remote, 0x5}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) shutdown(r0, 0x1) 1.017064399s ago: executing program 6 (id=26210): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f0000000640)=0x13) poll(&(0x7f0000000200)=[{r0, 0x10}], 0x1, 0x20000000) ioctl$TCSETA(r0, 0x5406, &(0x7f00000001c0)={0x9, 0xfe, 0xff82, 0xa, 0x30}) 268.944778ms ago: executing program 0 (id=26265): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000ac0)={0x20, r2, 0x1, 0x70bd25, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x4}]}, 0x20}}, 0x800) 268.809362ms ago: executing program 0 (id=26267): rseq(&(0x7f0000000040), 0x20, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, 0x0, 0x0) 268.702811ms ago: executing program 0 (id=26269): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) bind$inet6(0xffffffffffffffff, 0x0, 0x0) 194.091524ms ago: executing program 2 (id=26270): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000040)=0x2ce, 0x4) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r1, 0xffffffffffffffff, 0x0) 193.926462ms ago: executing program 2 (id=26271): io_submit(0x0, 0x1, &(0x7f00000009c0)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0xb, 0xffffffffffffffff, &(0x7f00000002c0)="ccf88c72963dae70ba54d60a060c63b5f19586dbfe0e4eae1f59b48a0c37fc447d039f661064a7cd6330eba0140b1fec1663ead31d87487ccf90f64489fb3b3ae72999ea27c473609c7f6975402441a5e7ee8dc39084728ece3d7cfa12d3e10014cc01d4b11b07189cd7b260ab4958ec80f9370860a654a7e6f80206024addaa50f868f2", 0x84, 0x9, 0x0, 0x2}]) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="240000007dc2965cffffffff4000000802000000000001000100010008000a"], 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="28000000210001"], 0x28}}, 0x0) 193.861624ms ago: executing program 2 (id=26272): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x2, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 193.140355ms ago: executing program 4 (id=26273): r0 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) symlinkat(&(0x7f0000001040)='./file0\x00', r1, &(0x7f0000000000)='./file0\x00') 117.851464ms ago: executing program 4 (id=26274): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x40ead000) madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) syz_clone(0x900a000, 0x0, 0x0, 0x0, 0x0, 0x0) 117.704555ms ago: executing program 6 (id=26275): pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) splice(r1, 0x0, r0, 0x0, 0x1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 55.136886ms ago: executing program 0 (id=26276): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$9p_virtio(&(0x7f0000000180), &(0x7f0000000140)='./bus\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x2) 55.000742ms ago: executing program 0 (id=26277): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f0000000100), 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) write(r0, &(0x7f0000000080)="89ba41c97928dec7cec15a160d3dba257872aed129d4b5247c9834550448a4f46c37425b873ec95db3d757e8b2333a64d9abf416fd83f942661c47bcdf71f7d07ba2b2f051829a7f66952e57962614db0d03474a4a4bce636ea8d2b882b2b49ef18e76edbec7302a96e41f206d930eda2769c56e6d5e3d541ce9a21c3ce5cb5f", 0xfdef) 54.91861ms ago: executing program 2 (id=26278): r0 = syz_io_uring_setup(0x39, &(0x7f0000001800)={0x0, 0x0, 0x10100}, &(0x7f0000000240)=0x0, &(0x7f0000001880)=0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000780)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r3, 0x0, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0, 0x10042}) io_uring_enter(r0, 0x92, 0x0, 0x0, 0x0, 0x0) 280.676µs ago: executing program 6 (id=26279): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) process_mrelease(0xffffffffffffffff, 0x1000000) 156.214µs ago: executing program 2 (id=26280): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) readv(r1, &(0x7f0000000000)=[{&(0x7f00000028c0)=""/4098, 0x1002}], 0x1) 64.54µs ago: executing program 0 (id=26281): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) ioctl$sock_SIOCBRDELBR(r0, 0x89a2, &(0x7f0000000000)='bridge0\x00') syz_emit_ethernet(0x2a, &(0x7f00000002c0)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @dev={0xac, 0x14, 0x14, 0x22}}, @address_request={0x11, 0x0, 0x0, 0x1}}}}}, 0x0) 0s ago: executing program 2 (id=26282): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x5}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000007e40)=[{{&(0x7f0000000340)={0xa, 0x4e20, 0x0, @dev}, 0x18, 0x0}}], 0x6c00, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x44040, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, 0xfa1}, 0x1c) kernel console output (not intermixed with test programs): arsing attributes in process `syz.0.20927'. [ 371.586705][T17324] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 371.625268][T17330] netlink: 8 bytes leftover after parsing attributes in process `syz.2.20944'. [ 371.628108][T17330] openvswitch: netlink: nsh attr 0 has unexpected len 7 expected 0 [ 371.631355][T17330] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 371.712887][T17344] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 371.846807][T17360] netlink: 8 bytes leftover after parsing attributes in process `syz.0.20957'. [ 371.850212][T17360] openvswitch: netlink: nsh attr 0 has unexpected len 7 expected 0 [ 371.853536][T17360] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 371.944090][T17368] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 372.056904][T17386] netlink: 20 bytes leftover after parsing attributes in process `syz.0.20971'. [ 372.153194][T17390] netlink: 24 bytes leftover after parsing attributes in process `syz.2.20974'. [ 373.295912][T17423] netlink: 24 bytes leftover after parsing attributes in process `syz.4.20987'. [ 373.910577][T17469] team0: Device gtp0 is of different type [ 374.225382][T17525] netlink: 8 bytes leftover after parsing attributes in process `syz.2.21039'. [ 374.234294][T17525] netlink: 8 bytes leftover after parsing attributes in process `syz.2.21039'. [ 374.237317][T17525] netlink: 8 bytes leftover after parsing attributes in process `syz.2.21039'. [ 374.250150][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 374.250160][ T40] audit: type=1326 audit(2000000096.421:23926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17528 comm="syz.3.21042" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf705e579 code=0x0 [ 374.387306][T17559] sctp: [Deprecated]: syz.0.21057 (pid 17559) Use of struct sctp_assoc_value in delayed_ack socket option. [ 374.387306][T17559] Use struct sctp_sack_info instead [ 374.405734][T17559] sctp: [Deprecated]: syz.0.21057 (pid 17559) Use of struct sctp_assoc_value in delayed_ack socket option. [ 374.405734][T17559] Use struct sctp_sack_info instead [ 374.533006][T17588] sctp: [Deprecated]: syz.4.21070 (pid 17588) Use of struct sctp_assoc_value in delayed_ack socket option. [ 374.533006][T17588] Use struct sctp_sack_info instead [ 374.538509][T17588] sctp: [Deprecated]: syz.4.21070 (pid 17588) Use of struct sctp_assoc_value in delayed_ack socket option. [ 374.538509][T17588] Use struct sctp_sack_info instead [ 375.377348][T17668] __nla_validate_parse: 2 callbacks suppressed [ 375.377358][T17668] netlink: 12 bytes leftover after parsing attributes in process `syz.3.21108'. [ 375.634251][ T40] audit: type=1326 audit(2000000097.801:23927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17709 comm="syz.2.21129" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x0 [ 375.832232][T17749] netlink: 8 bytes leftover after parsing attributes in process `syz.3.21148'. [ 375.939477][T17769] netlink: 16 bytes leftover after parsing attributes in process `syz.0.21158'. [ 375.969589][ T40] audit: type=1326 audit(2000000098.141:23928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17776 comm="syz.4.21162" exe="/syz-executor" sig=31 arch=40000003 syscall=20 compat=1 ip=0xf7fe8579 code=0x0 [ 376.144707][T17804] tmpfs: Cannot change global quota limit on remount [ 376.422322][T17830] tipc: Enabling of bearer rejected, failed to enable media [ 376.463387][ T6087] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 376.584479][T17856] netlink: 8 bytes leftover after parsing attributes in process `syz.2.21198'. [ 376.587266][T17856] netlink: 4 bytes leftover after parsing attributes in process `syz.2.21198'. [ 376.590544][T17856] netlink: 'syz.2.21198': attribute type 7 has an invalid length. [ 376.623488][T17862] tmpfs: Cannot enable quota on remount [ 376.638577][ T6087] usb 5-1: Using ep0 maxpacket: 16 [ 376.643784][ T6087] usb 5-1: config 0 has no interfaces? [ 376.647534][ T6087] usb 5-1: New USB device found, idVendor=045e, idProduct=0721, bcdDevice=9c.25 [ 376.653072][ T6087] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 376.655550][ T6087] usb 5-1: Product: syz [ 376.656858][ T6087] usb 5-1: Manufacturer: syz [ 376.658312][ T6087] usb 5-1: SerialNumber: syz [ 376.661215][ T6087] usb 5-1: config 0 descriptor?? [ 376.868716][ T6087] usb 5-1: USB disconnect, device number 24 [ 377.057357][T17884] netlink: 'syz.4.21210': attribute type 2 has an invalid length. [ 377.416225][T17911] netlink: 8 bytes leftover after parsing attributes in process `syz.0.21221'. [ 377.419344][T17911] nbd: socks must be embedded in a SOCK_ITEM attr [ 377.441528][T17915] netlink: 28 bytes leftover after parsing attributes in process `syz.4.21223'. [ 377.486682][T17923] tipc: Started in network mode [ 377.488301][T17923] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711 [ 377.492150][T17923] tipc: Enabled bearer , priority 10 [ 377.727583][ T40] audit: type=1326 audit(2000000099.891:23929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17956 comm="syz.4.21243" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x0 [ 377.767291][T17962] netem: change failed [ 377.882095][T17978] netlink: 28 bytes leftover after parsing attributes in process `syz.0.21259'. [ 378.618546][ T34] tipc: Node number set to 4269801488 [ 379.421625][T18050] netlink: 8 bytes leftover after parsing attributes in process `syz.0.21295'. [ 379.542287][ T40] audit: type=1326 audit(2000000101.711:23930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18061 comm="syz.0.21291" exe="/syz-executor" sig=31 arch=40000003 syscall=20 compat=1 ip=0xf704e579 code=0x0 [ 380.059533][T18099] netlink: 12 bytes leftover after parsing attributes in process `syz.4.21310'. [ 380.515643][T18155] netlink: 'syz.2.21338': attribute type 2 has an invalid length. [ 380.556420][ T40] audit: type=1326 audit(2000000102.721:23931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18157 comm="syz.3.21340" exe="/syz-executor" sig=31 arch=40000003 syscall=20 compat=1 ip=0xf705e579 code=0x0 [ 381.486428][T18214] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 381.914661][T18294] netlink: 4 bytes leftover after parsing attributes in process `syz.4.21406'. [ 381.977468][T18310] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 382.050163][ T40] audit: type=1326 audit(2000000104.221:23932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18324 comm="syz.2.21423" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7ffc0000 [ 382.056609][ T40] audit: type=1326 audit(2000000104.221:23933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18324 comm="syz.2.21423" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7ffc0000 [ 382.063954][ T40] audit: type=1326 audit(2000000104.221:23934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18324 comm="syz.2.21423" exe="/syz-executor" sig=0 arch=40000003 syscall=445 compat=1 ip=0xf7f73579 code=0x7ffc0000 [ 382.070409][ T40] audit: type=1326 audit(2000000104.221:23935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18324 comm="syz.2.21423" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7ffc0000 [ 382.076396][ T40] audit: type=1326 audit(2000000104.221:23936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18324 comm="syz.2.21423" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7ffc0000 [ 382.160775][T18351] ALSA: mixer_oss: invalid OSS volume 'Y{UDD ' [ 382.163159][T18351] ALSA: mixer_oss: invalid OSS volume 'ߧ4cT󯆩"m!lT.Π' [ 382.165513][T18351] ALSA: mixer_oss: invalid OSS volume 'lg' [ 382.167204][T18351] ALSA: mixer_oss: invalid OSS volume ')nkKi,rWY\ZV?J`G' [ 382.171525][T18351] ALSA: mixer_oss: invalid OSS volume 'kO0$g{pl{y;_ARW' [ 382.173890][T18351] ALSA: mixer_oss: invalid OSS volume '' [ 382.175529][T18351] ALSA: mixer_oss: invalid OSS volume 'sv Fu{Qby>h%w]' [ 382.177693][T18351] ALSA: mixer_oss: invalid OSS volume 'E= v?@48@hL' [ 382.181075][T18351] ALSA: mixer_oss: invalid OSS volume '+?>3Iq0:iq|UDř' [ 382.183559][T18351] ALSA: mixer_oss: invalid OSS volume 'vӷ*xrN0ܗcAdh' [ 382.186174][T18351] ALSA: mixer_oss: invalid OSS volume 'JM %HJ[~S' [ 382.380661][T18394] bridge0: port 1(syz_tun) entered blocking state [ 382.382808][T18394] bridge0: port 1(syz_tun) entered disabled state [ 382.384981][T18394] syz_tun: entered allmulticast mode [ 382.387471][T18394] syz_tun: entered promiscuous mode [ 382.390261][T18394] bridge0: port 1(syz_tun) entered blocking state [ 382.392397][T18394] bridge0: port 1(syz_tun) entered listening state [ 382.531700][T18420] vivid-000: disconnect [ 382.693868][T18450] UHID_CREATE from different security context by process 11415 (syz.3.21481), this is not allowed. [ 382.801188][T18471] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 382.923685][T18485] netlink: 196 bytes leftover after parsing attributes in process `syz.2.21498'. [ 383.000835][T18497] nbd: must specify at least one socket [ 383.067530][T18507] vlan0: entered allmulticast mode [ 383.069645][T18507] bridge_slave_0: entered allmulticast mode [ 383.125503][T18511] ALSA: mixer_oss: invalid OSS volume 'Y{UDD ' [ 383.127887][T18511] ALSA: mixer_oss: invalid OSS volume 'ߧ4cT󯆩"m!lT.Π' [ 383.130393][T18511] ALSA: mixer_oss: invalid OSS volume 'lg' [ 383.132153][T18511] ALSA: mixer_oss: invalid OSS volume ')nkKi,rWY\ZV?J`G' [ 383.134544][T18511] ALSA: mixer_oss: invalid OSS volume 'kO0$g{pl{y;_ARW' [ 383.136961][T18511] ALSA: mixer_oss: invalid OSS volume '' [ 383.138668][T18511] ALSA: mixer_oss: invalid OSS volume 'sv Fu{Qby>h%w]' [ 383.140902][T18511] ALSA: mixer_oss: invalid OSS volume 'E= v?@48@hL' [ 383.143287][T18511] ALSA: mixer_oss: invalid OSS volume '+?>3Iq0:iq|UDř' [ 383.145634][T18511] ALSA: mixer_oss: invalid OSS volume 'vӷ*xrN0ܗcAdh' [ 383.148061][T18511] ALSA: mixer_oss: invalid OSS volume 'JM %HJ[~S' [ 383.312156][T18411] vivid-000: reconnect [ 383.546324][T18558] netlink: 196 bytes leftover after parsing attributes in process `syz.0.21532'. [ 383.574140][T18560] nbd: must specify at least one socket [ 384.525723][T18603] netlink: 252 bytes leftover after parsing attributes in process `syz.0.21552'. [ 384.528886][T18603] netlink: 28 bytes leftover after parsing attributes in process `syz.0.21552'. [ 384.587825][T18613] smc: net device wg1 applied user defined pnetid SYZ1 [ 384.915022][T18650] netlink: 48 bytes leftover after parsing attributes in process `syz.3.21576'. [ 385.153982][T18673] netlink: 48 bytes leftover after parsing attributes in process `syz.0.21586'. [ 385.443197][T18712] netlink: 4 bytes leftover after parsing attributes in process `syz.3.21606'. [ 385.763618][T18732] [U] R5JCҰ~V6|7KXVZZGR $ [ 386.129261][T18781] netlink: 24 bytes leftover after parsing attributes in process `syz.2.21646'. [ 386.212268][T18785] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 386.215927][T18785] overlayfs: missing 'lowerdir' [ 386.238484][T18789] netlink: 4 bytes leftover after parsing attributes in process `syz.0.21642'. [ 386.291294][ T40] audit: type=1326 audit(2000000108.462:23937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18799 comm="syz.0.21648" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf704e579 code=0x0 [ 387.172621][T18820] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 387.175307][T18820] overlayfs: missing 'lowerdir' [ 387.473673][T18863] overlayfs: lower data-only dirs require metacopy support. [ 387.555964][T18879] vimc link validate: Scaler:src:16x16 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 387.701613][T18903] openvswitch: netlink: IPv6 tunnel dst address is zero [ 387.879805][T18926] vimc link validate: Scaler:src:16x16 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 387.926524][T18937] openvswitch: netlink: Message has 16 unknown bytes. [ 387.928782][T18937] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 388.033797][T18949] openvswitch: netlink: IPv6 tunnel dst address is zero [ 388.527023][T19028] netlink: 8 bytes leftover after parsing attributes in process `syz.3.21755'. [ 388.585270][T19037] openvswitch: netlink: nsh attribute has 2 unknown bytes. [ 388.587669][T19037] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 388.651078][T19048] netlink: 16 bytes leftover after parsing attributes in process `syz.4.21765'. [ 388.655770][T19048] netlink: 16 bytes leftover after parsing attributes in process `syz.4.21765'. [ 388.764290][T19066] blktrace: Concurrent blktraces are not allowed on sg0 [ 388.834211][T19079] netlink: 'syz.3.21781': attribute type 11 has an invalid length. [ 389.131506][T19131] netlink: 56 bytes leftover after parsing attributes in process `syz.3.21805'. [ 389.134735][T19131] netlink: 'syz.3.21805': attribute type 5 has an invalid length. [ 390.052921][T19162] netlink: 28 bytes leftover after parsing attributes in process `syz.0.21821'. [ 390.290377][T19206] netlink: 36 bytes leftover after parsing