last executing test programs: 4.31085129s ago: executing program 1 (id=8628): openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) r0 = syz_open_procfs$pagemap(0x0, &(0x7f00000002c0)) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000140)={@local}) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r1, 0x7ab, &(0x7f00000006c0)={&(0x7f0000000280)={{@local=0x2, 0x3ff}, {}, 0x400, "787c2ce2fba15d4e9f8e96bc11e2ca247a20c3e26661b174fef725253be9e8480cb4f3524932f59ba189c1429727ef39b4164f93bb821987b3b7f73495bc8e745304668e0e46798c7f5917ea8428d41cab5612336fcfe86c481c8935a48e9c1c86a394feb64fb06f77dadbcb20fc62741432b7dca37007d68e98fe46135d6a1c5ed42102f58daa5211319db84aa9abac734be47c908dc3ffa3aa7b61ec16d3d1209fc618f6c4532ea582628502ac46d167db6d53d8f3184df68414e6b6ec0109664c570e155654e03d58dadd0e5a7bab42bbb4a9afdefc115eb1609e7b50dbd94b94ba8cd86587ad33743b1c9e4a41d3e16af21d6c897a1121bc14de16e78d6d7f2ae79db44e302539fd926e0b91e0fc589e2fa19b218d0508b5ce3ad40d03936693ca5aa41ddc07cf492874569ab037e0530e38245b98131ae0c9afd871df5f51331938764f5a7dd96890edd467b2fbc335ed08174bb5ea722a98b34d38ac6de995de4ee263c81b2567b3f87e2bcaab9d3c530897857edd5d7f97d61fc67076eab4846010d4828cc879f95cddb69ff6438f2a109285c46d8224c36069d30c3c9cf4a6800ae224111136bd9c1e06c4bfc4685d7bb6a7232dbb0d6de9bf105490743dc4b700f24ce6b250b95e6c383fe44967a55d140baf0ec339e3815b29a2245f46c953048c43f961d7fbd734c60a9695f567aa710ce9d3327568895d99dde0266485bbd9d0caecf00e9501a4433b54930cba54e06607ada2f5d818e4804294fcf53058e58e0d33d4aa6dc943811056908fe9116e65cdddac1d2fb24d1eacee389af38b7e5a7056d0de50c6b49fb38388cf28c2d6dd3dbbab84ffbef4b0c02a77f018e8a9749a557909e6aa96185d268dad7744b094d8c6134b8defe26674d65f908f9c3a8c201f661fc22efe0eff248d3a473fe32a5b3643bfad8f186c2af3fbaa1d38560c1244c79a0e48893eefb792af281650f34f6c2d9a6c622aba234b63586713cb66179a0897d98ee5228569c32c1a682807c8db7eb197ccbbd6549db86a6a9aebbf5dc14060f22e2b07d6166f43c25ae0c88be7a4dc38e7ed08972a355b0e5d6fc43b8e5594fa6b36a36a44bb94b75eaff11dc17105f54beda54da2a1ea1acfab354745057dd2e7725f2c8450b19fdf37e19f6ce43449e9191f5a5beb4a1bc176f6130052e83acefd8ff18d592bb75f15f86c9113e4bd67ad420c33ae706cdc10060277b83ef30a50d4ac19c9a791b309377aa20a4743bbb799abc3ba58071b628c9ba8103bbfe389939e55296ec9b4f8d3a03aff30ce9aa0dd6e5158a672be8f3da8349ed4ad82f6ca67ee29e8b234840cf7846e604e5b8135abd94d71fe0a79180e75d4e193ea8df466c087b660fe984943751a9f6df8545699701d478c2b3daa949155770e74835bcd972de27afd20b02ce0e504c15b02374372"}, 0x418}) ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f00000003c0)={0x60, 0x2, &(0x7f00003c0000/0x1000)=nil, &(0x7f00003c2000/0x2000)=nil, 0x0, &(0x7f00000001c0)=[{0x58c2}], 0x1, 0x0, 0x6a}) r2 = syz_open_dev$sg(&(0x7f0000000240), 0x8, 0x80400) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="cc000000000000001225"]) syz_init_net_socket$llc(0x1a, 0x2, 0x0) prctl$PR_CAP_AMBIENT(0x2f, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) keyctl$search(0xa, 0x0, &(0x7f0000000180)='pkcs7_test\x00', 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, "1ed43df900", "5171bb672965593497418688ac68cb126474cd3660dab9e2086e246728d7a040", "04709ecf", "1200074000"}, 0x38) setsockopt$inet6_tcp_int(r4, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36) 3.289168199s ago: executing program 2 (id=8634): prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r2}, 0x10) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000002180)='/sys/power/pm_async', 0xc6882, 0x43) sendfile(r3, r3, 0x0, 0x6) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f00000000c0)=""/59, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x2000000000000004, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x0, 0x0, 0x10001}, 0x48) r4 = socket$inet6(0xa, 0x2, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60fca33f00007300fe800000000000000000000000000000aa00"/54], 0x0) connect$inet6(r4, &(0x7f00000002c0), 0x1c) sendmmsg(r4, &(0x7f00000092c0), 0x4ff, 0x80fe) syz_emit_ethernet(0x0, 0x0, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000300)={0x1f, 0xffff, 0x4}, 0x6) write$bt_hci(r5, &(0x7f0000000500)=ANY=[], 0x138) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="000100001a00018129809cbeb9da7400fe880000000000000000000000000001ffffffff00000000000000000000000500"/64, @ANYRES32=0x0, @ANYRESHEX=r4, @ANYBLOB="00000000000000000000000000000000000000662b0020002001000000000000000000000000000101000000000000000000000000000000000000000000000000000000228329f8000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000f2ffffff000000000000000000000000000000000000000000000001f3c19e000000000a0000000000000014000e00ff01000000000000000000000000000191fff3ef6f2b5f341477e24aa50508d3c437e517f42af903ad88f79a4d7bb076fc5837adad97f262bdcfab284b22c366b00bd9a0ecacba9f890eba02fe667b03edd089b4bc26746aa476804260ce19f3c36bc6cde0f58e40b9f59fcfb882d8f1f809b2bd8c57396fbf4b5f1ad9c554fef6f5b867c08a05a47f2c0c6b488810bd0000b6fd2c5682e6f88acee55274697516fadcbad0697f913f4549e812c837c02cd9e853192a3838b7828cda9ead67bdbbc3f3e2afd8cd55e0416be0f7a69eb5b42c0b6efc9a1ee0697add379f9f595230153ddf35515d4f093f9c0f028acb88848c5491de238da84db0f4fdb6c0f85dcfaccdf929c701f8a7903b8344aa458919d1d3a262741f6ba35273008c1dcda94b0791ab41d140abb952ef"], 0x100}, 0x1, 0x0, 0x0, 0x24008050}, 0x0) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000140)={0x2, &(0x7f0000000240)=[{0x6, 0x0, 0x0, 0x7fff0200}, {0xfff7, 0xff, 0x0, 0x1ff}]}) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) socket$inet6_sctp(0xa, 0x1, 0x84) r6 = socket(0x40000000015, 0x5, 0x0) bind$inet(r6, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x40080, &(0x7f0000000200)={0x2, 0xfffd, @local}, 0x10) 2.236618823s ago: executing program 2 (id=8639): r0 = socket$alg(0x26, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x13, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000001b3bb000000000000850000001900000095000000000000007e5a9ae777ecc15374"], &(0x7f0000000100)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x8, 0xfffffff5, 0xfff, 0x6, 0x4, 0xffffffffffffffff, 0x47fc, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x4}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000400)='net_dev_xmit_timeout\x00', r4}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r3}, &(0x7f0000000040), &(0x7f0000000180)}, 0x20) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) close(r5) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x90) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x8000, 0x0, 0x0, 0x0, 0x45f7ac3b4d3e0332, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000"], 0x0}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8}, 0x10) r9 = syz_open_procfs(0x0, &(0x7f0000000200)='map_files\x00') r10 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000340)='oom_score_adj\x00') seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6}]}) ioctl$F2FS_IOC_GET_PIN_FILE(0xffffffffffffffff, 0x8004f50e, 0x0) pread64(r10, 0x0, 0x0, 0x0) getdents64(r9, 0xffffffffffffffff, 0x43) 2.148950419s ago: executing program 3 (id=8640): r0 = socket(0x2b, 0x6, 0xfffffffe) close(r0) socket$inet6_sctp(0xa, 0x5, 0x84) ioperm(0x1000, 0x1, 0x8) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001540)=[{0x0}], 0xa, &(0x7f0000000040), 0xffffffffffffffc7}, 0x0) syz_open_dev$cec(&(0x7f0000000080), 0xffffffffffffffff, 0x0) io_setup(0x6, &(0x7f0000001380)=0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00') writev(r2, &(0x7f0000000080)=[{0x0}], 0x1) io_submit(r1, 0x0, 0x0) openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.pending_reads\x00', 0x40140, 0x0) execveat(0xffffffffffffffff, 0x0, &(0x7f0000000380)=[&(0x7f0000000280)='\x00', &(0x7f00000002c0)='/dev/video#\x00', &(0x7f0000000300)='nfs4\x00', &(0x7f0000000340)='fd/3\x00'], &(0x7f00000004c0)=[&(0x7f00000003c0)='/-\'$\x00', &(0x7f0000000400)='$\x00', &(0x7f0000000440)='nfs4\x00', &(0x7f0000000480)='\x00'], 0x800) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r3, 0xc0285629, &(0x7f0000000080)={0x3, @win={{}, 0x0, 0x0, 0x0, 0x0, 0x0}}) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x96dca55c25fb4027, &(0x7f0000000180)=0x40000000010001) r4 = fsmount(0xffffffffffffffff, 0x0, 0x8) openat$hwrng(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0) connect$inet6(r4, &(0x7f0000001340)={0xa, 0x4e21, 0x10000, @local}, 0x1c) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22) getrandom(0x0, 0x0, 0x2) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000040000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r5}, 0x10) 2.148579226s ago: executing program 0 (id=8641): socket$rds(0x15, 0x5, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000020000a3c000000120a09080000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0) socket$inet(0x2, 0x3, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[@ANYRESOCT=r0], 0x16d) syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x4100, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "7f12ddc1517600"}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = fanotify_init(0x8, 0x2) r4 = pidfd_getfd(0xffffffffffffffff, r2, 0x0) fanotify_mark(r3, 0x4, 0x800000a, r4, &(0x7f0000000200)='./file0\x00') r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f00000002c0)={'veth0_to_bond\x00', &(0x7f0000000280)=@ethtool_rxfh_indir={0x24, 0x1, [0x0]}}) r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000046682d562c31630100000000000000b52f0d6086e274aa97a91fa46cdcefe7534fda04ca542b4c4904446290f93bce3177127ebc0c24e7e718c0b1da96d9c9fa8e95238403007cb9806b9641253a7b99504c950fcba378fae7ec90b6da825996012194da80cc7621803fe840ccedca203b30524e6258edbfe64d0900cdf79924bfb82ad5cfe25853d4f3a2841f7d7e692bfb1387c1211d00d4cace5a0ae3fad859bc7cb33f20922abe3780b6d07d9dde639e27dc79daef403b188d618ab4928773db8fba724f8d8f46ff88fdf1e61dceef4ac7bb085eb915eb2f14927a5caef0f5224ef0e7219c3fe37b272f27e9aab8a31e258d6c14be1f1a31a8e68d00"/306], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x48) 2.13222995s ago: executing program 1 (id=8642): openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) r0 = syz_open_procfs$pagemap(0x0, &(0x7f00000002c0)) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000140)={@local}) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r1, 0x7ab, &(0x7f00000006c0)={&(0x7f0000000280)={{@local=0x2, 0x3ff}, {}, 0x400, "787c2ce2fba15d4e9f8e96bc11e2ca247a20c3e26661b174fef725253be9e8480cb4f3524932f59ba189c1429727ef39b4164f93bb821987b3b7f73495bc8e745304668e0e46798c7f5917ea8428d41cab5612336fcfe86c481c8935a48e9c1c86a394feb64fb06f77dadbcb20fc62741432b7dca37007d68e98fe46135d6a1c5ed42102f58daa5211319db84aa9abac734be47c908dc3ffa3aa7b61ec16d3d1209fc618f6c4532ea582628502ac46d167db6d53d8f3184df68414e6b6ec0109664c570e155654e03d58dadd0e5a7bab42bbb4a9afdefc115eb1609e7b50dbd94b94ba8cd86587ad33743b1c9e4a41d3e16af21d6c897a1121bc14de16e78d6d7f2ae79db44e302539fd926e0b91e0fc589e2fa19b218d0508b5ce3ad40d03936693ca5aa41ddc07cf492874569ab037e0530e38245b98131ae0c9afd871df5f51331938764f5a7dd96890edd467b2fbc335ed08174bb5ea722a98b34d38ac6de995de4ee263c81b2567b3f87e2bcaab9d3c530897857edd5d7f97d61fc67076eab4846010d4828cc879f95cddb69ff6438f2a109285c46d8224c36069d30c3c9cf4a6800ae224111136bd9c1e06c4bfc4685d7bb6a7232dbb0d6de9bf105490743dc4b700f24ce6b250b95e6c383fe44967a55d140baf0ec339e3815b29a2245f46c953048c43f961d7fbd734c60a9695f567aa710ce9d3327568895d99dde0266485bbd9d0caecf00e9501a4433b54930cba54e06607ada2f5d818e4804294fcf53058e58e0d33d4aa6dc943811056908fe9116e65cdddac1d2fb24d1eacee389af38b7e5a7056d0de50c6b49fb38388cf28c2d6dd3dbbab84ffbef4b0c02a77f018e8a9749a557909e6aa96185d268dad7744b094d8c6134b8defe26674d65f908f9c3a8c201f661fc22efe0eff248d3a473fe32a5b3643bfad8f186c2af3fbaa1d38560c1244c79a0e48893eefb792af281650f34f6c2d9a6c622aba234b63586713cb66179a0897d98ee5228569c32c1a682807c8db7eb197ccbbd6549db86a6a9aebbf5dc14060f22e2b07d6166f43c25ae0c88be7a4dc38e7ed08972a355b0e5d6fc43b8e5594fa6b36a36a44bb94b75eaff11dc17105f54beda54da2a1ea1acfab354745057dd2e7725f2c8450b19fdf37e19f6ce43449e9191f5a5beb4a1bc176f6130052e83acefd8ff18d592bb75f15f86c9113e4bd67ad420c33ae706cdc10060277b83ef30a50d4ac19c9a791b309377aa20a4743bbb799abc3ba58071b628c9ba8103bbfe389939e55296ec9b4f8d3a03aff30ce9aa0dd6e5158a672be8f3da8349ed4ad82f6ca67ee29e8b234840cf7846e604e5b8135abd94d71fe0a79180e75d4e193ea8df466c087b660fe984943751a9f6df8545699701d478c2b3daa949155770e74835bcd972de27afd20b02ce0e504c15b02374372"}, 0x418}) ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f00000003c0)={0x60, 0x2, &(0x7f00003c0000/0x1000)=nil, &(0x7f00003c2000/0x2000)=nil, 0x0, &(0x7f00000001c0)=[{0x58c2}], 0x1, 0x0, 0x6a}) r2 = syz_open_dev$sg(&(0x7f0000000240), 0x8, 0x80400) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="cc000000000000001225"]) syz_init_net_socket$llc(0x1a, 0x2, 0x0) prctl$PR_CAP_AMBIENT(0x2f, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) keyctl$search(0xa, 0x0, &(0x7f0000000180)='pkcs7_test\x00', 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, "1ed43df900", "5171bb672965593497418688ac68cb126474cd3660dab9e2086e246728d7a040", "04709ecf", "1200074000"}, 0x38) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36) 1.980675616s ago: executing program 0 (id=8643): socket$tipc(0x1e, 0x2, 0x0) r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000040)=@id={0x1e, 0x3, 0x1, {0x4e22, 0x4}}, 0x10) socket$tipc(0x1e, 0x5, 0x0) syz_80211_inject_frame(&(0x7f0000000100)=@broadcast, &(0x7f0000000440)=ANY=[], 0x146) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000002440)='/dev/autofs\x00', 0x0, 0xffffffffffffffff) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0xff9d) sendfile(r1, 0xffffffffffffffff, &(0x7f0000000100), 0x2) fcntl$addseals(0xffffffffffffffff, 0x409, 0x8) fchown(0xffffffffffffffff, 0x0, 0x0) 1.980253586s ago: executing program 3 (id=8644): bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) timerfd_create(0x0, 0x0) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r1, &(0x7f0000000340)="05000000010001", 0x7) 1.859314764s ago: executing program 3 (id=8645): bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = timerfd_create(0x0, 0x0) timerfd_settime(r2, 0x3, &(0x7f0000000440)={{0x0, 0x989680}}, 0x0) read(r2, &(0x7f0000000240)=""/123, 0x7b) clock_adjtime(0x0, &(0x7f0000000040)={0xd51, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x200}) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040), 0xfea0) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r1, &(0x7f0000000340)="05000000010001", 0x7) 1.720579804s ago: executing program 3 (id=8646): mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000380)='./bus\x00', 0x14) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0x7, &(0x7f0000000440)=ANY=[@ANYBLOB="4a1cb33fd3f0", @ANYRES64], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b04, &(0x7f0000000040)={'wlan0\x00'}) socket$netlink(0x10, 0x3, 0x0) socket$packet(0x11, 0x0, 0x300) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) io_submit(0x0, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x2200c851, &(0x7f0000001340)={0xa, 0x2, 0x0, @loopback}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000003540)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/route\x00') read$FUSE(0xffffffffffffffff, 0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000004c40)=""/103, 0x67, 0x0) socket(0x11, 0x3, 0x0) mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000003580)=@newchain={0x1108, 0x64, 0x200, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x6}, {0xa, 0xb}, {0x3, 0x9}}, [@filter_kind_options=@f_flow={{0x9}, {0x10c0, 0x2, [@TCA_FLOW_RSHIFT={0x8, 0x4, 0x4}, @TCA_FLOW_POLICE={0xc, 0xa, 0x0, 0x1, [@TCA_POLICE_RESULT={0x8, 0x5, 0x255c}]}, @TCA_FLOW_PERTURB={0x8, 0xc, 0x5}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x9}, @TCA_FLOW_BASECLASS={0x8, 0x3, {0xffe0, 0x1}}, @TCA_FLOW_RSHIFT={0x8, 0x4, 0x8}, @TCA_FLOW_POLICE={0x818, 0xa, 0x0, 0x1, [@TCA_POLICE_RATE64={0xc, 0x8, 0xffff}, @TCA_POLICE_RATE={0x404, 0x2, [0x100, 0xe08c, 0xd, 0x0, 0x401, 0x80000001, 0xffff, 0xe547, 0x4, 0xfffff7ce, 0x3, 0x80, 0x9, 0x0, 0xd, 0x1, 0x2, 0x5, 0x7f, 0x4, 0xfffffffe, 0x7, 0x1, 0x7f, 0x5, 0xfffffff7, 0x4, 0x4, 0x2, 0x101, 0x6fc, 0xc7, 0xf, 0x2, 0xe, 0x1, 0xfffffffb, 0x5, 0x3, 0x1, 0x3ff, 0xb488, 0x1, 0x7, 0xffff, 0x7, 0x9, 0xc9f, 0x6, 0x7ff, 0x1, 0x6, 0x40, 0x400, 0x7, 0x8, 0x6, 0x2, 0x1, 0x7, 0xd2, 0x3, 0x7ff, 0x0, 0x1000, 0x6, 0xf, 0x8, 0x3, 0x7f, 0x7, 0x8, 0x6, 0x7, 0xfffffff9, 0x0, 0x9, 0x0, 0xfff, 0x2, 0x85, 0x6, 0xb, 0x0, 0x4, 0x4, 0x3, 0x7, 0x2, 0x7, 0xffff, 0xf, 0x10, 0x5, 0x26, 0x6, 0x6, 0xbf, 0x4, 0x401, 0x1, 0x4, 0xfffffffd, 0x2, 0x0, 0x4, 0x5, 0xda, 0x450, 0x4, 0x4cd, 0xffffffff, 0x73b2f706, 0x1, 0x0, 0x7fffffff, 0xffffff7f, 0x8, 0xfffffee2, 0x9, 0x6, 0x8, 0x7, 0x651, 0x6, 0x2a01, 0x2, 0x6, 0x1, 0xc0, 0x8, 0x48, 0x9, 0x7f, 0xb, 0x14, 0x8, 0x8001, 0x0, 0x10, 0x2, 0x34, 0x4, 0xfffffffa, 0x2, 0x2, 0x800, 0xa7, 0x7, 0x0, 0x1000, 0x387d, 0xb1, 0xfffffffa, 0x7, 0x0, 0x8000, 0x5, 0x7, 0x4, 0x4, 0x3, 0x7, 0x8, 0x1fddbcdc, 0x6, 0x80, 0x7, 0x9, 0x6, 0x5, 0x8, 0x9, 0x80000000, 0x312, 0x800, 0x2, 0x0, 0x3, 0x9, 0x337000, 0x8000, 0x9, 0x7, 0x3, 0xffff, 0xa, 0x77c1, 0x5, 0x4, 0x4a, 0x5, 0xff, 0xffffffcc, 0x4, 0x5, 0x2, 0x6, 0xd2, 0x0, 0x4, 0x5, 0x269, 0x6, 0x1, 0x3, 0x0, 0x39c7, 0x7, 0x9, 0x401, 0x2da, 0x9, 0x7, 0xf, 0xb, 0x3, 0x1, 0x8, 0x3, 0x0, 0x4, 0x3, 0x0, 0x1, 0xffffff68, 0x3, 0x1, 0x27, 0x0, 0xb, 0x8000, 0x8, 0x7, 0x8001, 0x7, 0xae4, 0x401, 0x0, 0x7, 0xb, 0x9, 0x3a2, 0x2, 0x8, 0x7fffffff, 0x6, 0x1, 0xafae, 0x5, 0x8001, 0x4, 0x67, 0x4, 0x6, 0x2]}, @TCA_POLICE_RATE={0x404, 0x2, [0x9, 0xa6, 0x10001, 0x2, 0x88a, 0x0, 0x7, 0x7fff, 0x5, 0xdb82, 0x9, 0x7, 0x3480, 0x2e22, 0xceac, 0x4, 0xc3, 0x9, 0x10001, 0xdd8, 0x7fffffff, 0x10, 0x8a65, 0xbb9, 0x8000, 0x494a, 0x7, 0x4, 0x7b29, 0x1, 0x4, 0x1, 0x80000000, 0x1, 0x7f, 0x7, 0x0, 0xf, 0x9, 0x1, 0x0, 0x932682e, 0x80, 0x1ff, 0x7ff, 0xa4, 0x8, 0x0, 0xe98, 0x7, 0xc, 0xa3f1, 0x3, 0x3, 0xff, 0x5, 0x2, 0xffff8001, 0x200, 0x1, 0x5, 0x17b, 0x3, 0x746, 0x4, 0x5, 0x9, 0x5, 0x6, 0x3, 0x4, 0x7, 0x1, 0x7fff, 0x1, 0x3, 0x7f, 0xff, 0x30, 0x2, 0x1, 0x9, 0x7b, 0xa, 0x10, 0x5, 0xfffffffe, 0x400, 0xffffff96, 0xffff, 0x9, 0x5, 0x6, 0x5, 0xa, 0xa8, 0x4, 0x7, 0xb, 0x7, 0x5, 0x9, 0x0, 0x86bc, 0x1ff, 0x1, 0x4, 0x9, 0x0, 0x9, 0xff, 0x2, 0x4, 0x9, 0x7de93a0d, 0x3, 0x1, 0xfffffffa, 0x1200, 0x2b, 0x9d801b7e, 0x8000, 0xb, 0xfff, 0xfffffffd, 0x7bd, 0x3ff, 0xb61a8c1, 0x40, 0x80000000, 0x7, 0x1ff, 0x7, 0x4, 0x6, 0x7, 0x8000, 0x1ea, 0x8, 0x1, 0x6, 0xe759, 0x1cc, 0x7fff, 0x0, 0x8, 0xfffffffa, 0x6, 0x2, 0x800, 0x6d, 0x400, 0x9, 0x0, 0x1, 0xc, 0x4, 0x8ed, 0x6, 0x30000000, 0x5, 0x4, 0x9, 0x4, 0x1, 0x7, 0x1, 0xfffffff7, 0x5, 0x3, 0x9, 0x7, 0x1ff, 0x3, 0x10001, 0x9, 0x40c, 0x2, 0x4, 0x3, 0x1, 0x6, 0x6, 0x400, 0xfb4, 0xffffff37, 0x800, 0x74c, 0x2, 0x4, 0x200, 0x101, 0x80000000, 0xcc3, 0x1ff, 0x40, 0x0, 0x6, 0xe, 0x5, 0x3, 0x6, 0x8, 0x4, 0x4, 0x9, 0x9, 0xb, 0x4, 0xb, 0x100, 0x60c, 0x3ff, 0x57, 0x6, 0x5, 0x278c1161, 0x6, 0xffffffff, 0x7, 0x8, 0x2, 0x8, 0x1f32, 0x0, 0x2, 0xd, 0xfff, 0xfff, 0xce1e, 0x0, 0xfffffff9, 0x42, 0x4, 0x1, 0x3, 0x272f, 0xaedb, 0x5, 0x7, 0x5, 0xfffffff8, 0x1, 0x442e, 0x800, 0x2, 0xc15, 0x0, 0x4, 0xe9, 0x9, 0xc, 0x1, 0x0, 0x9f2c, 0x2]}]}, @TCA_FLOW_POLICE={0x870, 0xa, 0x0, 0x1, [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x9}, @TCA_POLICE_RESULT={0x8, 0x5, 0x3ff}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x5, 0x7fff, 0x5a, 0x4, 0xd75d, 0x10000, 0x99d, 0x7ff, 0x4, 0xfffffc01, 0x8, 0x4, 0x311b, 0x3, 0x3, 0x9, 0x48, 0x3, 0x3, 0x8, 0x8, 0x3, 0x839, 0x29e6, 0xffff, 0x7, 0xf, 0x8, 0x4, 0xe, 0x7, 0x1, 0xd030, 0x2, 0x1, 0x3, 0x80000000, 0x8, 0x3, 0x3, 0xde, 0x7cae, 0xfea3, 0x1ff, 0x10000, 0x7ae3, 0x1a5, 0xa, 0x9, 0x40, 0xffffffad, 0x0, 0x100, 0x1ff, 0x3, 0x1, 0xb, 0x761916d0, 0xf66, 0x8, 0x8, 0xda, 0x7, 0x10001, 0x9, 0x7, 0x3, 0x85c, 0x7, 0x4, 0x8, 0x9, 0xd442, 0x5, 0x1, 0x8, 0x5, 0xffffff3d, 0x480, 0x10001, 0x80, 0x6, 0x5, 0x2, 0x81, 0x6, 0x5, 0x101, 0x4, 0x401, 0x5, 0x8, 0x7, 0x3, 0x7, 0xa6a, 0x4, 0xf, 0x56, 0x1, 0x7, 0x5ca, 0x1, 0x7, 0x7, 0xa, 0x2, 0x5, 0x8, 0x7, 0x80, 0x8, 0xd, 0x3, 0x8, 0x2, 0x7, 0xbd, 0x9, 0x33f, 0x9, 0x2, 0x9, 0x45, 0x7, 0x9, 0x8, 0xc, 0x401, 0xfffffffe, 0xa, 0x5, 0x1ff, 0xfffffffe, 0x40000000, 0xd, 0x3, 0x842, 0x3ff, 0x1ff, 0x5, 0xd6ff, 0x9, 0x2, 0x3, 0x5, 0x7fffffff, 0x0, 0xda, 0x8, 0xc, 0x0, 0x0, 0x0, 0x2, 0x7, 0x91a9, 0xc, 0xffff, 0x9, 0x7, 0x4, 0x3, 0x2689e4a2, 0x7fffffff, 0x6, 0x7fff, 0x100, 0x5, 0x7, 0x4, 0x8, 0x7, 0x2, 0xffffffff, 0x1, 0x3, 0x8, 0xfff, 0x1000, 0x3ff, 0x8, 0x9, 0x2, 0x3, 0x4, 0x5, 0x166, 0xf9dc, 0x7, 0x9, 0x4402, 0x3, 0x82d, 0x4, 0xc, 0x0, 0x7, 0x6, 0x1, 0x7f, 0x2, 0x100, 0xf5a, 0x5, 0x0, 0x8, 0x8, 0x6, 0xfffffe01, 0x2, 0x6, 0x3, 0x7, 0xe, 0xffffffff, 0x8, 0xfffffff3, 0x4061, 0x8, 0x9, 0x5, 0xce4, 0x7ff, 0x1ff, 0x1, 0x9, 0x5, 0x3ff, 0x4, 0x43, 0x100, 0x5, 0x6, 0x6b1, 0xfffffff2, 0x8, 0xf0ac, 0xb81, 0x5, 0x3680, 0x8, 0x10000, 0x8216, 0x6, 0x7, 0x8, 0x7, 0x2, 0x6, 0x6, 0x8000, 0x100, 0x8, 0x679c, 0x1]}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x6}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x101, 0x7, 0x10, 0x0, 0x3, 0x3, 0x6, 0x7, 0xfffffff8, 0xff, 0x5, 0x8, 0x3, 0x0, 0x40, 0x4, 0x7, 0x7ff, 0x9, 0x7, 0x4, 