last executing test programs: 15.598607403s ago: executing program 3 (id=496): r0 = syz_io_uring_setup(0x4300, &(0x7f0000000380)={0x0, 0x0, 0x10100, 0x0, 0xd0}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_SENDMSG={0x9, 0x18, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1}) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='*'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 15.50831914s ago: executing program 3 (id=498): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001240)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2041, 0x0) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000080)={0x49de, 0x0, 0x0, 0xbfff, 0x0, "ec28a144f13d7607"}) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x44) 15.292896442s ago: executing program 3 (id=504): r0 = socket(0x10, 0x803, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}]}}]}, 0x40}}, 0x0) 15.192335898s ago: executing program 3 (id=507): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x80700a, 0x0) umount2(&(0x7f0000000100)='./file0/file0\x00', 0xb) 15.139886948s ago: executing program 3 (id=509): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f00000000c0)="04", 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='nv\x00', 0x3) shutdown(r0, 0x1) 14.957289825s ago: executing program 3 (id=516): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r1 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffa, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r1, 0x708, 0x41e3, 0x0, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1}}) read(r0, &(0x7f0000000040)=""/113, 0x71) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) 14.895841731s ago: executing program 32 (id=516): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r1 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffa, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r1, 0x708, 0x41e3, 0x0, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1}}) read(r0, &(0x7f0000000040)=""/113, 0x71) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) 2.712843161s ago: executing program 0 (id=687): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000140), 0x286, 0x0) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0xff, "340b7832c1efd131b8e6498c25f54a2700", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f00000000c0)={"3c2413b9d44aec57f2e2ad238a7b448ed886910284ed923c31d4b8affbf514fd", r3, 0xffffffffffffffff}) close_range(r1, r3, 0x0) close(r0) ioctl$SYNC_IOC_FILE_INFO(r4, 0x40103e05, &(0x7f00000001c0)={""/32, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.688663609s ago: executing program 0 (id=689): r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) listen(r0, 0xda90) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='cpuset.effective_mems\x00', 0x275a, 0x0) write$cgroup_subtree(r2, &(0x7f0000000480)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000400), &(0x7f00000000c0)=0x8) 1.872683521s ago: executing program 2 (id=692): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000057c0)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000002340)="6b093db1947bc296cf697e335c7aa0e9afc07b5f0c819e3522eaad2a74224b7a5bed182fec91c96271033eec5d14ede20a6d1c36c3e7a445ccb5b158ffaec30b8b846de0d5b327a6b1d322a80d00b5c08428fb6ef0d6bdfef436fd9a0027a7cce11f65f633449199149e065a48b3f6bb51b5e305aa20ec347027ace732178271cb92f3e4bdda6732a10715efe7a7eae23413207a9cd1c24ea5ad8f333bfedf8e93e880fc51fb9051917d5488a13c22f1a575b1767424074c84444b29becb98de0e479ae50c12711cc5e26973d496458de4969e51dd5aee7ae9ca5da879f96737d626b447cdf675bc4af3e1ffec688c6945d0786b8ff146cab2e441e3438f3ddd2832b9ac4c9693141785b844f706c8137d0ebf12347ee82f9bd1968c51803a81998a149178952f712f57c09038a8f8a2e871a1f3b026ec617a77cb2163cea2164504b5ae989034b7ceb91545c2d968b9852181505afb7422606d1db2982240a7583260c32f5e3ea677edfeffc6cb30ef79c96938f7b571a3747042c4db17296ea799f65205b5cc2bf60f5921db65d28ae0a3ce76601fb0dfc04c7fa3900aff36af6c018df195fe6e97e6aa3a81c06130489c24b82c920681d3efb1fc33c73f8645ff0baa0be3a9a92b601f9602a2ef119e527c156bd8d8c91ec92baed92c43bc153fb5c7a5b08f8c8c03b0d266bcadbb061ae5e0f15eab9ba116923a27d961377383fae7b837", 0x206}], 0x1}}], 0x1, 0x81) setsockopt$sock_int(r0, 0x1, 0x21, &(0x7f0000000040), 0x4) sendmmsg$inet(r0, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000000c0)='f', 0x1}], 0x1}}], 0x1, 0x4) shutdown(r0, 0x1) recvmmsg(r0, &(0x7f00000006c0)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000001340)=""/4096, 0x1000}], 0x1}, 0x1}], 0x1, 0x0, 0x0) 1.839665412s ago: executing program 2 (id=693): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000380), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') rename(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='./bus\x00') 1.822703182s ago: executing program 0 (id=694): r0 = syz_io_uring_setup(0x952, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000002680)=ANY=[@ANYBLOB="80000000", @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="6200330080000000ffffffffffff08021100000050505050505000000000000000003a0064000110010003010c"], 0x80}, 0x1, 0x0, 0x0, 0x1}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, 0x0) 1.77388025s ago: executing program 0 (id=695): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f000000e280)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_LSEEK(r0, &(0x7f0000000440)={0x18, 0x0, r1, {0x7}}, 0x18) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 1.770329282s ago: executing program 2 (id=696): r0 = io_uring_setup(0x5, &(0x7f00000002c0)) r1 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r2 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0) landlock_restrict_self(r2, 0x0) fcntl$setlease(r1, 0x400, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6}]}) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1.568721186s ago: executing program 1 (id=698): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_serviced\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) write$FUSE_LK(r0, &(0x7f00000002c0)={0x28, 0x0, 0x0, {{0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0x28) read$FUSE(r0, &(0x7f0000003740)={0x2020}, 0x2020) 1.49799131s ago: executing program 1 (id=701): madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) process_vm_writev(r0, 0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000700)=""/186, 0xba}], 0x1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 1.101765198s ago: executing program 4 (id=707): socket$inet_tcp(0x2, 0x1, 0x0) socket$inet(0x2, 0x3, 0x4) syz_open_procfs(0x0, &(0x7f0000000400)='map_files\x00') socket$nl_route(0x10, 0x3, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x141a82, 0x0) syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) socket$key(0xf, 0x3, 0x2) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x2}, 0x0, &(0x7f00000002c0)={0x3ff, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 1.101010386s ago: executing program 4 (id=708): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000080)=0xa0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000000)={@local}) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000040)=0x10000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000100)={@host, 0x1}) close_range(r0, 0xffffffffffffffff, 0x0) 1.002891459s ago: executing program 4 (id=709): mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$afs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f00000002c0)={[{@dyn}]}) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) 991.154295ms ago: executing program 4 (id=710): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000040)={0x0, 0x2000, 0x0, {0x0, 0xa}, {0x1, 0xa}, @const={0x9, {0x0, 0x2, 0x3, 0x81}}}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4808000010001fff3a4ee9bfd5c3a3696c40af0b", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x3}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 969.962416ms ago: executing program 1 (id=711): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x19, 0x4, 0x8, 0x7fff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1) 917.989595ms ago: executing program 0 (id=712): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f00000003c0)={0x0, 0x4533, 0x10100, 0xffffdffe, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f0000000340)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x15a, 0x4000, 0x0, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') read$FUSE(r5, 0x0, 0x3) 917.864509ms ago: executing program 1 (id=713): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000100)=0xcf5) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) ppoll(&(0x7f0000000140)=[{r0}], 0x1, 0x0, 0x0, 0x0) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TCSETSW2(r2, 0x5437, 0x0) 800.99903ms ago: executing program 2 (id=714): prlimit64(0x0, 0xe, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) umount2(&(0x7f0000000040)='.\x00', 0x9) 800.175372ms ago: executing program 1 (id=715): r0 = socket(0x28, 0x5, 0x0) r1 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r1, 0x0) connect$vsock_stream(r0, &(0x7f0000000440), 0x10) sendmmsg(r0, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x0) r2 = accept4$unix(r1, 0x0, 0x0, 0x0) read(r2, 0x0, 0xffffffffffffff1e) 702.987457ms ago: executing program 1 (id=716): mkdir(&(0x7f0000000180)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003c58b3bd0000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x2, {0x0, 0x1e}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0) 578.217401ms ago: executing program 2 (id=717): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000004) ioctl$sock_SIOCBRDELBR(r0, 0x89a2, &(0x7f0000000000)='bridge0\x00') r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x40d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0xc060, 0x8}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_NEIGH_SUPPRESS={0x5, 0x20, 0x1}]}}}]}, 0x44}}, 0x0) syz_emit_ethernet(0x2e, &(0x7f00000000c0)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x1e}, @random="6a177a00", @val={@void, {0x8100, 0x1, 0x1, 0xfff}}, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @remote, @rand_addr=0x64010101, @random="8ec66f350ba6", @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, 0x0) 463.256507ms ago: executing program 2 (id=718): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newqdisc={0x60, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28}, @TCA_TBF_BURST={0x8, 0x6, 0x58}]}}]}, 0x60}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@gettclass={0x24, 0x2a, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}}}, 0x24}}, 0x0) 77.571867ms ago: executing program 4 (id=719): prlimit64(0x0, 0x6, &(0x7f0000000040), 0x0) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r3) syz_clone(0xd5ba2180, 0x0, 0x0, 0x0, 0x0, 0x0) 77.338876ms ago: executing program 4 (id=720): madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) process_vm_writev(r0, 0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000700)=""/186, 0xba}], 0x1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 