attributes in process `syz.3.21839'. [ 390.711310][T19277] netlink: 36 bytes leftover after parsing attributes in process `syz.4.21872'. [ 390.864973][ T40] audit: type=1326 audit(2000000113.032:23938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19304 comm="syz.3.21886" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf705e579 code=0x0 [ 390.926148][T19312] openvswitch: netlink: Message has 16 unknown bytes. [ 390.930462][T19312] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 392.004409][T19385] netlink: 28 bytes leftover after parsing attributes in process `syz.4.21921'. [ 393.393338][T19490] netlink: 8 bytes leftover after parsing attributes in process `syz.0.21972'. [ 393.481337][T19509] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.21981'. [ 393.545162][T19521] netlink: 4 bytes leftover after parsing attributes in process `syz.4.21987'. [ 393.548662][T19521] netlink: 4 bytes leftover after parsing attributes in process `syz.4.21987'. [ 393.558664][T19525] netlink: 48 bytes leftover after parsing attributes in process `syz.0.21984'. [ 393.761573][T19568] netlink: 8 bytes leftover after parsing attributes in process `syz.4.22010'. [ 393.764365][T19568] netlink: 12 bytes leftover after parsing attributes in process `syz.4.22010'. [ 393.767232][T19568] netlink: 'syz.4.22010': attribute type 20 has an invalid length. [ 393.893099][T19603] netlink: 16 bytes leftover after parsing attributes in process `syz.0.22026'. [ 393.940454][T19612] netlink: 'syz.4.22030': attribute type 3 has an invalid length. [ 394.022325][T19631] netlink: 'syz.0.22040': attribute type 27 has an invalid length. [ 394.050334][T19635] tipc: Invalid UDP bearer configuration [ 394.050358][T19635] tipc: Enabling of bearer rejected, failed to enable media [ 394.239322][T19674] veth0_to_bond: entered allmulticast mode [ 394.421039][T19715] netlink: 12 bytes leftover after parsing attributes in process `syz.0.22079'. [ 394.554180][T19731] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 394.556832][T19731] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 394.557888][T19735] netlink: 8 bytes leftover after parsing attributes in process `syz.4.22086'. [ 394.559341][T19731] vhci_hcd vhci_hcd.0: Device attached [ 394.563964][T19735] netlink: 12 bytes leftover after parsing attributes in process `syz.4.22086'. [ 394.717593][ T1022] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 394.817601][ T5941] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 394.817619][ T10] usb 37-1: new low-speed USB device number 3 using vhci_hcd [ 394.869115][ T1022] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 394.872496][ T1022] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 394.875527][ T1022] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 394.878362][ T1022] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.882321][T19724] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 394.885948][ T1022] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 394.977589][ T5941] usb 5-1: Using ep0 maxpacket: 16 [ 394.983890][ T5941] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 394.986681][ T5941] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 394.991846][ T5941] usb 5-1: Product: syz [ 394.993183][ T5941] usb 5-1: Manufacturer: syz [ 394.994638][ T5941] usb 5-1: SerialNumber: syz [ 394.998320][ T5941] usb 5-1: config 0 descriptor?? [ 395.001189][ T5941] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 395.003975][ T5941] usb 5-1: Detected FT232H [ 395.098326][ T836] usb 7-1: USB disconnect, device number 18 [ 395.207856][T19732] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 2 [ 395.210192][ T5941] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 395.210430][ T183] vhci_hcd: stop threads [ 395.212625][ T5941] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 395.213730][ T183] vhci_hcd: release socket [ 395.216109][ T5941] ftdi_sio 5-1:0.0: GPIO initialisation failed: -71 [ 395.219664][ T183] vhci_hcd: disconnect device [ 395.220202][ T5941] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 395.224965][ T5941] usb 5-1: USB disconnect, device number 25 [ 395.228267][ T5941] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 395.231289][ T5941] ftdi_sio 5-1:0.0: device disconnected [ 395.825080][T19770] veth0_to_bond: entered allmulticast mode [ 395.840304][T19772] netlink: 8 bytes leftover after parsing attributes in process `syz.0.22111'. [ 395.914374][T19784] devtmpfs: Too small a size for current use [ 395.979286][T19798] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 396.190167][T19817] autofs: Bad value for 'fd' [ 396.292387][T19836] netlink: 'syz.4.22135': attribute type 2 has an invalid length. [ 396.312463][T19840] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 396.314883][T19840] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 396.367903][T19854] devtmpfs: Too small a size for current use [ 396.421836][ T40] audit: type=1326 audit(2000000118.592:23939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19865 comm="syz.0.22150" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf704e579 code=0x0 [ 396.455232][T19870] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 396.457751][T19870] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 397.497057][T19948] dlm: plock device version mismatch: kernel (1.2.0), user (1.53411925.0) [ 397.771671][T20017] devtmpfs: Bad value for 'nr_blocks' [ 397.979074][ C3] bridge0: port 1(syz_tun) entered learning state [ 398.061745][T20062] usb usb8: usbfs: process 20062 (syz.3.22245) did not claim interface 0 before use [ 398.617336][ T8090] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 398.778756][ T8090] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 398.781826][ T8090] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 398.787438][ T8090] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 398.790990][ T8090] usb 7-1: config 0 descriptor?? [ 398.794096][ T8090] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 398.970325][T20160] program syz.0.22292 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 399.001633][ T5941] usb 7-1: USB disconnect, device number 19 [ 399.073971][T20178] overlay: ./file0 is not a directory [ 399.979479][ T10] vhci_hcd: vhci_device speed not set [ 400.047677][T20252] dlm: plock device version mismatch: kernel (1.2.0), user (1.53411925.0) [ 400.327261][ T1022] usb 7-1: new low-speed USB device number 20 using dummy_hcd [ 400.488423][ T1022] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 400.490833][ T1022] usb 7-1: config 0 has no interface number 0 [ 400.492683][ T1022] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 400.496017][ T1022] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 400.500165][ T1022] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 400.502973][ T1022] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.506449][ T1022] usb 7-1: config 0 descriptor?? [ 400.509800][T20255] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 400.513607][ T1022] iowarrior 7-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 400.623876][T20310] netlink: 'syz.0.22364': attribute type 3 has an invalid length. [ 400.629666][T20312] __nla_validate_parse: 7 callbacks suppressed [ 400.629677][T20312] netlink: 4 bytes leftover after parsing attributes in process `syz.3.22366'. [ 400.675637][T20320] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 400.726453][T20328] netlink: 'syz.0.22373': attribute type 1 has an invalid length. [ 400.729721][T20328] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 400.730771][ T8090] usb 7-1: USB disconnect, device number 20 [ 400.808172][T20338] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 400.972483][T20347] pim6reg: entered allmulticast mode [ 400.978616][T20347] pim6reg: left allmulticast mode [ 401.369577][T20393] netlink: 8 bytes leftover after parsing attributes in process `syz.0.22403'. [ 401.746935][T20449] pim6reg: entered allmulticast mode [ 401.754313][T20449] pim6reg: left allmulticast mode [ 401.865400][T20457] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 402.237178][T20494] netlink: 'syz.2.22449': attribute type 1 has an invalid length. [ 402.239978][T20494] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 402.339026][T20506] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 402.341102][T20506] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 402.343834][T20506] vhci_hcd vhci_hcd.0: Device attached [ 402.597144][ T1022] usb 43-1: new high-speed USB device number 2 using vhci_hcd [ 402.744832][T20513] netlink: 8 bytes leftover after parsing attributes in process `syz.2.22458'. [ 403.353963][T20556] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 403.665504][T20573] netlink: 8 bytes leftover after parsing attributes in process `syz.2.22484'. [ 404.142837][T20624] netlink: 156 bytes leftover after parsing attributes in process `syz.2.22509'. [ 404.530559][T20655] netlink: 8 bytes leftover after parsing attributes in process `syz.4.22522'. [ 404.601095][T20661] overlayfs: workdir and upperdir must be separate subtrees [ 404.964237][T20683] netlink: 8 bytes leftover after parsing attributes in process `syz.0.22533'. [ 405.343128][T20507] vhci_hcd: connection reset by peer [ 405.345131][ T12] vhci_hcd: stop threads [ 405.346499][ T12] vhci_hcd: release socket [ 405.348059][ T12] vhci_hcd: disconnect device [ 406.446976][ T837] usb 5-1: new low-speed USB device number 26 using dummy_hcd [ 406.598221][ T837] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 406.601418][ T837] usb 5-1: config 0 has no interface number 0 [ 406.603562][ T837] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 406.609161][ T837] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 406.612418][ T837] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 406.615990][ T837] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 406.619473][ T837] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 406.622791][ T837] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 406.626757][ T837] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 406.631696][ T837] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 406.637241][ T837] usb 5-1: config 0 descriptor?? [ 406.639362][T20759] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 406.641677][T20759] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 406.647806][ T837] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 406.794032][T20777] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 406.796368][T20777] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 406.799212][T20777] vhci_hcd vhci_hcd.0: Device attached [ 406.848393][ T57] usb 5-1: USB disconnect, device number 26 [ 406.852519][ T57] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 407.036863][ T837] usb 41-1: new low-speed USB device number 3 using vhci_hcd [ 407.046836][ T8090] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 407.196836][ T8090] usb 7-1: Using ep0 maxpacket: 16 [ 407.201465][ T8090] usb 7-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 407.204331][ T8090] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 407.206908][ T8090] usb 7-1: Product: syz [ 407.208229][ T8090] usb 7-1: Manufacturer: syz [ 407.209712][ T8090] usb 7-1: SerialNumber: syz [ 407.212359][ T8090] usb 7-1: config 0 descriptor?? [ 407.215240][ T8090] ftdi_sio 7-1:0.0: FTDI USB Serial Device converter detected [ 407.218080][ T8090] usb 7-1: Detected FT232H [ 407.410565][T20786] netlink: 8 bytes leftover after parsing attributes in process `syz.0.22586'. [ 407.413915][T20786] netlink: 16 bytes leftover after parsing attributes in process `syz.0.22586'. [ 407.419251][ T8090] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 407.419299][T20778] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 2 [ 407.421953][ T8090] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 407.425961][ T8090] ftdi_sio 7-1:0.0: GPIO initialisation failed: -71 [ 407.428335][ T1151] vhci_hcd: stop threads [ 407.428349][ T1151] vhci_hcd: release socket [ 407.428383][ T1151] vhci_hcd: disconnect device [ 407.434099][ T8090] usb 7-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 407.438933][ T8090] usb 7-1: USB disconnect, device number 21 [ 407.442161][ T8090] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 407.445325][ T8090] ftdi_sio 7-1:0.0: device disconnected [ 407.495657][ T40] audit: type=1326 audit(2000000129.663:23940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20794 comm="syz.0.22590" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf704e579 code=0x0 [ 407.726909][ T1022] vhci_hcd: vhci_device speed not set [ 408.067635][T20837] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.22610'. [ 408.070843][T20837] netlink: zone id is out of range [ 408.072457][T20837] netlink: zone id is out of range [ 408.076572][T20837] netlink: get zone limit has 8 unknown bytes [ 408.191367][ T10] libceph: connect (1)[c::]:6789 error -22 [ 408.193676][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 408.470419][ T10] libceph: connect (1)[c::]:6789 error -22 [ 408.472372][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 408.762529][T20886] netlink: 'syz.0.22629': attribute type 2 has an invalid length. [ 408.765028][T20886] netlink: 132 bytes leftover after parsing attributes in process `syz.0.22629'. [ 408.979036][ T10] libceph: connect (1)[c::]:6789 error -22 [ 408.982392][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 409.001231][T20843] ceph: No mds server is up or the cluster is laggy [ 409.160075][T20908] netlink: 'syz.4.22640': attribute type 2 has an invalid length. [ 409.162622][T20908] netlink: 132 bytes leftover after parsing attributes in process `syz.4.22640'. [ 409.485942][T20957] netlink: 'syz.4.22671': attribute type 23 has an invalid length. [ 409.720089][T20995] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 409.724507][T20997] autofs: Bad value for 'uid' [ 409.725989][T20997] autofs: Bad value for 'uid' [ 409.933880][ T40] audit: type=1326 audit(2000000132.103:23941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20899 comm="syz.3.22635" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7fc00000 [ 410.073672][T21060] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 410.074783][T21059] 8021q: adding VLAN 0 to HW filter on device bond0 [ 410.079834][T21059] bond0: entered promiscuous mode [ 410.081680][T21059] team0: Port device bond0 added [ 410.224111][ T9026] libceph: connect (1)[c::]:6789 error -101 [ 410.226073][ T9026] libceph: mon0 (1)[c::]:6789 connect error [ 410.410055][T21111] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 410.412508][T21111] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 410.478397][T21121] program syz.0.22742 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 410.489087][ T9026] libceph: connect (1)[c::]:6789 error -101 [ 410.493251][ T9026] libceph: mon0 (1)[c::]:6789 connect error [ 410.589615][T21135] netlink: 'syz.0.22749': attribute type 1 has an invalid length. [ 410.635462][ T838] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0 [ 410.638569][ T838] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0 [ 410.641456][ T838] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0 [ 410.644418][ T838] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0 [ 410.647643][ T838] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0 [ 410.650513][ T838] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0 [ 410.653420][ T838] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0 [ 410.656449][ T838] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0 [ 410.659424][ T838] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0 [ 410.662282][ T838] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0 [ 410.665189][ T838] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0 [ 410.668565][ T838] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0 [ 410.671421][ T838] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0 [ 410.674295][ T838] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0 [ 410.677245][ T838] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0 [ 410.681277][ T838] hid-generic 00A0:0006:0003.0009: hidraw0: HID v0.05 Device [syz1] on syz0 [ 410.708971][T21144] autofs: Bad value for 'uid' [ 410.710478][T21144] autofs: Bad value for 'uid' [ 410.997151][ T9026] libceph: connect (1)[c::]:6789 error -101 [ 410.999117][ T9026] libceph: mon0 (1)[c::]:6789 connect error [ 411.048924][T21083] ceph: No mds server is up or the cluster is laggy [ 411.082159][T21184] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 411.084468][T21184] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 411.127520][T21190] netlink: 'syz.4.22775': attribute type 1 has an invalid length. [ 411.294850][T21210] x_tables: ip_tables: owner match: used from hooks PREROUTING, but only valid from OUTPUT/POSTROUTING [ 411.394042][T21225] netlink: 4 bytes leftover after parsing attributes in process `syz.0.22790'. [ 411.396916][T21225] netlink: 4 bytes leftover after parsing attributes in process `syz.0.22790'. [ 412.136897][ T837] vhci_hcd: vhci_device speed not set [ 412.357783][T21247] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 412.913985][T21397] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 412.939592][T21402] nbd: must specify a size in bytes for the device [ 412.949661][T21404] mkiss: ax0: crc mode is auto. [ 412.976313][T21410] netlink: 'syz.3.22882': attribute type 11 has an invalid length. [ 413.093800][T21428] netlink: 'syz.3.22892': attribute type 1 has an invalid length. [ 413.338179][ C3] bridge0: port 1(syz_tun) entered forwarding state [ 413.340273][ C3] bridge0: topology change detected, propagating [ 413.556559][T21497] netlink: 4 bytes leftover after parsing attributes in process `syz.3.22923'. [ 413.592389][T21503] openvswitch: netlink: Duplicate key (type 0). [ 413.947624][T21559] netlink: 216 bytes leftover after parsing attributes in process `syz.3.22952'. [ 413.951200][T21559] netlink: 24 bytes leftover after parsing attributes in process `syz.3.22952'. [ 413.954043][T21559] netlink: 16 bytes leftover after parsing attributes in process `syz.3.22952'. [ 414.051347][T21575] netlink: 'syz.2.22959': attribute type 1 has an invalid length. [ 414.340808][T21485] ceph: No mds server is up or the cluster is laggy [ 414.425545][T21609] mkiss: ax0: crc mode is auto. [ 414.451335][T21615] netlink: 'syz.2.22979': attribute type 11 has an invalid length. [ 414.632088][T21639] netlink: 32 bytes leftover after parsing attributes in process `syz.0.22991'. [ 414.680114][T21541] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 415.554048][T21657] netlink: 4 bytes leftover after parsing attributes in process `syz.2.22997'. [ 415.660060][T21683] sp0: Synchronizing with TNC [ 415.670493][T21687] netlink: 192 bytes leftover after parsing attributes in process `syz.0.23015'. [ 415.676715][T21681] [U] [ 415.745942][T21700] netlink: 4 bytes leftover after parsing attributes in process `syz.0.23022'. [ 415.770833][T21705] can0: slcan on ttyprintk. [ 415.817609][T21704] can0 (unregistered): slcan off ttyprintk. [ 415.828055][T21715] atomic_op ffff8880250fc998 conn xmit_atomic 0000000000000000 [ 416.050659][T21766] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 416.090159][T21775] netlink: 48 bytes leftover after parsing attributes in process `syz.2.23057'. [ 416.263323][T21819] program syz.2.23079 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 416.320133][T21831] overlayfs: disabling nfs_export due to verity=on [ 416.322212][T21831] overlayfs: missing 'lowerdir' [ 416.382876][T21846] sp0: Synchronizing with TNC [ 416.388094][T21844] [U] [ 416.405850][T21850] program syz.4.23093 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 416.668316][T21896] tmpfs: Cannot enable swap on remount if it was disabled on first mount [ 417.010105][T21940] tmpfs: Cannot enable swap on remount if it was disabled on first mount [ 417.220931][T21958] tipc: Enabled bearer , priority 1 [ 417.398385][T21982] netlink: 8 bytes leftover after parsing attributes in process `syz.0.23159'. [ 417.517793][T22005] tipc: Enabling of bearer rejected, failed to enable media [ 417.541794][T22007] team0: Port device bridge0 added [ 417.943936][T22075] netlink: 'syz.0.23203': attribute type 6 has an invalid length. [ 417.946691][T22075] netlink: 'syz.0.23203': attribute type 5 has an invalid length. [ 417.949175][T22075] netlink: 'syz.0.23203': attribute type 4 has an invalid length. [ 417.978481][T22081] program syz.0.23206 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 418.642900][T22160] __nla_validate_parse: 3 callbacks suppressed [ 418.642910][T22160] netlink: 8 bytes leftover after parsing attributes in process `syz.4.23243'. [ 418.700063][T22166] netlink: 28 bytes leftover after parsing attributes in process `syz.4.23245'. [ 418.813466][T22184] program syz.4.23255 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 418.882465][T22190] netlink: 44 bytes leftover after parsing attributes in process `syz.2.23265'. [ 418.885401][T22190] netlink: 'syz.2.23265': attribute type 6 has an invalid length. [ 418.889111][T22190] netlink: 'syz.2.23265': attribute type 5 has an invalid length. [ 418.891696][T22190] netlink: 'syz.2.23265': attribute type 4 has an invalid length. [ 421.419508][T22339] netlink: 'syz.3.23329': attribute type 8 has an invalid length. [ 424.424895][T22437] MTD: Couldn't look up 'mountinfo': -2 [ 424.568045][T22462] netlink: 'syz.0.23387': attribute type 5 has an invalid length. [ 424.592952][T22466] program syz.2.23389 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 424.695533][T22487] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491 [ 425.194020][T22592] program syz.0.23444 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 425.285524][T22607] netlink: 8 bytes leftover after parsing attributes in process `syz.0.23450'. [ 425.289107][T22607] netlink: 36 bytes leftover after parsing attributes in process `syz.0.23450'. [ 425.910283][ T40] audit: type=1326 audit(2000000000.660:23942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22573 comm="syz.4.23439" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7fc00000 [ 425.951159][T22635] MTD: Couldn't look up 'mountinfo': -2 [ 426.248790][T22682] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 426.293826][T22691] netlink: 8 bytes leftover after parsing attributes in process `syz.4.23489'. [ 426.298791][T22691] netlink: 'syz.4.23489': attribute type 30 has an invalid length. [ 426.301158][T22691] netlink: 12 bytes leftover after parsing attributes in process `syz.4.23489'. [ 426.367256][T22703] sp0: Synchronizing with TNC [ 426.369955][T22703] sp0: Found TNC [ 426.372643][T22701] [U] ` [ 426.766458][T22757] misc userio: Invalid payload size [ 427.048141][T22763] netlink: 8 bytes leftover after parsing attributes in process `syz.2.23523'. [ 427.050822][T22763] netlink: 'syz.2.23523': attribute type 30 has an invalid length. [ 427.053226][T22763] netlink: 12 bytes leftover after parsing attributes in process `syz.2.23523'. [ 428.491427][T22802] sp0: Synchronizing with TNC [ 428.496769][T22802] sp0: Found TNC [ 428.498187][T22801] [U] ` [ 428.825842][ T9026] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 428.988864][ T9026] usb 7-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 428.991607][ T9026] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 428.994180][ T9026] usb 7-1: Product: syz [ 428.995509][ T9026] usb 7-1: Manufacturer: syz [ 428.997156][ T9026] usb 7-1: SerialNumber: syz [ 428.999685][ T9026] usb 7-1: config 0 descriptor?? [ 429.002307][ T9026] ch341 7-1:0.0: ch341-uart converter detected [ 429.204507][T22814] netlink: 156 bytes leftover after parsing attributes in process `syz.2.23547'. [ 429.208261][ T9026] usb 7-1: failed to receive control message: -71 [ 429.210240][ T9026] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 429.213455][ T9026] usb 7-1: USB disconnect, device number 22 [ 429.215867][ T9026] ch341 7-1:0.0: device disconnected [ 430.043348][ T40] audit: type=1326 audit(2000000004.790:23943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22874 comm="syz.3.23576" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x0 [ 431.272329][ T40] audit: type=1326 audit(2000000006.019:23944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22955 comm="syz.2.23615" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7ffc0000 [ 431.282211][ T40] audit: type=1326 audit(2000000006.019:23945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22955 comm="syz.2.23615" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7ffc0000 [ 431.290370][ T40] audit: type=1326 audit(2000000006.019:23946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22955 comm="syz.2.23615" exe="/syz-executor" sig=0 arch=40000003 syscall=322 compat=1 ip=0xf7f73579 code=0x7ffc0000 [ 431.299883][ T40] audit: type=1326 audit(2000000006.019:23947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22955 comm="syz.2.23615" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7ffc0000 [ 431.308069][ T40] audit: type=1326 audit(2000000006.019:23948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22955 comm="syz.2.23615" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7ffc0000 [ 431.315241][ T40] audit: type=1326 audit(2000000006.029:23949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22955 comm="syz.2.23615" exe="/syz-executor" sig=0 arch=40000003 syscall=325 compat=1 ip=0xf7f73579 code=0x7ffc0000 [ 431.322220][ T40] audit: type=1326 audit(2000000006.029:23950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22955 comm="syz.2.23615" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7ffc0000 [ 431.329496][ T40] audit: type=1326 audit(2000000006.029:23951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22955 comm="syz.2.23615" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7ffc0000 [ 431.481602][ T40] audit: type=1326 audit(2000000006.229:23952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22980 comm="syz.3.23628" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 431.488890][ T40] audit: type=1326 audit(2000000006.229:23953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22980 comm="syz.3.23628" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 432.026894][T23044] usb usb8: usbfs: process 23044 (syz.3.23658) did not claim interface 12 before use [ 432.207622][T23064] ALSA: mixer_oss: invalid OSS volume 'T' [ 433.000757][T23148] netlink: 4 bytes leftover after parsing attributes in process `syz.4.23708'. [ 433.005400][T23148] netlink: 4 bytes leftover after parsing attributes in process `syz.4.23708'. [ 433.260217][T23182] netlink: 8 bytes leftover after parsing attributes in process `syz.4.23724'. [ 433.284908][T23186] netlink: 28 bytes leftover after parsing attributes in process `syz.4.23726'. [ 433.423512][T23213] netlink: 28 bytes leftover after parsing attributes in process `syz.3.23739'. [ 434.580433][T23284] netlink: 4 bytes leftover after parsing attributes in process `syz.3.23770'. [ 434.679352][T23297] ipt_rpfilter: only valid in 'raw' or 'mangle' table, not '' [ 434.739083][T23307] netlink: 4 bytes leftover after parsing attributes in process `syz.2.23780'. [ 435.006860][T23333] netlink: 8 bytes leftover after parsing attributes in process `syz.3.23793'. [ 435.009455][T23333] openvswitch: netlink: nsh attribute has 5276 unknown bytes. [ 435.011661][T23333] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 435.175333][T23347] tipc: Enabled bearer , priority 10 [ 435.329902][T23366] netlink: 8 bytes leftover after parsing attributes in process `syz.0.23809'. [ 435.358120][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 435.361576][T23370] tipc: Enabled bearer , priority 10 [ 435.496038][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 435.624214][T23397] netlink: 8 bytes leftover after parsing attributes in process `syz.0.23824'. [ 435.627525][T23397] openvswitch: netlink: nsh attribute has 5276 unknown bytes. [ 435.629852][T23397] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 435.765911][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 435.832867][ C3] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 436.225215][T23486] trusted_key: encrypted_key: key user:syz not found [ 436.285849][ T8090] tipc: Node number set to 4278190081 [ 436.298571][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 436.300113][T23503] program syz.2.23878 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 436.333773][T23509] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 436.856139][ C2] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 437.308577][T23580] trusted_key: encrypted_key: key user:syz not found [ 437.346003][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 437.907990][ C2] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 438.321081][T23648] __nla_validate_parse: 3 callbacks suppressed [ 438.321097][T23648] netlink: 4 bytes leftover after parsing attributes in process `syz.0.23945'. [ 438.376049][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 438.614919][T23668] netlink: 4 bytes leftover after parsing attributes in process `syz.3.23955'. [ 438.619033][T23668] netlink: 104 bytes leftover after parsing attributes in process `syz.3.23955'. [ 438.623033][T23668] netlink: 104 bytes leftover after parsing attributes in process `syz.3.23955'. [ 438.739653][T23686] netlink: 8 bytes leftover after parsing attributes in process `syz.3.23963'. [ 438.742488][T23686] netlink: 12 bytes leftover after parsing attributes in process `syz.3.23963'. [ 438.745331][T23686] netlink: 'syz.3.23963': attribute type 5 has an invalid length. [ 438.821620][T23701] netlink: 8 bytes leftover after parsing attributes in process `syz.0.23970'. [ 438.936496][ C3] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 439.042002][T23726] netlink: 4 bytes leftover after parsing attributes in process `syz.3.23983'. [ 439.303220][T23777] netlink: 56 bytes leftover after parsing attributes in process `syz.4.24007'. [ 439.367425][T23792] netlink: 24 bytes leftover after parsing attributes in process `syz.4.24014'. [ 439.374695][T23792] vxcan3: entered promiscuous mode [ 439.426758][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 439.431075][T23805] netlink: 'syz.2.24020': attribute type 1 has an invalid length. [ 439.433512][T23805] netlink: 'syz.2.24020': attribute type 1 has an invalid length. [ 439.737245][T23852] tipc: Enabling of bearer rejected, media not registered [ 439.976064][ C1] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 439.980094][T23908] x_tables: ip6_tables: esp match: only valid for protocol 50 [ 440.024980][T23914] vxcan3: entered promiscuous mode [ 440.054657][T23919] tipc: Enabling of bearer rejected, media not registered [ 440.277567][T23956] x_tables: ip6_tables: esp match: only valid for protocol 50 [ 440.456010][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 440.815074][ T1022] kernel write not supported for file /sg0 (pid: 1022 comm: kworker/3:3) [ 441.016080][ C2] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 441.052950][ T1022] kernel write not supported for file /sg0 (pid: 1022 comm: kworker/3:3) [ 441.110471][T24074] netlink: 'syz.3.24154': attribute type 3 has an invalid length. [ 441.333567][T24123] new mount options do not match the existing superblock, will be ignored [ 441.334735][T24123] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 441.496085][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 441.701671][T24176] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 442.005549][T24229] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 442.056751][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 442.469317][T24322] ALSA: seq fatal error: cannot create timer (-22) [ 442.535983][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 442.662075][T24353] openvswitch: netlink: Message has 4 unknown bytes. [ 442.688845][T24360] sch_tbf: burst 0 is lower than device lo mtu (16) ! [ 443.095993][ C2] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 443.290513][T24389] netlink: 'syz.2.24305': attribute type 2 has an invalid length. [ 443.373309][T24396] __nla_validate_parse: 6 callbacks suppressed [ 443.373319][T24396] netlink: 40 bytes leftover after parsing attributes in process `syz.2.24308'. [ 443.577390][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 443.948828][T24423] netlink: 248 bytes leftover after parsing attributes in process `syz.2.24322'. [ 443.951768][T24423] netlink: 24 bytes leftover after parsing attributes in process `syz.2.24322'. [ 444.146568][ C3] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 444.234904][T24459] mkiss: ax0: crc mode is auto. [ 444.627005][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 445.177965][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 445.655933][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 446.216628][ C1] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 446.690589][ T40] kauditd_printk_skb: 7 callbacks suppressed [ 446.690600][ T40] audit: type=1326 audit(2000000021.439:23961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24572 comm="syz.2.24394" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7fc00000 [ 446.693105][T24587] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.24399'. [ 446.699634][ T40] audit: type=1326 audit(2000000021.439:23962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24572 comm="syz.2.24394" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f73579 code=0x7fc00000 [ 446.709345][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 446.712772][ T40] audit: type=1326 audit(2000000021.439:23963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24572 comm="syz.2.24394" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7fc00000 [ 446.720346][ T40] audit: type=1326 audit(2000000021.439:23964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24572 comm="syz.2.24394" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7fc00000 [ 446.727501][ T40] audit: type=1326 audit(2000000021.439:23965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24572 comm="syz.2.24394" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7fc00000 [ 446.729501][T24591] Invalid logical block size (64) [ 446.734091][ T40] audit: type=1326 audit(2000000021.439:23966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24572 comm="syz.2.24394" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7fc00000 [ 446.734115][ T40] audit: type=1326 audit(2000000021.439:23967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24572 comm="syz.2.24394" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7fc00000 [ 446.734136][ T40] audit: type=1326 audit(2000000021.439:23968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24572 