0x1, 0x5e, 0x6, 0x9, 0x3, 0x7, 0x6, 0x6, 0x80000001, 0x2, 0x3, 0x8, 0xfffffffc, 0xfffffff9, 0xeca, 0x6833, 0x3, 0xd, 0x3, 0x36, 0x3, 0x6, 0xac, 0x9, 0x4, 0x8, 0x5, 0x6, 0x4, 0x7fffffff, 0x7, 0x7, 0x4, 0x2, 0x1, 0xffff32fc, 0x7, 0x6, 0x200, 0x4, 0x400, 0x0, 0xc7, 0x317, 0x9, 0x9, 0x5, 0x80000000, 0x80b, 0xffffffff, 0xc, 0x10, 0xa0000000, 0x9e93, 0x8, 0x5, 0x5eeb, 0x3, 0xffffffff, 0x4, 0x5, 0x5, 0x9, 0x7, 0x7, 0xf, 0x40, 0x7, 0x2, 0x80000000, 0xffffffff, 0x97, 0x7, 0x8000, 0x4, 0xfffffff9, 0x6, 0xa244, 0x1, 0x7ff, 0xffffffff, 0x5, 0x1, 0x9, 0x0, 0x3, 0x40, 0x6, 0x9, 0xffffffff, 0x42f, 0x0, 0x8, 0x4ee88fe1, 0x1ff, 0x0, 0x0, 0x0, 0x8, 0x400, 0x6, 0x7fff, 0x7, 0xb10, 0x0, 0x5, 0x0, 0x5fd, 0x0, 0x0, 0x3, 0x0, 0x390725ff, 0x0, 0x4, 0x790, 0x7, 0x2, 0x0, 0x0, 0xd5, 0x0, 0xdb3, 0x8, 0x4, 0x0, 0x1d0c, 0x4, 0x22, 0x7, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x100, 0x0, 0x101, 0xa, 0x0, 0x0, 0x401, 0x4, 0xb391, 0x0, 0x5, 0x0, 0x1000, 0x0, 0xf5d, 0x400, 0x4, 0x9, 0x1, 0x1, 0x0, 0x58000000, 0x0, 0x0, 0x6, 0xfffffffe, 0x27c, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9, 0x8, 0x0, 0x0, 0x86c9, 0x87b6, 0xa7e, 0x8, 0x0, 0x6, 0x0, 0x8, 0x2b4a, 0xb9, 0x0, 0x0, 0x0, 0x7, 0x3, 0x0, 0xe0, 0x1, 0x2, 0x1ff, 0x4, 0x4, 0x7, 0x0, 0x2, 0x3c, 0x0, 0x1, 0x9, 0x4, 0x4, 0x101, 0x3, 0x9, 0x8, 0x0, 0x5, 0x40, 0x8, 0x9, 0xffffffff, 0x6, 0x101, 0xa, 0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x6, 0xb2]}, @TCA_POLICE_RESULT={0x8, 0x5, 0x9}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x8, 0x0, 0x80, {0x0, 0x1, 0x80, 0x0, 0x0, 0x3}, {0x3, 0x1, 0x0, 0x0, 0x768, 0x800}, 0xc, 0x0, 0x6}}]}]}}, @TCA_CHAIN={0x8}, @TCA_RATE={0x6, 0x5, {0x5}}, @TCA_CHAIN={0x8, 0xb, 0xc}]}, 0x1108}, 0x1, 0x0, 0x0, 0x2400c011}, 0x0) rename(&(0x7f00000003c0)='./file1\x00', &(0x7f0000000500)='./bus\x00') rmdir(&(0x7f00000001c0)='./file0\x00') 1.625684519s ago: executing program 3 (id=8647): openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) r0 = syz_open_procfs$pagemap(0x0, &(0x7f00000002c0)) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000140)={@local}) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r1, 0x7ab, &(0x7f00000006c0)={&(0x7f0000000280)={{@local=0x2, 0x3ff}, {}, 0x400, "787c2ce2fba15d4e9f8e96bc11e2ca247a20c3e26661b174fef725253be9e8480cb4f3524932f59ba189c1429727ef39b4164f93bb821987b3b7f73495bc8e745304668e0e46798c7f5917ea8428d41cab5612336fcfe86c481c8935a48e9c1c86a394feb64fb06f77dadbcb20fc62741432b7dca37007d68e98fe46135d6a1c5ed42102f58daa5211319db84aa9abac734be47c908dc3ffa3aa7b61ec16d3d1209fc618f6c4532ea582628502ac46d167db6d53d8f3184df68414e6b6ec0109664c570e155654e03d58dadd0e5a7bab42bbb4a9afdefc115eb1609e7b50dbd94b94ba8cd86587ad33743b1c9e4a41d3e16af21d6c897a1121bc14de16e78d6d7f2ae79db44e302539fd926e0b91e0fc589e2fa19b218d0508b5ce3ad40d03936693ca5aa41ddc07cf492874569ab037e0530e38245b98131ae0c9afd871df5f51331938764f5a7dd96890edd467b2fbc335ed08174bb5ea722a98b34d38ac6de995de4ee263c81b2567b3f87e2bcaab9d3c530897857edd5d7f97d61fc67076eab4846010d4828cc879f95cddb69ff6438f2a109285c46d8224c36069d30c3c9cf4a6800ae224111136bd9c1e06c4bfc4685d7bb6a7232dbb0d6de9bf105490743dc4b700f24ce6b250b95e6c383fe44967a55d140baf0ec339e3815b29a2245f46c953048c43f961d7fbd734c60a9695f567aa710ce9d3327568895d99dde0266485bbd9d0caecf00e9501a4433b54930cba54e06607ada2f5d818e4804294fcf53058e58e0d33d4aa6dc943811056908fe9116e65cdddac1d2fb24d1eacee389af38b7e5a7056d0de50c6b49fb38388cf28c2d6dd3dbbab84ffbef4b0c02a77f018e8a9749a557909e6aa96185d268dad7744b094d8c6134b8defe26674d65f908f9c3a8c201f661fc22efe0eff248d3a473fe32a5b3643bfad8f186c2af3fbaa1d38560c1244c79a0e48893eefb792af281650f34f6c2d9a6c622aba234b63586713cb66179a0897d98ee5228569c32c1a682807c8db7eb197ccbbd6549db86a6a9aebbf5dc14060f22e2b07d6166f43c25ae0c88be7a4dc38e7ed08972a355b0e5d6fc43b8e5594fa6b36a36a44bb94b75eaff11dc17105f54beda54da2a1ea1acfab354745057dd2e7725f2c8450b19fdf37e19f6ce43449e9191f5a5beb4a1bc176f6130052e83acefd8ff18d592bb75f15f86c9113e4bd67ad420c33ae706cdc10060277b83ef30a50d4ac19c9a791b309377aa20a4743bbb799abc3ba58071b628c9ba8103bbfe389939e55296ec9b4f8d3a03aff30ce9aa0dd6e5158a672be8f3da8349ed4ad82f6ca67ee29e8b234840cf7846e604e5b8135abd94d71fe0a79180e75d4e193ea8df466c087b660fe984943751a9f6df8545699701d478c2b3daa949155770e74835bcd972de27afd20b02ce0e504c15b02374372"}, 0x418}) ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f00000003c0)={0x60, 0x2, &(0x7f00003c0000/0x1000)=nil, &(0x7f00003c2000/0x2000)=nil, 0x0, &(0x7f00000001c0)=[{0x58c2}], 0x1, 0x0, 0x6a}) r2 = syz_open_dev$sg(&(0x7f0000000240), 0x8, 0x80400) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="cc000000000000001225"]) syz_init_net_socket$llc(0x1a, 0x2, 0x0) prctl$PR_CAP_AMBIENT(0x2f, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) keyctl$search(0xa, 0x0, &(0x7f0000000180)='pkcs7_test\x00', 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36) 1.379100404s ago: executing program 0 (id=8648): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x801) socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000000000)=0xc) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000582000/0x2000)=nil, 0x800000}) 1.320612804s ago: executing program 0 (id=8649): prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r2}, 0x10) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000002180)='/sys/power/pm_async', 0xc6882, 0x43) sendfile(r3, r3, 0x0, 0x6) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f00000000c0)=""/59, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x2000000000000004, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x0, 0x0, 0x10001}, 0x48) r4 = socket$inet6(0xa, 0x2, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60fca33f00007300fe800000000000000000000000000000aa00"/54], 0x0) connect$inet6(r4, &(0x7f00000002c0), 0x1c) sendmmsg(r4, &(0x7f00000092c0), 0x4ff, 0x80fe) syz_emit_ethernet(0x0, 0x0, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000300)={0x1f, 0xffff, 0x4}, 0x6) write$bt_hci(r5, &(0x7f0000000500)=ANY=[], 0x138) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="000100001a00018129809cbeb9da7400fe880000000000000000000000000001ffffffff00000000000000000000000500"/64, @ANYRES32=0x0, @ANYRESHEX=r4, @ANYBLOB="00000000000000000000000000000000000000662b0020002001000000000000000000000000000101000000000000000000000000000000000000000000000000000000228329f8000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000f2ffffff000000000000000000000000000000000000000000000001f3c19e000000000a0000000000000014000e00ff01000000000000000000000000000191fff3ef6f2b5f341477e24aa50508d3c437e517f42af903ad88f79a4d7bb076fc5837adad97f262bdcfab284b22c366b00bd9a0ecacba9f890eba02fe667b03edd089b4bc26746aa476804260ce19f3c36bc6cde0f58e40b9f59fcfb882d8f1f809b2bd8c57396fbf4b5f1ad9c554fef6f5b867c08a05a47f2c0c6b488810bd0000b6fd2c5682e6f88acee55274697516fadcbad0697f913f4549e812c837c02cd9e853192a3838b7828cda9ead67bdbbc3f3e2afd8cd55e0416be0f7a69eb5b42c0b6efc9a1ee0697add379f9f595230153ddf35515d4f093f9c0f028acb88848c5491de238da84db0f4fdb6c0f85dcfaccdf929c701f8a7903b8344aa458919d1d3a262741f6ba35273008c1dcda94b0791ab41d140abb952ef"], 0x100}, 0x1, 0x0, 0x0, 0x24008050}, 0x0) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000140)={0x2, &(0x7f0000000240)=[{0x6, 0x0, 0x0, 0x7fff0200}, {0xfff7, 0xff, 0x0, 0x1ff}]}) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) r6 = socket(0x40000000015, 0x5, 0x0) bind$inet(r6, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x40080, &(0x7f0000000200)={0x2, 0xfffd, @local}, 0x10) 1.051149963s ago: executing program 2 (id=8650): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'rose0\x00'}) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'rose0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r2], 0x20}}, 0x0) 717.104836ms ago: executing program 2 (id=8651): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x3, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000002dcb6c6a52512525e96a3ca03e47d9b85270ae"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r1, 0xffffffffffffffff}, &(0x7f0000000600), &(0x7f0000000340)=r0}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x5, &(0x7f0000000480)=ANY=[@ANYRESOCT=r0], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000640)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x5) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d40)={0x11, 0xb, &(0x7f0000000e00)=ANY=[@ANYBLOB="1800000009000000000000000000000069762000ffffffff18120000", @ANYRES32, @ANYBLOB="00000000000c000000b70000000000000018110000000000fbe16f000000000000d51010dad3d9983e3cf1388909ebfcee3f867c63cf000000", @ANYBLOB="c93d3d35d9aee489b8b71ffcd99c6c64affb18e84a7f5881ae08f12ca51df123a365b5b4f4a986aff1ac37b47e57f2e8a9264abdfb3b6e9d835f8bdfc1b8a82f228353e3ba61c314a21962fd86bdc04eb04bc1ad90a81111555864c7411b339c101f9397a1bee8f99ccb1ff9786851e7edcd5162d0fce746e93935d121db327f3aa5488cd54880bee371b9dddae8220fe7659e219c0dce261da4112a46e9c1ed9e713c8e73089412c33bc7ed10481bf83164d1b3a72ae1f7ac8372c21a860bd8", @ANYBLOB="00000000000000009500000000000000"], &(0x7f0000000380)='syzkaller\x00', 0x2, 0x5, &(0x7f0000000740)=""/5, 0x41000, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000000980)={0x2, 0x8, 0xa98, 0x7ff}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000b80)=[r2], 0x0, 0x10, 0xc}, 0x90) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000072000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x9, 0x29a, 0x1, 0x0, r1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5, 0x4}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000018110000", @ANYRES32=r5, @ANYRES64=r4], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x48, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0x16, 0x0, 0x8, 0x2}, 0x48) bpf$MAP_GET_NEXT_KEY(0x3, &(0x7f0000000000)={r7, 0x0, 0x0}, 0x20) socket$inet_udp(0x2, 0x2, 0x0) r8 = userfaultfd(0x801) ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000bcc000/0x4000)=nil, 0x4000}}) ioctl$UFFDIO_REGISTER(r8, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) syz_emit_vhci(&(0x7f0000000b40)=ANY=[@ANYBLOB="042ffb03"], 0x2fe) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="b1cf", @ANYRES16, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac14140d00000000000000001400020002000000e000000200000000000000000d0001007564703a73797a3200000000"], 0x54}}, 0x0) ppoll(&(0x7f0000000000)=[{r8, 0x4047}], 0x1, 0x0, 0x0, 0x0) close(r8) syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, &(0x7f0000000040), &(0x7f0000000280)) setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, &(0x7f0000000200)={@empty, @empty, 0x0, "606b177019716ea6ac38f5bd6e0630e369c7b35d21ff1f4d7ed79c31e2b0f1da"}, 0x3c) write$binfmt_misc(r3, &(0x7f00000007c0)=ANY=[@ANYBLOB="f3b9dae268ce56c3438b0a7f2be07d6298f8f709ac655582f1b69c1b3e0ada02c8981f9ceb56cc5bb12fb14e49b1b9f18c42ebfeaf9149c4fa8d1e0d37e1ac59a7e9cb8d51f28e49c32c7eb258"], 0x4) 511.99771ms ago: executing program 1 (id=8652): socket$rds(0x15, 0x5, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000020000a3c000000120a09080000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0) socket$inet(0x2, 0x3, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[@ANYRESOCT=r0], 0x16d) syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x4100, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "7f12ddc1517600"}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = fanotify_init(0x8, 0x2) r4 = pidfd_getfd(0xffffffffffffffff, r2, 0x0) fanotify_mark(r3, 0x4, 0x800000a, r4, &(0x7f0000000200)='./file0\x00') r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) socket$nl_generic(0x10, 0x3, 0x10) r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000046682d562c31630100000000000000b52f0d6086e274aa97a91fa46cdcefe7534fda04ca542b4c4904446290f93bce3177127ebc0c24e7e718c0b1da96d9c9fa8e95238403007cb9806b9641253a7b99504c950fcba378fae7ec90b6da825996012194da80cc7621803fe840ccedca203b30524e6258edbfe64d0900cdf79924bfb82ad5cfe25853d4f3a2841f7d7e692bfb1387c1211d00d4cace5a0ae3fad859bc7cb33f20922abe3780b6d07d9dde639e27dc79daef403b188d618ab4928773db8fba724f8d8f46ff88fdf1e61dceef4ac7bb085eb915eb2f14927a5caef0f5224ef0e7219c3fe37b272f27e9aab8a31e258d6c14be1f1a31a8e68d00"/306], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x48) 430.994997ms ago: executing program 1 (id=8653): bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r1, &(0x7f0000000340)="05000000010001", 0x7) 338.077615ms ago: executing program 1 (id=8654): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) r1 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000000000)=0xc) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000582000/0x2000)=nil, 0x800000}) 334.533809ms ago: executing program 0 (id=8655): r0 = socket(0x2b, 0x6, 0xfffffffe) close(r0) socket$inet6_sctp(0xa, 0x5, 0x84) ioperm(0x1000, 0x1, 0x8) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) syz_open_dev$cec(&(0x7f0000000080), 0xffffffffffffffff, 0x0) io_setup(0x6, &(0x7f0000001380)=0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00') writev(r2, &(0x7f0000000080)=[{&(0x7f0000000040)}], 0x1) io_submit(r1, 0x0, 0x0) openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.pending_reads\x00', 0x40140, 0x0) execveat(0xffffffffffffffff, 0x0, &(0x7f0000000380)=[&(0x7f0000000280)='\x00', &(0x7f00000002c0)='/dev/video#\x00', &(0x7f0000000300)='nfs4\x00', &(0x7f0000000340)='fd/3\x00'], &(0x7f00000004c0)=[&(0x7f00000003c0)='/-\'$\x00', &(0x7f0000000400)='$\x00', &(0x7f0000000440)='nfs4\x00', &(0x7f0000000480)='\x00'], 0x800) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r3, 0xc0285629, &(0x7f0000000080)={0x3, @win={{}, 0x0, 0x0, 0x0, 0x0, 0x0}}) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x96dca55c25fb4027, &(0x7f0000000180)=0x40000000010001) r4 = fsmount(0xffffffffffffffff, 0x0, 0x8) openat$hwrng(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0) connect$inet6(r4, &(0x7f0000001340)={0xa, 0x4e21, 0x10000, @local}, 0x1c) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000040000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r5}, 0x10) 249.553736ms ago: executing program 1 (id=8656): socket$tipc(0x1e, 0x2, 0x0) r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000040)=@id={0x1e, 0x3, 0x1, {0x4e22, 0x4}}, 0x10) socket$tipc(0x1e, 0x5, 0x0) syz_80211_inject_frame(&(0x7f0000000100)=@broadcast, &(0x7f0000000440)=ANY=[], 0x146) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000200)='\f\x8b\x8a\xa9\x16\x11O\xdd\xdfk(F\x99\xdf\x9a\xd5>oJ\x02u\x9b\x94a\xac\xfe6A\xc4\a\x9e\xbd\xa2\xfb\rD\xefq\x1f!\x01\xc3\xa5U\x98\xee\xcd;A\xe8\x00~V\xbf\xd4\x00\xd2,7\xa0\xfd7\xe8\xf9M\x02\xec\f3\xd4\xb8\xc3\x85\xda\xeb\xce7y%S\x1e\xa9\xe9\x92!\x95\xf1Ek\x95\x9bQ\x1d\xa4\xc2\xbb\xfa\x96\x14\x7f\xb9\x90\x9cn\xb5\x10\xd2\x84\xe9\x9e1\x9a\x9e\xa7\x9e\xcd\x1a\x86\x14%\xbaS\x90\xb1j\xf9\x00\xd7@D\x04\xaa\xb55\xd8x?z\xff\x85j3\xbe\axo\x05)\xcc\xcd\x9b\xb3\xe7w\x0e\x9f\xd3\aU\xf0M\xc1\xad\x17t\xeb\x1b\x11m\xec\x00\x00\x00\x00R\xb6v\x88\a\x82\x9e\x00\x00\x00\x10\x00\x00\x00\xa6!\xb3\xa8\xe7[&\x165\x84\xce\xa5\xc4wT\xf2E\tj\x92G\x14\x04\x93\xa4\xba\xcb\xce\"Y\xd68\xeb\x01\xc9/\x19\x85\xc6\x8do\xcb\x17\xb5\xffW\xe6\x8a\xfb\a\xf6', 0x2) fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000002440)='/dev/autofs\x00', 0x0, 0xffffffffffffffff) write$binfmt_misc(r1, &(0x7f0000000040)=ANY=[], 0xff9d) sendfile(0xffffffffffffffff, r1, &(0x7f0000000100), 0x2) fcntl$addseals(r1, 0x409, 0x8) fchown(r1, 0x0, 0x0) 80.464653ms ago: executing program 2 (id=8657): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x801) r1 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f0000000000)) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000582000/0x2000)=nil, 0x800000}) 72.670523ms ago: executing program 3 (id=8658): r0 = socket$alg(0x26, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x13, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000001b3bb000000000000850000001900000095000000000000007e5a9ae777ecc15374"], &(0x7f0000000100)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x8, 0xfffffff5, 0xfff, 0x6, 0x4, 0xffffffffffffffff, 0x47fc, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x4}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000400)='net_dev_xmit_timeout\x00', r4}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r3}, &(0x7f0000000040), &(0x7f0000000180)}, 0x20) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) close(r5) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x90) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x8000, 0x0, 0x0, 0x0, 0x45f7ac3b4d3e0332, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8}, 0x10) r9 = syz_open_procfs(0x0, &(0x7f0000000200)='map_files\x00') r10 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000340)='oom_score_adj\x00') seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6}]}) ioctl$F2FS_IOC_GET_PIN_FILE(0xffffffffffffffff, 0x8004f50e, 0x0) pread64(r10, 0x0, 0x0, 0x0) getdents64(r9, 0xffffffffffffffff, 0x43) 500.27µs ago: executing program 0 (id=8659): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'rose0\x00'}) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'rose0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r2], 0x20}}, 0x0) 0s ago: executing program 2 (id=8660): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0000007ea60864160af36504b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f4100002000800a6d0bdd7000000000000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x6, r0, 0x0, &(0x7f0000000000)) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0x0, 0x1}, 0x6) kernel console output (not intermixed with test programs): 29505][T29531] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1268.633569][T29531] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1268.640079][T29531] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1268.648117][T29531] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1268.651725][T29531] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1268.656101][T29531] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1268.659356][T29531] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1268.713210][T18476] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1268.716895][T18476] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1268.732061][T11232] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1268.736228][T11232] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1268.862618][T29666] overlayfs: missing 'lowerdir' [ 1268.867383][T29667] netem: incorrect ge model size [ 1268.873777][T29667] netem: change failed [ 1269.191219][ T39] audit: type=1326 audit(1721039038.809:1978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29675 comm="syz.1.7423" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747f579 code=0x0 [ 1269.428030][T29692] overlayfs: missing 'lowerdir' [ 1269.640964][T29701] netlink: 60 bytes leftover after parsing attributes in process `syz.3.7429'. [ 1269.715076][T16659] Bluetooth: hci1: command tx timeout [ 1269.740503][T29701] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7429'. [ 1269.782487][T29709] input: syz1 as /devices/virtual/input/input250 [ 1270.051578][T29722] overlayfs: missing 'lowerdir' [ 1270.273970][T29735] 9pnet_fd: p9_fd_create_tcp (29735): problem connecting socket to 127.0.0.1 [ 1270.691407][T16659] Bluetooth: hci1: unexpected event 0x2f length: 763 > 260 [ 1271.116222][T29752] input: syz1 as /devices/virtual/input/input251 [ 1271.784541][T16659] Bluetooth: hci1: command tx timeout [ 1271.797410][T29776] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7460'. [ 1272.105157][T29797] 9pnet_fd: p9_fd_create_tcp (29797): problem connecting socket to 127.0.0.1 [ 1272.112371][T29797] 9pnet_fd: p9_fd_create_tcp (29797): problem connecting socket to 127.0.0.1 [ 1272.118047][T29797] 9pnet_fd: p9_fd_create_tcp (29797): problem connecting socket to 127.0.0.1 [ 1272.123826][T29797] 9pnet_fd: p9_fd_create_tcp (29797): problem connecting socket to 127.0.0.1 [ 1272.130096][T29797] 9pnet_fd: p9_fd_create_tcp (29797): problem connecting socket to 127.0.0.1 [ 1272.458218][T29804] overlayfs: missing 'lowerdir' [ 1272.964030][T16659] Bluetooth: hci2: unexpected event 0x2f length: 763 > 260 [ 1273.561072][T29838] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7484'. [ 1273.662105][T29841] input: syz1 as /devices/virtual/input/input252 [ 1274.306911][T29853] overlayfs: missing 'lowerdir' [ 1274.414633][ T5274] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 1274.497687][T29859] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7493'. [ 1274.624489][ T5274] usb 5-1: Using ep0 maxpacket: 16 [ 1274.630627][ T5274] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1274.635563][ T5274] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1274.639641][ T5274] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1274.643172][ T5274] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1274.648257][ T5274] usb 5-1: config 0 descriptor?? [ 1274.664090][T29864] netlink: 'syz.1.7495': attribute type 10 has an invalid length. [ 1274.802265][T29873] netem: incorrect ge model size [ 