last executing test programs: 3.900103637s ago: executing program 3 (id=2486): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='cubic', 0x6) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000002b00)=[{{0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f00000027c0)=';', 0x1}], 0x1}}], 0x1, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000240)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323456536005ad94a461cdbfee9bdb9423523598451d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) 3.899785122s ago: executing program 3 (id=2487): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = fsopen(0x0, 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xa, 0x4, 0x7fe2, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0x2000000000000111, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x40}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, 0x0) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, &(0x7f0000000140)='./file0\x00') r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSSOFTCAR(r7, 0x5453, 0x0) 3.429265968s ago: executing program 0 (id=2497): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socket$nl_xfrm(0x10, 0x3, 0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r3}, 0x18) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18) bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4002, 0x5}, 0x48) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) sched_setaffinity(0x0, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2182, 0x0) r6 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r6, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe3}]}, 0x10) sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000100)='cubic', 0x4) sendmmsg$inet(r6, &(0x7f0000004a80)=[{{0x0, 0x0, &(0x7f00000000c0)=[{0x0}], 0x1}}], 0x1, 0x400c0) setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000480)=0x1df9, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e24, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xd14f}, 0x1c) 2.99870967s ago: executing program 3 (id=2504): mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r2 = getpid() llistxattr(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r3 = syz_pidfd_open(r2, 0x0) setns(r3, 0x24020000) umount2(&(0x7f0000000040)='.\x00', 0x2) close_range(r1, 0xffffffffffffffff, 0x0) 2.89205147s ago: executing program 3 (id=2505): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000580)='/proc/sys/net/ipv4/tcp_timestamps\x00', 0x1, 0x0) sendfile(r1, r0, &(0x7f00000000c0)=0x8b, 0x100000500) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r2, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000002c0)="9c", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000002280)="1dabc308e898607107dedbd751f706346cbbd4c12359cc5444fb576ac58656b34b5ee5792c9f86600f2fd0505bfb015d8ea05aaf05050d47113ba083b4d254e00a68a0c67bb755123c7fb1da9ef3474517c47eb7ffd71537379b75e055ba4aa4e87b7db52d789023d32fe4e1fc4f0456a2a8d892931ffcd48f017798ab4cd1759e608b504f14d1612361095a682f1bd0d9f59a63a8193f90c3826f47198cb138916df64dd6d4f4a625beeb250d25e5cbeefbdfd5c0495f9b65d50c42ef678842ba3581ffdf82738b6c9c89344da586875d3d0c0b68bb27b9fe5c10a69ef09a270b2532e67fdb130713da5596838ac43d3703f919ecfbaeecf0f83fc122c38ae366f9bbab124ee1ad9d1437368f7320f1981af30816c0757fc3edd7e90643800d44092e0847cb795de1e6048ca8a510b974aa4647a040122d552a63a56fe487376a8721b5913f715e59b0b180cbd7be2ddbed8431be99f28ede4ab850da56ffcc4e8c8d60c34c16f046f7d81cf27ba7e7f60b0201014bec8c2140027f8c1bdd26499eda9f6dd519f13fa8593b62dc1ff4f56174af0d8430bce8d9b4ea8b81a81c17cc3b3bbd659db3345d9773242795898dc64788e3a78494482ca11561b1428e10659526a5a59afa8a97c51056a835a64b34cb52df69aa3be12e818f64e571e51a6fa5bb145d9cd1bfdd043180d75ea4bc8df8fe6252896cdd53d886787bebb2887a5ea7b7ccf8bd0c8fde9c3f8abac96f3676cd52b81e205697ad35368d9306fb230623c8c060570b188f237d7934bb6e58707e84415dfad34e9ec9348214bd6633cb7cafc9992c14bee2420302cc00387d223ba27f718397b87c941e4beddcd99ef66dca1f0bf96cb9210948e08a6b88234db0b98fa15beb9d629da3492ef246db842fa188acfcbcf2905e7a8e796cc6a44edfa47b1c2b2de02c0d0db7bd2a5c9528ef6662966d3b99b452ded2c6bfe195833b12d39cd54ea93dec2e6ecb7d040a7c740074ca58c32c0d9e656507e436e8f72845a17929fb0230715c281dd406d6851a66b1cbcd9cea88eabf7fb64bdab4d24ed554ed60542e251ebd3210ef11b2dacfd256f8ae2bc879e6ac5d47d9ae684f1ef016675d9219d1ce04c8cc74fff135564fc5448abddfccfadabd15f043072f6fdef0795fb41cbf2d1318a140e0a03ef059974871d428e52153f9c04cc05f4cb7775db68a24548005058de633f9f3293589842d0f98ceee0b073e3d85f6cda60c2d3f9ecee643a3284dc9eece75b62b957c33ed8341f0290b43b302a29d8c22256fb4b601261f98004302c5e4f4e759e01e16d976dcde60f8e4cbe59817e1c7e68959f074b7f3ea8ea8dd9f154b6ef5478829c3e3cd26c63067d556c288070c7ec0ed01ec98c6ac9ab9428b5183108765fd5f93b8d2543d934d7c1c12367a86929e976db3a750d5146b689bcd1716f090b4720721bdeba1494552bb9eb6583abe7656ea41dbccdedb97eeec573f438ff5c38b10f2f5582928763a6e17a9ca4314bffa0025b83f6f30e04ca22f5fe9c344cc7bc1383cb94d3f0572bd5dcdd99ea043e30425c5adaf5d9d3eab48c61e070383701bc21903f1c08fbf5756696fc07beea8a583a7450424999a4539a9fdf06fcd8e97aae7766620a281845c27e535afd7d92dc0d1dfb95e8d587068d56808d2ee09e0cac009629b031002fe611623fc60909a712e58737f44d2a7bf370e4e910694525d2dd9fd336f32492839991fafd62a84af812fc4697995c79c9d0d36ad066ce9bddf2924262932ae51f6d1f02ce11a8bc098fe624a4b0aa679a75e6aedf53504a84d5ba2b4e632287d639b510363504756cbfbd7cfb811cfbfa932cd3b3341afae6de96a43409fd22240376cd5973db40cf425c98651930f74ee2ee5aac68ac89d1041292eb096987ce332379898badb156762d70a711561ce0fa8a970f73b9230ee3e935bbbe41859b0163df71aebceaedbebd1f5885b3457479fc50f4032326262733fdfe1ae8b8841d96ccf5f46ed4bc6a6a37a3943c165fc66d68f471f4b02e8b6000d574da431c822208030a594051f400e6729e943fbf18a4bac808da032401d647bbe81589e8cdd1b7bd1a56239a1d0014afc5d01bedf642f9be2c3adc69faa3b071c7b386528c032a661bc6e10dd77296729ee16a23950b20f43ba90679ff9f7471630a3be5a6f45f346e6a9bb9c37ea4b91864774eb59e2da2c2734157c912b3ea50fd358c6b5b08e28342e47741a832486ccf05633c89c69342af5876132b917026ea645ef74c18441333e6fede65594974c64af93d4c2ec0ba0dc990008ac1d5c2cb318274a6720c7e27c6dfccd192a4aa73c579d3f0b00822adec3060513472ff773de228bb3850a4158eba1d2a4202c84deeb71041d394a207f2a0513e5a9ecf6a08f3e9b0719724c4510af98149d4c03966b4fd026a4f14b68ad0810009d27813fad6bb1053955251047774442fd", 0x6dc}], 0x1}}], 0x2, 0x0) 2.780887268s ago: executing program 1 (id=2508): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='cubic', 0x5) 2.779955108s ago: executing program 1 (id=2510): mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) r5 = socket$nl_audit(0x10, 0x3, 0x9) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r5, 0x10e, 0x2, &(0x7f0000000000)=0x1c, 0x4) 2.559563157s ago: executing program 0 (id=2514): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_X86_DISABLE_EXITS(r1, 0x4068aea3, &(0x7f00000000c0)={0x8f, 0x0, 0xa}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = epoll_create1(0x80000) r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE2(r4, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, r4, 0x1000) r5 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042) close(0x3) dup(r5) setsockopt$inet_buf(r2, 0x0, 0x9, 0x0, 0x0) fcntl$dupfd(r2, 0x406, r3) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_emit_ethernet(0x36, &(0x7f0000000080)={@random="6d56bf006eb2", @random="e130aeaaba30", @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0x0, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, @mcast2}}}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="a800000000010904000500000000000002000000240001801400018008000100e000000108000200ac1e01010c00028005000100000009002400028014000180080001000000010908000200ac1e00010c000280050001000000000044000f800812014000000006080003400000002b080003400000000808000240000000400800014000000000fb0001400000000708000140000044f10800034000000003080007"], 0xa8}}, 0x0) ioctl$KVM_X86_SET_MSR_FILTER(r1, 0x4188aec6, &(0x7f0000000a40)={0x1, [{0x2, 0x8, 0x109, &(0x7f0000000080)='z'}, {0x2, 0x0, 0x2, 0x0}, {0x2, 0x0, 0x7ff, 0x0}, {0x1, 0x0, 0x912b, 0x0}, {0x1, 0x0, 0x3cb3, 0x0}, {0x3, 0x0, 0x3fe, 0x0}, {0x1, 0x0, 0x2, 0x0}, {0x3, 0x0, 0xfffffffe, 0x0}, {0x2, 0x0, 0xb, 0x0}, {0x1, 0x0, 0x3, 0x0}, {0x0, 0x0, 0x9, 0x0}, {0x3, 0x0, 0xa, 0x0}, {0x1, 0x0, 0x0, 0x0}, {0x1, 0x0, 0x7fffffff, 0x0}, {0x1, 0x0, 0x2, 0x0}, {0x1, 0x0, 0x8001, 0x0}]}) 2.019760045s ago: executing program 3 (id=2518): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB="5402000017000100000000000040523ee83c00000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff000000000000000000000000000000000000000002000020", @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000e027030000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000065"], 0x254}}, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000fcdbdf2544000000080003", @ANYRES32=r2, @ANYBLOB="0a001800030303030303000004005a8020005a8018000080140005"], 0x4c}}, 0x4040810) 1.959670009s ago: executing program 3 (id=2520): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) dup(0xffffffffffffffff) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000080000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4a, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x2) fstat(0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_CPUID(r4, 0x4008ae8a, &(0x7f0000000240)={0x2, 0x0, [{0xa, 0x5, 0x7, 0x6, 0x200}, {0x80000001, 0xa00000, 0x1ff, 0xaf, 0x800}]}) 1.958761605s ago: executing program 1 (id=2523): prlimit64(0x0, 0x5, &(0x7f0000000140)={0x6, 0xfffffffffffffff9}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x75b08000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) syz_emit_ethernet(0x36, &(0x7f0000000140)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @remote}, @timestamp_reply}}}}, 0x0) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x10) pwritev2(r2, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0) readlinkat(r2, &(0x7f0000000000)='./file0\x00', &(0x7f0000000240)=""/96, 0x60) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00'}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0}, 0x18) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, &(0x7f0000000cc0)={0x2020}, 0x2020) write$P9_RGETLOCK(r4, &(0x7f00000002c0)=ANY=[], 0x200002e6) 1.540278507s ago: executing program 0 (id=2525): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000004c0)='cubic', 0x6) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000801000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x843}, 0x44040) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[], 0x48) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r3, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000080050005000200000011000300686173683a69702c706f7274"], 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90) sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x1c, 0x7, 0x6, 0x101, 0x0, 0x0, {0x2, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x2000c094) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000000200)=""/155}, 0x20) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYRESDEC], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x2c, 0x0, 0x0, 0x0}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0xce56fe61a68fc369, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) r8 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r8, &(0x7f00000002c0)={0xa, 0x4e24, 0x0, @rand_addr, 0x8000}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b400000000000000791048000000000079003000000000009500000000000000db74589d4b38cc306ac390649f8edea0e50e2317db042855d6c74ff3493c7e31e3f6c643155a8e2e01d50bc3347475be393b1f1e4aba75a0750472719cc516eec8b02df8ef39db6e67fa14b769e7f385ba72c64242263c05ddab05e37efe81b8bffc35cdf2ac0d93263ff755d611c4cca1684b1470af6a83366aa430ad2d700b186da622d6fba7000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xb1, &(0x7f000000cf3d)=""/173, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x53) r9 = socket$netlink(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r10, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) 1.40042995s ago: executing program 2 (id=2526): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="10000000040000000400000002"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000002c0)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b7040000000000008500000033000000180100002020692500000000002020207b1ad8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000e62a0000850000000600000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r1, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) 1.400210675s ago: executing program 2 (id=2527): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000580)='/proc/sys/net/ipv4/tcp_timestamps\x00', 0x1, 0x0) sendfile(r1, r0, &(0x7f00000000c0)=0x8b, 