comm="syz.2.24394" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7fc00000 [ 446.734156][ T40] audit: type=1326 audit(2000000021.439:23969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24572 comm="syz.2.24394" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7fc00000 [ 446.734177][ T40] audit: type=1326 audit(2000000021.439:23970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24572 comm="syz.2.24394" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7fc00000 [ 446.796431][T24602] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 446.819965][T24607] netlink: 'syz.2.24408': attribute type 1 has an invalid length. [ 446.852616][T24611] tipc: MTU too low for tipc bearer [ 447.209151][T24672] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.24439'. [ 447.267983][ C2] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 447.458261][T24712] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 447.492401][T24722] netlink: 76 bytes leftover after parsing attributes in process `syz.2.24464'. [ 447.555805][T24737] netlink: 4 bytes leftover after parsing attributes in process `syz.3.24472'. [ 447.562844][T24737] macvtap0: entered promiscuous mode [ 447.565177][T24737] mac80211_hwsim hwsim25 wlan1: entered promiscuous mode [ 447.570706][T24737] mac80211_hwsim hwsim25 wlan1: left promiscuous mode [ 447.747027][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 448.138326][T24804] netlink: 8 bytes leftover after parsing attributes in process `syz.0.24509'. [ 448.141215][T24804] netlink: 4 bytes leftover after parsing attributes in process `syz.0.24509'. [ 448.144056][T24804] netlink: 'syz.0.24509': attribute type 12 has an invalid length. [ 448.296679][ C2] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 448.360461][T24828] rtc_cmos 00:05: Alarms can be up to one day in the future [ 448.405920][T24836] netlink: 4 bytes leftover after parsing attributes in process `syz.4.24519'. [ 448.431092][T24840] netlink: 8 bytes leftover after parsing attributes in process `syz.4.24521'. [ 448.475826][ T1022] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 448.479214][T24849] netlink: 4 bytes leftover after parsing attributes in process `syz.4.24525'. [ 448.625793][ T1022] usb 5-1: Using ep0 maxpacket: 16 [ 448.631243][ T1022] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87 [ 448.634872][ T1022] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 448.644442][ T1022] usb 5-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89 [ 448.651176][ T1022] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 448.653751][ T1022] usb 5-1: Product: syz [ 448.655320][ T1022] usb 5-1: Manufacturer: syz [ 448.660875][ T1022] usb 5-1: SerialNumber: syz [ 448.670511][ T1022] usb 5-1: config 0 descriptor?? [ 448.730622][T24893] netlink: 4 bytes leftover after parsing attributes in process `syz.2.24545'. [ 448.755693][T24900] block nbd2: NBD_DISCONNECT [ 448.776721][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 448.880722][ T1022] appledisplay 5-1:0.0: Error while getting initial brightness: -71 [ 448.884061][ T1022] appledisplay 5-1:0.0: probe with driver appledisplay failed with error -71 [ 448.889293][ T1022] usb 5-1: USB disconnect, device number 27 [ 449.085034][T24944] netlink: 260 bytes leftover after parsing attributes in process `syz.3.24571'. [ 449.089762][T24944] netlink: 260 bytes leftover after parsing attributes in process `syz.3.24571'. [ 449.336384][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 449.504887][T24988] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 449.507193][T24988] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 449.513426][T24988] vhci_hcd vhci_hcd.0: Device attached [ 449.516923][T24989] vhci_hcd: connection closed [ 449.517154][ T183] vhci_hcd: stop threads [ 449.518191][T24992] netlink: 260 bytes leftover after parsing attributes in process `syz.0.24592'. [ 449.518669][ T183] vhci_hcd: release socket [ 449.520029][T24992] netlink: 260 bytes leftover after parsing attributes in process `syz.0.24592'. [ 449.523189][ T183] vhci_hcd: disconnect device [ 449.816241][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 450.376021][ C2] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 450.659716][T25103] netlink: 24 bytes leftover after parsing attributes in process `syz.2.24647'. [ 450.863192][T25130] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 450.865273][T25130] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 450.865970][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 450.869130][T25130] vhci_hcd vhci_hcd.0: Device attached [ 450.877912][T25131] vhci_hcd: connection closed [ 450.878472][ T12] vhci_hcd: stop threads [ 450.881328][ T12] vhci_hcd: release socket [ 450.883122][ T12] vhci_hcd: disconnect device [ 450.897809][T25136] usb usb8: usbfs: process 25136 (syz.0.24661) did not claim interface 0 before use [ 450.964392][T25142] netlink: 48 bytes leftover after parsing attributes in process `syz.0.24664'. [ 451.417174][ C1] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 451.684826][T25234] sp0: Synchronizing with TNC [ 451.690952][T25232] [U] [ 451.897739][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 452.177261][T25342] netlink: 'syz.2.24757': attribute type 1 has an invalid length. [ 452.179829][T25342] netlink: 'syz.2.24757': attribute type 1 has an invalid length. [ 452.182206][T25342] netlink: 'syz.2.24757': attribute type 2 has an invalid length. [ 452.469833][ C1] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 452.559331][T25395] tmpfs: Cannot disable swap on remount [ 452.640056][T25405] netlink: 'syz.2.24788': attribute type 1 has an invalid length. [ 452.642516][T25405] nbd: error processing sock list [ 452.689632][T25410] netlink: 'syz.4.24790': attribute type 4 has an invalid length. [ 452.862065][T25432] openvswitch: netlink: Missing key (keys=40, expected=100) [ 452.935966][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 453.496187][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 453.976141][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 454.327479][T25529] __nla_validate_parse: 9 callbacks suppressed [ 454.327489][T25529] netlink: 8 bytes leftover after parsing attributes in process `syz.4.24848'. [ 454.328178][T25528] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 454.328178][T25528] program syz.2.24847 not setting count and/or reply_len properly [ 454.536553][ C3] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 454.560930][T25557] netlink: 4 bytes leftover after parsing attributes in process `syz.2.24862'. [ 454.894378][T25563] netlink: 4 bytes leftover after parsing attributes in process `syz.0.24865'. [ 454.898036][T25563] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 454.901190][T25563] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 455.016056][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 455.172263][ T40] kauditd_printk_skb: 59 callbacks suppressed [ 455.172273][ T40] audit: type=1326 audit(2000000029.919:24030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25574 comm="syz.0.24871" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf704e579 code=0x0 [ 455.556636][T25604] geneve1: entered promiscuous mode [ 455.580363][ C2] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 456.066389][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 456.143759][T25680] Invalid logical block size (64) [ 456.219958][T25688] tipc: MTU too low for tipc bearer [ 456.310414][T25703] netlink: 'syz.0.24932': attribute type 1 has an invalid length. [ 456.337829][ T40] audit: type=1400 audit(2000000031.089:24031): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F [ 456.347839][T25707] loop2: detected capacity change from 0 to 7 [ 456.375015][ C1] vkms_vblank_simulate: vblank timer overrun [ 456.382297][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 456.385275][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 456.388432][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 456.391535][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 456.394050][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 456.396910][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 456.399416][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 456.402226][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 456.404809][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 456.407694][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 456.410340][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 456.413208][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 456.415932][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 456.418885][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 456.421426][T25707] ldm_validate_partition_table(): Disk read failed. [ 456.423693][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 456.426566][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 456.429284][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 456.432239][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 456.434810][ C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 456.437665][ C3] Buffer I/O error on dev loop2, logical block 0, async page read [ 456.440243][T25707] Dev loop2: unable to read RDB block 0 [ 456.442694][T25707] loop2: unable to read partition table [ 456.444624][T25707] loop2: partition table beyond EOD, truncated [ 456.446724][T25707] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 456.616439][ C2] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 457.106674][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 457.393094][T25788] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 457.436613][T25796] rtc_cmos 00:05: Alarms can be up to one day in the future [ 457.448619][T25794] rtc_cmos 00:05: Alarms can be up to one day in the future [ 457.452165][ T5941] rtc_cmos 00:05: Alarms can be up to one day in the future [ 457.455163][ T5941] rtc_cmos 00:05: Alarms can be up to one day in the future [ 457.459440][ T5941] rtc_cmos 00:05: Alarms can be up to one day in the future [ 457.462403][ T5941] rtc_cmos 00:05: Alarms can be up to one day in the future [ 457.464696][ T5941] rtc rtc0: __rtc_set_alarm: err=-22 [ 457.550430][T25804] random: crng reseeded on system resumption [ 457.656636][ C3] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 457.717979][T25834] netlink: 16 bytes leftover after parsing attributes in process `syz.2.24993'. [ 458.031565][T25893] rtc_cmos 00:05: Alarms can be up to one day in the future [ 458.146103][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 458.527631][T25938] netlink: 4 bytes leftover after parsing attributes in process `syz.0.25042'. [ 458.706019][ C2] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 458.825842][ T57] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 458.954582][T25950] netlink: 36 bytes leftover after parsing attributes in process `syz.2.25048'. [ 458.980658][T25952] tipc: New replicast peer: 255.255.255.83 [ 458.982678][T25952] tipc: Enabled bearer , priority 10 [ 458.986845][ T57] usb 5-1: Using ep0 maxpacket: 8 [ 458.990982][ T57] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 458.993769][ T57] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 458.997305][ T57] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 459.002710][ T57] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 459.006531][ T57] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 459.010789][ T57] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 459.013080][ T57] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 459.017470][ T57] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 459.021078][ T57] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 459.024454][ T57] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 459.028667][ T57] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 459.030959][ T57] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 459.034367][ T57] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 459.038572][ T57] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 459.042066][ T57] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 459.047650][ T57] usb 5-1: string descriptor 0 read error: -22 [ 459.049686][ T57] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 459.052468][ T57] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 459.058605][ T57] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 459.187933][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 459.264094][ T6087] usb 5-1: USB disconnect, device number 28 [ 459.295430][T25993] netlink: 'syz.2.25068': attribute type 2 has an invalid length. [ 459.298649][T25993] netlink: 'syz.2.25068': attribute type 2 has an invalid length. [ 459.365120][T26001] bpq0: entered allmulticast mode [ 459.453397][T26016] xt_cgroup: path and classid specified [ 459.738263][ C2] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 459.789570][T26056] netlink: 48 bytes leftover after parsing attributes in process `syz.0.25098'. [ 460.216019][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 460.245955][ T6087] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 460.395939][ T6087] usb 5-1: Using ep0 maxpacket: 8 [ 460.398932][ T6087] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 460.402454][ T6087] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 460.405570][ T6087] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 460.408680][ T6087] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 460.412754][ T6087] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 460.415554][ T6087] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 460.621710][ T6087] usb 5-1: GET_CAPABILITIES returned 0 [ 460.623466][ T6087] usbtmc 5-1:16.0: can't read capabilities [ 460.776890][ C1] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 460.824108][ T837] usb 5-1: USB disconnect, device number 29 [ 460.985933][ T9026] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 461.050818][ T40] audit: type=1326 audit(2000000035.799:24032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26091 comm="syz.4.25112" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 461.057802][ T40] audit: type=1326 audit(2000000035.799:24033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26091 comm="syz.4.25112" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 461.064488][ T40] audit: type=1326 audit(2000000035.799:24034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26091 comm="syz.4.25112" exe="/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 461.071121][ T40] audit: type=1326 audit(2000000035.799:24035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26091 comm="syz.4.25112" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 461.077825][ T40] audit: type=1326 audit(2000000035.799:24036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26091 comm="syz.4.25112" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 461.084483][ T40] audit: type=1326 audit(2000000035.799:24037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26091 comm="syz.4.25112" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 461.091199][ T40] audit: type=1326 audit(2000000035.799:24038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26091 comm="syz.4.25112" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 461.097803][ T40] audit: type=1326 audit(2000000035.799:24039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26091 comm="syz.4.25112" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 461.104421][ T40] audit: type=1326 audit(2000000035.799:24040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26091 comm="syz.4.25112" exe="/syz-executor" sig=0 arch=40000003 syscall=320 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 461.111055][ T40] audit: type=1326 audit(2000000035.799:24041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26091 comm="syz.4.25112" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 461.155837][ T9026] usb 7-1: Using ep0 maxpacket: 8 [ 461.159164][ T9026] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 461.161493][ T9026] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 461.164903][ T9026] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 461.168630][ T9026] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 461.172087][ T9026] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 461.176245][ T9026] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 461.178626][ T9026] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 461.182036][ T9026] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 461.185584][ T9026] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 461.189080][ T9026] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 461.193212][ T9026] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 461.195507][ T9026] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 461.199364][ T9026] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 461.203274][ T9026] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 461.206700][ T9026] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 461.212250][ T9026] usb 7-1: string descriptor 0 read error: -22 [ 461.214220][ T9026] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 461.217102][ T9026] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 461.222506][ T9026] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 