1274.804327][T29873] netem: change failed [ 1274.833625][T29875] input: syz1 as /devices/virtual/input/input253 [ 1275.266853][T29851] netlink: 32 bytes leftover after parsing attributes in process `syz.0.7489'. [ 1275.304692][T16659] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 1275.315128][T16659] Bluetooth: hci2: command 0x0406 tx timeout [ 1275.397466][T29886] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7503'. [ 1275.523356][T29893] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7504'. [ 1275.793894][ T5274] usbhid 5-1:0.0: can't add hid device: -71 [ 1275.804545][ T5274] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1275.808836][ T5274] usb 5-1: USB disconnect, device number 43 [ 1275.911287][T29903] input: syz1 as /devices/virtual/input/input254 [ 1275.964485][ T55] usb 7-1: new high-speed USB device number 31 using dummy_hcd [ 1276.158653][ T55] usb 7-1: Using ep0 maxpacket: 32 [ 1276.163918][ T55] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1276.167791][ T55] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1276.171624][ T55] usb 7-1: config 0 descriptor?? [ 1276.181642][ T55] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1276.362405][T29911] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7513'. [ 1276.462104][T29913] netlink: 'syz.1.7514': attribute type 10 has an invalid length. [ 1276.750161][ T55] gspca_nw80x: reg_r err -71 [ 1276.752318][ T55] nw80x 7-1:0.0: probe with driver nw80x failed with error -71 [ 1276.763432][ T55] usb 7-1: USB disconnect, device number 31 [ 1276.850657][T16659] Bluetooth: Unexpected start frame (len 28) [ 1277.333597][T29927] netem: incorrect ge model size [ 1277.335101][T29929] overlayfs: missing 'lowerdir' [ 1277.340150][T29927] netem: change failed [ 1277.388764][T29933] netlink: 20 bytes leftover after parsing attributes in process `syz.2.7522'. [ 1277.566298][T29940] 9pnet_fd: p9_fd_create_tcp (29940): problem connecting socket to 127.0.0.1 [ 1277.730277][ T39] audit: type=1326 audit(1721039047.349:1979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29930 comm="syz.0.7521" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x0 [ 1277.843300][T16659] Bluetooth: hci2: unexpected event 0x2f length: 763 > 260 [ 1278.185899][T29950] netlink: 'syz.3.7528': attribute type 10 has an invalid length. [ 1278.384553][T29958] netem: incorrect ge model size [ 1278.386942][T29958] netem: change failed [ 1278.420505][T29960] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7532'. [ 1278.614630][ T5246] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 1278.794479][ T5246] usb 6-1: Using ep0 maxpacket: 32 [ 1278.797984][ T5246] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1278.804429][ T5246] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1278.813013][ T5246] usb 6-1: config 0 descriptor?? [ 1278.819811][ T5246] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1279.088908][ T39] audit: type=1326 audit(1721039048.709:1980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29976 comm="syz.0.7539" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x0 [ 1279.184166][T29983] netem: incorrect ge model size [ 1279.194764][T29983] netem: change failed [ 1279.275296][T16659] Bluetooth: Unexpected start frame (len 28) [ 1279.322991][T29989] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7543'. [ 1279.387384][ T5246] gspca_nw80x: reg_r err -71 [ 1279.389393][ T5246] nw80x 6-1:0.0: probe with driver nw80x failed with error -71 [ 1279.405218][ T5246] usb 6-1: USB disconnect, device number 27 [ 1279.483604][T30000] 9pnet_fd: p9_fd_create_tcp (30000): problem connecting socket to 127.0.0.1 [ 1279.973957][ T39] audit: type=1326 audit(1721039049.589:1981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30007 comm="syz.0.7550" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x0 [ 1279.998444][T30013] netem: incorrect ge model size [ 1280.000434][T30013] netem: change failed [ 1280.507715][T30025] overlayfs: missing 'lowerdir' [ 1280.765232][T24252] Bluetooth: hci2: unexpected event 0x2f length: 763 > 260 [ 1280.899051][T30037] netem: incorrect ge model size [ 1280.903265][T30037] netem: change failed [ 1281.164232][ T39] audit: type=1326 audit(1721039050.779:1982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30040 comm="syz.2.7562" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73e2579 code=0x0 [ 1281.234695][T13915] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 1281.277120][T30049] overlayfs: missing 'lowerdir' [ 1281.357500][T30051] netlink: 'syz.0.7566': attribute type 10 has an invalid length. [ 1281.360378][T30051] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1281.371722][T30051] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1281.377119][T30051] batadv_slave_0: entered promiscuous mode [ 1281.379554][T30051] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 1281.447341][T13915] usb 6-1: Using ep0 maxpacket: 16 [ 1281.451520][T13915] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1281.455740][T13915] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1281.459550][T13915] usb 6-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1281.463204][T13915] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1281.468345][T13915] usb 6-1: config 0 descriptor?? [ 1281.624561][T16659] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1281.624582][T24252] Bluetooth: hci3: command 0x206a tx timeout [ 1282.082321][T30039] netlink: 32 bytes leftover after parsing attributes in process `syz.1.7561'. [ 1282.317477][T24252] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1282.483981][T30062] netlink: 'syz.2.7569': attribute type 10 has an invalid length. [ 1282.494973][T30062] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1282.509001][T30062] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1282.517075][T30062] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 1282.626233][T13915] usbhid 6-1:0.0: can't add hid device: -71 [ 1282.628502][T13915] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1282.644101][T13915] usb 6-1: USB disconnect, device number 28 [ 1282.898070][T30077] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7574'. [ 1283.168604][ T39] audit: type=1326 audit(1721039052.789:1983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30078 comm="syz.1.7575" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747f579 code=0x0 [ 1283.914631][ T5248] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 1284.094481][ T5248] usb 5-1: Using ep0 maxpacket: 16 [ 1284.098154][ T5248] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1284.101825][ T5248] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1284.106217][ T5248] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1284.109600][ T5248] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1284.114329][ T5248] usb 5-1: config 0 descriptor?? [ 1284.162607][T30113] netlink: 'syz.1.7587': attribute type 10 has an invalid length. [ 1284.265602][T30117] netlink: 'syz.3.7588': attribute type 10 has an invalid length. [ 1284.732947][T30093] netlink: 32 bytes leftover after parsing attributes in process `syz.0.7579'. [ 1285.104648][ T55] usb 7-1: new high-speed USB device number 32 using dummy_hcd [ 1285.261175][ T5248] usbhid 5-1:0.0: can't add hid device: -71 [ 1285.263849][ T5248] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1285.279182][ T5248] usb 5-1: USB disconnect, device number 44 [ 1285.294475][ T55] usb 7-1: Using ep0 maxpacket: 32 [ 1285.298627][ T55] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1285.302391][ T55] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1285.310104][ T55] usb 7-1: config 0 descriptor?? [ 1285.347870][ T55] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1285.450981][T30140] overlayfs: missing 'lowerdir' [ 1285.483659][T24252] Bluetooth: Unexpected start frame (len 0) [ 1285.566018][ T39] audit: type=1326 audit(1721039055.189:1984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30133 comm="syz.0.7595" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x0 [ 1285.782956][T30151] netlink: 'syz.1.7601': attribute type 10 has an invalid length. [ 1285.859715][ T55] gspca_nw80x: reg_r err -71 [ 1285.861604][ T55] nw80x 7-1:0.0: probe with driver nw80x failed with error -71 [ 1285.866133][ T55] usb 7-1: USB disconnect, device number 32 [ 1286.245116][T30159] netlink: 'syz.0.7603': attribute type 10 has an invalid length. [ 1286.729936][T24252] Bluetooth: hci1: unexpected event 0x2f length: 763 > 260 [ 1286.820041][T30170] overlayfs: missing 'lowerdir' [ 1286.936743][T24252] Bluetooth: Unexpected start frame (len 0) [ 1287.132716][T30184] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7613'. [ 1287.150182][ T39] audit: type=1326 audit(1721039056.769:1985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30175 comm="syz.2.7610" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73e2579 code=0x0 [ 1287.176451][T30184] veth5: entered allmulticast mode [ 1287.301647][T30189] netem: incorrect ge model size [ 1287.303978][T30189] netem: change failed [ 1287.314603][T13915] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 1287.343574][T30193] overlayfs: missing 'lowerdir' [ 1287.388685][T24252] Bluetooth: Unexpected start frame (len 0) [ 1287.494481][T13915] usb 6-1: Using ep0 maxpacket: 32 [ 1287.498930][T13915] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1287.502054][T13915] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1287.506765][T13915] usb 6-1: config 0 descriptor?? [ 1287.510409][T13915] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1287.516944][T24252] Bluetooth: Unexpected start frame (len 0) [ 1287.859460][T24252] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1288.043711][T13915] gspca_nw80x: reg_r err -71 [ 1288.050455][T13915] nw80x 6-1:0.0: probe with driver nw80x failed with error -71 [ 1288.055146][T13915] usb 6-1: USB disconnect, device number 29 [ 1288.077524][T30213] netlink: 'syz.0.7623': attribute type 10 has an invalid length. [ 1288.670135][T24252] Bluetooth: Unexpected start frame (len 0) [ 1288.807974][T30230] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7629'. [ 1288.862480][T30236] netlink: 'syz.1.7632': attribute type 10 has an invalid length. [ 1288.989559][T24252] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1289.174678][ T5248] usb 7-1: new high-speed USB device number 33 using dummy_hcd [ 1289.199109][T24252] Bluetooth: Unexpected start frame (len 28) [ 1289.384711][ T5248] usb 7-1: Using ep0 maxpacket: 32 [ 1289.393518][ T5248] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1289.398098][ T5248] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1289.404044][ T5248] usb 7-1: config 0 descriptor?? [ 1289.409438][ T5248] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1289.465379][T24252] Bluetooth: Unexpected start frame (len 0) [ 1289.535418][T24252] Bluetooth: Unexpected start frame (len 0) [ 1289.658426][T30262] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7640'. [ 1289.760781][T30266] overlayfs: missing 'lowerdir' [ 1289.892348][ T5248] gspca_nw80x: reg_r err -71 [ 1289.894030][ T5248] nw80x 7-1:0.0: probe with driver nw80x failed with error -71 [ 1289.899210][ T5248] usb 7-1: USB disconnect, device number 33 [ 1290.105999][T24252] Bluetooth: Unexpected start frame (len 28) [ 1290.187150][T30285] overlayfs: missing 'lowerdir' [ 1290.230722][T24252] Bluetooth: Unexpected start frame (len 0) [ 1290.320592][T30290] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7649'. [ 1290.531068][T30301] overlayfs: missing 'lowerdir' [ 1290.654500][ T5248] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 1290.844497][ T5248] usb 5-1: Using ep0 maxpacket: 32 [ 1290.849137][ T5248] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1290.853281][ T5248] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1290.858742][ T5248] usb 5-1: config 0 descriptor?? [ 1290.867238][ T5248] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1290.916725][T30310] input: syz1 as /devices/virtual/input/input255 [ 1291.178722][T30313] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7658'. [ 1291.461361][T16659] Bluetooth: Unexpected start frame (len 0) [ 1291.486905][ T5248] gspca_nw80x: reg_r err -71 [ 1291.488998][ T5248] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 1291.495541][ T5248] usb 5-1: USB disconnect, device number 45 [ 1291.598734][T30331] overlayfs: missing 'lowerdir' [ 1291.955086][ T5208] Bluetooth: Unexpected start frame (len 0) [ 1292.145648][ T5208] Bluetooth: Unexpected start frame (len 28) [ 1292.225926][ T5208] Bluetooth: Unexpected start frame (len 28) [ 1292.351151][ T5208] Bluetooth: Unexpected start frame (len 0) [ 1292.379280][T30383] bond0: entered promiscuous mode [ 1292.381097][T30383] bond_slave_0: entered promiscuous mode [ 1292.383518][T30383] bond_slave_1: entered promiscuous mode [ 1292.386560][T30383] batadv_slave_0: entered promiscuous mode [ 1292.490369][T30388] input: syz1 as /devices/virtual/input/input256 [ 1292.504528][ T5208] Bluetooth: hci2: command 0x0406 tx timeout [ 1292.504606][T24252] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 1292.734508][ T5274] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 1292.764534][T21619] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 1292.874639][ T39] audit: type=1326 audit(1721039062.489:1986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30397 comm="syz.3.7690" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x0 [ 1292.914492][ T5274] usb 5-1: Using ep0 maxpacket: 16 [ 1292.919076][ T5274] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1292.923942][ T5274] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1292.928937][ T5274] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1292.932975][ T5274] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1292.938372][ T5274] usb 5-1: config 0 descriptor?? [ 1292.946541][T21619] usb 6-1: Using ep0 maxpacket: 32 [ 1292.951030][T21619] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1292.954202][T21619] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1292.969627][T21619] usb 6-1: config 0 descriptor?? [ 1292.979601][T21619] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1293.133766][ T5208] Bluetooth: Unexpected start frame (len 28) [ 1293.563956][T30385] netlink: 32 bytes leftover after parsing attributes in process `syz.0.7684'. [ 1293.580645][ T5208] Bluetooth: Unexpected start frame (len 28) [ 1293.709589][T21619] gspca_nw80x: reg_r err -71 [ 1293.711678][T21619] nw80x 6-1:0.0: probe with driver nw80x failed with error -71 [ 1293.745486][T21619] usb 6-1: USB disconnect, device number 30 [ 1293.955322][ T5208] Bluetooth: hci1: command 0x206a tx timeout [ 1293.957823][T16659] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 1294.090480][ T5274] usbhid 5-1:0.0: can't add hid device: -71 [ 1294.093219][ T5274] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1294.098381][ T5274] usb 5-1: USB disconnect, device number 46 [ 1294.119649][T16659] Bluetooth: hci1: unexpected event 0x2f length: 763 > 260 [ 1294.165231][T30431] input: syz1 as /devices/virtual/input/input257 [ 1294.257884][T30433] netlink: 'syz.0.7703': attribute type 10 has an invalid length. [ 1294.531138][ T39] audit: type=1326 audit(1721039064.149:1987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30436 comm="syz.1.7704" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747f579 code=0x0 [ 1294.584597][ T5208] Bluetooth: hci2: command 0x0406 tx timeout [ 1294.587414][T24252] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 1294.718035][ T5208] Bluetooth: Unexpected start frame (len 28) [ 1295.155146][ T5274] usb 7-1: new high-speed USB device number 34 using dummy_hcd [ 1295.334471][ T5274] usb 7-1: Using ep0 maxpacket: 16 [ 1295.339340][ T5274] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1295.344774][ T5274] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1295.349479][ T5274] usb 7-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1295.353921][ T5274] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1295.359585][ T5274] usb 7-1: config 0 descriptor?? [ 1295.365937][T30461] netlink: 60 bytes leftover after parsing attributes in process `syz.3.7711'. [ 1295.455243][T30461] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7711'. [ 1295.622604][T30470] input: syz1 as /devices/virtual/input/input258 [ 1295.979393][T30452] netlink: 32 bytes leftover after parsing attributes in process `syz.2.7708'. [ 1296.114315][ T5208] Bluetooth: hci2: unexpected event 0x2f length: 763 > 260 [ 1296.282093][ T5208] Bluetooth: Unexpected start frame (len 28) [ 1296.424499][T16659] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 1296.436139][T16659] Bluetooth: hci1: command 0x206a tx timeout [ 1296.501289][ T5274] usbhid 7-1:0.0: can't add hid device: -71 [ 1296.504228][ T5274] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1296.510482][ T5274] usb 7-1: USB disconnect, device number 34 [ 1296.642054][T30490] netlink: 60 bytes leftover after parsing attributes in process `syz.0.7721'. [ 1296.674561][T24252] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 1296.683099][T16659] Bluetooth: hci2: command 0x0406 tx timeout [ 1296.687551][T24252] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 1296.754359][ T39] audit: type=1326 audit(1721039066.369:1988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30484 comm="syz.1.7720" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747f579 code=0x0 [ 1296.786145][T30490] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7721'. [ 1296.825811][T24252] Bluetooth: Unexpected start frame (len 28) [ 1297.837392][T30516] overlayfs: missing 'lowerdir' [ 1297.943378][T16659] Bluetooth: hci1: unexpected event 0x2f length: 763 > 260 [ 1298.068333][ T39] audit: type=1326 audit(1721039067.689:1989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30505 comm="syz.1.7727" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747f579 code=0x0 [ 1298.559656][ T39] audit: type=1326 audit(1721039068.159:1990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30528 comm="syz.2.7735" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73e2579 code=0x0 [ 1298.744914][T16659] Bluetooth: hci2: command 0x0406 tx timeout [ 1298.786451][T30535] netlink: 60 bytes leftover after parsing attributes in process `syz.1.7736'. [ 1298.878563][T30535] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7736'. [ 1299.156446][T30539] overlayfs: missing 'lowerdir' [ 1299.199387][T30543] overlayfs: missing 'lowerdir' [ 1299.464503][T24252] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 1299.465010][T16659] Bluetooth: hci1: command 0x206a tx timeout [ 1299.479002][T30554] netlink: 60 bytes leftover after parsing attributes in process `syz.0.7744'. [ 1299.563203][T30554] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7744'. [ 1299.985897][T16659] Bluetooth: hci1: unexpected event 0x2f length: 763 > 260 [ 1300.273635][ T1352] ieee802154 phy1 wpan1: encryption failed: -22 [ 1300.476141][T30572] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7750'. [ 1300.579161][T30572] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7750'. [ 1300.585612][ T39] audit: type=1326 audit(1721039070.209:1991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30562 comm="syz.3.7747" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x0 [ 1301.173581][T30581] overlayfs: missing 'lowerdir' [ 1301.382578][T30588] netlink: 'syz.3.7756': attribute type 10 has an invalid length. [ 1301.420086][T30590] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7755'. [ 1302.293735][T30597] input: syz1 as /devices/virtual/input/input259 [ 1302.684605][T29576] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 1302.884472][T29576] usb 5-1: Using ep0 maxpacket: 16 [ 1302.889875][T29576] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1302.900186][T29576] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1302.905654][T29576] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1302.909491][T29576] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1302.915020][T29576] usb 5-1: config 0 descriptor?? [ 1303.131392][T30618] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7767'. [ 1303.135219][T30617] netlink: 'syz.3.7768': attribute type 10 has an invalid length. [ 1303.168158][T30618] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7767'. [ 1303.589478][T30604] netlink: 32 bytes leftover after parsing attributes in process `syz.0.7762'. [ 1303.695207][ T39] audit: type=1326 audit(1721039073.319:1992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30625 comm="syz.1.7771" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747f579 code=0x0 [ 1304.019322][T30630] input: syz1 as /devices/virtual/input/input260 [ 1304.144494][T29576] usbhid 5-1:0.0: can't add hid device: -71 [ 1304.147070][T29576] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1304.151637][T29576] usb 5-1: USB disconnect, device