last executing test programs: 2.898343801s ago: executing program 2 (id=1335): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10001, 0x9, 0x1}, 0x48) close(0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0xc, 0x0, 0x1}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xd, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000085000000d000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) read$FUSE(r4, &(0x7f0000005180)={0x2020}, 0x2020) ioctl$PPPIOCUNBRIDGECHAN(r4, 0x7434) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@ipv6_getroute={0x24, 0x1a, 0x115, 0x0, 0x0, {0x2}, [@RTA_UID={0x8}]}, 0x24}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x54, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, {0x20000000, {0x2, 0x1f, 0x4, 0x1}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000011}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x7, [{0x2}, {0x4, 0x1}, {0x0, 0x1}, {0xc}, {0x12}, {}, {}]}, @void, @void, @void, @void, @void, @void}, 0x35) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_group_source_req(r8, 0x0, 0x2a, &(0x7f0000000040)={0x6, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x108) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000240)={'syztnl1\x00', &(0x7f0000000640)={'syztnl1\x00', 0x0, 0x4, 0x1, 0x7f, 0x8, 0x20, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x7800, 0x8, 0x3ff, 0x2}}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000540)={'ip_vti0\x00', &(0x7f0000000480)={'gretap0\x00', r9, 0x10, 0x8, 0x5d951c32, 0x0, {{0x7, 0x4, 0x2, 0x26, 0x1c, 0x65, 0x0, 0x3, 0x2f, 0x0, @multicast1, @private=0xa010102, {[@generic={0x82, 0x7, "bf797ec8d7"}, @noop]}}}}}) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x5, [{0x0, 0x1}, {0x4}, {0xb, 0x1}, {}, {}]}, @void}, 0x25) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000a80)='ext4_writepages\x00', r2}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) 2.550117478s ago: executing program 1 (id=1338): getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x28, 0x0, 0x0) (async) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) socket$igmp6(0xa, 0x3, 0x2) (async) move_mount(0xffffffffffffff9c, 0x0, 0xffffffffffffffff, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001280)=[0xffffffffffffffff]}, 0x80) (async) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x7}, 0x48) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x18, &(0x7f0000000300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xb1, 0x0, 0x0, 0x0, 0x2}, {}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xe0000000}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90) unshare(0x22020600) (async) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_END_FF_ERASE(r3, 0x400c55cb, &(0x7f0000000040)={0x10}) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r2}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x35) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_int(r4, &(0x7f0000000640)='cpu.weight.nice\x00', 0x2, 0x0) write$cgroup_int(r5, &(0x7f0000000200), 0x12) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0x0, r1}, 0x38) (async) bpf$BPF_GET_MAP_INFO(0x3, &(0x7f0000000140)={r1, 0x58, &(0x7f00000000c0)}, 0x10) (async) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="18030000000000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f00000000c0)=[{}]}) (async) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000001480)={&(0x7f00000013c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000001440)={&(0x7f0000001400)={0x28, 0x0, 0x0, 0x70bd26, 0x25dfdbff, {}, [@FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e21}, @FOU_ATTR_TYPE={0x5, 0x4, 0x3}]}, 0x28}, 0x1, 0x0, 0x0, 0x40021}, 0x4014010) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0xa, [@fwd={0x8}, @struct={0x0, 0x1, 0x0, 0x4, 0x1, 0x0, [{0xd}]}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f]}}, &(0x7f00000003c0)=""/4096, 0x46, 0x1000, 0x1}, 0x20) (async) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000001540), 0x4) (async) read$FUSE(r7, &(0x7f0000006180)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r7, &(0x7f0000000440)=ANY=[@ANYBLOB="0001000000000000", @ANYRES64=r8, @ANYBLOB='\a\x00\x00\x00'], 0x100) (async) syz_emit_ethernet(0xd2, &(0x7f0000000140)={@local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '\x00', 0x9c, 0x11, 0x0, @empty, @mcast2, {[], {0x0, 0x0, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "b0575c7b4df2bddabab59df4a56afe54ba6a5d5d0d170fca692c777338468608", "29accf2af44c0e1aaaaf532417a91cadd9e65f82310f80cf64f46c761191fda0a250498ce1b5c603debf9e05d8de03dc", "3d73abde0d0700c3001000000000496b31143860dbd100", {"6cde9c5018586db672628c1415233979", "ba3df3d8a8490bce9cafc2ab6acde477"}}}}}}}}, 0x0) (async) timer_create(0x0, 0x0, 0x0) 2.449609304s ago: executing program 0 (id=1339): open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = dup(r0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000480)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}}) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000340)="b0fef28adda655a00a8ce0bb7d504206000000000000001abe0a88f67472c3cd975c9884ae01084df2b7f556e2a043b74efe85a30267", 0x36}], 0x1}, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000003c0)={0x26, 'aead\x00', 0x0, 0x0, 'authenc(crct10dif-generic,ecb(serpent))\x00'}, 0x58) write$P9_RLERRORu(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) r4 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r4, 0x29, 0x37, &(0x7f0000000140)=ANY=[], 0x10) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r6, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000000) setsockopt$inet6_IPV6_HOPOPTS(r4, 0x29, 0x36, &(0x7f0000000800)={0x0, 0x2d, '\x00', [@jumbo, @generic={0x0, 0xf4, "3a1ea5a2d3b543638edfbb866cad1d00ebbb8d8189a772177961eae8fc5c988b29e578c22c8b79bca5ebba4cd94fd26a4e264a8e0b0a5e376970967c4338d9b4d300c54fb0a39afa63a1ab6e21d02f60b23aff968d52657d9dad52b466ea21844373b05d07033bdb7ab1a3ff5a2a8d386111696607cdfc393543dadac111cd89e086c8f195bf1f533f96ec83342e4623ae830a55932444b0f8ce2e58d1be26f39a139222406368e6fe4935b833f55016573d474070acc0603e9e852a44eded89a42f44c70e29b930b97f8a2cbb912b570da188fcfea212606d15a1cea5a43986ef227df150d9492f706ab3f09d64323474b31d70"}, @hao={0xc9, 0x10, @private1}, @calipso={0x7, 0x58, {0x0, 0x14, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}]}, 0x170) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000001c0)=ANY=[@ANYBLOB="ac010000170000000000000000000000000000000000000000000000000000000000000000000000fc010000000000000000000000000000fc020000000000000000000000000000e000000100"/104, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff010000000000000000000000000001fe8000000000000000000000000000bb00"/48, @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f77cbc8d37e0ccc50000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000084000500ac1414aa000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000200100000000000000000000000000020000000000000000000000000000000000000000000000000000000100000000000000"], 0x1ac}}, 0x0) 2.334878031s ago: executing program 3 (id=1340): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@private1, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, {{@in6=@loopback, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) 2.284881886s ago: executing program 3 (id=1341): r0 = socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) shutdown(0xffffffffffffffff, 0x0) getrandom(&(0x7f0000000600)=""/274, 0xffffff4f, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c832, 0xffffffffffffffff, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=@newtaction={0x48, 0x30, 0x1, 0x0, 0x0, {}, [{0x34, 0x1, [@m_mpls={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x48}}, 0x0) 2.107199996s ago: executing program 1 (id=1342): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0) socket$alg(0x26, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000080), 0x18) socket$alg(0x26, 0x5, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket(0x0, 0x803, 0x0) socket$inet6_sctp(0xa, 0x0, 0x84) r2 = io_uring_setup(0x410f, &(0x7f0000000200)={0x0, 0x0, 0x800}) r3 = eventfd2(0x0, 0x0) io_uring_register$IORING_REGISTER_EVENTFD(0xffffffffffffffff, 0x4, &(0x7f0000000000)=r3, 0x1) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TCSBRKP(r4, 0x5425, 0x0) syz_io_uring_setup(0x24f9, 0x0, &(0x7f0000000040)=0x0, &(0x7f0000000180)=0x0) syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0xc4424b61c9f5fc7}}) io_uring_enter(0xffffffffffffffff, 0xa3d, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000140)=0xd) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r2, 0x10, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001a80)=[{0x0}, {0x0}, {0x0}], 0x0, 0x3}, 0x20) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000180)) write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) 2.093891645s ago: executing program 2 (id=1343): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000100060000000077f2ab26850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='kfree\x00', r0}, 0x10) socket(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x29, 0x80000, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x10, 0xff, 0x2, 0xffffff81, 0x40, 0xffffffffffffffff, 0x10000, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0xff, 0x0, 0x9, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r5}, &(0x7f0000000ac0), 0x0}, 0x20) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r6, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2) setsockopt$inet6_tcp_int(r6, 0x6, 0x2000000000000022, &(0x7f0000000140)=0x1, 0x4) connect$inet6(r6, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) io_setup(0x6, &(0x7f0000000680)=0x0) io_submit(r7, 0x1, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x1, 0x0, r6, 0x0, 0x3}]) 2.089239824s ago: executing program 3 (id=1344): socket$inet(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x160, 0x10, 0x633, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@mcast2, 0x0, 0x32}, @in6=@empty, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @offload={0xc}, @encap={0x1c, 0x4, {0x2}}]}, 0x160}}, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x5, 0x0, &(0x7f0000000000)='syzkaller\x00'}, 0x90) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x5bbf91a1e7f99074, &(0x7f0000000000)) syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00') r2 = socket$inet6(0xa, 0x2, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4}) ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000240)=0x1) close_range(r2, 0xffffffffffffffff, 0x0) 1.750872081s ago: executing program 3 (id=1345): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) setrlimit(0x0, &(0x7f0000000500)) write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) io_uring_setup(0x45bd, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2}) ioctl$SNDCTL_DSP_SPEED(r0, 0x5001, 0x0) 1.604190444s ago: executing program 0 (id=1346): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$SNDCTL_MIDI_INFO(r0, 0xc074510c, &(0x7f0000000440)={"2a9af79d462e11c72ad654eb33416e9f421965be6128227090fc365f1c4c", 0x9, 0x4, 0x9, [0xb7, 0xfffffffd, 0x1, 0x6, 0xffff, 0x0, 0x5, 0x100, 0x9, 0x8, 0x9, 0x101, 0x7, 0x7, 0xfffffff8, 0xfffffffa, 0x9, 0x5]}) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000740)={'wlan1\x00', 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)={0x24, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x5, 0x5b, "16"}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0xa0, r3, 0x400, 0x70bd27, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x5, 0x5}}}}, [@NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_HIDDEN_SSID={0x21, 0x7e, @random="cba434365be213452bb18bad1c3ccdaa4fb2ad99200aecf4c8046481ed"}, @NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_IE={0x29, 0x2a, [@ext_channel_switch={0x3c, 0x4, {0x0, 0xff, 0xa5, 0x40}}, @ht={0x2d, 0x1a, {0x2, 0x3, 0x2, 0x0, {0x3, 0x40, 0x0, 0x7, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x300, 0x400, 0x8}}, @erp={0x2a, 0x1, {0x0, 0x0, 0x1}}]}, @NL80211_ATTR_FREQ_FIXED={0x4}, @NL80211_ATTR_BSS_BASIC_RATES={0x23, 0x24, [{0x3, 0x1}, {0x12}, {0x5}, {0x1}, {0x1}, {0x0, 0x1}, {0x17}, {0xb, 0x1}, {0x4}, {0x12}, {0x6}, {0x1, 0x1}, {0x4, 0x1}, {0x30}, {0x60}, {0x18, 0x1}, {0x16}, {0x48, 0x1}, {0x48}, {0xb}, {0xb, 0x1}, {0x48}, {0x24, 0x1}, {0x5}, {0x6c, 0x1}, {0x9, 0x1}, {0x2}, {0xb363a3448cfaf47f, 0x1}, {0x1}, {0x48, 0x1}, {0x6}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4000}, 0x24000040) pread64(0xffffffffffffffff, &(0x7f00000001c0)=""/200, 0xc8, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, 0x0, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = openat$cgroup_int(r7, &(0x7f0000000100)='cpuset.mems\x00', 0x2, 0x0) write$cgroup_subtree(r8, &(0x7f0000000240)=ANY=[@ANYBLOB='1-0:', @ANYRESDEC], 0x31) bind$alg(r6, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004d80)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="a67a2f94dccfc6ae460ca60b3a8a515712384d7806f2251ff78c69cd08be7760c435b0b397e0a545bd99b8eecf9c15e9c5edf28518d100b26b6775018b449ca930", 0x41}], 0x1}}], 0x1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x15) 1.384875897s ago: executing program 0 (id=1347): mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000001c0)={&(0x7f0000000440)=""/245, 0x300000, 0x800, 0x7, 0x3}, 0x1c) socket$netlink(0x10, 0x3, 0x400000000000004) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) setxattr$incfs_metadata(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0, 0x0) 1.284030976s ago: executing program 1 (id=1348): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$SNDCTL_MIDI_INFO(r0, 0xc074510c, &(0x7f0000000440)={"2a9af79d462e11c72ad654eb33416e9f421965be6128227090fc365f1c4c", 0x9, 0x4, 0x9, [0xb7, 0xfffffffd, 0x1, 0x6, 0xffff, 0x0, 0x5, 0x100, 0x9, 0x8, 0x9, 0x101, 0x7, 0x7, 0xfffffff8, 0xfffffffa, 0x9, 0x5]}) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000740)={'wlan1\x00', 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)={0x24, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x5, 0x5b, "16"}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0xa0, r3, 0x400, 0x70bd27, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x5, 0x5}}}}, [@NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_HIDDEN_SSID={0x21, 0x7e, @random="cba434365be213452bb18bad1c3ccdaa4fb2ad99200aecf4c8046481ed"}, @NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_IE={0x29, 0x2a, [@ext_channel_switch={0x3c, 0x4, {0x0, 0xff, 0xa5, 0x40}}, @ht={0x2d, 0x1a, {0x2, 0x3, 0x2, 0x0, {0x3, 0x40, 0x0, 0x7, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x300, 0x400, 0x8}}, @erp={0x2a, 0x1, {0x0, 0x0, 0x1}}]}, @NL80211_ATTR_FREQ_FIXED={0x4}, @NL80211_ATTR_BSS_BASIC_RATES={0x23, 0x24, [{0x3, 0x1}, {0x12}, {0x5}, {0x1}, {0x1}, {0x0, 0x1}, {0x17}, {0xb, 0x1}, {0x4}, {0x12}, {0x6}, {0x1, 0x1}, {0x4, 0x1}, {0x30}, {0x60}, {0x18, 0x1}, {0x16}, {0x48, 0x1}, {0x48}, {0xb}, {0xb, 0x1}, {0x48}, {0x24, 0x1}, {0x5}, {0x6c, 0x1}, {0x9, 0x1}, {0x2}, {0xb363a3448cfaf47f, 0x1}, {0x1}, {0x48, 0x1}, {0x6}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4000}, 0x24000040) pread64(0xffffffffffffffff, &(0x7f00000001c0)=""/200, 0xc8, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, 0x0, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = openat$cgroup_int(r7, &(0x7f0000000100)='cpuset.mems\x00', 0x2, 0x0) write$cgroup_subtree(r8, &(0x7f0000000240)=ANY=[@ANYBLOB='1-0:', @ANYRESDEC], 0x31) bind$alg(r6, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004d80)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="a67a2f94dccfc6ae460ca60b3a8a515712384d7806f2251ff78c69cd08be7760c435b0b397e0a545bd99b8eecf9c15e9c5edf28518d100b26b6775018b449ca930", 0x41}], 0x1}}], 0x1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x15) 1.250931799s ago: executing program 0 (id=1349): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@private1, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, {{@in6=@loopback, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) 1.170165993s ago: executing program 0 (id=1350): open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = dup(r0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000480)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}}) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000340)="b0fef28adda655a00a8ce0bb7d504206000000000000001abe0a88f67472c3cd975c9884ae01084df2b7f556e2a043b74efe85a30267", 0x36}], 0x1}, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000003c0)={0x26, 'aead\x00', 0x0, 0x0, 'authenc(crct10dif-generic,ecb(serpent))\x00'}, 0x58) write$P9_RLERRORu(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) r4 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r4, 0x29, 0x37, &(0x7f0000000140)=ANY=[], 0x10) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r6, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r4, 0x29, 0x36, &(0x7f0000000800)={0x0, 0x2d, '\x00', [@jumbo, @generic={0x0, 0xf4, "3a1ea5a2d3b543638edfbb866cad1d00ebbb8d8189a772177961eae8fc5c988b29e578c22c8b79bca5ebba4cd94fd26a4e264a8e0b0a5e376970967c4338d9b4d300c54fb0a39afa63a1ab6e21d02f60b23aff968d52657d9dad52b466ea21844373b05d07033bdb7ab1a3ff5a2a8d386111696607cdfc393543dadac111cd89e086c8f195bf1f533f96ec83342e4623ae830a55932444b0f8ce2e58d1be26f39a139222406368e6fe4935b833f55016573d474070acc0603e9e852a44eded89a42f44c70e29b930b97f8a2cbb912b570da188fcfea212606d15a1cea5a43986ef227df150d9492f706ab3f09d64323474b31d70"}, @hao={0xc9, 0x10, @private1}, @calipso={0x7, 0x58, {0x0, 0x14, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}]}, 0x170) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000001c0)=ANY=[@ANYBLOB="ac010000170000000000000000000000000000000000000000000000000000000000000000000000fc010000000000000000000000000000fc020000000000000000000000000000e000000100"/104, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff010000000000000000000000000001fe8000000000000000000000000000bb00"/48, @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f77cbc8d37e0ccc50000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000084000500ac1414aa000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000200100000000000000000000000000020000000000000000000000000000000000000000000000000000000100000000000000"], 0x1ac}}, 0x0) 1.063047023s ago: executing program 2 (id=1351): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10001, 0x9, 