0x100000500) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r2, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000002c0)="9c", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000002280)="1dabc308e898607107dedbd751f706346cbbd4c12359cc5444fb576ac58656b34b5ee5792c9f86600f2fd0505bfb015d8ea05aaf05050d47113ba083b4d254e00a68a0c67bb755123c7fb1da9ef3474517c47eb7ffd71537379b75e055ba4aa4e87b7db52d789023d32fe4e1fc4f0456a2a8d892931ffcd48f017798ab4cd1759e608b504f14d1612361095a682f1bd0d9f59a63a8193f90c3826f47198cb138916df64dd6d4f4a625beeb250d25e5cbeefbdfd5c0495f9b65d50c42ef678842ba3581ffdf82738b6c9c89344da586875d3d0c0b68bb27b9fe5c10a69ef09a270b2532e67fdb130713da5596838ac43d3703f919ecfbaeecf0f83fc122c38ae366f9bbab124ee1ad9d1437368f7320f1981af30816c0757fc3edd7e90643800d44092e0847cb795de1e6048ca8a510b974aa4647a040122d552a63a56fe487376a8721b5913f715e59b0b180cbd7be2ddbed8431be99f28ede4ab850da56ffcc4e8c8d60c34c16f046f7d81cf27ba7e7f60b0201014bec8c2140027f8c1bdd26499eda9f6dd519f13fa8593b62dc1ff4f56174af0d8430bce8d9b4ea8b81a81c17cc3b3bbd659db3345d9773242795898dc64788e3a78494482ca11561b1428e10659526a5a59afa8a97c51056a835a64b34cb52df69aa3be12e818f64e571e51a6fa5bb145d9cd1bfdd043180d75ea4bc8df8fe6252896cdd53d886787bebb2887a5ea7b7ccf8bd0c8fde9c3f8abac96f3676cd52b81e205697ad35368d9306fb230623c8c060570b188f237d7934bb6e58707e84415dfad34e9ec9348214bd6633cb7cafc9992c14bee2420302cc00387d223ba27f718397b87c941e4beddcd99ef66dca1f0bf96cb9210948e08a6b88234db0b98fa15beb9d629da3492ef246db842fa188acfcbcf2905e7a8e796cc6a44edfa47b1c2b2de02c0d0db7bd2a5c9528ef6662966d3b99b452ded2c6bfe195833b12d39cd54ea93dec2e6ecb7d040a7c740074ca58c32c0d9e656507e436e8f72845a17929fb0230715c281dd406d6851a66b1cbcd9cea88eabf7fb64bdab4d24ed554ed60542e251ebd3210ef11b2dacfd256f8ae2bc879e6ac5d47d9ae684f1ef016675d9219d1ce04c8cc74fff135564fc5448abddfccfadabd15f043072f6fdef0795fb41cbf2d1318a140e0a03ef059974871d428e52153f9c04cc05f4cb7775db68a24548005058de633f9f3293589842d0f98ceee0b073e3d85f6cda60c2d3f9ecee643a3284dc9eece75b62b957c33ed8341f0290b43b302a29d8c22256fb4b601261f98004302c5e4f4e759e01e16d976dcde60f8e4cbe59817e1c7e68959f074b7f3ea8ea8dd9f154b6ef5478829c3e3cd26c63067d556c288070c7ec0ed01ec98c6ac9ab9428b5183108765fd5f93b8d2543d934d7c1c12367a86929e976db3a750d5146b689bcd1716f090b4720721bdeba1494552bb9eb6583abe7656ea41dbccdedb97eeec573f438ff5c38b10f2f5582928763a6e17a9ca4314bffa0025b83f6f30e04ca22f5fe9c344cc7bc1383cb94d3f0572bd5dcdd99ea043e30425c5adaf5d9d3eab48c61e070383701bc21903f1c08fbf5756696fc07beea8a583a7450424999a4539a9fdf06fcd8e97aae7766620a281845c27e535afd7d92dc0d1dfb95e8d587068d56808d2ee09e0cac009629b031002fe611623fc60909a712e58737f44d2a7bf370e4e910694525d2dd9fd336f32492839991fafd62a84af812fc4697995c79c9d0d36ad066ce9bddf2924262932ae51f6d1f02ce11a8bc098fe624a4b0aa679a75e6aedf53504a84d5ba2b4e632287d639b510363504756cbfbd7cfb811cfbfa932cd3b3341afae6de96a43409fd22240376cd5973db40cf425c98651930f74ee2ee5aac68ac89d1041292eb096987ce332379898badb156762d70a711561ce0fa8a970f73b9230ee3e935bbbe41859b0163df71aebceaedbebd1f5885b3457479fc50f4032326262733fdfe1ae8b8841d96ccf5f46ed4bc6a6a37a3943c165fc66d68f471f4b02e8b6000d574da431c822208030a594051f400e6729e943fbf18a4bac808da032401d647bbe81589e8cdd1b7bd1a56239a1d0014afc5d01bedf642f9be2c3adc69faa3b071c7b386528c032a661bc6e10dd77296729ee16a23950b20f43ba90679ff9f7471630a3be5a6f45f346e6a9bb9c37ea4b91864774eb59e2da2c2734157c912b3ea50fd358c6b5b08e28342e47741a832486ccf05633c89c69342af5876132b917026ea645ef74c18441333e6fede65594974c64af93d4c2ec0ba0dc990008ac1d5c2cb318274a6720c7e27c6dfccd192a4aa73c579d3f0b00822adec3060513472ff773de228bb3850a4158eba1d2a4202c84deeb71041d394a207f2a0513e5a9ecf6a08f3e9b0719724c4510af98149d4c03966b4fd026a4f14b68ad0810009d27813fad6bb1053955251047774442fd", 0x6dc}], 0x1}}], 0x2, 0x0) 1.3481546s ago: executing program 2 (id=2528): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x1e, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb709}, 0x94) r0 = socket$packet(0x11, 0x2, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x6, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 1.200423842s ago: executing program 2 (id=2529): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='cubic', 0x6) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) r1 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r1, &(0x7f0000000240)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323456536005ad94a461cdbfee9bdb9423523598451d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) 1.199854178s ago: executing program 2 (id=2530): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) syz_usb_connect(0x0, 0x81, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000a7420040ab050103000101020301090224000100"], 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cubic', 0x5) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 1.048494678s ago: executing program 1 (id=2531): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00'}) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x20040040) 1.04813799s ago: executing program 1 (id=2532): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x1fffffffffffffcd, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf7473000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000c00)=@framed={{}, [@printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) io_setup(0x8f0, &(0x7f0000002400)=0x0) io_submit(r5, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r4, &(0x7f0000000040)='\x00\x00\x00', 0x3, 0x0, 0x0, 0x2}]) clock_nanosleep(0x9, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x0) 380.592083ms ago: executing program 0 (id=2533): r0 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042) r1 = dup(r0) read$FUSE(r1, 0x0, 0x0) 269.375197ms ago: executing program 0 (id=2534): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x48, &(0x7f0000000000)=0xb2, 0x4) 269.098369ms ago: executing program 0 (id=2535): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000580)={'veth0_to_team\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000004c0)={r0, r2, 0x25, 0x0, @void}, 0x10) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x4, 0x2, 0x1}}) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) open(0x0, 0x147842, 0x184) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="28000000100001000100"/20, @ANYRES32=0x0, @ANYBLOB="200400200000000008001b"], 0x28}}, 0x0) 499.353µs ago: executing program 2 (id=2536): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newqdisc={0x50, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xfff2}, {0xffff, 0xffff}, {0xd, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x3, 0x4, 0xf534, 0xffffffff, 0x0, 0x7, 0x8d}}, {0x4}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000001}, 0x800) ioctl$SIOCSIFHWADDR(r4, 0x8922, 0x0) 0s ago: executing program 1 (id=2537): openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x69703000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$inet6(0xa, 0x3, 0x8000000003c) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x3f8, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x328, 0xffffffff, 0xffffffff, 0x328, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [0x0, 0x0, 0xff000000], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x228, 0x258, 0x0, {}, [@common=@inet=@policy={{0x158}, {[{@ipv6=@mcast1, [0xffffffff, 0xffffff00, 0xffffff00, 0xffffff00], @ipv6=@remote, [0xffffff00, 0xff, 0xff000000, 0xff], 0x4d4, 0x3500, 0xa3, 0x1, 0x18, 0xb}, {@ipv6=@empty, [0xffffff00, 0x0, 0xff000000, 0xff], @ipv6=@dev={0xfe, 0x80, '\x00', 0x11}, [0xff, 0xffffffff, 0xffffff00, 0xffffff], 0x4d6, 0x0, 0x5e, 0x1, 0xa, 0xa}, {@ipv6=@dev={0xfe, 0x80, '\x00', 0x2d}, [0xffffffff, 0xff, 0xffffffff, 0xff000000], @ipv6=@rand_addr=' \x01\x00', [0x0, 0x0, 0xffffff00, 0xffffffff], 0x4d2, 0x0, 0x32, 0x0, 0x14}, {@ipv4=@rand_addr=0x64010101, [0xff, 0x0, 0xff000000, 0xffffff00], @ipv6=@local, [0xffffffff, 0xff000000, 0xff, 0xff0001fe], 0x4d6, 0x3500, 0x3c, 0x0, 0x4, 0x2}], 0x2}}, @inet=@rpfilter={{0x28}, {0xc}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x458) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) kernel console output (not intermixed with test programs): evsim2: renamed from eth2 [ 47.335325][ T5975] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 47.363150][ T5983] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 47.371871][ T5983] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 47.376201][ T5989] Bluetooth: hci1: command tx timeout [ 47.376527][ T5983] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 47.382253][ T5983] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 47.445778][ T5989] Bluetooth: hci0: command tx timeout [ 47.446403][ T5972] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 47.447753][ T5979] Bluetooth: hci3: command tx timeout [ 47.447764][ T5989] Bluetooth: hci2: command tx timeout [ 47.454727][ T5972] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 47.464162][ T5972] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 47.469319][ T5972] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 47.491704][ T5981] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.507137][ T5981] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.523250][ T102] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.525573][ T102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.537495][ T102] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.539745][ T102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.548959][ T5975] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.580227][ T5975] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.590887][ T5983] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.598176][ T1175] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.600328][ T1175] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.619067][ T102] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.621381][ T102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.631680][ T5972] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.650933][ T5983] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.657755][ T5972] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.665873][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.668576][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.683428][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.686371][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.699861][ T1175] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.702596][ T1175] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.708101][ T1175] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.710383][ T1175] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.756747][ T5981] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.804874][ T5981] veth0_vlan: entered promiscuous mode [ 47.813759][ T5981] veth1_vlan: entered promiscuous mode [ 47.833769][ T5981] veth0_macvtap: entered promiscuous mode [ 47.841217][ T5981] veth1_macvtap: entered promiscuous mode [ 47.860727][ T5981] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.867123][ T5981] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.872290][ T5975] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.884597][ T102] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.888638][ T102] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.896639][ T102] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.899359][ T102] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.908509][ T5983] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.915850][ T5972] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.941579][ T5975] veth0_vlan: entered promiscuous mode [ 47.954217][ T5975] veth1_vlan: entered promiscuous mode [ 47.959711][ T102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.962427][ T102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.986924][ T5975] veth0_macvtap: entered promiscuous mode [ 47.994154][ T5975] veth1_macvtap: entered promiscuous mode [ 48.005463][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.007846][ T5972] veth0_vlan: entered promiscuous mode [ 48.008750][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.017583][ T5983] veth0_vlan: entered promiscuous mode [ 48.026543][ T5983] veth1_vlan: entered promiscuous mode [ 48.028999][ T5972] veth1_vlan: entered promiscuous mode [ 48.032891][ T5975] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.046666][ T5975] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.053182][ T5981] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 48.057426][ T1175] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.060110][ T1175] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.068942][ T1175] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.071622][ T1175] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.091178][ T5983] veth0_macvtap: entered promiscuous mode [ 48.094192][ T5972] veth0_macvtap: entered promiscuous mode [ 48.098702][ T5972] veth1_macvtap: entered promiscuous mode [ 48.110585][ T5983] veth1_macvtap: entered promiscuous mode [ 48.132061][ T5972] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.135847][ T1175] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.138224][ T1175] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.141677][ T5983] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.152611][ T5972] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.166525][ T1171] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.169448][ T1171] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.173818][ T5983] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.182793][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.186976][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.188678][ T1171] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.195498][ T1171] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.205304][ T1171] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.209764][ T1171] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.217875][ T1171] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.220648][ T1171] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.267675][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.270097][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.282112][ T1148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.284890][ T1148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.292208][ T1175] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.294612][ T1175] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.307362][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.309714][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.456884][ T5979] Bluetooth: hci1: command tx timeout [ 49.505161][ T6119] fuse: Unknown parameter 'group_id00000000000000000000' [ 49.525801][ T5979] Bluetooth: hci3: command tx timeout [ 49.537267][ T5979] Bluetooth: hci2: command tx timeout [ 49.537286][ T5986] Bluetooth: hci0: command tx timeout [ 49.720219][ T6141] kvm: requested 130742 ns i8254 timer period limited to 200000 ns [ 50.407163][ T6176] mmap: syz.1.45 (6176) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 50.594351][ T40] audit: type=1326 audit(1758543163.977:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6189 comm="syz.1.51" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x0 [ 50.601591][ T40] audit: type=1326 audit(1758543163.977:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6189 