number 47 [ 1304.329507][T16659] Bluetooth: Unexpected start frame (len 28) [ 1304.930359][T30655] netlink: 60 bytes leftover after parsing attributes in process `syz.1.7780'. [ 1304.981642][T30655] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7780'. [ 1305.145668][T29576] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 1305.182644][T30660] overlayfs: missing 'lowerdir' [ 1305.344683][T29576] usb 5-1: Using ep0 maxpacket: 16 [ 1305.349162][T29576] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1305.353894][T29576] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1305.358412][T29576] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1305.362342][T29576] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1305.372124][T30669] input: syz1 as /devices/virtual/input/input261 [ 1305.377525][T29576] usb 5-1: config 0 descriptor?? [ 1305.639173][ T39] audit: type=1326 audit(1721039075.259:1993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30661 comm="syz.2.7784" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73e2579 code=0x0 [ 1305.991182][T30654] netlink: 32 bytes leftover after parsing attributes in process `syz.0.7781'. [ 1306.529037][T29576] usbhid 5-1:0.0: can't add hid device: -71 [ 1306.531665][T29576] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1306.545740][T29576] usb 5-1: USB disconnect, device number 48 [ 1306.566421][T30685] overlayfs: missing 'lowerdir' [ 1306.666181][T16659] Bluetooth: hci2: command 0x0406 tx timeout [ 1306.667099][T24252] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 1306.686821][T24252] Bluetooth: hci1: unexpected event 0x2f length: 763 > 260 [ 1306.696534][T30695] input: syz1 as /devices/virtual/input/input262 [ 1307.041052][T30710] overlayfs: missing 'lowerdir' [ 1307.205467][T24252] Bluetooth: Unexpected start frame (len 28) [ 1307.214563][T23456] usb 7-1: new high-speed USB device number 35 using dummy_hcd [ 1307.394457][T23456] usb 7-1: Using ep0 maxpacket: 16 [ 1307.404485][T23456] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1307.408185][T23456] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1307.412055][T23456] usb 7-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1307.428017][T23456] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1307.432662][T23456] usb 7-1: config 0 descriptor?? [ 1307.476846][ T39] audit: type=1326 audit(1721039077.099:1994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30707 comm="syz.1.7802" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747f579 code=0x0 [ 1307.748344][T30732] netlink: 60 bytes leftover after parsing attributes in process `syz.3.7809'. [ 1307.807285][T30732] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7809'. [ 1308.051418][T30704] netlink: 32 bytes leftover after parsing attributes in process `syz.2.7801'. [ 1308.264553][ T5208] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 1308.265123][T24252] Bluetooth: hci1: command 0x206a tx timeout [ 1308.466940][T24252] Bluetooth: Unexpected start frame (len 0) [ 1308.587582][T23456] usbhid 7-1:0.0: can't add hid device: -71 [ 1308.594967][T23456] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1308.613315][T23456] usb 7-1: USB disconnect, device number 35 [ 1308.702943][T30760] netlink: 'syz.2.7820': attribute type 10 has an invalid length. [ 1308.904620][T24252] Bluetooth: hci3: command 0x206a tx timeout [ 1308.905569][T16659] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1309.171528][T24252] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1309.426929][T30786] overlayfs: missing 'lowerdir' [ 1309.447278][T30784] netlink: 60 bytes leftover after parsing attributes in process `syz.0.7826'. [ 1309.526741][T30784] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7826'. [ 1309.654838][T23456] usb 7-1: new high-speed USB device number 36 using dummy_hcd [ 1309.668718][ T39] audit: type=1326 audit(1721039079.289:1995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30789 comm="syz.1.7831" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747f579 code=0x0 [ 1309.834504][T23456] usb 7-1: Using ep0 maxpacket: 16 [ 1309.840120][T23456] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1309.852706][T23456] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1309.858457][T23456] usb 7-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1309.862469][T23456] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1309.877149][T23456] usb 7-1: config 0 descriptor?? [ 1310.512929][T30783] netlink: 32 bytes leftover after parsing attributes in process `syz.2.7828'. [ 1310.526283][T23456] usbhid 7-1:0.0: can't add hid device: -71 [ 1310.528632][T23456] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1310.532242][T23456] usb 7-1: USB disconnect, device number 36 [ 1310.771210][T30804] netlink: 60 bytes leftover after parsing attributes in process `syz.1.7835'. [ 1310.813929][T30804] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7835'. [ 1310.994691][T24252] Bluetooth: hci3: command 0x206a tx timeout [ 1310.997035][T16659] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1310.997165][T30808] netlink: 'syz.3.7837': attribute type 10 has an invalid length. [ 1311.098788][T30812] overlayfs: missing 'lowerdir' [ 1311.145482][ T5208] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 1311.148243][T16659] Bluetooth: hci2: command 0x0406 tx timeout [ 1311.150798][ T5208] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 1311.193271][T16659] Bluetooth: Unexpected start frame (len 0) [ 1311.673740][ T39] audit: type=1326 audit(1721039081.289:1996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30816 comm="syz.2.7840" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73e2579 code=0x0 [ 1312.491872][T30828] netlink: 20 bytes leftover after parsing attributes in process `syz.2.7843'. [ 1312.764441][T16659] Bluetooth: hci1: unexpected event 0x2f length: 763 > 260 [ 1313.151435][T30851] netlink: 60 bytes leftover after parsing attributes in process `syz.3.7849'. [ 1313.178574][ T5208] Bluetooth: Unexpected start frame (len 28) [ 1313.182969][T30853] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7852'. [ 1313.224855][ T5208] Bluetooth: hci2: command 0x0406 tx timeout [ 1313.259256][T30851] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7849'. [ 1313.469717][T30861] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7855'. [ 1313.494626][ T55] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 1313.551662][T30861] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7855'. [ 1313.704513][ T55] usb 5-1: Using ep0 maxpacket: 32 [ 1313.709027][ T55] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1313.713134][ T55] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1313.724162][ T55] usb 5-1: config 0 descriptor?? [ 1313.729160][ T55] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1313.889071][ T5208] Bluetooth: Unexpected start frame (len 28) [ 1314.334906][ T55] gspca_nw80x: reg_r err -71 [ 1314.338374][ T55] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 1314.346155][ T55] usb 5-1: USB disconnect, device number 49 [ 1314.494853][T30880] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7861'. [ 1314.760617][T30891] overlayfs: missing 'lowerdir' [ 1314.835840][ T5246] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 1315.024666][ T5246] usb 6-1: Using ep0 maxpacket: 32 [ 1315.033922][ T5208] Bluetooth: Unexpected start frame (len 28) [ 1315.044010][ T5246] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1315.049677][ T5246] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1315.068818][ T5246] usb 6-1: config 0 descriptor?? [ 1315.084950][ T5246] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1315.227032][T16659] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 1315.229648][T16659] Bluetooth: hci1: command 0x206a tx timeout [ 1315.706889][ T5208] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1315.873483][ T5246] gspca_nw80x: reg_r err -110 [ 1315.878368][T30918] overlayfs: missing 'lowerdir' [ 1315.878761][ T5246] nw80x 6-1:0.0: probe with driver nw80x failed with error -110 [ 1315.905213][T22795] usb 7-1: new high-speed USB device number 37 using dummy_hcd [ 1315.910124][ T5246] usb 6-1: USB disconnect, device number 31 [ 1316.084602][T22795] usb 7-1: Using ep0 maxpacket: 16 [ 1316.091500][T22795] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1316.097109][T22795] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1316.101502][T22795] usb 7-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1316.105540][T22795] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1316.110803][T22795] usb 7-1: config 0 descriptor?? [ 1316.184508][ T5274] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 1316.384504][ T5274] usb 5-1: Using ep0 maxpacket: 32 [ 1316.389425][ T5274] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1316.393467][ T5274] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1316.399012][ T5274] usb 5-1: config 0 descriptor?? [ 1316.403908][ T5274] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1316.590315][ T5208] Bluetooth: Unexpected start frame (len 28) [ 1316.726181][T30915] __nla_validate_parse: 3 callbacks suppressed [ 1316.726197][T30915] netlink: 32 bytes leftover after parsing attributes in process `syz.2.7873'. [ 1316.742061][T22795] usbhid 7-1:0.0: can't add hid device: -71 [ 1316.745859][T22795] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1316.751387][T22795] usb 7-1: USB disconnect, device number 37 [ 1316.906484][ T5274] gspca_nw80x: reg_r err -71 [ 1316.908707][ T5274] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 1316.912817][ T5274] usb 5-1: USB disconnect, device number 50 [ 1317.118755][T30938] netlink: 'syz.1.7881': attribute type 10 has an invalid length. [ 1317.312628][T30944] overlayfs: missing 'lowerdir' [ 1317.494767][T16659] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1317.501573][T16659] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1317.510666][T16659] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1317.521874][T16659] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1317.526987][T16659] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1317.530127][T16659] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1317.687914][T16659] Bluetooth: Unexpected start frame (len 28) [ 1317.743247][T30947] chnl_net:caif_netlink_parms(): no params data found [ 1317.886400][T29032] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1317.952568][T30947] bridge0: port 1(bridge_slave_0) entered blocking state [ 1317.955937][T30947] bridge0: port 1(bridge_slave_0) entered disabled state [ 1317.958449][T30947] bridge_slave_0: entered allmulticast mode [ 1317.961160][T30947] bridge_slave_0: entered promiscuous mode [ 1317.964682][T30947] bridge0: port 2(bridge_slave_1) entered blocking state [ 1317.967544][T30947] bridge0: port 2(bridge_slave_1) entered disabled state [ 1317.970442][T30947] bridge_slave_1: entered allmulticast mode [ 1317.973428][T30947] bridge_slave_1: entered promiscuous mode [ 1318.003681][T29032] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1318.066660][T30947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1318.080561][T30947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1318.097697][T29032] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1318.155937][T30947] team0: Port device team_slave_0 added [ 1318.162449][T30947] team0: Port device team_slave_1 added [ 1318.237989][T29032] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1318.246882][T30947] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1318.249872][T30947] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1318.264118][T30947] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1318.270429][T30947] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1318.273213][T30947] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1318.283409][T30947] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1318.294716][T13915] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 1318.347858][T30947] hsr_slave_0: entered promiscuous mode [ 1318.351226][T30947] hsr_slave_1: entered promiscuous mode [ 1318.354156][T30947] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1318.359236][T30947] Cannot create hsr debugfs directory [ 1318.472961][T29032] bridge_slave_1: left allmulticast mode [ 1318.475575][T29032] bridge_slave_1: left promiscuous mode [ 1318.477776][T29032] bridge0: port 2(bridge_slave_1) entered disabled state [ 1318.483194][T29032] bridge_slave_0: left allmulticast mode [ 1318.484668][T13915] usb 6-1: Using ep0 maxpacket: 16 [ 1318.485898][T29032] bridge_slave_0: left promiscuous mode [ 1318.490149][T29032] bridge0: port 1(bridge_slave_0) entered disabled state [ 1318.492854][T13915] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1318.492880][T13915] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1318.501350][T13915] usb 6-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1318.509681][T13915] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1318.514872][T13915] usb 6-1: config 0 descriptor?? [ 1318.873704][T29032] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1318.877694][T29032] bond_slave_0: left promiscuous mode [ 1318.916622][T29032] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1318.920509][T29032] bond_slave_1: left promiscuous mode [ 1318.927319][T29032] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface [ 1318.935251][T29032] batadv_slave_0: left promiscuous mode [ 1318.938167][T29032] bond0 (unregistering): Released all slaves [ 1319.371610][T29032] hsr_slave_0: left promiscuous mode [ 1319.376131][T29032] hsr_slave_1: left promiscuous mode [ 1319.379651][T29032] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1319.382836][T29032] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1319.449958][T29032] veth1_macvtap: left promiscuous mode [ 1319.452375][T29032] veth0_macvtap: left promiscuous mode [ 1319.455006][T29032] veth1_vlan: left promiscuous mode [ 1319.455042][ T1276] usb 5-1: new high-speed USB device number 51 using dummy_hcd [ 1319.457282][T29032] veth0_vlan: left promiscuous mode [ 1319.491444][T30981] overlayfs: missing 'lowerdir' [ 1319.624835][T24252] Bluetooth: hci1: command tx timeout [ 1319.659920][T13915] usbhid 6-1:0.0: can't add hid device: -71 [ 1319.665043][T13915] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1319.683620][ T1276] usb 5-1: Using ep0 maxpacket: 32 [ 1319.689085][T13915] usb 6-1: USB disconnect, device number 32 [ 1319.693363][ T1276] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1319.703182][ T1276] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1319.719957][ T1276] usb 5-1: config 0 descriptor?? [ 1319.731122][ T1276] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1319.824634][T24252] Bluetooth: Unexpected start frame (len 28) [ 1319.865416][T16659] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 1319.878272][T16659] Bluetooth: hci2: command 0x0406 tx timeout [ 1320.444670][ T1276] gspca_nw80x: reg_r err -110 [ 1320.446799][ T1276] nw80x 5-1:0.0: probe with driver nw80x failed with error -110 [ 1320.506692][T29032] team0 (unregistering): Port device team_slave_1 removed [ 1320.617170][T29032] team0 (unregistering): Port device team_slave_0 removed [ 1320.994528][ T5208] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1320.995194][T16659] Bluetooth: hci3: command 0x206a tx timeout [ 1321.546413][T22795] usb 5-1: USB disconnect, device number 51 [ 1321.563356][T31003] netlink: 'syz.1.7901': attribute type 10 has an invalid length. [ 1321.642141][T30947] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1321.655129][T30947] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1321.661798][T30947] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1321.680062][T30947] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1321.714664][T16659] Bluetooth: hci1: command tx timeout [ 1321.819387][T30947] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1321.832810][T30947] 8021q: adding VLAN 0 to HW filter on device team0 [ 1321.844726][ T5274] bridge0: port 1(bridge_slave_0) entered blocking state [ 1321.848020][ T5274] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1321.853655][ T5274] bridge0: port 2(bridge_slave_1) entered blocking state [ 1321.856925][ T5274] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1322.070508][T30947] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1322.112318][T30947] veth0_vlan: entered promiscuous mode [ 1322.120749][T30947] veth1_vlan: entered promiscuous mode [ 1322.150168][T30947] veth0_macvtap: entered promiscuous mode [ 1322.159188][T30947] veth1_macvtap: entered promiscuous mode [ 1322.171670][T30947] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1322.180439][T30947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1322.185829][T30947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1322.189751][T30947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1322.193721][T30947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1322.198685][T30947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1322.202818][T30947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1322.209979][T30947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1322.213786][T30947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1322.218923][T30947] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1322.222470][T16659] Bluetooth: Unexpected start frame (len 28) [ 1322.227876][T30947] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1322.231867][T30947] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1322.235669][T30947] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1322.239156][T30947] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1322.326554][T29032] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1322.333814][T29032] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1322.344560][T24252] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 1322.344597][T16659] Bluetooth: hci2: command 0x0406 tx timeout [ 1322.361944][T11222] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1322.367411][T11222] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1322.543793][T31033] overlayfs: missing 'lowerdir' [ 1322.633231][ T39] audit: type=1326 audit(1721039092.249:1997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31025 comm="syz.1.7907" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747f579 code=0x0 [ 1322.935797][ T5274] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 1323.143225][T31052] netlink: 'syz.2.7915': attribute type 10 has an invalid length. [ 1323.144636][ T5274] usb 5-1: Using ep0 maxpacket: 32 [ 1323.147589][T31052] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1323.151475][ T5274] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1323.155351][ T5274] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1323.159319][T31052] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1323.160385][ T5274] usb 5-1: config 0 descriptor?? [ 1323.168113][ T5274] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1323.168764][T31052] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 1323.548325][T31068] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7920'. [ 1323.694466][ T5274] gspca_nw80x: reg_r err -71 [ 1323.696158][ T5274] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 1323.704924][ T5274] usb 5-1: USB disconnect, device number 52 [ 1323.802330][T16659] Bluetooth: hci1: command tx timeout [ 1324.572776][ T39] audit: type=1326 audit(1721039094.189:1998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31080 comm="syz.3.7926" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x0 [ 1324.640930][T16659] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1324.666348][T24252] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 1324.923456][T31095] netlink: 'syz.2.7930': attribute type 10 has an invalid length. [ 1325.519203][T31102] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7932'. [ 1325.634830][T31109] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7934'. [ 1325.681141][T16659] Bluetooth: Unexpected start frame (len 28) [ 1325.840856][T16659] Bluetooth: Unexpected start frame (len 28) [ 1325.865603][T16659] Bluetooth: hci1: command 0x0419 tx timeout [ 1325.869588][T24252] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 1326.952942][ T39] audit: type=1326 audit(1721039096.559:1999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31128 comm="syz.1.7941" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747f579 code=0x0 [ 1326.953838][T24252] Bluetooth: hci1: unexpected event 0x2f length: 763 > 260 [ 1327.895156][T31142] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7944'. [ 1327.897920][T24252] Bluetooth: Unexpected start frame (len 28) [ 1327.954589][T24252] Bluetooth: hci1: command 0x0419 tx timeout [ 1328.616627][T31163] netlink: 60 bytes leftover after parsing attributes in process `syz.1.7950'. [ 