0s ago: executing program 0 (id=721): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:19149' (ED25519) to the list of known hosts. [ 41.268462][ T5928] cgroup: Unknown subsys name 'net' [ 41.432774][ T5928] cgroup: Unknown subsys name 'cpuset' [ 41.435791][ T5928] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 42.238381][ T5928] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 44.980037][ T5941] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 44.984110][ T5941] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 44.988032][ T5941] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 44.991147][ T5941] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 44.993787][ T5950] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 44.997900][ T5941] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 45.000462][ T5941] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 45.005771][ T5941] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 45.007908][ T5949] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 45.008383][ T5941] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 45.012977][ T5949] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 45.014529][ T5941] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 45.017350][ T5949] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 45.020203][ T5941] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 45.021184][ T5950] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 45.021555][ T5950] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 45.021727][ T5950] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 45.023036][ T5949] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 45.024088][ T5955] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 45.025694][ T5941] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 45.027372][ T5949] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 45.029017][ T5955] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 45.029134][ T5955] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 45.044223][ T5949] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 45.188121][ T5943] chnl_net:caif_netlink_parms(): no params data found [ 45.227343][ T5939] chnl_net:caif_netlink_parms(): no params data found [ 45.239238][ T5952] chnl_net:caif_netlink_parms(): no params data found [ 45.344435][ T5943] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.346701][ T5943] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.349024][ T5943] bridge_slave_0: entered allmulticast mode [ 45.351916][ T5943] bridge_slave_0: entered promiscuous mode [ 45.360685][ T5945] chnl_net:caif_netlink_parms(): no params data found [ 45.369168][ T5943] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.372255][ T5943] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.375191][ T5943] bridge_slave_1: entered allmulticast mode [ 45.378288][ T5943] bridge_slave_1: entered promiscuous mode [ 45.419790][ T5952] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.421954][ T5952] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.424192][ T5952] bridge_slave_0: entered allmulticast mode [ 45.426565][ T5952] bridge_slave_0: entered promiscuous mode [ 45.486048][ T5952] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.488884][ T5952] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.492118][ T5952] bridge_slave_1: entered allmulticast mode [ 45.494631][ T5952] bridge_slave_1: entered promiscuous mode [ 45.498532][ T5943] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.505127][ T5943] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.523467][ T5939] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.526352][ T5939] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.529162][ T5939] bridge_slave_0: entered allmulticast mode [ 45.532677][ T5939] bridge_slave_0: entered promiscuous mode [ 45.536767][ T5939] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.539369][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.542413][ T5939] bridge_slave_1: entered allmulticast mode [ 45.545084][ T5939] bridge_slave_1: entered promiscuous mode [ 45.580639][ T5943] team0: Port device team_slave_0 added [ 45.603911][ T5952] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.607644][ T5943] team0: Port device team_slave_1 added [ 45.628450][ T5939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.649399][ T5952] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.661729][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.663787][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.672651][ T5943] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.678178][ T5939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.681035][ T5945] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.683147][ T5945] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.685274][ T5945] bridge_slave_0: entered allmulticast mode [ 45.687421][ T5945] bridge_slave_0: entered promiscuous mode [ 45.690461][ T5945] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.692504][ T5945] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.694567][ T5945] bridge_slave_1: entered allmulticast mode [ 45.696724][ T5945] bridge_slave_1: entered promiscuous mode [ 45.714707][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.716717][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.724271][ T5943] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.755965][ T5952] team0: Port device team_slave_0 added [ 45.772273][ T5939] team0: Port device team_slave_0 added [ 45.775389][ T5945] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.779149][ T5952] team0: Port device team_slave_1 added [ 45.789696][ T5939] team0: Port device team_slave_1 added [ 45.792407][ T5945] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.843108][ T5945] team0: Port device team_slave_0 added [ 45.845420][ T5952] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.847646][ T5952] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.855718][ T5952] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.877686][ T5945] team0: Port device team_slave_1 added [ 45.880154][ T5952] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.882189][ T5952] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.890668][ T5952] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.894693][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.896718][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.904072][ T5939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.913791][ T5943] hsr_slave_0: entered promiscuous mode [ 45.916126][ T5943] hsr_slave_1: entered promiscuous mode [ 45.936349][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.938420][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.946187][ T5939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.953407][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.955478][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.963059][ T5945] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.967139][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.969182][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.976912][ T5945] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.044952][ T5939] hsr_slave_0: entered promiscuous mode [ 46.047716][ T5939] hsr_slave_1: entered promiscuous mode [ 46.050344][ T5939] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.052876][ T5939] Cannot create hsr debugfs directory [ 46.058863][ T5952] hsr_slave_0: entered promiscuous mode [ 46.063403][ T5952] hsr_slave_1: entered promiscuous mode [ 46.066215][ T5952] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.069396][ T5952] Cannot create hsr debugfs directory [ 46.097186][ T5945] hsr_slave_0: entered promiscuous mode [ 46.099393][ T5945] hsr_slave_1: entered promiscuous mode [ 46.101559][ T5945] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.104265][ T5945] Cannot create hsr debugfs directory [ 46.361143][ T5943] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 46.368629][ T5943] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 46.373755][ T5943] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 46.381584][ T5943] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 46.398355][ T5952] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 46.403590][ T5952] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 46.407562][ T5952] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 46.411812][ T5952] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 46.441278][ T5939] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 46.447509][ T5939] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 46.453740][ T5939] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 46.458964][ T5939] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 46.496490][ T5945] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 46.510503][ T5945] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 46.515940][ T5945] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 46.522858][ T5945] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 46.573467][ T5943] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.584872][ T5952] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.603742][ T5943] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.614300][ T1180] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.617136][ T1180] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.624531][ T5939] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.628699][ T5952] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.634803][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.637233][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.653355][ T1054] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.656209][ T1054] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.665922][ T1054] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.668052][ T1054] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.671572][ T5939] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.687143][ T1054] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.689140][ T1054] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.700985][ T5945] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.715974][ T1054] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.718496][ T1054] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.738073][ T5945] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.745907][ T1054] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.748061][ T1054] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.756914][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.759815][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.788875][ T5945] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 46.847023][ T5943] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.859306][ T5952] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.877829][ T5943] veth0_vlan: entered promiscuous mode [ 46.890424][ T5943] veth1_vlan: entered promiscuous mode [ 46.897603][ T5939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.908489][ T5945] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.916223][ T5952] veth0_vlan: entered promiscuous mode [ 46.934079][ T5952] veth1_vlan: entered promiscuous mode [ 46.940800][ T5943] veth0_macvtap: entered promiscuous mode [ 46.962133][ T5943] veth1_macvtap: entered promiscuous mode [ 46.967629][ T5939] veth0_vlan: entered promiscuous mode [ 46.980486][ T5952] veth0_macvtap: entered promiscuous mode [ 46.983270][ T5945] veth0_vlan: entered promiscuous mode [ 46.987137][ T5952] veth1_macvtap: entered promiscuous mode [ 46.992386][ T5945] veth1_vlan: entered promiscuous mode [ 46.996024][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.001247][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.007221][ T5939] veth1_vlan: entered promiscuous mode [ 47.013429][ T5943] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.016061][ T5943] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.018652][ T5943] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.021438][ T5943] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.027703][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.032773][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.037577][ T5952] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.044352][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.048525][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.053335][ T5952] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.070292][ T5952] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.073794][ T5952] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.077241][ T5952] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.081462][ T5952] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.090358][ T5949] Bluetooth: hci2: command tx timeout [ 47.090408][ T5941] Bluetooth: hci3: command tx timeout [ 47.091476][ T5944] Bluetooth: hci1: command tx timeout [ 47.091648][ T5944] Bluetooth: hci0: command tx timeout [ 47.101995][ T5939] veth0_macvtap: entered promiscuous mode [ 47.108645][ T5945] veth0_macvtap: entered promiscuous mode [ 47.114197][ T5945] veth1_macvtap: entered promiscuous mode [ 47.121858][ T5939] veth1_macvtap: entered promiscuous mode [ 47.141430][ T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.144394][ T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.154091][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.157759][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.162170][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.166243][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.171468][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.177173][ T5939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.181691][ T5939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.185296][ T5939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.188202][ T5939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.191354][ T5939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.194434][ T5939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.198456][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.206868][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.210219][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.213051][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.216032][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.219370][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.229569][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.232458][ T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.232584][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.238514][ T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.241679][ T5939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.245782][ T5939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.249975][ T5939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.253690][ T5939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.256464][ T5939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.261217][ T5939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.265908][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.271932][ T5945] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.274910][ T5945] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.278338][ T5945] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.282519][ T5945] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.294647][ T1180] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.295299][ T5939] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.297830][ T1180] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.301923][ T5939] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.307071][ T5939] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.309808][ T5939] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.358836][ T5943] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 47.368412][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.371130][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.382135][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.389412][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.410066][ T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.412671][ T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.421365][ T6002] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4'. [ 47.424646][ T6002] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4'. [ 47.433249][ T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.435504][ T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.476180][ T6007] netlink: 'syz.3.5': attribute type 25 has an invalid length. [ 47.478405][ T6007] netlink: 'syz.3.5': attribute type 1 has an invalid length. [ 47.481130][ T6007] bridge0: port 1(bridge_slave_0) entered learning state [ 47.505898][ T6013] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 47.817508][ T5941] Bluetooth: hci0: Malformed LE Event: 0x1b [ 47.888000][ T6044] evm: overlay not supported [ 47.919919][ T5980] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 48.099601][ T5980] usb 5-1: Using ep0 maxpacket: 32 [ 48.104382][ T5980] usb 5-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 48.107273][ T5980] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 48.111839][ T5980] usb 5-1: config 0 descriptor?? [ 48.117790][ T5980] as10x_usb: device has been detected [ 48.120808][ T5980] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 48.128551][ T5980] usb 5-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 48.141693][ T5980] as10x_usb: error during firmware upload part1 [ 48.143735][ T5980] Registered device nBox DVB-T Dongle [ 48.325382][ T8] usb 5-1: USB disconnect, device number 2 [ 48.342399][ T8] Unregistered device nBox DVB-T Dongle [ 48.344490][ T8] as10x_usb: device has been disconnected [ 48.925603][ T6075] vxcan0: tx drop: invalid sa for name 0x0000000000000001 [ 48.992380][ T6081] process 'syz.0.32' launched './file1' with NULL argv: empty string added [ 49.169589][ T5941] Bluetooth: hci2: command tx timeout [ 49.171710][ T5941] Bluetooth: hci0: command tx timeout [ 49.173747][ T5941] Bluetooth: hci1: command tx timeout [ 49.180012][ T5949] Bluetooth: hci3: command tx timeout [ 49.768392][ T6108] trusted_key: syz.3.42 sent an empty control message without MSG_MORE. [ 49.779303][ T6114] Zero length message leads to an empty skb [ 50.140335][ T30] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 50.449775][ T72] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 50.453463][ T63] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 50.820653][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 51.182630][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 51.249668][ T5941] Bluetooth: hci3: command tx timeout [ 51.259644][ T5941] Bluetooth: hci1: command tx timeout [ 51.259777][ T5950] Bluetooth: hci0: command tx timeout [ 51.327125][ T6219] netlink: 12 bytes leftover after parsing attributes in process `syz.0.66'. [ 51.331149][ T831] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 51.377960][ T6222] netlink: 4 bytes leftover after parsing attributes in process `syz.2.67'. [ 51.420130][ T5999] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 51.489019][ T6226] syz.0.69[6226] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 51.489100][ T6226] syz.0.69[6226] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 51.493879][ T6226] syz.0.69[6226] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 51.494376][ T30] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 51.518998][ T6226] TCP: request_sock_TCPv6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 51.954976][ T39] audit: type=1326 audit(1736365706.547:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6240 comm="syz.0.76" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fe6579 code=0x0 [ 52.012817][ T6242] Cannot find del_set index 4 as target [ 52.140465][ C0] Illegal XDP return value 16128 on prog (id 8) dev hsr_slave_1, expect packet loss! [ 52.459603][ T5950] Bluetooth: hci2: command tx timeout [ 52.533049][ T63] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 52.621233][ T6248] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 52.850723][ T75] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 52.933463][ T5949] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 52.933681][ T5950] Bluetooth: hci4: command 0x1003 tx timeout [ 53.243788][ T6271] netlink: 8 bytes leftover after parsing attributes in process `syz.1.89'. [ 53.247513][ T6271] netlink: 8 bytes leftover after parsing attributes in process `syz.1.89'. [ 53.329639][ T5949] Bluetooth: hci0: command tx timeout [ 53.329787][ T5950] Bluetooth: hci1: command tx timeout [ 53.330115][ T5941] Bluetooth: hci3: command tx timeout [ 53.979711][ T831] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 54.129656][ T831] usb 6-1: Using ep0 maxpacket: 8 [ 54.135734][ T831] usb 6-1: config 0 has an invalid interface number: 55 but max is 0 [ 54.138864][ T831] usb 6-1: config 0 has no interface number 0 [ 54.140915][ T831] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 54.144530][ T831] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 54.147932][ T831] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 54.155238][ T831] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 54.158956][ T831] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 54.161661][ T831] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 54.165826][ T831] usb 6-1: config 0 descriptor?? [ 54.170070][ T831] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 54.304188][ T6317] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3738224872 (478492783616 ns) > initial count (91121186304 ns). Using initial count to start timer. [ 54.316199][ T6317] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 