comm="syz.1.51" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x0 [ 51.104263][ T6224] fuse: Bad value for 'fd' [ 51.526510][ T5986] Bluetooth: hci1: command tx timeout [ 51.612349][ T5986] Bluetooth: hci0: command tx timeout [ 51.615759][ T5986] Bluetooth: hci2: command tx timeout [ 51.616060][ T5979] Bluetooth: hci3: command tx timeout [ 52.337245][ T6269] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 53.606453][ T5979] Bluetooth: hci1: command tx timeout [ 53.686226][ T5979] Bluetooth: hci3: command tx timeout [ 53.695910][ T5979] Bluetooth: hci2: command tx timeout [ 53.696405][ T5986] Bluetooth: hci0: command tx timeout [ 54.125389][ T6393] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 54.538827][ T6412] fuse: Bad value for 'rootmode' [ 55.187929][ T6435] TCP: TCP_TX_DELAY enabled [ 57.315582][ T40] audit: type=1326 audit(1758543170.697:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6520 comm="syz.1.197" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70be579 code=0x0 [ 58.298346][ T6602] fuse: Bad value for 'fd' [ 60.231968][ T6703] fuse: Unknown parameter '0x0000000000000003' [ 60.831018][ T6729] fuse: Unknown parameter '0x0000000000000003' [ 61.345829][ T10] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 61.495706][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 61.499734][ T10] usb 6-1: unable to get BOS descriptor or descriptor too short [ 61.503227][ T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 61.506672][ T10] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 61.512136][ T10] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 61.514974][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 61.518433][ T10] usb 6-1: Product: syz [ 61.520089][ T10] usb 6-1: Manufacturer: syz [ 61.521574][ T10] usb 6-1: SerialNumber: syz [ 61.734076][ T10] usb 6-1: selecting invalid altsetting 1 [ 61.737393][ T10] cdc_ncm 6-1:1.0: bind() failure [ 61.740398][ T6752] fuse: Unknown parameter '0x0000000000000003' [ 61.749275][ T10] cdc_acm 6-1:1.1: Zero length descriptor references [ 61.751387][ T10] cdc_acm 6-1:1.1: probe with driver cdc_acm failed with error -22 [ 61.756354][ T10] usb 6-1: USB disconnect, device number 2 [ 62.084708][ T40] audit: type=1326 audit(1758543175.467:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6780 comm="syz.3.303" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f43579 code=0x0 [ 63.048763][ T6811] process 'syz.0.315' launched './file1' with NULL argv: empty string added [ 63.058923][ T6813] fuse: Unknown parameter 'fd0x0000000000000003' [ 63.122586][ T6821] netlink: 8 bytes leftover after parsing attributes in process `syz.1.320'. [ 63.411501][ T6846] netlink: 4 bytes leftover after parsing attributes in process `syz.3.331'. [ 63.417026][ T6846] netlink: 173 bytes leftover after parsing attributes in process `syz.3.331'. [ 63.535832][ T2299] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 63.685855][ T2299] usb 5-1: Using ep0 maxpacket: 8 [ 63.701403][ T2299] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 63.704441][ T2299] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 63.708383][ T2299] usb 5-1: Product: syz [ 63.710020][ T2299] usb 5-1: Manufacturer: syz [ 63.711571][ T2299] usb 5-1: SerialNumber: syz [ 63.927072][ T2299] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 63.985763][ T6059] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 64.130146][ T9] usb 5-1: USB disconnect, device number 2 [ 64.135834][ T6059] usb 8-1: Using ep0 maxpacket: 8 [ 64.136283][ T9] usblp0: removed [ 64.138843][ T6059] usb 8-1: config index 0 descriptor too short (expected 5924, got 36) [ 64.141768][ T6059] usb 8-1: config 250 has an invalid interface number: 228 but max is -1 [ 64.144452][ T6059] usb 8-1: config 250 has an invalid descriptor of length 0, skipping remainder of the config [ 64.147807][ T6059] usb 8-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 64.150960][ T6059] usb 8-1: config 250 has no interface number 0 [ 64.153052][ T6059] usb 8-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 64.156711][ T6059] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 64.160283][ T6059] usb 8-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 64.164928][ T6059] usb 8-1: config 250 interface 228 has no altsetting 0 [ 64.168731][ T6059] usb 8-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 64.171685][ T6059] usb 8-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 64.174237][ T6059] usb 8-1: Product: syz [ 64.175551][ T6059] usb 8-1: SerialNumber: syz [ 64.180392][ T6059] hub 8-1:250.228: bad descriptor, ignoring hub [ 64.182461][ T6059] hub 8-1:250.228: probe with driver hub failed with error -5 [ 64.661088][ T9] usb 8-1: reset high-speed USB device number 2 using dummy_hcd [ 64.736525][ T6892] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 64.925467][ T6907] kernel profiling enabled (shift: 63) [ 64.927972][ T6907] profiling shift: 63 too large [ 65.075684][ T5985] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 65.235682][ T5985] usb 5-1: Using ep0 maxpacket: 32 [ 65.240047][ T5985] usb 5-1: config 0 interface 0 altsetting 12 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 65.244023][ T5985] usb 5-1: config 0 interface 0 has no altsetting 0 [ 65.246284][ T5985] usb 5-1: New USB device found, idVendor=056a, idProduct=00b0, bcdDevice= 0.00 [ 65.249101][ T5985] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 65.253677][ T5985] usb 5-1: config 0 descriptor?? [ 65.335955][ T6059] usb 8-1: USB disconnect, device number 2 [ 66.442553][ T6930] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 66.448072][ T6930] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 67.265719][ T10] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 67.427506][ T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 67.430638][ T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 67.434304][ T10] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 67.437277][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 67.439782][ T10] usb 6-1: SerialNumber: syz [ 67.651374][ T10] usb 6-1: 0:2 : does not exist [ 67.660833][ T10] usb 6-1: USB disconnect, device number 3 [ 67.674159][ T5978] udevd[5978]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 68.303254][ T6988] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 68.472671][ T102] Bluetooth: hci4: Frame reassembly failed (-84) [ 68.475013][ T102] Bluetooth: hci4: Frame reassembly failed (-84) [ 68.585764][ T6059] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 68.738048][ T6059] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 68.742116][ T6059] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 68.745284][ T6059] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 68.750800][ T6059] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 68.754607][ T6059] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 68.761375][ T6059] usb 6-1: config 0 descriptor?? [ 68.830141][ T7022] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 68.909392][ T40] audit: type=1326 audit(1758543182.297:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7024 comm="syz.0.402" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fb1579 code=0x0 [ 69.175552][ T6059] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 69.529673][ T6059] usb 6-1: USB disconnect, device number 4 [ 70.495707][ T7005] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 70.495910][ T5979] Bluetooth: hci0: command 0x0401 tx timeout [ 70.497881][ T5986] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 70.500806][ T5989] Bluetooth: hci4: command 0x1003 tx timeout [ 70.891398][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.893608][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.142910][ T7095] can0: slcan on ptm0. [ 71.227163][ T7095] can0 (unregistered): slcan off ptm0. [ 71.539923][ T40] audit: type=1326 audit(1758543184.927:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7134 comm="syz.1.441" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70be579 code=0x0 [ 71.635755][ T1343] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 71.795727][ T1343] usb 8-1: Using ep0 maxpacket: 32 [ 71.798620][ T1343] usb 8-1: config 0 has an invalid interface number: 184 but max is 0 [ 71.801175][ T1343] usb 8-1: config 0 has no interface number 0 [ 71.803081][ T1343] usb 8-1: config 0 interface 184 has no altsetting 0 [ 71.808391][ T1343] usb 8-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 71.811539][ T1343] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 71.814099][ T1343] usb 8-1: Product: syz [ 71.816019][ T1343] usb 8-1: Manufacturer: syz [ 71.817596][ T1343] usb 8-1: SerialNumber: syz [ 71.821236][ T1343] usb 8-1: config 0 descriptor?? [ 71.826137][ T1343] smsc75xx v1.0.0 [ 72.441378][ T1343] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 72.448117][ T1343] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 72.689208][ T7156] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.691944][ T7156] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.755839][ T7156] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 72.762693][ T7156] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 72.839921][ T102] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.849000][ T102] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.853655][ T102] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.859496][ T102] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.882426][ T40] audit: type=1326 audit(1758543186.267:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7163 comm="syz.1.454" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70be579 code=0x0 [ 73.054465][ T1343] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71 [ 73.058203][ T1343] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71 [ 73.061267][ T1343] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 73.064470][ T1343] smsc75xx 8-1:0.184: probe with driver smsc75xx failed with error -71 [ 73.068755][ T1343] usb 8-1: USB disconnect, device number 3 [ 73.648776][ T7190] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 75.734889][ T7272] Bluetooth: MGMT ver 1.23 [ 75.784744][ T5979] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 75.788613][ T5979] CPU: 2 UID: 0 PID: 5979 Comm: kworker/u33:3 Not tainted syzkaller #0 PREEMPT(full) [ 75.788636][ T5979] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.788648][ T5979] Workqueue: hci3 hci_rx_work [ 75.788681][ T5979] Call Trace: [ 75.788688][ T5979] [ 75.788695][ T5979] dump_stack_lvl+0x16c/0x1f0 [ 75.788725][ T5979] sysfs_warn_dup+0x7f/0xa0 [ 75.788745][ T5979] sysfs_create_dir_ns+0x24b/0x2b0 [ 75.788765][ T5979] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 75.788826][ T5979] ? find_held_lock+0x2b/0x80 [ 75.788849][ T5979] ? do_raw_spin_unlock+0x172/0x230 [ 75.788877][ T5979] kobject_add_internal+0x2c4/0x9b0 [ 75.788898][ T5979] kobject_add+0x16e/0x240 [ 75.788913][ T5979] ? __pfx_kobject_add+0x10/0x10 [ 75.788930][ T5979] ? do_raw_spin_unlock+0x172/0x230 [ 75.788954][ T5979] ? kobject_put+0xab/0x5a0 [ 75.788975][ T5979] device_add+0x288/0x1aa0 [ 75.788993][ T5979] ? __pfx_dev_set_name+0x10/0x10 [ 75.789012][ T5979] ? __pfx_device_add+0x10/0x10 [ 75.789029][ T5979] ? mgmt_send_event_skb+0x2fb/0x460 [ 75.789056][ T5979] hci_conn_add_sysfs+0x17e/0x230 [ 75.789079][ T5979] le_conn_complete_evt+0x1075/0x1d70 [ 75.789099][ T5979] ? preempt_count_sub+0x130/0x160 [ 75.789120][ T5979] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 75.789140][ T5979] ? hci_event_packet+0x459/0x11c0 [ 75.789168][ T5979] hci_le_conn_complete_evt+0x23c/0x370 [ 75.789195][ T5979] hci_le_meta_evt+0x354/0x5e0 [ 75.789216][ T5979] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 75.789238][ T5979] hci_event_packet+0x685/0x11c0 [ 75.789258][ T5979] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 75.789280][ T5979] ? __pfx_hci_event_packet+0x10/0x10 [ 75.789301][ T5979] ? kcov_remote_start+0x3c9/0x6d0 [ 75.789324][ T5979] ? lockdep_hardirqs_on+0x7c/0x110 [ 75.789351][ T5979] hci_rx_work+0x2c5/0x16b0 [ 75.789373][ T5979] ? rcu_is_watching+0x12/0xc0 [ 75.789393][ T5979] process_one_work+0x9cf/0x1b70 [ 75.789427][ T5979] ? __pfx_process_one_work+0x10/0x10 [ 75.789456][ T5979] ? assign_work+0x1a0/0x250 [ 75.789481][ T5979] worker_thread+0x6c8/0xf10 [ 75.789506][ T5979] ? __pfx_worker_thread+0x10/0x10 [ 75.789527][ T5979] kthread+0x3c5/0x780 [ 75.789551][ T5979] ? __pfx_kthread+0x10/0x10 [ 75.789575][ T5979] ? rcu_is_watching+0x12/0xc0 [ 75.789592][ T5979] ? __pfx_kthread+0x10/0x10 [ 75.789614][ T5979] ret_from_fork+0x56d/0x730 [ 75.789637][ T5979] ? __pfx_kthread+0x10/0x10 [ 75.789659][ T5979] ret_from_fork_asm+0x1a/0x30 [ 75.789690][ T5979] [ 75.789713][ T5979] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 75.893423][ T5979] Bluetooth: hci3: failed to register connection device [ 75.943250][ T7281] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 76.028044][ T7294] capability: warning: `syz.0.505' uses deprecated v2 capabilities in a way that may be insecure [ 76.053292][ T7299] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 76.057483][ T7299] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 76.680951][ T7311] netlink: 4 bytes leftover after parsing attributes in process `syz.0.512'. [ 76.687775][ T7311] netlink: 4 bytes leftover after parsing attributes in process `syz.0.512'. [ 76.694795][ T7311] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 76.698874][ T7311] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 76.704493][ T7311] netlink: 4 bytes leftover after parsing attributes in process `syz.0.512'. [ 76.843658][ T7313] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 77.267775][ T7343] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 78.030049][ T7366] Zero length message leads to an empty skb [ 78.264024][ T7369] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 78.267095][ T7369] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 