0x1}, 0x48) close(0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0xc, 0x0, 0x1}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xd, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000085000000d000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) read$FUSE(r4, &(0x7f0000005180)={0x2020}, 0x2020) ioctl$PPPIOCUNBRIDGECHAN(r4, 0x7434) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@ipv6_getroute={0x24, 0x1a, 0x115, 0x0, 0x0, {0x2}, [@RTA_UID={0x8}]}, 0x24}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x54, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, {0x20000000, {0x2, 0x1f, 0x4, 0x1}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000011}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x7, [{0x2}, {0x4, 0x1}, {0x0, 0x1}, {0xc}, {0x12}, {}, {}]}, @void, @void, @void, @void, @void, @void}, 0x35) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_group_source_req(r8, 0x0, 0x2a, &(0x7f0000000040)={0x6, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x108) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000240)={'syztnl1\x00', &(0x7f0000000640)={'syztnl1\x00', 0x0, 0x4, 0x1, 0x7f, 0x8, 0x20, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x7800, 0x8, 0x3ff, 0x2}}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000540)={'ip_vti0\x00', &(0x7f0000000480)={'gretap0\x00', r9, 0x10, 0x8, 0x5d951c32, 0x0, {{0x7, 0x4, 0x2, 0x26, 0x1c, 0x65, 0x0, 0x3, 0x2f, 0x0, @multicast1, @private=0xa010102, {[@generic={0x82, 0x7, "bf797ec8d7"}, @noop]}}}}}) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x5, [{0x0, 0x1}, {0x4}, {0xb, 0x1}, {}, {}]}, @void}, 0x25) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000a80)='ext4_writepages\x00', r2}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) 1.038997293s ago: executing program 1 (id=1352): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10001, 0x9, 0x1}, 0x48) close(0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0xc, 0x0, 0x1}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xd, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000085000000d000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) read$FUSE(r4, &(0x7f0000005180)={0x2020}, 0x2020) ioctl$PPPIOCUNBRIDGECHAN(r4, 0x7434) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@ipv6_getroute={0x24, 0x1a, 0x115, 0x0, 0x0, {0x2}, [@RTA_UID={0x8}]}, 0x24}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r5, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x7, [{0x2}, {0x4, 0x1}, {0x0, 0x1}, {0xc}, {0x12}, {}, {}]}, @void, @void, @void, @void, @void, @void}, 0x35) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_group_source_req(r8, 0x0, 0x2a, &(0x7f0000000040)={0x6, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x108) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000240)={'syztnl1\x00', &(0x7f0000000640)={'syztnl1\x00', 0x0, 0x4, 0x1, 0x7f, 0x8, 0x20, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x7800, 0x8, 0x3ff, 0x2}}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000540)={'ip_vti0\x00', &(0x7f0000000480)={'gretap0\x00', r9, 0x10, 0x8, 0x5d951c32, 0x0, {{0x7, 0x4, 0x2, 0x26, 0x1c, 0x65, 0x0, 0x3, 0x2f, 0x0, @multicast1, @private=0xa010102, {[@generic={0x82, 0x7, "bf797ec8d7"}, @noop]}}}}}) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x5, [{0x0, 0x1}, {0x4}, {0xb, 0x1}, {}, {}]}, @void}, 0x25) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000a80)='ext4_writepages\x00', r2}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) 828.958976ms ago: executing program 3 (id=1353): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, &(0x7f0000000040)="6566f3d9fe420fd9cd66b840008ec866baf80cb8f8e3068eef66bafc0cb800680000ef2e26410f797100440f20c03509000000440f22c066b8cc008ee0400f780a26f3450fc7767566ba410066b8e80066ef", 0x52}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) setresuid(0x0, 0xee00, 0x0) r3 = inotify_init1(0x0) fcntl$setown(r3, 0x8, 0xffffffffffffffff) fcntl$getownex(r3, 0x10, &(0x7f0000000140)={0x0, 0x0}) rt_sigqueueinfo(r4, 0x0, &(0x7f0000000000)={0x0, 0x0, 0xfffffffffffffff9}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 401.745429ms ago: executing program 2 (id=1354): ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x41009432, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000000), 0x4) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4001, 0x0, @loopback}, 0x1c) r2 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000c80)={0x0, @broadcast}, &(0x7f0000000cc0)=0xc) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000d00)=0x0, &(0x7f0000000d40)=0x4) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000d80)={'team0\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000e80)={'syztnl2\x00', &(0x7f00000007c0)={'sit0\x00', 0x0, 0x7, 0xa0, 0x2, 0x5, {{0x1c, 0x4, 0x3, 0x7, 0x70, 0x65, 0x0, 0x77, 0x4, 0x0, @empty, @multicast1, {[@timestamp_addr={0x44, 0xc, 0x97, 0x1, 0x6, [{@local, 0x7}]}, @rr={0x7, 0x1b, 0x40, [@rand_addr=0x64010101, @multicast2, @private=0xa010100, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @timestamp={0x44, 0x18, 0x3e, 0x0, 0x3, [0x7, 0xff, 0x4, 0x88, 0x1]}, @ssrr={0x89, 0x1b, 0x70, [@broadcast, @rand_addr=0x64010101, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty, @remote]}]}}}}}) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000ec0)={'vxcan1\x00', 0x0}) getsockname$packet(0xffffffffffffffff, &(0x7f0000000f00)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000f40)=0x14) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) r11 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[@ANYBLOB="440000001400010400"/20, @ANYRES32=r10, @ANYBLOB="000000000000000024001280110001006272696467655f736c617665000000000c00058005000a0000000000"], 0x44}}, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000f80)={@broadcast, @dev, 0x0}, &(0x7f0000000fc0)=0xc) r13 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x1, 0x9, 0x100005, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r14}, 0x48) sendmsg$TEAM_CMD_NOOP(r2, &(0x7f00000010c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000001080)={&(0x7f0000002f80)=ANY=[@ANYBLOB="b40f0000", @ANYRES16=0x0, @ANYBLOB="000125bd7000fbdbdf250000000008000100", @ANYRES32=0x0, @ANYBLOB="3c0102803c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="40000100240001007072696f72697479000000000000000000000000000000000000000000000000050003000e000000080004000400000008000600", @ANYRES32=0x0, @ANYBLOB="40000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b000000080004000200000008000700000000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004002000000008000600", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="0002028040000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b000000080004008000000008000700000000003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004000100000008000600", @ANYRES32=0x0, @ANYBLOB="400001002409000000758efd9ae36918660000000000000000000000000000006d0b0000040000000500030003008245bacff75943979596066ec4f3", @ANYRES32=0x0, @ANYBLOB="40000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="08000700000000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="44000100240001006d6f6465000000000000000000000000000000000000000000000000000000000500030005000000110004006163746976656261636b75700000000040000100240001006d6f64650000000000000000000000000000000000000000000000000000000005000300050000000e00040062726f61646361737400000008000100", @ANYRES32=0x0, @ANYBLOB="f00102803c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="4c000100240001006c625f74785f6d6574686f640000000000000000000000000000000000000000050003000500000019000400686173685f746f5f706f72745f6d617070696e6700000000400001002400010071756575655f6964000000000000000000000000000000000000000000000000050003000300000008000400ff00000008000600", @ANYRES32=0x0, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f636f756e74000000000000000000000000000005000300030000000800040008000000400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004004000000008000600", @ANYRES32=0x0, @ANYBLOB="3c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="38000100240001006c625f73746174735f726566726573685f696e74657276616c000000000000000500030003000000080004000800000038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004000600000008000100", @ANYRES32=0x0, @ANYBLOB="0001028038000100240001006c625f73746174735f726566726573685f696e74657276616c000000000000000500030003000000080004000800000038000100240001006d636173745f72656a6f696e5f636f756e74000000000000000000000000000005000300030000000800040002000000400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004000300000008000600", @ANYRES32=0x0, @ANYBLOB="4c000100240001006c625f74785f6d6574686f640000000000000000000000000000000000000000050003000500000019000400686173685f746f5f706f72745f6d617070696e670000000008000100", @ANYRES32=0x0, @ANYBLOB="0400028008000100", @ANYRES32=0x0, @ANYBLOB="7401028038000100240001006d636173745f72656a6f696e5f636f756e7400000000000000000000000000000500030003000000080004000020650054000100240001006270665f686173685f66756e6300000000000000000000000000000000000000050003000b000000240004000100000601000000030008200500000008001f08ffff000000000409ffff000038000100240001006c625f73746174735f726566726573685f696e74657276616c00000000000000050003000300000008000400000000403c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="38000100240001006e6f746966795f7065657273000000000000afdf7c4ff550343145dd000000000000000500030003000000080004000002000001006d636173745f72656a6f696e5f636f000000000000000500030003000000080004008000000008000c0000000000000000000000b385274d8d0ea51ae2eaebb36bf66555d54b58c337e457128369ca0f5ecfe47cd818909173ed285c5872c6416c58cc3a7ae40c6b67317ff04c38d7a12b3ff095b08c57a2e620332ca680ad673d98f1901add4952266e5e8bb623291d45cf33c2a28fc66156d0239cb6dc4f30a1f9abf01a29b3ffb7ebca488d66ec54f0", @ANYRES32=0x0, @ANYBLOB="b001028040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="080007000000000038000100240001006d636173745f72656a6f696e5f636f756e740000000000000000000000000000050003000300000008000400faffffff400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004005c49000008000600", @ANYRES32=0x0, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004000a06517638000100240001006d636173745f72656a6f696e5f696e74657276616c0000000000000000000000050003000300000008000400000000004c000100240001006c625f74785f6d6574686f640000000000000000000000000000000000000000050003000500000019000400686173685f746f5f706f72745f6d617070696e670000000038000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000500030003000000080004000900000008000100", @ANYRES32=0x0, @ANYBLOB="6401028038000100240001006c625f73746174735f726566726573685f696e74657276616c000000000000000500030003000000080004001500000038000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000500030003000000080004000000008040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="0800070000000000400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004000800000008000600", @ANYRES32=0x0, @ANYBLOB="3800010024000100616374697665706f727400000000000000000000000000000000000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004000900000008000100", @ANYRES32=0x0, @ANYBLOB="2c0202803c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="40000100240001007072696f72697479000000000000000000000000000000000000000000000000050003000e000000080004000700000008000600", @ANYRES32=0x0, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004000800000008000600", @ANYRES32=0x0, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f636f756e740000000000000000000000000000050003000300000008000400040000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="40000100240001007072696f72697479000000000000000000000000000000000000000000000000050003000e000000080004008000000008000600", @ANYRES32=0x0, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r3, @ANYBLOB="400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004000000000008000600", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES32=r5, @ANYBLOB="6c0202803c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r6, @ANYBLOB="44000100240001006270665f686173685f66756e6300000000000000000000000000000000000000050003000b00000014000400dc000140ff030000ff000701030000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=r7, @ANYBLOB="38000100240001006c625f73746174735f726566726573685f696e74657276616c00000000000000050003000300000008000400000100003800010024000100616374697665706f727400000000000000000000000000000000000000000000050003000300000008000400", @ANYRES32=r8, @ANYBLOB="40000100240001007072696f72697479000000000000000000000000000000000000000000000000050003000e00000008000400fcffffff08000600", @ANYRES32=r10, @ANYBLOB="44000100240001006d6f6465000000000000000000000000000000000000000000000000000000000500030005000000110004006163746976656261636b757000000000400001002400010071756575655f6964000000000000000000000000000000000000000000000000050003000300000008000400000000f008000600", @ANYRES32=r12, @ANYBLOB="3c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32, @ANYBLOB="3c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=r14, @ANYBLOB], 0xfb4}, 0x1, 0x0, 0x0, 0x20044800}, 0x800) syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) r15 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001f80)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@bloom_filter={0x1e, 0x5, 0xfb, 0x4c6, 0x8, 0xffffffffffffffff, 0x200, '\x00', r6, 0xffffffffffffffff, 0x3, 0x3, 0x5, 0xf}, 0x48) ioctl$sock_SIOCGIFINDEX(r16, 0x8933, &(0x7f0000000000)={'lo\x00'}) sendmsg$nl_route_sched(r15, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@delqdisc={0x22c, 0x25, 0x700, 0x70bd2b, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0x2, 0x1}, {0xfff3, 0xfff2}, {0xfff2, 0x5}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x9}, @qdisc_kind_options=@q_pfifo_fast={0xf}, @TCA_RATE={0x6, 0x5, {0x7, 0x1}}, @TCA_STAB={0xcc, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0x7, 0x800, 0x10000, 0x0, 0x6, 0x2, 0x4}}, {0xc, 0x2, [0x1, 0x8, 0x8, 0x5]}}, {{0x1c, 0x1, {0x1, 0x9, 0x1, 0x1, 0x0, 0xfffffff9, 0x1}}, {0x4}}, {{0x1c, 0x1, {0x3, 0x4, 0x208, 0x2, 0x0, 0x5ad, 0x8000, 0x3}}, {0xa, 0x2, [0x7ff, 0x2, 0x7]}}, {{0x1c, 0x1, {0x1, 0x3, 0x4ae, 0x5, 0x0, 0x7, 0xb2, 0x5}}, {0xe, 0x2, [0x6, 0x5, 0x0, 0x101, 0x9]}}, {{0x1c, 0x1, {0x2, 0x1, 0x7, 0x0, 0x2, 0x5, 0x3, 0x6}}, {0x10, 0x2, [0xe1, 0x0, 0x6, 0x2, 0x7f, 0x20]}}]}, @TCA_RATE={0x6, 0x5, {0x4, 0x8}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x4}, @TCA_STAB={0xfc, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xf9, 0x40, 0x2, 0x7, 0x0, 0xfff, 0xffffffc0, 0x4}}, {0xc, 0x2, [0x1, 0x6, 0x7ff, 0xffff]}}, {{0x1c, 0x1, {0x1, 0x2, 0xfef9, 0x8, 0x2, 0x7, 0x40, 0x9}}, {0x16, 0x2, [0x400, 0x294, 0x2, 0x7, 0x6, 0x6, 0x3, 0x254, 0x2]}}, {{0x1c, 0x1, {0xf5, 0x8, 0x4, 0xffff, 0x2, 0xffffffc1, 0x7}}, {0x4}}, {{0x1c, 0x1, {0x92, 0x1, 0x7fff, 0x9, 0x2, 0xc7, 0x80000000, 0x4}}, {0xc, 0x2, [0x4, 0x11, 0x6e, 0x2d]}}, {{0x1c, 0x1, {0x7, 0x5, 0x0, 0x4, 0x0, 0x998f, 0x0, 0x1}}, {0x6, 0x2, [0xc01]}}, {{0x1c, 0x1, {0x3, 0x9, 0x9, 0x5, 0x0, 0x9, 0x37316af9, 0x7}}, {0x12, 0x2, [0x417, 0x1f, 0x80, 0x1f, 0x81, 0x8, 0x1000]}}]}, @TCA_EGRESS_BLOCK={0x8}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x7}]}, 0x22c}}, 0x0) sendmsg$MPTCP_PM_CMD_SET_FLAGS(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=ANY=[@ANYRES8=r16, @ANYRESHEX=r2, @ANYRES16=r5, @ANYRES8=r4], 0x34}, 0x1, 0x0, 0x0, 0x8080}, 0x40091) mmap$binder(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x3) 353.576262ms ago: executing program 1 (id=1355): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x4, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800006, 0x10, 0xffffffffffffffff, 0x0) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) r4 = eventfd(0x0) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/138, 0x0}) epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r4, &(0x7f0000000140)) ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000040)={0x0, r4}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000000)=0x20000) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}], {0x14}}, 0x68}}, 0x0) sendmsg$NFT_MSG_GETFLOWTABLE(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x20, 0x17, 0xa, 0x207, 0x0, 0x0, {}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x20}}, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='jbd2_handle_stats\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) 350.252487ms ago: executing program 2 (id=1356): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TEST(r2, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000140)={0x38, 0x9, 0x6, 0x350d27364b276d03, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @dev}}]}]}, 0x38}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000140)='mmap_lock_acquire_returned\x00', r1}, 0x10) r3 = socket$packet(0x11, 0x2, 0x300) fstat64(r3, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r4, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x409c884, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @local}, 0x1c) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) sendto$inet6(r4, &(0x7f0000000780)='\r\n', 0x2, 0x6d91fb6102d8d9cc, 0x0, 0x0) recvfrom(r4, &(0x7f0000001140)=""/4101, 0x1005, 0x0, 0x0, 0x0) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$sock_int(r5, 0x1, 0x2, &(0x7f0000000840), 0x4) r6 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') fchdir(r6) r7 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r7, &(0x7f0000000180)=""/144, 0x90) getdents(r7, &(0x7f0000001fc0)=""/184, 0xb8) sendto$l2tp6(r4, &(0x7f0000000380)="ded58e1f045301c8a08041cc5d811bd3e6e0110051c542618c8c20c682f3215545a1eb1b0a1d4ab94c2e2d19acf24efea2301a73562c44f0068d75e509b9fcadab02d9", 0x43, 0x0, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xa0}, @snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r8, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000002c0)="b9ff03076003008cb89e08f086dd", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 336.742295ms ago: executing program 0 (id=1357): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x4, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800006, 0x10, 0xffffffffffffffff, 0x0) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) r4 = eventfd(0x0) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/138, 0x0}) epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r4, &(0x7f0000000140)) ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000040)={0x0, r4}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_SET_VRING_ERR(r3, 0x4008af22, &(0x7f0000000180)={0x0, r4}) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000000)=0x20000) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_MSG_GETFLOWTABLE(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x20, 0x17, 0xa, 0x207, 0x0, 0x0, {}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x20}}, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='jbd2_handle_stats\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) 168.154136ms ago: executing program 3 (id=1358): socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000600)=""/62, 0x3e}, {&(0x7f0000000940)=""/4096, 0x1000}, {&(0x7f0000000640)=""/234, 0xea}, {0x0}, {&(0x7f0000000540)=""/148, 0x94}], 0x5}, 0x5fb}, {{&(0x7f0000000240)=@hci, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000340)=""/79, 0x4f}, {&(0x7f0000003180)=""/4096, 0x1000}], 0x2, &(0x7f0000000400)=""/127, 0x7f}, 0x8}], 0x2, 0x0, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000100)={0x20000014}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r4}, 0x10) process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0xa0000001}) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x0, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000180)={0x400000000000000, 0x0, &(0x7f0000000140)={&(0x7f0000001900)={0x2, 0xf, 0x0, 0x0, 0x15, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @empty}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x2, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1, @in6=@mcast1}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast2}}, @sadb_x_sec_ctx={0x1}]}, 0xa8}}, 0x0) 68.690923ms ago: executing program 1 (id=1359): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$SNDCTL_MIDI_INFO(r0, 0xc074510c, &(0x7f0000000440)={"2a9af79d462e11c72ad654eb33416e9f421965be6128227090fc365f1c4c", 0x9, 0x4, 0x9, [0xb7, 0xfffffffd, 0x1, 0x6, 0xffff, 0x0, 0x5, 0x100, 0x9, 0x8, 0x9, 0x101, 0x7, 0x7, 0xfffffff8, 0xfffffffa, 0x9, 0x5]}) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000740)={'wlan1\x00', 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)={0x24, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x5, 0x5b, "16"}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0xa0, r3, 0x400, 0x70bd27, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x5, 0x5}}}}, [@NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_HIDDEN_SSID={0x21, 0x7e, @random="cba434365be213452bb18bad1c3ccdaa4fb2ad99200aecf4c8046481ed"}, @NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_IE={0x29, 0x2a, [@ext_channel_switch={0x3c, 0x4, {0x0, 0xff, 0xa5, 0x40}}, @ht={0x2d, 0x1a, {0x2, 0x3, 0x2, 0x0, {0x3, 0x40, 0x0, 0x7, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x300, 0x400, 0x8}}, @erp={0x2a, 0x1, {0x0, 0x0, 0x1}}]}, @NL80211_ATTR_FREQ_FIXED={0x4}, @NL80211_ATTR_BSS_BASIC_RATES={0x23, 0x24, [{0x3, 0x1}, {0x12}, {0x5}, {0x1}, {0x1}, {0x0, 0x1}, {0x17}, {0xb, 0x1}, {0x4}, {0x12}, {0x6}, {0x1, 0x1}, {0x4, 0x1}, {0x30}, {0x60}, {0x18, 0x1}, {0x16}, {0x48, 0x1}, {0x48}, {0xb}, {0xb, 0x1}, {0x48}, {0x24, 0x1}, {0x5}, {0x6c, 0x1}, {0x9, 0x1}, {0x2}, {0xb363a3448cfaf47f, 0x1}, {0x1}, {0x48, 0x1}, {0x6}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4000}, 0x24000040) pread64(0xffffffffffffffff, &(0x7f00000001c0)=""/200, 0xc8, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, 0x0, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = openat$cgroup_int(r7, &(0x7f0000000100)='cpuset.mems\x00', 0x2, 0x0) write$cgroup_subtree(r8, &(0x7f0000000240)=ANY=[@ANYBLOB='1-0:', @ANYRESDEC], 0x31) bind$alg(r6, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004d80)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="a67a2f94dccfc6ae460ca60b3a8a515712384d7806f2251ff78c69cd08be7760c435b0b397e0a545bd99b8eecf9c15e9c5edf28518d100b26b6775018b449ca930", 0x41}], 0x1}}], 0x1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x15) 0s ago: executing program 2 (id=1360): ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NLBL_CALIPSO_C_REMOVE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="01000000000000000000020000000800010003010000a1dc529034387931a136dca35bde31de58237b3f5badd3dc85034e4de8d74f1ce8fd05a10d7290a70cdb04171fa17c663c0259e7ff8c31c78464adffbe7f4c43e70c8be73c4a4647b89dd416c80fd3a3f75333852207ede25b5be47a3dcfade5f2e58e7d8c30c0e21966406e6842ac9605696eda5a18b686d1d3f84880f43ebacf927616d9fd48afa4f1d2015a143e68828950b03c111ee5e1a632f6"], 0x1c}}, 0x0) kernel console output (not intermixed with test programs): leased netlink socket, switching to perfect channel medium [ 56.386569][ T5539] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 56.450202][ T5539] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 57.018648][ T5550] fuse: Unknown parameter '&djxQ20x0000000000000003' [ 57.068567][ T4639] Bluetooth: hci4: command tx timeout [ 57.147865][ T5237] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 57.332687][ T5237] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 57.337874][ T5237] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 57.342199][ T5237] usb 5-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 57.346422][ T5237] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 57.371140][ T5237] usb 5-1: config 0 descriptor?? [ 57.464234][ T5556] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 57.501613][ T56] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 57.504804][ T56] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 57.548390][ T1091] wlan1: authenticated [ 57.548551][ T5556] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 57.560729][ T1091] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 57.658391][ T95] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1) [ 57.658601][ T5556] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 57.662593][ T95] wlan1: associated [ 58.521647][ T5570] fuse: Unknown parameter '0x0000000000000003' [ 58.980292][ T4639] Bluetooth: hci1: unexpected event 0x2f length: 509 > 260 [ 59.157183][ T4639] Bluetooth: hci4: command tx timeout [ 59.900605][ T5237] usbhid 5-1:0.0: can't add hid device: -71 [ 59.906526][ T5237] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 59.931749][ T5237] usb 5-1: USB disconnect, device number 2 [ 59.950535][ T5592] netlink: 32 bytes leftover after parsing attributes in process `syz.0.90'. [ 60.457390][ T5237] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 60.660789][ T5237] usb 5-1: Using ep0 maxpacket: 8 [ 60.665258][ T5237] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 60.669453][ T5237] usb 5-1: config 0 has no interface number 0 [ 60.672578][ T5237] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 60.676851][ T5237] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 60.684016][ T5237] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 60.690361][ T5237] usb 5-1: config 0 descriptor?? [ 60.695908][ T5237] iowarrior 5-1:0.1: no interrupt-in endpoint found [ 60.747603][ T4639] Bluetooth: hci1: command tx timeout [ 60.884890][ T4639] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 60.902233][ T4994] usb 5-1: USB disconnect, device number 3 [ 61.030186][ T4639] Bluetooth: hci1: unexpected event 0x2f length: 509 > 260 [ 61.338763][ T5625] fuse: Unknown parameter '&djxQ2' [ 61.822881][ T5636] fuse: Unknown parameter '&djxQ2' [ 62.716864][ T5649] Bluetooth: MGMT ver 1.22 [ 62.757362][ T4639] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 62.761544][ T4639] Bluetooth: hci1: Injecting HCI hardware error event [ 62.765382][ T4639] Bluetooth: hci1: hardware error 0x00 [ 63.244233][ T5666] fuse: Unknown parameter '&djxQ2' [ 63.503767][ T5677] netlink: 8 bytes leftover after parsing attributes in process `syz.1.111'. [ 63.509954][ T5677] gtp0: entered promiscuous mode [ 63.511823][ T5677] gtp0: entered allmulticast mode [ 63.727398][ T5194] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260 [ 64.290950][ T5699] fuse: Unknown parameter '&djxQ2' [ 64.362395][ T39] audit: type=1800 audit(1719553107.234:2): pid=5704 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.120" name="file0" dev="sda1" ino=1961 res=0 errno=0 [ 64.587197][ T5236] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 64.787167][ T5236] usb 7-1: Using ep0 maxpacket: 8 [ 64.790865][ T5236] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 64.794684][ T5236] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 64.798885][ T5236] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024 [ 64.804095][ T5236] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 64.810452][ T5236] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 64.816131][ T5236] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 64.819796][ T5236] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.827395][ T4639] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 65.039596][ T5236] usb 7-1: usb_control_msg returned -32 [ 65.041644][ T5236] usbtmc 7-1:16.0: can't read capabilities [ 65.054283][ T5236] usb 7-1: USB disconnect, device number 2 [ 65.617282][ T5243] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 65.807152][ T5243] usb 8-1: Using ep0 maxpacket: 8 [ 65.827806][ T5243] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 65.852490][ T5243] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 65.856274][ T5243] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024 [ 65.862998][ T5243] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 65.866594][ T5243] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 65.872057][ T5243] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 65.877478][ T5243] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.036958][ T5746] fuse: Unknown parameter '&djxQ2' [ 66.108805][ T5243] usb 8-1: usb_control_msg returned -32 [ 66.111651][ T5243] usbtmc 8-1:16.0: can't read capabilities [ 66.118409][ T5243] usb 8-1: USB disconnect, device number 2 [ 66.238962][ T5236] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 66.439806][ T5236] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 66.444202][ T5236] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 66.448581][ T5236] usb 6-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 66.453685][ T5236] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.458779][ T5236] usb 6-1: config 0 descriptor?? [ 66.470203][ T5753] fuse: Unknown parameter '&djxQ2' [ 66.651187][ T39] audit: type=1800 audit(1719553109.524:3): pid=5758 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.133" name="file0" dev="sda1" ino=1961 res=0 errno=0 [ 67.037254][ T5235] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 67.221211][ T5235] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 67.225055][ T5235] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 67.228763][ T5235] usb 8-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 67.232432][ T5235] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.239670][ T5235] usb 8-1: config 0 descriptor?? [ 67.547813][ T4639] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 67.551944][ T4639] Bluetooth: hci4: Injecting HCI hardware error event [ 67.555321][ T5194] Bluetooth: hci4: hardware error 0x00 [ 67.877219][ C3] hrtimer: interrupt took 163335 ns [ 67.897210][ T5229] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 68.080380][ T5229] usb 7-1: Using ep0 maxpacket: 8 [ 68.088700][ T5229] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 68.092241][ T5229] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 68.097334][ T5229] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024 [ 68.101586][ T5229] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 68.105574][ T5229] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 68.110495][ T5229] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 68.114531][ T5229] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 68.337421][ T5229] usb 7-1: usb_control_msg returned -32 [ 68.339730][ T5229] usbtmc 7-1:16.0: can't read capabilities [ 68.349843][ T5229] usb 7-1: USB disconnect, device number 3 [ 68.982556][ T5236] usbhid 6-1:0.0: can't add hid device: -71 [ 68.985344][ T5236] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 69.001719][ T5236] usb 6-1: USB disconnect, device number 2 [ 69.150930][ T39] audit: type=1800 audit(1719553112.024:4): pid=5796 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.142" name="file0" dev="sda1" ino=1960 res=0 errno=0 [ 69.627314][ T5194] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 69.762406][ T5235] usbhid 8-1:0.0: can't add hid device: -71 [ 69.765269][ T5235] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 69.769866][ T5235] usb 8-1: USB disconnect, device number 3 [ 70.411077][ T39] audit: type=1800 audit(1719553113.284:5): pid=5828 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.150" name="file0" dev="sda1" ino=1959 res=0 errno=0 [ 70.734215][ T5833] fuse: Unknown parameter '&djxQ2' [ 71.162635][ T1353] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.165070][ T1353] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.947193][ T5240] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 72.127367][ T5240] usb 6-1: Using ep0 maxpacket: 8 [ 72.138858][ T5240] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 72.145518][ T5240] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 72.157539][ T5240] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024 [ 72.163521][ T5240] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 72.169788][ T5240] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 72.175610][ T5240] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 72.180059][ T5240] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 72.428972][ T5240] usb 6-1: GET_CAPABILITIES returned 0 [ 72.448639][ T5240] usbtmc 6-1:16.0: can't read capabilities [ 72.653630][ C2] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 72.664646][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 72.668451][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 72.672205][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 72.675895][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 72.679703][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 72.682934][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 72.686320][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 72.689706][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 72.693187][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 72.712155][ C2] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 72.716215][ C2] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 72.720202][ C2] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 72.724654][ C2] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 72.728707][ C2] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 72.733151][ C2] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 72.752756][ T5236] usb 6-1: USB disconnect, device number 3 [ 74.407342][ T5240] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 74.587334][ T5240] usb 7-1: Using ep0 maxpacket: 8 [ 74.617495][ T5240] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 74.621757][ T5240] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 74.625667][ T5240] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024 [ 74.632280][ T5240] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 74.652951][ T5240] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 74.658791][ T5240] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 74.662311][ T5240] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.882096][ T5240] usb 7-1: usb_control_msg returned -32 [ 74.884029][ T5240] usbtmc 7-1:16.0: can't read capabilities [ 74.889081][ T5240] usb 7-1: USB disconnect, device number 4 [ 74.997244][ T5235] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 75.177151][ T5235] usb 5-1: Using ep0 maxpacket: 8 [ 75.198051][ T5235] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 75.201505][ T5235] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 75.204889][ T5235] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024 [ 75.209186][ T5235] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 75.213641][ T5235] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 75.220798][ T5235] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 75.225323][ T5235] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.445067][ T5235] usb 5-1: GET_CAPABILITIES returned 0 [ 75.447966][ T5235] usbtmc 5-1:16.0: can't read capabilities [ 75.650046][ C2] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 75.653259][ C2] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 75.656438][ C2] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 75.659579][ C2] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 75.662805][ C2] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 75.666715][ C2] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 75.669854][ C2] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 75.673581][ C2] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 75.677014][ C2] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 75.680135][ C2] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 75.683511][ C2] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 75.686622][ C2] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 75.689661][ C2] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 75.692846][ C2] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 75.696007][ C2] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 75.713838][ C2] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -2 [ 75.725045][ T5240] usb 5-1: USB disconnect, device number 4 [ 75.986477][ T5954] fuse: Unknown parameter '&djxQ2' [ 76.460660][ T5965] netlink: 32 bytes leftover after parsing attributes in process `syz.3.185'. [ 76.877249][ T5236] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 77.021305][ T39] audit: type=1800 audit(1719553119.894:6): pid=5972 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.188" name="file0" dev="sda1" ino=1960 res=0 errno=0 [ 77.077182][ T5236] usb 5-1: Using ep0 maxpacket: 8 [ 77.082588][ T5236] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 77.096163][ T5236] usb 5-1: config 0 has no interface number 0 [ 77.100626][ T5236] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 