461.256096][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 461.348425][T26106] netlink: 8 bytes leftover after parsing attributes in process `syz.0.25120'. [ 461.429198][ T9026] usb 7-1: USB disconnect, device number 23 [ 461.816910][ C1] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 462.107597][ T57] kernel read not supported for file /dsp (pid: 57 comm: kworker/3:1) [ 462.170247][T26187] input: syz0 as /devices/virtual/input/input71 [ 462.296076][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 462.678810][T26247] netlink: 24 bytes leftover after parsing attributes in process `syz.3.25187'. [ 462.857558][ C1] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 463.336276][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 463.872324][T26307] netlink: 72 bytes leftover after parsing attributes in process `syz.3.25217'. [ 463.910829][ C3] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 464.175773][T26356] sp0: Synchronizing with TNC [ 464.181044][T26355] [U] [ 464.275424][ T67] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 464.283235][ T67] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 464.286463][ T67] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 464.292173][ T67] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 464.295164][ T67] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 464.347886][T26389] netlink: 4 bytes leftover after parsing attributes in process `syz.3.25256'. [ 464.381928][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 464.401397][T26371] chnl_net:caif_netlink_parms(): no params data found [ 464.483307][T26371] bridge0: port 1(bridge_slave_0) entered blocking state [ 464.486975][T26371] bridge0: port 1(bridge_slave_0) entered disabled state [ 464.489270][T26371] bridge_slave_0: entered allmulticast mode [ 464.491834][T26371] bridge_slave_0: entered promiscuous mode [ 464.494845][T26371] bridge0: port 2(bridge_slave_1) entered blocking state [ 464.505714][T26371] bridge0: port 2(bridge_slave_1) entered disabled state [ 464.508851][T26371] bridge_slave_1: entered allmulticast mode [ 464.511416][T26371] bridge_slave_1: entered promiscuous mode [ 464.543719][T26371] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 464.550859][T26371] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 464.605014][T26371] team0: Port device team_slave_0 added [ 464.608514][T26371] team0: Port device team_slave_1 added [ 464.643440][T26371] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 464.645647][T26371] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 464.654727][T26371] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 464.659828][T26371] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 464.662334][T26371] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 464.670992][T26371] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 464.714028][T26371] hsr_slave_0: entered promiscuous mode [ 464.716935][T26371] hsr_slave_1: entered promiscuous mode [ 464.719347][T26371] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 464.721695][T26371] Cannot create hsr debugfs directory [ 464.778753][T26455] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 464.780918][T26455] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 464.825591][T26371] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.874464][T26473] netlink: 8 bytes leftover after parsing attributes in process `syz.3.25294'. [ 464.911719][T26371] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.946082][ C2] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 464.959088][T26491] random: crng reseeded on system resumption [ 464.979075][T26371] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.097854][T26371] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.255580][T26371] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 465.263292][T26371] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 465.273952][T26371] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 465.284498][T26371] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 465.291713][T26529] random: crng reseeded on system resumption [ 465.350050][T26371] 8021q: adding VLAN 0 to HW filter on device bond0 [ 465.361293][T26371] 8021q: adding VLAN 0 to HW filter on device team0 [ 465.366158][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state [ 465.368383][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 465.374333][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 465.376608][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 465.411011][T26371] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 465.416624][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 465.515472][T26371] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 465.539578][T26371] veth0_vlan: entered promiscuous mode [ 465.544045][T26561] openvswitch: netlink: Missing key (keys=40, expected=100) [ 465.545300][T26371] veth1_vlan: entered promiscuous mode [ 465.563014][T26371] veth0_macvtap: entered promiscuous mode [ 465.568298][T26371] veth1_macvtap: entered promiscuous mode [ 465.575409][T26371] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 465.578874][T26371] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 465.582590][T26371] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 465.588882][T26371] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 465.592083][T26371] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 465.595705][T26371] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 465.601706][T26371] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.604409][T26371] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.609817][T26371] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.612533][T26371] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.629991][T26571] netlink: 'syz.2.25335': attribute type 4 has an invalid length. [ 465.632504][T26571] netlink: 17 bytes leftover after parsing attributes in process `syz.2.25335'. [ 465.645551][T26371] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: wlan0 [ 465.648962][T26371] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 465.659890][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 465.662387][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 465.682153][ T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 465.684857][ T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 465.753047][T26591] Bluetooth: MGMT ver 1.23 [ 465.799923][T26605] netlink: 8 bytes leftover after parsing attributes in process `syz.0.25351'. [ 465.802834][T26605] netlink: 12 bytes leftover after parsing attributes in process `syz.0.25351'. [ 465.904547][T26619] tmpfs: Cannot disable swap on remount [ 465.955344][T26627] netlink: 8 bytes leftover after parsing attributes in process `syz.3.25362'. [ 465.978653][ C2] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 465.995111][T26635] netlink: 'syz.0.25365': attribute type 1 has an invalid length. [ 465.997787][T26635] nbd: error processing sock list [ 466.155211][T26659] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 466.155211][T26659] program syz.4.25383 not setting count and/or reply_len properly [ 466.252471][T26669] netlink: 4 bytes leftover after parsing attributes in process `syz.3.25381'. [ 466.255305][T26669] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 466.258020][T26669] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 466.303078][T26675] netlink: 4 bytes leftover after parsing attributes in process `syz.0.25384'. [ 466.376493][ T6056] Bluetooth: hci0: command tx timeout [ 466.456583][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 467.016613][ C1] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 467.039957][T26751] sp0: Synchronizing with TNC [ 467.067326][T26750] [U] [ 467.168412][T26761] rtc_cmos 00:05: Alarms can be up to one day in the future [ 467.496106][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 467.816105][ T67] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 468.056026][ C3] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 468.236181][ T1022] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 468.385809][ T1022] usb 7-1: Using ep0 maxpacket: 16 [ 468.388954][ T1022] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87 [ 468.392480][ T1022] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 468.397604][ T1022] usb 7-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89 [ 468.400408][ T1022] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 468.402807][ T1022] usb 7-1: Product: syz [ 468.404112][ T1022] usb 7-1: Manufacturer: syz [ 468.405542][ T1022] usb 7-1: SerialNumber: syz [ 468.408581][ T1022] usb 7-1: config 0 descriptor?? [ 468.455826][ T6056] Bluetooth: hci0: command 0x041b tx timeout [ 468.458832][ T67] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 468.536102][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 468.619082][ T1022] appledisplay 7-1:0.0: Error while getting initial brightness: -71 [ 468.622285][ T1022] appledisplay 7-1:0.0: probe with driver appledisplay failed with error -71 [ 468.627026][ T1022] usb 7-1: USB disconnect, device number 24 [ 468.930553][T26853] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 468.930553][T26853] program syz.0.25469 not setting count and/or reply_len properly [ 469.096318][ C1] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 469.174487][T26884] netlink: 4 bytes leftover after parsing attributes in process `syz.4.25493'. [ 469.181006][T26884] mac80211_hwsim hwsim30 wlan1: entered promiscuous mode [ 469.187696][T26884] macvtap1: entered promiscuous mode [ 469.191743][T26884] mac80211_hwsim hwsim30 wlan1: left promiscuous mode [ 469.562289][T26915] netlink: 8 bytes leftover after parsing attributes in process `syz.3.25501'. [ 469.568413][T26915] netlink: 8 bytes leftover after parsing attributes in process `syz.3.25501'. [ 469.586096][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 470.136512][ C2] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 470.342638][T26930] netlink: 16 bytes leftover after parsing attributes in process `syz.0.25508'. [ 470.346534][T26933] tipc: New replicast peer: 255.255.255.83 [ 470.348557][T26933] tipc: Enabled bearer , priority 10 [ 470.371042][T26937] netlink: 4 bytes leftover after parsing attributes in process `syz.0.25513'. [ 470.378791][T26937] mac80211_hwsim hwsim36 wlan1: entered promiscuous mode [ 470.381092][T26937] macvtap1: entered promiscuous mode [ 470.388938][T26937] mac80211_hwsim hwsim36 wlan1: left promiscuous mode [ 470.547037][ T67] Bluetooth: hci0: command 0x041b tx timeout [ 470.580676][T26978] loop2: detected capacity change from 0 to 7 [ 470.583933][ C3] blk_print_req_error: 5 callbacks suppressed [ 470.583942][ C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 470.588708][ C3] buffer_io_error: 5 callbacks suppressed [ 470.588715][ C3] Buffer I/O error on dev loop2, logical block 0, async page read [ 470.593063][ C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 470.595899][ C3] Buffer I/O error on dev loop2, logical block 0, async page read [ 470.598461][ C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 470.601226][ C3] Buffer I/O error on dev loop2, logical block 0, async page read [ 470.603730][ C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 470.606573][ C3] Buffer I/O error on dev loop2, logical block 0, async page read [ 470.609062][ C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 470.611884][ C3] Buffer I/O error on dev loop2, logical block 0, async page read [ 470.614638][ C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 470.616525][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 470.617448][ C3] Buffer I/O error on dev loop2, logical block 0, async page read [ 470.623500][ C2] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 470.626450][ C2] Buffer I/O error on dev loop2, logical block 0, async page read [ 470.629102][ T6054] ldm_validate_partition_table(): Disk read failed. [ 470.631321][ C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 470.634150][ C3] Buffer I/O error on dev loop2, logical block 0, async page read [ 470.636951][ C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 470.639782][ C3] Buffer I/O error on dev loop2, logical block 0, async page read [ 470.642327][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 470.645154][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 470.647907][ T6054] Dev loop2: unable to read RDB block 0 [ 470.650068][ T6054] loop2: unable to read partition table [ 470.651941][ T6054] loop2: partition table beyond EOD, truncated [ 470.654961][T26978] ldm_validate_partition_table(): Disk read failed. [ 470.657478][T26978] Dev loop2: unable to read RDB block 0 [ 470.659518][T26978] loop2: unable to read partition table [ 470.661347][T26978] loop2: partition table beyond EOD, truncated [ 470.665787][T26978] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 470.683671][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 470.683682][ T40] audit: type=1326 audit(2000000045.429:24043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26981 comm="syz.4.25532" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fe8579 code=0x0 [ 470.736236][T26993] netlink: 4 bytes leftover after parsing attributes in process `syz.2.25533'. [ 470.742276][T26993] macvtap0: entered promiscuous mode [ 470.744133][T26993] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode [ 470.748116][T26993] mac80211_hwsim hwsim5 wlan1: left promiscuous mode [ 470.832094][T27004] geneve1: entered promiscuous mode [ 470.951059][T27016] 8021q: adding VLAN 0 to HW filter on device  [ 470.954271][T27016] 8021q: adding VLAN 0 to HW filter on device team0 [ 470.959055][T27016] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 471.176370][ C3] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 471.504538][T27023] random: crng reseeded on system resumption [ 471.656785][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 472.217104][ C1] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 472.616175][ T67] Bluetooth: hci0: command 0x041b tx timeout [ 472.696820][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 473.257099][ C3] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 473.531513][T27114] netlink: 8 bytes leftover after parsing attributes in process `syz.4.25590'. [ 473.701775][ T40] audit: type=1326 audit(2000000048.449:24044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27129 comm="syz.3.25597" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 473.711225][ T40] audit: type=1326 audit(2000000048.449:24045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27129 comm="syz.3.25597" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 473.729532][ T40] audit: type=1326 audit(2000000048.459:24046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27129 comm="syz.3.25597" exe="/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 473.736486][ T40] audit: type=1326 audit(2000000048.459:24047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27129 comm="syz.3.25597" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 473.740398][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 473.743115][ T40] audit: type=1326 audit(2000000048.459:24048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27129 comm="syz.3.25597" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 473.754460][ T40] audit: type=1326 audit(2000000048.459:24049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27129 comm="syz.3.25597" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 473.761195][ T40] audit: type=1326 audit(2000000048.459:24050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27129 comm="syz.3.25597" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 473.767960][ T40] audit: type=1326 audit(2000000048.459:24051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27129 comm="syz.3.25597" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 473.774640][ T40] audit: type=1326 audit(2000000048.459:24052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27129 comm="syz.3.25597" exe="/syz-executor" sig=0 arch=40000003 syscall=320 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 474.269738][ T837] kernel read not supported for file /dsp (pid: 837 comm: kworker/0:2) [ 474.296991][ C1] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 474.416496][T27202] input: syz0 as /devices/virtual/input/input72 [ 474.580835][ T64] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 474.584365][ T64] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.587793][ T64] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 474.688964][ T64] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 474.692127][ T64] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.695251][ T64] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 474.698626][ T67] Bluetooth: hci0: command 0x041b tx timeout [ 474.749958][ T6056] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 474.754267][ T6056] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 474.758084][ T6056] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 474.760876][ T6056] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 474.763482][ T6056] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 474.773006][ T64] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 474.780019][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 