78.954603][ T7384] netlink: 'syz.1.539': attribute type 13 has an invalid length. [ 79.051040][ T7384] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.054690][ T7384] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.064409][ T7384] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 79.163065][ T40] audit: type=1326 audit(1758543192.547:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7389 comm="syz.1.541" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70be579 code=0x0 [ 79.506928][ T7398] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 79.702901][ T7406] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.706467][ T7406] bridge_slave_1: left allmulticast mode [ 79.708954][ T7406] bridge_slave_1: left promiscuous mode [ 79.711647][ T7406] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.504302][ T7428] warning: `syz.1.555' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 80.610133][ T7435] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 80.613814][ T7435] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 80.625118][ T40] audit: type=1326 audit(1758543194.005:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7436 comm="syz.3.559" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f43579 code=0x0 [ 81.129429][ T54] cfg80211: failed to load regulatory.db [ 81.592791][ T7483] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 81.779240][ T40] audit: type=1326 audit(1758543195.165:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7497 comm="syz.3.584" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f43579 code=0x0 [ 82.005816][ T5979] Bluetooth: hci3: command 0x0406 tx timeout [ 82.005864][ T9] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 82.178404][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 82.181839][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 82.184936][ T9] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 82.190105][ T9] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 82.193949][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.199070][ T9] usb 6-1: config 0 descriptor?? [ 82.619062][ T9] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 82.767993][ T7507] infiniband syz0: set down [ 82.770339][ T7507] infiniband syz0: added ipvlan1 [ 82.799024][ T7507] RDS/IB: syz0: added [ 82.800981][ T7507] smc: adding ib device syz0 with port count 1 [ 82.803254][ T7507] smc: ib device syz0 port 1 has pnetid [ 83.222073][ T1343] usb 6-1: USB disconnect, device number 5 [ 83.441450][ T7554] netlink: 32 bytes leftover after parsing attributes in process `syz.0.605'. [ 83.733321][ T7566] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 83.963151][ T7590] netlink: 4 bytes leftover after parsing attributes in process `syz.0.617'. [ 84.000369][ T7595] netlink: 32 bytes leftover after parsing attributes in process `syz.3.618'. [ 84.738206][ T7698] netlink: 8 bytes leftover after parsing attributes in process `syz.3.660'. [ 84.893947][ T7707] input: syz0 as /devices/virtual/input/input6 [ 85.175751][ T9] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 85.325999][ T9] usb 8-1: Using ep0 maxpacket: 32 [ 85.329202][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 85.332576][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 85.336559][ T9] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 85.339417][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.343849][ T9] usb 8-1: config 0 descriptor?? [ 85.348492][ T9] hub 8-1:0.0: USB hub found [ 85.356269][ T7738] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 85.555941][ T9] hub 8-1:0.0: 1 port detected [ 85.931486][ T40] audit: type=1326 audit(1758543199.315:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7775 comm="syz.1.696" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70be579 code=0x0 [ 86.156245][ T9] hub 8-1:0.0: activate --> -90 [ 86.220125][ T7783] netlink: 8 bytes leftover after parsing attributes in process `syz.2.699'. [ 86.344740][ T7791] fuse: Bad value for 'fd' [ 86.559544][ T6042] usb 8-1: USB disconnect, device number 4 [ 86.677463][ T7813] netlink: 4 bytes leftover after parsing attributes in process `syz.0.714'. [ 87.655930][ T53] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 87.825750][ T53] usb 6-1: Using ep0 maxpacket: 8 [ 87.831144][ T53] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 87.834043][ T53] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 87.836829][ T53] usb 6-1: Product: syz [ 87.838173][ T53] usb 6-1: Manufacturer: syz [ 87.839713][ T53] usb 6-1: SerialNumber: syz [ 87.842422][ T53] usb 6-1: config 0 descriptor?? [ 88.047970][ T53] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 88.118878][ T7903] netlink: 4 bytes leftover after parsing attributes in process `syz.0.750'. [ 88.275754][ T6042] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 88.435766][ T6042] usb 8-1: Using ep0 maxpacket: 16 [ 88.438987][ T6042] usb 8-1: config 1 has an invalid interface number: 105 but max is 0 [ 88.441559][ T6042] usb 8-1: config 1 has no interface number 0 [ 88.443462][ T6042] usb 8-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 88.446822][ T6042] usb 8-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 88.449932][ T6042] usb 8-1: config 1 interface 105 has no altsetting 0 [ 88.454234][ T6042] usb 8-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 88.457388][ T6042] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.459867][ T6042] usb 8-1: Product: syz [ 88.461180][ T6042] usb 8-1: Manufacturer: syz [ 88.462618][ T6042] usb 8-1: SerialNumber: syz [ 88.469659][ T7904] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 88.472862][ T7904] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 88.879958][ T7904] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 88.882287][ T7904] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 89.042139][ T7920] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 89.045484][ T7920] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 89.086938][ T6042] aqc111 8-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x20) reg index 0x0000: -71 [ 89.090618][ T6042] aqc111 8-1:1.105: probe with driver aqc111 failed with error -71 [ 89.096316][ T6042] usb 8-1: USB disconnect, device number 5 [ 89.458689][ T53] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 89.462884][ T53] usb 6-1: USB disconnect, device number 6 [ 89.714216][ T7940] tipc: Started in network mode [ 89.716052][ T7940] tipc: Node identity aa82254ae754, cluster identity 4711 [ 89.719059][ T7940] tipc: Enabled bearer , priority 0 [ 89.721878][ T7940] syzkaller0: entered promiscuous mode [ 89.723661][ T7940] syzkaller0: entered allmulticast mode [ 89.728748][ T7940] tipc: Resetting bearer [ 89.732558][ T7939] tipc: Resetting bearer [ 89.738130][ T7939] tipc: Disabling bearer [ 89.890018][ T7953] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 89.899464][ T7953] syz.0.770 uses obsolete (PF_INET,SOCK_PACKET) [ 90.086738][ T9] usb 8-1: new full-speed USB device number 6 using dummy_hcd [ 90.215700][ T7970] netlink: 8 bytes leftover after parsing attributes in process `syz.0.778'. [ 90.249730][ T9] usb 8-1: unable to get BOS descriptor or descriptor too short [ 90.253941][ T9] usb 8-1: unable to read config index 0 descriptor/start: -71 [ 90.265692][ T9] usb 8-1: can't read configurations, error -71 [ 90.371707][ T7991] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 90.376550][ T7991] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 90.498494][ T7995] netlink: 4 bytes leftover after parsing attributes in process `syz.1.788'. [ 90.916791][ T2299] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 90.945579][ T8027] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 90.949675][ T8027] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 91.004867][ T8034] netlink: 'syz.2.805': attribute type 10 has an invalid length. [ 91.011043][ T8034] team0: Device ipvlan1 failed to register rx_handler [ 91.087723][ T2299] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 91.092092][ T2299] usb 6-1: New USB device found, idVendor=0c70, idProduct=f010, bcdDevice= 0.00 [ 91.094941][ T2299] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.101777][ T2299] usb 6-1: config 0 descriptor?? [ 91.280416][ T8058] netlink: 4 bytes leftover after parsing attributes in process `syz.3.816'. [ 91.519141][ T2299] aquacomputer_d5next 0003:0C70:F010.0005: unknown main item tag 0x0 [ 91.521641][ T2299] aquacomputer_d5next 0003:0C70:F010.0005: unknown main item tag 0x0 [ 91.524460][ T2299] aquacomputer_d5next 0003:0C70:F010.0005: unknown main item tag 0x0 [ 91.528019][ T2299] aquacomputer_d5next 0003:0C70:F010.0005: unknown main item tag 0x0 [ 91.530968][ T2299] aquacomputer_d5next 0003:0C70:F010.0005: unknown main item tag 0x0 [ 91.536514][ T2299] aquacomputer_d5next 0003:0C70:F010.0005: hidraw1: USB HID v0.00 Device [HID 0c70:f010] on usb-dummy_hcd.1-1/input0 [ 91.692497][ T8082] fuse: Unknown parameter 'group_id00000000000000000000' [ 91.717628][ T29] usb 6-1: USB disconnect, device number 7 [ 91.979471][ T8105] fuse: Unknown parameter 'group_id00000000000000000000' [ 92.304860][ T8133] netlink: 4 bytes leftover after parsing attributes in process `syz.0.848'. [ 92.741358][ T8171] overlayfs: failed to clone upperpath [ 92.749756][ T8173] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 92.753672][ T8173] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 92.935774][ T24] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 93.025791][ T53] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 93.097938][ T24] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 93.101105][ T24] usb 8-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 93.104294][ T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.108445][ T24] usb 8-1: config 0 descriptor?? [ 93.112089][ T24] pwc: Askey VC010 type 2 USB webcam detected. [ 93.205854][ T53] usb 6-1: Using ep0 maxpacket: 8 [ 93.209568][ T53] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 93.214493][ T53] usb 6-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=f8.63 [ 93.217427][ T53] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.219838][ T53] usb 6-1: Product: syz [ 93.221216][ T53] usb 6-1: Manufacturer: syz [ 93.222681][ T53] usb 6-1: SerialNumber: syz [ 93.233415][ T53] usb 6-1: config 0 descriptor?? [ 93.316472][ T8183] netlink: 8 bytes leftover after parsing attributes in process `syz.2.867'. [ 93.440671][ T6042] usb 6-1: USB disconnect, device number 8 [ 93.497851][ T8201] netlink: 4 bytes leftover after parsing attributes in process `syz.2.875'. [ 93.513995][ T24] pwc: recv_control_msg error -32 req 02 val 2b00 [ 93.516961][ T24] pwc: recv_control_msg error -32 req 02 val 2700 [ 93.520281][ T24] pwc: recv_control_msg error -32 req 02 val 2c00 [ 93.523084][ T24] pwc: recv_control_msg error -32 req 04 val 1000 [ 93.525559][ T24] pwc: recv_control_msg error -32 req 04 val 1300 [ 93.529804][ T24] pwc: recv_control_msg error -32 req 04 val 1400 [ 93.532711][ T24] pwc: recv_control_msg error -32 req 02 val 2000 [ 93.535426][ T24] pwc: recv_control_msg error -32 req 02 val 2100 [ 93.537552][ T8207] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 93.540752][ T8207] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 93.738758][ T24] pwc: recv_control_msg error -71 req 02 val 2500 [ 93.743315][ T24] pwc: recv_control_msg error -71 req 02 val 2400 [ 93.745821][ T24] pwc: recv_control_msg error -71 req 02 val 2600 [ 93.748078][ T24] pwc: recv_control_msg error -71 req 02 val 2900 [ 93.750311][ T24] pwc: recv_control_msg error -71 req 02 val 2800 [ 93.752752][ T24] pwc: recv_control_msg error -71 req 04 val 1100 [ 93.754980][ T24] pwc: recv_control_msg error -71 req 04 val 1200 [ 93.759265][ T24] pwc: Registered as video103. [ 93.761771][ T24] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb8/8-1/input/input7 [ 93.769902][ T24] usb 8-1: USB disconnect, device number 8 [ 94.201130][ T8224] tipc: Started in network mode [ 94.202730][ T8224] tipc: Node identity a60deaa07b05, cluster identity 4711 [ 94.205161][ T8224] tipc: Enabled bearer , priority 0 [ 94.208074][ T8224] syzkaller0: entered promiscuous mode [ 94.209826][ T8224] syzkaller0: entered allmulticast mode [ 94.225801][ T8223] tipc: Resetting bearer [ 94.232954][ T8223] tipc: Disabling bearer [ 94.326978][ T8229] fuse: Bad value for 'fd' [ 94.521683][ C0] vcan0: j1939_tp_rxtimer: 0xffff88804f84c800: rx timeout, send abort [ 95.012954][ T8252] tipc: Started in network mode [ 95.014544][ T8252] tipc: Node identity 4ee8a7f36479, cluster identity 4711 [ 95.017077][ T8252] tipc: Enabled bearer , priority 0 [ 95.020781][ T8252] syzkaller0: entered promiscuous mode [ 95.021771][ C0] vcan0: j1939_tp_rxtimer: 0xffff88804f84d800: rx timeout, send abort [ 95.023083][ T8252] syzkaller0: entered allmulticast mode [ 95.025958][ C0] vcan0: j1939_tp_rxtimer: 0xffff88804f84c800: abort rx timeout. Force session deactivation [ 95.041296][ T8251] tipc: Resetting bearer [ 95.053520][ T8251] tipc: Disabling bearer [ 95.260395][ T8266] netlink: 8 bytes leftover after parsing attributes in process `syz.0.903'. [ 95.300784][ T8271] input: syz0 as /devices/virtual/input/input8 [ 95.427554][ T8288] netlink: 8 bytes leftover after parsing attributes in process `syz.1.914'. [ 95.459546][ T8293] netlink: 60 bytes leftover after parsing attributes in process `syz.1.916'. [ 95.525650][ C0] vcan0: j1939_tp_rxtimer: 0xffff88804f84d800: abort rx timeout. Force session deactivation [ 95.989744][ T8347] netlink: 4 bytes leftover after parsing attributes in process `syz.1.939'. [ 96.187378][ T8377] netlink: 8 bytes leftover after parsing attributes in process `syz.1.948'. [ 96.204640][ T8379] veth0_vlan: entered allmulticast mode [ 96.316139][ T8399] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.958'. [ 96.354809][ T8404] netlink: 8 bytes leftover after parsing attributes in process `syz.1.959'. [ 96.687213][ T8448] netlink: 20 bytes leftover after parsing attributes in