last executing test programs: 3.630802359s ago: executing program 0 (id=6112): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000a500e9406b06f92094ff010203010902121001000000000904"], 0x0) openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) ftruncate(0xffffffffffffffff, 0xffff) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x2, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\x107', 0x0) write$binfmt_elf32(r1, &(0x7f0000000040)=ANY=[], 0x58) r2 = openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz1\x00', 0x200002, 0x0) openat$cgroup(r2, 0x0, 0x200002, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000002c0)=0x8) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) msgctl$IPC_STAT(0x0, 0x2, 0x0) finit_module(r1, 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000005c0)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbffe, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x155a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) syz_open_procfs(0xffffffffffffffff, 0x0) socket$igmp6(0xa, 0x3, 0x2) fcntl$addseals(0xffffffffffffffff, 0x409, 0x7) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000540)={0x44, &(0x7f0000000000)=ANY=[@ANYBLOB="26a97641669de27fa5c135af14966911c563b2910731f801d1244efafd585d331b5b573b8c0358f4a1db3d46e89bda833ce39fee0cff274606c4ee3e"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.310490754s ago: executing program 0 (id=6138): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000300)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x4c, 0x0, &(0x7f0000000340)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000440)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000001c0)={0x30, 0x30, 0x30}}}], 0x0, 0x0, &(0x7f0000000600)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000500)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) 1.251102854s ago: executing program 0 (id=6140): syz_usb_connect(0x2, 0x3d, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b"], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000080)='j', 0x1}], 0x1) 1.150548135s ago: executing program 3 (id=6145): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x10002, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000080)=0x2) ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000040)) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 1.070160415s ago: executing program 1 (id=6149): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000300)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x4c, 0x0, &(0x7f0000000340)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000440)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000001c0)={0x30, 0x30, 0x30}}}], 0x0, 0x0, &(0x7f0000000600)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000500)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) 991.441618ms ago: executing program 1 (id=6150): creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_mmap}], [], 0x6b}}) chmod(0x0, 0x0) r3 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0) write$binfmt_misc(r3, &(0x7f0000000300), 0x4) ftruncate(r3, 0x0) 991.217036ms ago: executing program 1 (id=6151): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xf) recvmmsg(r0, &(0x7f0000000a00)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000480)=""/123, 0x7b}], 0x1}, 0x7}], 0x1, 0x12004, 0x0) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="02c8000c"], 0x11) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) 471.017489ms ago: executing program 3 (id=6153): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x1, 0xa, 0x301}, 0x14}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) readv(r0, &(0x7f0000000380)=[{&(0x7f0000000340)=""/22, 0x16}], 0x1) 470.659572ms ago: executing program 3 (id=6155): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f0000006840)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(r0, &(0x7f00000042c0)="9ab1446569aa24b774753c9e994c09c24df9d42fa5a228e469b44cecf6f9f5ce5f77c93b1895aaac9cf34b37415f11fe22d6fa0162aa743b242e8fe0a8659e32fb543d7969d6513136a9f332a8074f8ee1e445277ddd5859eb5ac3321eb710be880a441031da9b31f791d54fb3c97cd8ee92b00cbf962be8eb5fd0b7cab207645f59cf87a8c41e2739dd8386b6bb84b627cbf5e09bac876ad4b215f0e510a853c5e8b9f7822b26771d72972290a1f9a6f0a46942be0d0eb7aa5145ff368863b14e9845926088f9f92d554e572926290dc6e6b574aea8c500fbe5697f881c0cec48282c6d07619248da0c3b9aa6f7c778525d1760051e4ba8ef31d3c8d3e1d4214ffa5261ce1fdbc12eba889968137f5c06fea233000296cf18df494b4e7b1bee7dc2f3751c37415d46f6d7ffb3d0f788f2100ee41266e6fba75b61af22e1d7b286507ff100cc34ed28d5a2c8be3231446874bbbde6f3c367ca802d64192ffcce1ea41b2cbc57f7500fc4f8f12fe02690c1c9785bbc35542b59d05600783cf4f4633b374101d8ed395303392b238d198f9f68c8ae928cbf3b558deec6d38ebaa526e749ac4e47dd5b838ec34f2820a1134252ae60159d4e030cf5e5d6f8de799a31e12ae57cfe5a1a3ded525c6e71271271d35a0056265362387a361f21ea0f4b6d46f6a83a8512687e43b31e11b1396d6e9e49cf42b693732e226b55d21a1203022f6be9f8ecccb68de3bf4ce99689514bd752f4e60bd2f8e376d7fae5b5fc8db0f53db8c52746671e361b9319419c1b3f3168b4797ebd2d118ee42dda4bc59dd0251236195c8cdafc0546354eeb28f4c7e71e8245a6ccaddfb858f61039c0ccf5acd924680aab38dd061fc7b123f24ac7f3d3c0cee43b61045bb1efea25af86088a0591f166e2f11ea4089860893b17ca5e3d99ec75131268e2e4e290c2bf15e4dde23284e4bdf6e549c096ce221d9c8a6c0fc78aa6a1c8b547c0e10738de2a1e8663e03ab0ce4594e244989f75b6672de1eee97ba7e6467a0da51c0e75d5866c405b03c4744d8d3fbb01eddba5a0361662269154c2f0e61a9433982eb904ff562896cbfa692eb1e6c644fcf6cbc103a76b712af706a47608d3e2f5d54d47d8e9906ab37ddf04004d32ce00200fc3c274666aeb618b27424d87b6a4b0262de4436b9e6f150bc798394c298b25a2c318fbe786185464057c0bcfcd1917230d78ee1a49eca12068fa676852c1099096c6cb98dfda27fedac41826516e42cc116f0cbb68f0f810418258dc5a65c0e1ada296176e17f8d762894c80542a79383cc1674a4f3d6520633ce80baba214c20628899f9ac826484c887713aed9c5caf13b40a598cb1e81f7b18dae39efc22dc99ff497e11f158edc2716ebe3bcd593691aa26523efc168e1394ab439c9a9270575ef34eeee9084b0a31b2d81d47c964ac61e600f75d9321d7474dde45bb8d0cc46510488ab68486d3ba6cc9c3ddb6f66f2e5d251ee285121e1645a2f5167fc5fb8ac4491c0d9d0423c7a8452efea2f5a30096a0fa47173f3a68500a5c755ea939c838d3be126a87ff6baa5a1fba638a5c64767d17f04201b935fcb1cb6afa175594f410f2ff773194c703e623876051e46bb0850a5016e65f8fa34b96bafdfe851a0756fe26fb63d52113c0935b0867f7dc8a94d887484b15e8f92b6a316a22c04a985cc94e432cd43f44001bcdbd48efcd463c402d3d181298e96db60fdb714b82e146567af5ae3fc0c3f9d241471b4d129f928d286f780facb1e84434610ab3379dfff0f64d57b4a1c2e96c98b693de952d26773d24e7a95eddbc450f79932d5332d27991c7bfbd3bc35bfeb9496fbebccb5e4c35c368e021dea643cb292d794d3d3bbcc960f989bef09763dc73d83cbf907485635265e81f87b712d958a66719230fc6466615a0e3bb998d48159e9e9c51959354a545966bcffa298c7673b4d32b991c886a997236642c0f104f6795feab9f48d0ffc74667f3f3e82473ac892ad25f4b13029b0b27fb1d86991ddc42bbc3fe584ed364e769f3bc72ed8749e7a654ec1a2ec7a01bd2d5caccdc6241a1b1ef2726db54d2c34ab47020b4c729b5994b43deb00ad959950e0051d2c0f27217397055e78f1dd3bd867a45e06c2134ae8981021aae881cc7b2049fe7c82d2127ec81d6430c8116355c8d0ab8b9291c688ed9b8dbb1ed6f1a99bb58a1be8d5737acbf9461b142c8982f52481195d35ef82aed4fa52385ea4ed00a739d01cad7af9f7c27d357748e24f28d22065ccb37300e8f5d8dae5ca79af7a50edc3e05184d1a2a6d59784d5ceeb1f1550a44ea03bee4dc5c27eb78f0032593c7d082e59211f83a8b91aa78bfb7e959328ee63af26a37b79ce5e5139eeebd12e28b2a26ad2fcbdca652524d036b324782d54247a48b9f8200b2d6d2c091c41366d677e3be6e136cec6c3080d608849135c6e3c7d695d2e226ae1ce999d730d7f79116ab85762e55a3e5a66a690ce0a4bb4fd1560c796e2797414b544ef78e29d55e4853fdbf3362085a65c46105f32c360a0a9867b984a5d0297fe0b06a45684ac801a8e66294cef6e5f3c48648884fbb2422fa00488df33a9a0ff1039c81f1939f2cd2f5fe8aa805af2d2332ac37244ed4a7b50265af8062752b0c16511e5f25e8aa2b60645675bc826557bb75474ca4787f6b584b2f83bc25192579104aa0baae79f396df0d31121f90db9acea9695ee0fe0c22df4db503ec8b2437b05f5d35a65722fa82eebd2aff4bcd3316a5cffc4b31913fd02f82130c77f320bf04bf8fa873d0e3f62122d6a5f87d3e908bedafed4a3cb6d9f73ff546f5a2b74a2493b1753e89b682352bb3166563518dcb190c7b3d9fd667c57978a670b192641a674dc92c2401d067b6767aa632ce32a401175c98200a52ab5d80dffa719746d0bff8a84bac4a56e0ab8124fc332b64ea662d01e1b73231a6638f01cf4d699448da228c16951149c8d3dab9a7e3be9a16c7d1ffb061818f8f9cb2b42739fae4a0d70c0701c8dceee785d36ef6413162de1917df01c693ef3e1f517e7fc46245209fee52f5c6a2f50ab3f56d67d1cd987282b24071d8ebb1bc5cd635957b2a7ad92d0650abd5bbc24b75885b6119592a3d715392718e52f9124c4ac95be3582abba4ac3a4049ee49fa8ceb9b59d4e1e2a069c9d482879fd8d27d5ac22ef870542453be22c2ec4ebf1472c19fbfb56aa0a3671297b020e3fe49d201a82a04420e90bda43691dacf92347bcbcae3742cc4abad4c8010c0afa15278795d4d76c482461ae78f30569e1dcf87b9b150d07a2bd81676ec6022422d490759ae1e861a6c4cd1f733bd772d60975a59356c385a4a390429f3d2131e7f616015261df6db3cc3ec261a53be10c4f197e71878984fee00e6d1069f79825194b7af434fb6bb86db18e11977f82928be35054543060cea94ebb4015d061f20f8454e056e7b6e4f9a1621ef2377d77659c20bf358c817519f1801be15ae3b5b42adfab367777a6789635a0dcdd1f2b97edecea0210768af67601d1b95a8850dddb6b1f4b0c2f52c835b0833d81966ad19e49ceb9dc9c729cd8334bc3ee5bb8c74186f5cc3e765b9fdd91d79baaab3d2ab64c15d655d1af7de9cf8d5d7c1baef24577843ce142331743b45b06104b6d0d4392e61ca8c07507ff5f831bbf720854db4debf64182aaebf899ba57626a48748fc2dcf016013d575595d24d383eef2da0ff0c9f6fe9c64b186cd4617e3f37635d7dacb58ec297f3ddb48ce4a5e00cc127267e18a1fdf209e098f2cb2e9c0630d15ec9b867b2b95ecf82ad2c0ba39df9c4d36d492bc9a55c4b767da966e4fd7f4d2fef5e91d0575177c05d240b50757031c76333d43bcc828ab2f0376e29d12d1261ce104a8ea488091326bc451c120c8c04d3e64835c893f55b312e248ad8fc1c32429d68e6b67bf45ab8a1cc3db22f9f01a2266b8349046d3d3e081eaa7f7020c73c0762d11a33b517b8f081da3c61ef63e1d40cd87d69c7ac7491fb61bb57c1fe2d218aff6d39b3e1fc847f0ed894e2f0b4d6a4ad03ba42e28bb1dfab645081f548e64ceb8ce15d2214bd66a14fe594aa447c3537eb493299fef0f9326236ea5dae44e23b34801fe06ee16c79545feaf2528421d6e7f9a256a7914d86bd053dc33c8c2043ba73714f5ff5f0507097a56c40b2190e77877d43be849ee2ac129e582930ced06d359eebb49eda4edb13819f91cecc449c9613d9659906179f8fefa34fecb7d21cdaf09a1ce8d094421da80796c97c02fc56171aaba53fd8a7f55de059044717df164f3571028f16995d51fc8829534cdf58dd134def1e43a34e4f5f372fa8e19d3b85881e99ecd45faa4fccfdb47e094ab06955f3960fac71294dd965f24a97cff36b9966cf1a4c3e96c3e14a3951dcc8a3e9371f7e1ae9df77ddb1a99172174adbee8ea57a0c9872a6d677c2875da88a6a7234bebf68a3cc0532a9809a4de4b4d419bff67b0ba825a7ae6e999087155378357ae67e2dd98697f1d10ffa4497dde6582571670456db995228b97d0ecb2fb30c2ba6c16038c40059815c56b35666cc1c5090f6c38e0f4c12abf79919951b85a2734d32dd12b239912d541f9163387a4aa0be0b7a12d9c6b56dbcf1e9aadcfd72e2664a84d6c5147c72bffe7c3560ccd8c447b748dcd26cc9ca2a85cded742a8dccdfd8e78c96e78d405a19faab9e57183b37583f94b3d416b2920c6b746427ed75c08dc3be02720c1edc4743229153c48f1239b222b9fe2e21c0ae28122bc44f9dc78a59f3485ac8057eb21f0857bcfea2d9ebbbcc197e7880d81515bb1cb7192d97c4258c09926d137e245977db40812b253f99a504bb68137d8d73ca4e7c808d50f1dcc600e6a6db90238ff44e075932fe668c066e6988a6a8b4a8485120c8e4d6511268a75d8f9b0f06689aac8cd621e90c62af1e59aa9efe928e9ea098661b408a2825c4f9aac1efd9d54d163a651054b9ab32719d2be3b176f6795ddad0f1310b9237181689f2f9dd34a41d4d4cd2d7569bf56e6a80bc24d90df3bdde0f9649e699f4ef70c4f3faf9553a231215416bba26c29f17861e0f265e9641b2307ed43d6fde23a378669f4ade874e54c20a5e902205dcaa79a3e8584a3f78a86e703451115a1717df882507c607297afac0a056a0f3509a57502fd2ffff6035d04b91f72f5e1a69ddafaf80f7b2f7a13f38c683988436585e6bc7fc2da328449675c234ec0acf5294ce06c72442beba15e65d6a3e1b5dc3c8f115e1005798383f79b0194f6b7d4b1b32371acbf22340af6e5ee3ea840f7ed451226daef3041fc194e051af2fb450022b394c774273b9575c974c324ecd7268435176ee28c54bb54c8e829232ca636f3bdef60ed460b5ff425936626dd16a3f436f08a863582a79f393378f60f6c8ecdd13d83073bfda2e9f8d0c74a841021cbb8c148e70bfc585627449cdd9fb3045db3ea08a96108b52ee8a4f5048a5d910355789f4bb85c1362955e267e719581c38a2648eaa0b516db6277d2ee3c6e1e1090df3f53a31b747d99887e337dadddab16a297d9e56797007a3d18ce333311c70bb1bf45bdae517ffc589419af643773bb30a1fbff7ecd4a8ae7456a608fe73547c2eda4f070d57dc70b65d867526c946a435ea581497da18646ce569eaf6ccf3474cd6e7aa3d6d4732836ff4167c9153757ce58a34864be6d479f7b4ea1d6480b9ac16c5bff346a74e74133234744df867e16b3d2f1f7db4b21b89019b520917ef863e60f52999d6946b9e09cb60054f49d8a255f02e4b62fff6e6adb9a167ea70a177d00b26f56e29b63138a2ebc30b956161a4ab25d5da1c207c3f762714f651341ae771e17d84fa1c86685f2fcb0a128c2e1208d1930e7ff0d8d55299154112af574b881be8b69cc1721d548ad4dc02632e184c47f9b394bf4a834e60fbead8c8bfbf5087f8454513b0b086ac97bbbb9aa342af9def758fe88f1e4570e65f93fd4a9868665d08fac0cf6ebde786995c433504ca01cdf83311aaae20cc76f819a4344a8ee4e26c1094cb00d2c8a67c733fffcd89e97534cacb08a64d75e8594fa31f0dcfcafb0d1bc184c7067fec6a48ddefd580d4d9a4128d8f70f6fc6562da683904766e982ecd0286064db6844131bb7962a0a497f7b97fefad88a0b128bdf8cca774b1c32cb4af259bfebccda036e7e4ea8962838dbb5c04ffab0a2f1481848a27f06171645daf5246a2e563f3ed60097a9d7023d6ba5c8a58d39f733b12baf0863d82c427460f51cf9e3f77281a42221725b7bb75c2116ab31f704661f090d3eeddd2aa6efc619946b4933c398b635fd04ba3758294965c568997e1ef44b0562804e6c64558f6cfa87662a988c321a856ead51c848528a4954f9ff1948d517d67bc11db66801648848bfb7ee12296428bc3ffec863e9c77ff31ee386197679adab2a0e93bbe0c66ffe9c4b09b636f6216faa373aa8271678cc57ad46898222df7e2d8b14a5b70130596c0430997c4c04d9b5187fd9bb26b71fd19aacc8e08a3239f0eebca7b2873062a19f327a4a282012ebf9898a5ab6310b8623c864d4dada3ded00ad201ce8f3973f90396f5edc1ba466e16247fe6b0ee98acfd53792cc0fea33647b841596655b8d9efbc14b50fe0b588e4c41e2cbd0a700529e7ca91122d3d1b26e52bf44a0c9fe37cdbc352357f13b2adc68e78a00f6dc88a8e6ea54bd0b2c8276f9e1bfebc8655a1f47b72c25ffa97f4463630cc21428ca3bb381a6d3171d28bb946f746f820247bf3f7bb69caaeb5c47026ca9997e586e657a9e1569312bb443299ef4cfeacc9aaf4fc3aaa4a77a21579234d2aab6fd0234398ae07ca7c57ac6d6a51e025744b1430abce27f7f9b0d0e45c051e34d20db95cadcc0e4e327dbd979166b33e39a3951d0b8dd62c0d1542b69583cfc07b127243cac4b052cb29ccb3592972698fa4cd84633d222d78b8741d5f903f8636d95cddfe2ef13829df9ce32705edfda51ded2f0ef38f60a33a2e00373107eef56a01acb5e05d849279b5987343c8bbc73ea660ceaf7c9b90c0a8e1412ff3f517cef8fe604d7a26e085170a76e1bf43f5d1bb77ee771fe841d59fe2cc2874d25bf991b4af6bf9ffe1bfbf3a5587006b60bab5bdfd5a3192e82d474ecab0ab656967856c84cba9469c5823c1d1bf104d2a21c071bb08b2a137883dd9c8f545d6958db8efa45263ae303de76e70f2f6a10e1858e6654004f2a099dc31950ee730c465e0a1822935e309d41650fba489aa3050eedbf3f058d24d1f04fc340966e42d72052d84a66789ccf75000c3fc83b8842badd6b22ddaaaf53ed34e25c1b638e3630d66a7903405052902cf8e7395d54679e2f4a2bf7c8c89b0dc38969376ea164fe97b37b1172e6e8f05a929aa373108e891a64e38e18b432a115a44d754811e03c4f4ae7c525a6b9b92aab0d16967ee1a64eeeb2207c094f6aa96f126d058eff22435a4ae76c31f888ee13b327d2cab4ab5a56abf4cae88c583dd67129271708aa17f4f10886ead0e12734314bd4a49e64349beba4abdf94a1fb23a72cf7e16b5af2f1706d9646a5ff7dbf5c7b1cb2c3781346167b15d4625841d9f3d14392db1d39101d37175c42c522229db0708544058d75cebf3e399cd443d1b943c6f3017a898bd49836a8d92519deb810712aed76602682ef0df2be270734eeda7f289a76f4684baf75702a1ac3da005e62b83f794b934cf882db5d50e5ed4aca868e300d690c0b10daf0a47486e9f49d1b08eac6cf5090ddd2443b1459b2df86ab3447b2b5c6afe8aadb410de6a84b640e326eb882832d1a9cb12e0b8f13aef579f404af8631cdd5a30a031dad19cdf247575dd223229330f19fe4d88c51242217397acf66b86c743de283d5df7212fce59af17eb702eccab192f56f054a33709d41841e4a39638e02b4210559593f9b5c44fd22d9da637ef1a3a0a41c40469990dc4beec30a05b67931c0560d9a59fa875f3e26fd1eb32655aa30c7a1cd3d541716fdaacdda206328f3cbc8f16fc2be26690f18963a16febbaf2cb6c199330579ca067c60b54cbdd211c1350e066448fb50ae28ed58788ac98f0ded3414c8735ab90639916e26ab29102cc2609035e56d9b9d2dbc98118835bcf0e437c77052efe2293d9f19b7197aa1b94b10997b0b1efdef251de8945a97fec885f032c3bee2447335230b866d7aef515b04664d0c59e18233f9a229969e3e17d69716413ca3bc55f5959e340627ea803f7b26f4a74295b295344a3685287093998a1ce75b1ed5d730c9aec812617b4c200a0250c9ef8ef7d2fcfc59ef97422eca746bc6451a5b77307d14c1cfa0ea2c8eb7cf7819644577a6456efec0af058a0e3c8ec371019009462bfe174a11368b57fbe3090208a57b2236b97edc32cda5c6fc988cbaaf91c4020a06a7ad45519eaa761e045fc84d3219b287206282347a031ef1e7b7dbc67de738fa8f9fe71c44201fd1d548f8aebe93bf502d64d4b5f470a419e3fcd87f0616b9813048311ed20ac2efd7f18dcd6889542208b50c28c8c0700f73fa33a964e38d699819cab2098c6ff081266721cdced87ff41948c84037485f30d38a99eeeb3ff4c3049742a29eb09bb35c358e732546267c165a62fee9e25abdafdb8a48785bd432d160797e7a41d580f59d7d8e59b3e6b954d39f86db33b8f7cabde43e8e04cac1fcf9aa6fdbe4326e0d9c782d9a630055b36f85c2b8efebf18f42ef14ee5eb1d33ca322db69704f8bb90bf30eb05908b8d8ed169580923f53a6539cc3b55baa47718053d2ff103c23d90f9cb49ddc7d759950f605bafabcb7953c042c0523b84da994529a87ad68fc6f0709fd7af5fc20e53a17d3f5fd4d25fc5ff6598c6ddfc34668a08ee5e066d81a65e7979c50c08febf76dc5a3a405f551bb8449d94ea0dfdad6dd6dd6d6e4486f4ae1d2523c05f46198d8af4da12873ebdf7d6b5f2d0f1b2d29759ab0d78e34ae6f17b7ab83518cf8b18836ea5630ee934e5ecc123f0d3fe6b803ae1f735d65dcadcaaf6660e02ecad0290f6ead0594733a10b2b1654a44244424fa8b3180b551ac401828203e61603b017106e2256f01b9f26db33897167d9defb54ddfe49334150574493895370bad46cc658667aa9a8ed333c86f112b2a542936af92e2f933254b6fb0b1a599eec3bf2e476ae6714e2486dd31b29e4d26838d84bd7a62c62beab3ba71642278ecaf2e50d70670d9fdff105019791d36321bc57fdfd8f65f2ea1cb188035ecabf6140e777b7e6d2177ac29e9a1a2f87dd54d96184bb1a855bd9efdadfc606f13621f40e07cd8be9c2435c8c90b4ccba5eb7ddcf8cf1f76617c9a9e011abf4a63ffe31df63ecacb8b1d2d653e613cb399ce079392f9ca2e226c60b6e8103447c24c1f80d42e1ee747997602ae3ccff8f9f98ce9b56f6f3e3c0ba507df8b2169539cfc946c42da72644feb9b3b582ce332f8b2eda02192958194903d17b3e9b4bd60d08cd9a7989d946ece6d8dc01d6b66a7851bb11e4b075d38081d3ce7bf1875fec9daf47a589abdb72763c9747b83a28389238b0279c8e41db6521130420851acac463664a97be2190aff921923475f2c1f8a87d1169229e5f10dd0a92221e61358b156020f2c9ca2cb6580743a8d5e3c59e6fd97a7a246211450c7c62f1891cedb434102f8794d81c1caf2c1b4ae18b7c4b9c88de5c51da33e3343cef76da0d00341c2e60c4562c162e41a7efa8290cc9061f3d6a592d5f104c5018f31bcaf912bdd37370fbf8fedf0aa9026c1142299197d67ab026756927b5864ea42c45a82c23c275697d31a1b7900670c9a3c967d12974543c11f20c367a336bea9b9ebe480f9c806528138dff35c5f56b1199b75748e9c5cf50e6a32397dc3eeb04c3636c0848a5e13df8a9758bacea231f34cba13b466360b0dec69f74f8bf9a2dcf3dd94fa3a7d27e8caae00240559d75875ef9c619416593ca0072e7f38caae5a530c62dbe00e38c12cb8b924d63fca4d5c3a4c8f50e8f4f86fc1fe2b163219c46c21eb783e587e18e07ab7e1927a646c4f154c5000cb65ce9528457c3c66f43d9ab7d61580df0ecfb31cb38e4cbcdc3dafcca57311abec6b74048c8b74505ba678a4db07ed7243c70a821aee66a487bf91fd273418f8ef657d1eeb9ea6f095d47641e9f9fa30599e8b9c6b4453a1a5e8afd86fcafb46dd095fa4a98a2b26470e2c799b08c6000f5c3c4e28961463724377f37813f3922484fda986eb7c93ae8365baf648acbb344ca7e044d7ba93e7ba35c31085f3f99c5fdb2f9f2845f00b8590395e8ff730b86f5dd7f52297b8ecd5d5a6bb452bcd12b98d6adb27e7ef0e84b9567c66093ca3edab7e64ac4f56360501d81823ea2b1595f934c5f61c8558304c16154109a983a2af8725c7af91b5bc57e555768aa8115236a6ccc921d472b608eb6b82c4ba3747d79027d7856fae5369aa325df6a76138a5b41a94377eeeb251087e0b8510d8890e3f7a0cffaeddb9d2c29bc89f952489f82ee2e2b485cd297e6d30683701623cf73ee9ee606baeae9c3afba287eff57731b9cfaf034b1f56c8b31a32a1078c4fcab298c3f925a8e7cacceb9edf7ba2e54d31033a25462021e4a3c0bf5af341b462ee4417024da7c12c7f385de3af129aef1338a9c1fd68323d07ff47ec8bcca66b44300624d02c9202a2d093c3c85fd922b57b3bd14162c8ca5690734b7e4e4b8980b73a8e9908a9fa3dd508b30e3b1e1fd4ec388affa27c4bc26ca2820e0a902d51ff94984e8894fa5fca7b8704b7600ca6d6b1b1527ea999fcdf8fe3b290ec0036cad222f92cf8a5a54d0fa91de6e74ef61f60a233c9f15fdc86226c3f688de15ed8f0c3f1bc3afcad87cee47a19384afc6a804f197339ebce4aca211dbe0504a000755d18f20c4ecacd4123acdff7653cbb26456499495662508c8186afb883f5481c6bdf88cf137e263bde9d62f054573e0d1454cc119c95d4d9011332bd77682f79debcf5c21f0be7e9a83a58cec34e7cfb17a8122e030669228e4d3d9e274a678c5b77e6180aacc2fa8eb9952c5b04de6b2c7bee591badab96a3c3248c275b5b8faf5394eacc427a840570033be5006c33ce2d2c6e54f08681c3f74ad2fe54bca6dc62a9d84f6c58509c1e5dd5cfcc7a358493d428de48dfc1bc3f74154801c97e6aae38445045320b4cf66c1e56eb6ea2c1218de65f120b463c5cfb9255b3a25eb6e848cbd977f0605d71c561c2a754f5761c31f84101ee8178782cc8cf70b41a2204c5cb2f3134d572327fe4bbc1792249dfcf0ae7ba5d81fb5ae4a7978d044085f3b7f2e398c05733e2bf456cae898f8b5a81e9c79179bb5ca716713fce643dabe21eaee4386e646e25ad3adc5a4ad40f9bd6743f5f742efb1a674ffdbd2ced56c646ae590eb8f10283b47f57e6f96ad76adebecb24df74020b096fdee3c8d780d563a915f73c8b0246b861cd3a8580d5cf75798e8cf1c5875724661a39277e7165fe48ed8d5e6a20d68239f626fe8ea434a4e6e03ea434ec68c4b92a0fc2af15a135d6cbaeeca39a0c1896dab33daac", 0x2000, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90}, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x0, {0x5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, r2, 0x10c}}}, 0x0, 0x0, 0x0, 0x0}) open(&(0x7f00000001c0)='./file0/file0\x00', 0x0, 0x0) 420.525992ms