474.782532][ T64] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.785637][ T64] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 474.812519][T27251] netlink: 'syz.2.25661': attribute type 2 has an invalid length. [ 474.814950][T27251] netlink: 92 bytes leftover after parsing attributes in process `syz.2.25661'. [ 474.870286][T27244] chnl_net:caif_netlink_parms(): no params data found [ 474.939244][ T64] netdevsim netdevsim3  (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 474.942644][ T64] netdevsim netdevsim3  (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.945540][ T64] netdevsim netdevsim3  (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 474.950588][T27244] bridge0: port 1(bridge_slave_0) entered blocking state [ 474.952813][T27244] bridge0: port 1(bridge_slave_0) entered disabled state [ 474.955090][T27244] bridge_slave_0: entered allmulticast mode [ 474.958701][T27244] bridge_slave_0: entered promiscuous mode [ 474.961716][T27244] bridge0: port 2(bridge_slave_1) entered blocking state [ 474.964004][T27244] bridge0: port 2(bridge_slave_1) entered disabled state [ 474.966320][T27244] bridge_slave_1: entered allmulticast mode [ 474.968816][T27244] bridge_slave_1: entered promiscuous mode [ 474.997677][T27244] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 475.003509][T27244] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 475.041348][T27244] team0: Port device team_slave_0 added [ 475.046107][T27244] team0: Port device team_slave_1 added [ 475.097732][T27244] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 475.099947][T27244] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 475.108737][T27244] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 475.117617][T27244] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 475.119776][T27244] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 475.127626][T27244] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 475.347173][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 475.609606][ T64] team0: Port device bridge0 removed [ 475.765928][ T64]  (unregistering): Released all slaves [ 475.772978][ T64] bond1 (unregistering): Released all slaves [ 475.816089][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 475.853699][ T64] bond2 (unregistering): Released all slaves [ 475.930857][ T64] bond3 (unregistering): Released all slaves [ 475.936909][ T64] bond4 (unregistering): Released all slaves [ 475.942831][ T64] bond5 (unregistering): Released all slaves [ 475.948668][ T64] bond6 (unregistering): Released all slaves [ 475.954405][ T64] bond0 (unregistering): Released all slaves [ 475.960406][ T64] bond7 (unregistering): Released all slaves [ 475.966784][ T64] bond8 (unregistering): Released all slaves [ 476.027619][T27244] hsr_slave_0: entered promiscuous mode [ 476.031142][T27244] hsr_slave_1: entered promiscuous mode [ 476.034947][T27244] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 476.044022][T27244] Cannot create hsr debugfs directory [ 476.046646][ T64] : left promiscuous mode [ 476.149749][ T64] tipc: Disabling bearer [ 476.154919][ T64] tipc: Left network mode [ 476.213544][T27244] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 476.220680][T27244] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 476.225923][T27244] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 476.231725][T27244] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 476.281505][T27244] 8021q: adding VLAN 0 to HW filter on device bond0 [ 476.294749][T27244] 8021q: adding VLAN 0 to HW filter on device team0 [ 476.301391][ T1151] bridge0: port 1(bridge_slave_0) entered blocking state [ 476.304377][ T1151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 476.311220][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state [ 476.313549][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 476.387364][ C3] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 476.422203][T27244] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 476.525889][T27244] veth0_vlan: entered promiscuous mode [ 476.530624][T27244] veth1_vlan: entered promiscuous mode [ 476.560130][T27244] veth0_macvtap: entered promiscuous mode [ 476.563764][T27244] veth1_macvtap: entered promiscuous mode [ 476.571253][T27244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 476.574339][T27244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 476.578473][T27244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 476.581594][T27244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 476.585201][T27244] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 476.590570][T27244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 476.593626][T27244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 476.596593][T27244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 476.599674][T27244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 476.603606][T27244] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 476.608311][T27244] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 476.610919][T27244] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 476.613464][T27244] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 476.616367][T27244] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 476.630529][ T64] batman_adv: batadv0: Interface deactivated: wlan0 [ 476.645156][ T64] batman_adv: batadv0: Removing interface: wlan0 [ 476.682483][ T1256] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 476.684853][ T1256] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 476.699237][ T1256] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 476.701620][ T1256] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 476.720941][ T64] hsr_slave_0: left promiscuous mode [ 476.722976][ T64] hsr_slave_1: left promiscuous mode [ 476.751989][ T64] veth1_vlan: left promiscuous mode [ 476.753624][ T64] veth0_vlan: left promiscuous mode [ 476.775975][ T6056] Bluetooth: hci0: command 0x041b tx timeout [ 476.798827][ T64] pimreg3 (unregistering): left allmulticast mode [ 476.856003][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 476.859265][ T6056] Bluetooth: hci3: command tx timeout [ 477.426831][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 477.898816][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 478.301219][ T64] IPVS: stop unused estimator thread 0... [ 478.456202][ C1] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 478.526828][ T8090] usb 5-1: new full-speed USB device number 30 using dummy_hcd [ 478.677781][ T8090] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 478.680874][ T8090] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 478.683574][ T8090] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 478.688452][ T8090] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 478.692490][ T8090] usb 5-1: config 0 descriptor?? [ 478.695642][ T8090] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 478.698127][ T8090] dvb-usb: bulk message failed: -22 (3/0) [ 478.703777][ T8090] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 478.707026][ T8090] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 478.709214][ T8090] usb 5-1: media controller created [ 478.711863][ T8090] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 478.717320][ T8090] dvb-usb: bulk message failed: -22 (6/0) [ 478.719562][ T8090] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 478.723120][ T8090] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb5/5-1/input/input73 [ 478.731936][ T8090] dvb-usb: schedule remote query interval to 150 msecs. [ 478.734105][ T8090] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 478.898657][ T9026] usb 5-1: USB disconnect, device number 30 [ 478.911793][ T9026] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 478.936312][ T6056] Bluetooth: hci3: command tx timeout [ 478.946325][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 479.174700][T27371] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 479.180222][T27371] bridge0: port 1(veth0_to_bridge) entered disabled state [ 479.216004][T27374] veth1_to_batadv: entered promiscuous mode [ 479.218620][T27374] macsec0: entered promiscuous mode [ 479.432208][T27395] netlink: 12 bytes leftover after parsing attributes in process `syz.0.25710'. [ 479.506932][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 479.700432][T27430] ipvlan2: entered promiscuous mode [ 479.702989][T27430] bridge0: port 3(ipvlan2) entered blocking state [ 479.705023][T27430] bridge0: port 3(ipvlan2) entered disabled state [ 479.708163][T27430] ipvlan2: entered allmulticast mode [ 479.709840][T27430] bridge0: entered allmulticast mode [ 479.712465][T27430] ipvlan2: left allmulticast mode [ 479.714061][T27430] bridge0: left allmulticast mode [ 479.986902][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 480.546485][ C3] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 481.015858][ T6056] Bluetooth: hci3: command tx timeout [ 481.016261][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 481.267573][T27490] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 481.591976][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 482.056306][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 482.127423][T27555] sctp: [Deprecated]: syz.0.25790 (pid 27555) Use of struct sctp_assoc_value in delayed_ack socket option. [ 482.127423][T27555] Use struct sctp_sack_info instead [ 482.609615][T27625] netlink: 4 bytes leftover after parsing attributes in process `syz.0.25816'. [ 482.616135][ C2] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 482.767812][T27636] netdevsim netdevsim5 netdevsim0: entered promiscuous mode [ 482.853272][ T838] kernel write not supported for file /sg0 (pid: 838 comm: kworker/2:2) [ 482.973950][ T837] kernel write not supported for file [eventfd] (pid: 837 comm: kworker/0:2) [ 483.009447][T27670] vivid-000: disconnect [ 483.017869][T27669] vivid-000: reconnect [ 483.055501][T27678] netlink: 4 bytes leftover after parsing attributes in process `syz.2.25842'. [ 483.060188][T27674] bridge0: port 2(bridge_slave_1) entered disabled state [ 483.062674][T27674] bridge0: port 1(bridge_slave_0) entered disabled state [ 483.095804][ T6056] Bluetooth: hci3: command tx timeout [ 483.096185][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 483.112058][T27674] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 483.118953][T27674] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 483.172189][T27674] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 483.175035][T27674] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 483.177901][T27674] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 483.180651][T27674] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 483.206017][T27678] tipc: Resetting bearer [ 483.268382][T27678] tipc: Disabling bearer [ 483.619588][T27721] netlink: 4 bytes leftover after parsing attributes in process `syz.0.25861'. [ 483.622683][T27721] netlink: 4 bytes leftover after parsing attributes in process `syz.0.25861'. [ 483.657890][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 483.736851][T27735] input: syz0 as /devices/virtual/input/input74 [ 483.799907][ T1022] kernel write not supported for file /sequencer (pid: 1022 comm: kworker/3:3) [ 484.123758][T27771] usb usb8: usbfs: process 27771 (syz.0.25884) did not claim interface 0 before use [ 484.147740][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 484.150181][T27773] netlink: 72 bytes leftover after parsing attributes in process `syz.0.25885'. [ 484.579486][T27820] bridge: RTM_NEWNEIGH with invalid state 0x0 [ 484.598736][T27822] blkio.reset_stats is deprecated [ 484.629082][T27831] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 484.631529][T27831] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 484.634800][T27831] vhci_hcd vhci_hcd.0: Device attached [ 484.687300][T27839] netlink: 16 bytes leftover after parsing attributes in process `syz.4.25915'. [ 484.706430][ C3] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 484.865834][ T57] usb 37-1: new low-speed USB device number 4 using vhci_hcd [ 484.877737][ T1022] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 484.969630][T27853] netlink: 52 bytes leftover after parsing attributes in process `syz.5.25920'. [ 485.034740][T27859] netem: invalid attributes len -3 [ 485.037149][T27859] netem: change failed [ 485.037292][ T1022] usb 5-1: config 0 has no interfaces? [ 485.040241][ T1022] usb 5-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=a0.b5 [ 485.043021][ T1022] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 485.046558][ T1022] usb 5-1: config 0 descriptor?? [ 485.177008][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 485.249924][T27832] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 3 [ 485.253248][ T1022] usb 5-1: USB disconnect, device number 31 [ 485.256037][ T1140] vhci_hcd: stop threads [ 485.257385][ T1140] vhci_hcd: release socket [ 485.258806][ T1140] vhci_hcd: disconnect device [ 485.528822][T27883] random: crng reseeded on system resumption [ 485.670541][T27903] netlink: 'syz.4.25945': attribute type 2 has an invalid length. [ 485.710067][ T1022] hid-generic 0005:15C2:0009.000A: unknown main item tag 0x0 [ 485.720070][ T1022] hid-generic 0005:15C2:0009.000A: hidraw0: BLUETOOTH HID v0.09 Device [syz1] on aa:aa:aa:aa:aa:aa [ 485.745110][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 485.745120][ T40] audit: type=1326 audit(2000000060.489:24055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27909 comm="syz.4.25948" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 485.746066][ C2] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 485.747042][ T40] audit: type=1326 audit(2000000060.489:24056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27909 comm="syz.4.25948" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7fe85a7 code=0x7ffc0000 [ 485.766351][ T40] audit: type=1326 audit(2000000060.489:24057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27909 comm="syz.4.25948" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 485.773094][ T40] audit: type=1326 audit(2000000060.489:24058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27909 comm="syz.4.25948" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7fe85a7 code=0x7ffc0000 [ 485.780431][ T40] audit: type=1326 audit(2000000060.489:24059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27909 comm="syz.4.25948" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 485.791291][ T40] audit: type=1326 audit(2000000060.489:24060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27909 comm="syz.4.25948" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7fe85a7 code=0x7ffc0000 [ 485.799782][ T40] audit: type=1326 audit(2000000060.489:24061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27909 comm="syz.4.25948" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 485.806700][ T40] audit: type=1326 audit(2000000060.489:24062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27909 comm="syz.4.25948" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 485.812997][ T40] audit: type=1326 audit(2000000060.489:24063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27909 comm="syz.4.25948" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 485.819826][ T40] audit: type=1326 audit(2000000060.489:24064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27909 comm="syz.4.25948" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7fe85a7 code=0x7ffc0000 [ 486.103938][T27938] kvm_intel: kvm [27936]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x5 [ 486.226168][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 486.253877][T27955] kvm: user requested TSC rate below hardware speed [ 486.777971][ C3] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 487.010958][T27949] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 487.040846][T27973] netlink: 4 bytes leftover after parsing attributes in process `syz.5.25973'. [ 487.210218][T28001] loop4: detected capacity change from 0 to 524255232 [ 487.256136][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 487.369739][T28027] netlink: 8 bytes leftover after parsing attributes in process `syz.2.26001'. [ 487.419458][T28033] team0: Device gtp0 is of different type [ 487.641228][T28048] netlink: 44 bytes leftover after parsing attributes in process `syz.5.26011'. [ 487.816094][ C1] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 488.296206][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 488.516531][T28086] umip_printk: 1 callbacks suppressed [ 488.523315][T28088] IPv6: NLM_F_CREATE should be specified when creating new route [ 488.663240][T28114] dlm: no local IP address has been set [ 488.664970][T28114] dlm: cannot start dlm midcomms -107 [ 488.855127][T28143] netlink: 60 bytes leftover after parsing attributes in process `syz.5.26057'. [ 488.866922][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 488.987999][T28158] netlink: 4 bytes leftover after parsing attributes in process `syz.0.26064'. [ 488.990797][T28158] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 488.993071][T28158] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 488.997427][T28158] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 488.999698][T28158] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 489.346155][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 489.459563][T28184] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 