process `syz.2.980'. [ 96.697092][ T8448] netlink: 32 bytes leftover after parsing attributes in process `syz.2.980'. [ 96.767088][ T8458] netlink: 16 bytes leftover after parsing attributes in process `syz.2.983'. [ 96.904796][ T8483] Illegal XDP return value 4294967282 on prog (id 63) dev syz_tun, expect packet loss! [ 97.127019][ T8507] vxcan2: entered promiscuous mode [ 98.161329][ T8557] netlink: 'syz.2.1026': attribute type 8 has an invalid length. [ 98.374106][ T8575] erspan0: entered allmulticast mode [ 98.381375][ T8575] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 98.410057][ T8580] netlink: 'syz.2.1036': attribute type 25 has an invalid length. [ 98.414645][ T8580] netlink: 'syz.2.1036': attribute type 10 has an invalid length. [ 98.428053][ T8580] team0: Port device geneve0 added [ 98.477377][ T8587] input: syz0 as /devices/virtual/input/input9 [ 99.244110][ T8631] fuse: Unknown parameter 'user_id00000000000000000000' [ 99.458142][ T8653] fuse: Bad value for 'fd' [ 99.691255][ T8680] vxcan2: entered promiscuous mode [ 99.880431][ T8693] netlink: 'syz.0.1082': attribute type 8 has an invalid length. [ 100.094443][ T8721] fuse: Unknown parameter '0x0000000000000004' [ 100.425534][ T8747] fuse: Unknown parameter '0x0000000000000004' [ 100.548363][ T8765] fuse: Unknown parameter '0x0000000000000004' [ 100.693507][ T8780] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 100.851287][ T8796] fuse: Unknown parameter '0x0000000000000004' [ 100.964785][ T8800] __nla_validate_parse: 14 callbacks suppressed [ 100.964797][ T8800] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1125'. [ 101.163683][ T8820] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1131'. [ 101.200131][ T8824] tipc: Enabled bearer , priority 0 [ 101.205228][ T8824] tipc: Resetting bearer [ 101.209973][ T8823] tipc: Disabling bearer [ 101.415320][ T8839] erspan0: left allmulticast mode [ 101.429138][ T8839] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.431732][ T8839] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.431778][ T8843] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1141'. [ 101.478840][ T8839] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 101.485246][ T8839] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 101.512599][ T8839] veth0_vlan: left allmulticast mode [ 101.552218][ T1171] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.557141][ T1171] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.560054][ T1171] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.563029][ T1171] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.091790][ T8890] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1161'. [ 102.167497][ T8909] netlink: 'syz.1.1168': attribute type 1 has an invalid length. [ 102.522945][ T8928] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1176'. [ 102.545028][ T8934] tipc: Enabled bearer , priority 0 [ 102.551508][ T8934] tipc: Resetting bearer [ 102.556786][ T8933] tipc: Disabling bearer [ 102.634693][ T8952] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1186'. [ 102.842838][ T8961] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1189'. [ 103.499757][ T8977] overlayfs: missing 'lowerdir' [ 103.585755][ T8989] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1199'. [ 103.673628][ T8986] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1198'. [ 103.683857][ T9000] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1203'. [ 103.727734][ T9005] overlayfs: missing 'lowerdir' [ 103.760132][ T9012] openvswitch: netlink: Flow key attribute not present in set flow. [ 103.950842][ T9034] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 103.954402][ T9034] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 104.170096][ T9056] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 104.173480][ T9056] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 104.335568][ T9072] vxcan2: entered promiscuous mode [ 104.696039][ T9102] binder_alloc: 9101: binder_alloc_buf, no vma [ 105.561222][ T9149] tipc: Enabled bearer , priority 0 [ 105.564833][ T9149] syzkaller0: entered promiscuous mode [ 105.567315][ T9149] syzkaller0: entered allmulticast mode [ 105.573642][ T9149] tipc: Resetting bearer [ 105.576637][ T9147] tipc: Resetting bearer [ 105.582736][ T9147] tipc: Disabling bearer [ 105.798658][ T9161] netlink: 'syz.1.1271': attribute type 1 has an invalid length. [ 105.827334][ T9161] bond1: (slave geneve2): making interface the new active one [ 105.830374][ T9161] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 105.833169][ T102] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0 [ 105.837776][ T102] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0 [ 105.840704][ T102] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0 [ 105.844376][ T102] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0 [ 105.850690][ T9161] 8021q: adding VLAN 0 to HW filter on device bond1 [ 105.967499][ T9174] can: request_module (can-proto-0) failed. [ 105.970310][ T9174] __nla_validate_parse: 14 callbacks suppressed [ 105.970320][ T9174] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1277'. [ 105.976928][ T9174] bridge_slave_1: left allmulticast mode [ 105.979305][ T9174] bridge_slave_1: left promiscuous mode [ 105.981844][ T9174] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.987207][ T9174] bridge_slave_0: left allmulticast mode [ 105.989516][ T9174] bridge_slave_0: left promiscuous mode [ 105.992071][ T9174] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.098434][ T24] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 106.252734][ T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 106.257293][ T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 106.261099][ T24] usb 8-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 106.264769][ T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.270887][ T24] usb 8-1: config 0 descriptor?? [ 106.272077][ T9188] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1282'. [ 106.411689][ T9203] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1290'. [ 106.422091][ T9207] tipc: Enabling of bearer rejected, failed to enable media [ 106.579321][ T9220] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1295'. [ 106.675923][ T9] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 106.682057][ T24] usbhid 8-1:0.0: can't add hid device: -71 [ 106.684048][ T24] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 106.687966][ T24] usb 8-1: USB disconnect, device number 9 [ 106.835795][ T9] usb 6-1: Using ep0 maxpacket: 32 [ 106.839016][ T9] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 106.842113][ T9] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 106.845144][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 106.848589][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 106.852389][ T9] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 106.855979][ T9] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 106.860563][ T9] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 106.863130][ T9236] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1301'. [ 106.863739][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.870784][ T9] usb 6-1: config 0 descriptor?? [ 106.896870][ T9236] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.021703][ T9236] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.077825][ T9] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 107.083559][ T9] usb 6-1: USB disconnect, device number 9 [ 107.089545][ T9] usblp0: removed [ 107.176301][ T9236] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.248040][ T9236] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.267492][ T9238] syzkaller1: entered promiscuous mode [ 107.269272][ T9238] syzkaller1: entered allmulticast mode [ 107.314099][ T1137] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.322514][ T1137] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.330811][ T1137] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.338627][ T1148] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.464418][ T9249] tipc: Enabling of bearer rejected, failed to enable media [ 107.515904][ T24] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 107.547601][ T9259] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1308'. [ 107.622832][ T9267] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1310'. [ 107.630881][ T9267] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1310'. [ 107.635543][ T9267] netlink: 34 bytes leftover after parsing attributes in process `syz.3.1310'. [ 107.666825][ T24] usb 6-1: Using ep0 maxpacket: 32 [ 107.670703][ T24] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 107.674140][ T24] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 107.678804][ T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 107.682511][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 107.686755][ T24] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 107.690680][ T24] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 107.696400][ T24] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 107.699536][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.706645][ T24] usb 6-1: config 0 descriptor?? [ 107.914636][ T24] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 108.344474][ T9299] fuse: Bad value for 'fd' [ 108.559249][ T9305] vxcan2: entered promiscuous mode [ 109.075261][ T9331] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1336'. [ 109.170659][ T9339] vxcan2: entered promiscuous mode [ 109.343135][ T9366] vxcan2: entered promiscuous mode [ 109.461955][ T54] usb 6-1: USB disconnect, device number 10 [ 109.469795][ T54] usblp0: removed [ 109.593155][ T9392] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 110.906937][ T6042] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 110.972999][ T9458] syzkaller0: entered promiscuous mode [ 110.975353][ T9458] syzkaller0: entered allmulticast mode [ 111.057125][ T6042] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 111.061440][ T6042] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 111.065426][ T6042] usb 8-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 111.070171][ T6042] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.079906][ T6042] usb 8-1: config 0 descriptor?? [ 111.242330][ T9485] __nla_validate_parse: 4 callbacks suppressed [ 111.242341][ T9485] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1397'. [ 111.272685][ T9494] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1400'. [ 111.374715][ T9504] netlink: 'syz.1.1405': attribute type 1 has an invalid length. [ 111.391379][ T9504] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1405'. [ 111.395000][ T9504] 8021q: adding VLAN 0 to HW filter on device bond2 [ 111.487917][ T6042] usbhid 8-1:0.0: can't add hid device: -71 [ 111.490964][ T6042] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 111.498670][ T6042] usb 8-1: USB disconnect, device number 10 [ 111.550654][ T9525] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1415'. [ 111.592507][ T9531] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1418'. [ 111.717832][ T9547] binder: BINDER_SET_CONTEXT_MGR already set [ 111.721113][ T9547] binder: 9546:9547 ioctl 4018620d 80004a80 returned -16 [ 112.013794][ T9553] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1427'. [ 112.218070][ T9564] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1430'. [ 112.279737][ T9572] fuse: Bad value for 'fd' [ 112.479547][ T9590] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1444'. [ 112.485532][ T9590] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1444'. [ 112.495092][ T9590] netlink: 34 bytes leftover after parsing attributes in process `syz.2.1444'. [ 112.631797][ T9601] tipc: Enabled bearer , priority 0 [ 112.635249][ T9601] syzkaller0: entered promiscuous mode [ 112.637962][ T9601] syzkaller0: entered allmulticast mode [ 112.651572][ T9599] tipc: Resetting bearer [ 112.663586][ T9599] tipc: Disabling bearer [ 113.357896][ T9623] vxcan2: entered promiscuous mode [ 113.495514][ T9633] tipc: Enabled bearer , priority 0 [ 113.499741][ T9633] tipc: Resetting bearer [ 113.509192][ T9632] tipc: Disabling bearer [ 113.537683][ T9602] syz.1.1447 (9602) used greatest stack depth: 17752 bytes left [ 113.568613][ T9635] netlink: 'syz.1.1461': attribute type 1 has an invalid length. [ 114.547034][ T9664] tipc: Enabled bearer , priority 0 [ 114.554858][ T9664] tipc: Resetting bearer [ 114.570087][ T9663] tipc: Disabling bearer [ 115.209967][ T9699] netlink: 'syz.0.1482': attribute type 1 has an invalid length. [ 115.220912][ T9699] bond1: entered promiscuous mode [ 115.222919][ T9699] 8021q: adding VLAN 0 to HW filter on device bond1 [ 115.255247][ T9699] 8021q: adding VLAN 0 to HW filter on device bond2 [ 115.259456][ T9699] bond1: (slave bond2): making interface the new active one [ 115.262368][ T9699] bond2: entered promiscuous mode [ 115.265053][ T9699] bond1: (slave bond2): Enslaving as an active interface with an up link [ 115.613146][ T9728] bond3: entered promiscuous mode [ 115.614966][ T9728] bond3: entered allmulticast mode [ 115.617577][ T9728] 8021q: adding VLAN 0 to HW filter on device bond3 [ 115.733907][ T9732] lo: Caught tx_queue_len zero misconfig [ 116.080727][ T9751] binder: BINDER_SET_CONTEXT_MGR already set [ 116.082702][ T9751] binder: 9750:9751 ioctl 4018620d 80004a80 returned -16 [ 116.385165][ T9776] __nla_validate_parse: 8 callbacks suppressed [ 116.385180][ T9776] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1508'. [ 116.476803][ T9783] syzkaller0: entered promiscuous mode [ 116.479126][ T9783] syzkaller0: entered allmulticast mode [ 117.472153][ T9831] netlink: 'syz.3.1527': attribute type 10 has an invalid length. [ 117.474934][ T9831] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1527'. [ 117.480735][ T9831] batman_adv: batadv0: Adding interface: virt_wifi0 [ 117.483826][ T9831] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.495166][ T9831] batman_adv: batadv0: Interface activated: virt_wifi0 [ 118.261036][ T9883] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1547'. [ 118.710964][ T9911] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1558'. [ 118.729525][ T9913] vxcan2: entered promiscuous mode [ 118.734799][ T9915] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1560'. [ 119.043094][ T9938] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1569'. [ 119.136166][ T9946] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1572'. [ 119.160422][ T9946] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.259649][ T9946] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.342395][ T9946] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.497302][ T9946] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.557383][ T1148] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.564865][ T102] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.577123][ T54] IPVS: starting estimator thread 0... [ 119.579483][ T102] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.579507][ T102] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.685913][ T9989] IPVS: using max 23 ests per chain, 55200 per kthread [ 119.792608][ T9998] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1592'. [ 120.037078][T10021] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1603'. [ 120.552178][T10058] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1617'. [ 120.975056][T10092] netlink: 'syz.0.1628': attribute type 1 has an invalid length. [ 121.262800][T10118] fuse: Unknown parameter 'grou00000000000000000000' [ 121.396939][T10122] __nla_validate_parse: 4 callbacks suppressed [ 121.396955][T10122] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1640'. [ 121.482818][T10139] tipc: Enabled bearer , priority 0 [ 121.486884][T10139] syzkaller0: entered promiscuous mode [ 121.488918][T10139] syzkaller0: entered allmulticast mode [ 121.507394][T10143] fuse: Unknown parameter 'grou00000000000000000000' [ 121.520834][T10139] tipc: Resetting bearer [ 121.524852][T10138] tipc: Resetting bearer [ 121.534688][T10138] tipc: Disabling bearer [ 121.773907][T10166] fuse: Unknown parameter 'grou00000000000000000000' [ 121.829712][T10169] 8021q: adding VLAN 0 to HW filter on device bond0 [ 121.833287][T10169] 8021q: adding VLAN 0 to HW filter on device team0 [ 121.837786][T10169] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 121.842819][T10168] tipc: Enabling of bearer rejected, failed to enable media [ 122.571060][T10195] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1669'. [ 122.633129][T10201] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1672'. [ 122.812922][T10219] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1679'. [ 123.046802][T10238] sctp: [Deprecated]: syz.2.1686 (pid 10238) Use of int in max_burst socket option. [ 123.046802][T10238] Use struct sctp_assoc_value instead [ 123.175515][T10258] vxcan2: entered promiscuous mode [ 123.241582][T10267] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1699'. [ 123.449991][T10290] syzkaller0: entered promiscuous mode [ 123.451746][T10290] syzkaller0: entered allmulticast mode [ 123.639728][T10307] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1718'. [ 123.711480][T10312] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1720'. [ 123.781470][T10318] syzkaller0: entered promiscuous mode [ 123.783801][T10318] syzkaller0: entered allmulticast mode [ 123.899682][T10334] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1730'. [ 123.994582][T10347] tipc: Enabling of bearer rejected, failed to enable media [ 124.121898][T10360] syzkaller0: entered promiscuous mode [ 124.125162][T10360] syzkaller0: entered allmulticast mode [ 124.147404][T10366] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1742'. [ 124.264887][T10379] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1746'. [ 124.310204][T10387] tipc: Enabled bearer , priority 0 [ 124.313820][T10387] syzkaller0: entered promiscuous mode [ 124.316368][T10387] syzkaller0: entered allmulticast mode [ 124.328353][T10387] tipc: Resetting bearer [ 124.331321][T10386] tipc: Resetting bearer [ 124.346378][T10386] tipc: Disabling bearer [ 124.387065][T10397] syzkaller0: entered promiscuous mode [ 124.389177][T10397] syzkaller0: entered allmulticast mode [ 125.017837][T10441] vxcan2: entered promiscuous mode [ 125.115728][T10450] tipc: Enabled bearer , priority 0 [ 125.119336][T10450] syzkaller0: entered promiscuous mode [ 125.121741][T10450] syzkaller0: entered allmulticast mode [ 125.129911][T10450] tipc: Resetting bearer [ 125.133563][T10449] tipc: Resetting bearer [ 125.142665][T10449] tipc: Disabling bearer [ 125.250359][T10454] tipc: Enabling of bearer rejected, failed to enable media [ 125.514070][T10483] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.570344][T10483] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.633823][T10483] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.753493][T10483] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.884793][ T1137] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.896505][ T46] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.947789][T10504] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 125.954567][ T1148] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.964177][ T1148] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.215784][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 126.286038][T10532] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 126.303762][T10532] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 126.425202][T10541] __nla_validate_parse: 9 callbacks suppressed [ 126.425212][T10541] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1806'. [ 126.435944][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 126.509630][T10532] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 126.512910][T10532] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 126.718829][T10504] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 126.720871][T10504] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 126.732726][T10504] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 126.734708][T10504] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 126.742641][T10504] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 126.744769][T10504] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 126.992139][T10567] fuse: Bad value for 'fd' [ 127.005786][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 127.267899][T10574] tipc: Enabled bearer , priority 0 [ 127.270549][T10574] syzkaller0: entered promiscuous mode [ 127.272325][T10574] syzkaller0: entered allmulticast mode [ 127.281062][T10574] tipc: Resetting bearer [ 127.285476][T10573] tipc: Resetting bearer [ 127.292467][T10573] tipc: Disabling bearer [ 127.642303][T10584] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1820'. [ 127.657488][T10584] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.701454][T10590] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1822'. [ 127.721232][T10584] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.806760][T10584] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.883951][T10584] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.857525][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 128.868156][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 128.886858][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 128.889591][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 128.893355][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 128.896544][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 128.899290][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 129.169149][T10604] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1826'. [ 129.216923][T10606] tipc: Enabling of bearer rejected, failed to enable media [ 129.640939][T10620] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1828'. [ 129.801492][T10625] vxcan2: entered promiscuous mode [ 130.012648][T10631] tipc: Enabled bearer , priority 0 [ 130.016735][T10631] syzkaller0: entered promiscuous mode [ 130.018588][T10631] syzkaller0: entered allmulticast mode [ 130.037861][T10630] tipc: Resetting bearer [ 130.050374][T10630] tipc: Disabling bearer [ 130.140665][ T1137] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.150574][ T1137] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.163102][ T1137] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.190689][ T1137] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.211883][T10634] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1832'. [ 130.327795][T10641] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1837'. [ 130.349246][T10651] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1840'. [ 130.382580][T10660] tipc: Enabled bearer , priority 0 [ 130.385187][T10660] syzkaller0: entered promiscuous mode [ 130.388260][T10660] syzkaller0: entered allmulticast mode [ 130.399992][T10659] tipc: Resetting bearer [ 130.416464][T10659] tipc: Disabling bearer [ 130.482878][T10666] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1844'. [ 130.528893][T10666] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 130.589130][T10673] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1847'. [ 130.624693][T10666] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 130.707760][T10666] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 130.713907][T10684] tipc: Enabling of bearer rejected, failed to enable media [ 130.816585][T10666] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 130.910281][ T12] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 130.923482][ T12] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 130.931235][ T1148] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 130.943011][ T1148] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 130.952003][T10708] tipc: Enabling of bearer rejected, failed to enable media [ 131.005731][ T29] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 131.155842][ T29] usb 8-1: Using ep0 maxpacket: 32 [ 131.159757][ T29] usb 8-1: config index 0 descriptor too short (expected 29220, got 36) [ 131.163418][ T29] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 131.167173][ T29] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 131.170902][ T29] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 131.175231][ T29] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 131.180258][ T29] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 131.185741][ T29] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 131.189177][ T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.194677][ T29] usb 8-1: config 0 descriptor?? [ 131.231257][T10741] tipc: Enabling of bearer rejected, failed to enable media [ 131.403027][ T29] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 11 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 131.410631][ T29] usb 8-1: USB disconnect, device number 11 [ 131.414637][ T29] usblp0: removed [ 131.856313][ T6042] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 132.005920][ T6042] usb 8-1: Using ep0 maxpacket: 32 [ 132.009360][ T6042] usb 8-1: config index 0 descriptor too short (expected 29220, got 36) [ 132.012207][ T6042] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 132.015119][ T6042] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 132.018857][ T6042] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 132.022290][ T6042] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 132.025443][ T6042] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 132.030058][ T6042] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 132.032903][ T6042] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.036842][ T6042] usb 8-1: config 0 descriptor?? [ 132.082976][T10771] tipc: Enabling of bearer rejected, failed to enable media [ 132.129734][T10775] tipc: Enabling of bearer rejected, failed to enable media [ 132.217597][T10780] __nla_validate_parse: 2 callbacks suppressed [ 132.217653][T10780] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1880'. [ 132.247048][ T6042] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 12 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 132.327798][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.329948][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.544717][ C3] usblp0: nonzero read bulk status received: -71 [ 132.545867][ T53] usb 8-1: USB disconnect, device number 12 [ 132.547862][T10798] usblp0: error -71 reading from printer [ 132.551176][T10691] usblp0: error -19 reading from printer [ 132.747600][T10689] usblp0: removed [ 133.305293][T10811] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1887'. [ 133.599516][T10821] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1892'. [ 133.705190][T10828] tipc: Enabled bearer , priority 0 [ 133.709982][T10828] syzkaller0: entered promiscuous mode [ 133.712374][T10828] syzkaller0: entered allmulticast mode [ 133.731712][T10828] tipc: Resetting bearer [ 133.737494][T10827] tipc: Resetting bearer [ 133.748017][T10827] tipc: Disabling bearer [ 134.222529][T10848] tipc: Enabled bearer , priority 0 [ 134.237712][T10848] syzkaller0: entered promiscuous mode [ 134.240083][T10848] syzkaller0: entered allmulticast mode [ 134.267455][T10848] tipc: Resetting bearer [ 134.285836][T10847] tipc: Resetting bearer [ 134.309121][T10847] tipc: Disabling bearer [ 134.482895][T10850] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1902'. [ 134.991847][T10846] 9pnet_fd: p9_fd_create_tcp (10846): problem connecting socket to 127.0.0.1 [ 135.128148][T10865] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1910'. [ 135.340493][T10874] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1914'. [ 135.564949][T10887] tipc: Enabling of bearer rejected, failed to enable media [ 135.573441][T10889] tipc: Enabled bearer , priority 0 [ 135.576617][T10889] syzkaller0: entered promiscuous mode [ 135.578744][T10889] syzkaller0: entered allmulticast mode [ 135.585230][T10889] tipc: Resetting bearer [ 135.588611][T10888] tipc: Resetting bearer [ 135.596137][T10888] tipc: Disabling bearer [ 136.578938][T10914] syzkaller0: entered promiscuous mode [ 136.580794][T10914] syzkaller0: entered allmulticast mode [ 136.742537][T10925] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1931'. [ 137.577284][T10956] syzkaller0: entered promiscuous mode [ 137.579176][T10956] syzkaller0: entered allmulticast mode [ 138.671380][T10978] vxcan2: entered promiscuous mode [ 138.771295][T10984] syzkaller0: entered promiscuous mode [ 138.773855][T10984] syzkaller0: entered allmulticast mode [ 138.976170][T10997] syzkaller0: entered promiscuous mode [ 138.978548][T10997] syzkaller0: entered allmulticast mode [ 139.187036][T11003] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1956'. [ 139.792378][T11017] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1962'. [ 139.796917][T11017] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1962'. [ 139.851662][T11022] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1964'. [ 140.026530][T11033] netlink: 408 bytes leftover after parsing attributes in process `syz.0.1968'. [ 140.055280][T11035] fuse: Unknown parameter 'user_id00000000000000000000' [ 140.242115][T11043] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1973'. [ 140.406388][T11052] tipc: Enabled bearer , priority 0 [ 140.409508][T11052] syzkaller0: entered promiscuous mode [ 140.411216][T11052] syzkaller0: entered allmulticast mode [ 140.421264][T11051] tipc: Resetting bearer [ 140.428139][T11051] tipc: Disabling bearer [ 140.634226][T11056] fuse: Unknown parameter 'user_id00000000000000000000' [ 141.140651][T11079] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1987'. [ 141.181267][T11081] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1988'. [ 141.524868][T11105] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1998'. [ 142.900729][T11137] tipc: Enabled bearer , priority 0 [ 142.903832][T11137] syzkaller0: entered promiscuous mode [ 142.908082][T11137] syzkaller0: entered allmulticast mode [ 142.916138][T11137] tipc: Resetting bearer [ 142.921768][T11136] tipc: Resetting bearer [ 142.933123][T11136] tipc: Disabling bearer [ 143.784320][T11152] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2014'. [ 143.929718][T11161] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 143.994181][T11161] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.053701][T11161] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.113005][T11161] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.190779][ T102] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.203155][ T102] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.213450][ T1148] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.224927][ T1148] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.937206][T11204] tipc: Enabling of bearer rejected, failed to enable media [ 144.970024][T11211] __nla_validate_parse: 1 callbacks suppressed [ 144.970039][T11211] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2037'. [ 145.016556][T11215] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.2040'. [ 145.055405][T11221] syzkaller0: entered promiscuous mode [ 145.058326][T11221] syzkaller0: entered allmulticast mode [ 145.278114][T11240] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2049'. [ 145.297914][T11242] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.2050'. [ 145.421421][T11255] syzkaller0: entered promiscuous mode [ 145.423166][T11255] syzkaller0: entered allmulticast mode [ 145.433498][T11257] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2057'. [ 145.656893][T11269] netlink: 'syz.1.2061': attribute type 3 has an invalid length. [ 145.659471][T11269] netlink: 'syz.1.2061': attribute type 1 has an invalid length. [ 145.662510][T11269] netlink: 'syz.1.2061': attribute type 2 has an invalid length. [ 145.665976][T11269] netlink: 198328 bytes leftover after parsing attributes in process `syz.1.2061'. [ 145.705957][T11272] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2062'. [ 145.796714][T11279] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2066'. [ 145.950902][T11283] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2068'. [ 145.954474][T11283] 8021q: adding VLAN 0 to HW filter on device bond5 [ 146.096073][T11300] netlink: 'syz.3.2074': attribute type 46 has an invalid length. [ 146.098761][T11300] netlink: 'syz.3.2074': attribute type 19 has an invalid length. [ 146.101325][T11300] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2074'. [ 146.171917][T11307] 8021q: adding VLAN 0 to HW filter on device bond6 [ 146.599888][T11361] tipc: Enabled bearer , priority 0 [ 146.607959][T11361] syzkaller0: entered promiscuous mode [ 146.612114][T11361] syzkaller0: entered allmulticast mode [ 146.613864][ T6760] kernel write not supported for file /1326/loginuid (pid: 6760 comm: kworker/0:3) [ 146.686720][T11359] tipc: Resetting bearer [ 146.714583][T11359] tipc: Disabling bearer [ 146.984342][T11386] syzkaller0: entered promiscuous mode [ 146.986142][T11386] syzkaller0: entered allmulticast mode [ 147.617571][T11399] netlink: 'syz.0.2114': attribute type 1 has an invalid length. [ 147.640318][T11399] 8021q: adding VLAN 0 to HW filter on device bond7 [ 147.710212][T11406] syzkaller0: entered promiscuous mode [ 147.712650][T11406] syzkaller0: entered allmulticast mode [ 147.740021][T11408] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.830833][T11408] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.912407][T11408] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.971650][T11408] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.054537][ T102] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.066596][ T1148] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.083514][ T1148] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.088826][ T1148] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.754785][T11425] binder: 11424:11425 ioctl c0306201 800004c0 returned -22 [ 148.940331][T11432] syzkaller0: entered promiscuous mode [ 148.942093][T11432] syzkaller0: entered allmulticast mode [ 149.583760][T11461] tipc: Enabling of bearer rejected, failed to enable media [ 149.993711][T11479] __nla_validate_parse: 4 callbacks suppressed [ 149.993730][T11479] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2143'. [ 150.227995][T11503] fuse: Unknown parameter 'fd0x0000000000000004' [ 150.255520][T11507] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2153'. [ 150.305944][T11509] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2155'. [ 150.438449][T11513] netlink: 'syz.2.2156': attribute type 1 has an invalid length. [ 150.487592][T11513] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 150.492252][T11513] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2156'. [ 150.496358][T11513] 8021q: adding VLAN 0 to HW filter on device bond1 [ 150.500238][ T102] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 20000 - 0 [ 150.502874][ T102] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 20000 - 0 [ 150.512704][ T102] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 20000 - 0 [ 150.515297][ T102] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 20000 - 0 [ 150.546134][T11518] tipc: Enabling of bearer rejected, failed to enable media [ 151.697533][T11547] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2167'. [ 151.814866][T11555] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 151.873887][T11557] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2173'. [ 152.572285][T11572] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2179'. [ 153.002429][T11592] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2187'. [ 154.920095][T11633] netlink: 620 bytes leftover after parsing attributes in process `syz.0.2197'. [ 154.979146][T11635] netlink: 'syz.0.2198': attribute type 3 has an invalid length. [ 154.981817][T11635] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2198'. [ 155.319109][T11644] vxcan2: entered promiscuous mode [ 155.466322][ T10] usb 5-1: USB disconnect, device number 3 [ 155.620447][ T5986] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 155.624964][ T5986] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 155.626201][T11654] netlink: 620 bytes leftover after parsing attributes in process `syz.1.2206'. [ 155.630734][ T5986] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 155.635224][ T5986] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 155.641320][ T5986] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 155.657108][ T5979] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 155.664030][ T5979] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 155.668446][ T5979] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 155.671835][ T5979] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 155.675199][ T5979] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 155.944691][T11677] tipc: Enabled bearer , priority 0 [ 155.950977][T11677] tipc: Resetting bearer [ 155.957599][T11676] tipc: Disabling bearer [ 155.990510][T11655] chnl_net:caif_netlink_parms(): no params data found [ 156.236986][T11655] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.239498][T11655] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.241985][T11655] bridge_slave_0: entered allmulticast mode [ 156.245072][T11655] bridge_slave_0: entered promiscuous mode [ 156.250525][T11655] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.253765][T11655] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.257262][T11655] bridge_slave_1: entered allmulticast mode [ 156.261018][T11655] bridge_slave_1: entered promiscuous mode [ 156.312362][T11655] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 156.319539][T11655] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 156.428621][T11655] team0: Port device team_slave_0 added [ 156.430888][T11697] syzkaller0: entered promiscuous mode [ 156.433221][T11697] syzkaller0: entered allmulticast mode [ 156.437291][T11655] team0: Port device team_slave_1 added [ 156.482717][T11655] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 156.484928][T11655] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.494118][T11655] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 156.507597][T11655] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 156.510040][T11655] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.518146][T11655] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 156.569545][T11655] hsr_slave_0: entered promiscuous mode [ 156.573511][T11655] hsr_slave_1: entered promiscuous mode [ 156.577243][T11655] debugfs: 'hsr0' already exists in 'hsr' [ 156.579619][T11655] Cannot create hsr debugfs directory [ 156.644130][T11701] tipc: Enabled bearer , priority 0 [ 156.654181][T11701] syzkaller0: entered promiscuous mode [ 156.657280][T11701] syzkaller0: entered allmulticast mode [ 156.680348][T11700] tipc: Resetting bearer [ 156.691875][T11700] tipc: Disabling bearer [ 156.787162][T11703] tipc: Enabling of bearer rejected, failed to enable media [ 156.984893][T11712] syzkaller0: entered promiscuous mode [ 156.990075][T11712] syzkaller0: entered allmulticast mode [ 157.067681][T11655] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 157.079049][T11655] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 157.087663][T11655] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 157.094770][T11655] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 157.106175][T11716] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2223'. [ 157.112229][T11716] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2223'. [ 157.164641][T11655] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.191761][T11732] tipc: Enabled bearer , priority 0 [ 157.195221][T11732] syzkaller0: entered promiscuous mode [ 157.198988][T11732] syzkaller0: entered allmulticast mode [ 157.204253][T11655] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.216170][T11730] tipc: Resetting bearer [ 157.227907][T11730] tipc: Disabling bearer [ 157.236697][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.238983][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.250121][ T1137] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.252442][ T1137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.313468][T11742] syzkaller0: entered promiscuous mode [ 157.316448][T11742] syzkaller0: entered allmulticast mode [ 157.389952][T11754] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2234'. [ 157.453025][T11655] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.465204][T11763] syzkaller0: entered promiscuous mode [ 157.467853][T11763] syzkaller0: entered allmulticast mode [ 157.500453][T11767] tipc: Enabling of bearer rejected, failed to enable media [ 157.519173][T11655] veth0_vlan: entered promiscuous mode [ 157.524401][T11655] veth1_vlan: entered promiscuous mode [ 157.541999][T11655] veth0_macvtap: entered promiscuous mode [ 157.546834][T11655] veth1_macvtap: entered promiscuous mode [ 157.559788][T11655] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 157.567195][T11655] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 157.586947][ T1137] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.600051][ T1137] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.611616][ T60] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.622389][ T60] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.652439][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.657472][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 157.679104][T11782] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2241'. [ 157.679833][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.686600][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 157.768401][ T5986] Bluetooth: hci4: command tx timeout [ 157.820316][T11788] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2247'. [ 157.957744][T11796] tipc: Started in network mode [ 157.959902][T11796] tipc: Node identity 9a536081d9e4, cluster identity 4711 [ 157.963167][T11796] tipc: Enabled