1328.686786][T31163] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7950'. [ 1328.842344][T31172] netlink: 'syz.0.7954': attribute type 10 has an invalid length. [ 1330.041667][T24252] Bluetooth: hci1: command 0x0419 tx timeout [ 1330.909712][T31194] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7961'. [ 1331.732958][T24252] Bluetooth: Unexpected start frame (len 28) [ 1331.784501][T27765] usb 5-1: new high-speed USB device number 53 using dummy_hcd [ 1331.880307][T24252] Bluetooth: hci2: unexpected event 0x2f length: 763 > 260 [ 1331.974504][T27765] usb 5-1: Using ep0 maxpacket: 32 [ 1331.985498][T27765] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1331.989436][T27765] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1332.005194][T27765] usb 5-1: config 0 descriptor?? [ 1332.016169][T27765] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1332.035173][T24252] Bluetooth: hci3: command 0x206a tx timeout [ 1332.035787][T16659] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1332.475313][ T5269] usb 7-1: new high-speed USB device number 38 using dummy_hcd [ 1332.504333][T27765] gspca_nw80x: reg_r err -71 [ 1332.507943][T27765] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 1332.513061][T27765] usb 5-1: USB disconnect, device number 53 [ 1332.664585][ T5269] usb 7-1: Using ep0 maxpacket: 16 [ 1332.671029][ T5269] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1332.676219][ T5269] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1332.681003][ T5269] usb 7-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1332.685176][ T5269] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1332.692809][ T5269] usb 7-1: config 0 descriptor?? [ 1332.894304][T31226] netlink: 60 bytes leftover after parsing attributes in process `syz.3.7972'. [ 1332.912337][T31226] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7972'. [ 1333.336950][T31219] netlink: 32 bytes leftover after parsing attributes in process `syz.2.7970'. [ 1333.445816][ T39] audit: type=1326 audit(1721039103.069:2000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31227 comm="syz.0.7973" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x0 [ 1333.868162][ T5269] usbhid 7-1:0.0: can't add hid device: -71 [ 1333.879374][ T5269] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1333.889599][ T5269] usb 7-1: USB disconnect, device number 38 [ 1334.189095][T24252] Bluetooth: hci2: command 0x0406 tx timeout [ 1334.192240][T16659] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 1334.287294][T31247] netlink: 'syz.0.7980': attribute type 10 has an invalid length. [ 1334.291901][ T39] audit: type=1326 audit(1721039103.909:2001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31237 comm="syz.2.7977" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73a8579 code=0x0 [ 1334.317014][T16659] Bluetooth: hci2: unexpected event 0x2f length: 763 > 260 [ 1334.771158][T31253] overlayfs: missing 'lowerdir' [ 1335.343737][T16659] Bluetooth: Unexpected start frame (len 28) [ 1335.466728][ T5269] usb 7-1: new high-speed USB device number 39 using dummy_hcd [ 1335.644590][ T5269] usb 7-1: Using ep0 maxpacket: 16 [ 1335.655643][ T5269] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1335.660407][ T5269] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1335.664595][ T5269] usb 7-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1335.671730][ T5269] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1335.686043][ T5269] usb 7-1: config 0 descriptor?? [ 1335.745702][T16659] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1335.962869][ T39] audit: type=1326 audit(1721039105.579:2002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31276 comm="syz.3.7990" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x0 [ 1336.242681][T16659] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1336.364103][T31264] netlink: 32 bytes leftover after parsing attributes in process `syz.2.7986'. [ 1336.699556][ T39] audit: type=1326 audit(1721039106.319:2003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31291 comm="syz.1.7995" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747f579 code=0x0 [ 1336.706403][T31305] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7999'. [ 1336.789555][T31305] veth7: entered allmulticast mode [ 1336.792464][T16659] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1337.016476][ T5269] usbhid 7-1:0.0: can't add hid device: -71 [ 1337.043490][ T5269] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1337.063674][ T5269] usb 7-1: USB disconnect, device number 39 [ 1337.213602][T31319] fuse: Bad value for 'fd' [ 1337.236037][T16659] Bluetooth: Unexpected start frame (len 28) [ 1337.364630][T27765] usb 5-1: new high-speed USB device number 54 using dummy_hcd [ 1337.554874][T27765] usb 5-1: Using ep0 maxpacket: 32 [ 1337.559816][T27765] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1337.583274][T27765] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1337.590646][T27765] usb 5-1: config 0 descriptor?? [ 1337.606432][T27765] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1337.826498][ T39] audit: type=1326 audit(1721039107.449:2004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31327 comm="syz.2.8008" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73a8579 code=0x0 [ 1338.279810][T27765] gspca_nw80x: reg_r err -71 [ 1338.282065][T27765] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 1338.287580][T27765] usb 5-1: USB disconnect, device number 54 [ 1338.605738][T31352] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8014'. [ 1338.963386][ T39] audit: type=1326 audit(1721039108.579:2005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31356 comm="syz.2.8016" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73a8579 code=0x0 [ 1338.986235][T31361] netlink: 'syz.3.8017': attribute type 10 has an invalid length. [ 1339.399950][T16659] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1339.990728][T31380] netlink: 'syz.2.8023': attribute type 10 has an invalid length. [ 1340.019508][T16659] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1341.179060][ T39] audit: type=1326 audit(1721039110.799:2006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31400 comm="syz.2.8029" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73a8579 code=0x0 [ 1341.265593][ T39] audit: type=1326 audit(1721039110.889:2007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31403 comm="syz.0.8030" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x0 [ 1341.357506][T31411] netlink: 'syz.1.8032': attribute type 10 has an invalid length. [ 1341.718530][T31418] overlayfs: missing 'lowerdir' [ 1341.809486][T31420] netlink: 'syz.0.8035': attribute type 10 has an invalid length. [ 1342.006449][T16659] Bluetooth: Unexpected start frame (len 28) [ 1342.726023][T31443] overlayfs: missing 'lowerdir' [ 1342.814528][ T5269] usb 7-1: new high-speed USB device number 40 using dummy_hcd [ 1342.829135][T31450] fuse: Bad value for 'fd' [ 1342.847581][T16659] Bluetooth: Unexpected start frame (len 28) [ 1343.024509][ T5269] usb 7-1: Using ep0 maxpacket: 32 [ 1343.031594][ T5269] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1343.044794][ T5269] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1343.056088][ T5269] usb 7-1: config 0 descriptor?? [ 1343.085827][ T5269] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1343.144838][T31455] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8047'. [ 1343.154223][ T39] audit: type=1326 audit(1721039112.769:2008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31448 comm="syz.1.8046" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747f579 code=0x0 [ 1343.185526][T31455] veth7: entered allmulticast mode [ 1343.776609][ T5269] gspca_nw80x: reg_r err -71 [ 1343.778754][ T5269] nw80x 7-1:0.0: probe with driver nw80x failed with error -71 [ 1343.810303][ T5269] usb 7-1: USB disconnect, device number 40 [ 1343.897642][T31471] overlayfs: missing 'lowerdir' [ 1344.003510][T31477] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8056'. [ 1344.064578][T31477] veth5: entered allmulticast mode [ 1344.100845][T16659] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1344.454491][T13915] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 1344.647058][T13915] usb 6-1: Using ep0 maxpacket: 16 [ 1344.652084][T13915] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1344.655329][T31499] overlayfs: missing 'lowerdir' [ 1344.657371][T13915] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1344.673970][T13915] usb 6-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1344.678348][T13915] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1344.690870][T13915] usb 6-1: config 0 descriptor?? [ 1344.844253][T31502] netlink: 'syz.2.8064': attribute type 10 has an invalid length. [ 1345.286838][T16659] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1345.379885][T31482] netlink: 32 bytes leftover after parsing attributes in process `syz.1.8057'. [ 1345.909363][T13915] usbhid 6-1:0.0: can't add hid device: -71 [ 1345.924542][T13915] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1345.936768][T13915] usb 6-1: USB disconnect, device number 33 [ 1345.989059][T31526] netlink: 'syz.1.8072': attribute type 10 has an invalid length. [ 1345.998556][T31525] netlink: 'syz.0.8073': attribute type 10 has an invalid length. [ 1346.252942][T16659] Bluetooth: Unexpected start frame (len 28) [ 1346.424589][T16659] Bluetooth: hci1: command 0x0419 tx timeout [ 1346.427358][T24252] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 1346.647132][T31541] netlink: 'syz.1.8078': attribute type 10 has an invalid length. [ 1346.681013][T16659] Bluetooth: hci1: unexpected event 0x2f length: 763 > 260 [ 1346.831096][T31545] process 'memfd:ndRi5ም[@8 9I=\'LҎ)JtTDqρ1 >\LϑM^T*' started with executable stack [ 1347.144571][T12794] usb 5-1: new high-speed USB device number 55 using dummy_hcd [ 1347.344498][T12794] usb 5-1: Using ep0 maxpacket: 16 [ 1347.348144][T12794] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1347.352492][T12794] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1347.356597][T12794] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1347.360216][T12794] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1347.365114][T12794] usb 5-1: config 0 descriptor?? [ 1347.836789][T16659] Bluetooth: Unexpected start frame (len 28) [ 1348.001152][T31550] netlink: 32 bytes leftover after parsing attributes in process `syz.0.8081'. [ 1348.110346][T31566] netlink: 'syz.2.8086': attribute type 10 has an invalid length. [ 1348.346734][T31569] netlink: 'syz.1.8087': attribute type 10 has an invalid length. [ 1348.504607][T24252] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 1348.504758][T16659] Bluetooth: hci1: command 0x0419 tx timeout [ 1348.526635][T12794] usbhid 5-1:0.0: can't add hid device: -71 [ 1348.529870][T12794] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1348.545758][T12794] usb 5-1: USB disconnect, device number 55 [ 1348.851469][T31582] fuse: Bad value for 'fd' [ 1348.890670][T16659] Bluetooth: Unexpected start frame (len 28) [ 1349.184613][T31590] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8092'. [ 1349.714293][ T39] audit: type=1326 audit(1721039119.329:2009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31598 comm="syz.0.8096" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x0 [ 1350.099081][T31609] netlink: 'syz.0.8099': attribute type 10 has an invalid length. [ 1350.308705][ T39] audit: type=1326 audit(1721039119.929:2010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31600 comm="syz.1.8097" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747f579 code=0x0 [ 1350.344664][ T5248] usb 7-1: new high-speed USB device number 41 using dummy_hcd [ 1350.534659][ T5248] usb 7-1: Using ep0 maxpacket: 16 [ 1350.541785][ T5248] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1350.547912][ T5248] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1350.552370][ T5248] usb 7-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1350.556469][ T5248] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1350.561364][ T5248] usb 7-1: config 0 descriptor?? [ 1351.047724][T24252] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1351.230145][T31607] netlink: 32 bytes leftover after parsing attributes in process `syz.2.8098'. [ 1351.235108][T24252] Bluetooth: hci2: unexpected event 0x2f length: 763 > 260 [ 1351.264361][T31622] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8104'. [ 1351.300124][T31622] veth9: entered allmulticast mode [ 1351.304608][T16659] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1351.304677][T24252] Bluetooth: hci3: command 0x206a tx timeout [ 1351.310138][T16659] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1351.499005][T31628] overlayfs: missing 'lowerdir' [ 1351.616442][T31633] netlink: 60 bytes leftover after parsing attributes in process `syz.1.8108'. [ 1351.655318][T31633] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8108'. [ 1351.769628][ T5248] usbhid 7-1:0.0: can't add hid device: -71 [ 1351.772316][ T5248] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1351.786217][ T5248] usb 7-1: USB disconnect, device number 41 [ 1351.891424][T31635] netlink: 'syz.2.8109': attribute type 10 has an invalid length. [ 1352.304966][T16659] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1352.749519][T31647] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8113'. [ 1352.803769][T31647] veth3: entered allmulticast mode [ 1352.837834][T31645] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8112'. [ 1352.937224][T31650] netlink: 'syz.2.8114': attribute type 10 has an invalid length. [ 1353.395262][T16659] Bluetooth: hci3: command 0x206a tx timeout [ 1354.236037][T31656] overlayfs: missing 'lowerdir' [ 1354.333036][T31660] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8118'. [ 1354.543963][T31667] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8119'. [ 1354.566223][T31665] netlink: 'syz.3.8120': attribute type 10 has an invalid length. [ 1354.635003][T31667] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8119'. [ 1354.710159][ T39] audit: type=1326 audit(1721039124.329:2011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31657 comm="syz.1.8117" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747f579 code=0x0 [ 1355.684558][ T1276] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 1355.881656][ T1276] usb 6-1: Using ep0 maxpacket: 32 [ 1355.891044][ T1276] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1355.894273][ T1276] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1355.898493][ T1276] usb 6-1: config 0 descriptor?? [ 1355.907119][ T1276] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1356.077566][ T39] audit: type=1326 audit(1721039125.699:2012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31676 comm="syz.0.8123" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x0 [ 1356.104598][T16659] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 1356.107298][T16659] Bluetooth: hci1: command 0x0419 tx timeout [ 1356.176245][T31685] netlink: 60 bytes leftover after parsing attributes in process `syz.3.8126'. [ 1356.227382][T31685] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8126'. [ 1356.497883][ T1276] gspca_nw80x: reg_r err -71 [ 1356.500044][ T1276] nw80x 6-1:0.0: probe with driver nw80x failed with error -71 [ 1356.511910][ T1276] usb 6-1: USB disconnect, device number 34 [ 1356.740047][T31687] overlayfs: missing 'lowerdir' [ 1356.807754][T31689] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8128'. [ 1357.078952][T31693] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8130'. [ 1357.134535][ T5248] usb 5-1: new high-speed USB device number 56 using dummy_hcd [ 1357.140007][T31693] veth7: entered allmulticast mode [ 1357.314559][ T5248] usb 5-1: Using ep0 maxpacket: 32 [ 1357.320491][ T5248] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1357.322782][T31697] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8131'. [ 1357.324941][ T5248] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1357.336204][ T5248] usb 5-1: config 0 descriptor?? [ 1357.342030][ T5248] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1357.946249][ T5248] gspca_nw80x: reg_r err -71 [ 1357.948862][ T5248] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 1357.953815][ T5248] usb 5-1: USB disconnect, device number 56 [ 1358.210108][ T39] audit: type=1326 audit(1721039127.829:2013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31705 comm="syz.2.8135" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73a8579 code=0x0 [ 1358.515185][T31711] overlayfs: missing 'lowerdir' [ 1358.736189][T31714] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8137'. [ 1358.867626][T31714] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8137'. [ 1359.055585][T31718] overlayfs: missing 'lowerdir' [ 1359.218125][T31720] netlink: 'syz.3.8140': attribute type 10 has an invalid length. [ 1359.534682][ T55] usb 7-1: new high-speed USB device number 42 using dummy_hcd [ 1359.728076][ T55] usb 7-1: Using ep0 maxpacket: 16 [ 1359.738477][ T55] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1359.743268][ T55] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1359.747770][ T55] usb 7-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1359.751842][ T55] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1359.764897][ T55] usb 7-1: config 0 descriptor?? [ 1360.167086][T31736] netlink: 'syz.3.8145': attribute type 10 has an invalid length. [ 1360.506468][ T55] usbhid 7-1:0.0: can't add hid device: -71 [ 1360.509632][ T55] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1360.516779][ T55] usb 7-1: USB disconnect, device number 42 [ 1360.603869][T31748] overlayfs: missing 'lowerdir' [ 1360.664623][ T39] audit: type=1326 audit(1721039130.279:2014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31741 comm="syz.1.8147" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747f579 code=0x0 [ 1360.736711][T31750] netlink: 'syz.0.8150': attribute type 10 has an invalid length. [ 1361.186272][ T39] audit: type=1326 audit(1721039130.799:2015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31753 comm="syz.2.8151" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73a8579 code=0x0 [ 1361.478232][T31759] netlink: 60 bytes leftover after parsing attributes in process `syz.1.8152'. [ 1361.579975][T31759] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8152'. [ 1361.694455][T31761] netlink: 'syz.3.8153': attribute type 10 has an invalid length. [ 1361.719260][ T1352] ieee802154 phy1 wpan1: encryption failed: -22 [ 1362.027391][ T5208] Bluetooth: Unexpected start frame (len 28) [ 1362.224506][ T5248] usb 7-1: new high-speed USB device number 43 using dummy_hcd [ 1362.385590][T31774] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8157'. [ 1362.402785][T31774] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8157'. [ 1362.424521][ T5248] usb 7-1: Using ep0 maxpacket: 16 [ 1362.430986][ T5248] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1362.435335][ T5248] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1362.438868][ T5248] usb 7-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1362.442030][ T5248] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1362.448792][ T5248] usb 7-1: config 0 descriptor?? [ 1362.674463][ T5208] Bluetooth: hci1: command 0x0419 tx timeout [ 1362.674578][T24252] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 1362.816933][ T39] audit: type=1326 audit(1721039132.439:2016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31775 comm="syz.3.8158" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x0 [ 1363.170910][ T5248] usbhid 7-1:0.0: can't add hid device: -71 [ 1363.173623][ T5248] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1363.185658][ T5248] usb 7-1: USB disconnect, device number 43 [ 1363.358828][T31781] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8159'. [ 1363.466324][T31781] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8159'. [ 1363.784552][T24252] Bluetooth: hci3: command 0x206a tx timeout [ 1363.789266][T16659] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1363.833667][T31788] netlink: 'syz.1.8162': attribute type 10 has an invalid length. [ 1365.514489][T13915] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 1365.589059][ T5269] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 1365.695532][T13915] usb 6-1: Using ep0 maxpacket: 16 [ 1365.706474][T13915] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1365.711308][T13915] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1365.721573][T13915] usb 6-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1365.731670][T13915] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1365.736987][T13915] usb 6-1: config 0 descriptor?? [ 1365.774535][ T5269] usb 5-1: Using ep0 maxpacket: 16 [ 1365.778740][ T5269] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1365.782977][ T5269] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1365.787180][ T5269] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1365.790518][ T5269] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1365.798010][ T5269] usb 5-1: config 0 descriptor?? [ 1366.026288][ T39] audit: type=1326 audit(1721039135.649:2017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31805 comm="syz.2.8168" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73a8579 code=0x0 [ 1366.544132][ T5269] usbhid 5-1:0.0: can't add hid device: -71 [ 1366.553931][ T5269] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1366.558982][ T5269] usb 5-1: USB disconnect, device number 57 [ 1366.840241][T13915] usbhid 6-1:0.0: can't add hid device: -71 [ 1366.843698][T13915] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1366.873427][T24252] Bluetooth: Unexpected start frame (len 28) [ 1366.880999][T13915] usb 6-1: USB disconnect, device number 35 [ 1366.995727][ T39] audit: type=1326 audit(1721039136.609:2018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31822 comm="syz.2.8173" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73a8579 code=0x0 [ 1367.171166][T31838] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8177'. [ 1367.242037][T31838] veth11: entered allmulticast mode [ 1367.454342][T24252] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1367.627500][T31847] netlink: 'syz.2.8180': attribute type 10 has an invalid length. [ 1367.771915][T24252] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1368.042403][ T39] audit: type=1326 audit(1721039137.659:2019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31852 comm="syz.1.8182" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747f579 code=0x0 [ 1368.065585][T24252] Bluetooth: Unexpected start frame (len 28) [ 1368.688070][T24252] Bluetooth: Unexpected start frame (len 28) [ 1368.886639][T24252] Bluetooth: hci2: unexpected event 0x2f length: 763 > 260 [ 1368.909876][T24252] Bluetooth: hci3: command 0x206a tx timeout [ 1369.190295][T24252] Bluetooth: Unexpected start frame (len 28) [ 1369.215295][ T55] usb 7-1: new high-speed USB device number 44 using dummy_hcd [ 1369.404643][ T55] usb 7-1: Using ep0 maxpacket: 32 [ 1369.413076][ T55] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1369.417308][ T55] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1369.423608][ T55] usb 7-1: config 0 descriptor?? [ 1369.440832][ T55] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1369.924510][ T55] gspca_nw80x: reg_r err -71 [ 1369.926518][ T55] nw80x 7-1:0.0: probe with driver nw80x failed with error -71 [ 1369.939943][ T55] usb 7-1: USB disconnect, device number 44 [ 1369.958651][ T39] audit: type=1326 audit(1721039139.579:2020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31906 comm="syz.1.8199" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747f579 code=0x0 [ 1370.284083][T24252] Bluetooth: Unexpected start frame (len 28) [ 1370.790920][ T39] audit: type=1326 audit(1721039140.409:2021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31921 comm="syz.0.8204" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x0 [ 1370.994573][T24252] Bluetooth: hci3: command 0x206a tx timeout [ 1370.994639][T16659] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1371.049857][T13915] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 1371.184322][T31935] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8207'. [ 1371.244509][T13915] usb 6-1: Using ep0 maxpacket: 16 [ 1371.252524][T13915] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1371.260938][T13915] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1371.273324][T13915] usb 6-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1371.285826][T13915] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1371.300224][T13915] usb 6-1: config 0 descriptor?? [ 1371.630839][T24252] Bluetooth: hci2: command 0x0406 tx timeout [ 1371.633138][ T5208] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 1371.831037][ T5208] Bluetooth: Unexpected start frame (len 28) [ 1372.286932][T13915] usbhid 6-1:0.0: can't add hid device: -71 [ 1372.289786][T13915] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1372.308058][T13915] usb 6-1: USB disconnect, device number 36 [ 1372.447783][ T5248] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 1372.634612][ T5248] usb 5-1: Using ep0 maxpacket: 32 [ 1372.638276][ T5248] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1372.641618][ T5248] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1372.657591][ T5248] usb 5-1: config 0 descriptor?? [ 1372.666164][ T5248] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1372.696224][ T5208] Bluetooth: Unexpected start frame (len 28) [ 1373.064630][T16659] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1373.076271][T16659] Bluetooth: hci3: command 0x206a tx timeout [ 1373.182915][ T5248] gspca_nw80x: reg_r err -71 [ 1373.185236][ T5248] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 1373.189854][ T5248] usb 5-1: USB disconnect, device number 58 [ 1373.284609][T13915] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 1373.484714][T13915] usb 6-1: Using ep0 maxpacket: 16 [ 1373.488938][T13915] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1373.493338][T13915] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1373.497812][T13915] usb 6-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1373.503434][T13915] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1373.509677][T13915] usb 6-1: config 0 descriptor?? [ 1373.868554][ T39] audit: type=1326 audit(1721039143.489:2022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31958 comm="syz.2.8216" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73a8579 code=0x0 [ 1374.283495][T13915] usbhid 6-1:0.0: can't add hid device: -71 [ 1374.290064][T13915] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1374.300534][T13915] usb 6-1: USB disconnect, device number 37 [ 1374.488946][ T5208] Bluetooth: Unexpected start frame (len 28) [ 1374.737555][ T5208] Bluetooth: Unexpected start frame (len 28) [ 1375.071733][T31992] overlayfs: missing 'lowerdir' [ 1375.545037][T16659] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 1375.558011][T16659] Bluetooth: hci1: command 0x0419 tx timeout [ 1375.596549][ T39] audit: type=1326 audit(1721039145.219:2023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31980 comm="syz.1.8222" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747f579 code=0x0 [ 1375.634510][T32004] overlayfs: missing 'lowerdir' [ 1375.655143][ T39] audit: type=1326 audit(1721039145.249:2024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31983 comm="syz.3.8223" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x0 [ 1375.718876][ T39] audit: type=1326 audit(1721039145.339:2025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32001 comm="syz.0.8229" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x0 [ 1376.267417][T32015] netlink: 'syz.1.8233': attribute type 10 has an invalid length. [ 1376.294539][ T5248] usb 7-1: new high-speed USB device number 45 using dummy_hcd [ 1376.495725][ T5248] usb 7-1: Using ep0 maxpacket: 16 [ 1376.500117][ T5248] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1376.505214][ T5248] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1376.509622][ T5248] usb 7-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1376.515094][ T5248] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1376.520394][ T5248] usb 7-1: config 0 descriptor?? [ 1376.580075][T16659] Bluetooth: Unexpected start frame (len 28) [ 1377.195476][T32029] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8236'. [ 1377.275912][ T5248] usbhid 7-1:0.0: can't add hid device: -71 [ 1377.279321][ T5248] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1377.289011][ T5248] usb 7-1: USB disconnect, device number 45 [ 1377.506006][T32047] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8242'. [ 1377.583899][T32047] veth9: entered allmulticast mode [ 1377.627734][ T39] audit: type=1326 audit(1721039147.249:2026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32042 comm="syz.2.8241" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73a8579 code=0x0 [ 1377.643159][T32048] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8242'. [ 1377.715591][T32055] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8245'. [ 1377.754044][T32055] veth11: entered allmulticast mode [ 1377.864576][T24252] Bluetooth: hci1: command 0x0419 tx timeout [ 1377.864899][ T5208] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 1377.911747][T24252] Bluetooth: Unexpected start frame (len 28) [ 1378.693691][T24252] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1378.794159][T32068] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8249'. [ 1379.390654][T24252] Bluetooth: hci3: command 0x206a tx timeout [ 1379.393465][T16659] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1379.663231][T32087] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8254'. [ 1379.670707][T32085] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8253'. [ 1379.746393][T32087] veth13: entered allmulticast mode [ 1379.756811][T32089] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8254'. [ 1379.961902][T32096] netlink: 'syz.2.8256': attribute type 10 has an invalid length. [ 1380.106122][ T39] audit: type=1326 audit(1721039149.719:2027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32097 comm="syz.0.8257" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x0 [ 1381.205417][T32122] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8263'. [ 1381.268992][T32122] veth15: entered allmulticast mode [ 1381.273072][T32123] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8263'. [ 1381.465145][T16659] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1381.468104][T16659] Bluetooth: hci3: command 0x206a tx timeout [ 1381.678999][T32136] netlink: 'syz.1.8268': attribute type 10 has an invalid length. [ 1381.928853][T16659] Bluetooth: Unexpected start frame (len 28) [ 1382.035946][T32148] overlayfs: missing 'lowerdir' [ 1382.212281][T32150] veth17: entered allmulticast mode [ 1382.227284][T32151] __nla_validate_parse: 1 callbacks suppressed [ 1382.227300][T32151] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8273'. [ 1382.245182][T32153] FAULT_INJECTION: forcing a failure. [ 1382.245182][T32153] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1382.250338][T32153] CPU: 3 PID: 32153 Comm: syz.0.8274 Not tainted 6.10.0-syzkaller #0 [ 1382.253554][T32153] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1382.258015][T32153] Call Trace: [ 1382.259420][T32153] [ 1382.260743][T32153] dump_stack_lvl+0x16c/0x1f0 [ 1382.262614][T32153] should_fail_ex+0x497/0x5b0 [ 1382.264590][T32153] _copy_from_iter+0x27a/0xfb0 [ 1382.266510][T32153] ? __pfx__copy_from_iter+0x10/0x10 [ 1382.268522][T32153] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 1382.270815][T32153] ? tun_build_skb.constprop.0+0x198/0x1250 [ 1382.273350][T32153] ? __pfx_lock_release+0x10/0x10 [ 1382.275265][T32153] ? mark_lock+0xb5/0xc60 [ 1382.276922][T32153] copy_page_from_iter+0xa5/0x120 [ 1382.278760][T32153] tun_build_skb.constprop.0+0x274/0x1250 [ 1382.280689][T32153] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 1382.282919][T32153] ? hlock_class+0x4e/0x130 [ 1382.284662][T32153] ? __lock_acquire+0xc5d/0x3b30 [ 1382.286552][T32153] tun_get_user+0x888/0x3c20 [ 1382.288048][T32153] ? __pfx_tun_get_user+0x10/0x10 [ 1382.289629][T32153] ? find_held_lock+0x2d/0x110 [ 1382.291712][T32153] ? __pfx_lock_release+0x10/0x10 [ 1382.293826][T32153] tun_chr_write_iter+0xe8/0x210 [ 1382.296004][T32153] vfs_write+0x6b6/0x1140 [ 1382.297707][T32153] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 1382.299633][T32153] ? __pfx_vfs_write+0x10/0x10 [ 1382.301610][T32153] ? __fget_files+0x256/0x400 [ 1382.303317][T32153] ? __fget_light+0x173/0x210 [ 1382.305170][T32153] ksys_write+0x12f/0x260 [ 1382.306770][T32153] ? __pfx_ksys_write+0x10/0x10 [ 1382.308486][T32153] __do_fast_syscall_32+0x73/0x120 [ 1382.310596][T32153] do_fast_syscall_32+0x32/0x80 [ 1382.312770][T32153] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1382.315683][T32153] RIP: 0023:0xf740d579 [ 1382.317540][T32153] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1382.325126][T32153] RSP: 002b:00000000f5d25540 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 1382.328393][T32153] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000020000300 [ 1382.331650][T32153] RDX: 000000000000004e RSI: 00000000f73f7ff4 RDI: 0000000000000000 [ 1382.334997][T32153] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1382.338336][T32153] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1382.341233][T32153] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1382.344544][T32153] [ 1382.586526][T32161] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8277'. [ 1382.744506][T16659] Bluetooth: hci1: command 0x0419 tx timeout [ 1382.744547][ T5208] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 1382.944485][ T1276] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 1383.124494][ T1276] usb 6-1: Using ep0 maxpacket: 32 [ 1383.130127][ T1276] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1383.134012][ T1276] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1383.139100][ T1276] usb 6-1: config 0 descriptor?? [ 1383.143772][ T1276] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1383.260044][T32172] overlayfs: missing 'lowerdir' [ 1383.398816][ T5208] Bluetooth: Unexpected start frame (len 28) [ 1383.704920][T24252] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1383.707350][T24252] Bluetooth: hci3: command 0x206a tx timeout [ 1383.739321][ T1276] gspca_nw80x: reg_r err -71 [ 1383.741040][ T1276] nw80x 6-1:0.0: probe with driver nw80x failed with error -71 [ 1383.755915][ T1276] usb 6-1: USB disconnect, device number 38 [ 1383.867711][T32183] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8284'. [ 1383.912334][T32183] veth5: entered allmulticast mode [ 1383.923253][T32183] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8284'. [ 1384.377233][T32189] sg_write: data in/out 196608/1 bytes for SCSI command 0xdb-- guessing data in; [ 1384.377233][T32189] program syz.1.8286 not setting count and/or reply_len properly [ 1384.919607][T32196] FAULT_INJECTION: forcing a failure. [ 1384.919607][T32196] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1384.925414][T32196] CPU: 2 PID: 32196 Comm: syz.0.8288 Not tainted 6.10.0-syzkaller #0 [ 1384.928656][T32196] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1384.932935][T32196] Call Trace: [ 1384.934210][T32196] [ 1384.935430][T32196] dump_stack_lvl+0x16c/0x1f0 [ 1384.937435][T32196] should_fail_ex+0x497/0x5b0 [ 1384.939424][T32196] _copy_from_user+0x30/0xf0 [ 1384.941419][T32196] sg_write+0x788/0xe10 [ 1384.943173][T32196] ? __pfx_sg_write+0x10/0x10 [ 1384.945128][T32196] ? __pfx_mark_lock+0x10/0x10 [ 1384.947138][T32196] ? apparmor_file_permission+0x251/0x410 [ 1384.949531][T32196] ? bpf_lsm_file_permission+0x9/0x10 [ 1384.951780][T32196] ? security_file_permission+0x98/0xc0 [ 1384.954152][T32196] ? __pfx_sg_write+0x10/0x10 [ 1384.956129][T32196] vfs_writev+0x6ec/0xde0 [ 1384.957971][T32196] ? __pfx_vfs_writev+0x10/0x10 [ 1384.960036][T32196] ? __fget_files+0x24c/0x400 [ 1384.962046][T32196] ? do_writev+0x137/0x370 [ 1384.963930][T32196] do_writev+0x137/0x370 [ 1384.965590][T32196] ? __pfx_do_writev+0x10/0x10 [ 1384.967373][T32196] __do_fast_syscall_32+0x73/0x120 [ 1384.969417][T32196] do_fast_syscall_32+0x32/0x80 [ 1384.971480][T32196] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1384.974130][T32196] RIP: 0023:0xf740d579 [ 1384.975706][T32196] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1384.982830][T32196] RSP: 002b:00000000f5d0457c EFLAGS: 00000292 ORIG_RAX: 0000000000000092 [ 1384.986255][T32196] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000400 [ 1384.989528][T32196] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 [ 1384.992839][T32196] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1384.996151][T32196] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1384.999138][T32196] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1385.002188][T32196] [ 1385.175023][T32198] veth1_macvtap: left promiscuous mode [ 1385.177600][T32198] macsec0: entered allmulticast mode [ 1385.211069][T32200] overlayfs: missing 'lowerdir' [ 1385.372985][T24252] Bluetooth: Unexpected start frame (len 28) [ 1385.450679][T32207] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8292'. [ 1385.515081][T32209] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8293'. [ 1385.579301][T32209] veth19: entered allmulticast mode [ 1385.583624][T32207] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8292'. [ 1385.587928][T32210] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8293'. [ 1385.675411][T32212] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8294'. [ 1385.711451][T32212] veth21: entered allmulticast mode [ 1385.745379][T32212] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8294'. [ 1385.926474][T32217] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 1385.992449][T32221] FAULT_INJECTION: forcing a failure. [ 1385.992449][T32221] name failslab, interval 1, probability 0, space 0, times 0 [ 1385.999134][T32221] CPU: 3 PID: 32221 Comm: syz.0.8298 Not tainted 6.10.0-syzkaller #0 [ 1386.002695][T32221] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1386.007176][T32221] Call Trace: [ 1386.008650][T32221] [ 1386.009935][T32221] dump_stack_lvl+0x16c/0x1f0 [ 1386.011947][T32221] should_fail_ex+0x497/0x5b0 [ 1386.013981][T32221] should_failslab+0x9/0x20 [ 1386.015980][T32221] kmem_cache_alloc_node_noprof+0x71/0x310 [ 1386.018525][T32221] ? __alloc_skb+0x2b3/0x380 [ 1386.020568][T32221] __alloc_skb+0x2b3/0x380 [ 1386.022561][T32221] ? __pfx___alloc_skb+0x10/0x10 [ 1386.024795][T32221] ? __pfx___might_resched+0x10/0x10 [ 1386.027148][T32221] netlink_alloc_large_skb+0x69/0x130 [ 1386.029560][T32221] netlink_sendmsg+0x689/0xd70 [ 1386.031673][T32221] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1386.034013][T32221] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1386.036328][T32221] ____sys_sendmsg+0x9b4/0xb50 [ 1386.038463][T32221] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1386.040805][T32221] ? get_compat_msghdr+0x11b/0x170 [ 1386.043093][T32221] ? __pfx___lock_acquire+0x10/0x10 [ 1386.045374][T32221] ___sys_sendmsg+0x135/0x1e0 [ 1386.047464][T32221] ? __pfx____sys_sendmsg+0x10/0x10 [ 1386.049792][T32221] ? ksys_write+0x21c/0x260 [ 1386.051696][T32221] ? __fget_light+0x173/0x210 [ 1386.053675][T32221] __sys_sendmsg+0x117/0x1f0 [ 1386.055666][T32221] ? __pfx___sys_sendmsg+0x10/0x10 [ 1386.057859][T32221] __do_fast_syscall_32+0x73/0x120 [ 1386.060128][T32221] do_fast_syscall_32+0x32/0x80 [ 1386.062303][T32221] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1386.065021][T32221] RIP: 0023:0xf740d579 [ 1386.066761][T32221] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1386.075042][T32221] RSP: 002b:00000000f5d2557c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 1386.078627][T32221] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200002c0 [ 1386.082100][T32221] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1386.085545][T32221] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1386.088945][T32221] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1386.092384][T32221] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1386.095863][T32221] [ 1386.799079][T24252] Bluetooth: hci3: unexpected event for opcode 0x203b [ 1387.058708][T32233] veth13: entered allmulticast mode [ 1387.169987][T32235] veth15: entered allmulticast mode [ 1387.194638][ T1276] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 1387.334270][T24252] Bluetooth: Unexpected start frame (len 28) [ 1387.384546][ T1276] usb 6-1: Using ep0 maxpacket: 32 [ 1387.399261][ T1276] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1387.403022][ T1276] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1387.410751][ T1276] usb 6-1: config 0 descriptor?? [ 1387.415456][ T1276] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1387.704995][T24252] Bluetooth: Unexpected start frame (len 28) [ 1387.914665][T32245] netlink: 'syz.2.8306': attribute type 1 has an invalid length. [ 1388.006506][ T1276] gspca_nw80x: reg_r err -71 [ 1388.008630][ T1276] nw80x 6-1:0.0: probe with driver nw80x failed with error -71 [ 1388.017748][ T1276] usb 6-1: USB disconnect, device number 39 [ 1388.306820][ T39] audit: type=1326 audit(1721039157.929:2028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32248 comm="syz.0.8307" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x0 [ 1388.464900][ T55] usb 7-1: new high-speed USB device number 46 using dummy_hcd [ 1388.610320][T24252] Bluetooth: hci2: unexpected event for opcode 0x203b [ 1388.654495][ T55] usb 7-1: Using ep0 maxpacket: 32 [ 1388.663632][ T55] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1388.673314][ T55] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1388.685379][ T55] usb 7-1: config 0 descriptor?? [ 1388.688867][ T55] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1388.821658][T32258] __nla_validate_parse: 6 callbacks suppressed [ 1388.821676][T32258] netlink: 40 bytes leftover after parsing attributes in process `syz.1.8310'. [ 1388.994998][T32260] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8311'. [ 1389.094039][T32260] veth9: entered allmulticast mode [ 1389.104445][T32261] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8311'. [ 1389.226200][T32264] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8312'. [ 1389.383343][T24252] Bluetooth: hci2: SCO packet for unknown connection handle 200 [ 1389.413265][ T55] gspca_nw80x: reg_r err -71 [ 1389.420071][ T55] nw80x 7-1:0.0: probe with driver nw80x failed with error -71 [ 1389.422092][T24252] Bluetooth: Unexpected start frame (len 10) [ 1389.426031][T24252] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 1389.427461][ T55] usb 7-1: USB disconnect, device number 46 [ 1389.504039][T32271] netlink: 'syz.3.8315': attribute type 10 has an invalid length. [ 1390.379919][T32282] netlink: 'syz.3.8317': attribute type 1 has an invalid length. [ 1390.398647][T32277] Process accounting resumed [ 1390.823442][T32292] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8321'. [ 1390.835845][T24252] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 1390.846673][T24252] Bluetooth: hci3: Injecting HCI hardware error event [ 1390.853057][T16659] Bluetooth: hci3: hardware error 0x00 [ 1390.867907][T32292] veth23: entered allmulticast mode [ 1390.883975][T32292] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8321'. [ 1391.051842][T32295] netlink: 40 bytes leftover after parsing attributes in process `syz.3.8322'. [ 1391.079062][ T39] audit: type=1326 audit(1721039160.699:2029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32289 comm="syz.2.8320" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73a8579 code=0x0 [ 1391.385938][T32304] netlink: 'syz.1.8326': attribute type 10 has an invalid length. [ 1391.448001][T24252] Bluetooth: hci3: Malformed LE Event: 0x02 [ 1391.550125][T32311] bridge0: entered allmulticast mode [ 1391.738821][T32315] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8330'. [ 1391.779709][T32315] veth7: entered allmulticast mode [ 1391.844535][T32320] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8332'. [ 1391.875482][T32320] veth17: entered allmulticast mode [ 1391.878090][T32317] netlink: 'syz.2.8331': attribute type 10 has an invalid length. [ 1391.899894][T32320] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8332'. [ 1392.313750][T32334] netlink: 'syz.3.8337': attribute type 10 has an invalid length. [ 1392.504896][ T5208] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 1392.507584][ T5208] Bluetooth: hci1: command 0x0419 tx timeout [ 1392.664604][T32332] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 1392.667688][T32332] Bluetooth: hci2: Injecting HCI hardware error event [ 1392.755926][T32342] veth9: entered allmulticast mode [ 1392.905325][T16659] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 1393.054510][ T55] usb 7-1: new high-speed USB device number 47 using dummy_hcd [ 1393.226548][T32348] overlayfs: missing 'lowerdir' [ 1393.238362][ T55] usb 7-1: Using ep0 maxpacket: 32 [ 1393.242727][ T55] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1393.246693][ T55] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1393.251903][ T55] usb 7-1: config 0 descriptor?? [ 1393.256796][ T55] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1393.457552][T32350] veth25: entered allmulticast mode [ 1393.530938][T32353] FAULT_INJECTION: forcing a failure. [ 1393.530938][T32353] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1393.536833][T32353] CPU: 1 PID: 32353 Comm: syz.3.8344 Not tainted 6.10.0-syzkaller #0 [ 1393.540280][T32353] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1393.544215][T32353] Call Trace: [ 1393.545585][T32353] [ 1393.546583][T32353] dump_stack_lvl+0x16c/0x1f0 [ 1393.548223][T32353] should_fail_ex+0x497/0x5b0 [ 1393.550256][T32353] _copy_from_user+0x30/0xf0 [ 1393.552078][T32353] sg_write+0x788/0xe10 [ 1393.553885][T32353] ? __pfx_sg_write+0x10/0x10 [ 1393.555532][T32353] ? __pfx_mark_lock+0x10/0x10 [ 1393.557673][T32353] ? apparmor_file_permission+0x251/0x410 [ 1393.559960][T32353] ? bpf_lsm_file_permission+0x9/0x10 [ 1393.562089][T32353] ? security_file_permission+0x98/0xc0 [ 1393.564321][T32353] ? __pfx_sg_write+0x10/0x10 [ 1393.566274][T32353] vfs_writev+0x6ec/0xde0 [ 1393.568109][T32353] ? __pfx_vfs_writev+0x10/0x10 [ 1393.570282][T32353] ? __fget_files+0x24c/0x400 [ 1393.572429][T32353] ? do_writev+0x137/0x370 [ 1393.574409][T32353] do_writev+0x137/0x370 [ 1393.576308][T32353] ? __pfx_do_writev+0x10/0x10 [ 1393.578492][T32353] __do_fast_syscall_32+0x73/0x120 [ 1393.580790][T32353] do_fast_syscall_32+0x32/0x80 [ 1393.582999][T32353] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1393.585652][T32353] RIP: 0023:0xf749d579 [ 1393.587258][T32353] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1393.595555][T32353] RSP: 002b:00000000f5db557c EFLAGS: 00000292 ORIG_RAX: 0000000000000092 [ 1393.599266][T32353] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000400 [ 1393.602783][T32353] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 [ 1393.606309][T32353] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1393.609809][T32353] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1393.613428][T32353] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1393.616968][T32353] [ 1393.870232][ T55] gspca_nw80x: reg_r err -71 [ 1393.872168][ T55] nw80x 7-1:0.0: probe with driver nw80x failed with error -71 [ 1393.876762][ T55] usb 7-1: USB disconnect, device number 47 [ 1393.978313][T32356] __nla_validate_parse: 5 callbacks suppressed [ 1393.978332][T32356] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8345'. [ 1394.194607][T16659] Bluetooth: hci2: command 0x0406 tx timeout [ 1394.195143][T24252] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 1394.199733][T24252] Bluetooth: hci2: hardware error 0x00 [ 1394.718779][T32361] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 1394.722587][T32361] Bluetooth: MGMT ver 1.22 [ 1394.761648][T32364] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8348'. [ 1394.793565][T32364] veth11: entered allmulticast mode [ 1394.874288][ T5208] Bluetooth: hci0: unexpected event for opcode 0x203b [ 1395.031697][ T5208] Bluetooth: Unexpected start frame (len 28) [ 1395.032362][T32369] netlink: 40 bytes leftover after parsing attributes in process `syz.3.8351'. [ 1395.821115][T32392] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8359'. [ 1395.913278][T32392] veth11: entered allmulticast mode [ 1396.088672][T32396] netlink: 'syz.1.8360': attribute type 10 has an invalid length. [ 1396.264525][T24252] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1396.504549][T16659] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 1396.507010][T16659] Bluetooth: hci1: command 0x0419 tx timeout [ 1396.744733][T32332] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1397.412230][T32412] FAULT_INJECTION: forcing a failure. [ 1397.412230][T32412] name failslab, interval 1, probability 0, space 0, times 0 [ 1397.427202][T32412] CPU: 1 PID: 32412 Comm: syz.1.8365 Not tainted 6.10.0-syzkaller #0 [ 1397.430562][T32412] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1397.434562][T32412] Call Trace: [ 1397.436053][T32412] [ 1397.437367][T32412] dump_stack_lvl+0x16c/0x1f0 [ 1397.439449][T32412] should_fail_ex+0x497/0x5b0 [ 1397.441537][T32412] should_failslab+0x9/0x20 [ 1397.443535][T32412] __kmalloc_noprof+0xcf/0x420 [ 1397.445618][T32412] bpf_test_init.isra.0+0xa5/0x150 [ 1397.447691][T32412] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 1397.450131][T32412] bpf_prog_test_run_skb+0x23b/0x1de0 [ 1397.452364][T32412] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 1397.454598][T32412] ? fput+0x32/0x390 [ 1397.455936][T32412] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 1397.458225][T32412] __sys_bpf+0x1787/0x5830 [ 1397.460100][T32412] ? __pfx___sys_bpf+0x10/0x10 [ 1397.462116][T32412] ? ksys_write+0x21c/0x260 [ 1397.463797][T32412] ? __pfx_lock_release+0x10/0x10 [ 1397.466020][T32412] ? __mutex_unlock_slowpath+0x164/0x650 [ 1397.468501][T32412] ? fput+0x32/0x390 [ 1397.470236][T32412] ? ksys_write+0x1ab/0x260 [ 1397.472243][T32412] ? __pfx_ksys_write+0x10/0x10 [ 1397.474413][T32412] __ia32_sys_bpf+0x76/0xe0 [ 1397.476445][T32412] __do_fast_syscall_32+0x73/0x120 [ 1397.478778][T32412] do_fast_syscall_32+0x32/0x80 [ 1397.480941][T32412] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1397.483683][T32412] RIP: 0023:0xf747f579 [ 1397.485517][T32412] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1397.492277][T32412] RSP: 002b:00000000f5d9757c EFLAGS: 00000292 ORIG_RAX: 0000000000000165 [ 1397.495516][T32412] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000200002c0 [ 1397.498615][T32412] RDX: 000000000000004c RSI: 0000000000000000 RDI: 0000000000000000 [ 1397.500936][T32412] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1397.503479][T32412] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1397.506601][T32412] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1397.509766][T32412] [ 1397.947112][T32417] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8367'. [ 1398.015769][T32417] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8367'. [ 1398.332391][T32419] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8368'. [ 1398.374595][T32419] veth13: entered allmulticast mode [ 1398.433070][T32421] FAULT_INJECTION: forcing a failure. [ 1398.433070][T32421] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1398.437699][T32421] CPU: 1 PID: 32421 Comm: syz.1.8369 Not tainted 6.10.0-syzkaller #0 [ 1398.440128][T32421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1398.443815][T32421] Call Trace: [ 1398.445335][T32421] [ 1398.446607][T32421] dump_stack_lvl+0x16c/0x1f0 [ 1398.448368][T32421] should_fail_ex+0x497/0x5b0 [ 1398.450176][T32421] _copy_from_user+0x30/0xf0 [ 1398.451987][T32421] sg_write+0x788/0xe10 [ 1398.453530][T32421] ? __pfx_sg_write+0x10/0x10 [ 1398.455231][T32421] ? __pfx_mark_lock+0x10/0x10 [ 1398.456999][T32421] ? apparmor_file_permission+0x251/0x410 [ 1398.459115][T32421] ? bpf_lsm_file_permission+0x9/0x10 [ 1398.461103][T32421] ? security_file_permission+0x98/0xc0 [ 1398.463192][T32421] ? __pfx_sg_write+0x10/0x10 [ 1398.465068][T32421] vfs_writev+0x6ec/0xde0 [ 1398.466593][T32421] ? __pfx_vfs_writev+0x10/0x10 [ 1398.468115][T32421] ? __fget_files+0x24c/0x400 [ 1398.469898][T32421] ? do_writev+0x137/0x370 [ 1398.471569][T32421] do_writev+0x137/0x370 [ 1398.472980][T32421] ? __pfx_do_writev+0x10/0x10 [ 1398.474473][T32421] __do_fast_syscall_32+0x73/0x120 [ 1398.476315][T32421] do_fast_syscall_32+0x32/0x80 [ 1398.478256][T32421] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1398.480106][T32421] RIP: 0023:0xf747f579 [ 1398.481573][T32421] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1398.488280][T32421] RSP: 002b:00000000f5d9757c EFLAGS: 00000292 ORIG_RAX: 0000000000000092 [ 1398.491312][T32421] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000400 [ 1398.494195][T32421] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 [ 1398.497123][T32421] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1398.500143][T32421] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1398.503107][T32421] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1398.506048][T32421] [ 1398.641987][T32424] netlink: 60 bytes leftover after parsing attributes in process `syz.1.8370'. [ 1398.691223][T32424] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8370'. [ 1398.824786][T32332] Bluetooth: hci0: Opcode 0x206a failed: -110 [ 1399.471044][T32434] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8374'. [ 1399.664763][ T5269] usb 7-1: new high-speed USB device number 48 using dummy_hcd [ 1399.864701][ T5269] usb 7-1: Using ep0 maxpacket: 32 [ 1399.884775][ T5269] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1399.888608][ T5269] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1399.903398][ T5269] usb 7-1: config 0 descriptor?? [ 1399.910304][ T5269] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1400.195652][T32443] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8377'. [ 1400.241219][T32443] veth19: entered allmulticast mode [ 1400.528084][ T5269] gspca_nw80x: reg_r err -71 [ 1400.530264][ T5269] nw80x 7-1:0.0: probe with driver nw80x failed with error -71 [ 1400.540695][ T5269] usb 7-1: USB disconnect, device number 48 [ 1401.001831][T32460] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8384'. [ 1401.040855][T32463] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8385'. [ 1401.224558][T32332] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 1401.224662][T24252] Bluetooth: hci1: command 0x0419 tx timeout [ 1401.231042][T32469] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8386'. [ 1401.364973][T32469] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8386'. [ 1402.331290][ T39] audit: type=1326 audit(1721039683.948:2030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32480 comm="syz.1.8389" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747f579 code=0x0 [ 1403.218914][T32494] netlink: 'syz.0.8392': attribute type 10 has an invalid length. [ 1404.557203][T32518] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 1404.644760][ T55] usb 7-1: new high-speed USB device number 49 using dummy_hcd [ 1404.740459][T32525] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 1404.845124][ T55] usb 7-1: Using ep0 maxpacket: 16 [ 1404.848977][ T55] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1404.853198][ T55] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1404.857168][ T55] usb 7-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1404.860693][ T55] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1404.865674][ T55] usb 7-1: config 0 descriptor?? [ 1404.902766][T32530] netlink: 'syz.1.8404': attribute type 10 has an invalid length. [ 1405.344357][T32539] IPv6: NLM_F_REPLACE set, but no existing node found! [ 1405.376258][T32538] netlink: 'syz.0.8407': attribute type 10 has an invalid length. [ 1405.627318][ T55] usbhid 7-1:0.0: can't add hid device: -71 [ 1405.639487][ T55] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1405.644487][ T55] usb 7-1: USB disconnect, device number 49 [ 1405.734050][T32548] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8409'. [ 1405.815825][T32548] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8409'. [ 1406.288333][T32555] netlink: 92 bytes leftover after parsing attributes in process `syz.0.8411'. [ 1406.584855][T24252] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1406.904615][T13915] usb 6-1: new high-speed USB device number 40 using dummy_hcd [ 1407.064532][T13915] usb 6-1: device descriptor read/64, error -71 [ 1407.308830][T32569] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8417'. [ 1407.334539][T13915] usb 6-1: new high-speed USB device number 41 using dummy_hcd [ 1407.422706][T32571] netlink: 'syz.0.8418': attribute type 10 has an invalid length. [ 1407.504500][T13915] usb 6-1: device descriptor read/64, error -71 [ 1407.624770][T13915] usb usb6-port1: attempt power cycle [ 1407.630369][T32580] overlayfs: missing 'lowerdir' [ 1407.676224][T32582] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1408.034515][T13915] usb 6-1: new high-speed USB device number 42 using dummy_hcd [ 1408.065259][T13915] usb 6-1: device descriptor read/8, error -71 [ 1408.249172][T32589] netlink: 'syz.2.8425': attribute type 10 has an invalid length. [ 1408.334485][T13915] usb 6-1: new high-speed USB device number 43 using dummy_hcd [ 1408.347646][T32594] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8426'. [ 1408.375084][T13915] usb 6-1: device descriptor read/8, error -71 [ 1408.379729][T32594] veth21: entered allmulticast mode [ 1408.486786][T32598] overlayfs: missing 'lowerdir' [ 1408.511881][T13915] usb usb6-port1: unable to enumerate USB device [ 1408.549540][T32603] overlayfs: missing 'lowerdir' [ 1408.790897][T32609] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1408.884608][ T5269] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 1409.074516][ T5269] usb 5-1: Using ep0 maxpacket: 16 [ 1409.079480][ T5269] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1409.083980][ T5269] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1409.087683][ T5269] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1409.091320][ T5269] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1409.095669][ T5269] usb 5-1: config 0 descriptor?? [ 1409.348214][T32613] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8435'. [ 1409.383251][T32613] veth27: entered allmulticast mode [ 1409.422860][T32615] netlink: 'syz.3.8436': attribute type 21 has an invalid length. [ 1409.427585][T32615] netlink: 'syz.3.8436': attribute type 1 has an invalid length. [ 1409.562278][T32621] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8438'. [ 1409.710441][T32625] overlayfs: missing 'lowerdir' [ 1409.860202][ T5269] usbhid 5-1:0.0: can't add hid device: -71 [ 1409.871520][ T5269] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1409.878427][ T5269] usb 5-1: USB disconnect, device number 59 [ 1410.049590][T32636] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8444'. [ 1410.082943][T32636] veth23: entered allmulticast mode [ 1410.104557][T13915] usb 6-1: new high-speed USB device number 44 using dummy_hcd [ 1410.284452][T13915] usb 6-1: Using ep0 maxpacket: 32 [ 1410.290780][T13915] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1410.293996][T13915] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1410.306423][T13915] usb 6-1: config 0 descriptor?? [ 1410.312726][T13915] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1410.856700][T13915] gspca_nw80x: reg_r err -71 [ 1410.858803][T13915] nw80x 6-1:0.0: probe with driver nw80x failed with error -71 [ 1410.865077][T13915] usb 6-1: USB disconnect, device number 44 [ 1411.194796][T32646] overlayfs: missing 'lowerdir' [ 1411.196903][ T5269] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 1411.344548][ T5269] usb 5-1: device descriptor read/64, error -71 [ 1411.449110][T32658] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8453'. [ 1411.483036][T32658] veth13: entered allmulticast mode [ 1411.614522][ T5269] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 1411.764535][ T5269] usb 5-1: device descriptor read/64, error -71 [ 1411.885512][ T5269] usb usb5-port1: attempt power cycle [ 1411.920885][T32672] overlayfs: missing 'lowerdir' [ 1412.024500][T24252] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1412.304629][ T5269] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 1412.335358][ T5269] usb 5-1: device descriptor read/8, error -71 [ 1412.547408][T32684] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8462'. [ 1412.564051][T32680] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8460'. [ 1412.614694][ T5269] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 1412.679796][ T5269] usb 5-1: device descriptor read/8, error -71 [ 1412.707345][T32684] veth15: entered allmulticast mode [ 1412.795781][ T5269] usb usb5-port1: unable to enumerate USB device [ 1413.115806][T32694] overlayfs: missing 'lowerdir' [ 1413.624502][T32332] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 1413.624620][T24252] Bluetooth: hci1: command 0x0419 tx timeout [ 1413.630668][T32332] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 1413.645040][T32332] Bluetooth: hci1: unexpected event 0x2f length: 763 > 260 [ 1414.035762][T32721] netlink: 32 bytes leftover after parsing attributes in process `syz.3.8475'. [ 1414.113496][T32724] overlayfs: missing 'lowerdir' [ 1414.149321][T32725] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8474'. [ 1414.570137][ T39] audit: type=1326 audit(1721042256.188:2031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32732 comm="syz.3.8478" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x0 [ 1414.783579][T32738] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8479'. [ 1414.904173][T32738] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8479'. [ 1415.505211][ T39] audit: type=1326 audit(1721042257.128:2032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32742 comm="syz.1.8481" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747f579 code=0x0 [ 1415.704517][T24252] Bluetooth: hci1: command 0x0419 tx timeout [ 1415.737777][T32749] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8483'. [ 1416.024538][T32332] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1417.508807][ T39] audit: type=1326 