ago: executing program 3 (id=6157): socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) connect$pptp(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, 0x0, 0x0) 420.250657ms ago: executing program 2 (id=6158): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000001010101000000000000000002000000040001801800028014000180080001007f00000108000200ac1414aa140019800800010004000000080002"], 0x44}}, 0x0) sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="34000000060601020000000000000000050000010500012c070000000900020073797a32000000000900030007000000"], 0x34}, 0x1, 0x0, 0x0, 0x40000000}, 0x44010) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000040)=ANY=[@ANYBLOB="280000001800000000000000000000000200"/28], 0x28}}, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00000000000000000000090000000c000180080001"], 0x20}}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="d81400003d00010027bd82000000000002"], 0x14d8}}, 0x0) 359.806767ms ago: executing program 3 (id=6159): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000300)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x4c, 0x0, &(0x7f0000000340)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000440)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000001c0)={0x30, 0x30, 0x30}}}], 0x2a, 0x0, &(0x7f0000000600)="4bb16fc96dcf827965e297e4bcdc4cc27c7f5cce42d3404ebf85cb80c1e0f1800190544fb4577f9c7b13"}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000500)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) 359.478216ms ago: executing program 2 (id=6160): creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_mmap}], [], 0x6b}}) chmod(0x0, 0x0) r3 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0) write$binfmt_misc(r3, &(0x7f0000000300), 0x4) ftruncate(r3, 0x0) 359.354054ms ago: executing program 3 (id=6161): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x10002, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000080)=0x2) ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, &(0x7f0000000040)) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) 359.243046ms ago: executing program 2 (id=6162): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x32658aeb}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x3}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x1000}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x203}]}}}]}]}], {0x14}}, 0xd4}, 0x1, 0x0, 0x0, 0x20008084}, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000580)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) 271.784649ms ago: executing program 2 (id=6163): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x10002, 0x1, 0x1}) r2 = gettid() ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000040)) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 51.430701ms ago: executing program 1 (id=6164): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x1, 0xa, 0x301}, 0x14}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) readv(r0, &(0x7f0000000380)=[{&(0x7f0000000340)=""/22, 0x16}], 0x1) 51.168846ms ago: executing program 0 (id=6165): r0 = socket(0x200000000000011, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000029000)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) getsockname$packet(r0, &(0x7f00000015c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000700)={'bridge_slave_1\x00'}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[], 0x14c}}, 0x0) 1.200174ms ago: executing program 0 (id=6166): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f0000006840)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(r0, &(0x7f00000042c0)="9ab1446569aa24b774753c9e994c09c24df9d42fa5a228e469b44cecf6f9f5ce5f77c93b1895aaac9cf34b37415f11fe22d6fa0162aa743b242e8fe0a8659e32fb543d7969d6513136a9f332a8074f8ee1e445277ddd5859eb5ac3321eb710be880a441031da9b31f791d54fb3c97cd8ee92b00cbf962be8eb5fd0b7cab207645f59cf87a8c41e2739dd8386b6bb84b627cbf5e09bac876ad4b215f0e510a853c5e8b9f7822b26771d72972290a1f9a6f0a46942be0d0eb7aa5145ff368863b14e9845926088f9f92d554e572926290dc6e6b574aea8c500fbe5697f881c0cec48282c6d07619248da0c3b9aa6f7c778525d1760051e4ba8ef31d3c8d3e1d4214ffa5261ce1fdbc12eba889968137f5c06fea233000296cf18df494b4e7b1bee7dc2f3751c37415d46f6d7ffb3d0f788f2100ee41266e6fba75b61af22e1d7b286507ff100cc34ed28d5a2c8be3231446874bbbde6f3c367ca802d64192ffcce1ea41b2cbc57f7500fc4f8f12fe02690c1c9785bbc35542b59d05600783cf4f4633b374101d8ed395303392b238d198f9f68c8ae928cbf3b558deec6d38ebaa526e749ac4e47dd5b838ec34f2820a1134252ae60159d4e030cf5e5d6f8de799a31e12ae57cfe5a1a3ded525c6e71271271d35a0056265362387a361f21ea0f4b6d46f6a83a8512687e43b31e11b1396d6e9e49cf42b693732e226b55d21a1203022f6be9f8ecccb68de3bf4ce99689514bd752f4e60bd2f8e376d7fae5b5fc8db0f53db8c52746671e361b9319419c1b3f3168b4797ebd2d118ee42dda4bc59dd0251236195c8cdafc0546354eeb28f4c7e71e8245a6ccaddfb858f61039c0ccf5acd924680aab38dd061fc7b123f24ac7f3d3c0cee43b61045bb1efea25af86088a0591f166e2f11ea4089860893b17ca5e3d99ec75131268e2e4e290c2bf15e4dde23284e4bdf6e549c096ce221d9c8a6c0fc78aa6a1c8b547c0e10738de2a1e8663e03ab0ce4594e244989f75b6672de1eee97ba7e6467a0da51c0e75d5866c405b03c4744d8d3fbb01eddba5a0361662269154c2f0e61a9433982eb904ff562896cbfa692eb1e6c644fcf6cbc103a76b712af706a47608d3e2f5d54d47d8e9906ab37ddf04004d32ce00200fc3c274666aeb618b27424d87b6a4b0262de4436b9e6f150bc798394c298b25a2c318fbe786185464057c0bcfcd1917230d78ee1a49eca12068fa676852c1099096c6cb98dfda27fedac41826516e42cc116f0cbb68f0f810418258dc5a65c0e1ada296176e17f8d762894c80542a79383cc1674a4f3d6520633ce80baba214c20628899f9ac826484c887713aed9c5caf13b40a598cb1e81f7b18dae39efc22dc99ff497e11f158edc2716ebe3bcd593691aa26523efc168e1394ab439c9a9270575ef34eeee9084b0a31b2d81d47c964ac61e600f75d9321d7474dde45bb8d0cc46510488ab68486d3ba6cc9c3ddb6f66f2e5d251ee285121e1645a2f5167fc5fb8ac4491c0d9d0423c7a8452efea2f5a30096a0fa47173f3a68500a5c755ea939c838d3be126a87ff6baa5a1fba638a5c64767d17f04201b935fcb1cb6afa175594f410f2ff773194c703e623876051e46bb0850a5016e65f8fa34b96bafdfe851a0756fe26fb63d52113c0935b0867f7dc8a94d887484b15e8f92b6a316a22c04a985cc94e432cd43f44001bcdbd48efcd463c402d3d181298e96db60fdb714b82e146567af5ae3fc0c3f9d241471b4d129f928d286f780facb1e84434610ab3379dfff0f64d57b4a1c2e96c98b693de952d26773d24e7a95eddbc450f79932d5332d27991c7bfbd3bc35bfeb9496fbebccb5e4c35c368e021dea643cb292d794d3d3bbcc960f989bef09763dc73d83cbf907485635265e81f87b712d958a66719230fc6466615a0e3bb998d48159e9e9c51959354a545966bcffa298c7673b4d32b991c886a997236642c0f104f6795feab9f48d0ffc74667f3f3e82473ac892ad25f4b13029b0b27fb1d86991ddc42bbc3fe584ed364e769f3bc72ed8749e7a654ec1a2ec7a01bd2d5caccdc6241a1b1ef2726db54d2c34ab47020b4c729b5994b43deb00ad959950e0051d2c0f27217397055e78f1dd3bd867a45e06c2134ae8981021aae881cc7b2049fe7c82d2127ec81d6430c8116355c8d0ab8b9291c688ed9b8dbb1ed6f1a99bb58a1be8d5737acbf9461b142c8982f52481195d35ef82aed4fa52385ea4ed00a739d01cad7af9f7c27d357748e24f28d22065ccb37300e8f5d8dae5ca79af7a50edc3e05184d1a2a6d59784d5ceeb1f1550a44ea03bee4dc5c27eb78f0032593c7d082e59211f83a8b91aa78bfb7e959328ee63af26a37b79ce5e5139eeebd12e28b2a26ad2fcbdca652524d036b324782d54247a48b9f8200b2d6d2c091c41366d677e3be6e136cec6c3080d608849135c6e3c7d695d2e226ae1ce999d730d7f79116ab85762e55a3e5a66a690ce0a4bb4fd1560c796e2797414b544ef78e29d55e4853fdbf3362085a65c46105f32c360a0a9867b984a5d0297fe0b06a45684ac801a8e66294cef6e5f3c48648884fbb2422fa00488df33a9a0ff1039c81f1939f2cd2f5fe8aa805af2d2332ac37244ed4a7b50265af8062752b0c16511e5f25e8aa2b60645675bc826557bb75474ca4787f6b584b2f83bc25192579104aa0baae79f396df0d31121f90db9acea9695ee0fe0c22df4db503ec8b2437b05f5d35a65722fa82eebd2aff4bcd3316a5cffc4b31913fd02f82130c77f320bf04bf8fa873d0e3f62122d6a5f87d3e908bedafed4a3cb6d9f73ff546f5a2b74a2493b1753e89b682352bb3166563518dcb190c7b3d9fd667c57978a670b192641a674dc92c2401d067b6767aa632ce32a401175c98200a52ab5d80dffa719746d0bff8a84bac4a56e0ab8124fc332b64ea662d01e1b73231a6638f01cf4d699448da228c16951149c8d3dab9a7e3be9a16c7d1ffb061818f8f9cb2b42739fae4a0d70c0701c8dceee785d36ef6413162de1917df01c693ef3e1f517e7fc46245209fee52f5c6a2f50ab3f56d67d1cd987282b24071d8ebb1bc5cd635957b2a7ad92d0650abd5bbc24b75885b6119592a3d715392718e52f9124c4ac95be3582abba4ac3a4049ee49fa8ceb9b59d4e1e2a069c9d482879fd8d27d5ac22ef870542453be22c2ec4ebf1472c19fbfb56aa0a3671297b020e3fe49d201a82a04420e90bda43691dacf92347bcbcae3742cc4abad4c8010c0afa15278795d4d76c482461ae78f30569e1dcf87b9b150d07a2bd81676ec6022422d490759ae1e861a6c4cd1f733bd772d60975a59356c385a4a390429f3d2131e7f616015261df6db3cc3ec261a53be10c4f197e71878984fee00e6d1069f79825194b7af434fb6bb86db18e11977f82928be35054543060cea94ebb4015d061f20f8454e056e7b6e4f9a1621ef2377d77659c20bf358c817519f1801be15ae3b5b42adfab367777a6789635a0dcdd1f2b97edecea0210768af67601d1b95a8850dddb6b1f4b0c2f52c835b0833d81966ad19e49ceb9dc9c729cd8334bc3ee5bb8c74186f5cc3e765b9fdd91d79baaab3d2ab64c15d655d1af7de9cf8d5d7c1baef24577843ce142331743b45b06104b6d0d4392e61ca8c07507ff5f831bbf720854db4debf64182aaebf899ba57626a48748fc2dcf016013d575595d24d383eef2da0ff0c9f6fe9c64b186cd4617e3f37635d7dacb58ec297f3ddb48ce4a5e00cc127267e18a1fdf209e098f2cb2e9c0630d15ec9b867b2b95ecf82ad2c0ba39df9c4d36d492bc9a55c4b767da966e4fd7f4d2fef5e91d0575177c05d240b50757031c76333d43bcc828ab2f0376e29d12d1261ce104a8ea488091326bc451c120c8c04d3e64835c893f55b312e248ad8fc1c32429d68e6b67bf45ab8a1cc3db22f9f01a2266b8349046d3d3e081eaa7f7020c73c0762d11a33b517b8f081da3c61ef63e1d40cd87d69c7ac7491fb61bb57c1fe2d218aff6d39b3e1fc847f0ed894e2f0b4d6a4ad03ba42e28bb1dfab645081f548e64ceb8ce15d2214bd66a14fe594aa447c3537eb493299fef0f9326236ea5dae44e23b34801fe06ee16c79545feaf2528421d6e7f9a256a7914d86bd053dc33c8c2043ba73714f5ff5f0507097a56c40b2190e77877d43be849ee2ac129e582930ced06d359eebb49eda4edb13819f91cecc449c9613d9659906179f8fefa34fecb7d21cdaf09a1ce8d094421da80796c97c02fc56171aaba53fd8a7f55de059044717df164f3571028f16995d51fc8829534cdf58dd134def1e43a34e4f5f372fa8e19d3b85881e99ecd45faa4fccfdb47e094ab06955f3960fac71294dd965f24a97cff36b9966cf1a4c3e96c3e14a3951dcc8a3e9371f7e1ae9df77ddb1a99172174adbee8ea57a0c9872a6d677c2875da88a6a7234bebf68a3cc0532a9809a4de4b4d419bff67b0ba825a7ae6e999087155378357ae67e2dd98697f1d10ffa4497dde6582571670456db995228b97d0ecb2fb30c2ba6c16038c40059815c56b35666cc1c5090f6c38e0f4c12abf79919951b85a2734d32dd12b239912d541f9163387a4aa0be0b7a12d9c6b56dbcf1e9aadcfd72e2664a84d6c5147c72bffe7c3560ccd8c447b748dcd26cc9ca2a85cded742a8dccdfd8e78c96e78d405a19faab9e57183b37583f94b3d416b2920c6b746427ed75c08dc3be02720c1edc4743229153c48f1239b222b9fe2e21c0ae28122bc44f9dc78a59f3485ac8057eb21f0857bcfea2d9ebbbcc197e7880d81515bb1cb7192d97c4258c09926d137e245977db40812b253f99a504bb68137d8d73ca4e7c808d50f1dcc600e6a6db90238ff44e075932fe668c066e6988a6a8b4a8485120c8e4d6511268a75d8f9b0f06689aac8cd621e90c62af1e59aa9efe928e9ea098661b408a2825c4f9aac1efd9d54d163a651054b9ab32719d2be3b176f6795ddad0f1310b9237181689f2f9dd34a41d4d4cd2d7569bf56e6a80bc24d90df3bdde0f9649e699f4ef70c4f3faf9553a231215416bba26c29f17861e0f265e9641b2307ed43d6fde23a378669f4ade874e54c20a5e902205dcaa79a3e8584a3f78a86e703451115a1717df882507c607297afac0a056a0f3509a57502fd2ffff6035d04b91f72f5e1a69ddafaf80f7b2f7a13f38c683988436585e6bc7fc2da328449675c234ec0acf5294ce06c72442beba15e65d6a3e1b5dc3c8f115e1005798383f79b0194f6b7d4b1b32371acbf22340af6e5ee3ea840f7ed451226daef3041fc194e051af2fb450022b394c774273b9575c974c324ecd7268435176ee28c54bb54c8e829232ca636f3bdef60ed460b5ff425936626dd16a3f436f08a863582a79f393378f60f6c8ecdd13d83073bfda2e9f8d0c74a841021cbb8c148e70bfc585627449cdd9fb3045db3ea08a96108b52ee8a4f5048a5d910355789f4bb85c1362955e267e719581c38a2648eaa0b516db6277d2ee3c6e1e1090df3f53a31b747d99887e337dadddab16a297d9e56797007a3d18ce333311c70bb1bf45bdae517ffc589419af643773bb30a1fbff7ecd4a8ae7456a608fe73547c2eda4f070d57dc70b65d867526c946a435ea581497da18646ce569eaf6ccf3474cd6e7aa3d6d4732836ff4167c9153757ce58a34864be6d479f7b4ea1d6480b9ac16c5bff346a74e74133234744df867e16b3d2f1f7db4b21b89019b520917ef863e60f52999d6946b9e09cb60054f49d8a255f02e4b62fff6e6adb9a167ea70a177d00b26f56e29b63138a2ebc30b956161a4ab25d5da1c207c3f762714f651341ae771e17d84fa1c86685f2fcb0a128c2e1208d1930e7ff0d8d55299154112af574b881be8b69cc1721d548ad4dc02632e184c47f9b394bf4a834e60fbead8c8bfbf5087f8454513b0b086ac97bbbb9aa342af9def758fe88f1e4570e65f93fd4a9868665d08fac0cf6ebde786995c433504ca01cdf83311aaae20cc76f819a4344a8ee4e26c1094cb00d2c8a67c733fffcd89e97534cacb08a64d75e8594fa31f0dcfcafb0d1bc184c7067fec6a48ddefd580d4d9a4128d8f70f6fc6562da683904766e982ecd0286064db6844131bb7962a0a497f7b97fefad88a0b128bdf8cca774b1c32cb4af259bfebccda036e7e4ea8962838dbb5c04ffab0a2f1481848a27f06171645daf5246a2e563f3ed60097a9d7023d6ba5c8a58d39f733b12baf0863d82c427460f51cf9e3f77281a42221725b7bb75c2116ab31f704661f090d3eeddd2aa6efc619946b4933c398b635fd04ba3758294965c568997e1ef44b0562804e6c64558f6cfa87662a988c321a856ead51c848528a4954f9ff1948d517d67bc11db66801648848bfb7ee12296428bc3ffec863e9c77ff31ee386197679adab2a0e93bbe0c66ffe9c4b09b636f6216faa373aa8271678cc57ad46898222df7e2d8b14a5b70130596c0430997c4c04d9b5187fd9bb26b71fd19aacc8e08a3239f0eebca7b2873062a19f327a4a282012ebf9898a5ab6310b8623c864d4dada3ded00ad201ce8f3973f90396f5edc1ba466e16247fe6b0ee98acfd53792cc0fea33647b841596655b8d9efbc14b50fe0b588e4c41e2cbd0a700529e7ca91122d3d1b26e52bf44a0c9fe37cdbc352357f13b2adc68e78a00f6dc88a8e6ea54bd0b2c8276f9e1bfebc8655a1f47b72c25ffa97f4463630cc21428ca3bb381a6d3171d28bb946f746f820247bf3f7bb69caaeb5c47026ca9997e586e657a9e1569312bb443299ef4cfeacc9aaf4fc3aaa4a77a21579234d2aab6fd0234398ae07ca7c57ac6d6a51e025744b1430abce27f7f9b0d0e45c051e34d20db95cadcc0e4e327dbd979166b33e39a3951d0b8dd62c0d1542b69583cfc07b127243cac4b052cb29ccb3592972698fa4cd84633d222d78b8741d5f903f8636d95cddfe2ef13829df9ce32705edfda51ded2f0ef38f60a33a2e00373107eef56a01acb5e05d849279b5987343c8bbc73ea660ceaf7c9b90c0a8e1412ff3f517cef8fe604d7a26e085170a76e1bf43f5d1bb77ee771fe841d59fe2cc2874d25bf991b4af6bf9ffe1bfbf3a5587006b60bab5bdfd5a3192e82d474ecab0ab656967856c84cba9469c5823c1d1bf104d2a21c071bb08b2a137883dd9c8f545d6958db8efa45263ae303de76e70f2f6a10e1858e6654004f2a099dc31950ee730c465e0a1822935e309d41650fba489aa3050eedbf3f058d24d1f04fc340966e42d72052d84a66789ccf75000c3fc83b8842badd6b22ddaaaf53ed34e25c1b638e3630d66a7903405052902cf8e7395d54679e2f4a2bf7c8c89b0dc38969376ea164fe97b37b1172e6e8f05a929aa373108e891a64e38e18b432a115a44d754811e03c4f4ae7c525a6b9b92aab0d16967ee1a64eeeb2207c094f6aa96f126d058eff22435a4ae76c31f888ee13b327d2cab4ab5a56abf4cae88c583dd67129271708aa17f4f10886ead0e12734314bd4a49e64349beba4abdf94a1fb23a72cf7e16b5af2f1706d9646a5ff7dbf5c7b1cb2c3781346167b15d4625841d9f3d14392db1d39101d37175c42c522229db0708544058d75cebf3e399cd443d1b943c6f3017a898bd49836a8d92519deb810712aed76602682ef0df2be270734eeda7f289a76f4684baf75702a1ac3da005e62b83f794b934cf882db5d50e5ed4aca868e300d690c0b10daf0a47486e9f49d1b08eac6cf5090ddd2443b1459b2df86ab3447b2b5c6afe8aadb410de6a84b640e326eb882832d1a9cb12e0b8f13aef579f404af8631cdd5a30a031dad19cdf247575dd223229330f19fe4d88c51242217397acf66b86c743de283d5df7212fce59af17eb702eccab192f56f054a33709d41841e4a39638e02b4210559593f9b5c44fd22d9da637ef1a3a0a41c40469990dc4beec30a05b67931c0560d9a59fa875f3e26fd1eb32655aa30c7a1cd3d541716fdaacdda206328f3cbc8f16fc2be26690f18963a16febbaf2cb6c199330579ca067c60b54cbdd211c1350e066448fb50ae28ed58788ac98f0ded3414c8735ab90639916e26ab29102cc2609035e56d9b9d2dbc98118835bcf0e437c77052efe2293d9f19b7197aa1b94b10997b0b1efdef251de8945a97fec885f032c3bee2447335230b866d7aef515b04664d0c59e18233f9a229969e3e17d69716413ca3bc55f5959e340627ea803f7b26f4a74295b295344a3685287093998a1ce75b1ed5d730c9aec812617b4c200a0250c9ef8ef7d2fcfc59ef97422eca746bc6451a5b77307d14c1cfa0ea2c8eb7cf7819644577a6456efec0af058a0e3c8ec371019009462bfe174a11368b57fbe3090208a57b2236b97edc32cda5c6fc988cbaaf91c4020a06a7ad45519eaa761e045fc84d3219b287206282347a031ef1e7b7dbc67de738fa8f9fe71c44201fd1d548f8aebe93bf502d64d4b5f470a419e3fcd87f0616b9813048311ed20ac2efd7f18dcd6889542208b50c28c8c0700f73fa33a964e38d699819cab2098c6ff081266721cdced87ff41948c84037485f30d38a99eeeb3ff4c3049742a29eb09bb35c358e732546267c165a62fee9e25abdafdb8a48785bd432d160797e7a41d580f59d7d8e59b3e6b954d39f86db33b8f7cabde43e8e04cac1fcf9aa6fdbe4326e0d9c782d9a630055b36f85c2b8efebf18f42ef14ee5eb1d33ca322db69704f8bb90bf30eb05908b8d8ed169580923f53a6539cc3b55baa47718053d2ff103c23d90f9cb49ddc7d759950f605bafabcb7953c042c0523b84da994529a87ad68fc6f0709fd7af5fc20e53a17d3f5fd4d25fc5ff6598c6ddfc34668a08ee5e066d81a65e7979c50c08febf76dc5a3a405f551bb8449d94ea0dfdad6dd6dd6d6e4486f4ae1d2523c05f46198d8af4da12873ebdf7d6b5f2d0f1b2d29759ab0d78e34ae6f17b7ab83518cf8b18836ea5630ee934e5ecc123f0d3fe6b803ae1f735d65dcadcaaf6660e02ecad0290f6ead0594733a10b2b1654a44244424fa8b3180b551ac401828203e61603b017106e2256f01b9f26db33897167d9defb54ddfe49334150574493895370bad46cc658667aa9a8ed333c86f112b2a542936af92e2f933254b6fb0b1a599eec3bf2e476ae6714e2486dd31b29e4d26838d84bd7a62c62beab3ba71642278ecaf2e50d70670d9fdff105019791d36321bc57fdfd8f65f2ea1cb188035ecabf6140e777b7e6d2177ac29e9a1a2f87dd54d96184bb1a855bd9efdadfc606f13621f40e07cd8be9c2435c8c90b4ccba5eb7ddcf8cf1f76617c9a9e011abf4a63ffe31df63ecacb8b1d2d653e613cb399ce079392f9ca2e226c60b6e8103447c24c1f80d42e1ee747997602ae3ccff8f9f98ce9b56f6f3e3c0ba507df8b2169539cfc946c42da72644feb9b3b582ce332f8b2eda02192958194903d17b3e9b4bd60d08cd9a7989d946ece6d8dc01d6b66a7851bb11e4b075d38081d3ce7bf1875fec9daf47a589abdb72763c9747b83a28389238b0279c8e41db6521130420851acac463664a97be2190aff921923475f2c1f8a87d1169229e5f10dd0a92221e61358b156020f2c9ca2cb6580743a8d5e3c59e6fd97a7a246211450c7c62f1891cedb434102f8794d81c1caf2c1b4ae18b7c4b9c88de5c51da33e3343cef76da0d00341c2e60c4562c162e41a7efa8290cc9061f3d6a592d5f104c5018f31bcaf912bdd37370fbf8fedf0aa9026c1142299197d67ab026756927b5864ea42c45a82c23c275697d31a1b7900670c9a3c967d12974543c11f20c367a336bea9b9ebe480f9c806528138dff35c5f56b1199b75748e9c5cf50e6a32397dc3eeb04c3636c0848a5e13df8a9758bacea231f34cba13b466360b0dec69f74f8bf9a2dcf3dd94fa3a7d27e8caae00240559d75875ef9c619416593ca0072e7f38caae5a530c62dbe00e38c12cb8b924d63fca4d5c3a4c8f50e8f4f86fc1fe2b163219c46c21eb783e587e18e07ab7e1927a646c4f154c5000cb65ce9528457c3c66f43d9ab7d61580df0ecfb31cb38e4cbcdc3dafcca57311abec6b74048c8b74505ba678a4db07ed7243c70a821aee66a487bf91fd273418f8ef657d1eeb9ea6f095d47641e9f9fa30599e8b9c6b4453a1a5e8afd86fcafb46dd095fa4a98a2b26470e2c799b08c6000f5c3c4e28961463724377f37813f3922484fda986eb7c93ae8365baf648acbb344ca7e044d7ba93e7ba35c31085f3f99c5fdb2f9f2845f00b8590395e8ff730b86f5dd7f52297b8ecd5d5a6bb452bcd12b98d6adb27e7ef0e84b9567c66093ca3edab7e64ac4f56360501d81823ea2b1595f934c5f61c8558304c16154109a983a2af8725c7af91b5bc57e555768aa8115236a6ccc921d472b608eb6b82c4ba3747d79027d7856fae5369aa325df6a76138a5b41a94377eeeb251087e0b8510d8890e3f7a0cffaeddb9d2c29bc89f952489f82ee2e2b485cd297e6d30683701623cf73ee9ee606baeae9c3afba287eff57731b9cfaf034b1f56c8b31a32a1078c4fcab298c3f925a8e7cacceb9edf7ba2e54d31033a25462021e4a3c0bf5af341b462ee4417024da7c12c7f385de3af129aef1338a9c1fd68323d07ff47ec8bcca66b44300624d02c9202a2d093c3c85fd922b57b3bd14162c8ca5690734b7e4e4b8980b73a8e9908a9fa3dd508b30e3b1e1fd4ec388affa27c4bc26ca2820e0a902d51ff94984e8894fa5fca7b8704b7600ca6d6b1b1527ea999fcdf8fe3b290ec0036cad222f92cf8a5a54d0fa91de6e74ef61f60a233c9f15fdc86226c3f688de15ed8f0c3f1bc3afcad87cee47a19384afc6a804f197339ebce4aca211dbe0504a000755d18f20c4ecacd4123acdff7653cbb26456499495662508c8186afb883f5481c6bdf88cf137e263bde9d62f054573e0d1454cc119c95d4d9011332bd77682f79debcf5c21f0be7e9a83a58cec34e7cfb17a8122e030669228e4d3d9e274a678c5b77e6180aacc2fa8eb9952c5b04de6b2c7bee591badab96a3c3248c275b5b8faf5394eacc427a840570033be5006c33ce2d2c6e54f08681c3f74ad2fe54bca6dc62a9d84f6c58509c1e5dd5cfcc7a358493d428de48dfc1bc3f74154801c97e6aae38445045320b4cf66c1e56eb6ea2c1218de65f120b463c5cfb9255b3a25eb6e848cbd977f0605d71c561c2a754f5761c31f84101ee8178782cc8cf70b41a2204c5cb2f3134d572327fe4bbc1792249dfcf0ae7ba5d81fb5ae4a7978d044085f3b7f2e398c05733e2bf456cae898f8b5a81e9c79179bb5ca716713fce643dabe21eaee4386e646e25ad3adc5a4ad40f9bd6743f5f742efb1a674ffdbd2ced56c646ae590eb8f10283b47f57e6f96ad76adebecb24df74020b096fdee3c8d780d563a915f73c8b0246b861cd3a8580d5cf75798e8cf1c5875724661a39277e7165fe48ed8d5e6a20d68239f626fe8ea434a4e6e03ea434ec68c4b92a0fc2af15a135d6cbaeeca39a0c1896dab33daac", 0x2000, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90}, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x0, {0x5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, r2, 0x10c}}}, 0x0, 0x0, 0x0, 0x0}) open(&(0x7f00000001c0)='./file0/file0\x00', 0x0, 0x0) 935.984µs ago: executing program 1 (id=6167): creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}}) chmod(&(0x7f0000000140)='./file0\x00', 0x0) r3 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0) write$binfmt_misc(r3, &(0x7f0000000300), 0x4) truncate(&(0x7f0000000080)='./file0\x00', 0x800) 786.382µs