54.502866][ T6337] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 54.505235][ T6337] overlayfs: failed to set xattr on upper [ 54.507077][ T6337] overlayfs: ...falling back to redirect_dir=nofollow. [ 54.509027][ T6337] overlayfs: ...falling back to index=off. [ 54.511400][ T6337] overlayfs: ...falling back to uuid=null. [ 54.513709][ T6337] overlayfs: maximum fs stacking depth exceeded [ 54.536774][ T6342] bond0: up delay (5) is not a multiple of miimon (4), value rounded to 4 ms [ 54.543996][ T6342] netlink: 'syz.2.117': attribute type 10 has an invalid length. [ 54.548349][ T6342] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.551111][ T6342] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.557395][ T6342] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.560032][ T6342] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.563119][ T6342] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.565366][ T6342] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.570045][ T6342] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 54.610743][ T75] bond0: (slave bridge0): link status definitely up, 0 Mbps full duplex [ 54.909578][ T6000] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 54.969646][ T1459] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 55.071429][ T6000] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 55.074600][ T6000] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 55.077534][ T6000] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 55.080312][ T6000] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 55.083484][ T6000] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 55.088902][ T6000] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 55.091617][ T6000] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 55.094491][ T6000] usb 5-1: Product: syz [ 55.095724][ T6000] usb 5-1: Manufacturer: syz [ 55.100756][ T6000] cdc_wdm 5-1:1.0: skipping garbage [ 55.102243][ T6000] cdc_wdm 5-1:1.0: skipping garbage [ 55.105759][ T6000] cdc_wdm 5-1:1.0: cdc-wdm1: USB WDM device [ 55.107514][ T6000] cdc_wdm 5-1:1.0: Unknown control protocol [ 55.130217][ T1459] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 55.133617][ T1459] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 55.136928][ T1459] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 55.141048][ T1459] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 55.144781][ T1459] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 55.147319][ T1459] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.152043][ T1459] usb 8-1: config 0 descriptor?? [ 55.154107][ T6356] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 55.327310][ T6349] net_ratelimit: 5 callbacks suppressed [ 55.327322][ T6349] Set syz1 is full, maxelem 65536 reached [ 55.364339][ T831] usb 5-1: USB disconnect, device number 3 [ 55.419220][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 55.422688][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 55.425878][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 55.428198][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 55.432557][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 55.435199][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 55.437953][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 55.445190][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 55.448672][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 55.564903][ T1459] plantronics 0003:047F:FFFF.0002: unknown main item tag 0xd [ 55.570227][ T1459] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 55.629216][ T6363] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 56.456798][ T35] usb 6-1: USB disconnect, device number 2 [ 56.460992][ T1459] plantronics 0003:047F:FFFF.0002: hiddev1,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 56.466257][ T1459] usb 8-1: USB disconnect, device number 2 [ 56.473054][ T35] ldusb 6-1:0.55: LD USB Device #0 now disconnected [ 56.504134][ T6375] syz.3.130 uses obsolete (PF_INET,SOCK_PACKET) [ 56.508686][ T6375] warning: `syz.3.130' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 57.001257][ T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.003971][ T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.320782][ T6406] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 57.322998][ T6406] overlayfs: failed to set xattr on upper [ 57.324630][ T6406] overlayfs: ...falling back to redirect_dir=nofollow. [ 57.326648][ T6406] overlayfs: ...falling back to index=off. [ 57.328321][ T6406] overlayfs: ...falling back to uuid=null. [ 57.333648][ T6406] overlayfs: NFS export requires "index=on", falling back to nfs_export=off. [ 58.586474][ T6467] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 58.861124][ T1180] Bluetooth: (null): Invalid header checksum [ 58.863831][ T1180] Bluetooth: (null): Invalid header checksum [ 58.869066][ T6480] ======================================================= [ 58.869066][ T6480] WARNING: The mand mount option has been deprecated and [ 58.869066][ T6480] and is ignored by this kernel. Remove the mand [ 58.869066][ T6480] option from the mount to silence this warning. [ 58.869066][ T6480] ======================================================= [ 59.251145][ T75] wlan1: Trigger new scan to find an IBSS to join [ 59.649608][ T5950] Bluetooth: hci3: command tx timeout [ 59.731480][ T6545] syz.3.196[6545] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 59.731544][ T6545] syz.3.196[6545] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 59.734769][ T6545] syz.3.196[6545] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 59.741397][ T6545] netlink: 'syz.3.196': attribute type 10 has an invalid length. [ 59.755173][ T6545] team0: Device ipvlan1 failed to register rx_handler [ 59.830947][ T6551] syz.3.199[6551] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 59.831053][ T6551] syz.3.199[6551] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 59.835397][ T6551] syz.3.199[6551] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 60.044004][ T6565] input: syz1 as /devices/virtual/input/input6 [ 60.529674][ C1] net_ratelimit: 257 callbacks suppressed [ 60.529685][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 60.856696][ T30] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 61.220164][ T6618] input: syz0 as /devices/virtual/input/input7 [ 61.327516][ T6628] netlink: 'syz.2.230': attribute type 10 has an invalid length. [ 61.332170][ T6628] syz_tun: entered promiscuous mode [ 61.337295][ T6628] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 61.360117][ T1180] bond0: (slave syz_tun): link status definitely up, 10000 Mbps full duplex [ 61.489178][ T5950] Bluetooth: hci1: Malformed LE Event: 0x0d [ 61.626549][ T6652] netlink: 'syz.1.240': attribute type 2 has an invalid length. [ 61.701632][ T6661] syz_tun: entered allmulticast mode [ 61.704869][ T6659] syz_tun: left allmulticast mode [ 61.733659][ T6664] input: syz0 as /devices/virtual/input/input8 [ 61.811091][ C1] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.856086][ T6679] capability: warning: `syz.1.252' uses 32-bit capabilities (legacy support in use) [ 61.903631][ T6145] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 61.912089][ T6685] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 61.914640][ C3] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 61.917574][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 61.922902][ T6685] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 61.940649][ T6685] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 62.096222][ T6695] input: syz1 as /devices/virtual/input/input9 [ 62.219582][ T11] wlan1: Trigger new scan to find an IBSS to join [ 62.289662][ T72] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 62.538200][ T6714] random: crng reseeded on system resumption [ 62.629090][ T6718] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 62.901155][ T6729] syzkaller0: entered promiscuous mode [ 62.903369][ T6729] syzkaller0: entered allmulticast mode [ 62.945201][ T6145] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 63.554078][ T5941] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 64.330589][ T1459] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 64.479555][ T1459] usb 6-1: Using ep0 maxpacket: 8 [ 64.482625][ T1459] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 64.486487][ T1459] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 64.488998][ T1459] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.492529][ T1459] usb 6-1: config 0 descriptor?? [ 64.704972][ T1459] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 64.770583][ T5941] Bluetooth: hci4: command 0x1003 tx timeout [ 64.772559][ T5950] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 65.110401][ T1459] usb 6-1: USB disconnect, device number 3 [ 65.112703][ C3] iowarrior 6-1:0.0: iowarrior_callback - usb_submit_urb failed with result -19 [ 65.169710][ T11] wlan1: Creating new IBSS network, BSSID 3a:ba:71:3c:2d:1e [ 65.569600][ T5950] Bluetooth: hci5: command 0x1003 tx timeout [ 65.573004][ T5949] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 65.790851][ T6775] input: syz0 as /devices/virtual/input/input10 [ 66.052439][ T6145] net_ratelimit: 3 callbacks suppressed [ 66.052450][ T6145] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 66.787775][ T6820] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 66.791624][ T6820] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 66.795155][ T6820] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 66.798195][ T6820] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 66.803038][ T6820] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 66.805939][ T6820] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 66.808972][ T6820] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 66.812202][ T6820] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 66.815589][ T6820] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 67.983032][ T6853] overlayfs: invalid redirect ((null)) [ 68.270035][ T6854] syz.0.322 (6854) used greatest stack depth: 20960 bytes left [ 68.340952][ T6872] netlink: 8 bytes leftover after parsing attributes in process `syz.0.330'. [ 68.400450][ T6878] netfs: Couldn't get user pages (rc=-14) [ 68.426342][ T6880] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 68.729584][ T63] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 68.889642][ T63] usb 5-1: Using ep0 maxpacket: 16 [ 68.905152][ T63] usb 5-1: config 0 has no interfaces? [ 68.908634][ T63] usb 5-1: New USB device found, idVendor=0bfd, idProduct=0106, bcdDevice=ec.89 [ 68.912062][ T63] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 68.915141][ T63] usb 5-1: Product: syz [ 68.917665][ T63] usb 5-1: Manufacturer: syz [ 68.919558][ T63] usb 5-1: SerialNumber: syz [ 68.923412][ T63] usb 5-1: config 0 descriptor?? [ 69.147973][ T832] usb 5-1: USB