489.710838][T28211] o2cb: This node has not been configured. [ 489.713476][T28211] o2cb: Cluster check failed. Fix errors before retrying. [ 489.717936][T28211] (syz.0.26090,28211,0):user_dlm_register:674 ERROR: status = -22 [ 489.720921][T28211] (syz.0.26090,28211,0):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "file0" [ 489.856552][T28233] erofs (device nullb0): cannot find valid erofs superblock [ 489.914470][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 489.965816][ T57] vhci_hcd: vhci_device speed not set [ 490.052783][T28271] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 490.057088][T28271] overlayfs: overlapping lowerdir path [ 490.259087][T28294] netlink: 'syz.5.26127': attribute type 1 has an invalid length. [ 490.259742][ T838] usb 7-1: new full-speed USB device number 25 using dummy_hcd [ 490.261516][T28294] netlink: 168864 bytes leftover after parsing attributes in process `syz.5.26127'. [ 490.385541][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 490.391891][T28308] netlink: 12 bytes leftover after parsing attributes in process `syz.0.26134'. [ 490.395780][T28308] netlink: 12 bytes leftover after parsing attributes in process `syz.0.26134'. [ 490.428943][ T838] usb 7-1: config index 0 descriptor too short (expected 156, got 27) [ 490.431494][ T838] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 490.434826][ T838] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 490.438223][ T838] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 490.443239][ T838] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 490.447283][ T838] usb 7-1: config 0 interface 0 has no altsetting 0 [ 490.452671][ T838] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 490.455459][ T838] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 490.457911][ T838] usb 7-1: Product: syz [ 490.459201][ T838] usb 7-1: Manufacturer: syz [ 490.461024][ T838] usb 7-1: SerialNumber: syz [ 490.463522][ T838] usb 7-1: config 0 descriptor?? [ 490.465609][T28262] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 490.468671][ T838] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 490.473712][ T838] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 490.579989][T28333] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 490.863010][ T838] usb 7-1: USB disconnect, device number 25 [ 490.865941][ T838] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 490.891421][T28359] input: syz1 as /devices/virtual/input/input76 [ 490.984147][ C1] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 491.497736][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 491.530502][T28414] loop6: detected capacity change from 0 to 64 [ 491.597024][T28414] Invalid logical block size (4) [ 491.780131][T28441] netlink: 'syz.0.26197': attribute type 2 has an invalid length. [ 491.782571][T28441] netlink: 92 bytes leftover after parsing attributes in process `syz.0.26197'. [ 491.871480][ T57] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 492.053242][ T57] usb 7-1: Using ep0 maxpacket: 8 [ 492.056098][ T57] usb 7-1: config 255 has an invalid interface number: 7 but max is 0 [ 492.059080][ T57] usb 7-1: config 255 has no interface number 0 [ 492.061045][ T57] usb 7-1: config 255 interface 7 has no altsetting 0 [ 492.064783][ T57] usb 7-1: New USB device found, idVendor=257a, idProduct=162f, bcdDevice=1a.8f [ 492.067449][ T57] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 492.070184][ T57] usb 7-1: Product: syz [ 492.071475][ T57] usb 7-1: Manufacturer: syz [ 492.072866][ T57] usb 7-1: SerialNumber: syz [ 492.096455][ C3] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 492.175156][ T67] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 492.178618][ T67] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 492.183204][ T67] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 492.196266][ T67] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 492.200406][ T67] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 492.256634][ T838] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 492.293663][ T57] option 7-1:255.7: GSM modem (1-port) converter detected [ 492.297076][ T57] usb 7-1: USB disconnect, device number 26 [ 492.300841][ T57] option 7-1:255.7: device disconnected [ 492.320170][T28464] chnl_net:caif_netlink_parms(): no params data found [ 492.379600][T28464] bridge0: port 1(bridge_slave_0) entered blocking state [ 492.381854][T28464] bridge0: port 1(bridge_slave_0) entered disabled state [ 492.384208][T28464] bridge_slave_0: entered allmulticast mode [ 492.386857][T28464] bridge_slave_0: entered promiscuous mode [ 492.389928][T28464] bridge0: port 2(bridge_slave_1) entered blocking state [ 492.392267][T28464] bridge0: port 2(bridge_slave_1) entered disabled state [ 492.394516][T28464] bridge_slave_1: entered allmulticast mode [ 492.399544][T28464] bridge_slave_1: entered promiscuous mode [ 492.432483][ T838] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 492.435523][ T838] usb 5-1: config 0 interface 0 has no altsetting 0 [ 492.438054][T28464] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 492.450936][T28464] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 492.464417][ T838] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 492.467221][ T838] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 492.469717][ T838] usb 5-1: Product: syz [ 492.471123][ T838] usb 5-1: Manufacturer: syz [ 492.472598][ T838] usb 5-1: SerialNumber: syz [ 492.475311][ T838] usb 5-1: config 0 descriptor?? [ 492.479192][ T838] usb 5-1: selecting invalid altsetting 0 [ 492.499542][T28464] team0: Port device team_slave_0 added [ 492.503947][T28464] team0: Port device team_slave_1 added [ 492.522142][ T183] bridge_slave_1: left allmulticast mode [ 492.524439][ T183] bridge_slave_1: left promiscuous mode [ 492.526280][ T183] bridge0: port 2(bridge_slave_1) entered disabled state [ 492.529598][ T183] bridge_slave_0: left allmulticast mode [ 492.531418][ T183] bridge_slave_0: left promiscuous mode [ 492.533222][ T183] bridge0: port 1(bridge_slave_0) entered disabled state [ 492.610870][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 492.753147][ T5941] usb 5-1: USB disconnect, device number 32 [ 492.764875][ T183] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 492.768836][ T183] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 492.772442][ T183] bond0 (unregistering): Released all slaves [ 492.797051][T28464] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 492.799240][T28464] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 492.807850][T28464] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 492.813571][T28464] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 492.816092][T28464] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 492.825217][T28464] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 492.937643][T28464] hsr_slave_0: entered promiscuous mode [ 492.939911][T28464] hsr_slave_1: entered promiscuous mode [ 492.942540][T28464] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 492.944923][T28464] Cannot create hsr debugfs directory [ 493.071608][T28464] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 493.081696][ T183] hsr_slave_0: left promiscuous mode [ 493.083824][ T183] hsr_slave_1: left promiscuous mode [ 493.085789][ T183] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 493.088566][ T183] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 493.208735][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 493.722544][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 493.759352][ T183] team0 (unregistering): Port device team_slave_1 removed [ 493.846217][ T183] team0 (unregistering): Port device team_slave_0 removed [ 494.324324][ C3] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 494.409064][ T6056] Bluetooth: hci3: command tx timeout [ 494.438449][T28464] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 494.442387][T28464] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 494.452604][T28464] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 494.511957][T28464] 8021q: adding VLAN 0 to HW filter on device bond0 [ 494.535441][T28464] 8021q: adding VLAN 0 to HW filter on device team0 [ 494.540195][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state [ 494.542512][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 494.551732][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state [ 494.554073][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 494.660338][T28464] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 494.726918][ T5941] usb 5-1: new low-speed USB device number 33 using dummy_hcd [ 494.773869][T28464] veth0_vlan: entered promiscuous mode [ 494.781294][T28464] veth1_vlan: entered promiscuous mode [ 494.795073][T28464] veth0_macvtap: entered promiscuous mode [ 494.798597][T28464] veth1_macvtap: entered promiscuous mode [ 494.806826][T28464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.810104][T28464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.814101][T28464] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 494.819220][T28464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 494.822548][T28464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.827726][T28464] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 494.832354][T28464] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 494.836680][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 494.839350][T28464] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 494.842223][T28464] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 494.845079][T28464] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 494.895159][ T1256] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 494.897804][ T1256] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 494.901041][ T5941] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 494.904141][ T5941] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 494.906881][ T5941] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 494.916343][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 494.918062][ T5941] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 494.918826][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 494.922742][ T5941] usb 5-1: config 0 descriptor?? [ 494.932956][T28553] netlink: 'syz.2.26242': attribute type 5 has an invalid length. [ 495.143111][ T5941] usb 5-1: USB disconnect, device number 33 [ 495.434862][ C1] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 495.784083][T28620] netlink: 4 bytes leftover after parsing attributes in process `syz.2.26271'. [ 495.956928][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 496.007471][T28643] bridge0: port 3(syz_tun) entered blocking state [ 496.009592][T28643] bridge0: port 3(syz_tun) entered disabled state [ 496.013738][T28643] syz_tun: entered allmulticast mode [ 496.016167][T28643] syz_tun: entered promiscuous mode [ 496.018165][T28643] bridge0: port 3(syz_tun) entered blocking state [ 496.020329][T28643] bridge0: port 3(syz_tun) entered forwarding state [ 496.023933][T28646] [ 496.024741][T28646] ====================================================== [ 496.026917][T28646] WARNING: possible circular locking dependency detected [ 496.029083][T28646] 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 Not tainted [ 496.032452][T28646] ------------------------------------------------------ [ 496.034944][T28646] syz.2.26282/28646 is trying to acquire lock: [ 496.036847][T28646] ffff88804ec48218 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2){+...}-{3:3}, at: __dev_queue_xmit+0x334c/0x43e0 [ 496.040692][T28646] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 496.040692][T28646] but task is already holding lock: [ 496.043041][T28646] ffff88804a1d5158 (&qdisc_xmit_lock_key#4){+.-.}-{3:3}, at: sch_direct_xmit+0x3ba/0xcf0 [ 496.046311][T28646] [ 496.046311][T28646] which lock already depends on the new lock. [ 496.046311][T28646] [ 496.049656][T28646] [ 496.049656][T28646] the existing dependency chain (in reverse order) is: [ 496.052729][T28646] [ 496.052729][T28646] -> #1 (&qdisc_xmit_lock_key#4){+.-.}-{3:3}: [ 496.055462][T28646] _raw_spin_lock+0x2e/0x40 [ 496.057106][T28646] sch_direct_xmit+0x3ba/0xcf0 [ 496.058881][T28646] __dev_queue_xmit+0x13c7/0x43e0 [ 496.060749][T28646] neigh_resolve_output+0x53a/0x940 [ 496.062628][T28646] ip6_finish_output2+0xaeb/0x2020 [ 496.064393][T28646] ip6_finish_output+0x3f9/0x1360 [ 496.066200][T28646] ip6_output+0x1f9/0x540 [ 496.067715][T28646] mld_sendpack+0x9e9/0x1220 [ 496.069306][T28646] mld_ifc_work+0x740/0xca0 [ 496.070885][T28646] process_one_work+0x9cc/0x1b70 [ 496.072548][T28646] worker_thread+0x6c8/0xf10 [ 496.074190][T28646] kthread+0x3c2/0x780 [ 496.075646][T28646] ret_from_fork+0x45/0x80 [ 496.077188][T28646] ret_from_fork_asm+0x1a/0x30 [ 496.078829][T28646] [ 496.078829][T28646] -> #0 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2){+...}-{3:3}: [ 496.081977][T28646] __lock_acquire+0x1173/0x1ba0 [ 496.083636][T28646] lock_acquire+0x179/0x350 [ 496.085237][T28646] _raw_spin_lock+0x2e/0x40 [ 496.086811][T28646] __dev_queue_xmit+0x334c/0x43e0 [ 496.088655][T28646] neigh_resolve_output+0x53a/0x940 [ 496.090623][T28646] ip6_finish_output2+0xaeb/0x2020 [ 496.092489][T28646] ip6_finish_output+0x3f9/0x1360 [ 496.094269][T28646] ip6_output+0x1f9/0x540 [ 496.095946][T28646] ip6_local_out+0xcd/0x4a0 [ 496.097678][T28646] ip6_send_skb+0x112/0x460 [ 496.099450][T28646] ip6_push_pending_frames+0xe0/0x110 [ 496.101223][T28646] icmpv6_push_pending_frames+0x2dc/0x460 [ 496.103129][T28646] icmp6_send+0x1fa9/0x2d20 [ 496.104703][T28646] ip6_link_failure+0x31/0x5a0 [ 496.106353][T28646] ip_tunnel_xmit+0x2fb0/0x37b0 [ 496.108010][T28646] __gre_xmit+0x8bb/0xc00 [ 496.109528][T28646] erspan_xmit+0x56b/0x25d0 [ 496.111101][T28646] dev_hard_start_xmit+0x93/0x740 [ 496.112814][T28646] sch_direct_xmit+0x1b2/0xcf0 [ 496.114473][T28646] __qdisc_run+0x541/0x1bf0 [ 496.116042][T28646] __dev_queue_xmit+0x2aa4/0x43e0 [ 496.117752][T28646] neigh_resolve_output+0x53a/0x940 [ 496.119531][T28646] ip6_finish_output2+0xaeb/0x2020 [ 496.121271][T28646] ip6_finish_output+0x3f9/0x1360 [ 496.122991][T28646] ip6_output+0x1f9/0x540 [ 496.124524][T28646] ip6_local_out+0xcd/0x4a0 [ 496.126101][T28646] ip6_send_skb+0x112/0x460 [ 496.127671][T28646] udp_v6_send_skb+0x96f/0x1910 [ 496.129342][T28646] udpv6_sendmsg+0x254a/0x3070 [ 496.130996][T28646] inet6_sendmsg+0x105/0x140 [ 496.132591][T28646] ____sys_sendmsg+0x705/0xc70 [ 496.134241][T28646] ___sys_sendmsg+0x134/0x1d0 [ 496.135851][T28646] __sys_sendmmsg+0x2f9/0x420 [ 496.137519][T28646] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 496.139444][T28646] __do_fast_syscall_32+0x73/0x120 [ 496.141183][T28646] do_fast_syscall_32+0x32/0x80 [ 496.142854][T28646] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 496.144953][T28646] [ 496.144953][T28646] other info that might help us debug this: [ 496.144953][T28646] [ 496.148068][T28646] Possible unsafe locking scenario: [ 496.148068][T28646] [ 496.150359][T28646] CPU0 CPU1 [ 496.152016][T28646] ---- ---- [ 496.153661][T28646] lock(&qdisc_xmit_lock_key#4); [ 496.155242][T28646] lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2); [ 496.158172][T28646] lock(&qdisc_xmit_lock_key#4); [ 496.160497][T28646] lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2); [ 496.162678][T28646] [ 496.162678][T28646] *** DEADLOCK *** [ 496.162678][T28646] [ 496.165167][T28646] 9 locks held by syz.2.26282/28646: [ 496.166807][T28646] #0: ffffffff8e3bf440 (rcu_read_lock){....}-{1:3}, at: ip6_send_skb+0xb9/0x460 [ 496.169601][T28646] #1: ffffffff8e3bf440 (rcu_read_lock){....}-{1:3}, at: ip6_finish_output2+0x39d/0x2020 [ 496.172592][T28646] #2: ffffffff8e3bf3e0 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x276/0x43e0 [ 496.175642][T28646] #3: ffff88804a1d5158 (&qdisc_xmit_lock_key#4){+.-.}-{3:3}, at: sch_direct_xmit+0x3ba/0xcf0 [ 496.178804][T28646] #4: ffffffff8e3bf440 (rcu_read_lock){....}-{1:3}, at: icmp6_send+0x270/0x2d20 [ 496.181603][T28646] #5: ffff88804a210998 (k-slock-AF_INET6){+.-.}-{3:3}, at: icmp6_send+0x8d9/0x2d20 [ 496.184553][T28646] #6: ffffffff8e3bf440 (rcu_read_lock){....}-{1:3}, at: ip6_send_skb+0xb9/0x460 [ 496.187395][T28646] #7: ffffffff8e3bf440 (rcu_read_lock){....