77.104575][ T5236] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 77.117217][ T5236] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.121418][ T5236] usb 5-1: config 0 descriptor?? [ 77.125790][ T5236] iowarrior 5-1:0.1: no interrupt-in endpoint found [ 77.328216][ T5236] usb 5-1: USB disconnect, device number 5 [ 77.864994][ T5237] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 78.069934][ T5237] usb 6-1: Using ep0 maxpacket: 8 [ 78.077782][ T5237] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 78.081312][ T5237] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 78.084722][ T5237] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024 [ 78.091003][ T5237] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 78.096310][ T5237] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 78.103765][ T5237] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 78.108421][ T5237] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.333097][ T5237] usb 6-1: GET_CAPABILITIES returned 0 [ 78.335586][ T5237] usbtmc 6-1:16.0: can't read capabilities [ 78.463629][ T6001] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 78.530013][ T6001] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 78.541641][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 78.545086][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 78.548327][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 78.548978][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 78.554681][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 78.557906][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 78.561269][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 78.565184][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 78.568280][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 78.572930][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 78.576067][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 78.576086][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 78.576104][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 78.586235][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 78.589268][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 78.592695][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -2 [ 78.599308][ T6001] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 78.604840][ T57] usb 6-1: USB disconnect, device number 4 [ 78.743715][ T6008] fuse: Unknown parameter '&djxQ2' [ 79.197702][ T6013] netlink: 8 bytes leftover after parsing attributes in process `syz.1.201'. [ 79.205829][ T6013] gtp1: entered promiscuous mode [ 79.208206][ T6013] gtp1: entered allmulticast mode [ 79.756712][ T6021] netlink: 32 bytes leftover after parsing attributes in process `syz.2.204'. [ 80.010055][ T6029] fuse: Unknown parameter '&djxQ2' [ 81.417330][ T55] cfg80211: failed to load regulatory.db [ 81.476642][ T6055] netlink: 32 bytes leftover after parsing attributes in process `syz.2.214'. [ 82.009575][ T6075] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 82.081525][ T6075] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 82.152100][ T6075] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 82.374607][ T6081] fuse: Unknown parameter '&djxQ2' [ 82.529008][ T6086] netlink: 8 bytes leftover after parsing attributes in process `syz.1.224'. [ 82.534971][ T6086] gtp2: entered promiscuous mode [ 82.538258][ T6086] gtp2: entered allmulticast mode [ 82.756245][ T6093] fuse: Unknown parameter '&djxQ2' [ 85.068106][ T6127] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 85.127607][ T6127] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 85.127965][ T8] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 85.186524][ T6127] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 85.256052][ T6134] fuse: Unknown parameter '&djxQ2' [ 85.328742][ T8] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 85.332468][ T8] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 85.336282][ T8] usb 8-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 85.340041][ T8] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.345224][ T8] usb 8-1: config 0 descriptor?? [ 85.769372][ T6144] netlink: 32 bytes leftover after parsing attributes in process `syz.1.239'. [ 86.151741][ T4639] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.156617][ T4639] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.174567][ T4639] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.180277][ T4639] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.187866][ T4639] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 86.190950][ T4639] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.323540][ T1091] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.433854][ T1091] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.531121][ T1091] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.550689][ T6150] chnl_net:caif_netlink_parms(): no params data found [ 86.634973][ T1091] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.811483][ T6150] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.818946][ T6150] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.827874][ T6150] bridge_slave_0: entered allmulticast mode [ 86.831846][ T6150] bridge_slave_0: entered promiscuous mode [ 86.909903][ T6150] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.917494][ T6150] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.920270][ T6150] bridge_slave_1: entered allmulticast mode [ 86.929474][ T6150] bridge_slave_1: entered promiscuous mode [ 87.014458][ T1091] bridge_slave_1: left allmulticast mode [ 87.017464][ T1091] bridge_slave_1: left promiscuous mode [ 87.020355][ T1091] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.026033][ T1091] bridge_slave_0: left allmulticast mode [ 87.028459][ T1091] bridge_slave_0: left promiscuous mode [ 87.030603][ T1091] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.466079][ T1091] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 87.481892][ T1091] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 87.492872][ T1091] bond0 (unregistering): Released all slaves [ 87.605900][ T6150] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.620402][ T6150] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.713657][ T6150] team0: Port device team_slave_0 added [ 87.753655][ T6150] team0: Port device team_slave_1 added [ 87.833529][ T6150] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.835953][ T6150] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.848639][ T6150] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.860611][ T8] usbhid 8-1:0.0: can't add hid device: -71 [ 87.866530][ T8] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 87.887251][ T8] usb 8-1: USB disconnect, device number 4 [ 87.938474][ T6150] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.946835][ T6150] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.967568][ T6150] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.114109][ T1091] hsr_slave_0: left promiscuous mode [ 88.138255][ T1091] hsr_slave_1: left promiscuous mode [ 88.141799][ T1091] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 88.144922][ T1091] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 88.149514][ T1091] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 88.152138][ T1091] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 88.231469][ T1091] veth1_macvtap: left promiscuous mode [ 88.239301][ T1091] veth0_macvtap: left promiscuous mode [ 88.247598][ T1091] veth1_vlan: left promiscuous mode [ 88.255391][ T1091] veth0_vlan: left promiscuous mode [ 88.267285][ T5194] Bluetooth: hci0: command tx timeout [ 89.199647][ T1091] team0 (unregistering): Port device team_slave_1 removed [ 89.265977][ T1091] team0 (unregistering): Port device team_slave_0 removed [ 89.652859][ T6192] netlink: 32 bytes leftover after parsing attributes in process `syz.3.251'. [ 89.862674][ T6150] hsr_slave_0: entered promiscuous mode [ 89.895767][ T6150] hsr_slave_1: entered promiscuous mode [ 89.911215][ T6150] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.916521][ T6150] Cannot create hsr debugfs directory [ 90.123500][ T6206] netlink: 8 bytes leftover after parsing attributes in process `syz.2.253'. [ 90.137005][ T6206] gtp1: entered promiscuous mode [ 90.142643][ T6206] gtp1: entered allmulticast mode [ 90.347336][ T5194] Bluetooth: hci0: command tx timeout [ 90.726409][ T6150] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 90.734569][ T6150] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 90.743403][ T6150] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 90.769925][ T6150] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 90.878676][ T6242] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 90.904653][ T6150] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.916720][ T6150] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.926082][ T5235] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.929313][ T5235] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.938114][ T55] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.940678][ T55] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.948150][ T6242] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 91.011526][ T6242] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 91.120808][ T6150] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.147587][ T6150] veth0_vlan: entered promiscuous mode [ 91.154968][ T6150] veth1_vlan: entered promiscuous mode [ 91.175176][ T6150] veth0_macvtap: entered promiscuous mode [ 91.182868][ T6150] veth1_macvtap: entered promiscuous mode [ 91.194300][ T6150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.201461][ T6150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.205451][ T6150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.209411][ T6150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.212901][ T6150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.216627][ T6150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.222374][ T6150] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.238059][ T6150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.243695][ T6150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.251794][ T6150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.256124][ T6150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.261057][ T6150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.265455][ T6150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.271535][ T6150] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.280548][ T6150] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.284249][ T6150] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.287906][ T6150] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.291496][ T6150] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.339435][ T1091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.342671][ T1091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.365333][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.371008][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.437440][ T5194] Bluetooth: hci0: command tx timeout [ 93.864042][ T6328] netlink: 32 bytes leftover after parsing attributes in process `syz.1.276'. [ 94.130236][ T6335] fuse: Unknown parameter '&djxQ2' [ 94.140739][ T6331] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 94.182058][ T57] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 94.185751][ T57] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 94.191125][ T95] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 94.194268][ T95] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 94.196672][ T95] wlan1: authentication with 08:02:11:00:00:00 timed out [ 94.202970][ T6331] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 94.263571][ T6331] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 94.508232][ T5194] Bluetooth: hci0: command tx timeout [ 94.751483][ T6347] netlink: 32 bytes leftover after parsing attributes in process `syz.0.281'. [ 96.079379][ T6378] netlink: 8 bytes leftover after parsing attributes in process `syz.0.291'. [ 96.094347][ T6378] gtp2: entered promiscuous mode [ 96.096643][ T6378] gtp2: entered allmulticast mode [ 96.444720][ T6380] netlink: 32 bytes leftover after parsing attributes in process `syz.0.292'. [ 96.705585][ T6391] netlink: 32 bytes leftover after parsing attributes in process `syz.0.296'. [ 96.729711][ T6392] netlink: 32 bytes leftover after parsing attributes in process `syz.1.297'. [ 96.898670][ T6396] fuse: Unknown parameter '&djxQ2' [ 97.262021][ T6404] netlink: 8 bytes leftover after parsing attributes in process `syz.3.300'. [ 97.269640][ T6404] gtp0: entered promiscuous mode [ 97.271745][ T6404] gtp0: entered allmulticast mode [ 97.889236][ T6419] netlink: 32 bytes leftover after parsing attributes in process `syz.0.304'. [ 101.059861][ T6486] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 101.099446][ T5266] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 101.105899][ T5266] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 101.109478][ T1091] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 101.112245][ T1091] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 101.114976][ T1091] wlan1: authentication with 08:02:11:00:00:00 timed out [ 101.122234][ T6486] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 101.179298][ T6486] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 104.168261][ T6558] fuse: Unknown parameter '&djxQ2' [ 105.021978][ T6575] netlink: 32 bytes leftover after parsing attributes in process `syz.0.343'. [ 105.276674][ T6580] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 105.344500][ T6580] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 105.415315][ T6580] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 107.444691][ T6629] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 107.508465][ T6629] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 107.585778][ T6630] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 107.656465][ T6632] netlink: 8 bytes leftover after parsing attributes in process `syz.3.357'. [ 107.664700][ T6632] gtp1: entered promiscuous mode [ 107.666570][ T6632] gtp1: entered allmulticast mode [ 109.709311][ T6677] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 109.766944][ T6677] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 109.823839][ T6677] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 109.863840][ T5194] Bluetooth: hci0: unexpected event 0x2f length: 509 > 260 [ 111.708536][ T5194] Bluetooth: hci0: command tx timeout [ 112.017457][ T6717] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 112.091179][ T6720] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 112.165176][ T6720] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 113.717767][ T5194] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 113.720692][ T5194] Bluetooth: hci0: Injecting HCI hardware error event [ 113.724814][ T4639] Bluetooth: hci0: hardware error 0x00 [ 114.439085][ T6764] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 114.481241][ T5266] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 114.484784][ T5266] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 114.487720][ T1091] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 114.491767][ T1091] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 114.495496][ T1091] wlan1: authentication with 08:02:11:00:00:00 timed out [ 114.509340][ T6764] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 114.579358][ T6764] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 115.867211][ T4639] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 117.247716][ T8] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 117.459603][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 117.464423][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 117.473363][ T8] usb 7-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 117.487237][ T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.503538][ T8] usb 7-1: config 0 descriptor?? [ 118.527862][ T6822] fuse: Unknown parameter '&djxQ2' [ 120.013928][ T8] usbhid 7-1:0.0: can't add hid device: -71 [ 120.021706][ T8] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 120.032953][ T8] usb 7-1: USB disconnect, device number 5 [ 120.877017][ T6856] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 120.959204][ T6856] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 121.024181][ T6857] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 121.084647][ T6859] fuse: Unknown parameter '&djxQ2' [ 123.412989][ T6902] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 123.449924][ T8] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 123.453690][ T8] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 123.457316][ T81] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 123.460245][ T81] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 123.463119][ T81] wlan1: authentication with 08:02:11:00:00:00 timed out [ 123.476232][ T6902] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 123.545819][ T6902] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 124.665781][ T6924] fuse: Unknown parameter '&djxQ2' [ 126.129292][ T6952] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 126.198842][ T6952] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 126.272406][ T6952] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 126.852778][ T6965] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 126.911113][ T6965] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 126.971046][ T6965] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 127.076507][ T6977] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 127.146219][ T6977] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 127.209854][ T6977] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 127.813025][ T6983] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 127.888604][ T6983] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 127.922433][ T6988] fuse: Unknown parameter '&djxQ2' [ 127.958677][ T6983] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 128.039605][ T6994] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 128.108151][ T6994] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 128.177967][ T6994] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 128.732840][ T7006] fuse: Unknown parameter '&djxQ2' [ 129.109376][ T7015] fuse: Unknown parameter '&djxQ2' [ 131.416246][ T7060] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.449469][ T10] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 131.452915][ T10] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 131.455381][ T81] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 131.458570][ T81] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 131.461122][ T81] wlan1: authentication with 08:02:11:00:00:00 timed out [ 131.484506][ T7060] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.553368][ T7060] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.642794][ T7064] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.709859][ T7064] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.773015][ T7064] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 132.187361][ T4994] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 132.337230][ T4994] usb 8-1: device descriptor read/64, error -71 [ 132.353195][ T7082] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 132.415684][ T7082] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 132.491522][ T7082] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 132.591579][ T1353] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.594172][ T1353] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.614628][ T4994] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 132.777191][ T4994] usb 8-1: device descriptor read/64, error -71 [ 132.901034][ T4994] usb usb8-port1: attempt power cycle [ 133.348093][ T4994] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 133.397887][ T4994] usb 8-1: device descriptor read/8, error -71 [ 133.431790][ T7107] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 133.492875][ T7107] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 133.554065][ T7107] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 133.678277][ T4994] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 133.707823][ T4994] usb 8-1: device descriptor read/8, error -71 [ 133.839094][ T4994] usb usb8-port1: unable to enumerate USB device [ 134.058462][ T7114] fuse: Unknown parameter '&djxQ2' [ 135.798099][ T7152] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 135.829070][ T5235] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 135.833182][ T5235] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 135.836250][ T95] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 135.839130][ T95] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 135.841863][ T95] wlan1: authentication with 08:02:11:00:00:00 timed out [ 135.864636][ T7152] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 135.939948][ T7152] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 136.050830][ T7159] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 136.111397][ T7159] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 136.172151][ T7159] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 136.308585][ T5236] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 136.467171][ T5236] usb 5-1: device descriptor read/64, error -71 [ 136.757232][ T5236] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 136.917758][ T5236] usb 5-1: device descriptor read/64, error -71 [ 137.047630][ T5236] usb usb5-port1: attempt power cycle [ 137.255261][ T7189] fuse: Unknown parameter '&djxQ2' [ 137.477404][ T5236] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 137.508269][ T5236] usb 5-1: device descriptor read/8, error -71 [ 137.777280][ T5236] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 137.807904][ T5236] usb 5-1: device descriptor read/8, error -71 [ 137.927519][ T5236] usb usb5-port1: unable to enumerate USB device [ 138.534160][ T7223] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 138.591387][ T7223] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 138.649067][ T7223] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 138.977438][ T7227] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 139.019763][ T5236] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 139.023749][ T5236] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 139.027173][ T81] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 139.030017][ T81] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 139.032293][ T81] wlan1: authentication with 08:02:11:00:00:00 timed out [ 139.053747][ T7227] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 139.132537][ T7227] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 139.225901][ T7241] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 139.291550][ T7241] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 139.354156][ T7241] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 140.502362][ T7278] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 140.558944][ T7278] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 140.567272][ T55] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 140.617693][ T7278] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 140.717337][ T55] usb 8-1: device descriptor read/64, error -71 [ 140.926200][ T7285] fuse: Unknown parameter '&djxQ2' [ 140.987251][ T55] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 141.137276][ T55] usb 8-1: device descriptor read/64, error -71 [ 141.189772][ T7292] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 141.250747][ T7292] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 141.259946][ T55] usb usb8-port1: attempt power cycle [ 141.315590][ T7292] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 141.677196][ T55] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 141.716519][ T55] usb 8-1: device descriptor read/8, error -71 [ 141.987280][ T55] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 142.018300][ T55] usb 8-1: device descriptor read/8, error -71 [ 142.142851][ T55] usb usb8-port1: unable to enumerate USB device [ 142.303510][ T7309] can0: slcan on ttyprintk. [ 142.368140][ T7308] can0 (unregistered): slcan off ttyprintk. [ 143.111569][ T7327] netlink: 4 bytes leftover after parsing attributes in process `syz.2.552'. [ 143.320008][ T7331] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 143.349725][ T5266] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 143.353865][ T5266] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 143.357400][ T95] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 143.360432][ T95] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 143.363452][ T95] wlan1: authentication with 08:02:11:00:00:00 timed out [ 143.392402][ T7331] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 143.462786][ T7331] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 143.776900][ T7340] netlink: 12 bytes leftover after parsing attributes in process `syz.0.556'. [ 143.810326][ T7340] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 143.822108][ T7340] pimreg1: entered allmulticast mode [ 143.826809][ T7340] syz_tun: entered allmulticast mode [ 143.832647][ T7340] Zero length message leads to an empty skb [ 144.050047][ T39] audit: type=1326 audit(1719553186.924:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7344 comm="syz.2.558" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7485579 code=0x0 [ 144.525474][ T7365] netlink: 56 bytes leftover after parsing attributes in process `syz.3.562'. [ 144.529666][ T7365] netlink: 56 bytes leftover after parsing attributes in process `syz.3.562'. [ 144.861686][ T7373] netlink: 12 bytes leftover after parsing attributes in process `syz.2.565'. [ 144.925783][ T7373] pimreg1: entered allmulticast mode [ 144.947857][ T7373] syz_tun: entered allmulticast mode [ 145.007827][ T7378] netlink: 'syz.2.568': attribute type 10 has an invalid length. [ 145.028872][ T7382] netlink: 105120 bytes leftover after parsing attributes in process `syz.0.569'. [ 145.070844][ T7382] netlink: 4 bytes leftover after parsing attributes in process `syz.0.569'. [ 145.130696][ T7387] evm: overlay not supported [ 145.140381][ T39] audit: type=1804 audit(1719553188.014:8): pid=7387 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.571" name="/syzkaller.R2kJzu/143/bus/bus" dev="overlay" ino=1965 res=1 errno=0 [ 145.327948][ T7394] syz.0.573 uses obsolete (PF_INET,SOCK_PACKET) [ 145.360476][ T7399] i801_smbus 0000:00:1f.3: Illegal SMBus block read size 0 [ 145.791316][ T7424] netlink: 105120 bytes leftover after parsing attributes in process `syz.2.582'. [ 145.828818][ T7424] netlink: 4 bytes leftover after parsing attributes in process `syz.2.582'. [ 145.983084][ T7431] i801_smbus 0000:00:1f.3: Illegal SMBus block read size 0 [ 146.104969][ T7435] netlink: 8 bytes leftover after parsing attributes in process `syz.0.586'. [ 146.114298][ T7435] gtp3: entered promiscuous mode [ 146.116101][ T7435] gtp3: entered allmulticast mode [ 146.400424][ T7454] usb usb9: usbfs: process 7454 (syz.3.592) did not claim interface 0 before use [ 146.426297][ T7457] fuse: Unknown parameter '&djxQ2' [ 146.989430][ T1091] bond0: (slave bond_slave_0): interface is now down [ 146.992208][ T1091] bond0: (slave bond_slave_1): interface is now down [ 147.009611][ T1091] bond0: (slave bond_slave_0): interface is now down [ 147.013285][ T1091] bond0: (slave bond_slave_1): interface is now down [ 147.020513][ T1091] bond0: now running without any active interface! [ 147.210054][ T7466] kvm: pic: single mode not supported [ 147.403679][ T7473] gtp0: entered promiscuous mode [ 147.408757][ T7473] gtp0: entered allmulticast mode [ 147.584537][ T39] audit: type=1326 audit(1719553190.454:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7484 comm="syz.3.601" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7407579 code=0x7ffc0000 [ 147.593087][ T39] audit: type=1326 audit(1719553190.454:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7484 comm="syz.3.601" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7407579 code=0x7ffc0000 [ 147.600748][ T39] audit: type=1326 audit(1719553190.464:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7484 comm="syz.3.601" exe="/syz-executor" sig=0 arch=40000003 syscall=397 compat=1 ip=0xf7407579 code=0x7ffc0000 [ 147.610721][ T39] audit: type=1326 audit(1719553190.464:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7484 comm="syz.3.601" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7407579 code=0x7ffc0000 [ 147.621089][ T39] audit: type=1326 audit(1719553190.464:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7484 comm="syz.3.601" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7407579 code=0x7ffc0000 [ 147.631562][ T39] audit: type=1326 audit(1719553190.464:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7484 comm="syz.3.601" exe="/syz-executor" sig=0 arch=40000003 syscall=398 compat=1 ip=0xf7407579 code=0x7ffc0000 [ 147.641004][ T39] audit: type=1326 audit(1719553190.464:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7484 comm="syz.3.601" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7407579 code=0x7ffc0000 [ 147.668692][ T7492] EXT4-fs warning (device sda1): verify_group_input:136: Cannot add at group 9 (only 8 groups) [ 147.700685][ T7487] hsr_slave_1 (unregistering): left promiscuous mode [ 147.914617][ T7501] kvm: pic: single mode not supported [ 148.101474][ T39] audit: type=1804 audit(1719553190.974:16): pid=7512 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.609" name="/syzkaller.u4r6UJ/153/bus" dev="sda1" ino=1958 res=1 errno=0 [ 148.277496][ T7520] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 148.310520][ T5229] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 148.314586][ T5229] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 148.318953][ T63] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 148.321362][ T63] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 148.324036][ T63] wlan1: authentication with 08:02:11:00:00:00 timed out [ 148.339737][ T7520] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 148.397829][ T7520] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 148.556192][ T7523] __nla_validate_parse: 5 callbacks suppressed [ 148.556205][ T7523] netlink: 20 bytes leftover after parsing attributes in process `syz.3.611'. [ 148.610604][ T7525] input: syz0 as /devices/virtual/input/input5 [ 148.660625][ T7527] capability: warning: `syz.2.613' uses 32-bit capabilities (legacy support in use) [ 148.675945][ T7529] netlink: 32 bytes leftover after parsing attributes in process `syz.3.614'. [ 148.719561][ T7532] fuse: Unknown parameter '&djxQ2' [ 149.219204][ T10] hid-generic 0000:0000:0000.0002: item fetching failed at offset 0/2 [ 149.224252][ T10] hid-generic 0000:0000:0000.0002: probe with driver hid-generic failed with error -22 [ 149.548220][ T7566] netlink: 'syz.0.622': attribute type 11 has an invalid length. [ 149.551804][ T7566] netlink: 20 bytes leftover after parsing attributes in process `syz.0.622'. [ 149.827040][ T7574] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 149.899795][ T7574] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 149.968703][ T7574] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 150.613655][ T7602] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.635'. [ 150.639694][ T7605] openvswitch: netlink: Duplicate key (type 21). [ 150.716081][ T39] audit: type=1800 audit(1719553193.584:17): pid=7609 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.638" name="file2" dev="sda1" ino=1956 res=0 errno=0 [ 150.719572][ T7609] netlink: 4 bytes leftover after parsing attributes in process `syz.0.638'. [ 150.736911][ T7609] netlink: 277 bytes leftover after parsing attributes in process `syz.0.638'. [ 150.740318][ T7609] netlink: 277 bytes leftover after parsing attributes in process `syz.0.638'. [ 150.745224][ T7609] EXT4-fs warning (device sda1): verify_group_input:136: Cannot add at group 63 (only 8 groups) [ 150.749755][ T7611] netlink: 20 bytes leftover after parsing attributes in process `syz.3.639'. [ 150.791085][ T7613] netlink: 104 bytes leftover after parsing attributes in process `syz.3.640'. [ 150.795177][ T7613] netlink: 104 bytes leftover after parsing attributes in process `syz.3.640'. [ 150.855273][ T7620] random: crng reseeded on system resumption [ 151.170058][ T7630] netlink: 'syz.3.647': attribute type 11 has an invalid length. [ 151.275756][ T7635] EXT4-fs warning (device sda1): verify_group_input:136: Cannot add at group 147 (only 8 groups) [ 151.300189][ T7640] warning: `syz.3.650' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 151.717197][ T4994] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 151.919099][ T4994] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 151.923316][ T4994] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 151.930461][ T4994] usb 5-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 151.933389][ T7660] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 151.933875][ T4994] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.938289][ T4994] usb 5-1: config 0 descriptor?? [ 151.941341][ T7660] IPv6: NLM_F_CREATE should be set when creating new route [ 151.993575][ T7662] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 152.049326][ T7666] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 152.089137][ T4994] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 152.093187][ T4994] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 152.096274][ T95] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 152.100379][ T95] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 152.103256][ T95] wlan1: authentication with 08:02:11:00:00:00 timed out [ 152.106127][ T5229] hid-generic 0000:0000:0000.0003: item fetching failed at offset 0/2 [ 152.112430][ T5229] hid-generic 0000:0000:0000.0003: probe with driver hid-generic failed with error -22 [ 152.122733][ T7666] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 152.188678][ T7666] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 152.302387][ T5229] usb 5-1: USB disconnect, device number 10 [ 153.379089][ T7701] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 153.382420][ T7701] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 153.386126][ T7701] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 153.390331][ T7701] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 153.597185][ T5229] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 153.757274][ T5229] usb 6-1: device descriptor read/64, error -71 [ 153.877244][ T5235] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 154.037175][ T5229] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 154.060528][ T5235] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 154.064601][ T5235] usb 8-1: config 1 has an invalid descriptor of length 217, skipping remainder of the config [ 154.068739][ T5235] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 154.073710][ T5235] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 136, changing to 11 [ 154.078630][ T5235] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 33555, setting to 1024 [ 154.084144][ T5235] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 154.087946][ T5266] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 154.090644][ T5235] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 154.093349][ T5235] usb 8-1: Product: syz [ 154.094909][ T5235] usb 8-1: Manufacturer: syz [ 154.187281][ T5229] usb 6-1: device descriptor read/64, error -71 [ 154.278528][ T5266] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 154.283386][ T5266] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 154.286588][ T5266] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 154.291674][ T5266] usb 7-1: config 0 interface 0 has no altsetting 0 [ 154.298573][ T5266] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 154.301802][ T5266] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 154.305683][ T5266] usb 7-1: config 0 interface 0 has no altsetting 0 [ 154.307426][ T5229] usb usb6-port1: attempt power cycle [ 154.309322][ T5266] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 154.313716][ T5266] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 154.318071][ T5266] usb 7-1: config 0 interface 0 has no altsetting 0 [ 154.321599][ T5266] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 154.325343][ T5266] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 154.330968][ T5266] usb 7-1: config 0 interface 0 has no altsetting 0 [ 154.332376][ T5266] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 154.332418][ T5266] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 154.332498][ T5266] usb 7-1: config 0 interface 0 has no altsetting 0 [ 154.333991][ T5266] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 154.334030][ T5266] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 154.334052][ T5266] usb 7-1: config 0 interface 0 has no altsetting 0 [ 154.335758][ T5266] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 154.351339][ T39] audit: type=1804 audit(1719553197.224:18): pid=7728 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.680" name="/syzkaller.u4r6UJ/174/file0" dev="sda1" ino=1961 res=1 errno=0 [ 154.354658][ T5266] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 154.374555][ T5266] usb 7-1: config 0 interface 0 has no altsetting 0 [ 154.379963][ T5266] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 154.383697][ T5266] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 154.388476][ T5266] usb 7-1: config 0 interface 0 has no altsetting 0 [ 154.394159][ T5266] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 154.398330][ T5266] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 154.401770][ T5266] usb 7-1: Product: syz [ 154.403583][ T5266] usb 7-1: Manufacturer: syz [ 154.405514][ T5266] usb 7-1: SerialNumber: syz [ 154.412241][ T5266] usb 7-1: config 0 descriptor?? [ 154.421168][ T5266] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 154.727249][ T5229] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 154.758370][ T5229] usb 6-1: device descriptor read/8, error -71 [ 155.027195][ T5229] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 155.058723][ T5229] usb 6-1: device descriptor read/8, error -71 [ 155.177629][ T5229] usb usb6-port1: unable to enumerate USB device [ 156.310063][ T7743] input: syz0 as /devices/virtual/input/input6 [ 156.406712][ T7745] __nla_validate_parse: 4 callbacks suppressed [ 156.406731][ T7745] netlink: 4 bytes leftover after parsing attributes in process `syz.1.684'. [ 156.557192][ T7750] netlink: 4 bytes leftover after parsing attributes in process `syz.0.685'. [ 156.629760][ T7752] macvlan2: entered allmulticast mode [ 156.633030][ T7752] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 156.635844][ T7752] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 156.644903][ T7752] bond0: (slave macvlan2): Enslaving as an active interface with an up link [ 156.665788][ T7752] bond0: entered promiscuous mode [ 156.668242][ C3] usb 7-1: yurex_control_callback - control failed: -2 [ 156.668469][ C3] usb 7-1: yurex_control_callback - control failed: -32 [ 156.671336][ T7752] bond_slave_0: entered promiscuous mode [ 156.676505][ T7752] bond_slave_1: entered promiscuous mode [ 156.679446][ T7752] macvlan2: entered promiscuous mode [ 156.680243][ T5244] usb 7-1: USB disconnect, device number 6 [ 156.690112][ T5244] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 156.696097][ T5235] cdc_wdm 8-1:1.0: skipping garbage [ 156.698749][ T5235] cdc_wdm 8-1:1.0: skipping garbage [ 156.702724][ T5235] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 156.705609][ T5235] cdc_wdm 8-1:1.0: Unknown control protocol [ 156.717330][ T5235] usb 8-1: USB disconnect, device number 13 [ 156.938415][ T7765] overlayfs: failed to resolve './file0/file0': -2 [ 157.119986][ T7781] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 157.296077][ T7794] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 157.299121][ T7794] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 157.303939][ T7794] vhci_hcd vhci_hcd.0: Device attached [ 157.329491][ T7794] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 157.342308][ T7794] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 157.353112][ T7794] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 157.361603][ T7794] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 157.369022][ T7794] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 157.376522][ T7794] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 157.384229][ T7794] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 157.394859][ T7794] vhci_hcd vhci_hcd.0: port 0 already used [ 157.517211][ T10] vhci_hcd: vhci_device speed not set [ 157.594383][ T10] usb 15-1: new full-speed USB device number 2 using vhci_hcd [ 157.740635][ T7814] overlayfs: failed to resolve './file0/file0': -2 [ 158.035633][ T7801] vhci_hcd: connection reset by peer [ 158.046547][ T95] vhci_hcd: stop threads [ 158.050079][ T95] vhci_hcd: release socket [ 158.054196][ T95] vhci_hcd: disconnect device [ 158.065505][ T7823] netlink: 4 bytes leftover after parsing attributes in process `syz.0.703'. [ 158.104759][ T7823] netlink: 29524 bytes leftover after parsing attributes in process `syz.0.703'. [ 158.115158][ T7831] netlink: 8 bytes leftover after parsing attributes in process `syz.3.705'. [ 158.121246][ T7831] netlink: 4 bytes leftover after parsing attributes in process `syz.3.705'. [ 158.196304][ T7833] usb usb8: usbfs: process 7833 (syz.2.706) did not claim interface 0 before use [ 158.200869][ T7835] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 158.271631][ T7835] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 158.301416][ T7841] netlink: 12 bytes leftover after parsing attributes in process `syz.2.709'. [ 158.331231][ T7835] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 158.345559][ T7843] netlink: 'syz.0.708': attribute type 4 has an invalid length. [ 158.350425][ T7838] netlink: 'syz.0.708': attribute type 4 has an invalid length. [ 158.377768][ T7846] fuse: Unknown parameter '&djxQ2' [ 158.392290][ T7848] netlink: 'syz.0.711': attribute type 10 has an invalid length. [ 158.404007][ T7848] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 158.406918][ T7848] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 158.465248][ T7851] fuse: Unknown parameter '&djxQ2' [ 158.569742][ T7787] orangefs_mount: mount request failed with -4 [ 158.821341][ T7860] fuse: Bad value for 'fd' [ 158.945053][ T39] audit: type=1326 audit(1719553201.814:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7862 comm="syz.3.716" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7407579 code=0x7ffc0000 [ 158.962250][ T39] audit: type=1326 audit(1719553201.834:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7862 comm="syz.3.716" exe="/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf7407579 code=0x7ffc0000 [ 158.980454][ T39] audit: type=1326 audit(1719553201.834:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7862 comm="syz.3.716" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7407579 code=0x7ffc0000 [ 158.990277][ T39] audit: type=1326 audit(1719553201.834:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7862 comm="syz.3.716" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7407579 code=0x7ffc0000 [ 159.000566][ T39] audit: type=1326 audit(1719553201.834:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7862 comm="syz.3.716" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7407579 code=0x7ffc0000 [ 159.008582][ T39] audit: type=1326 audit(1719553201.834:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7862 comm="syz.3.716" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7407579 code=0x7ffc0000 [ 159.017671][ T39] audit: type=1326 audit(1719553201.834:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7862 comm="syz.3.716" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7407579 code=0x7ffc0000 [ 159.025757][ T39] audit: type=1326 audit(1719553201.834:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7862 comm="syz.3.716" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7407579 code=0x7ffc0000 [ 159.033634][ T39] audit: type=1326 audit(1719553201.844:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7862 comm="syz.3.716" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7407579 code=0x7ffc0000 [ 159.041032][ T39] audit: type=1326 audit(1719553201.844:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7862 comm="syz.3.716" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7407579 code=0x7ffc0000 [ 159.050464][ T7863] netlink: 'syz.3.716': attribute type 4 has an invalid length. [ 159.248762][ T7870] overlayfs: failed to resolve './file0/file0': -2 [ 159.359342][ T7872] netlink: 12 bytes leftover after parsing attributes in process `syz.3.719'. [ 160.006951][ T7883] fuse: Bad value for 'fd' [ 160.057189][ T7886] fuse: Bad value for 'fd' [ 160.074323][ T7879] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 160.781407][ T7923] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 161.015998][ T7929] dccp_invalid_packet: P.Data Offset(0) too small [ 161.173240][ T7933] netlink: 'syz.0.739': attribute type 10 has an invalid length. [ 161.297699][ T5236] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 161.394173][ T7943] overlayfs: failed to resolve './file0/file0': -2 [ 161.478903][ T5236] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xB5 has an invalid bInterval 0, changing to 7 [ 161.482786][ T5236] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 161.486407][ T5236] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.490445][ T5236] usb 7-1: config 0 descriptor?? [ 161.698054][ T5236] ath6kl: Failed to submit usb control message: -71 [ 161.700367][ T5236] ath6kl: unable to send the bmi data to the device: -71 [ 161.703386][ T5236] ath6kl: Unable to send get target info: -71 [ 161.706443][ T5236] ath6kl: Failed to init ath6kl core: -71 [ 161.715279][ T5236] ath6kl_usb 7-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 161.719900][ T5236] usb 7-1: USB disconnect, device number 7 [ 161.761621][ T7967] netlink: 12 bytes leftover after parsing attributes in process `syz.0.752'. [ 161.794699][ T7971] overlayfs: failed to resolve './file0/file0': -2 [ 162.757256][ T10] vhci_hcd: vhci_device speed not set [ 162.777546][ T8038] netlink: 36 bytes leftover after parsing attributes in process `syz.2.773'. [ 162.940186][ T8043] netlink: 4 bytes leftover after parsing attributes in process `syz.3.774'. [ 163.530165][ T8072] netlink: 36 bytes leftover after parsing attributes in process `syz.0.783'. [ 163.829659][ T8080] netlink: 4 bytes leftover after parsing attributes in process `syz.3.784'. [ 164.261732][ T8067] orangefs_mount: mount request failed with -4 [ 164.317217][ T5236] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 164.365061][ T8107] overlayfs: failed to resolve './file0/file0': -2 [ 164.402111][ T8104] netlink: 4 bytes leftover after parsing attributes in process `syz.3.794'. [ 164.517594][ T5236] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 164.521250][ T5236] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 164.537513][ T5236] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 164.541296][ T5236] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 164.551717][ T5236] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 164.557620][ T5236] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 164.561343][ T5236] usb 5-1: Product: syz [ 164.563373][ T5236] usb 5-1: Manufacturer: syz [ 164.572312][ T5236] cdc_wdm 5-1:1.0: skipping garbage [ 164.575427][ T5236] cdc_wdm 5-1:1.0: skipping garbage [ 164.578872][ T5236] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 164.581198][ T5236] cdc_wdm 5-1:1.0: Unknown control protocol [ 164.784808][ T8078] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 164.797515][ T8078] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 164.834013][ T8127] ======================================================= [ 164.834013][ T8127] WARNING: The mand mount option has been deprecated and [ 164.834013][ T8127] and is ignored by this kernel. Remove the mand [ 164.834013][ T8127] option from the mount to silence this warning. [ 164.834013][ T8127] ======================================================= [ 164.915490][ T4994] usb 5-1: USB disconnect, device number 11 [ 165.182230][ T63] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.276563][ T63] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.363389][ T63] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.460623][ T63] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.483173][ T5194] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 165.492596][ T5194] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 165.496967][ T5194] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 165.502609][ T5194] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 165.506223][ T8141] overlayfs: failed to resolve './file0/file0': -2 [ 165.506948][ T5194] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 165.513143][ T5194] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 165.648528][ T63] bridge_slave_1: left allmulticast mode [ 165.650510][ T63] bridge_slave_1: left promiscuous mode [ 165.652546][ T63] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.658239][ T63] bridge_slave_0: left allmulticast mode [ 165.666217][ T63] bridge_slave_0: left promiscuous mode [ 165.668765][ T63] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.752603][ T8149] netlink: 4 bytes leftover after parsing attributes in process `syz.0.808'. [ 166.089744][ T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 166.096597][ T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 166.102479][ T63] bond0 (unregistering): Released all slaves [ 166.225525][ T8138] chnl_net:caif_netlink_parms(): no params data found [ 166.412206][ T8138] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.415391][ T8138] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.419103][ T8138] bridge_slave_0: entered allmulticast mode [ 166.424167][ T8138] bridge_slave_0: entered promiscuous mode [ 166.429374][ T8138] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.432638][ T8138] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.435816][ T8138] bridge_slave_1: entered allmulticast mode [ 166.441858][ T8138] bridge_slave_1: entered promiscuous mode [ 166.520840][ T8138] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 166.530067][ T8138] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 166.569564][ T8138] team0: Port device team_slave_0 added [ 166.576114][ T8138] team0: Port device team_slave_1 added [ 166.635403][ T8138] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 166.642351][ T8138] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 166.650918][ T8138] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 166.655977][ T8138] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 166.660217][ T8138] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 166.670088][ T8138] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 166.676653][ T8183] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 166.735858][ T8138] hsr_slave_0: entered promiscuous mode [ 166.740873][ T8138] hsr_slave_1: entered promiscuous mode [ 166.743509][ T8138] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 166.746117][ T8138] Cannot create hsr debugfs directory [ 166.770335][ T63] hsr_slave_0: left promiscuous mode [ 166.773040][ T63] hsr_slave_1: left promiscuous mode [ 166.775568][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 166.778737][ T63] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 166.781877][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 166.784450][ T63] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 166.789995][ T8189] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 166.812679][ T63] veth1_macvtap: left promiscuous mode [ 166.815467][ T63] veth0_macvtap: left promiscuous mode [ 166.817928][ T63] veth1_vlan: left promiscuous mode [ 166.819884][ T63] veth0_vlan: left promiscuous mode [ 166.847437][ T8191] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 167.154452][ T8195] overlayfs: failed to resolve './file0/file0': -2 [ 167.558548][ T5194] Bluetooth: hci2: command tx timeout [ 167.691613][ T63] team0 (unregistering): Port device team_slave_1 removed [ 167.761464][ T63] team0 (unregistering): Port device team_slave_0 removed [ 168.420953][ T8217] netlink: 4 bytes leftover after parsing attributes in process `syz.2.822'. [ 168.423579][ T8221] overlayfs: failed to resolve './file0/file0': -2 [ 168.525837][ T8224] netlink: 4 bytes leftover after parsing attributes in process `syz.0.824'. [ 168.870801][ T8138] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 168.875408][ T8138] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 168.881443][ T8138] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 168.888295][ T8138] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 168.936399][ T8138] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.948487][ T8138] 8021q: adding VLAN 0 to HW filter on device team0 [ 168.955604][ T5266] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.958027][ T5266] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.963096][ T8254] tipc: Started in network mode [ 168.964884][ T8254] tipc: Node identity e0000002, cluster identity 4711 [ 168.967981][ T8254] tipc: Enabling of bearer rejected, failed to enable media [ 168.978640][ T5266] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.981218][ T5266] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.995774][ T8254] netlink: 'syz.2.828': attribute type 10 has an invalid length. [ 169.017885][ T8258] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 169.075152][ T8258] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 169.078144][ T8268] overlayfs: failed to resolve './file0/file0': -2 [ 169.104468][ T8138] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 169.131413][ T8258] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 169.135380][ T8138] veth0_vlan: entered promiscuous mode [ 169.142706][ T8138] veth1_vlan: entered promiscuous mode [ 169.161273][ T8138] veth0_macvtap: entered promiscuous mode [ 169.165662][ T8138] veth1_macvtap: entered promiscuous mode [ 169.178718][ T8138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 169.182187][ T8138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.185400][ T8138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 169.189958][ T8138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.193202][ T8138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 169.195347][ T8280] 9pnet_fd: Insufficient options for proto=fd [ 169.196559][ T8138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.198392][ T8138] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 169.209156][ T8138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.213157][ T8138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.216790][ T8138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.221882][ T8138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.225221][ T8138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.229475][ T8138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.233803][ T8138] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 169.240395][ T8138] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.243867][ T8138] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.247006][ T8138] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.250193][ T8138] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.291037][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 169.296072][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 169.316774][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 169.320973][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 169.379401][ T8295] futex_wake_op: syz.3.802 tries to shift op by 32; fix this program [ 169.384871][ C2] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 169.627259][ T5194] Bluetooth: hci2: command tx timeout [ 169.739523][ T8314] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 170.159971][ C0] TCP: request_sock_TCP: Possible SYN flooding on port [::ffff:172.20.20.170]:2. Sending cookies. [ 170.253007][ T8347] netlink: 20 bytes leftover after parsing attributes in process `syz.2.848'. [ 170.293652][ T8349] netlink: 'syz.0.849': attribute type 4 has an invalid length. [ 170.309822][ T8353] netlink: 'syz.3.850': attribute type 10 has an invalid length. [ 170.470464][ T8366] netlink: 12 bytes leftover after parsing attributes in process `syz.2.854'. [ 170.483134][ T8365] netlink: 4 bytes leftover after parsing attributes in process `syz.2.854'. [ 170.699417][ T8377] netlink: 'syz.1.857': attribute type 10 has an invalid length. [ 171.707211][ T5194] Bluetooth: hci2: command tx timeout [ 171.861963][ T39] kauditd_printk_skb: 54 callbacks suppressed [ 171.861976][ T39] audit: type=1800 audit(1719553214.734:83): pid=8409 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.867" name="bus" dev="sda1" ino=1964 res=0 errno=0 [ 171.899568][ T5229] usb 7-1: new low-speed USB device number 8 using dummy_hcd [ 171.901559][ T8411] fuse: Unknown parameter '0x0000000000000003' [ 171.918500][ T8414] fuse: Unknown parameter '0x0000000000000003' [ 172.047193][ T5229] usb 7-1: device descriptor read/64, error -71 [ 172.317291][ T5229] usb 7-1: new low-speed USB device number 9 using dummy_hcd [ 172.447588][ T8434] netlink: 4 bytes leftover after parsing attributes in process `syz.1.874'. [ 172.467202][ T5229] usb 7-1: device descriptor read/64, error -71 [ 172.597418][ T5229] usb usb7-port1: attempt power cycle [ 172.766274][ T8441] netlink: 'syz.1.876': attribute type 5 has an invalid length. [ 172.772549][ T8441] [U] [ 172.773861][ T8441] [U] [ 172.774778][ T8441] [U] [ 172.775708][ T8441] [U] [ 172.776806][ T8441] [U] [ 172.777791][ T8441] [U] [ 172.778755][ T8441] [U] [ 172.779723][ T8441] [U] [ 172.781572][ T8441] [U] [ 172.782574][ T8441] [U] [ 172.783552][ T8441] [U] [ 172.788249][ T8440] [U] [ 172.898020][ T8447] overlayfs: failed to resolve './file0/file0': -2 [ 173.017208][ T5229] usb 7-1: new low-speed USB device number 10 using dummy_hcd [ 173.047822][ T5229] usb 7-1: device descriptor read/8, error -71 [ 173.106888][ T8452] syz.0.880 (pid 8452) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 173.157611][ T8452] fscrypt: Adiantum using implementation "adiantum(xchacha12-simd,aes-aesni,nhpoly1305-avx2)" [ 173.207431][ T5237] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 173.317701][ T5229] usb 7-1: new low-speed USB device number 11 using dummy_hcd [ 173.348100][ T5229] usb 7-1: device descriptor read/8, error -71 [ 173.397212][ T5237] usb 6-1: Using ep0 maxpacket: 8 [ 173.409147][ T5237] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 173.413866][ T5237] usb 6-1: config 0 has an invalid descriptor of length 154, skipping remainder of the config [ 173.418239][ T5237] usb 6-1: config 0 has no interface number 0 [ 173.420837][ T5237] usb 6-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 173.425986][ T5237] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 173.429916][ T5237] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.436913][ T5237] usb 6-1: config 0 descriptor?? [ 173.468008][ T5229] usb usb7-port1: unable to enumerate USB device [ 173.650394][ T5237] usb 6-1: string descriptor 0 read error: -71 [ 173.654300][ T5237] iowarrior 6-1:0.1: no interrupt-in endpoint found [ 173.658513][ T5237] usb 6-1: USB disconnect, device number 9 [ 173.787214][ T5194] Bluetooth: hci2: command tx timeout [ 174.091601][ T8479] bond0: (slave bond_slave_1): Releasing backup interface [ 174.186440][ T8486] netlink: 12 bytes leftover after parsing attributes in process `syz.1.892'. [ 174.546532][ T8504] tipc: Enabling of bearer rejected, media not registered [ 174.889472][ T8515] netlink: 12 bytes leftover after parsing attributes in process `syz.1.902'. [ 175.028053][ T55] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 175.217255][ T55] usb 8-1: Using ep0 maxpacket: 8 [ 175.223412][ T55] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 175.226583][ T55] usb 8-1: config 0 has an invalid descriptor of length 154, skipping remainder of the config [ 175.238086][ T55] usb 8-1: config 0 has no interface number 0 [ 175.243090][ T55] usb 8-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 175.248041][ T55] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 175.251428][ T8530] fuse: Unknown parameter '&djxQ2' [ 175.251494][ T55] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.259415][ T55] usb 8-1: config 0 descriptor?? [ 175.470108][ T55] usb 8-1: string descriptor 0 read error: -71 [ 175.476900][ T55] iowarrior 8-1:0.1: no interrupt-in endpoint found [ 175.483420][ T55] usb 8-1: USB disconnect, device number 14 [ 175.573588][ T8542] netlink: 12 bytes leftover after parsing attributes in process `syz.2.911'. [ 176.274123][ T8572] nvme_fabrics: missing parameter 'transport=%s' [ 176.278084][ T8572] nvme_fabrics: missing parameter 'nqn=%s' [ 176.511524][ T8577] netlink: 12 bytes leftover after parsing attributes in process `syz.3.920'. [ 176.708696][ T39] audit: type=1804 audit(1719553219.584:84): pid=8582 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.922" name="/syzkaller.u4r6UJ/241/bus/file0" dev="sda1" ino=1971 res=1 errno=0 [ 176.778388][ T8587] process 'syz.1.924' launched './file1' with NULL argv: empty string added [ 176.850968][ T8587] netlink: 4 bytes leftover after parsing attributes in process `syz.1.924'. [ 176.961292][ T8602] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 176.969427][ T8607] fuse: Unknown parameter '0x0000000000000004' [ 176.990527][ T8607] trusted_key: encrypted_key: insufficient parameters specified [ 176.995271][ T8604] tipc: Enabling of bearer rejected, media not registered [ 177.033218][ T8602] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 177.103547][ T8602] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 177.142016][ T8619] program syz.2.932 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 177.145496][ T39] audit: type=1804 audit(1719553220.014:85): pid=8612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.931" name="/syzkaller.pzX5TV/169/bus/file0" dev="sda1" ino=1971 res=1 errno=0 [ 177.214384][ T8623] fuse: Unknown parameter '&djxQ2' [ 177.475067][ T8635] netlink: 4 bytes leftover after parsing attributes in process `syz.0.936'. [ 177.516906][ T8638] fuse: Bad value for 'fd' [ 177.992305][ T8664] fuse: Bad value for 'fd' [ 178.515573][ T8696] fuse: Bad value for 'fd' [ 179.298980][ T8724] netlink: 'syz.3.965': attribute type 10 has an invalid length. [ 179.302204][ T8724] netlink: 40 bytes leftover after parsing attributes in process `syz.3.965'. [ 179.306809][ T8724] batadv0: entered promiscuous mode [ 179.309657][ T8724] batadv0: entered allmulticast mode [ 179.313229][ T8724] bridge0: port 3(batadv0) entered blocking state [ 179.316650][ T8724] bridge0: port 3(batadv0) entered disabled state [ 179.323191][ T8724] bridge0: port 3(batadv0) entered blocking state [ 179.327287][ T8724] bridge0: port 3(batadv0) entered forwarding state [ 179.498418][ T39] audit: type=1804 audit(1719553222.374:86): pid=8738 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.969" name="/syzkaller.V0P2Yc/34/bus/file0" dev="sda1" ino=1970 res=1 errno=0 [ 179.567291][ T8616] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 179.571213][ T8616] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 180.164373][ T4639] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 180.170980][ T4639] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 180.177447][ T4639] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 180.184664][ T4639] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 180.187787][ T4639] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 180.191527][ T4639] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 180.388807][ T8762] chnl_net:caif_netlink_parms(): no params data found [ 180.513409][ T8762] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.517205][ T8762] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.519951][ T8762] bridge_slave_0: entered allmulticast mode [ 180.522856][ T8762] bridge_slave_0: entered promiscuous mode [ 180.527238][ T8762] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.529703][ T8762] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.532228][ T8762] bridge_slave_1: entered allmulticast mode [ 180.535110][ T8762] bridge_slave_1: entered promiscuous mode [ 180.551748][ T39] audit: type=1800 audit(1719553223.424:87): pid=8790 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.985" name="bus" dev="sda1" ino=1962 res=0 errno=0 [ 180.610588][ T8762] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 180.618665][ T8762] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 180.673713][ T8762] team0: Port device team_slave_0 added [ 180.679851][ T8762] team0: Port device team_slave_1 added [ 180.740002][ T8762] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 180.742606][ T8762] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 180.753028][ T8762] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 180.759969][ T8762] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 180.762782][ T8762] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 180.775812][ T8762] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 180.900188][ T8762] hsr_slave_0: entered promiscuous mode [ 180.903987][ T8762] hsr_slave_1: entered promiscuous mode [ 180.906892][ T8762] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 180.912116][ T8762] Cannot create hsr debugfs directory [ 181.104991][ T8762] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.225593][ T8762] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.326590][ T8762] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.396033][ T8762] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.560097][ T8762] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 181.576017][ T8762] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 181.590291][ T8762] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 181.612365][ T8762] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 181.701671][ T8762] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.709146][ T4639] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 181.713517][ T4639] Bluetooth: hci2: Injecting HCI hardware error event [ 181.719988][ T4639] Bluetooth: hci2: hardware error 0x00 [ 181.721807][ T8762] 8021q: adding VLAN 0 to HW filter on device team0 [ 181.733640][ T5229] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.736957][ T5229] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.760512][ T5229] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.764008][ T5229] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.990634][ T8817] block nbd3: NBD_DISCONNECT [ 181.996454][ T8817] block nbd3: Disconnected due to user request. [ 182.002200][ T8817] block nbd3: shutting down sockets [ 182.012750][ T8762] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 182.086394][ T8762] veth0_vlan: entered promiscuous mode [ 182.093253][ T8613] bridge_slave_1: left allmulticast mode [ 182.095999][ T8613] bridge_slave_1: left promiscuous mode [ 182.099582][ T8613] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.112054][ T8613] bridge_slave_0: left allmulticast mode [ 182.114482][ T8613] bridge_slave_0: left promiscuous mode [ 182.116675][ T8613] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.270237][ T5194] Bluetooth: hci0: command tx timeout [ 182.318942][ T5266] usb 8-1: new high-speed USB device number 15 using dummy_hcd [ 182.513360][ T5266] usb 8-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 182.518074][ T5266] usb 8-1: New USB device found, idVendor=0bb4, idProduct=0a1b, bcdDevice=5c.24 [ 182.521817][ T5266] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.529376][ T5266] usb 8-1: config 0 descriptor?? [ 182.707532][ T8613] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 182.715554][ T8613] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 182.726976][ T8613] bond0 (unregistering): Released all slaves [ 182.744370][ T5266] usb 8-1: USB disconnect, device number 15 [ 182.747430][ T8762] veth1_vlan: entered promiscuous mode [ 182.792532][ T8762] veth0_macvtap: entered promiscuous mode [ 182.804105][ T8762] veth1_macvtap: entered promiscuous mode [ 182.824743][ T8762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 182.830819][ T8762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.836141][ T8762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 182.842607][ T8762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.847851][ T8762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 182.852715][ T8762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.858605][ T8762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 182.863682][ T8762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.871224][ T8762] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 182.889689][ T8762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 182.895095][ T8762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.904006][ T8762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 182.909630][ T8762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.914353][ T8762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 182.919192][ T8762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.923562][ T8762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 182.928345][ T8762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.934915][ T8762] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 182.983050][ T8762] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 182.987347][ T8762] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 182.991389][ T8762] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 182.995436][ T8762] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.075148][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 183.078804][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 183.096390][ T8616] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 183.100371][ T8616] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 183.151283][ T8613] hsr_slave_0: left promiscuous mode [ 183.157768][ T8613] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 183.163866][ T8613] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 183.169578][ T8613] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 183.172360][ T8613] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 183.205321][ T39] audit: type=1804 audit(1719553226.074:88): pid=8823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.979" name="/syzkaller.KuLwkb/0/bus/file0" dev="sda1" ino=1970 res=1 errno=0 [ 183.205720][ T8613] veth1_macvtap: left promiscuous mode [ 183.215755][ T8613] veth0_macvtap: left promiscuous mode [ 183.218381][ T8613] veth1_vlan: left promiscuous mode [ 183.220861][ T8613] veth0_vlan: left promiscuous mode [ 183.330983][ T8828] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 183.365231][ T8831] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 183.466475][ T8832] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 183.482340][ T8836] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 183.544467][ T8832] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 183.553652][ T8836] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 183.788349][ T4639] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 184.097756][ T8613] team0 (unregistering): Port device team_slave_1 removed [ 184.176907][ T8613] team0 (unregistering): Port device team_slave_0 removed [ 184.350595][ T4639] Bluetooth: hci0: command tx timeout [ 184.995971][ T8857] serio: Serial port pts0 [ 185.253145][ T8869] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1005'. [ 185.361945][ T8873] block nbd0: NBD_DISCONNECT [ 185.365210][ T8873] block nbd0: Disconnected due to user request. [ 185.368194][ T8873] block nbd0: shutting down sockets [ 185.637197][ T30] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 185.829681][ T30] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 185.834085][ T30] usb 5-1: New USB device found, idVendor=0bb4, idProduct=0a1b, bcdDevice=5c.24 [ 185.837906][ T30] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.842898][ T30] usb 5-1: config 0 descriptor?? [ 186.061939][ T5237] usb 5-1: USB disconnect, device number 12 [ 186.198107][ T8892] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 186.256908][ T8892] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 186.315685][ T8892] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 186.437329][ T4639] Bluetooth: hci0: command tx timeout [ 186.638003][ T8894] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 186.709381][ T8894] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 186.710959][ T8896] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1012'. [ 186.771376][ T8894] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 186.938488][ T8904] bond0: (slave bond_slave_0): Releasing backup interface [ 187.265855][ T8922] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 187.339268][ T8922] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 187.352448][ T8931] block nbd2: NBD_DISCONNECT [ 187.354580][ T8931] block nbd2: Disconnected due to user request. [ 187.357771][ T8931] block nbd2: shutting down sockets [ 187.361196][ T8932] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1024'. [ 187.397517][ T8922] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 187.647219][ T8] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 187.829430][ T8] usb 7-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 187.837204][ T8] usb 7-1: New USB device found, idVendor=0bb4, idProduct=0a1b, bcdDevice=5c.24 [ 187.841193][ T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.852343][ T8] usb 7-1: config 0 descriptor?? [ 188.072281][ T8] usb 7-1: USB disconnect, device number 12 [ 188.167737][ T5244] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 188.347184][ T5244] usb 5-1: Using ep0 maxpacket: 8 [ 188.356419][ T5244] usb 5-1: config 0 has no interfaces? [ 188.361398][ T5244] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 188.365030][ T5244] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.370206][ T5244] usb 5-1: config 0 descriptor?? [ 188.507240][ T4639] Bluetooth: hci0: command tx timeout [ 188.515752][ T8964] fuse: Unknown parameter '&djxQ2' [ 188.680630][ T8968] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1033'. [ 189.084014][ T8979] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1035'. [ 189.427879][ T8987] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1037'. [ 189.679174][ T8991] netlink: 488 bytes leftover after parsing attributes in process `syz.2.1039'. [ 189.792117][ T8994] netlink: 488 bytes leftover after parsing attributes in process `syz.1.1040'. [ 190.492496][ T5266] usb 5-1: USB disconnect, device number 13 [ 190.587246][ T5194] Bluetooth: hci0: command 0x0406 tx timeout [ 190.669476][ T9003] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1043'. [ 191.478579][ T9027] fuse: Unknown parameter '&djxQ2' [ 192.189955][ T9045] loop0: detected capacity change from 0 to 7 [ 192.192409][ T9049] netlink: 488 bytes leftover after parsing attributes in process `syz.0.1054'. [ 192.195740][ T9045] Dev loop0: unable to read RDB block 7 [ 192.195803][ T9045] loop0: unable to read partition table [ 192.195926][ T9045] loop0: partition table beyond EOD, truncated [ 192.203648][ T9045] loop_reread_partitions: partition scan of loop0 (被xڬdƤݡ [ 192.203648][ T9045] ) failed (rc=-5) [ 192.320855][ T9055] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1055'. [ 193.717206][ T5266] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 193.760668][ T9101] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1067'. [ 193.898694][ T5266] usb 6-1: config 0 has no interfaces? [ 193.900616][ T5266] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 193.903704][ T5266] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.913203][ T5266] usb 6-1: config 0 descriptor?? [ 194.028819][ T1353] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.031071][ T1353] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.132842][ T5266] usb 6-1: USB disconnect, device number 10 [ 194.261217][ T9110] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1071'. [ 194.382478][ T9123] tmpfs: Bad value for 'gid' [ 194.554847][ T9128] netlink: 488 bytes leftover after parsing attributes in process `syz.0.1075'. [ 194.727258][ T4994] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 194.782829][ T9131] usb usb9: usbfs: interface 0 claimed by hub while 'syz.1.1076' sets config #-1 [ 194.788226][ T9131] usb usb9: usbfs: interface 0 claimed by hub while 'syz.1.1076' sets config #-1 [ 194.917469][ T4994] usb 7-1: Using ep0 maxpacket: 8 [ 194.934745][ T4994] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 194.939112][ T4994] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 194.942447][ T4994] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024 [ 194.946153][ T4994] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 194.950930][ T4994] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 194.955332][ T4994] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 194.958650][ T4994] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.192714][ T4994] usb 7-1: GET_CAPABILITIES returned 0 [ 195.194831][ T4994] usbtmc 7-1:16.0: can't read capabilities [ 195.398772][ C0] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 195.402006][ C0] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 195.405611][ C0] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 195.405635][ C0] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 195.405655][ C0] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 195.416910][ C2] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -2 [ 195.460109][ T5266] usb 7-1: USB disconnect, device number 13 [ 195.547256][ T5194] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 195.550487][ T5194] Bluetooth: hci0: Injecting HCI hardware error event [ 195.554000][ T5194] Bluetooth: hci0: hardware error 0x00 [ 195.759449][ T9151] mkiss: ax0: crc mode is auto. [ 196.037536][ T9164] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1084'. [ 196.779349][ T9188] fuse: Bad value for 'fd' [ 197.144989][ T9197] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1093'. [ 197.226678][ T9201] befs: Unrecognized mount option "] [ 223.988784][ C0] dump_stack_lvl+0x116/0x1f0 [ 223.990437][ C0] print_report+0xc3/0x620 [ 223.991986][ C0] ? __virt_addr_valid+0x5e/0x580 [ 223.993738][ C0] kasan_report+0xd9/0x110 [ 223.995317][ C0] ? profile_pc+0x186/0x1a0 [ 223.996888][ C0] ? profile_pc+0x186/0x1a0 [ 223.998468][ C0] ? queued_read_lock_slowpath+0x131/0x2b1 [ 224.000494][ C0] profile_pc+0x186/0x1a0 [ 224.001984][ C0] profile_tick+0xd3/0x140 [ 224.003582][ C0] tick_nohz_handler+0x380/0x530 [ 224.005284][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 224.007160][ C0] __hrtimer_run_queues+0x657/0xcc0 [ 224.008940][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 224.010912][ C0] ? ktime_get_update_offsets_now+0x201/0x310 [ 224.013189][ C0] hrtimer_interrupt+0x31b/0x800 [ 224.015225][ C0] __sysvec_apic_timer_interrupt+0x10f/0x450 [ 224.017278][ C0] sysvec_apic_timer_interrupt+0x90/0xb0 [ 224.019306][ C0] [ 224.020347][ C0] [ 224.021357][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 224.023428][ C0] RIP: 0010:queued_read_lock_slowpath+0x131/0x2b1 [ 224.025595][ C0] Code: 85 45 01 00 00 8b 03 84 c0 74 36 48 b8 00 00 00 00 00 fc ff df 49 89 de 48 89 dd 49 c1 ee 03 83 e5 07 49 01 c6 83 c5 03 f3 90 <41> 0f b6 06 40 38 c5 7c 08 84 c0 0f 85 1f 01 00 00 8b 03 84 c0 75 [ 224.032529][ C0] RSP: 0018:ffffc90006d67b88 EFLAGS: 00000286 [ 224.034601][ C0] RAX: 00000000000002ff RBX: ffffffff8d80a080 RCX: ffffffff8adff3cb [ 224.037579][ C0] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8d80a080 [ 224.040340][ C0] RBP: 0000000000000003 R08: 0000000000000001 R09: fffffbfff1b01410 [ 224.043030][ C0] R10: ffffffff8d80a083 R11: 0000000000000000 R12: 1ffff92000dacf72 [ 224.045709][ C0] R13: ffffffff8d80a084 R14: fffffbfff1b01410 R15: ffffffff8152a979 [ 224.048406][ C0] ? do_wait+0x1e9/0x570 [ 224.049861][ C0] ? queued_read_lock_slowpath+0xdb/0x2b1 [ 224.051850][ C0] ? queued_read_lock_slowpath+0xdb/0x2b1 [ 224.054316][ C0] ? __pfx_queued_read_lock_slowpath+0x10/0x10 [ 224.056409][ C0] __do_wait+0x105/0x890 [ 224.057863][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 224.059838][ C0] ? do_wait+0x1e9/0x570 [ 224.061569][ C0] do_wait+0x219/0x570 [ 224.063453][ C0] kernel_wait4+0x16c/0x280 [ 224.065595][ C0] ? __pfx_kernel_wait4+0x10/0x10 [ 224.067853][ C0] ? __pfx_child_wait_callback+0x10/0x10 [ 224.070365][ C0] ? __pfx_hrtimer_nanosleep+0x10/0x10 [ 224.072825][ C0] ? __might_fault+0xe3/0x190 [ 224.074948][ C0] __do_compat_sys_wait4+0x159/0x170 [ 224.077320][ C0] ? __pfx___do_compat_sys_wait4+0x10/0x10 [ 224.079948][ C0] ? __pfx_get_old_timespec32+0x10/0x10 [ 224.082434][ C0] __do_fast_syscall_32+0x73/0x120 [ 224.084768][ C0] do_fast_syscall_32+0x32/0x80 [ 224.086971][ C0] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 224.089748][ C0] RIP: 0023:0xf742f579 [ 224.091587][ C0] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 224.099966][ C0] RSP: 002b:00000000ffae2c30 EFLAGS: 00000246 ORIG_RAX: 0000000000000072 [ 224.102910][ C0] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00000000ffae2d50 [ 224.105558][ C0] RDX: 0000000040000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 224.108217][ C0] RBP: 00000000ffae2d50 R08: 0000000000000000 R09: 0000000000000000 [ 224.110929][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 224.113570][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 224.116249][ C0] [ 224.117305][ C0] [ 224.118119][ C0] The buggy address belongs to stack of task syz-executor/8138 [ 224.120691][ C0] and is located at offset 0 in frame: [ 224.122546][ C0] queued_read_lock_slowpath+0x0/0x2b1 [ 224.124381][ C0] [ 224.125199][ C0] This frame has 1 object: [ 224.126726][ C0] [32, 36) 'val' [ 224.126732][ C0] [ 224.128794][ C0] The buggy address belongs to the virtual mapping at [ 224.128794][ C0] [ffffc90006d60000, ffffc90006d69000) created by: [ 224.128794][ C0] kernel_clone+0xfd/0x980 [ 224.134547][ C0] [ 224.135357][ C0] The buggy address belongs to the physical page: [ 224.137447][ C0] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888020d80618 pfn:0x20d80 [ 224.140947][ C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 224.143640][ C0] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 224.146492][ C0] raw: ffff888020d80618 0000000000000000 00000001ffffffff 0000000000000000 [ 224.149350][ C0] page dumped because: kasan: bad access detected [ 224.151521][ C0] page_owner tracks the page as allocated [ 224.153415][ C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 8029, tgid 8029 (syz.0.771), ts 162620140289, free_ts 162008512747 [ 224.161011][ C0] post_alloc_hook+0x2d1/0x350 [ 224.163183][ C0] get_page_from_freelist+0x1353/0x2e50 [ 224.165611][ C0] __alloc_pages_noprof+0x22b/0x2460 [ 224.167877][ C0] alloc_pages_mpol_noprof+0x275/0x610 [ 224.170290][ C0] __vmalloc_node_range_noprof+0xa6a/0x1520 [ 224.172917][ C0] copy_process+0x29f5/0x6f50 [ 224.175047][ C0] kernel_clone+0xfd/0x980 [ 224.177028][ C0] __do_sys_clone3+0x1f5/0x270 [ 224.179131][ C0] do_int80_emulation+0x104/0x200 [ 224.181314][ C0] asm_int80_emulation+0x1a/0x20 [ 224.183504][ C0] page last free pid 24 tgid 24 stack trace: [ 224.185983][ C0] free_unref_page+0x64a/0xe40 [ 224.188035][ C0] __folio_put+0x239/0x360 [ 224.190052][ C0] free_page_and_swap_cache+0x249/0x2c0 [ 224.192332][ C0] tlb_remove_table_rcu+0x89/0xe0 [ 224.194211][ C0] rcu_core+0x828/0x16b0 [ 224.196088][ C0] handle_softirqs+0x216/0x8f0 [ 224.198142][ C0] run_ksoftirqd+0x3a/0x60 [ 224.200148][ C0] smpboot_thread_fn+0x661/0xa10 [ 224.202310][ C0] kthread+0x2c1/0x3a0 [ 224.203742][ C0] ret_from_fork+0x45/0x80 [ 224.205256][ C0] ret_from_fork_asm+0x1a/0x30 [ 224.206880][ C0] [ 224.207663][ C0] Memory state around the buggy address: [ 224.209516][ C0] ffffc90006d67a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 224.212171][ C0] ffffc90006d67b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 224.214837][ C0] >ffffc90006d67b80: 00 00 f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00 00 00 [ 224.217504][ C0] ^ [ 224.219064][ C0] ffffc90006d67c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 224.221757][ C0] ffffc90006d67c80: 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 [ 224.224442][ C0] ================================================================== [ 224.227127][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 224.229539][ C0] CPU: 0 PID: 8138 Comm: syz-executor Not tainted 6.10.0-rc5-syzkaller-00200-g5bbd9b249880 #0 [ 224.232960][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 224.236563][ C0] Call Trace: [ 224.237696][ C0] [ 224.238689][ C0] dump_stack_lvl+0x3d/0x1f0 [ 224.240256][ C0] panic+0x6f5/0x7a0 [ 224.241590][ C0] ? __pfx_panic+0x10/0x10 [ 224.243053][ C0] ? rcu_is_watching+0x12/0xc0 [ 224.244676][ C0] ? __pfx_lock_release+0x10/0x10 [ 224.246377][ C0] ? check_panic_on_warn+0x1f/0xb0 [ 224.248101][ C0] check_panic_on_warn+0xab/0xb0 [ 224.249781][ C0] end_report+0x117/0x180 [ 224.251261][ C0] kasan_report+0xe9/0x110 [ 224.252750][ C0] ? profile_pc+0x186/0x1a0 [ 224.254286][ C0] ? profile_pc+0x186/0x1a0 [ 224.255818][ C0] ? queued_read_lock_slowpath+0x131/0x2b1 [ 224.257759][ C0] profile_pc+0x186/0x1a0 [ 224.259226][ C0] profile_tick+0xd3/0x140 [ 224.260722][ C0] tick_nohz_handler+0x380/0x530 [ 224.262336][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 224.264129][ C0] __hrtimer_run_queues+0x657/0xcc0 [ 224.265833][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 224.267765][ C0] ? ktime_get_update_offsets_now+0x201/0x310 [ 224.269822][ C0] hrtimer_interrupt+0x31b/0x800 [ 224.271510][ C0] __sysvec_apic_timer_interrupt+0x10f/0x450 [ 224.273536][ C0] sysvec_apic_timer_interrupt+0x90/0xb0 [ 224.275418][ C0] [ 224.276419][ C0] [ 224.277424][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 224.279445][ C0] RIP: 0010:queued_read_lock_slowpath+0x131/0x2b1 [ 224.281599][ C0] Code: 85 45 01 00 00 8b 03 84 c0 74 36 48 b8 00 00 00 00 00 fc ff df 49 89 de 48 89 dd 49 c1 ee 03 83 e5 07 49 01 c6 83 c5 03 f3 90 <41> 0f b6 06 40 38 c5 7c 08 84 c0 0f 85 1f 01 00 00 8b 03 84 c0 75 [ 224.288093][ C0] RSP: 0018:ffffc90006d67b88 EFLAGS: 00000286 [ 224.290154][ C0] RAX: 00000000000002ff RBX: ffffffff8d80a080 RCX: ffffffff8adff3cb [ 224.292822][ C0] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8d80a080 [ 224.295489][ C0] RBP: 0000000000000003 R08: 0000000000000001 R09: fffffbfff1b01410 [ 224.298125][ C0] R10: ffffffff8d80a083 R11: 0000000000000000 R12: 1ffff92000dacf72 [ 224.300780][ C0] R13: ffffffff8d80a084 R14: fffffbfff1b01410 R15: ffffffff8152a979 [ 224.303434][ C0] ? do_wait+0x1e9/0x570 [ 224.304859][ C0] ? queued_read_lock_slowpath+0xdb/0x2b1 [ 224.306753][ C0] ? queued_read_lock_slowpath+0xdb/0x2b1 [ 224.308640][ C0] ? __pfx_queued_read_lock_slowpath+0x10/0x10 [ 224.310696][ C0] __do_wait+0x105/0x890 [ 224.312148][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 224.314111][ C0] ? do_wait+0x1e9/0x570 [ 224.315567][ C0] do_wait+0x219/0x570 [ 224.316952][ C0] kernel_wait4+0x16c/0x280 [ 224.318508][ C0] ? __pfx_kernel_wait4+0x10/0x10 [ 224.320209][ C0] ? __pfx_child_wait_callback+0x10/0x10 [ 224.322102][ C0] ? __pfx_hrtimer_nanosleep+0x10/0x10 [ 224.323932][ C0] ? __might_fault+0xe3/0x190 [ 224.325516][ C0] __do_compat_sys_wait4+0x159/0x170 [ 224.327287][ C0] ? __pfx___do_compat_sys_wait4+0x10/0x10 [ 224.329237][ C0] ? __pfx_get_old_timespec32+0x10/0x10 [ 224.331158][ C0] __do_fast_syscall_32+0x73/0x120 [ 224.332886][ C0] do_fast_syscall_32+0x32/0x80 [ 224.334536][ C0] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 224.336669][ C0] RIP: 0023:0xf742f579 [ 224.337965][ C0] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 224.344344][ C0] RSP: 002b:00000000ffae2c30 EFLAGS: 00000246 ORIG_RAX: 0000000000000072 [ 224.347134][ C0] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00000000ffae2d50 [ 224.349711][ C0] RDX: 0000000040000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 224.352321][ C0] RBP: 00000000ffae2d50 R08: 0000000000000000 R09: 0000000000000000 [ 224.354963][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 224.357608][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 224.360277][ C0] [ 225.428061][ C0] Shutting down cpus with NMI [ 225.430472][ C0] Kernel Offset: disabled [ 225.431951][ C0] Rebooting in 86400 seconds.. VM DIAGNOSIS: 05:41:07 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000062 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84f96905 RDI=ffffffff94d5c040 RBP=ffffffff94d5c000 RSP=ffffc90000007868 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3630303039636652 R12=0000000000000000 R13=0000000000000062 R14=ffffffff84f968a0 R15=0000000000000000 RIP=ffffffff84f9692f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802c000000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=00000000547fc000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000063289f RBX=0000000000000001 RCX=ffffffff8adc2d59 RDX=0000000000000000 RSI=ffffffff8b2cb9e0 RDI=ffffffff8b8fb8e0 RBP=ffffed1002bff910 RSP=ffffc90000477e08 R8 =0000000000000001 R9 =ffffed1005826fdd R10=ffff88802c137eeb R11=0000000000000000 R12=0000000000000001 R13=ffff888015ffc880 R14=ffffffff8fe2a710 R15=0000000000000000 RIP=ffffffff8adc414f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000002bae8000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=0000000000000003 RCX=1ffffffff283fbff RDX=ffff88801d520000 RSI=ffffffff813be4d4 RDI=ffffffff8b8fb8e0 RBP=ffffffff8d80a084 RSP=ffffc90002a9fa38 R8 =0000000000000001 R9 =fffffbfff283ea5a R10=ffffffff941f52d7 R11=0000000000000000 R12=0000000000000003 R13=0000000000000003 R14=ffff88802c23fa40 R15=fffffbfff1b01410 RIP=ffffffff813be4d6 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802c200000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000004f212000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000479500000000 0000017300000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 EAX=f66333a0 EBX=ffffffff ECX=00000000 EDX=813c8906 ESI=813c8906 EDI=f6633170 EBP=f66332d0 ESP=ff9fb6c0 EIP=f7175a45 EFL=00000287 [--S--PC] CPL=3 II=0 A20=1 SMM=0 HLT=0 ES =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0023 00000000 ffffffff 00c0fb00 DPL=3 CS32 [-RA] SS =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] DS =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 00000000 ffffffff 00c00000 GS =0063 56ce6440 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 00000000 ffffffff 00c00000 TR =0040 000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000002 CR3=000000002b79e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000479500000000 0000017300000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000