disconnect, device number 4 [ 69.198949][ T6915] 9pnet: p9_errstr2errno: server reported unknown error [ 69.882218][ T39] audit: type=1326 audit(1736365724.477:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6972 comm="syz.2.365" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x0 [ 70.155481][ T6997] netlink: 12 bytes leftover after parsing attributes in process `syz.1.374'. [ 70.772150][ T1413] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.774745][ T1413] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.028138][ T7036] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.125173][ T7036] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.212504][ T7036] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.252489][ T30] net_ratelimit: 2013 callbacks suppressed [ 71.252499][ T30] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 71.272702][ T7036] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.348959][ T7036] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.372470][ T7036] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.378107][ T7036] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.383854][ T7036] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.442034][ T7072] netfs: Couldn't get user pages (rc=-14) [ 71.628065][ T7087] input: syz0 as /devices/virtual/input/input11 [ 71.641596][ T7091] netlink: 8 bytes leftover after parsing attributes in process `syz.0.414'. [ 71.644202][ T7091] netlink: 12 bytes leftover after parsing attributes in process `syz.0.414'. [ 71.682694][ T7093] overlayfs: upper fs does not support tmpfile. [ 71.729690][ T7100] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 71.924411][ T7112] netlink: 'syz.1.423': attribute type 1 has an invalid length. [ 71.927346][ T7112] netlink: 224 bytes leftover after parsing attributes in process `syz.1.423'. [ 71.966901][ T7115] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 72.302619][ T6145] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 72.533214][ T72] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 72.983767][ T7150] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.990527][ T7150] bond0: (slave rose0): Enslaving as an active interface with an up link [ 73.082861][ T39] audit: type=1326 audit(1736365727.677:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7133 comm="syz.1.431" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7fc00000 [ 73.222288][ T7178] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 73.227638][ T7178] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 73.233706][ T7178] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 73.242457][ T7177] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 73.246792][ T7177] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 73.318602][ T5950] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 73.327374][ T5950] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 73.334193][ T63] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 73.336827][ T5950] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 73.340051][ T5950] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 73.342548][ T5950] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 73.344843][ T5950] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 73.440577][ T7186] chnl_net:caif_netlink_parms(): no params data found [ 73.501994][ T7186] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.504247][ T7186] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.506386][ T7186] bridge_slave_0: entered allmulticast mode [ 73.508535][ T7186] bridge_slave_0: entered promiscuous mode [ 73.512158][ T7186] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.514368][ T7186] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.516541][ T7186] bridge_slave_1: entered allmulticast mode [ 73.518791][ T7186] bridge_slave_1: entered promiscuous mode [ 73.550730][ T7186] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.556919][ T7186] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.592047][ T7186] team0: Port device team_slave_0 added [ 73.597109][ T7186] team0: Port device team_slave_1 added [ 73.628422][ T7186] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.630652][ T7186] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.638957][ T7186] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.643506][ T7186] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.645623][ T7186] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.653344][ T7186] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.684535][ T7186] hsr_slave_0: entered promiscuous mode [ 73.686749][ T7186] hsr_slave_1: entered promiscuous mode [ 73.688878][ T7186] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 73.691348][ T7186] Cannot create hsr debugfs directory [ 73.758061][ T7186] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.848094][ T7186] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.925585][ T7186] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.970390][ T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 74.066148][ T7186] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.156576][ T7186] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 74.160137][ T7186] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 74.163295][ T7186] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 74.166609][ T7186] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 74.175593][ T7186] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.178555][ T7186] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.181160][ T7186] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.183222][ T7186] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.207909][ T7186] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.215777][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.219207][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.235026][ T7186] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.241017][ T1180] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.243093][ T1180] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.247387][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.249578][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.345994][ T7186] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.368306][ T7186] veth0_vlan: entered promiscuous mode [ 74.376364][ T7186] veth1_vlan: entered promiscuous mode [ 74.392785][ T7186] veth0_macvtap: entered promiscuous mode [ 74.397498][ T7186] veth1_macvtap: entered promiscuous mode [ 74.410718][ T7186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.414413][ T7186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.418383][ T7186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.422688][ T7186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.425668][ T7186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.428810][ T7186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.432427][ T7186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.435521][ T7186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.439569][ T7186] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.445755][ T7186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.448719][ T7186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.452524][ T7186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.455997][ T7186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.458765][ T7186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.462025][ T7186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.464908][ T7186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.467857][ T7186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.472495][ T7186] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.477756][ T7186] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.480386][ T7186] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.482883][ T7186] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.485489][ T7186] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.512740][ T1180] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.515899][ T1180] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.523636][ T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.526843][ T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.198962][ C3] Unknown status report in ack skb [ 75.399705][ T8] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 75.419891][ T5949] Bluetooth: hci2: command tx timeout [ 75.552641][ T8] usb 7-1: config 0 has an invalid interface number: 84 but max is 0 [ 75.555008][ T8] usb 7-1: config 0 has no interface number 0 [ 75.558245][ T8] usb 7-1: New USB device found, idVendor=8086, idProduct=0b63, bcdDevice=ca.f3 [ 75.561052][ T8] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 75.563372][ T8] usb 7-1: Product: syz [ 75.564607][ T8] usb 7-1: Manufacturer: syz [ 75.565968][ T8] usb 7-1: SerialNumber: syz [ 75.571775][ T8] usb 7-1: config 0 descriptor?? [ 75.574425][ T8] ljca 7-1:0.84: bulk endpoints not found [ 75.786739][ T57] usb 7-1: USB disconnect, device number 2 [ 76.465202][ T30] net_ratelimit: 5 callbacks suppressed [ 76.465213][ T30] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 76.534311][ T831] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 76.987689][ T7319] netfs: Couldn't get user pages (rc=-14) [ 77.489659][ T5949] Bluetooth: hci2: command tx timeout [ 77.497740][ T6145] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 77.659643][ T831] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 77.826274][ T5950] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 77.829720][ T5950] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 77.832833][ T5950] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.835155][ T5950] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.838341][ T5950] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 77.840707][ T5950] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.935271][ T7381] chnl_net:caif_netlink_parms(): no params data found [ 77.977304][ T7381] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.980572][ T7381] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.983059][ T7381] bridge_slave_0: entered allmulticast mode [ 77.986132][ T7381] bridge_slave_0: entered promiscuous mode [ 77.990013][ T7381] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.992857][ T7381] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.995207][ T7381] bridge_slave_1: entered allmulticast mode [ 77.997389][ T7381] bridge_slave_1: entered promiscuous mode [ 78.023645][ T7381] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.029875][ T7381] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.064666][ T7381] team0: Port device team_slave_0 added [ 78.082089][ T7399] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.097403][ T7381] team0: Port device team_slave_1 added [ 78.099602][ T5981] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 78.126855][ T7381] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.129102][ T7381] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.138588][ T7381] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.144838][ T7381] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.147603][ T7381] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.158382][ T7381] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.182188][ T7381] hsr_slave_0: entered promiscuous mode [ 78.184401][ T7381] hsr_slave_1: entered promiscuous mode [ 78.186441][ T7381] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.188678][ T7381] Cannot create hsr debugfs directory [ 78.231087][ T7405] Bluetooth: MGMT ver 1.23 [ 78.268060][ T39] audit: type=1800 audit(1736365732.857:5): pid=7407 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.529" name="file0" dev="9p" ino=38535713 res=0 errno=0 [ 78.272184][ T7381] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 78.280443][ T7381] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 78.280878][ T5981] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 78.285199][ T5981] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 78.286482][ T7381] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 78.288053][ T5981] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 78.292744][ T5981] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 78.294135][ T7381] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 78.295898][ T5981] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 78.305591][ T5981] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 78.308154][ T5981] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 78.310658][ T5981] usb 6-1: Product: syz [ 78.311873][ T7381] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.311918][ T7381] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.313973][ T5981] usb 6-1: Manufacturer: syz [ 78.316068][ T7381] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.319380][ T7381] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.321045][ T5981] cdc_wdm 6-1:1.0: skipping garbage [ 78.323008][ T5981] cdc_wdm 6-1:1.0: skipping garbage [ 78.325192][ T5981] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 78.327240][ T5981] cdc_wdm 6-1:1.0: Unknown control protocol [ 78.344933][ T7381] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.354654][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.358868][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.371088][ T7381] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.376430][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.378639][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.389433][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.391690][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.472989][ T7381] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.552960][ T7241] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 78.570647][ T7425] netlink: 4 bytes leftover after parsing attributes in process `syz.2.533'. [ 78.576018][ T7381] veth0_vlan: entered promiscuous mode [ 78.577997][ T7425] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 78.581897][ T7425] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 78.585052][ T7425] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 78.587239][ T7425] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 78.603695][ T7381] veth1_vlan: entered promiscuous mode [ 78.618281][ T7381] veth0_macvtap: entered promiscuous mode [ 78.622679][ T7381] veth1_macvtap: entered promiscuous mode [ 78.622741][ T5950] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 78.626254][ T8] usb 6-1: USB disconnect, device number 4 [ 78.627764][ C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 78.629324][ T7381] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.631862][ C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 78.631873][ C2] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 78.634290][ T5950] Bluetooth: hci1: Injecting HCI hardware error event [ 78.635060][ T7381] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.638047][ T5950] Bluetooth: hci1: hardware error 0x00 [ 78.646193][ T7381] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.652056][ T7381] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.654835][ T7381] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.657869][ T7381] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.661245][ T7381] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.664795][ T7381] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.671619][ T7381] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.678049][ T7381] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.682412][ T7381] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.685547][ T7381] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.688706][ T7381] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.693525][ T7381] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.697389][ T7381] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.700241][ T7381] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.703146][ T7381] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.708851][ T7381] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.713386][ T7381] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.716107][ T7381] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.718641][ T7381] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.721189][ T7381] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.749317][ T1134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.751911][ T1134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.761809][ T1180] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.768776][ T1180] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.781544][ T7399] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.873453][ T7399] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.944206][ T7399] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.969650][ T7438] nbd2: detected capacity change from 0 to 12 [ 78.974713][ T5942] block nbd2: Send control failed (result -89) [ 78.976720][ T5942] block nbd2: Request send failed, requeueing [ 78.979564][ T5949] block nbd2: Receive control failed (result -32) [ 78.981172][ T1160] block nbd2: Dead connection, failed to find a fallback [ 78.985530][ T1160] block nbd2: shutting down sockets [ 78.987804][ T1160] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 78.992173][ T1160] Buffer I/O error on dev nbd2, logical block 0, async page read [ 78.995413][ T5942] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 78.998027][ T5942] Buffer I/O error on dev nbd2, logical block 0, async page read [ 79.002542][ T5942] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 79.006243][ T5942] Buffer I/O error on dev nbd2, logical block 0, async page read [ 79.010857][ T5942] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 79.014116][ T5942] Buffer I/O error on dev nbd2, logical block 0, async page read [ 79.016280][ T5942] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 79.019274][ T5942] Buffer I/O error on dev nbd2, logical block 0, async page read [ 79.023608][ T5942] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 79.026249][ T5942] Buffer I/O error on dev nbd2, logical block 0, async page read [ 79.031369][ T36] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 79.035165][ T36] Buffer I/O error on dev nbd2, logical block 0, async page read [ 79.040680][ T5942] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 79.044087][ T5942] Buffer I/O error on dev nbd2, logical block 0, async page read [ 79.047092][ T5942] ldm_validate_partition_table(): Disk read failed. [ 79.050011][ T5942] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 79.052063][ T7399] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.053439][ T5942] Buffer I/O error on dev nbd2, logical block 0, async page read [ 79.060951][ T5942] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 79.063540][ T7399] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.064320][ T5942] Buffer I/O error on dev nbd2, logical block 0, async page read [ 79.070804][ T5942] Dev nbd2: unable to read RDB block 0 [ 79.073103][ T5942] nbd2: unable to read partition table [ 79.075434][ T5942] nbd2: partition table beyond EOD, truncated [ 79.076705][ T7399] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.080348][ T7438] ldm_validate_partition_table(): Disk read failed. [ 79.084656][ T7438] Dev nbd2: unable to read RDB block 0 [ 79.085791][ T7399] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.086991][ T7438] nbd2: unable to read partition table [ 79.092064][ T7438] nbd2: partition table beyond EOD, truncated [ 79.095414][ T5942] ldm_validate_partition_table(): Disk read failed. [ 79.098184][ T5942] Dev nbd2: unable to read RDB block 0 [ 79.100705][ T5942] nbd2: unable to read partition table [ 79.102922][ T5942] nbd2: partition table beyond EOD, truncated [ 79.151944][ T7441] netlink: 8 bytes leftover after parsing attributes in process `syz.2.538'. [ 79.156568][ T7441] netlink: 8 bytes leftover after parsing attributes in process `syz.2.538'. [ 79.579567][ T5949] Bluetooth: hci2: command tx timeout [ 79.582607][ T7241] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 79.890278][ T5949] Bluetooth: hci3: command tx timeout [ 80.528878][ T7454] Set syz1 is full, maxelem 65536 reached [ 80.612914][ T7241] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 80.689627][ T5950] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 80.691818][ T5999] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 80.751498][ T7466] block device autoloading is deprecated and will be removed. [ 80.810070][ T7471] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 81.023332][ T9] cfg80211: failed to load regulatory.db [ 81.549650][ T5981] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 81.650711][ T5950] Bluetooth: hci2: command tx timeout [ 81.652891][ T63] net_ratelimit: 2 callbacks suppressed [ 81.652901][ T63] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 81.656061][ T7471] syz.2.548 (7471) used greatest stack depth: 19824 bytes left [ 81.699864][ T5981] usb 5-1: Using ep0 maxpacket: 8 [ 81.703335][ T5981] usb 5-1: config 0 has an invalid interface number: 186 but max is 0 [ 81.705684][ T5981] usb 5-1: config 0 has no interface number 0 [ 81.707476][ T5981] usb 5-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 81.710791][ T5981] usb 5-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 81.714447][ T5981] usb 5-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 81.717540][ T5981] usb 5-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 81.722918][ T5981] usb 5-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 81.725489][ T5981] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 81.727699][ T5981] usb 5-1: Product: syz [ 81.728908][ T5981] usb 5-1: Manufacturer: syz [ 81.730506][ T5981] usb 5-1: SerialNumber: syz [ 81.732876][ T5981] usb 5-1: config 0 descriptor?? [ 81.943992][ T5981] iowarrior 5-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0 [ 81.969569][ T5950] Bluetooth: hci3: command tx timeout [ 82.133021][ T7522] loop7: detected capacity change from 0 to 16384 [ 82.256166][ T57] usb 5-1: USB disconnect, device number 5 [ 82.329762][ T7523] loop7: detected capacity change from 16384 to 16383 [ 82.364488][ T7523] ldm_validate_partition_table(): Disk read failed. [ 82.366861][ T7523] Dev loop7: unable to read RDB block 0 [ 82.369434][ T7523] loop7: unable to read partition table [ 82.371748][ T7523] loop_reread_partitions: partition scan of loop7 (R%0T$7)]W?18;9C?