ago: executing program 2 (id=6168): socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) connect$pptp(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, 0x0, 0x0) 561.714µs ago: executing program 0 (id=6169): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000001010101000000000000000002000000040001801800028014000180080001007f00000108000200ac1414aa140019800800010004000000080002"], 0x44}}, 0x0) sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="34000000060601020000000000000000050000010500012c070000000900020073797a32000000000900030007000000"], 0x34}, 0x1, 0x0, 0x0, 0x40000000}, 0x44010) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000040)=ANY=[@ANYBLOB="280000001800000000000000000000000200"/28], 0x28}}, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00000000000000000000090000000c000180080001"], 0x20}}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="d81400003d00010027bd82000000000002"], 0x14d8}}, 0x0) 201.505µs ago: executing program 1 (id=6170): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000300)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x4c, 0x0, &(0x7f0000000340)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000440)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000001c0)={0x30, 0x30, 0x30}}}], 0x2a, 0x0, &(0x7f0000000600)="4bb16fc96dcf827965e297e4bcdc4cc27c7f5cce42d3404ebf85cb80c1e0f1800190544fb4577f9c7b13"}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000500)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) 0s ago: executing program 2 (id=6171): creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_mmap}], [], 0x6b}}) chmod(&(0x7f0000000140)='./file0\x00', 0x0) r3 = open$dir(0x0, 0x1, 0x0) write$binfmt_misc(r3, &(0x7f0000000300), 0x4) ftruncate(r3, 0x0) kernel console output (not intermixed with test programs): der: 6164:6248 ioctl 810c9365 20000980 returned -22 [ 1179.278925][ T7434] netlink: 'syz.2.3551': attribute type 4 has an invalid length. [ 1179.282989][ T7434] netlink: 'syz.2.3551': attribute type 4 has an invalid length. [ 1183.375723][ T8656] netlink: 'syz.3.3570': attribute type 4 has an invalid length. [ 1183.379720][ T8656] netlink: 'syz.3.3570': attribute type 4 has an invalid length. [ 1185.366129][ T9813] netlink: 'syz.0.3587': attribute type 4 has an invalid length. [ 1185.372312][ T9813] netlink: 'syz.0.3587': attribute type 4 has an invalid length. [ 1185.814619][T10061] netlink: 'syz.0.3590': attribute type 4 has an invalid length. [ 1185.847309][T10061] netlink: 'syz.0.3590': attribute type 4 has an invalid length. [ 1186.466194][T10436] netlink: 'syz.3.3596': attribute type 4 has an invalid length. [ 1186.504415][T10436] netlink: 'syz.3.3596': attribute type 4 has an invalid length. [ 1187.247522][T10811] netlink: 'syz.2.3602': attribute type 4 has an invalid length. [ 1187.280091][T10811] netlink: 'syz.2.3602': attribute type 4 has an invalid length. [ 1188.199155][T11064] netlink: 'syz.0.3607': attribute type 4 has an invalid length. [ 1188.226603][T11064] netlink: 'syz.0.3607': attribute type 4 has an invalid length. [ 1192.683911][T12333] netlink: 'syz.1.3630': attribute type 4 has an invalid length. [ 1192.690787][T12333] netlink: 'syz.1.3630': attribute type 4 has an invalid length. [ 1194.677352][T12963] netlink: 'syz.2.3642': attribute type 4 has an invalid length. [ 1194.695906][T12963] netlink: 'syz.2.3642': attribute type 4 has an invalid length. [ 1195.225567][T13392] netlink: 'syz.3.3651': attribute type 4 has an invalid length. [ 1195.238468][T13392] netlink: 'syz.3.3651': attribute type 4 has an invalid length. [ 1195.530029][T13591] cgroup: fork rejected by pids controller in /syz3 [ 1196.976341][T14326] netlink: 'syz.3.3665': attribute type 4 has an invalid length. [ 1197.004559][T14326] netlink: 'syz.3.3665': attribute type 4 has an invalid length. [ 1197.489927][T14745] netlink: 'syz.0.3671': attribute type 4 has an invalid length. [ 1197.511585][T14745] netlink: 'syz.0.3671': attribute type 4 has an invalid length. [ 1197.890148][T14954] netlink: 'syz.3.3676': attribute type 4 has an invalid length. [ 1197.903268][T14954] netlink: 'syz.3.3676': attribute type 4 has an invalid length. [ 1198.911056][T15794] netlink: 'syz.1.3690': attribute type 4 has an invalid length. [ 1198.976171][T15794] netlink: 'syz.1.3690': attribute type 4 has an invalid length. [ 1199.220418][T16106] netlink: 'syz.0.3695': attribute type 4 has an invalid length. [ 1199.232490][T16106] netlink: 'syz.0.3695': attribute type 4 has an invalid length. [ 1199.480762][T16217] netlink: 'syz.3.3700': attribute type 4 has an invalid length. [ 1199.511948][T16217] netlink: 'syz.3.3700': attribute type 4 has an invalid length. [ 1200.466715][T16943] netlink: 'syz.3.3711': attribute type 4 has an invalid length. [ 1200.477272][T16943] netlink: 'syz.3.3711': attribute type 4 has an invalid length. [ 1200.556793][T17010] binder: 17007:17010 ioctl 810c9365 20000980 returned -22 [ 1201.676297][T17466] binder: 17465:17466 ioctl 810c9365 20000980 returned -22 [ 1205.348557][T19594] validate_nla: 2 callbacks suppressed [ 1205.348568][T19594] netlink: 'syz.2.3752': attribute type 4 has an invalid length. [ 1205.363711][T19594] netlink: 'syz.2.3752': attribute type 4 has an invalid length. [ 1206.615876][T20269] netlink: 'syz.3.3766': attribute type 4 has an invalid length. [ 1206.619274][T20269] netlink: 'syz.3.3766': attribute type 4 has an invalid length. [ 1206.941096][T20349] netlink: 'syz.2.3769': attribute type 4 has an invalid length. [ 1206.956842][T20349] netlink: 'syz.2.3769': attribute type 4 has an invalid length. [ 1207.263845][T20570] netlink: 'syz.2.3772': attribute type 4 has an invalid length. [ 1207.288013][ T4779] Bluetooth: hci0: command 0x0406 tx timeout [ 1207.298596][T20570] netlink: 'syz.2.3772': attribute type 4 has an invalid length. [ 1208.264681][T20893] netlink: 'syz.0.3776': attribute type 4 has an invalid length. [ 1208.269806][T20893] netlink: 'syz.0.3776': attribute type 4 has an invalid length. [ 1210.495627][T21843] validate_nla: 8 callbacks suppressed [ 1210.495740][T21843] netlink: 'syz.3.3795': attribute type 4 has an invalid length. [ 1210.513757][T21843] netlink: 'syz.3.3795': attribute type 4 has an invalid length. [ 1211.236460][T22258] netlink: 'syz.2.3802': attribute type 4 has an invalid length. [ 1211.263517][T22258] netlink: 'syz.2.3802': attribute type 4 has an invalid length. [ 1211.359522][T22262] netlink: 'syz.2.3804': attribute type 4 has an invalid length. [ 1211.380766][T22262] netlink: 'syz.2.3804': attribute type 4 has an invalid length. [ 1211.657358][T22370] netlink: 'syz.1.3809': attribute type 4 has an invalid length. [ 1211.683776][T22370] netlink: 'syz.1.3809': attribute type 4 has an invalid length. [ 1212.850597][T23197] netlink: 'syz.3.3819': attribute type 4 has an invalid length. [ 1212.865912][T23197] netlink: 'syz.3.3819': attribute type 4 has an invalid length. [ 1215.244797][T24990] netlink: 399 bytes leftover after parsing attributes in process `syz.0.3857'. [ 1215.498196][ T1282] usb 5-1: new high-speed USB device number 84 using dummy_hcd [ 1215.652282][ T1282] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1215.655190][ T1282] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1215.658628][ T1282] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1215.661358][ T1282] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1215.668926][ T1282] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1215.672218][ T1282] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1215.674994][ T1282] usb 5-1: Product: syz [ 1215.676439][ T1282] usb 5-1: Manufacturer: syz [ 1215.683993][ T1282] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1215.889664][T12406] usb 5-1: USB disconnect, device number 84 [ 1216.413542][T25797] validate_nla: 13 callbacks suppressed [ 1216.413560][T25797] netlink: 'syz.2.3867': attribute type 4 has an invalid length. [ 1216.454127][T25797] netlink: 'syz.2.3867': attribute type 4 has an invalid length. [ 1217.303374][T26315] netlink: 'syz.0.3878': attribute type 4 has an invalid length. [ 1217.318379][T26315] netlink: 'syz.0.3878': attribute type 4 has an invalid length. [ 1217.705927][T26776] netlink: 'syz.3.3883': attribute type 4 has an invalid length. [ 1217.721118][T26776] binder: 26765:26776 ioctl 810c9365 20000980 returned -22 [ 1217.895367][T26785] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3888'. [ 1218.155686][T27095] netlink: 'syz.3.3892': attribute type 4 has an invalid length. [ 1218.162879][T27095] netlink: 'syz.3.3892': attribute type 4 has an invalid length. [ 1218.548181][T27427] netlink: 'syz.1.3899': attribute type 4 has an invalid length. [ 1218.583931][T27427] netlink: 'syz.1.3899': attribute type 4 has an invalid length. [ 1218.858741][T27626] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3902'. [ 1219.393834][T28044] netlink: 'syz.3.3909': attribute type 4 has an invalid length. [ 1219.581819][T28050] binder: 28049:28050 ioctl 810c9365 20000980 returned -22 [ 1223.287997][ T4779] Bluetooth: hci0: command 0x0406 tx timeout [ 1224.750689][T30335] validate_nla: 2 callbacks suppressed [ 1224.750707][T30335] netlink: 'syz.3.3943': attribute type 9 has an invalid length. [ 1224.755144][T30335] netlink: 399 bytes leftover after parsing attributes in process `syz.3.3943'. [ 1225.018098][T12406] usb 8-1: new high-speed USB device number 99 using dummy_hcd [ 1225.199745][T12406] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1225.202682][T12406] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1225.206056][T12406] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1225.215587][T12406] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1225.224078][T12406] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1225.227353][T12406] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1225.230506][T12406] usb 8-1: Product: syz [ 1225.232099][T12406] usb 8-1: Manufacturer: syz [ 1225.243899][T12406] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1225.449582][T21111] usb 8-1: USB disconnect, device number 99 [ 1227.807712][T32271] netlink: 'syz.2.3972': attribute type 9 has an invalid length. [ 1227.811617][T32271] netlink: 399 bytes leftover after parsing attributes in process `syz.2.3972'. [ 1228.048012][T26982] usb 7-1: new high-speed USB device number 48 using dummy_hcd [ 1228.221356][T26982] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1228.224444][T26982] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1228.247984][T26982] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1228.250636][T26982] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1228.271908][T26982] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1228.275710][T26982] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1228.288040][T26982] usb 7-1: Product: syz [ 1228.289682][T26982] usb 7-1: Manufacturer: syz [ 1228.304414][T26982] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1228.323645][T32431] netlink: 'syz.0.3976': attribute type 4 has an invalid length. [ 1228.335497][T32431] binder: 32430:32431 ioctl 810c9365 20000980 returned -22 [ 1228.510795][T26982] usb 7-1: USB disconnect, device number 48 [ 1230.413982][ T433] netlink: 'syz.0.3984': attribute type 4 has an invalid length. [ 1230.422988][ T433] binder: 355:433 ioctl 810c9365 20000980 returned -22 [ 1230.764606][ T587] netlink: 'syz.0.3986': attribute type 4 has an invalid length. [ 1230.784321][ T587] binder: 567:587 ioctl 810c9365 20000980 returned -22 [ 1233.441127][ T1373] netlink: 'syz.3.3998': attribute type 4 has an invalid length. [ 1233.444981][ T1373] netlink: 'syz.3.3998': attribute type 4 has an invalid length. [ 1236.903864][ T2771] netlink: 'syz.0.4019': attribute type 4 has an invalid length. [ 1236.907386][ T2771] netlink: 'syz.0.4019': attribute type 4 has an invalid length. [ 1239.887673][ T4151] netlink: 'syz.0.4048': attribute type 4 has an invalid length. [ 1239.897391][ T4151] binder: 4147:4151 ioctl 810c9365 20000980 returned -22 [ 1241.593766][ T5292] netlink: 'syz.2.4064': attribute type 9 has an invalid length. [ 1241.596481][ T5292] netlink: 399 bytes leftover after parsing attributes in process `syz.2.4064'. [ 1241.857998][T27857] usb 7-1: new high-speed USB device number 49 using dummy_hcd [ 1242.029247][T27857] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1242.032088][T27857] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1242.035190][T27857] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1242.038076][T27857] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1242.043013][T27857] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1242.045841][T27857] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1242.047788][T27857] usb 7-1: Product: syz [ 1242.049205][T27857] usb 7-1: Manufacturer: syz [ 1242.055224][T27857] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1242.115467][ T5854] netlink: 'syz.3.4069': attribute type 4 has an invalid length. [ 1242.130789][ T5854] binder: 5852:5854 ioctl 810c9365 20000980 returned -22 [ 1242.280999][T27857] usb 7-1: USB disconnect, device number 49 [ 1243.150670][ T6628] binder: 6615:6628 ioctl 4018620d 0 returned -22 [ 1243.841972][ T7360] binder: 7355:7360 ioctl 4018620d 0 returned -22 [ 1247.284675][ T9208] netlink: 'syz.3.4114': attribute type 9 has an invalid length. [ 1247.287682][ T9208] netlink: 399 bytes leftover after parsing attributes in process `syz.3.4114'. [ 1247.336588][ T9242] binder: 9239:9242 ioctl c0306201 0 returned -14 [ 1247.529628][T27857] usb 8-1: new high-speed USB device number 100 using dummy_hcd [ 1247.679406][T27857] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1247.681676][T27857] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1247.684495][T27857] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1247.687278][T27857] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1247.693528][T27857] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1247.696812][T27857] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1247.700293][T27857] usb 8-1: Product: syz [ 1247.701610][T27857] usb 8-1: Manufacturer: syz [ 1247.708489][T27857] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1247.917115][T27857] usb 8-1: USB disconnect, device number 100 [ 1248.216081][T10010] binder: 10007:10010 ioctl c0306201 0 returned -14 [ 1259.306142][T16135] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1275.115489][T22662] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1276.244232][T23422] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1276.727968][ T4779] Bluetooth: hci0: command 0x0406 tx timeout [ 1278.848108][ T4779] Bluetooth: hci0: command 0x0406 tx timeout [ 1280.693336][T24878] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1281.879040][T25185] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1283.602171][T26124] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1286.498130][T27471] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1288.681933][T28221] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1291.128088][ T4779] Bluetooth: hci0: command 0x0406 tx timeout [ 1291.140429][T30249] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1294.867130][T32245] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1295.115829][T31827] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1301.003443][ T2209] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1302.272224][ T2450] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1303.682511][ T3182] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1306.836245][ T4359] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1309.202532][ T5776] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1311.190613][ T6522] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1312.628591][ T7094] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1316.567332][ T8570] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1319.435525][T10148] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1320.765799][T10763] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1325.619702][T12832] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1326.838276][T14071] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1327.156993][T14068] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1328.733904][T14490] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1330.306008][T15727] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1331.246786][T16138] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1332.643546][T17879] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1333.663279][T18294] netlink: 344 bytes leftover after parsing attributes in process `syz.1.4644'. [ 1334.929104][T19122] netlink: 344 bytes leftover after parsing attributes in process `syz.3.4653'. [ 1336.003778][T19525] 9pnet_fd: Insufficient options for proto=fd [ 1336.313807][T19627] netlink: 344 bytes leftover after parsing attributes in process `syz.3.4659'. [ 1338.168176][T19629] Bluetooth: hci4: command 0x1003 tx timeout [ 1338.171437][ T4779] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1340.080171][T22498] netlink: 344 bytes leftover after parsing attributes in process `syz.1.4687'. [ 1341.285046][T22793] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1342.003825][T23323] netlink: 344 bytes leftover after parsing attributes in process `syz.2.4695'. [ 1344.651065][T24660] netlink: 344 bytes leftover after parsing attributes in process `syz.1.4709'. [ 1345.419336][T24970] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 1346.409431][T25074] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1347.461954][T25384] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1347.916112][T26165] netlink: 344 bytes leftover after parsing attributes in process `syz.2.4725'. [ 1348.791068][T26428] netlink: 344 bytes leftover after parsing attributes in process `syz.3.4728'. [ 1350.363956][T27374] netlink: 344 bytes leftover after parsing attributes in process `syz.3.4739'. [ 1351.395179][T27884] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1351.520265][T28301] netlink: 344 bytes leftover after parsing attributes in process `syz.0.4748'. [ 1353.655712][T30050] netlink: 344 bytes leftover after parsing attributes in process `syz.2.4765'. [ 1354.650848][T30365] netlink: 344 bytes leftover after parsing attributes in process `syz.1.4768'. [ 1355.600772][T30573] netlink: 344 bytes leftover after parsing attributes in process `syz.0.4772'. [ 1356.902890][T31087] netlink: 344 bytes leftover after parsing attributes in process `syz.3.4776'. [ 1358.855748][T32070] netlink: 344 bytes leftover after parsing attributes in process `syz.3.4787'. [ 1360.138349][T32421] netlink: 344 bytes leftover after parsing attributes in process `syz.3.4789'. [ 1361.396010][ T379] netlink: 344 bytes leftover after parsing attributes in process `syz.2.4796'. [ 1362.827399][ T900] netlink: 344 bytes leftover after parsing attributes in process `syz.1.4803'. [ 1362.859358][ T1146] netlink: 344 bytes leftover after parsing attributes in process `syz.3.4804'. [ 1363.641253][ T1354] netlink: 344 bytes leftover after parsing attributes in process `syz.0.4805'. [ 1364.331951][ T1463] netlink: 344 bytes leftover after parsing attributes in process `syz.1.4806'. [ 1365.048432][ T1669] netlink: 344 bytes leftover after parsing attributes in process `syz.2.4808'. [ 1366.556985][ T2083] netlink: 344 bytes leftover after parsing attributes in process `syz.3.4814'. [ 1369.906913][ T4348] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1370.056179][ T4477] netlink: 344 bytes leftover after parsing attributes in process `syz.2.4839'. [ 1370.995047][ T4480] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1371.868993][ T4962] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1372.122281][ T5081] netlink: 344 bytes leftover after parsing attributes in process `syz.1.4849'. [ 1372.142036][ T5083] netlink: 344 bytes leftover after parsing attributes in process `syz.2.4848'. [ 1373.453006][ T5304] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1373.456196][ T5300] netlink: 344 bytes leftover after parsing attributes in process `syz.2.4850'. [ 1374.451647][ T5306] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1374.939572][ T5750] netlink: 344 bytes leftover after parsing attributes in process `syz.3.4855'. [ 1375.675635][ T5977] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1376.191022][ T6304] netlink: 344 bytes leftover after parsing attributes in process `syz.1.4860'. [ 1376.802335][ T6723] netlink: 344 bytes leftover after parsing attributes in process `syz.3.4865'. [ 1379.505297][ T7161] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1379.608988][ T7689] netlink: 344 bytes leftover after parsing attributes in process `syz.1.4878'. [ 1381.142722][ T8465] netlink: 344 bytes leftover after parsing attributes in process `syz.1.4885'. [ 1382.544728][ T8870] netlink: 344 bytes leftover after parsing attributes in process `syz.3.4889'. [ 1384.101106][ T9363] netlink: 344 bytes leftover after parsing attributes in process `syz.2.4895'. [ 1386.413565][ T9827] netlink: 344 bytes leftover after parsing attributes in process `syz.2.4903'. [ 1386.563719][ T9716] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1388.960425][T11228] 9pnet_fd: Insufficient options for proto=fd [ 1389.031521][ T12] Bluetooth: hci4: Frame reassembly failed (-84) [ 1391.058995][T19629] Bluetooth: hci4: command 0x1003 tx timeout [ 1391.060028][ T4779] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1392.881387][T12304] netlink: 344 bytes leftover after parsing attributes in process `syz.0.4928'. [ 1393.052597][T12363] netlink: 344 bytes leftover after parsing attributes in process `syz.3.4929'. [ 1395.129216][T13284] netlink: 344 bytes leftover after parsing attributes in process `syz.0.4937'. [ 1396.460510][T13673] netlink: 344 bytes leftover after parsing attributes in process `syz.0.4941'. [ 1397.019786][T13905] netlink: 344 bytes leftover after parsing attributes in process `syz.1.4943'. [ 1398.698301][T14626] netlink: 344 bytes leftover after parsing attributes in process `syz.2.4950'. [ 1399.926877][T15027] netlink: 344 bytes leftover after parsing attributes in process `syz.2.4954'. [ 1401.340655][T15545] netlink: 344 bytes leftover after parsing attributes in process `syz.1.4961'. [ 1401.639016][T15543] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1403.576780][T16545] netlink: 344 bytes leftover after parsing attributes in process `syz.0.4971'. [ 1406.207638][T17395] netlink: 344 bytes leftover after parsing attributes in process `syz.3.4979'. [ 1407.484730][T17573] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1407.535073][T17844] netlink: 344 bytes leftover after parsing attributes in process `syz.0.4984'. [ 1407.767234][T18000] netlink: 344 bytes leftover after parsing attributes in process `syz.3.4985'. [ 1409.845267][T18522] netlink: 344 bytes leftover after parsing attributes in process `syz.1.4991'. [ 1415.238409][T20394] netlink: 344 bytes leftover after parsing attributes in process `syz.1.5011'. [ 1415.379131][T20349] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1416.058941][T20458] netlink: 344 bytes leftover after parsing attributes in process `syz.0.5012'. [ 1419.128955][T21590] netlink: 344 bytes leftover after parsing attributes in process `syz.2.5025'. [ 1420.346496][T21860] netlink: 344 bytes leftover after parsing attributes in process `syz.0.5027'. [ 1423.829404][T23634] netlink: 344 bytes leftover after parsing attributes in process `syz.2.5045'. [ 1424.385597][T23740] netlink: 344 bytes leftover after parsing attributes in process `syz.3.5047'. [ 1430.245449][T19629] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1430.251177][T19629] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1430.265164][T19629] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1430.268662][T19629] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1430.271099][T19629] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1430.273792][T19629] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1431.032522][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1431.035874][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1431.065647][T25971] chnl_net:caif_netlink_parms(): no params data found [ 1431.153194][T26314] netlink: 344 bytes leftover after parsing attributes in process `syz.2.5074'. [ 1431.184009][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1431.188770][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1431.422979][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1431.427731][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1431.439511][T25971] bridge0: port 1(bridge_slave_0) entered blocking state [ 1431.442538][T25971] bridge0: port 1(bridge_slave_0) entered disabled state [ 1431.445436][T25971] bridge_slave_0: entered allmulticast mode [ 1431.452401][T25971] bridge_slave_0: entered promiscuous mode [ 1431.472502][T25971] bridge0: port 2(bridge_slave_1) entered blocking state [ 1431.475377][T25971] bridge0: port 2(bridge_slave_1) entered disabled state [ 1431.485259][T25971] bridge_slave_1: entered allmulticast mode [ 1431.497929][T25971] bridge_slave_1: entered promiscuous mode [ 1431.529561][ T11] netdevsim netdevsim3  (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1431.534603][ T11] netdevsim netdevsim3  (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1431.801885][T25971] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1431.823116][T25971] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1432.352579][ T4779] Bluetooth: hci4: command tx timeout [ 1432.578379][T25971] team0: Port device team_slave_0 added [ 1432.660777][T25971] team0: Port device team_slave_1 added [ 1432.667281][ T11] bridge_slave_0: left allmulticast mode [ 1432.671222][ T11] bridge_slave_0: left promiscuous mode [ 1432.679358][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1432.707499][T26664] netlink: 344 bytes leftover after parsing attributes in process `syz.2.5077'. [ 1433.204497][T26625] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1433.743086][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1433.767738][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1433.784157][ T11] bond0 (unregistering): Released all slaves [ 1433.930987][T25971] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1433.933201][T25971] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1433.945157][T25971] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1433.950751][T25971] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1433.952793][T25971] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1433.962382][T25971] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1434.052533][T25971] hsr_slave_0: entered promiscuous mode [ 1434.054923][T25971] hsr_slave_1: entered promiscuous mode [ 1434.057765][T25971] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1434.068144][T25971] Cannot create hsr debugfs directory [ 1434.340984][ T11] hsr_slave_0: left promiscuous mode [ 1434.343819][ T11] hsr_slave_1: left promiscuous mode [ 1434.347239][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1434.355267][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1434.376263][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1434.379155][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1434.408762][ T4779] Bluetooth: hci4: command tx timeout [ 1434.437544][ T11] veth1_macvtap: left promiscuous mode [ 1434.440569][ T11] veth0_macvtap: left promiscuous mode [ 1434.442571][ T11] veth1_vlan: left promiscuous mode [ 1434.445098][ T11] veth0_vlan: left promiscuous mode [ 1434.951159][ T11] team0 (unregistering): Port device vlan0 removed [ 1435.813388][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1436.019284][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1436.491972][ T4779] Bluetooth: hci4: command tx timeout [ 1437.056459][T27247] netlink: 344 bytes leftover after parsing attributes in process `syz.0.5082'. [ 1438.359340][ T11] IPVS: stop unused estimator thread 0... [ 1438.486318][T25971] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1438.500226][T25971] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1438.520853][T25971] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1438.529445][T25971] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1438.568055][ T4779] Bluetooth: hci4: command tx timeout [ 1438.736326][T25971] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1438.789730][T27575] netlink: 344 bytes leftover after parsing attributes in process `syz.2.5087'. [ 1438.868777][T25971] 8021q: adding VLAN 0 to HW filter on device team0 [ 1438.885785][T26799] bridge0: port 1(bridge_slave_0) entered blocking state [ 1438.888483][T26799] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1438.905491][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 1438.908087][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1438.944091][T25971] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1438.947035][T25971] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1439.088833][T25971] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1439.111734][T25971] veth0_vlan: entered promiscuous mode [ 1439.115709][T25971] veth1_vlan: entered promiscuous mode [ 1439.142244][T25971] veth0_macvtap: entered promiscuous mode [ 1439.151629][T25971] veth1_macvtap: entered promiscuous mode [ 1439.168760][T25971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1439.171698][T25971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1439.174213][T25971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1439.176917][T25971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1439.185963][T25971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1439.191005][T25971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1439.195266][T25971] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1439.214929][T25971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1439.217675][T25971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1439.220245][T25971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1439.223013][T25971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1439.226038][T25971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1439.239049][T25971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1439.242289][T25971] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1439.246801][T25971] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1439.251110][T25971] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1439.253380][T25971] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1439.255673][T25971] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1439.365951][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1439.377858][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1439.414218][T26799] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1439.416649][T26799] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1439.504810][T27852] netlink: 344 bytes leftover after parsing attributes in process `syz.3.5066'. [ 1440.506013][T19629] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1440.514648][T19629] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1440.518074][T19629] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1440.526994][T19629] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1440.532965][T19629] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1440.537355][T19629] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1440.738948][T28046] chnl_net:caif_netlink_parms(): no params data found [ 1441.616593][T28046] bridge0: port 1(bridge_slave_0) entered blocking state [ 1441.628268][T28046] bridge0: port 1(bridge_slave_0) entered disabled state [ 1441.630876][T28046] bridge_slave_0: entered allmulticast mode [ 1441.638152][T28046] bridge_slave_0: entered promiscuous mode [ 1441.645113][T28046] bridge0: port 2(bridge_slave_1) entered blocking state [ 1441.647462][T28046] bridge0: port 2(bridge_slave_1) entered disabled state [ 1441.650168][T28046] bridge_slave_1: entered allmulticast mode [ 1441.654074][T28046] bridge_slave_1: entered promiscuous mode [ 1441.811001][T28340] 9pnet_fd: Insufficient options for proto=fd [ 1441.887154][ T4779] Bluetooth: hci1: sending frame failed (-49) [ 1441.891999][T19629] Bluetooth: hci1: Opcode 0x1003 failed: -49 [ 1441.895275][T28046] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1441.967545][T28046] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1442.047610][T28046] team0: Port device team_slave_0 added [ 1442.059108][T28046] team0: Port device team_slave_1 added [ 1442.184273][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1442.193702][T28046] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1442.196324][T28046] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1442.206334][T28046] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1442.211167][T28046] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1442.213407][T28046] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1442.228837][T28046] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1442.268084][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1442.304430][T28046] hsr_slave_0: entered promiscuous mode [ 1442.306875][T28046] hsr_slave_1: entered promiscuous mode [ 1442.311171][T28046] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1442.313203][T28046] Cannot create hsr debugfs directory [ 1442.364743][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1442.457160][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1442.575983][ T11] bridge_slave_0: left allmulticast mode [ 1442.578170][T19629] Bluetooth: hci2: command tx timeout [ 1442.580075][ T11] bridge_slave_0: left promiscuous mode [ 1442.583831][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1442.986648][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1443.002879][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1443.009662][ T11] bond0 (unregistering): Released all slaves [ 1443.492367][ T11] hsr_slave_0: left promiscuous mode [ 1443.501274][ T11] hsr_slave_1: left promiscuous mode [ 1443.503605][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1443.505652][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1443.511335][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1443.514161][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1443.569026][ T11] veth1_macvtap: left promiscuous mode [ 1443.571158][ T11] veth0_macvtap: left promiscuous mode [ 1443.573569][ T11] veth1_vlan: left promiscuous mode [ 1443.576350][ T11] veth0_vlan: left promiscuous mode [ 1444.029763][ T11] team0 (unregistering): Port device vlan0 removed [ 1444.648018][T19629] Bluetooth: hci2: command tx timeout [ 1444.973441][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1445.107302][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1446.294898][T28046] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1446.317296][T28046] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1446.324361][T28046] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1446.330642][T28046] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1446.431667][T28046] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1446.448056][T28046] 8021q: adding VLAN 0 to HW filter on device team0 [ 1446.455303][ T6780] bridge0: port 1(bridge_slave_0) entered blocking state [ 1446.457833][ T6780] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1446.470707][ T1104] bridge0: port 2(bridge_slave_1) entered blocking state [ 1446.473217][ T1104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1446.673570][T28046] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1446.715354][T28046] veth0_vlan: entered promiscuous mode [ 1446.728174][T19629] Bluetooth: hci2: command tx timeout [ 1446.751613][T28046] veth1_vlan: entered promiscuous mode [ 1446.769521][T28046] veth0_macvtap: entered promiscuous mode [ 1446.776425][T28046] veth1_macvtap: entered promiscuous mode [ 1446.796459][T28046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1446.801883][T28046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1446.805463][T28046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1446.809443][T28046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1446.812903][T28046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1446.816694][T28046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1446.824919][T28046] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1446.836546][T28046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1446.840552][T28046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1446.843823][T28046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1446.847088][T28046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1446.849889][T28046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1446.853104][T28046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1446.857325][T28046] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1446.863775][T28046] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1446.867068][T28046] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1446.870405][T28046] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1446.873188][T28046] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1446.923489][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1446.926275][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1446.948194][ T1104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1446.952821][ T1104] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1448.083261][ T4779] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1448.089520][ T4779] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1448.098195][ T4779] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1448.133864][ T4779] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1448.136983][ T4779] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1448.139687][ T4779] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1448.328637][T28974] chnl_net:caif_netlink_parms(): no params data found [ 1448.446574][T28982] 9pnet_fd: Insufficient options for proto=fd [ 1448.680783][T28974] bridge0: port 1(bridge_slave_0) entered blocking state [ 1448.683919][T28974] bridge0: port 1(bridge_slave_0) entered disabled state [ 1448.686110][T28974] bridge_slave_0: entered allmulticast mode [ 1448.691049][T28974] bridge_slave_0: entered promiscuous mode [ 1448.694685][T28974] bridge0: port 2(bridge_slave_1) entered blocking state [ 1448.697036][T28974] bridge0: port 2(bridge_slave_1) entered disabled state [ 1448.702154][T28974] bridge_slave_1: entered allmulticast mode [ 1448.705966][T28974] bridge_slave_1: entered promiscuous mode [ 1448.766300][T28974] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1448.801360][T28974] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1448.818051][T19629] Bluetooth: hci2: command tx timeout [ 1448.883911][T28974] team0: Port device team_slave_0 added [ 1448.894891][T28974] team0: Port device team_slave_1 added [ 1448.946711][ T63] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1448.975628][T28974] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1448.977335][T28974] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1448.984822][T28974] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1449.009011][ T63] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1449.014198][T28974] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1449.015909][T28974] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1449.022007][T28974] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1449.049295][T28974] hsr_slave_0: entered promiscuous mode [ 1449.051161][T28974] hsr_slave_1: entered promiscuous mode [ 1449.052875][T28974] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1449.054580][T28974] Cannot create hsr debugfs directory [ 1449.171991][T29089] netlink: 344 bytes leftover after parsing attributes in process `syz.3.5107'. [ 1449.237715][ T63] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1449.387400][ T63] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1449.556239][ T63] bridge_slave_1: left allmulticast mode [ 1449.561664][ T63] bridge_slave_1: left promiscuous mode [ 1449.564303][ T63] bridge0: port 2(bridge_slave_1) entered disabled state [ 1449.571861][ T63] bridge_slave_0: left allmulticast mode [ 1449.573808][ T63] bridge_slave_0: left promiscuous mode [ 1449.576953][ T63] bridge0: port 1(bridge_slave_0) entered disabled state [ 1450.168147][T19629] Bluetooth: hci1: command tx timeout [ 1450.283047][ T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1450.296188][ T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1450.307253][ T63] bond0 (unregistering): Released all slaves [ 1450.488098][T19629] Bluetooth: hci5: command 0x1003 tx timeout [ 1450.488220][ T4779] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1450.907791][ T63] hsr_slave_0: left promiscuous mode [ 1450.910146][ T63] hsr_slave_1: left promiscuous mode [ 1450.912764][ T63] batman_adv: batadv0: Removing interface: team0 [ 1450.915255][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1450.917182][ T63] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1450.920544][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1450.922991][ T63] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1450.943808][ T63] veth1_macvtap: left promiscuous mode [ 1450.945338][ T63] veth0_macvtap: left promiscuous mode [ 1450.947058][ T63] veth1_vlan: left promiscuous mode [ 1450.951642][ T63] veth0_vlan: left promiscuous mode [ 1452.250414][ T4779] Bluetooth: hci1: command tx timeout [ 1452.287121][ T63] team0 (unregistering): Port device team_slave_1 removed [ 1452.440473][ T63] team0 (unregistering): Port device team_slave_0 removed [ 1453.749318][T29630] 9pnet_fd: Insufficient options for proto=fd [ 1453.789061][T28974] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1453.859303][T28974] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1453.878604][T28974] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1453.998377][T28974] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1454.244239][T28974] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1454.261344][T28974] 8021q: adding VLAN 0 to HW filter on device team0 [ 1454.283096][ T6780] bridge0: port 1(bridge_slave_0) entered blocking state [ 1454.285002][ T6780] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1454.301613][ T6780] bridge0: port 2(bridge_slave_1) entered blocking state [ 1454.304098][ T6780] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1454.328052][T19629] Bluetooth: hci1: command tx timeout [ 1454.604009][T28974] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1454.634307][T28974] veth0_vlan: entered promiscuous mode [ 1454.641515][T29628] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1454.644383][T28974] veth1_vlan: entered promiscuous mode [ 1454.712979][T28974] veth0_macvtap: entered promiscuous mode [ 1454.718639][T28974] veth1_macvtap: entered promiscuous mode [ 1454.727087][T28974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1454.730352][T28974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1454.733069][T28974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1454.740256][T28974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1454.745157][T28974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1454.748653][T28974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1454.752174][T28974] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1454.763330][T28974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1454.766169][T28974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1454.768936][T28974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1454.771795][T28974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1454.774421][T28974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1454.777945][T28974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1454.781458][T28974] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1454.786252][T28974] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1454.788845][T28974] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1454.791267][T28974] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1454.794264][T28974] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1454.830139][T26799] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1454.832332][T26799] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1454.846442][T26799] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1454.848724][T26799] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1455.055274][T29858] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1455.059489][T29858] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1455.063515][T29858] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1455.066893][T29858] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1455.078269][T29858] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1455.081403][T29858] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1455.459662][T29857] chnl_net:caif_netlink_parms(): no params data found [ 1455.638945][T29857] bridge0: port 1(bridge_slave_0) entered blocking state [ 1455.640964][T29857] bridge0: port 1(bridge_slave_0) entered disabled state [ 1455.643246][T29857] bridge_slave_0: entered allmulticast mode [ 1455.645318][T29857] bridge_slave_0: entered promiscuous mode [ 1455.666553][T29857] bridge0: port 2(bridge_slave_1) entered blocking state [ 1455.668916][T29857] bridge0: port 2(bridge_slave_1) entered disabled state [ 1455.671390][T29857] bridge_slave_1: entered allmulticast mode [ 1455.674248][T29857] bridge_slave_1: entered promiscuous mode [ 1455.743545][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1455.750592][T29853] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1455.848104][T29858] Bluetooth: hci3: command 0x1003 tx timeout [ 1455.849423][ T4779] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 1455.950746][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1455.957231][T29857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1455.963043][T29857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1455.984806][T29857] team0: Port device team_slave_0 added [ 1455.987541][T29857] team0: Port device team_slave_1 added [ 1456.006310][T29857] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1456.008632][T29857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1456.015248][T29857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1456.018996][T29857] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1456.020809][T29857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1456.027796][T29857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1456.049448][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1456.070146][T29880] netlink: 4272 bytes leftover after parsing attributes in process `syz.0.5127'. [ 1456.073547][T29880] netlink: 'syz.0.5127': attribute type 3 has an invalid length. [ 1456.076250][T29880] netlink: 105 bytes leftover after parsing attributes in process `syz.0.5127'. [ 1456.083919][T29857] hsr_slave_0: entered promiscuous mode [ 1456.087008][T29857] hsr_slave_1: entered promiscuous mode [ 1456.138517][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1456.236889][ T12] bridge_slave_1: left allmulticast mode [ 1456.239921][ T12] bridge_slave_1: left promiscuous mode [ 1456.241554][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 1456.244656][ T12] bridge_slave_0: left allmulticast mode [ 1456.246271][ T12] bridge_slave_0: left promiscuous mode [ 1456.247852][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 1456.408722][ T4779] Bluetooth: hci1: command tx timeout [ 1456.502695][T29911] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5136'. [ 1456.648360][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1456.653131][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1456.657277][ T12] bond0 (unregistering): Released all slaves [ 1456.721394][ T12] tipc: Disabling bearer [ 1456.737427][ T12] tipc: Left network mode [ 1456.778120][T12406] usb 8-1: new high-speed USB device number 101 using dummy_hcd [ 1456.930346][T12406] usb 8-1: Using ep0 maxpacket: 8 [ 1456.933686][T12406] usb 8-1: config 0 has an invalid interface number: 128 but max is 0 [ 1456.936520][T12406] usb 8-1: config 0 has no interface number 0 [ 1456.941369][T12406] usb 8-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 1456.944023][T12406] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1456.946922][T12406] usb 8-1: Product: syz [ 1456.951074][T12406] usb 8-1: Manufacturer: syz [ 1456.952845][T12406] usb 8-1: SerialNumber: syz [ 1456.955927][T12406] usb 8-1: config 0 descriptor?? [ 1456.962772][T12406] radio-usb-si4713 8-1:0.128: Si4713 development board discovered: (10C4:8244) [ 1457.007838][T29931] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5141'. [ 1457.121250][T29857] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1457.125326][T29857] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1457.128474][ T4779] Bluetooth: hci5: command tx timeout [ 1457.133562][T29857] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1457.137747][T29857] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1457.170202][T29913] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5137'. [ 1457.235513][T29857] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1457.252772][T29857] 8021q: adding VLAN 0 to HW filter on device team0 [ 1457.258181][T26799] bridge0: port 1(bridge_slave_0) entered blocking state [ 1457.260100][T26799] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1457.283227][ T63] bridge0: port 2(bridge_slave_1) entered blocking state [ 1457.285671][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1457.368559][ T12] hsr_slave_0: left promiscuous mode [ 1457.373204][ T12] hsr_slave_1: left promiscuous mode [ 1457.384837][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1457.389516][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1457.393217][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1457.395697][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1457.405031][ T12] batman_adv: batadv0: Removing interface: ipvlan1 [ 1457.438379][ T12] veth1_macvtap: left promiscuous mode [ 1457.439919][ T12] veth0_macvtap: left promiscuous mode [ 1457.441378][ T12] veth1_vlan: left promiscuous mode [ 1457.442866][ T12] veth0_vlan: left promiscuous mode [ 1457.496088][ T12] infiniband syz0: set down [ 1457.644073][ T12] team0 (unregistering): Port device vlan0 removed [ 1457.796535][T12406] radio-usb-si4713 8-1:0.128: probe with driver radio-usb-si4713 failed with error -71 [ 1457.800045][T12406] usbhid 8-1:0.128: couldn't find an input interrupt endpoint [ 1457.804066][T12406] usb 8-1: USB disconnect, device number 101 [ 1458.285211][ T12] team0 (unregistering): Port device team_slave_1 removed [ 1458.402601][ T12] team0 (unregistering): Port device team_slave_0 removed [ 1458.965102][ T6780] smc: removing ib device syz0 [ 1459.213580][T29857] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1459.218083][ T4779] Bluetooth: hci5: command tx timeout [ 1459.255479][T29977] tipc: Enabling of bearer rejected, failed to enable media [ 1459.261750][T29857] veth0_vlan: entered promiscuous mode [ 1459.270377][T29857] veth1_vlan: entered promiscuous mode [ 1459.304563][T29857] veth0_macvtap: entered promiscuous mode [ 1459.307804][T29857] veth1_macvtap: entered promiscuous mode [ 1459.322399][T29857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1459.325417][T29857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1459.331081][T29857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1459.333782][T29857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1459.336404][T29857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1459.339630][T29857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1459.343283][T29857] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1459.352059][T29857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1459.354842][T29857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1459.357487][T29857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1459.360507][T29857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1459.363786][T29857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1459.366599][T29857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1459.373410][T29857] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1459.384798][T29857] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1459.396544][T29857] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1459.400165][T29857] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1459.403005][T29857] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1459.577730][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1459.588113][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1459.634609][T30209] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1459.640103][T30209] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1460.093443][T30026] netdevsim netdevsim1 : renamed from netdevsim0 (while UP) [ 1460.209951][T30028] netlink: 'syz.1.5168': attribute type 1 has an invalid length. [ 1460.321253][T30035] binder_alloc: 30033: pid 30033 spamming oneway? 1 buffers allocated for a total size of 4096 [ 1460.381567][T30032] kvm: pic: non byte read [ 1460.546059][T30042] autofs4:pid:30042:autofs_dev_ioctl_timeout: per-mount expire timeout is greater than the parent autofs mount timeout which could prevent shutdown [ 1460.998042][T27857] IPVS: starting estimator thread 0... [ 1461.000734][T30073] IPVS: lblc: TCP [::]:0 - no destination available [ 1461.102489][T30074] IPVS: using max 19 ests per chain, 45600 per kthread [ 1461.288965][ T4779] Bluetooth: hci5: command tx timeout [ 1461.514541][T30108] netlink: 76 bytes leftover after parsing attributes in process `syz.3.5197'. [ 1461.523777][T30108] Êü: entered promiscuous mode [ 1461.912049][T30153] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5217'. [ 1461.940650][T27857] IPVS: starting estimator thread 0... [ 1461.943701][T30155] IPVS: fo: SCTP 172.20.20.187:0 - no destination available [ 1462.038025][T30156] IPVS: using max 18 ests per chain, 43200 per kthread [ 1462.605025][T30215] batman_adv: batadv0: Adding interface: ip6gretap1 [ 1462.607278][T30215] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1500. [ 1462.615024][T30215] batman_adv: batadv0: Interface activated: ip6gretap1 [ 1463.368017][ T4779] Bluetooth: hci5: command tx timeout [ 1463.394279][T30236] netlink: 5304 bytes leftover after parsing attributes in process `syz.0.5249'. [ 1463.908000][T29888] usb 5-1: new high-speed USB device number 85 using dummy_hcd [ 1464.087990][T29888] usb 5-1: Using ep0 maxpacket: 32 [ 1464.091199][T29888] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 1464.093920][T29888] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0 [ 1464.098118][T29888] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1464.100659][T29888] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1464.102937][T29888] usb 5-1: Product: syz [ 1464.104133][T29888] usb 5-1: Manufacturer: syz [ 1464.105465][T29888] usb 5-1: SerialNumber: syz [ 1464.108224][T29888] usb 5-1: config 0 descriptor?? [ 1464.322939][T21111] usb 5-1: USB disconnect, device number 85 [ 1464.740427][T30261] IPVS: fo: SCTP 172.20.20.187:0 - no destination available [ 1466.025321][T30293] netlink: 76 bytes leftover after parsing attributes in process `syz.1.5273'. [ 1466.030843][T30293] Êü: entered promiscuous mode [ 1466.148203][T27463] usb 8-1: new high-speed USB device number 102 using dummy_hcd [ 1466.298017][T27463] usb 8-1: Using ep0 maxpacket: 32 [ 1466.301226][T27463] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1466.304734][T27463] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1466.307726][T27463] usb 8-1: New USB device found, idVendor=046d, idProduct=c50c, bcdDevice= 0.00 [ 1466.318755][T27463] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1466.325445][T27463] usb 8-1: config 0 descriptor?? [ 1466.539471][T27463] usbhid 8-1:0.0: can't add hid device: -71 [ 1466.541596][T27463] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 1466.549295][T27463] usb 8-1: USB disconnect, device number 102 [ 1466.972406][T30317] IPVS: sh: SCTP 172.20.20.187:0 - no destination available [ 1467.468024][T30343] 9pnet_fd: Insufficient options for proto=fd [ 1467.492531][ T39] kauditd_printk_skb: 61 callbacks suppressed [ 1467.492544][ T39] audit: type=1326 audit(1467.377:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30345 comm="syz.3.5296" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf739e579 code=0x7ffc0000 [ 1467.514993][ T39] audit: type=1326 audit(1467.377:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30345 comm="syz.3.5296" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf739e579 code=0x7ffc0000 [ 1467.528783][ T39] audit: type=1326 audit(1467.377:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30345 comm="syz.3.5296" exe="/syz-executor" sig=0 arch=40000003 syscall=306 compat=1 ip=0xf739e579 code=0x7ffc0000 [ 1467.535978][ T39] audit: type=1326 audit(1467.377:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30345 comm="syz.3.5296" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf739e579 code=0x7ffc0000 [ 1467.552860][ T39] audit: type=1326 audit(1467.377:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30345 comm="syz.3.5296" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf739e579 code=0x7ffc0000 [ 1467.914111][T30381] netlink: 76 bytes leftover after parsing attributes in process `syz.1.5309'. [ 1467.916843][T30381] openvswitch: Êü: Dropping previously announced user features [ 1469.438593][T30412] netlink: 76 bytes leftover after parsing attributes in process `syz.1.5318'. [ 1469.441628][T30412] openvswitch: Êü: Dropping previously announced user features [ 1469.677626][T30420] netlink: 'syz.0.5326': attribute type 10 has an invalid length. [ 1469.694284][T30420] team0: Port device netdevsim0 added [ 1470.095915][T30434] binder: 30424:30434 ioctl c0306201 0 returned -14 [ 1470.248463][ T4779] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 1470.251539][ T4779] Bluetooth: hci1: Injecting HCI hardware error event [ 1470.254931][ T4779] Bluetooth: hci1: hardware error 0x00 [ 1470.563166][T29888] IPVS: starting estimator thread 0... [ 1470.648012][T30446] IPVS: using max 20 ests per chain, 48000 per kthread [ 1470.915153][T30464] syz.0.5339: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1470.923308][T30464] CPU: 0 UID: 0 PID: 30464 Comm: syz.0.5339 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 1470.927257][T30464] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1470.931010][T30464] Call Trace: [ 1470.932229][T30464] [ 1470.933324][T30464] dump_stack_lvl+0x16c/0x1f0 [ 1470.935064][T30464] warn_alloc+0x24d/0x3a0 [ 1470.936621][T30464] ? __pfx_warn_alloc+0x10/0x10 [ 1470.938427][T30464] ? __pfx_stack_trace_save+0x10/0x10 [ 1470.940300][T30464] ? __switch_to+0x749/0x1180 [ 1470.942045][T30464] ? kasan_save_stack+0x42/0x60 [ 1470.943843][T30464] ? kasan_save_stack+0x33/0x60 [ 1470.945615][T30464] ? kasan_save_track+0x14/0x30 [ 1470.947434][T30464] ? __kasan_kmalloc+0xaa/0xb0 [ 1470.949189][T30464] ? xskq_create+0x52/0x1d0 [ 1470.950841][T30464] ? do_sock_setsockopt+0x222/0x480 [ 1470.952257][T30464] ? __sys_setsockopt+0x1a4/0x270 [ 1470.953558][T30464] ? __ia32_sys_setsockopt+0xbc/0x160 [ 1470.954986][T30464] __vmalloc_node_range_noprof+0x11a7/0x15a0 [ 1470.957133][T30464] ? xskq_create+0xfb/0x1d0 [ 1470.958595][T30464] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1470.960242][T30464] ? xskq_create+0xfb/0x1d0 [ 1470.961640][T30464] vmalloc_user_noprof+0x6b/0x90 [ 1470.963299][T30464] ? xskq_create+0xfb/0x1d0 [ 1470.964872][T30464] xskq_create+0xfb/0x1d0 [ 1470.966382][T30464] xsk_setsockopt+0x8b0/0xac0 [ 1470.968012][T30464] ? __pfx_xsk_setsockopt+0x10/0x10 [ 1470.969794][T30464] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1470.971623][T30464] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1470.973603][T30464] ? lockdep_hardirqs_on+0x7c/0x110 [ 1470.975389][T30464] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1470.977395][T30464] ? __pfx_xsk_setsockopt+0x10/0x10 [ 1470.979201][T30464] do_sock_setsockopt+0x222/0x480 [ 1470.980921][T30464] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 1470.982805][T30464] ? __rcu_read_unlock+0x2b4/0x580 [ 1470.984550][T30464] ? fdget+0x176/0x210 [ 1470.985950][T30464] __sys_setsockopt+0x1a4/0x270 [ 1470.987619][T30464] ? __pfx___sys_setsockopt+0x10/0x10 [ 1470.989439][T30464] ? rcu_is_watching+0x12/0xc0 [ 1470.991082][T30464] __ia32_sys_setsockopt+0xbc/0x160 [ 1470.992899][T30464] ? lockdep_hardirqs_on+0x7c/0x110 [ 1470.994683][T30464] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 1470.996904][T30464] __do_fast_syscall_32+0x73/0x120 [ 1470.998693][T30464] do_fast_syscall_32+0x32/0x80 [ 1471.000367][T30464] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1471.002530][T30464] RIP: 0023:0xf73ce579 [ 1471.003963][T30464] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1471.010690][T30464] RSP: 002b:00000000f569556c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 1471.013522][T30464] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 000000000000011b [ 1471.016259][T30464] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000020 [ 