}-{1:3}, at: ip6_finish_output2+0x39d/0x2020 [ 496.190393][T28646] #8: ffffffff8e3bf3e0 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x276/0x43e0 [ 496.193587][T28646] [ 496.193587][T28646] stack backtrace: [ 496.195443][T28646] CPU: 1 UID: 0 PID: 28646 Comm: syz.2.26282 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 496.195458][T28646] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 496.195465][T28646] Call Trace: [ 496.195470][T28646] [ 496.195475][T28646] dump_stack_lvl+0x116/0x1f0 [ 496.195491][T28646] print_circular_bug+0x275/0x350 [ 496.195506][T28646] check_noncircular+0x14c/0x170 [ 496.195521][T28646] __lock_acquire+0x1173/0x1ba0 [ 496.195536][T28646] lock_acquire+0x179/0x350 [ 496.195548][T28646] ? __dev_queue_xmit+0x334c/0x43e0 [ 496.195563][T28646] ? __bfs+0x145/0x290 [ 496.195573][T28646] _raw_spin_lock+0x2e/0x40 [ 496.195583][T28646] ? __dev_queue_xmit+0x334c/0x43e0 [ 496.195597][T28646] __dev_queue_xmit+0x334c/0x43e0 [ 496.195614][T28646] ? __pfx___dev_queue_xmit+0x10/0x10 [ 496.195629][T28646] ? lockdep_unlock+0x64/0xe0 [ 496.195637][T28646] ? __lock_acquire+0xf7f/0x1ba0 [ 496.195652][T28646] ? lock_acquire+0x179/0x350 [ 496.195664][T28646] ? find_held_lock+0x2b/0x80 [ 496.195672][T28646] ? __asan_memcpy+0x3c/0x60 [ 496.195687][T28646] ? eth_header+0x11c/0x1f0 [ 496.195696][T28646] neigh_resolve_output+0x53a/0x940 [ 496.195711][T28646] ip6_finish_output2+0xaeb/0x2020 [ 496.195725][T28646] ip6_finish_output+0x3f9/0x1360 [ 496.195736][T28646] ip6_output+0x1f9/0x540 [ 496.195746][T28646] ? __pfx_ip6_output+0x10/0x10 [ 496.195756][T28646] ip6_local_out+0xcd/0x4a0 [ 496.195770][T28646] ip6_send_skb+0x112/0x460 [ 496.195781][T28646] ip6_push_pending_frames+0xe0/0x110 [ 496.195792][T28646] icmpv6_push_pending_frames+0x2dc/0x460 [ 496.195804][T28646] icmp6_send+0x1fa9/0x2d20 [ 496.195815][T28646] ? __pfx_icmp6_send+0x10/0x10 [ 496.195827][T28646] ? find_held_lock+0x2b/0x80 [ 496.195836][T28646] ? ip6_neigh_lookup+0x7b5/0xbe0 [ 496.195849][T28646] ? __pfx_ip6_neigh_lookup+0x10/0x10 [ 496.195861][T28646] ? ip6_link_failure+0x31/0x5a0 [ 496.195876][T28646] ip6_link_failure+0x31/0x5a0 [ 496.195890][T28646] ? __pfx_ip6_link_failure+0x10/0x10 [ 496.195905][T28646] ip_tunnel_xmit+0x2fb0/0x37b0 [ 496.195916][T28646] ? osq_unlock+0x136/0x290 [ 496.195929][T28646] ? bpf_ksym_find+0x124/0x1c0 [ 496.195944][T28646] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 496.195955][T28646] ? __pfx_ip_tunnel_xmit+0x10/0x10 [ 496.195965][T28646] ? unwind_next_frame+0x3f4/0x20a0 [ 496.195976][T28646] ? rcu_is_watching+0x12/0xc0 [ 496.195986][T28646] ? is_bpf_text_address+0x8a/0x1a0 [ 496.195997][T28646] ? rcu_is_watching+0x12/0xc0 [ 496.196006][T28646] ? lock_release+0x201/0x2f0 [ 496.196016][T28646] ? bpf_ksym_find+0x124/0x1c0 [ 496.196031][T28646] __gre_xmit+0x8bb/0xc00 [ 496.196047][T28646] ? __pfx___gre_xmit+0x10/0x10 [ 496.196068][T28646] ? skb_network_protocol+0x126/0x6d0 [ 496.196084][T28646] erspan_xmit+0x56b/0x25d0 [ 496.196094][T28646] ? __pfx_erspan_xmit+0x10/0x10 [ 496.196106][T28646] dev_hard_start_xmit+0x93/0x740 [ 496.196122][T28646] sch_direct_xmit+0x1b2/0xcf0 [ 496.196138][T28646] ? lockdep_unlock+0x64/0xe0 [ 496.196147][T28646] ? __lock_acquire+0xf7f/0x1ba0 [ 496.196160][T28646] ? __pfx_sch_direct_xmit+0x10/0x10 [ 496.196175][T28646] ? skbprio_dequeue+0x44b/0x710 [ 496.196191][T28646] __qdisc_run+0x541/0x1bf0 [ 496.196206][T28646] ? rcu_is_watching+0x12/0xc0 [ 496.196215][T28646] __dev_queue_xmit+0x2aa4/0x43e0 [ 496.196231][T28646] ? __pfx___dev_queue_xmit+0x10/0x10 [ 496.196244][T28646] ? register_lock_class+0x41/0x4c0 [ 496.196258][T28646] ? __lock_acquire+0xaa4/0x1ba0 [ 496.196271][T28646] ? find_held_lock+0x2b/0x80 [ 496.196282][T28646] ? find_held_lock+0x2b/0x80 [ 496.196290][T28646] ? __asan_memcpy+0x3c/0x60 [ 496.196305][T28646] ? eth_header+0x11c/0x1f0 [ 496.196314][T28646] neigh_resolve_output+0x53a/0x940 [ 496.196328][T28646] ip6_finish_output2+0xaeb/0x2020 [ 496.196339][T28646] ? ip6_mtu+0x1a3/0x4a0 [ 496.196354][T28646] ip6_finish_output+0x3f9/0x1360 [ 496.196365][T28646] ip6_output+0x1f9/0x540 [ 496.196375][T28646] ? __pfx_ip6_output+0x10/0x10 [ 496.196385][T28646] ip6_local_out+0xcd/0x4a0 [ 496.196399][T28646] ip6_send_skb+0x112/0x460 [ 496.196409][T28646] udp_v6_send_skb+0x96f/0x1910 [ 496.196425][T28646] udpv6_sendmsg+0x254a/0x3070 [ 496.196437][T28646] ? __pfx_udplite_getfrag+0x10/0x10 [ 496.196452][T28646] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 496.196465][T28646] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 496.196478][T28646] ? tomoyo_check_inet_address+0xe0/0x6c0 [ 496.196496][T28646] ? find_held_lock+0x2b/0x80 [ 496.196505][T28646] ? __pfx_aa_sk_perm+0x10/0x10 [ 496.196515][T28646] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 496.196528][T28646] ? inet6_sendmsg+0x105/0x140 [ 496.196541][T28646] inet6_sendmsg+0x105/0x140 [ 496.196554][T28646] ____sys_sendmsg+0x705/0xc70 [ 496.196567][T28646] ? __pfx_____sys_sendmsg+0x10/0x10 [ 496.196579][T28646] ? get_compat_msghdr+0x11a/0x170 [ 496.196594][T28646] ? schedule+0x2d7/0x3a0 [ 496.196605][T28646] ___sys_sendmsg+0x134/0x1d0 [ 496.196614][T28646] ? __pfx____sys_sendmsg+0x10/0x10 [ 496.196625][T28646] ? find_held_lock+0x2b/0x80 [ 496.196637][T28646] __sys_sendmmsg+0x2f9/0x420 [ 496.196647][T28646] ? __pfx___sys_sendmmsg+0x10/0x10 [ 496.196655][T28646] ? __local_bh_enable_ip+0xa4/0x120 [ 496.196672][T28646] ? __pfx_do_futex+0x10/0x10 [ 496.196682][T28646] ? fput+0x70/0xf0 [ 496.196695][T28646] ? xfd_validate_state+0x5d/0x180 [ 496.196710][T28646] ? rcu_is_watching+0x12/0xc0 [ 496.196720][T28646] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 496.196735][T28646] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 496.196747][T28646] __do_fast_syscall_32+0x73/0x120 [ 496.196760][T28646] do_fast_syscall_32+0x32/0x80 [ 496.196771][T28646] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 496.196784][T28646] RIP: 0023:0xf7f73579 [ 496.196793][T28646] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 496.196802][T28646] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 496.196813][T28646] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080007e40 [ 496.196819][T28646] RDX: 0000000000006c00 RSI: 0000000000000000 RDI: 0000000000000000 [ 496.196825][T28646] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 496.196831][T28646] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 496.196836][T28646] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 496.196845][T28646] [ 496.404933][ C1] vkms_vblank_simulate: vblank timer overrun [ 496.527083][T28223] bridge0: port 3(syz_tun) entered disabled state [ 496.531084][T28223] syz_tun (unregistering): left allmulticast mode [ 496.533215][T28223] syz_tun (unregistering): left promiscuous mode [ 496.536461][T28223] bridge0: port 3(syz_tun) entered disabled state [ 496.551567][ C2] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 496.561282][T13144] bridge0: port 1(syz_tun) entered disabled state [ 496.569537][T13144] syz_tun (unregistering): left allmulticast mode [ 496.571562][T13144] syz_tun (unregistering): left promiscuous mode [ 496.573518][T13144] bridge0: port 1(syz_tun) entered disabled state [ 496.624492][ T1140] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 496.627687][ T1140] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 496.630909][ T6056] Bluetooth: hci3: command 0x041b tx timeout [ 496.718310][ T1140] netdevsim netdevsim2 netdevsim2 (unregistering): left allmulticast mode [ 496.722160][ T1140] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 496.725483][ T1140] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 496.846074][ T1140] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 496.849294][ T1140] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 496.894778][ T1140] : (slave netdevsim0): Releasing backup interface [ 496.898040][ T1140] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 496.902111][ T1140] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 497.035146][ T1140] veth0_to_bridge: left allmulticast mode [ 497.037091][ T1140] veth0_to_bridge: left promiscuous mode [ 497.038957][ T1140] bridge0: port 1(veth0_to_bridge) entered disabled state [ 497.058251][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 497.104856][ T1140] dvmrp0 (unregistering): left allmulticast mode [ 497.107901][ T1140] dvmrp9 (unregistering): left allmulticast mode [ 497.667893][ C1] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 498.170326][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 498.355239][ T1140]  (unregistering): Released all slaves [ 498.422836][ T1140] bond1 (unregistering): Released all slaves [ 498.426462][ T1140] bond2 (unregistering): Released all slaves [ 498.496547][ T1140] bond3 (unregistering): Released all slaves [ 498.505280][ T1140] bond0 (unregistering): Released all slaves [ 498.508803][ T1140] bond4 (unregistering): Released all slaves [ 498.512276][ T1140] bond5 (unregistering): Released all slaves [ 498.607102][ T1140] : left promiscuous mode [ 498.679256][ T1140] tipc: Disabling bearer [ 498.680928][ T1140] tipc: Left network mode [ 498.688683][ T1140] IPVS: stopping backup sync thread 14097 ... [ 498.766435][ T1140] batman_adv: batadv0: Interface deactivated:  [ 498.768525][ T1140] batman_adv: batadv0: Removing interface:  [ 498.774031][ T1140] veth1_to_batadv: left promiscuous mode [ 498.780520][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 499.212748][ T1140] vxcan1 (unregistering): left allmulticast mode [ 499.283081][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 499.650079][ T1140] IPVS: stop unused estimator thread 0... [ 499.702902][ T1140] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 499.766595][ T1140] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 499.808940][ T1140] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 499.873976][ T1140] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 499.892056][ C1] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 499.935381][ T1140] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 499.938588][ T1140] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 500.012372][ T1140] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 500.015586][ T1140] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 500.087320][ T1140] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 500.090530][ T1140] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 500.220402][ T1140] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 500.224886][ T1140] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 500.325509][ T1140] bridge_slave_1: left allmulticast mode [ 500.327820][ T1140] bridge_slave_1: left promiscuous mode [ 500.330181][ T1140] bridge0: port 2(bridge_slave_1) entered disabled state [ 500.333963][ T1140] bridge_slave_0: left allmulticast mode [ 500.336231][ T1140] bridge_slave_0: left promiscuous mode [ 500.338546][ T1140] bridge0: port 1(bridge_slave_0) entered disabled state [ 500.395648][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 500.467442][ T1140] team0: Port device bridge0 removed [ 500.579946][ T1140] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 500.583654][ T1140] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 500.587074][ T1140] bond0 (unregistering): Released all slaves [ 500.593415][ T1140] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 500.597044][ T1140] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 500.600763][ T1140] bond0 (unregistering): Released all slaves [ 500.604291][ T1140] bond1 (unregistering): Released all slaves [ 500.607875][ T1140] bond2 (unregistering): Released all slaves [ 500.681783][ T1140] : left promiscuous mode [ 500.759536][ T1140] tipc: Disabling bearer [ 500.761235][ T1140] tipc: Disabling bearer [ 500.762851][ T1140] tipc: Left network mode [ 500.770901][ T1140] IPVS: stopping master sync thread 15320 ... [ 501.004429][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 501.223077][ T1140] hsr_slave_0: left promiscuous mode [ 501.225096][ T1140] hsr_slave_1: left promiscuous mode [ 501.226988][ T1140] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 501.229371][ T1140] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 501.231845][ T1140] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 501.234141][ T1140] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 501.238282][ T1140] hsr_slave_0: left promiscuous mode [ 501.240432][ T1140] hsr_slave_1: left promiscuous mode [ 501.242291][ T1140] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 501.244556][ T1140] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 501.247043][ T1140] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 501.249323][ T1140] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 501.256409][ T1140] veth1_macvtap: left promiscuous mode [ 501.258147][ T1140] veth0_macvtap: left promiscuous mode [ 501.259873][ T1140] veth1_vlan: left promiscuous mode [ 501.261958][ T1140] veth0_vlan: left promiscuous mode [ 501.264058][ T1140] veth1_macvtap: left promiscuous mode [ 501.265760][ T1140] veth0_macvtap: left promiscuous mode [ 501.267488][ T1140] veth1_vlan: left promiscuous mode [ 501.269112][ T1140] veth0_vlan: left promiscuous mode [ 501.470587][ T1140] team0 (unregistering): Port device team_slave_1 removed [ 501.509126][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 501.511908][ T1140] team0 (unregistering): Port device team_slave_0 removed [ 501.627681][ T1140] pimreg3 (unregistering): left allmulticast mode [ 501.780476][ T1140] team0 (unregistering): Port device team_slave_1 removed [ 501.819386][ T1140] team0 (unregistering): Port device team_slave_0 removed [ 502.106500][ C3] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 502.433144][ T1140] IPVS: stop unused estimator thread 0... [ 502.619064][ C1] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 503.218070][ C1] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 503.731504][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 504.330600][ C3] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 504.843393][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on [ 505.442942][ C1] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:30) seen on [ 505.956093][ C0] tipc: Duplicate 1 using eth(aa:aa:aa:aa:aa:35) seen on VM DIAGNOSIS: 07:29:05 Registers: info registers vcpu 0 CPU#0 RAX=ffffffff9127e5a0 RBX=ffffffff90a00cb8 RCX=dffffc0000000000 RDX=ffffffff90a00cbc RSI=0000000000000000 RDI=ffffffff90a00c94 RBP=ffffffff90a00cbc RSP=ffffc9000c91ec90 R8 =ffffffff9127e5e2 R9 =0000000000000000 R10=ffffc9000c91ed40 R11=0000000000012922 R12=ffffffff90a00cbc R13=ffffffff822922b0 R14=ffffffff90a00c94 R15=ffffffff90a00cb8 RIP=ffffffff81698f6c RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880977ef000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055f14d9e4280 CR3=000000006c48c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008220202 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe02fe23f0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4154414600544549 55510029646c253d 646970282064253a 29287338342e253a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4154414600544549 5551000c41490018 414c550d0541001f 0c0d561d110b001f ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=73f896b273f896b2 73f896b273f896b2 73f896b273f896b2 73f896b273f896b2 73f896b273f896b2 73f896b273f896b2 73f896b273f896b2 73f896b273f896b2 ZMM22=b1742d74b1742d74 b1742d74b1742d74 b1742d74b1742d74 b1742d74b1742d74 b1742d74b1742d74 b1742d74b1742d74 b1742d74b1742d74 b1742d74b1742d74 ZMM23=801bb221801bb221 801bb221801bb221 801bb221801bb221 801bb221801bb221 801bb221801bb221 801bb221801bb221 801bb221801bb221 801bb221801bb221 ZMM24=bde29f41bde29f41 bde29f41bde29f41 bde29f41bde29f41 bde29f41bde29f41 bde29f41bde29f41 bde29f41bde29f41 bde29f41bde29f41 bde29f41bde29f41 ZMM25=ef675816ef675816 ef675816ef675816 ef675816ef675816 ef675816ef675816 ef675816ef675816 ef675816ef675816 ef675816ef675816 ef675816ef675816 ZMM26=fb6c57b3fb6c57b3 fb6c57b3fb6c57b3 fb6c57b3fb6c57b3 fb6c57b3fb6c57b3 fb6c57b3fb6c57b3 fb6c57b3fb6c57b3 fb6c57b3fb6c57b3 fb6c57b3fb6c57b3 ZMM27=038a5bd2038a5bd2 038a5bd2038a5bd2 038a5bd2038a5bd2 038a5bd2038a5bd2 038a5bd2038a5bd2 038a5bd2038a5bd2 038a5bd2038a5bd2 038a5bd2038a5bd2 ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=f95f0000f95f0000 f95f0000f95f0000 f95f0000f95f0000 f95f0000f95f0000 f95f0000f95f0000 f95f0000f95f0000 f95f0000f95f0000 f95f0000f95f0000 info registers vcpu 1 CPU#1 RAX=000000000000004e RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff854bf6b5 RDI=ffffffff9addcbc0 RBP=ffffffff9addcb80 RSP=ffffc90006ad5cd8 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=722d302e35312e36 R12=0000000000000000 R13=000000000000004e R14=ffffffff9addcb80 R15=ffffffff854bf650 RIP=ffffffff854bf6df RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880978ef000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f73c31cc CR3=00000000235bf000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000004c00000000 0000000100000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000004c00000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 EAX=8206c6a5 EBX=00000000 ECX=00000000 EDX=0000a0d9 ESI=f74a5078 EDI=f650d008 EBP=f7fd5610 ESP=ff9d6d40 EIP=f714e427 EFL=00000293 [--S-A-C] CPL=3 II=0 A20=1 SMM=0 HLT=0 ES =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0023 00000000 ffffffff 00c0fb00 DPL=3 CS32 [-RA] SS =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] DS =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 00000000 ffffffff 00c00000 GS =0063 57b2e440 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 00000000 ffffffff 00c00000 TR =0040 00091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f749a040 CR3=0000000027acb000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000005 RBX=0000000000000001 RCX=ffffffff911dbcac RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000001 RBP=ffffc900036cf3e0 RSP=ffffc900036cf328 R8 =ffffffff911dbcb0 R9 =0000000000000000 R10=ffffc900036cf398 R11=000000000000a68e R12=ffffc900036cf3e8 R13=ffffc900036cf398 R14=0000000000000005 R15=ffffc900036cf438 RIP=ffffffff81699f7a RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097aef000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f73c7b34 CR3=000000005bef5000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000054 0000000000000003 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000