-z׌ 97d) failed (rc=-5) [ 82.660044][ T7542] netlink: 112 bytes leftover after parsing attributes in process `syz.2.576'. [ 82.689822][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 82.693302][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 82.696611][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 82.699569][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 82.703013][ T7546] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 82.706126][ T7546] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 82.709304][ T7546] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 82.712919][ T7546] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 82.716503][ T7546] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 83.094637][ T39] audit: type=1800 audit(1736365737.687:6): pid=7562 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.584" name="file0" dev="overlay" ino=96 res=0 errno=0 [ 83.347802][ T7575] syz.0.589[7575] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 83.347851][ T7575] syz.0.589[7575] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 83.351577][ T7575] syz.0.589[7575] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 83.359113][ T7575] syz.0.589[7575] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 83.362682][ T7575] syz.0.589[7575] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 83.366447][ T7575] syz.0.589[7575] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 83.429642][ T9] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 83.581265][ T9] usb 9-1: config index 0 descriptor too short (expected 23569, got 27) [ 83.584569][ T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 83.589398][ T9] usb 9-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 83.593191][ T9] usb 9-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 83.596289][ T9] usb 9-1: Manufacturer: syz [ 83.599632][ T9] usb 9-1: config 0 descriptor?? [ 83.649960][ T9] rc_core: IR keymap rc-hauppauge not found [ 83.652242][ T9] Registered IR keymap rc-empty [ 83.655381][ T9] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/rc/rc0 [ 83.658761][ T9] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/rc/rc0/input12 [ 83.816744][ T831] usb 9-1: USB disconnect, device number 2 [ 83.899793][ T7587] block device autoloading is deprecated and will be removed. [ 84.049609][ T5950] Bluetooth: hci3: command tx timeout [ 84.125507][ T7597] netlink: 4 bytes leftover after parsing attributes in process `syz.2.596'. [ 84.370751][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 84.378865][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 84.554834][ T7611] fuse: root generation should be zero [ 84.582280][ T7625] binder: 7624:7625 ioctl c0306201 20000580 returned -14 [ 84.584807][ T7625] binder: 7624:7625 ioctl c0306201 0 returned -14 [ 84.635431][ T7631] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 84.678531][ T7634] 9pnet_fd: Insufficient options for proto=fd [ 84.780667][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 84.783752][ T7646] netlink: 4 bytes leftover after parsing attributes in process `syz.2.616'. [ 84.852949][ T7649] block nbd0: shutting down sockets [ 84.972118][ T7655] erofs (device erofs): cannot read erofs superblock [ 85.859411][ T7699] netlink: 24 bytes leftover after parsing attributes in process `syz.4.632'. [ 86.039791][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 86.129693][ T5950] Bluetooth: hci3: command tx timeout [ 86.449575][ T9] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 86.623093][ T9] usb 7-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 86.626782][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.630021][ T9] usb 7-1: Product: syz [ 86.631235][ T9] usb 7-1: Manufacturer: syz [ 86.632576][ T9] usb 7-1: SerialNumber: syz [ 86.635851][ T9] usb 7-1: config 0 descriptor?? [ 86.847425][ T57] usb 7-1: USB disconnect, device number 3 [ 86.856162][ T6145] net_ratelimit: 10 callbacks suppressed [ 86.856177][ T6145] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 86.931806][ T7742] netlink: 24 bytes leftover after parsing attributes in process `syz.0.644'. [ 87.129800][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 87.133420][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 87.191072][ T7758] netlink: 12 bytes leftover after parsing attributes in process `syz.1.649'. [ 87.194009][ T7758] netlink: 'syz.1.649': attribute type 25 has an invalid length. [ 87.208017][ T7758] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 87.211921][ T7758] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 87.215495][ T7758] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 87.219124][ T7758] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 87.404116][ T7762] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.488337][ T7762] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.541637][ T7762] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.664120][ T7762] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.764624][ T7762] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.770775][ T7762] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.778211][ T7762] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.788167][ T7762] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.890094][ T72] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 87.905513][ T6145] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 88.702286][ T7815] loop6: detected capacity change from 0 to 524287999 [ 88.934348][ T7241] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 88.999686][ T72] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 89.002070][ T831] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 89.149771][ T72] usb 7-1: Using ep0 maxpacket: 8 [ 89.159085][ T831] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 89.163873][ T831] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 89.168217][ T831] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 89.173553][ T831] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 89.179027][ T831] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 89.182764][ T72] usb 7-1: config 0 has no interfaces? [ 89.184863][ T72] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 89.187452][ T72] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.189797][ T831] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.193936][ T72] usb 7-1: config 0 descriptor?? [ 89.197600][ T831] usb 9-1: config 0 descriptor?? [ 89.407661][ T57] usb 7-1: USB disconnect, device number 4 [ 89.569132][ T7850] netlink: 'syz.1.683': attribute type 1 has an invalid length. [ 89.615578][ T831] plantronics 0003:047F:FFFF.0003: ignoring exceeding usage max [ 89.618896][ T831] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 89.624966][ T831] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 89.909755][ T57] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 89.972583][ T7241] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 90.059570][ T57] usb 6-1: Using ep0 maxpacket: 8 [ 90.064085][ T57] usb 6-1: config 0 has an invalid interface number: 186 but max is 0 [ 90.067444][ T57] usb 6-1: config 0 has no interface number 0 [ 90.070060][ T57] usb 6-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 90.074149][ T57] usb 6-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 90.078563][ T57] usb 6-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 90.082718][ T57] usb 6-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 90.090785][ T57] usb 6-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 90.094365][ T57] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.097495][ T57] usb 6-1: Product: syz [ 90.099178][ T57] usb 6-1: Manufacturer: syz [ 90.101047][ T57] usb 6-1: SerialNumber: syz [ 90.105247][ T57] usb 6-1: config 0 descriptor?? [ 90.317295][ T57] iowarrior 6-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior1 [ 90.480452][ T6145] usb 9-1: USB disconnect, device number 3 [ 90.525224][ T57] usb 6-1: USB disconnect, device number 5 [ 90.551116][ T7866] Set syz1 is full, maxelem 65536 reached [ 90.750377][ T7877] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 90.754866][ T7877] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 90.758102][ T7877] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 90.761876][ T7877] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 90.806108][ T7879] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 90.930862][ T39] audit: type=1326 audit(1736365745.527:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7884 comm="syz.2.696" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x0 [ 91.093556][ T7890] netfs: Couldn't get user pages (rc=-14) [ 91.268780][ T7899] sctp: [Deprecated]: syz.4.703 (pid 7899) Use of int in max_burst socket option deprecated. [ 91.268780][ T7899] Use struct sctp_assoc_value instead [ 91.596139][ T7915] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 91.682359][ T7883] overlayfs: statfs failed on './file0' [ 91.705611][ T7920] netlink: 2036 bytes leftover after parsing attributes in process `syz.4.710'. [ 91.708552][ T7920] netlink: 24 bytes leftover after parsing attributes in process `syz.4.710'. [ 92.053597][ T6145] net_ratelimit: 6 callbacks suppressed [ 92.053609][ T6145] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 92.058124][ T5939] bond0: (slave syz_tun): Releasing backup interface [ 92.131914][ T1054] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.224315][ T1054] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.299206][ T5949] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 92.303848][ T5949] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 92.306681][ T5949] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 92.312286][ T5949] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 92.315997][ T5949] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 92.318227][ T5949] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 92.325544][ T1054] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.399199][ T7938] chnl_net:caif_netlink_parms(): no params data found [ 92.420801][ T1054] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.467386][ T7938] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.469526][ T7938] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.471617][ T7938] bridge_slave_0: entered allmulticast mode [ 92.473789][ T7938] bridge_slave_0: entered promiscuous mode [ 92.478896][ T7938] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.481114][ T7938] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.483582][ T7938] bridge_slave_1: entered allmulticast mode [ 92.485882][ T7938] bridge_slave_1: entered promiscuous mode [ 92.526189][ T7938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.538758][ T7938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.592189][ T7938] team0: Port device team_slave_0 added [ 92.600322][ T7938] team0: Port device team_slave_1 added [ 92.618607][ T1054] bridge_slave_1: left allmulticast mode [ 92.624012][ T1054] bridge_slave_1: left promiscuous mode [ 92.627522][ T1054] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.637840][ T1054] bridge_slave_0: left allmulticast mode [ 92.640512][ T1054] bridge_slave_0: left promiscuous mode [ 92.642320][ T1054] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.649823][ T11] [ 92.650294][ T1054] BUG: spinlock bad magic on CPU#2, kworker/u32:5/1054 [ 92.650663][ T11] ============================= [ 92.650668][ T11] WARNING: suspicious RCU usage [ 92.650672][ T11] 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 Not tainted [ 92.653328][ T1054] Oops: general protection fault, probably for non-canonical address 0xe0001bffe00020b9: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 92.655427][ T11] ----------------------------- [ 92.655434][ T11] net/sched/sch_generic.c:1290 suspicious rcu_dereference_protected() usage! [ 92.658413][ T1054] KASAN: maybe wild-memory-access in range [0x0000ffff000105c8-0x0000ffff000105cf] [ 92.661125][ T11] [ 92.661125][ T11] other info that might help us debug this: [ 92.661125][ T11] [ 92.664699][ T1054] CPU: 2 UID: 0 PID: 1054 Comm: kworker/u32:5 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 92.666491][ T11] [ 92.666491][ T11] rcu_scheduler_active = 2, debug_locks = 1 [ 92.668760][ T1054] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 92.668771][ T1054] Workqueue: netns cleanup_net [ 92.672483][ T11] 8 locks held by kworker/u32:0/11: [ 92.676424][ T1054] [ 92.676434][ T1054] RIP: 0010:spin_bug+0x100/0x1d0 [ 92.680761][ T11] #0: [ 92.683922][ T1054] Code: 08 84 d2 0f 85 db 00 00 00 48 85 ed 44 8b 4b 08 74 7d 48 8d bd c8 05 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 04 3c 03 7e 68 44 8b 85 c8 05 00 00 48 8d 8d [ 92.688138][ T11] ffff888022582148 [ 92.690044][ T1054] RSP: 0018:ffffc900066c77e8 EFLAGS: 00010002 [ 92.690066][ T1054] RAX: dffffc0000000000 RBX: ffff888066880020 RCX: ffffffff8178e2a9 [ 92.690078][ T1054] RDX: 00001fffe00020b9 RSI: ffffffff81798a36 RDI: 0000ffff000105c8 [ 92.690089][ T1054] RBP: 0000ffff00010000 R08: 0000000000000005 R09: 0000000000000001 [ 92.690100][ T1054] R10: 0000000080000001 R11: 697073203a475542 R12: ffffffff8b4d3ae0 [ 92.690112][ T1054] R13: ffff888024c62440 R14: ffffc900066c7928 R15: 0000000000000001 [ 92.690123][ T1054] FS: 0000000000000000(0000) GS:ffff88802b600000(0000) knlGS:0000000000000000 [ 92.690154][ T1054] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 92.690168][ T1054] CR2: 00000000576ca4c0 CR3: 0000000077968000 CR4: 0000000000352ef0 [ 92.690179][ T1054] DR0: 0000000000000003 DR1: 0000000000000000 DR2: 0000000000000000 [ 92.690189][ T1054] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 92.692081][ T11] ((wq_completion)bond0 [ 92.693041][ T1054] Call Trace: [ 92.693050][ T1054] [ 92.695075][ T11] #3 [ 92.696139][ T1054] ? die_addr+0x3b/0xa0 [ 92.702966][ T11] ){+.+.}-{0:0} [ 92.704284][ T1054] ? exc_general_protection+0x155/0x230 [ 92.706626][ T11] , at: process_one_work+0x12cd/0x1b30 [ 92.709665][ T1054] ? asm_exc_general_protection+0x26/0x30 [ 92.709697][ T1054] ? __wake_up_klogd.part.0+0x99/0xf0 [ 92.709737][ T1054] ? vprintk+0x86/0xa0 [ 92.709759][ T1054] ? spin_bug+0x100/0x1d0 [ 92.709778][ T1054] ? spin_bug+0xb1/0x1d0 [ 92.709795][ T1054] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 92.709813][ T1054] do_raw_spin_lock+0x225/0x2c0 [ 92.709833][ T1054] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 92.709853][ T1054] ? down+0x2a/0xa0 [ 92.709874][ T1054] ? lock_acquire+0x2f/0xb0 [ 92.709889][ T1054] ? down+0x2a/0xa0 [ 92.709924][ T1054] _raw_spin_lock_irqsave+0x42/0x60 [ 92.709942][ T1054] ? down+0x2a/0xa0 [ 92.709962][ T1054] down+0x2a/0xa0 [ 92.709983][ T1054] ? lockdep_rtnl_is_held+0x26/0x40 [ 92.710001][ T1054] netpoll_poll_disable+0x79/0x110 [ 92.713100][ T11] #1: ffffc900001d7d80 [ 92.716226][ T1054] __dev_close_many+0xd9/0x310 [ 92.719198][ T11] ((work_completion)(&(&bond->mii_work)->work) [ 92.722326][ T1054] ? __pfx___dev_close_many+0x10/0x10 [ 92.722354][ T1054] dev_close_many+0x24c/0x6a0 [ 92.722372][ T1054] ? __pfx_dev_close_many+0x10/0x10 [ 92.722392][ T1054] unregister_netdevice_many_notify+0x489/0x1e60 [ 92.722421][ T1054] ? find_held_lock+0x2d/0x110 [ 92.726010][ T11] ){+.+.}-{0:0} [ 92.728587][ T1054] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 92.731863][ T11] , at: process_one_work+0x8bb/0x1b30 [ 92.734075][ T1054] ? mutex_is_locked+0x17/0x60 [ 92.736751][ T11] #2: [ 92.737975][ T1054] ? unregister_netdevice_queue+0x22f/0x3f0 [ 92.739123][ T11] ffffffff8ddbad40 [ 92.740013][ T1054] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 92.740042][ T1054] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 92.740063][ T1054] ? __pfx_nexthop_net_exit_batch_rtnl+0x10/0x10 [ 92.740077][ T1054] ? mutex_is_locked+0x17/0x60 [ 92.741102][ T11] ( [ 92.742336][ T1054] ? nexthop_net_exit_batch_rtnl+0x1c6/0x290 [ 92.743531][ T11] rcu_read_lock [ 92.745285][ T1054] cleanup_net+0x58c/0xbd0 [ 92.746939][ T11] ){....}-{1:3} [ 92.748623][ T1054] ? __pfx_cleanup_net+0x10/0x10 [ 92.750601][ T11] , at: bond_mii_monitor+0x140/0x2d90 [ 92.751737][ T1054] ? lock_acquire+0x2f/0xb0 [ 92.753365][ T11] #3: [ 92.754640][ T1054] ? process_one_work+0x8bb/0x1b30 [ 92.756242][ T11] ffffffff8dda8580 ( [ 92.757635][ T1054] process_one_work+0x958/0x1b30 [ 92.759138][ T11] console_lock){+.+.}-{0:0} [ 92.760254][ T1054] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 92.760274][ T1054] ? __pfx_process_one_work+0x10/0x10 [ 92.760288][ T1054] ? rcu_is_watching+0x12/0xc0 [ 92.760302][ T1054] ? assign_work+0x1a0/0x250 [ 92.760316][ T1054] worker_thread+0x6c8/0xf00 [ 92.761802][ T11] , at: vprintk+0x7f/0xa0 [ 92.762960][ T1054] ? __kthread_parkme+0x148/0x220 [ 92.764444][ T11] #4: ffffffff8dda85f0 [ 92.765626][ T1054] ? __pfx_worker_thread+0x10/0x10 [ 92.766659][ T11] (console_srcu){....}-{0:0} [ 92.768170][ T1054] kthread+0x2c1/0x3a0 [ 92.769644][ T11] , at: console_flush_all+0x159/0xc60 [ 92.770904][ T1054] ? _raw_spin_unlock_irq+0x23/0x50 [ 92.772284][ T11] #5: ffffffff8dcc8140 [ 92.774191][ T1054] ? __pfx_kthread+0x10/0x10 [ 92.775812][ T11] (console_owner [ 92.777221][ T1054] ret_from_fork+0x45/0x80 [ 92.778725][ T11] ){..-.}-{0:0} [ 92.780622][ T1054] ? __pfx_kthread+0x10/0x10 [ 92.780648][ T1054] ret_from_fork_asm+0x1a/0x30 [ 92.781999][ T11] , at: console_lock_spinning_enable+0x9f/0xd0 [ 92.783046][ T1054] [ 92.784935][ T11] #6: [ 92.786509][ T1054] Modules linked in: [ 92.787839][ T11] ffffffff8dcc8040 [ 92.788666][ T1054] ---[ end trace 0000000000000000 ]--- [ 92.790420][ T11] ( [ 92.791499][ T1054] RIP: 0010:spin_bug+0x100/0x1d0 [ 92.793214][ T11] printk_legacy_map-wait-type-override [ 92.795088][ T1054] Code: 08 84 d2 0f 85 db 00 00 00 48 85 ed 44 8b 4b 08 74 7d 48 8d bd c8 05 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 04 3c 03 7e 68 44 8b 85 c8 05 00 00 48 8d 8d [ 92.796873][ T11] ){....}-{4:4} [ 92.798260][ T1054] RSP: 0018:ffffc900066c77e8 EFLAGS: 00010002 [ 92.798959][ T11] , at: console_flush_all+0x7bd/0xc60 [ 92.800581][ T1054] [ 92.800588][ T1054] RAX: dffffc0000000000 RBX: ffff888066880020 RCX: ffffffff8178e2a9 [ 92.800600][ T1054] RDX: 00001fffe00020b9 RSI: ffffffff81798a36 RDI: 0000ffff000105c8 [ 92.800611][ T1054] RBP: 0000ffff00010000 R08: 0000000000000005 R09: 0000000000000001 [ 92.800622][ T1054] R10: 0000000080000001 R11: 697073203a475542 R12: ffffffff8b4d3ae0 [ 92.800633][ T1054] R13: ffff888024c62440 R14: ffffc900066c7928 R15: 0000000000000001 [ 92.800644][ T1054] FS: 0000000000000000(0000) GS:ffff88802b600000(0000) knlGS:0000000000000000 [ 92.801770][ T11] #7: ffffffff9a6681d8 [ 92.803112][ T1054] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 92.804094][ T11] (&port_lock_key [ 92.805636][ T1054] CR2: 00000000576ca4c0 CR3: 0000000077968000 CR4: 0000000000352ef0 [ 92.805645][ T1054] DR0: 0000000000000003 DR1: 0000000000000000 DR2: 0000000000000000 [ 92.805651][ T1054] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 92.805662][ T1054] Kernel panic - not syncing: Fatal exception [ 92.806283][ T1054] Kernel Offset: disabled VM DIAGNOSIS: 19:49:07 Registers: info registers vcpu 0 CPU#0 RAX=0000000000076c8c RBX=0000000000000000 RCX=ffffffff8b1a6899 RDX=ffffed1005686fee RSI=ffffffff8bb16fc0 RDI=ffffffff81702ec9 RBP=fffffbfff1b52ef8 RSP=ffffffff8da07e20 R8 =0000000000000000 R9 =ffffed1005686fed R10=ffff88802b437f6b R11=0000000000000000 R12=0000000000000000 R13=ffffffff8da977c0 R14=ffffffff901cead0 R15=0000000000000000 RIP=ffffffff8b1a7c7f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f71c0360 CR3=000000006ef2e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 EAX=f678cc78 EBX=ffffffff ECX=ffffffff EDX=81f27afb ESI=81f27afb EDI=ffffffff EBP=f678ca98 ESP=ffb2b2c0 EIP=f7124968 EFL=00000246 [---Z-P-] CPL=3 II=0 A20=1 SMM=0 HLT=0 ES =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0023 00000000 ffffffff 00c0fb00 DPL=3 CS32 [-RA] SS =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] DS =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 00000000 ffffffff 00c00000 GS =0063 56c39440 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 00000000 ffffffff 00c00000 TR =0040 0004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000030e1bff8 CR3=000000006994c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff85144a70 RDI=ffffffff9a668200 RBP=ffffffff9a6681c0 RSP=ffffc900066c7130 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3a474e494e524157 R12=0000000000000000 R13=0000000000000020 R14=fffffbfff34cd092 R15=dffffc0000000000 RIP=ffffffff85144a97 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000576ca4c0 CR3=0000000077968000 CR4=00352ef0 DR0=0000000000000003 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000080000003 RBX=000000000000004a RCX=ffffffff81794601 RDX=ffff88801cae2440 RSI=0000000000000000 RDI=0000000000000001 RBP=1ffff9200003aee7 RSP=ffffc900001d7720 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=3d3d3d3d3d3d3d3d R12=0000000000000001 R13=0000000000000200 R14=ffff888024c62440 R15=0000000000000001 RIP=ffffffff81995288 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c397ad9 CR3=000000006994e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000