1471.019144][T30464] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1471.022014][T30464] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1471.024783][T30464] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1471.027499][T30464] [ 1471.028900][ C0] vkms_vblank_simulate: vblank timer overrun [ 1471.034824][T30464] Mem-Info: [ 1471.040504][T30464] active_anon:5437 inactive_anon:19 isolated_anon:0 [ 1471.040504][T30464] active_file:3671 inactive_file:46905 isolated_file:0 [ 1471.040504][T30464] unevictable:774 dirty:233 writeback:0 [ 1471.040504][T30464] slab_reclaimable:5209 slab_unreclaimable:53156 [ 1471.040504][T30464] mapped:20004 shmem:3803 pagetables:762 [ 1471.040504][T30464] sec_pagetables:347 bounce:0 [ 1471.040504][T30464] kernel_misc_reclaimable:0 [ 1471.040504][T30464] free:79995 free_pcp:3310 free_cma:0 [ 1471.065599][T30464] Node 0 active_anon:428kB inactive_anon:468kB active_file:0kB inactive_file:32kB unevictable:1560kB isolated(anon):0kB isolated(file):0kB mapped:340kB dirty:16kB writeback:0kB shmem:1948kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9288kB pagetables:1712kB sec_pagetables:1240kB all_unreclaimable? no [ 1471.069375][ T64] kernel write not supported for file /video8 (pid: 64 comm: kworker/1:1) [ 1471.081230][T30464] Node 1 active_anon:21044kB inactive_anon:32kB active_file:14684kB inactive_file:187588kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:79776kB dirty:916kB writeback:0kB shmem:13264kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:1884kB pagetables:1336kB sec_pagetables:148kB all_unreclaimable? no [ 1471.101433][T30464] Node 0 DMA free:1124kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:100kB local_pcp:68kB free_cma:0kB [ 1471.112567][T30464] lowmem_reserve[]: 0 273 0 0 0 [ 1471.115888][T30464] Node 0 DMA32 free:21384kB boost:0kB min:13904kB low:17380kB high:20856kB reserved_highatomic:4096KB active_anon:340kB inactive_anon:416kB active_file:0kB inactive_file:28kB unevictable:1560kB writepending:12kB present:1032196kB managed:306280kB mlocked:24kB bounce:0kB free_pcp:2888kB local_pcp:408kB free_cma:0kB [ 1471.128158][T30464] lowmem_reserve[]: 0 0 0 0 0 [ 1471.130095][T30464] Node 1 DMA32 free:289068kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB active_anon:20976kB inactive_anon:32kB active_file:14684kB inactive_file:187588kB unevictable:1536kB writepending:932kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:18432kB local_pcp:8648kB free_cma:0kB [ 1471.143182][T30464] lowmem_reserve[]: 0 0 0 0 0 [ 1471.144972][T30464] Node 0 DMA: 41*4kB (U) 12*8kB (U) 35*16kB (U) 11*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 1172kB [ 1471.150703][T30464] Node 0 DMA32: 670*4kB (UH) 406*8kB (UMH) 97*16kB (UMEH) 79*32kB (UMEH) 35*64kB (UMH) 23*128kB (MH) 10*256kB (UMH) 5*512kB (UMH) 1*1024kB (U) 0*2048kB 0*4096kB = 21336kB [ 1471.158772][T30464] Node 1 DMA32: 80*4kB (ME) 60*8kB (UME) 430*16kB (UME) 335*32kB (UME) 177*64kB (UME) 248*128kB (UME) 93*256kB (UME) 66*512kB (UME) 26*1024kB (UME) 14*2048kB (UME) 28*4096kB (UM) = 289056kB [ 1471.171379][T30464] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1471.175388][T30464] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1471.178831][T30464] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1471.182754][T30464] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1471.187281][T30464] 54782 total pagecache pages [ 1471.190421][T30464] 428 pages in swap cache [ 1471.198031][T30464] Free swap = 111344kB [ 1471.199798][T30464] Total swap = 124996kB [ 1471.202243][T30464] 524155 pages RAM [ 1471.204791][T30464] 0 pages HighMem/MovableOnly [ 1471.207513][T30464] 206682 pages reserved [ 1471.209238][T30464] 0 pages cma reserved [ 1471.350428][T30484] pim6reg1: entered promiscuous mode [ 1471.352257][T30484] pim6reg1: entered allmulticast mode [ 1471.554138][ T64] kernel write not supported for file /video8 (pid: 64 comm: kworker/1:1) [ 1472.329287][ T4779] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 1472.774927][T30513] netlink: 'syz.2.5363': attribute type 1 has an invalid length. [ 1472.844931][T30513] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 1472.852457][T30513] bond1: (slave batadv1): Enslaving as a backup interface with an up link [ 1472.877787][T30513] bond1 (unregistering): (slave batadv1): Releasing backup interface [ 1472.890199][T30513] bond1 (unregistering): Released all slaves [ 1473.039285][T30519] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5365'. [ 1473.080351][ T5242] kernel write not supported for file /video8 (pid: 5242 comm: kworker/2:1) [ 1474.129999][T30550] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 1474.132618][T30550] overlayfs: failed to set xattr on upper [ 1474.134484][T30550] overlayfs: ...falling back to redirect_dir=nofollow. [ 1474.137821][T30550] overlayfs: ...falling back to uuid=null. [ 1474.141770][T30553] batman_adv: batadv0: Adding interface: ip6gretap1 [ 1474.143599][T30553] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1474.151430][T30553] batman_adv: batadv0: Interface activated: ip6gretap1 [ 1474.593955][T30584] 9pnet_fd: Insufficient options for proto=fd [ 1474.606582][T30587] IPVS: sh: SCTP 172.20.20.187:0 - no destination available [ 1474.860670][T30601] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 1474.863238][T30601] overlayfs: failed to set xattr on upper [ 1474.865382][T30601] overlayfs: ...falling back to redirect_dir=nofollow. [ 1474.872189][T30601] overlayfs: ...falling back to uuid=null. [ 1474.926312][T30605] netlink: 68 bytes leftover after parsing attributes in process `syz.0.5401'. [ 1474.932139][T30605] Êü: entered promiscuous mode [ 1474.944120][T30607] binder: BINDER_SET_CONTEXT_MGR already set [ 1474.947852][T30607] binder: 30606:30607 ioctl 4018620d 20000040 returned -16 [ 1474.975387][T30610] 9pnet_fd: Insufficient options for proto=fd [ 1475.245955][T30633] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5412'. [ 1475.248962][T30631] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 1475.251432][T30631] overlayfs: failed to set xattr on upper [ 1475.253415][T30631] overlayfs: ...falling back to redirect_dir=nofollow. [ 1475.258359][T30631] overlayfs: ...falling back to uuid=null. [ 1475.330725][T30637] batman_adv: batadv0: Adding interface: ip6gretap1 [ 1475.333106][T30637] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1475.342797][T30637] batman_adv: batadv0: Interface activated: ip6gretap1 [ 1475.480019][T30647] netlink: 68 bytes leftover after parsing attributes in process `syz.3.5419'. [ 1475.484460][T30647] openvswitch: Êü: Dropping previously announced user features [ 1476.266104][T30660] 9pnet_fd: Insufficient options for proto=fd [ 1476.903755][T30676] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5430'. [ 1477.324527][T30694] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1477.344419][T30696] netlink: 68 bytes leftover after parsing attributes in process `syz.0.5438'. [ 1477.348926][T30696] openvswitch: Êü: Dropping previously announced user features [ 1477.377973][T30699] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5439'. [ 1477.380303][T30699] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5439'. [ 1477.475733][T30703] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5441'. [ 1477.748612][ T64] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 1477.804581][ T64] hid-generic 0000:0000:0000.0008: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1477.926351][T30710] erspan0: entered promiscuous mode [ 1478.004301][T30716] UHID_CREATE from different security context by process 258 (syz.0.5445), this is not allowed. [ 1478.037734][T30718] netlink: 76 bytes leftover after parsing attributes in process `syz.3.5447'. [ 1478.043977][T30718] openvswitch: Êü: Dropping previously announced user features [ 1478.164859][T30724] netlink: 'syz.3.5450': attribute type 10 has an invalid length. [ 1478.169721][T30724] bond0: (slave batadv0): Error -22 calling dev_set_mtu [ 1478.188620][T30726] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5451'. [ 1478.191861][T30726] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5451'. [ 1478.248195][ T64] usb 6-1: new high-speed USB device number 118 using dummy_hcd [ 1478.394424][T30742] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5459'. [ 1478.399591][ T64] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1478.403421][ T64] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1478.407052][ T64] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1478.417972][ T64] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1478.422225][ T64] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1478.425557][ T64] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1478.429770][ T64] usb 6-1: config 0 descriptor?? [ 1478.555916][T30747] netlink: 'syz.3.5461': attribute type 4 has an invalid length. [ 1478.559499][T30749] IPVS: sh: SCTP 172.20.20.187:0 - no destination available [ 1478.561192][T30747] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.5461'. [ 1478.841740][ T64] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving [ 1478.872183][ T64] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 1478.953157][T30763] IPVS: lblc: TCP [::]:0 - no destination available [ 1479.005386][T30765] netlink: 4272 bytes leftover after parsing attributes in process `syz.3.5469'. [ 1479.009046][T30765] netlink: 'syz.3.5469': attribute type 3 has an invalid length. [ 1479.012073][T30765] netlink: 121 bytes leftover after parsing attributes in process `syz.3.5469'. [ 1479.270507][T30776] netlink: 76 bytes leftover after parsing attributes in process `syz.2.5473'. [ 1479.276550][T30776] Êü: entered promiscuous mode [ 1479.316544][T30778] 9pnet_fd: Insufficient options for proto=fd [ 1479.428565][T30786] netlink: 'syz.2.5477': attribute type 1 has an invalid length. [ 1479.463975][ T64] usb 6-1: USB disconnect, device number 118 [ 1479.655067][T30798] overlayfs: failed to resolve './file1': -2 [ 1479.949767][T30814] netlink: 4272 bytes leftover after parsing attributes in process `syz.2.5491'. [ 1479.958073][T30814] netlink: 'syz.2.5491': attribute type 3 has an invalid length. [ 1479.961071][T30814] netlink: 121 bytes leftover after parsing attributes in process `syz.2.5491'. [ 1481.160994][T30875] 9pnet_fd: Insufficient options for proto=fd [ 1481.444293][ T39] audit: type=1326 audit(1481.327:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30896 comm="syz.2.5528" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 1481.455844][ T39] audit: type=1326 audit(1481.327:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30896 comm="syz.2.5528" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 1481.462646][ T39] audit: type=1326 audit(1481.337:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30896 comm="syz.2.5528" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 1481.473969][ T39] audit: type=1326 audit(1481.337:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30896 comm="syz.2.5528" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 1481.481364][ T39] audit: type=1326 audit(1481.337:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30896 comm="syz.2.5528" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 1481.488463][ T39] audit: type=1326 audit(1481.337:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30896 comm="syz.2.5528" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 1481.494656][ T39] audit: type=1326 audit(1481.357:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30896 comm="syz.2.5528" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 1481.501052][ T39] audit: type=1326 audit(1481.357:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30896 comm="syz.2.5528" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 1481.507273][ T39] audit: type=1326 audit(1481.357:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30896 comm="syz.2.5528" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7fa85a7 code=0x7ffc0000 [ 1481.514721][ T39] audit: type=1326 audit(1481.357:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30896 comm="syz.2.5528" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 1481.536800][T30899] netlink: 4272 bytes leftover after parsing attributes in process `syz.2.5529'. [ 1481.539444][T30899] netlink: 'syz.2.5529': attribute type 3 has an invalid length. [ 1481.717442][T30911] 9pnet_fd: Insufficient options for proto=fd [ 1482.551974][T30942] netlink: 'syz.3.5548': attribute type 3 has an invalid length. [ 1484.193109][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.195759][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.198771][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.201373][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.203953][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.206539][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.209393][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.211956][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.215147][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.217827][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.221036][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.223665][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.226208][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.228975][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.231559][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.234123][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.235728][T30999] ptrace attach of "/syz-executor exec"[28046] was attempted by " [ 1484.236470][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.268850][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.271613][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.274153][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.276685][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.279502][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.282087][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.284723][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.287251][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.290013][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.292585][T21111] hid-generic 0000:FFFFFFFE:0000.000A: unknown main item tag 0x0 [ 1484.299439][T21111] hid-generic 0000:FFFFFFFE:0000.000A: hidraw0: HID vffffff.fb Device [syz0] on syz0 [ 1484.911132][T31032] __nla_validate_parse: 6 callbacks suppressed [ 1484.911148][T31032] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5586'. [ 1485.293780][T31055] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5594'. [ 1485.674811][T31073] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5598'. [ 1485.754836][T31079] PKCS7: Unknown OID: [4] 5.25.264.112.81.102.117 [ 1485.756982][T31079] PKCS7: Only support pkcs7_signedData type [ 1485.982183][T31087] binder: BINDER_SET_CONTEXT_MGR already set [ 1485.984458][T31087] binder: 31086:31087 ioctl 4018620d 20000040 returned -16 [ 1486.025875][T31089] netlink: 4272 bytes leftover after parsing attributes in process `syz.1.5610'. [ 1486.028660][T31089] netlink: 'syz.1.5610': attribute type 3 has an invalid length. [ 1486.030876][T31089] netlink: 113 bytes leftover after parsing attributes in process `syz.1.5610'. [ 1487.009994][T31109] 9pnet_fd: Insufficient options for proto=fd [ 1487.652073][T31114] binder: BINDER_SET_CONTEXT_MGR already set [ 1487.654485][T31114] binder: 31113:31114 ioctl 4018620d 20000040 returned -16 [ 1488.008444][T31124] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "&@" [ 1488.303390][T31136] netlink: 4272 bytes leftover after parsing attributes in process `syz.3.5629'. [ 1488.306650][T31136] netlink: 'syz.3.5629': attribute type 3 has an invalid length. [ 1488.311430][T31136] netlink: 105 bytes leftover after parsing attributes in process `syz.3.5629'. [ 1488.679387][T31145] binder: 31144:31145 ioctl c0306201 0 returned -14 [ 1488.814453][T31158] netlink: 4272 bytes leftover after parsing attributes in process `syz.2.5638'. [ 1488.830694][T31158] netlink: 'syz.2.5638': attribute type 3 has an invalid length. [ 1488.833647][T31158] netlink: 105 bytes leftover after parsing attributes in process `syz.2.5638'. [ 1488.929305][T31172] binder: 31169:31172 ioctl c0306201 0 returned -14 [ 1489.883245][T31198] syz.1.5654: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1489.887533][T31198] CPU: 0 UID: 0 PID: 31198 Comm: syz.1.5654 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 1489.890349][T31198] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1489.893068][T31198] Call Trace: [ 1489.893951][T31198] [ 1489.894741][T31198] dump_stack_lvl+0x16c/0x1f0 [ 1489.895967][T31198] warn_alloc+0x24d/0x3a0 [ 1489.897092][T31198] ? __pfx_warn_alloc+0x10/0x10 [ 1489.898541][T31198] ? __pfx_stack_trace_save+0x10/0x10 [ 1489.900125][T31198] ? kasan_save_stack+0x42/0x60 [ 1489.901410][T31198] ? kasan_save_stack+0x33/0x60 [ 1489.902700][T31198] ? kasan_save_track+0x14/0x30 [ 1489.903978][T31198] ? __kasan_kmalloc+0xaa/0xb0 [ 1489.905213][T31198] ? xskq_create+0x52/0x1d0 [ 1489.906453][T31198] ? do_sock_setsockopt+0x222/0x480 [ 1489.907811][T31198] ? __sys_setsockopt+0x1a4/0x270 [ 1489.909114][T31198] ? __ia32_sys_setsockopt+0xbc/0x160 [ 1489.910526][T31198] __vmalloc_node_range_noprof+0x11a7/0x15a0 [ 1489.912107][T31198] ? xskq_create+0xfb/0x1d0 [ 1489.913313][T31198] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1489.914984][T31198] ? xskq_create+0xfb/0x1d0 [ 1489.916184][T31198] vmalloc_user_noprof+0x6b/0x90 [ 1489.917495][T31198] ? xskq_create+0xfb/0x1d0 [ 1489.918707][T31198] xskq_create+0xfb/0x1d0 [ 1489.919837][T31198] xsk_setsockopt+0x8b0/0xac0 [ 1489.921160][T31198] ? __pfx_xsk_setsockopt+0x10/0x10 [ 1489.922532][T31198] ? __pfx_xsk_setsockopt+0x10/0x10 [ 1489.923848][T31198] do_sock_setsockopt+0x222/0x480 [ 1489.925140][T31198] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 1489.926604][T31198] ? fdget+0x176/0x210 [ 1489.927664][T31198] __sys_setsockopt+0x1a4/0x270 [ 1489.929437][T31198] ? __pfx___sys_setsockopt+0x10/0x10 [ 1489.931286][T31198] ? irqentry_exit+0x3b/0x90 [ 1489.932956][T31198] __ia32_sys_setsockopt+0xbc/0x160 [ 1489.934797][T31198] ? lockdep_hardirqs_on+0x7c/0x110 [ 1489.936586][T31198] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 1489.939001][T31198] __do_fast_syscall_32+0x73/0x120 [ 1489.940835][T31198] do_fast_syscall_32+0x32/0x80 [ 1489.942605][T31198] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1489.944597][T31198] RIP: 0023:0xf7ff5579 [ 1489.946030][T31198] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1489.952741][T31198] RSP: 002b:00000000f575556c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 1489.955479][T31198] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 000000000000011b [ 1489.957631][T31198] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000020 [ 1489.959780][T31198] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1489.962145][T31198] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1489.964238][T31198] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1489.966190][T31204] binder: 31200:31204 ioctl c0306201 0 returned -14 [ 1489.966540][T31198] [ 1489.970170][T31198] Mem-Info: [ 1489.971154][T31198] active_anon:2567 inactive_anon:100 isolated_anon:0 [ 1489.971154][T31198] active_file:3680 inactive_file:46904 isolated_file:0 [ 1489.971154][T31198] unevictable:774 dirty:386 writeback:0 [ 1489.971154][T31198] slab_reclaimable:5217 slab_unreclaimable:53373 [ 1489.971154][T31198] mapped:17395 shmem:951 pagetables:731 [ 1489.971154][T31198] sec_pagetables:347 bounce:0 [ 1489.971154][T31198] kernel_misc_reclaimable:0 [ 1489.971154][T31198] free:81030 free_pcp:4346 free_cma:0 [ 1489.985421][T31198] Node 0 active_anon:244kB inactive_anon:748kB active_file:36kB inactive_file:4kB unevictable:1560kB isolated(anon):0kB isolated(file):0kB mapped:344kB dirty:28kB writeback:0kB shmem:1972kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9164kB pagetables:1544kB sec_pagetables:1240kB all_unreclaimable? no [ 1489.995011][T31198] Node 1 active_anon:9620kB inactive_anon:32kB active_file:14684kB inactive_file:187612kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:69236kB dirty:1516kB writeback:0kB shmem:1832kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:1888kB pagetables:1380kB sec_pagetables:148kB all_unreclaimable? no [ 1490.005705][T31198] Node 0 DMA free:860kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:104kB local_pcp:28kB free_cma:0kB [ 1490.025708][T31198] lowmem_reserve[]: 