audit(1721042771.125:2033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32766 comm="syz.1.8490" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747f579 code=0x0 [ 1417.933573][ T320] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1418.325244][ T329] netlink: 60 bytes leftover after parsing attributes in process `syz.1.8501'. [ 1418.352507][ T329] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8501'. [ 1418.598286][ T331] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8502'. [ 1418.824506][T32332] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1418.964545][T32332] Bluetooth: hci1: unexpected event 0x2f length: 763 > 260 [ 1419.214981][ T351] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8508'. [ 1419.350540][ T351] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8508'. [ 1419.726816][ T39] audit: type=1326 audit(1721044309.355:2034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=349 comm="syz.2.8509" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73a8579 code=0x0 [ 1419.934828][ T355] netlink: 'syz.1.8510': attribute type 10 has an invalid length. [ 1420.474498][ T5269] usb 7-1: new high-speed USB device number 50 using dummy_hcd [ 1420.630268][ T5269] usb 7-1: device descriptor read/64, error -71 [ 1420.695769][ T361] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1420.895035][ T5269] usb 7-1: new high-speed USB device number 51 using dummy_hcd [ 1421.054568][ T5269] usb 7-1: device descriptor read/64, error -71 [ 1421.178281][ T5269] usb usb7-port1: attempt power cycle [ 1421.604564][ T5269] usb 7-1: new high-speed USB device number 52 using dummy_hcd [ 1421.635618][ T5269] usb 7-1: device descriptor read/8, error -71 [ 1421.904515][ T5269] usb 7-1: new high-speed USB device number 53 using dummy_hcd [ 1421.937608][ T5269] usb 7-1: device descriptor read/8, error -71 [ 1422.061171][ T5269] usb usb7-port1: unable to enumerate USB device [ 1422.063055][ T366] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8514'. [ 1422.412810][ T374] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8516'. [ 1422.436982][ T377] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8518'. [ 1423.069647][ T383] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1423.128013][ T384] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8519'. [ 1423.148703][ T1352] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.580476][ T402] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8526'. [ 1423.686652][ T5269] usb 7-1: new high-speed USB device number 54 using dummy_hcd [ 1423.738878][ T405] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8527'. [ 1423.780893][ T405] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8527'. [ 1423.864618][ T5269] usb 7-1: Using ep0 maxpacket: 32 [ 1423.871194][ T5269] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1423.875543][ T5269] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1423.884115][ T5269] usb 7-1: config 0 descriptor?? [ 1423.893321][ T5269] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1424.184640][T32332] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1424.281553][ T5269] gspca_nw80x: reg_w err -71 [ 1424.284550][ T5269] nw80x 7-1:0.0: probe with driver nw80x failed with error -71 [ 1424.289627][ T5269] usb 7-1: USB disconnect, device number 54 [ 1424.706460][ T415] netlink: 'syz.1.8530': attribute type 10 has an invalid length. [ 1424.746942][ T413] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8529'. [ 1424.908016][ T420] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8531'. [ 1424.982406][ T420] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8531'. [ 1425.879565][ T430] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8536'. [ 1426.080754][ T436] netlink: 248 bytes leftover after parsing attributes in process `syz.3.8538'. [ 1426.785715][ T444] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8540'. [ 1426.949722][ T448] netlink: 'syz.1.8542': attribute type 10 has an invalid length. [ 1427.104912][ T451] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8541'. [ 1427.595027][T12794] usb 7-1: new high-speed USB device number 55 using dummy_hcd [ 1427.774483][T12794] usb 7-1: Using ep0 maxpacket: 32 [ 1427.779169][T12794] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1427.783264][T12794] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1427.788807][T12794] usb 7-1: config 0 descriptor?? [ 1427.793797][T12794] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1427.889352][ T468] netlink: 'syz.1.8548': attribute type 10 has an invalid length. [ 1427.944511][T32332] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1428.181475][T12794] gspca_nw80x: reg_w err -71 [ 1428.183643][T12794] nw80x 7-1:0.0: probe with driver nw80x failed with error -71 [ 1428.193076][T12794] usb 7-1: USB disconnect, device number 55 [ 1428.896563][ T498] __nla_validate_parse: 3 callbacks suppressed [ 1428.896573][ T498] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8557'. [ 1429.030935][T24252] Bluetooth: Unexpected start frame (len 28) [ 1429.136926][ T504] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8559'. [ 1429.422634][ T509] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8561'. [ 1429.992388][ T522] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8563'. [ 1430.504399][ T533] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8568'. [ 1430.671952][ T537] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8569'. [ 1430.744496][T32332] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1430.865739][ T540] netlink: 'syz.2.8570': attribute type 10 has an invalid length. [ 1431.147185][ T549] overlayfs: missing 'lowerdir' [ 1432.550511][ T576] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8581'. [ 1432.828257][T32332] Bluetooth: hci1: unexpected event 0x2f length: 763 > 260 [ 1432.948399][ T586] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8584'. [ 1433.033715][ T586] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8584'. [ 1433.163691][ T588] netlink: 'syz.2.8585': attribute type 10 has an invalid length. [ 1433.907999][ T597] overlayfs: missing 'lowerdir' [ 1434.706571][ T619] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8594'. [ 1434.728275][T24252] Bluetooth: hci1: unexpected event 0x2f length: 763 > 260 [ 1434.915057][ T626] overlayfs: missing 'lowerdir' [ 1436.104645][T32332] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1436.396650][ T650] overlayfs: missing 'lowerdir' [ 1436.704437][ T39] audit: type=1326 audit(1721047910.326:2035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=654 comm="syz.2.8609" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73a8579 code=0x0 [ 1436.791400][ T661] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8610'. [ 1437.484121][ T684] overlayfs: missing 'lowerdir' [ 1437.645916][ T695] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8621'. [ 1437.719626][ T694] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8619'. [ 1437.800181][ T701] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8622'. [ 1437.820676][ T701] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8622'. [ 1438.302126][ T39] audit: type=1326 audit(1721048423.923:2036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=702 comm="syz.3.8624" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x0 [ 1438.809597][ T715] overlayfs: missing 'lowerdir' [ 1439.226001][T32332] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1439.416624][T24252] Bluetooth: hci1: unexpected event 0x2f length: 763 > 260 [ 1440.126337][ T731] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8633'. [ 1440.175350][ T734] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8634'. [ 1440.861134][ T738] overlayfs: missing 'lowerdir' [ 1441.127927][ T753] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8641'. [ 1441.259330][ T757] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1441.304782][T32332] Bluetooth: hci0: Opcode 0x206a failed: -110 [ 1441.309562][ T39] audit: type=1326 audit(1721048426.933:2037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=746 comm="syz.2.8639" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73a8579 code=0x0 [ 1441.509534][ T765] overlayfs: missing 'lowerdir' [ 1441.784536][T24252] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 1441.784558][T16659] Bluetooth: hci1: command 0x0419 tx timeout [ 1442.180403][ T773] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8649'. [ 1442.709485][ T782] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8652'. [ 1442.958631][T16659] Bluetooth: hci1: unexpected event 0x2f length: 763 > 260 [ 1443.002781][ T792] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1443.384474][ T39] audit: type=1326 audit(1721048941.003:2038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=795 comm="syz.3.8658" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x0 [ 1443.386034][T32332] Bluetooth: hci0: Opcode 0x206a failed: -110 [ 1443.398421][T32332] ================================================================== [ 1443.402230][T32332] BUG: KASAN: slab-use-after-free in set_powered_sync+0xc1/0xd0 [ 1443.406257][T32332] Read of size 8 at addr ffff88802b4c7818 by task kworker/u33:4/32332 [ 1443.411132][T32332] [ 1443.412682][T32332] CPU: 0 PID: 32332 Comm: kworker/u33:4 Not tainted 6.10.0-syzkaller #0 [ 1443.416368][T32332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1443.420822][T32332] Workqueue: hci0 hci_cmd_sync_work [ 1443.423205][T32332] Call Trace: [ 1443.424794][T32332] [ 1443.426206][T32332] dump_stack_lvl+0x116/0x1f0 [ 1443.428293][T32332] print_report+0xc3/0x620 [ 1443.430185][T32332] ? __virt_addr_valid+0x5e/0x590 [ 1443.432163][T32332] ? __phys_addr+0xc6/0x150 [ 1443.433974][T32332] kasan_report+0xd9/0x110 [ 1443.435702][T32332] ? set_powered_sync+0xc1/0xd0 [ 1443.437730][T32332] ? set_powered_sync+0xc1/0xd0 [ 1443.440130][T32332] set_powered_sync+0xc1/0xd0 [ 1443.442963][T32332] hci_cmd_sync_work+0x1a4/0x410 [ 1443.445896][T32332] process_one_work+0x958/0x1ad0 [ 1443.448473][T32332] ? __pfx_lock_acquire+0x10/0x10 [ 1443.451251][T32332] ? __pfx_process_one_work+0x10/0x10 [ 1443.453799][T32332] ? assign_work+0x1a0/0x250 [ 1443.455827][T32332] worker_thread+0x6c8/0xf30 [ 1443.457814][T32332] ? __kthread_parkme+0x148/0x220 [ 1443.460043][T32332] ? __pfx_worker_thread+0x10/0x10 [ 1443.462430][T32332] kthread+0x2c1/0x3a0 [ 1443.464245][T32332] ? _raw_spin_unlock_irq+0x23/0x50 [ 1443.466515][T32332] ? __pfx_kthread+0x10/0x10 [ 1443.468576][T32332] ret_from_fork+0x45/0x80 [ 1443.470612][T32332] ? __pfx_kthread+0x10/0x10 [ 1443.472738][T32332] ret_from_fork_asm+0x1a/0x30 [ 1443.475133][T32332] [ 1443.476514][T32332] [ 1443.477595][T32332] Allocated by task 759: [ 1443.479528][T32332] kasan_save_stack+0x33/0x60 [ 1443.481613][T32332] kasan_save_track+0x14/0x30 [ 1443.483837][T32332] __kasan_kmalloc+0xaa/0xb0 [ 1443.485958][T32332] mgmt_pending_new+0x5b/0x290 [ 1443.488065][T32332] mgmt_pending_add+0x36/0x160 [ 1443.490200][T32332] set_powered+0x28c/0x5c0 [ 1443.492102][T32332] hci_sock_sendmsg+0x1526/0x25e0 [ 1443.494084][T32332] sock_write_iter+0x50a/0x5c0 [ 1443.495969][T32332] vfs_write+0x6b6/0x1140 [ 1443.497732][T32332] ksys_write+0x1f8/0x260 [ 1443.499425][T32332] __do_fast_syscall_32+0x73/0x120 [ 1443.501427][T32332] do_fast_syscall_32+0x32/0x80 [ 1443.503383][T32332] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1443.506109][T32332] [ 1443.507157][T32332] Freed by task 803: [ 1443.508936][T32332] kasan_save_stack+0x33/0x60 [ 1443.510807][T32332] kasan_save_track+0x14/0x30 [ 1443.512874][T32332] kasan_save_free_info+0x3b/0x60 [ 1443.515109][T32332] poison_slab_object+0xf7/0x160 [ 1443.517273][T32332] __kasan_slab_free+0x32/0x50 [ 1443.519443][T32332] kfree+0x12a/0x3b0 [ 1443.521143][T32332] cmd_complete_rsp+0x119/0x160 [ 1443.523114][T32332] mgmt_pending_foreach+0xdf/0x140 [ 1443.525357][T32332] mgmt_index_removed+0x11f/0x2e0 [ 1443.527592][T32332] hci_sock_bind+0xc6d/0x1810 [ 1443.529684][T32332] __sys_bind+0x1f3/0x220 [ 1443.531617][T32332] __ia32_sys_bind+0x71/0xb0 [ 1443.533442][T32332] __do_fast_syscall_32+0x73/0x120 [ 1443.535440][T32332] do_fast_syscall_32+0x32/0x80 [ 1443.537304][T32332] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1443.539641][T32332] [ 1443.540719][T32332] The buggy address belongs to the object at ffff88802b4c7800 [ 1443.540719][T32332] which belongs to the cache kmalloc-96 of size 96 [ 1443.546548][T32332] The buggy address is located 24 bytes inside of [ 1443.546548][T32332] freed 96-byte region [ffff88802b4c7800, ffff88802b4c7860) [ 1443.552288][T32332] [ 1443.553354][T32332] The buggy address belongs to the physical page: [ 1443.556449][T32332] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802b4c7900 pfn:0x2b4c7 [ 1443.561119][T32332] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1443.564141][T32332] page_type: 0xffffefff(slab) [ 1443.566187][T32332] raw: 00fff00000000000 ffff888015442280 ffffea0000546b80 dead000000000005 [ 1443.569436][T32332] raw: ffff88802b4c7900 0000000080200019 00000001ffffefff 0000000000000000 [ 1443.572830][T32332] page dumped because: kasan: bad access detected [ 1443.575339][T32332] page_owner tracks the page as allocated [ 1443.578075][T32332] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5217, tgid 5217 (syz-executor), ts 61729404046, free_ts 61131851045 [ 1443.588462][T32332] post_alloc_hook+0x2d1/0x350 [ 1443.590714][T32332] get_page_from_freelist+0x1353/0x2e50 [ 1443.593156][T32332] __alloc_pages_noprof+0x22b/0x2460 [ 1443.595463][T32332] alloc_slab_page+0x56/0x110 [ 1443.597602][T32332] new_slab+0x84/0x260 [ 1443.599764][T32332] ___slab_alloc+0xdac/0x1870 [ 1443.601647][T32332] __slab_alloc.constprop.0+0x56/0xb0 [ 1443.603884][T32332] kmalloc_node_track_caller_noprof+0x365/0x440 [ 1443.606622][T32332] kmemdup_noprof+0x29/0x60 [ 1443.608602][T32332] xt_register_table+0xad/0x680 [ 1443.610799][T32332] ipt_register_table+0x131/0x420 [ 1443.612825][T32332] iptable_filter_table_init+0x75/0xa0 [ 1443.614955][T32332] xt_find_table_lock+0x2df/0x4f0 [ 1443.616895][T32332] xt_request_find_table_lock+0x28/0xf0 [ 1443.618794][T32332] get_info+0x1a1/0x750 [ 1443.620244][T32332] do_ipt_get_ctl+0x16a/0xaa0 [ 1443.621891][T32332] page last free pid 108 tgid 108 stack trace: [ 1443.624022][T32332] free_unref_page+0x64a/0xe40 [ 1443.625997][T32332] __put_partials+0x14c/0x170 [ 1443.628050][T32332] qlist_free_all+0x4e/0x140 [ 1443.630194][T32332] kasan_quarantine_reduce+0x192/0x1e0 [ 1443.632564][T32332] __kasan_slab_alloc+0x69/0x90 [ 1443.634558][T32332] kmem_cache_alloc_node_noprof+0x153/0x310 [ 1443.636942][T32332] zswap_store+0x3f3/0x22e0 [ 1443.638897][T32332] swap_writepage+0x8e/0x220 [ 1443.640884][T32332] pageout+0x399/0xa10 [ 1443.642555][T32332] shrink_folio_list+0x302d/0x4150 [ 1443.644547][T32332] evict_folios+0x6e6/0x1bf0 [ 1443.646368][T32332] try_to_shrink_lruvec+0x618/0x9b0 [ 1443.648387][T32332] shrink_one+0x3f8/0x7c0 [ 1443.650074][T32332] lru_gen_shrink_node+0x89f/0x1750 [ 1443.652090][T32332] balance_pgdat+0x1105/0x1970 [ 1443.654159][T32332] kswapd+0x5ea/0xbf0 [ 1443.655958][T32332] [ 1443.657064][T32332] Memory state around the buggy address: [ 1443.659495][T32332] ffff88802b4c7700: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 1443.662970][T32332] ffff88802b4c7780: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 1443.666219][T32332] >ffff88802b4c7800: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 1443.669612][T32332] ^ [ 1443.671758][T32332] ffff88802b4c7880: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 1443.675198][T32332] ffff88802b4c7900: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 1443.678666][T32332] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1443.684632][T32332] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1443.691325][T32332] CPU: 0 PID: 32332 Comm: kworker/u33:4 Not tainted 6.10.0-syzkaller #0 [ 1443.694672][T32332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1443.698997][T32332] Workqueue: hci0 hci_cmd_sync_work [ 1443.700721][T32332] Call Trace: [ 1443.701882][T32332] [ 1443.703029][T32332] dump_stack_lvl+0x3d/0x1f0 [ 1443.704689][T32332] panic+0x6f5/0x7a0 [ 1443.706323][T32332] ? __pfx_panic+0x10/0x10 [ 1443.708112][T32332] ? preempt_schedule_thunk+0x1a/0x30 [ 1443.710260][T32332] ? preempt_schedule_common+0x44/0xc0 [ 1443.712075][T32332] ? check_panic_on_warn+0x1f/0xb0 [ 1443.714047][T32332] check_panic_on_warn+0xab/0xb0 [ 1443.716002][T32332] end_report+0x117/0x180 [ 1443.717714][T32332] kasan_report+0xe9/0x110 [ 1443.719535][T32332] ? set_powered_sync+0xc1/0xd0 [ 1443.721504][T32332] ? set_powered_sync+0xc1/0xd0 [ 1443.723463][T32332] set_powered_sync+0xc1/0xd0 [ 1443.725368][T32332] hci_cmd_sync_work+0x1a4/0x410 [ 1443.727346][T32332] process_one_work+0x958/0x1ad0 [ 1443.729566][T32332] ? __pfx_lock_acquire+0x10/0x10 [ 1443.731631][T32332] ? __pfx_process_one_work+0x10/0x10 [ 1443.733798][T32332] ? assign_work+0x1a0/0x250 [ 1443.735678][T32332] worker_thread+0x6c8/0xf30 [ 1443.737549][T32332] ? __kthread_parkme+0x148/0x220 [ 1443.739587][T32332] ? __pfx_worker_thread+0x10/0x10 [ 1443.741643][T32332] kthread+0x2c1/0x3a0 [ 1443.743285][T32332] ? _raw_spin_unlock_irq+0x23/0x50 [ 1443.745375][T32332] ? __pfx_kthread+0x10/0x10 [ 1443.747094][T32332] ret_from_fork+0x45/0x80 [ 1443.748717][T32332] ? __pfx_kthread+0x10/0x10 [ 1443.750399][T32332] ret_from_fork_asm+0x1a/0x30 [ 1443.752133][T32332] [ 1443.754005][T32332] Kernel Offset: disabled [ 1443.755766][T32332] Rebooting in 86400 seconds.. VM DIAGNOSIS: 09:35:41 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000037 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84f9c495 RDI=ffffffff94d60e40 RBP=ffffffff94d60e00 RSP=ffffc90004367718 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=6334623230386552 R12=0000000000000000 R13=0000000000000037 R14=ffffffff84f9c430 R15=0000000000000000 RIP=ffffffff84f9c4bf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7f645b8 CR3=0000000068a96000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=00000000014b7955 RBX=0000000000000001 RCX=ffffffff8adcac09 RDX=0000000000000000 RSI=ffffffff8b2cb9c0 RDI=ffffffff8b8ff8a0 RBP=ffffed1002bff910 RSP=ffffc90000477e08 R8 =0000000000000001 R9 =ffffed1005826fdd R10=ffff88802c137eeb R11=0000000000000000 R12=0000000000000001 R13=ffff888015ffc880 R14=ffffffff8fe2e550 R15=0000000000000000 RIP=ffffffff8adcbfff RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000203ff000 CR3=0000000046a86000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffffc90003fe7020 RCX=ffffffff813c884d RDX=ffff88801fb9c880 RSI=000000000000d52e RDI=0000000000000004 RBP=0000000000000001 RSP=ffffc90003fe6f98 R8 =0000000000000004 R9 =000000000000d52e R10=00000000000a2000 R11=dffffc0000000000 R12=ffffffff81d52e58 R13=000000000000d52e R14=00000000000a2000 R15=ffffc90003fe7055 RIP=ffffffff818e8e3d RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f50d7993d00 ffffffff 00c00000 GS =0000 ffff88802c200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00005558160c4000 CR3=000000001c248000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=7ca953f57ca953f5 7ca953f57ca953f5 7ca953f57ca953f5 7ca953f57ca953f5 7ca953f57ca953f5 7ca953f57ca953f5 7ca953f57ca953f5 7ca953f57ca953f5 ZMM22=6adebe2f6adebe2f 6adebe2f6adebe2f 6adebe2f6adebe2f 6adebe2f6adebe2f 6adebe2f6adebe2f 6adebe2f6adebe2f 6adebe2f6adebe2f 6adebe2f6adebe2f ZMM23=8d228e8d8d228e8d 8d228e8d8d228e8d 8d228e8d8d228e8d 8d228e8d8d228e8d 8d228e8d8d228e8d 8d228e8d8d228e8d 8d228e8d8d228e8d 8d228e8d8d228e8d ZMM24=1664efed1664efed 1664efed1664efed 1664efed1664efed 1664efed1664efed 1664efed1664efed 1664efed1664efed 1664efed1664efed 1664efed1664efed ZMM25=b307525fb307525f b307525fb307525f b307525fb307525f b307525fb307525f b307525fb307525f b307525fb307525f b307525fb307525f b307525fb307525f ZMM26=691bba1b691bba1b 691bba1b691bba1b 691bba1b691bba1b 691bba1b691bba1b 691bba1b691bba1b 691bba1b691bba1b 691bba1b691bba1b 691bba1b691bba1b ZMM27=a846a049a846a049 a846a049a846a049 a846a049a846a049 a846a049a846a049 a846a049a846a049 a846a049a846a049 a846a049a846a049 a846a049a846a049 ZMM28=000000700000006f 0000006e0000006d 0000006c0000006b 0000006a00000069 0000006800000067 0000006600000065 0000006400000063 0000006200000061 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=5667000056670000 5667000056670000 5667000056670000 5667000056670000 5667000056670000 5667000056670000 5667000056670000 5667000056670000 info registers vcpu 3 CPU#3 RAX=1ffff11004eb6b99 RBX=0000000000000071 RCX=ffffffff81f556bb RDX=0000000000000000 RSI=0000000000000071 RDI=ffff8880275b5ccc RBP=ffff88801d420390 RSP=ffffc90000e77730 R8 =0000000000000005 R9 =00000000ffffffff R10=0000000000000071 R11=0000000000000001 R12=dffffc0000000000 R13=0000000000000000 R14=0000000000000000 R15=ffff8880275b5c00 RIP=ffffffff81f555af RFL=00000a07 [-O---PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f74330e8 CR3=000000005b268000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000