0 273 0 0 0 [ 1490.027377][T31198] Node 0 DMA32 free:22624kB boost:2048kB min:15952kB low:19428kB high:22904kB reserved_highatomic:4096KB active_anon:760kB inactive_anon:744kB active_file:32kB inactive_file:4kB unevictable:1560kB writepending:24kB present:1032196kB managed:306280kB mlocked:24kB bounce:0kB free_pcp:3044kB local_pcp:1340kB free_cma:0kB [ 1490.037051][T31198] lowmem_reserve[]: 0 0 0 0 0 [ 1490.038803][T31198] Node 1 DMA32 free:305028kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB active_anon:9820kB inactive_anon:32kB active_file:14684kB inactive_file:187612kB unevictable:1536kB writepending:1516kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:9196kB local_pcp:684kB free_cma:0kB [ 1490.047507][T31209] netlink: 4272 bytes leftover after parsing attributes in process `syz.3.5658'. [ 1490.047919][T31198] lowmem_reserve[]: 0 0 0 0 0 [ 1490.052023][T31209] netlink: 105 bytes leftover after parsing attributes in process `syz.3.5658'. [ 1490.052458][T31198] Node 0 DMA: 11*4kB (U) 13*8kB (U) 38*16kB (U) 6*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 948kB [ 1490.052709][T31198] Node 0 DMA32: 854*4kB (UMEH) 429*8kB (UMEH) 96*16kB (UEH) 57*32kB (UMEH) 42*64kB (UMEH) 28*128kB (UMEH) 10*256kB (UMH) 5*512kB (MEH) 1*1024kB (E) 0*2048kB 0*4096kB = 22624kB [ 1490.063965][T31198] Node 1 DMA32: 817*4kB (UM) 1366*8kB (UME) 655*16kB (UME) 469*32kB (UME) 370*64kB (UME) 334*128kB (UM) 159*256kB (UM) 113*512kB (UME) 59*1024kB (UM) 20*2048kB (U) 1*4096kB (U) = 310148kB [ 1490.069429][T31198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1490.072037][T31198] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1490.074979][T31198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1490.077450][T31198] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1490.080924][T31198] 52483 total pagecache pages [ 1490.083208][T31198] 392 pages in swap cache [ 1490.084542][T31198] Free swap = 111972kB [ 1490.085755][T31198] Total swap = 124996kB [ 1490.087095][T31198] 524155 pages RAM [ 1490.088848][T31198] 0 pages HighMem/MovableOnly [ 1490.090151][T31198] 206682 pages reserved [ 1490.091353][T31198] 0 pages cma reserved [ 1490.503562][T31219] IPVS: sh: SCTP 172.20.20.187:0 - no destination available [ 1491.271496][T31239] syzkaller0: entered promiscuous mode [ 1491.272957][T31239] syzkaller0: entered allmulticast mode [ 1491.472926][T31243] netlink: 4272 bytes leftover after parsing attributes in process `syz.3.5672'. [ 1491.475422][T31243] netlink: 105 bytes leftover after parsing attributes in process `syz.3.5672'. [ 1491.507346][T31245] netlink: 96 bytes leftover after parsing attributes in process `syz.3.5673'. [ 1493.456329][T31263] sch_tbf: burst 53766 is lower than device lo mtu (65550) ! [ 1493.659446][T31279] input: syz1 as /devices/virtual/input/input13 [ 1493.720352][T31284] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5689'. [ 1493.834899][T31289] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1494.028032][T21111] usb 5-1: new high-speed USB device number 86 using dummy_hcd [ 1494.178556][T21111] usb 5-1: Using ep0 maxpacket: 16 [ 1494.182921][T21111] usb 5-1: config 0 has an invalid interface number: 183 but max is 0 [ 1494.186555][T21111] usb 5-1: config 0 has no interface number 0 [ 1494.189116][T21111] usb 5-1: config 0 interface 183 has no altsetting 0 [ 1494.198448][T21111] usb 5-1: New USB device found, idVendor=079b, idProduct=000f, bcdDevice=57.ce [ 1494.203096][T21111] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1494.205982][T21111] usb 5-1: Product: syz [ 1494.208411][T21111] usb 5-1: Manufacturer: syz [ 1494.210483][T21111] usb 5-1: SerialNumber: syz [ 1494.220100][T21111] usb 5-1: config 0 descriptor?? [ 1494.436955][T31291] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1494.458475][T31291] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1494.481286][T21111] usb 5-1: USB disconnect, device number 86 [ 1494.992252][T31314] hfs: can't find a HFS filesystem on dev nullb0 [ 1495.549444][T31337] IPVS: sh: SCTP 172.20.20.187:0 - no destination available [ 1495.744459][T31344] syzkaller0: entered promiscuous mode [ 1495.746007][T31344] syzkaller0: entered allmulticast mode [ 1496.714975][T31365] IPVS: sh: SCTP 172.20.20.187:0 - no destination available [ 1497.526009][T31377] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5726'. [ 1497.625275][T31385] netlink: 4272 bytes leftover after parsing attributes in process `syz.1.5730'. [ 1497.629543][T31385] netlink: 105 bytes leftover after parsing attributes in process `syz.1.5730'. [ 1497.725324][T31389] netlink: 'syz.2.5728': attribute type 1 has an invalid length. [ 1497.730648][T31389] netlink: 'syz.2.5728': attribute type 2 has an invalid length. [ 1497.747301][T31391] input: syz0 as /devices/virtual/input/input14 [ 1498.542695][T31398] netlink: 'syz.0.5733': attribute type 29 has an invalid length. [ 1498.546972][T31398] netlink: 'syz.0.5733': attribute type 29 has an invalid length. [ 1498.551195][T31398] netlink: 'syz.0.5733': attribute type 29 has an invalid length. [ 1498.554490][T31398] netlink: 'syz.0.5733': attribute type 29 has an invalid length. [ 1498.557737][T31398] netlink: 'syz.0.5733': attribute type 29 has an invalid length. [ 1498.561805][T31398] netlink: 'syz.0.5733': attribute type 29 has an invalid length. [ 1498.623838][T31401] netlink: 'syz.0.5735': attribute type 1 has an invalid length. [ 1498.675779][T31403] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5736'. [ 1499.474736][T31412] netlink: 4272 bytes leftover after parsing attributes in process `syz.2.5739'. [ 1499.478669][T31412] netlink: 105 bytes leftover after parsing attributes in process `syz.2.5739'. [ 1499.908183][ T5402] usb 5-1: new full-speed USB device number 87 using dummy_hcd [ 1500.081597][ T5402] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1500.085311][ T5402] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1500.088576][ T5402] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 4 [ 1500.091958][ T5402] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1500.095095][ T5402] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1500.106794][ T5402] hub 5-1:1.0: bad descriptor, ignoring hub [ 1500.116547][ T5402] hub 5-1:1.0: probe with driver hub failed with error -5 [ 1500.119520][ T5402] cdc_wdm 5-1:1.0: skipping garbage [ 1500.121420][ T5402] cdc_wdm 5-1:1.0: skipping garbage [ 1500.123390][ T5402] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1500.418300][ T5402] usb 5-1: USB disconnect, device number 87 [ 1500.748095][ T5402] usb 5-1: new full-speed USB device number 88 using dummy_hcd [ 1500.770973][T31428] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5745'. [ 1500.903981][ T5402] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1500.907432][ T5402] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1500.912202][ T5402] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 4 [ 1500.916031][ T5402] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1500.920996][ T5402] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1500.933166][ T5402] hub 5-1:1.0: bad descriptor, ignoring hub [ 1500.935252][ T5402] hub 5-1:1.0: probe with driver hub failed with error -5 [ 1500.968635][ T5402] cdc_wdm 5-1:1.0: skipping garbage [ 1500.970495][ T5402] cdc_wdm 5-1:1.0: skipping garbage [ 1500.972356][ T5402] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1501.259592][T21111] usb 5-1: USB disconnect, device number 88 [ 1502.576751][T31456] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5754'. [ 1502.636093][T31460] overlayfs: failed to resolve './file0': -2 [ 1502.673497][T31462] netlink: 4272 bytes leftover after parsing attributes in process `syz.0.5758'. [ 1502.676215][T31462] netlink: 105 bytes leftover after parsing attributes in process `syz.0.5758'. [ 1502.716232][T31466] netlink: 'syz.0.5759': attribute type 12 has an invalid length. [ 1502.724642][T31466] netlink: 197276 bytes leftover after parsing attributes in process `syz.0.5759'. [ 1503.689348][T31487] netlink: 4272 bytes leftover after parsing attributes in process `syz.0.5767'. [ 1503.691907][T31487] netlink: 105 bytes leftover after parsing attributes in process `syz.0.5767'. [ 1503.733913][T31489] syzkaller0: entered promiscuous mode [ 1503.735418][T31489] syzkaller0: entered allmulticast mode [ 1504.184020][T31499] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1505.045548][T31513] input: syz0 as /devices/virtual/input/input15 [ 1505.643345][T31529] netlink: 4272 bytes leftover after parsing attributes in process `syz.2.5784'. [ 1505.645745][T31529] netlink: 105 bytes leftover after parsing attributes in process `syz.2.5784'. [ 1505.758240][T31535] syzkaller0: entered promiscuous mode [ 1505.760203][T31535] syzkaller0: entered allmulticast mode [ 1506.586808][T31548] input: syz1 as /devices/virtual/input/input16 [ 1506.799093][T31554] netlink: 4272 bytes leftover after parsing attributes in process `syz.0.5795'. [ 1506.802197][T31554] netlink: 105 bytes leftover after parsing attributes in process `syz.0.5795'. [ 1507.178119][ T3341] usb 5-1: new full-speed USB device number 89 using dummy_hcd [ 1507.318070][ T3341] usb 5-1: device descriptor read/64, error -71 [ 1507.577993][ T3341] usb 5-1: new full-speed USB device number 90 using dummy_hcd [ 1507.707965][ T3341] usb 5-1: device descriptor read/64, error -71 [ 1507.792457][T31576] netlink: 4272 bytes leftover after parsing attributes in process `syz.1.5804'. [ 1507.795729][T31576] netlink: 'syz.1.5804': attribute type 2 has an invalid length. [ 1507.798534][T31576] netlink: 105 bytes leftover after parsing attributes in process `syz.1.5804'. [ 1507.818265][ T3341] usb usb5-port1: attempt power cycle [ 1508.178182][ T3341] usb 5-1: new full-speed USB device number 91 using dummy_hcd [ 1508.192365][T31592] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1508.198409][ T3341] usb 5-1: device descriptor read/8, error -71 [ 1508.404005][T31596] syzkaller0: entered promiscuous mode [ 1508.405999][T31596] syzkaller0: entered allmulticast mode [ 1508.449907][ T3341] usb 5-1: new full-speed USB device number 92 using dummy_hcd [ 1508.475746][ T3341] usb 5-1: device descriptor read/8, error -71 [ 1508.588375][ T3341] usb usb5-port1: unable to enumerate USB device [ 1510.075653][T31622] netlink: 4272 bytes leftover after parsing attributes in process `syz.0.5822'. [ 1510.079344][T31622] netlink: 'syz.0.5822': attribute type 2 has an invalid length. [ 1510.082707][T31622] netlink: 105 bytes leftover after parsing attributes in process `syz.0.5822'. [ 1510.166299][T31626] IPVS: sh: SCTP 172.20.20.187:0 - no destination available [ 1510.229753][ T4779] Bluetooth: hci5: link tx timeout [ 1510.232128][ T4779] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 1510.237618][ T4779] Bluetooth: hci5: link tx timeout [ 1510.239630][ T4779] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 1510.438034][ T3341] usb 8-1: new full-speed USB device number 103 using dummy_hcd [ 1510.568054][ T3341] usb 8-1: device descriptor read/64, error -71 [ 1510.640637][T31641] netlink: 4272 bytes leftover after parsing attributes in process `syz.1.5831'. [ 1510.643131][T31641] netlink: 'syz.1.5831': attribute type 3 has an invalid length. [ 1510.645248][T31641] netlink: 105 bytes leftover after parsing attributes in process `syz.1.5831'. [ 1510.729407][T31647] syzkaller0: entered promiscuous mode [ 1510.730911][T31647] syzkaller0: entered allmulticast mode [ 1510.818120][ T3341] usb 8-1: new full-speed USB device number 104 using dummy_hcd [ 1510.947993][ T3341] usb 8-1: device descriptor read/64, error -71 [ 1511.059885][ T3341] usb usb8-port1: attempt power cycle [ 1511.209827][T31661] netlink: 4272 bytes leftover after parsing attributes in process `syz.2.5841'. [ 1511.212714][T31661] netlink: 'syz.2.5841': attribute type 3 has an invalid length. [ 1511.215510][T31661] netlink: 105 bytes leftover after parsing attributes in process `syz.2.5841'. [ 1511.284557][T31665] binder: 31664:31665 ioctl c0306201 0 returned -14 [ 1511.286978][T31665] binder_alloc: 31664: pid 31664 spamming oneway? 1 buffers allocated for a total size of 4096 [ 1511.325473][T31667] IPVS: sh: SCTP 172.20.20.187:0 - no destination available [ 1511.398047][ T3341] usb 8-1: new full-speed USB device number 105 using dummy_hcd [ 1511.418467][ T3341] usb 8-1: device descriptor read/8, error -71 [ 1511.672225][ T3341] usb 8-1: new full-speed USB device number 106 using dummy_hcd [ 1511.695348][ T3341] usb 8-1: device descriptor read/8, error -71 [ 1511.800152][ T3341] usb usb8-port1: unable to enumerate USB device [ 1512.187507][T31679] netlink: 4272 bytes leftover after parsing attributes in process `syz.0.5850'. [ 1512.190015][T31679] netlink: 'syz.0.5850': attribute type 3 has an invalid length. [ 1512.192033][T31679] netlink: 105 bytes leftover after parsing attributes in process `syz.0.5850'. [ 1512.248572][ T4779] Bluetooth: hci5: command 0x0406 tx timeout [ 1512.344348][T31684] binder: 31683:31684 ioctl c0306201 0 returned -14 [ 1512.346757][T31684] binder_alloc: 31683: pid 31683 spamming oneway? 1 buffers allocated for a total size of 4096 [ 1513.243722][T31701] __nla_validate_parse: 1 callbacks suppressed [ 1513.243739][T31701] netlink: 4272 bytes leftover after parsing attributes in process `syz.3.5859'. [ 1513.249113][T31701] netlink: 'syz.3.5859': attribute type 3 has an invalid length. [ 1513.251930][T31701] netlink: 105 bytes leftover after parsing attributes in process `syz.3.5859'. [ 1513.263587][T31703] IPVS: sh: SCTP 172.20.20.187:0 - no destination available [ 1513.299263][T31704] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5858'. [ 1513.323020][T31709] binder: 31707:31709 ioctl c0306201 0 returned -14 [ 1513.331666][T31709] binder_alloc: 31707: pid 31707 spamming oneway? 1 buffers allocated for a total size of 4096 [ 1513.365010][T31712] syzkaller0: entered promiscuous mode [ 1513.366546][T31712] syzkaller0: entered allmulticast mode [ 1514.288078][ T3341] usb 7-1: new full-speed USB device number 50 using dummy_hcd [ 1514.452626][ T3341] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 1514.454740][ T3341] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1514.457240][ T3341] usb 7-1: config 0 has no interface number 0 [ 1514.459111][ T3341] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1514.465855][ T3341] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1514.471149][ T3341] usb 7-1: config 0 descriptor?? [ 1514.479525][ T3341] ldusb 7-1:0.55: Interrupt in endpoint not found [ 1514.697982][ T3341] usb 7-1: USB disconnect, device number 50 [ 1515.006685][T31731] netlink: 4272 bytes leftover after parsing attributes in process `syz.0.5870'. [ 1515.010413][T31731] netlink: 'syz.0.5870': attribute type 3 has an invalid length. [ 1515.012501][T31731] netlink: 105 bytes leftover after parsing attributes in process `syz.0.5870'. [ 1515.118831][T31741] Process accounting resumed [ 1515.570694][T31757] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5880'. [ 1516.138671][T31773] netlink: 4272 bytes leftover after parsing attributes in process `syz.3.5886'. [ 1516.141787][T31773] netlink: 'syz.3.5886': attribute type 3 has an invalid length. [ 1516.141813][T31775] binder_alloc: 31774: pid 31774 spamming oneway? 1 buffers allocated for a total size of 4096 [ 1516.159347][T31773] netlink: 105 bytes leftover after parsing attributes in process `syz.3.5886'. [ 1516.262579][T31783] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5890'. [ 1516.508072][T27463] usb 8-1: new full-speed USB device number 107 using dummy_hcd [ 1516.669486][T27463] usb 8-1: config 0 has an invalid interface number: 55 but max is 0 [ 1516.672361][T27463] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1516.675707][T27463] usb 8-1: config 0 has no interface number 0 [ 1516.678102][T27463] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1516.681149][T27463] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1516.690787][T27463] usb 8-1: config 0 descriptor?? [ 1516.696493][T27463] ldusb 8-1:0.55: Interrupt in endpoint not found [ 1516.898220][T27463] usb 8-1: USB disconnect, device number 107 [ 1517.213345][T31793] IPVS: sh: SCTP 172.20.20.187:0 - no destination available [ 1517.475352][T31798] binder_alloc: 31797: pid 31797 spamming oneway? 1 buffers allocated for a total size of 4096 [ 1517.579051][T31804] netlink: 5304 bytes leftover after parsing attributes in process `syz.1.5898'. [ 1518.074670][T31817] binder_alloc: 31816: pid 31816 spamming oneway? 1 buffers allocated for a total size of 4096 [ 1518.187978][T27463] usb 8-1: new full-speed USB device number 108 using dummy_hcd [ 1518.333441][T31837] binder_alloc: 31836: pid 31836 spamming oneway? 1 buffers allocated for a total size of 4096 [ 1518.339095][T27463] usb 8-1: config 0 has an invalid interface number: 55 but max is 0 [ 1518.341495][T27463] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1518.344103][T27463] usb 8-1: config 0 has no interface number 0 [ 1518.345902][T27463] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1518.348124][T27463] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1518.351062][T27463] usb 8-1: config 0 descriptor?? [ 1518.353566][T27463] ldusb 8-1:0.55: Interrupt in endpoint not found [ 1518.361072][T31839] IPVS: sh: SCTP 172.20.20.187:0 - no destination available [ 1518.559210][T27463] usb 8-1: USB disconnect, device number 108 [ 1519.092886][T31851] __nla_validate_parse: 3 callbacks suppressed [ 1519.092897][T31851] netlink: 5304 bytes leftover after parsing attributes in process `syz.3.5920'. [ 1519.142190][T31855] syzkaller0: entered promiscuous mode [ 1519.144103][T31855] syzkaller0: entered allmulticast mode [ 1519.229689][T31859] binder_alloc: 31857: pid 31857 spamming oneway? 1 buffers allocated for a total size of 4096 [ 1520.589646][T31866] bridge0: port 3(bond0) entered blocking state [ 1520.592675][T31866] bridge0: port 3(bond0) entered disabled state [ 1520.595113][T31866] bond0: entered allmulticast mode [ 1520.596873][T31866] bond_slave_0: entered allmulticast mode [ 1520.598932][T31866] bond_slave_1: entered allmulticast mode [ 1520.603005][T31866] bond0: entered promiscuous mode [ 1520.604697][T31866] bond_slave_0: entered promiscuous mode [ 1520.606695][T31866] bond_slave_1: entered promiscuous mode [ 1520.609428][T31866] bridge0: port 3(bond0) entered blocking state [ 1520.611884][T31866] bridge0: port 3(bond0) entered forwarding state [ 1520.655418][T31882] fuse: Invalid rootmode [ 1520.705372][T31893] netlink: 5304 bytes leftover after parsing attributes in process `syz.3.5937'. [ 1520.751508][T31899] binder_alloc: 31898: pid 31898 spamming oneway? 1 buffers allocated for a total size of 4096 [ 1520.977983][T26982] usb 8-1: new full-speed USB device number 109 using dummy_hcd [ 1521.142001][T26982] usb 8-1: config 0 has an invalid interface number: 55 but max is 0 [ 1521.144102][T26982] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1521.146644][T26982] usb 8-1: config 0 has no interface number 0 [ 1521.148260][T26982] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1521.151002][T26982] usb 8-1: config 0 interface 55 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1521.154513][T26982] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1521.156789][T26982] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1521.163360][T26982] usb 8-1: config 0 descriptor?? [ 1521.167117][T26982] ldusb 8-1:0.55: Interrupt in endpoint not found [ 1521.369532][T26982] usb 8-1: USB disconnect, device number 109 [ 1522.068791][T31924] netlink: 5304 bytes leftover after parsing attributes in process `syz.3.5949'. [ 1522.109676][T31926] binder: 31925:31926 ioctl c0306201 0 returned -14 [ 1522.688115][T27356] usb 5-1: new full-speed USB device number 93 using dummy_hcd [ 1522.839158][T27356] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 1522.841293][T27356] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1522.843876][T27356] usb 5-1: config 0 has no interface number 0 [ 1522.845453][T27356] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1522.848311][T27356] usb 5-1: config 0 interface 55 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1522.851709][T27356] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1522.854010][T27356] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1522.856776][T27356] usb 5-1: config 0 descriptor?? [ 1522.861635][T27356] ldusb 5-1:0.55: Interrupt in endpoint not found [ 1522.963453][T31949] netlink: 5304 bytes leftover after parsing attributes in process `syz.3.5960'. [ 1523.002546][T31951] binder: 31950:31951 ioctl c0306201 0 returned -14 [ 1523.061717][T26982] usb 5-1: USB disconnect, device number 93 [ 1523.615421][T31961] IPVS: sh: SCTP 172.20.20.187:0 - no destination available [ 1523.695430][T31963] fuse: Bad value for 'fd' [ 1523.870649][T31975] netlink: 5304 bytes leftover after parsing attributes in process `syz.3.5970'. [ 1523.876732][T31976] binder: 31974:31976 ioctl c0306201 0 returned -14 [ 1524.158007][ T3341] usb 8-1: new full-speed USB device number 110 using dummy_hcd [ 1524.309673][ T3341] usb 8-1: config 0 has an invalid interface number: 55 but max is 0 [ 1524.312369][ T3341] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1524.314956][ T3341] usb 8-1: config 0 has no interface number 0 [ 1524.316516][ T3341] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1524.319386][ T3341] usb 8-1: config 0 interface 55 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1524.322625][ T3341] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1524.325263][ T3341] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1524.329118][ T3341] usb 8-1: config 0 descriptor?? [ 1524.331849][ T3341] ldusb 8-1:0.55: Interrupt in endpoint not found [ 1524.535810][ T64] usb 8-1: USB disconnect, device number 110 [ 1524.576751][T31986] fuse: Bad value for 'fd' [ 1524.783008][T32000] netlink: 5304 bytes leftover after parsing attributes in process `syz.2.5981'. [ 1525.150737][T32010] IPVS: sh: SCTP 172.20.20.187:0 - no destination available [ 1525.176227][T32012] fuse: Bad value for 'fd' [ 1525.719373][T32026] netlink: 5304 bytes leftover after parsing attributes in process `syz.2.5991'. [ 1525.997999][ T64] usb 7-1: new full-speed USB device number 51 using dummy_hcd [ 1526.159119][ T64] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 1526.161262][ T64] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1526.163877][ T64] usb 7-1: config 0 has no interface number 0 [ 1526.165530][ T64] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1526.168692][ T64] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1526.171172][ T64] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1526.174134][ T64] usb 7-1: config 0 descriptor?? [ 1526.180665][ T64] ldusb 7-1:0.55: Interrupt in endpoint not found [ 1526.384706][T27356] usb 7-1: USB disconnect, device number 51 [ 1527.061341][T32062] syzkaller0: entered promiscuous mode [ 1527.063147][T32062] syzkaller0: entered allmulticast mode [ 1528.522824][ T3341] usb 5-1: new full-speed USB device number 94 using dummy_hcd [ 1528.681709][ T3341] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 1528.684588][ T3341] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1528.688014][ T3341] usb 5-1: config 0 has no interface number 0 [ 1528.690073][ T3341] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1528.693640][ T3341] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1528.696748][ T3341] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1528.700880][ T3341] usb 5-1: config 0 descriptor?? [ 1528.706195][ T3341] ldusb 5-1:0.55: Interrupt in endpoint not found [ 1528.731082][T32085] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1528.908339][ T3341] usb 5-1: USB disconnect, device number 94 [ 1529.496593][T29858] Bluetooth: Frame is too long (len 12, expected len 4) [ 1529.628159][T32100] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6022'. [ 1529.889969][ T64] usb 8-1: new high-speed USB device number 111 using dummy_hcd [ 1530.059490][ T64] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1530.062548][ T64] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1530.065221][ T64] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1530.067610][ T64] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1530.070999][ T64] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1530.073245][ T64] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1530.076081][ T64] usb 8-1: config 0 descriptor?? [ 1530.482717][ T64] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving [ 1530.495433][ T64] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 1530.615952][T32121] IPVS: sh: SCTP 172.20.20.187:0 - no destination available [ 1531.359790][ T3341] usb 8-1: USB disconnect, device number 111 [ 1531.980951][T32141] syzkaller0: entered promiscuous mode [ 1531.982399][T32141] syzkaller0: entered allmulticast mode [ 1533.569006][ T39] kauditd_printk_skb: 54 callbacks suppressed [ 1533.569018][ T39] audit: type=1326 audit(1533.447:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32154 comm="syz.0.6044" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73ce579 code=0x0 [ 1533.927980][ T3341] usb 8-1: new full-speed USB device number 112 using dummy_hcd [ 1534.089302][ T3341] usb 8-1: config 0 has an invalid interface number: 55 but max is 0 [ 1534.091524][ T3341] usb 8-1: config 0 has no interface number 0 [ 1534.093190][ T3341] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1534.096012][ T3341] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1534.098912][ T3341] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1534.102203][ T3341] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1534.104538][ T3341] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1534.107398][ T3341] usb 8-1: config 0 descriptor?? [ 1534.110197][ T3341] ldusb 8-1:0.55: Interrupt in endpoint not found [ 1534.313360][T26982] usb 8-1: USB disconnect, device number 112 [ 1534.742863][T32185] IPVS: sh: SCTP 172.20.20.187:0 - no destination available [ 1534.757984][T32186] syzkaller0: entered promiscuous mode [ 1534.759938][T32186] syzkaller0: entered allmulticast mode [ 1536.518183][T26982] usb 7-1: new full-speed USB device number 52 using dummy_hcd [ 1536.689686][T26982] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 1536.692620][T26982] usb 7-1: config 0 has no interface number 0 [ 1536.694815][T26982] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1536.707931][T26982] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1536.710792][T26982] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1536.714122][T26982] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1536.716435][T26982] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1536.719857][T26982] usb 7-1: config 0 descriptor?? [ 1536.722625][T26982] ldusb 7-1:0.55: Interrupt in endpoint not found [ 1536.927197][T26982] usb 7-1: USB disconnect, device number 52 [ 1537.577164][T32232] syzkaller0: entered promiscuous mode [ 1537.598877][T32232] syzkaller0: entered allmulticast mode [ 1537.937978][T27463] usb 5-1: new full-speed USB device number 95 using dummy_hcd [ 1538.112151][T27463] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 1538.114286][T27463] usb 5-1: config 0 has no interface number 0 [ 1538.115907][T27463] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1538.119459][T27463] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1538.123122][T27463] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1538.126561][T27463] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1538.129898][T27463] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1538.138505][T27463] usb 5-1: config 0 descriptor?? [ 1538.146451][T27463] ldusb 5-1:0.55: Interrupt in endpoint not found [ 1538.349590][T27463] usb 5-1: USB disconnect, device number 95 [ 1539.357571][T32274] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1539.587966][T29888] usb 7-1: new full-speed USB device number 53 using dummy_hcd [ 1539.749198][T29888] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 1539.751387][T29888] usb 7-1: config 0 has no interface number 0 [ 1539.752993][T29888] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1539.756279][T29888] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1539.765062][T29888] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 1539.769756][T29888] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 1539.772772][T29888] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1539.776250][T29888] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1539.782475][T29888] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1539.793222][T29888] usb 7-1: config 0 descriptor?? [ 1539.806275][T29888] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 1539.999427][T32271] ldusb 7-1:0.55: Couldn't submit interrupt_in_urb -90 [ 1540.003648][ T5242] usb 7-1: USB disconnect, device number 53 [ 1540.009891][ T5242] ldusb 7-1:0.55: LD USB Device #0 now disconnected [ 1540.347943][T29888] usb 5-1: new high-speed USB device number 96 using dummy_hcd [ 1540.459287][T32326] tmpfs: Bad value for 'mpol' [ 1540.539292][T29888] usb 5-1: config index 0 descriptor too short (expected 4114, got 18) [ 1540.543538][T29888] usb 5-1: New USB device found, idVendor=066b, idProduct=20f9, bcdDevice=ff.94 [ 1540.546538][T29888] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1540.549263][T29888] usb 5-1: Product: syz [ 1540.550667][T29888] usb 5-1: Manufacturer: syz [ 1540.552229][T29888] usb 5-1: SerialNumber: syz [ 1540.556828][T29888] usb 5-1: config 0 descriptor?? [ 1540.762412][T32340] IPVS: sh: SCTP 172.20.20.187:0 - no destination available [ 1540.820615][T32341] Invalid ELF header magic: != ELF [ 1540.827611][T29888] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 1540.832375][T29888] asix 5-1:0.0: probe with driver asix failed with error -61 [ 1541.229702][T32347] netlink: 5304 bytes leftover after parsing attributes in process `syz.3.6125'. [ 1541.361901][T32355] overlayfs: missing 'lowerdir' [ 1541.861943][T21111] usb 5-1: USB disconnect, device number 96 [ 1542.377791][T32377] netlink: 5304 bytes leftover after parsing attributes in process `syz.2.6137'. [ 1542.619128][T32401] netlink: 5304 bytes leftover after parsing attributes in process `syz.1.6148'. [ 1542.668077][T27857] usb 5-1: new full-speed USB device number 97 using dummy_hcd [ 1542.843102][T27857] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 1542.846164][T27857] usb 5-1: config 0 has no interface number 0 [ 1542.848480][T27857] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1542.852310][T27857] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1542.856380][T27857] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 1542.862573][T27857] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 1542.868025][T27857] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1542.873073][T27857] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1542.875526][T27857] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1542.878652][T27857] usb 5-1: config 0 descriptor?? [ 1542.882845][T27857] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 1543.091024][T32383] ldusb 5-1:0.55: Couldn't submit interrupt_in_urb -90 [ 1543.093474][T27356] usb 5-1: USB disconnect, device number 97 [ 1543.096056][T27356] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 1543.235056][T32415] overlayfs: missing 'lowerdir' [ 1543.252278][T32417] fuse: Bad value for 'fd' [ 1543.282410][T32422] netlink: 5304 bytes leftover after parsing attributes in process `syz.2.6158'. [ 1543.678618][T32442] fuse: Bad value for 'fd' [ 1543.732574][T32448] ------------[ cut here ]------------ [ 1543.734557][T32448] kmem_cache of name '9p-fcall-cache' already exists [ 1543.736476][T32448] WARNING: CPU: 3 PID: 32448 at mm/slab_common.c:107 __kmem_cache_create_args+0xb0/0x3c0 [ 1543.739442][T32448] Modules linked in: [ 1543.740742][T32448] CPU: 3 UID: 0 PID: 32448 Comm: syz.2.6171 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 1543.745279][T32448] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1543.748275][T32448] RIP: 0010:__kmem_cache_create_args+0xb0/0x3c0 [ 1543.750156][T32448] Code: 98 48 3d 10 bb f1 8d 74 25 48 8b 7b 60 48 89 ee e8 c5 68 34 09 85 c0 75 e0 90 48 c7 c7 e8 1f 58 8d 48 89 ee e8 41 b1 7e ff 90 <0f> 0b 90 90 be 20 00 00 00 48 89 ef e8 4f 6a 34 09 48 85 c0 0f 85 [ 1543.755315][T32448] RSP: 0018:ffffc90002ae78f0 EFLAGS: 00010286 [ 1543.756904][T32448] RAX: 0000000000000000 RBX: ffff8880465b72c0 RCX: ffffc90025d2a000 [ 1543.759018][T32448] RDX: 0000000000040000 RSI: ffffffff814e28c6 RDI: 0000000000000001 [ 1543.761090][T32448] RBP: ffffffff8ca1e320 R08: 0000000000000001 R09: 0000000000000000 [ 1543.763084][T32448] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1543.765042][T32448] R13: 0000000000008004 R14: ffffc90002ae79e0 R15: 0000000000020018 [ 1543.767076][T32448] FS: 0000000000000000(0000) GS:ffff88802b700000(0063) knlGS:00000000f5726b40 [ 1543.769391][T32448] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 1543.771105][T32448] CR2: 000000000c230000 CR3: 0000000022938000 CR4: 0000000000352ef0 [ 1543.773375][T32448] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1543.776016][T32448] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1543.778931][T32448] Call Trace: [ 1543.780186][T32448] [ 1543.781268][T32448] ? __warn+0xea/0x3d0 [ 1543.782423][T32448] ? __kmem_cache_create_args+0xb0/0x3c0 [ 1543.783928][T32448] ? report_bug+0x3c0/0x580 [ 1543.785214][T32448] ? handle_bug+0x54/0xa0 [ 1543.786427][T32448] ? exc_invalid_op+0x17/0x50 [ 1543.787653][T32448] ? asm_exc_invalid_op+0x1a/0x20 [ 1543.788981][T32448] ? __warn_printk+0x1a6/0x350 [ 1543.790272][T32448] ? __kmem_cache_create_args+0xb0/0x3c0 [ 1543.791701][T32448] p9_client_create+0xe04/0x1150 [ 1543.792933][T32448] ? __pfx_p9_client_create+0x10/0x10 [ 1543.794302][T32448] ? __raw_spin_lock_init+0x3a/0x110 [ 1543.795642][T32448] v9fs_session_init+0x1f8/0x1a80 [ 1543.796911][T32448] ? __pfx_v9fs_session_init+0x10/0x10 [ 1543.798422][T32448] ? kasan_save_track+0x14/0x30 [ 1543.799759][T32448] v9fs_mount+0xc6/0xa50 [ 1543.800842][T32448] ? __pfx_v9fs_mount+0x10/0x10 [ 1543.802104][T32448] ? __pfx_v9fs_mount+0x10/0x10 [ 1543.803351][T32448] legacy_get_tree+0x109/0x220 [ 1543.804597][T32448] vfs_get_tree+0x8f/0x380 [ 1543.805794][T32448] path_mount+0x6e1/0x1f10 [ 1543.806950][T32448] ? kmem_cache_free+0x152/0x4b0 [ 1543.808299][T32448] ? __pfx_path_mount+0x10/0x10 [ 1543.809625][T32448] ? putname+0x12e/0x170 [ 1543.810761][T32448] __ia32_sys_mount+0x292/0x310 [ 1543.812027][T32448] ? __pfx___ia32_sys_mount+0x10/0x10 [ 1543.813360][T32448] __do_fast_syscall_32+0x73/0x120 [ 1543.814659][T32448] do_fast_syscall_32+0x32/0x80 [ 1543.815924][T32448] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1543.817500][T32448] RIP: 0023:0xf7fa8579 [ 1543.818607][T32448] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1543.823824][T32448] RSP: 002b:00000000f572656c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 1543.826049][T32448] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000000 [ 1543.828147][T32448] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000020000180 [ 1543.830217][T32448] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1543.832273][T32448] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1543.834350][T32448] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1543.836451][T32448] [ 1543.837281][T32448] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1543.839208][T32448] CPU: 3 UID: 0 PID: 32448 Comm: syz.2.6171 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 1543.841982][T32448] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1543.844770][T32448] Call Trace: [ 1543.845667][T32448] [ 1543.846468][T32448] dump_stack_lvl+0x3d/0x1f0 [ 1543.847691][T32448] panic+0x71d/0x800 [ 1543.848732][T32448] ? __pfx_panic+0x10/0x10 [ 1543.849922][T32448] ? show_trace_log_lvl+0x29d/0x3d0 [ 1543.851472][T32448] ? __kmem_cache_create_args+0xb0/0x3c0 [ 1543.852954][T32448] check_panic_on_warn+0xab/0xb0 [ 1543.854264][T32448] __warn+0xf6/0x3d0 [ 1543.855300][T32448] ? __kmem_cache_create_args+0xb0/0x3c0 [ 1543.856764][T32448] report_bug+0x3c0/0x580 [ 1543.857922][T32448] handle_bug+0x54/0xa0 [ 1543.859022][T32448] exc_invalid_op+0x17/0x50 [ 1543.860416][T32448] asm_exc_invalid_op+0x1a/0x20 [ 1543.861690][T32448] RIP: 0010:__kmem_cache_create_args+0xb0/0x3c0 [ 1543.863317][T32448] Code: 98 48 3d 10 bb f1 8d 74 25 48 8b 7b 60 48 89 ee e8 c5 68 34 09 85 c0 75 e0 90 48 c7 c7 e8 1f 58 8d 48 89 ee e8 41 b1 7e ff 90 <0f> 0b 90 90 be 20 00 00 00 48 89 ef e8 4f 6a 34 09 48 85 c0 0f 85 [ 1543.868278][T32448] RSP: 0018:ffffc90002ae78f0 EFLAGS: 00010286 [ 1543.869885][T32448] RAX: 0000000000000000 RBX: ffff8880465b72c0 RCX: ffffc90025d2a000 [ 1543.871936][T32448] RDX: 0000000000040000 RSI: ffffffff814e28c6 RDI: 0000000000000001 [ 1543.873989][T32448] RBP: ffffffff8ca1e320 R08: 0000000000000001 R09: 0000000000000000 [ 1543.876043][T32448] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1543.878096][T32448] R13: 0000000000008004 R14: ffffc90002ae79e0 R15: 0000000000020018 [ 1543.880168][T32448] ? __warn_printk+0x1a6/0x350 [ 1543.881425][T32448] p9_client_create+0xe04/0x1150 [ 1543.882719][T32448] ? __pfx_p9_client_create+0x10/0x10 [ 1543.884112][T32448] ? __raw_spin_lock_init+0x3a/0x110 [ 1543.885482][T32448] v9fs_session_init+0x1f8/0x1a80 [ 1543.886815][T32448] ? __pfx_v9fs_session_init+0x10/0x10 [ 1543.888241][T32448] ? kasan_save_track+0x14/0x30 [ 1543.889516][T32448] v9fs_mount+0xc6/0xa50 [ 1543.890640][T32448] ? __pfx_v9fs_mount+0x10/0x10 [ 1543.891916][T32448] ? __pfx_v9fs_mount+0x10/0x10 [ 1543.893195][T32448] legacy_get_tree+0x109/0x220 [ 1543.894461][T32448] vfs_get_tree+0x8f/0x380 [ 1543.895627][T32448] path_mount+0x6e1/0x1f10 [ 1543.896788][T32448] ? kmem_cache_free+0x152/0x4b0 [ 1543.898051][T32448] ? __pfx_path_mount+0x10/0x10 [ 1543.899329][T32448] ? putname+0x12e/0x170 [ 1543.900443][T32448] __ia32_sys_mount+0x292/0x310 [ 1543.901711][T32448] ? __pfx___ia32_sys_mount+0x10/0x10 [ 1543.903120][T32448] __do_fast_syscall_32+0x73/0x120 [ 1543.904451][T32448] do_fast_syscall_32+0x32/0x80 [ 1543.905728][T32448] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1543.907366][T32448] RIP: 0023:0xf7fa8579 [ 1543.908425][T32448] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1543.913523][T32448] RSP: 002b:00000000f572656c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 1543.915728][T32448] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000000 [ 1543.917783][T32448] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000020000180 [ 1543.919832][T32448] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1543.921879][T32448] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1543.923932][T32448] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1543.926000][T32448] [ 1543.927357][T32448] Kernel Offset: disabled [ 1543.928589][T32448] Rebooting in 86400 seconds.. VM DIAGNOSIS: 22:39:08 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000004 RBX=0000000000000000 RCX=1ffffffff2d32635 RDX=0000000000000006 RSI=ffff88801f4c5360 RDI=ffff88801f4c5382 RBP=0000000000000006 RSP=ffffc90000e6f370 R8 =0000000000000000 R9 =fffffbfff2d3158a R10=ffffffff9698ac57 R11=0000000000000000 R12=ffff88801f4c4880 R13=dffffc0000000000 R14=ffff88801f4c5360 R15=ffff888025d4cf08 RIP=ffffffff8169dd33 RFL=00000017 [----APC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c307d86 CR3=000000000db7c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=ffff88802b7467a0 RCX=ffffffff81809a7c RDX=ffff88801d2b4880 RSI=ffffffff81809a56 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc900003e79a0 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=ffffed10056e8cf5 R13=0000000000000001 R14=ffff88802b7467a8 R15=ffff88802b540100 RIP=ffffffff81809a58 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b500000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f73f5008 CR3=000000000db7c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffff88802b746780 RCX=ffffffff81809a7c RDX=ffff88802b6cc880 RSI=ffffffff81809a56 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc9002baffa78 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=ffffed10056e8cf1 R13=0000000000000001 R14=ffff88802b746788 R15=ffff88802b640100 RIP=ffffffff81809a58 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7f955b8 CR3=00000000220e8000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000000000006c RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85034e45 RDI=ffffffff9a63a220 RBP=ffffffff9a63a1e0 RSP=ffffc90002ae7258 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=000000000000006c R14=ffffffff85034de0 R15=0000000000000000 RIP=ffffffff85034e6f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b700000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c230000 CR3=0000000022938000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000