bearer , priority 0 [ 157.967549][T11796] syzkaller0: entered promiscuous mode [ 157.970241][T11796] syzkaller0: entered allmulticast mode [ 157.978983][T11796] tipc: Resetting bearer [ 157.986693][T11795] tipc: Resetting bearer [ 157.995894][T11795] tipc: Disabling bearer [ 158.698963][T11816] syzkaller0: entered promiscuous mode [ 158.701879][T11816] syzkaller0: entered allmulticast mode [ 159.846104][ T5986] Bluetooth: hci4: command tx timeout [ 160.186946][T11849] vxcan2: entered promiscuous mode [ 160.426124][T11859] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2274'. [ 161.645539][T11872] syzkaller0: entered promiscuous mode [ 161.648477][T11872] syzkaller0: entered allmulticast mode [ 161.675542][T11876] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2278'. [ 161.683686][T11876] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2278'. [ 161.776986][T11884] syzkaller0: entered promiscuous mode [ 161.778821][T11884] syzkaller0: entered allmulticast mode [ 161.926286][ T5986] Bluetooth: hci4: command tx timeout [ 162.182999][T11906] vxcan2: entered promiscuous mode [ 162.383743][T11914] syzkaller0: entered promiscuous mode [ 162.387755][T11914] syzkaller0: entered allmulticast mode [ 162.430896][T11918] tipc: Enabling of bearer rejected, failed to enable media [ 163.577314][T11962] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2305'. [ 163.581399][T11962] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2305'. [ 163.680044][T11968] tipc: Enabling of bearer rejected, failed to enable media [ 163.915368][T11991] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2313'. [ 164.015952][ T5986] Bluetooth: hci4: command tx timeout [ 164.796049][T12009] vxcan2: entered promiscuous mode [ 164.921978][T12016] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2322'. [ 164.948909][T12016] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.029599][T12016] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.117229][T12016] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.200218][T12016] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.368776][ T60] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.373004][ T60] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.394099][ T1148] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.412640][ T1148] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.594251][T12046] tipc: Enabled bearer , priority 0 [ 165.602584][T12046] syzkaller0: entered promiscuous mode [ 165.604465][T12046] syzkaller0: entered allmulticast mode [ 165.609825][T12046] tipc: Resetting bearer [ 165.628726][T12045] tipc: Resetting bearer [ 165.656525][T12045] tipc: Disabling bearer [ 165.873395][T12060] netlink: 'syz.3.2336': attribute type 1 has an invalid length. [ 165.890867][T12060] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2336'. [ 165.896620][T12060] 8021q: adding VLAN 0 to HW filter on device bond1 [ 165.934323][T12063] tipc: Enabled bearer , priority 0 [ 165.942248][T12063] tipc: Resetting bearer [ 165.956073][T12062] tipc: Disabling bearer [ 166.502713][T12075] vxcan2: entered promiscuous mode [ 166.514486][T12077] tipc: Enabled bearer , priority 0 [ 166.517039][T12077] syzkaller0: entered promiscuous mode [ 166.518769][T12077] syzkaller0: entered allmulticast mode [ 166.524264][T12077] tipc: Resetting bearer [ 166.527962][T12076] tipc: Resetting bearer [ 166.539321][T12076] tipc: Disabling bearer [ 166.613710][T12080] netlink: 1688 bytes leftover after parsing attributes in process `syz.3.2343'. [ 167.446975][T12099] netlink: 'syz.0.2348': attribute type 1 has an invalid length. [ 167.450752][T12099] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2348'. [ 167.478829][ T5979] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 167.482969][ T5979] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 167.488314][ T5979] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 167.492180][ T5979] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 167.495561][ T5979] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 167.501833][T12105] netlink: 'syz.0.2353': attribute type 72 has an invalid length. [ 167.716579][T12100] chnl_net:caif_netlink_parms(): no params data found [ 167.822761][T12100] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.825228][T12100] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.830399][T12100] bridge_slave_0: entered allmulticast mode [ 167.833535][T12100] bridge_slave_0: entered promiscuous mode [ 167.837891][T12100] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.840340][T12100] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.843013][T12100] bridge_slave_1: entered allmulticast mode [ 167.845865][T12100] bridge_slave_1: entered promiscuous mode [ 167.999995][T12100] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.006969][T12100] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 168.050137][T12100] team0: Port device team_slave_0 added [ 168.053308][T12100] team0: Port device team_slave_1 added [ 168.101688][T12100] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 168.104642][T12100] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.115186][T12100] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 168.122855][T12100] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 168.127156][T12100] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.137012][T12100] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 168.190746][T12100] hsr_slave_0: entered promiscuous mode [ 168.193767][T12100] hsr_slave_1: entered promiscuous mode [ 168.196390][T12100] debugfs: 'hsr0' already exists in 'hsr' [ 168.198281][T12100] Cannot create hsr debugfs directory [ 168.333798][T12100] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.338433][T12100] netdevsim netdevsim2 eth3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 168.388572][T12127] tipc: Enabling of bearer rejected, failed to enable media [ 168.435356][T12100] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.436116][T12133] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2360'. [ 168.439646][T12100] netdevsim netdevsim2 eth2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 168.517226][T12139] tipc: Enabled bearer , priority 0 [ 168.520769][T12139] syzkaller0: entered promiscuous mode [ 168.523172][T12139] syzkaller0: entered allmulticast mode [ 168.533165][T12139] tipc: Resetting bearer [ 168.537538][T12138] tipc: Resetting bearer [ 168.544659][T12138] tipc: Disabling bearer [ 168.573504][T12100] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.579602][T12100] netdevsim netdevsim2 eth1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 168.598656][T12142] netlink: 568 bytes leftover after parsing attributes in process `syz.3.2362'. [ 168.695330][T12100] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.699546][T12100] netdevsim netdevsim2 eth0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 168.841178][T12100] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 168.853442][T12100] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 168.858872][T12100] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 168.865183][T12100] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 168.876755][T12164] tipc: Enabling of bearer rejected, failed to enable media [ 168.917749][T12100] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.938967][T12100] 8021q: adding VLAN 0 to HW filter on device team0 [ 168.946416][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.948678][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.954824][ T1171] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.957094][ T1171] bridge0: port 2(bridge_slave_1) entered forwarding state [ 169.105021][T12100] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 169.125057][T12100] veth0_vlan: entered promiscuous mode [ 169.130628][T12100] veth1_vlan: entered promiscuous mode [ 169.150161][T12100] veth0_macvtap: entered promiscuous mode [ 169.154523][T12100] veth1_macvtap: entered promiscuous mode [ 169.169217][T12100] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 169.179288][T12100] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 169.188113][ T1137] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.191057][ T1137] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.195189][ T1137] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.198985][ T1137] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.245784][ T1137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 169.249537][ T1137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 169.263377][ T1137] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 169.267169][ T1137] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 169.306433][T12188] vxcan2: entered promiscuous mode [ 169.535864][ T5979] Bluetooth: hci0: command tx timeout [ 169.812634][T12208] netlink: 'syz.1.2378': attribute type 1 has an invalid length. [ 169.827847][T12208] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2378'. [ 169.832962][T12208] 8021q: adding VLAN 0 to HW filter on device bond3 [ 169.870373][T12213] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2379'. [ 169.874104][T12212] tipc: Enabling of bearer rejected, failed to enable media [ 169.878398][T12212] syzkaller0: entered promiscuous mode [ 169.880707][T12212] syzkaller0: entered allmulticast mode [ 170.113475][T12224] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2384'. [ 170.149394][T12228] syzkaller0: entered promiscuous mode [ 170.151169][T12228] syzkaller0: entered allmulticast mode [ 170.296847][T12233] tipc: Enabled bearer , priority 0 [ 170.299488][T12233] syzkaller0: entered promiscuous mode [ 170.301218][T12233] syzkaller0: entered allmulticast mode [ 170.308711][T12233] tipc: Resetting bearer [ 170.314357][T12232] tipc: Resetting bearer [ 170.321987][T12232] tipc: Disabling bearer [ 170.485938][ T24] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 170.662971][ T24] usb 7-1: Using ep0 maxpacket: 16 [ 170.667653][ T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 170.671952][ T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 170.675054][ T24] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 170.680439][ T24] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 170.683299][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.689010][ T24] usb 7-1: config 0 descriptor?? [ 170.795552][T12245] tipc: Enabling of bearer rejected, failed to enable media [ 170.799570][T12245] syzkaller0: entered promiscuous mode [ 170.801666][T12245] syzkaller0: entered allmulticast mode [ 170.967671][T12247] netlink: 620 bytes leftover after parsing attributes in process `syz.1.2393'. [ 171.097036][ T24] HID 045e:07da: Invalid code 65791 type 1 [ 171.099057][ T24] HID 045e:07da: Invalid code 768 type 1 [ 171.100915][ T24] HID 045e:07da: Invalid code 769 type 1 [ 171.102680][ T24] HID 045e:07da: Invalid code 770 type 1 [ 171.104504][ T24] HID 045e:07da: Invalid code 771 type 1 [ 171.106772][ T24] HID 045e:07da: Invalid code 772 type 1 [ 171.108668][ T24] HID 045e:07da: Invalid code 773 type 1 [ 171.110838][ T24] HID 045e:07da: Invalid code 774 type 1 [ 171.112923][ T24] HID 045e:07da: Invalid code 775 type 1 [ 171.114865][ T24] HID 045e:07da: Invalid code 776 type 1 [ 171.122287][ T24] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/0003:045E:07DA.0006/input/input11 [ 171.193617][ T24] microsoft 0003:045E:07DA.0006: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 171.296560][ T6042] usb 7-1: USB disconnect, device number 2 [ 171.605839][ T5979] Bluetooth: hci0: command tx timeout [ 171.901164][T12263] netlink: 'syz.2.2399': attribute type 1 has an invalid length. [ 171.908703][T12263] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2399'. [ 171.959468][T12273] tipc: Started in network mode [ 171.961699][T12273] tipc: Node identity 46f901fbc5af, cluster identity 4711 [ 171.964902][T12273] tipc: Enabled bearer , priority 0 [ 171.968736][T12273] syzkaller0: entered promiscuous mode [ 171.971279][T12273] syzkaller0: entered allmulticast mode [ 171.979610][T12273] tipc: Resetting bearer [ 172.051176][T12272] tipc: Resetting bearer [ 172.066449][T12272] tipc: Disabling bearer [ 172.621337][T12284] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2405'. [ 173.014225][T12298] netlink: 'syz.0.2411': attribute type 1 has an invalid length. [ 173.036942][T12298] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2411'. [ 173.040761][T12298] 8021q: adding VLAN 0 to HW filter on device bond1 [ 173.099575][T12304] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2413'. [ 173.110917][T12304] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.170985][T12304] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.229778][T12304] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.263646][T12313] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2416'. [ 173.305565][T12304] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.329737][T12317] syzkaller0: entered promiscuous mode [ 173.332034][T12317] syzkaller0: entered allmulticast mode [ 173.401310][ T12] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.420807][ T1148] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.423896][ T1148] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.431968][ T1148] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.468608][T12322] netlink: 'syz.1.2421': attribute type 1 has an invalid length. [ 173.483098][T12322] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2421'. [ 173.484652][T12323] tipc: Enabling of bearer rejected, failed to enable media [ 173.489835][T12322] 8021q: adding VLAN 0 to HW filter on device bond4 [ 173.493037][T12323] syzkaller0: entered promiscuous mode [ 173.495507][T12323] syzkaller0: entered allmulticast mode [ 173.561013][T12327] tipc: Enabled bearer , priority 0 [ 173.563747][T12327] syzkaller0: entered promiscuous mode [ 173.566548][T12327] syzkaller0: entered allmulticast mode [ 173.580340][T12327] tipc: Resetting bearer [ 173.584319][T12326] tipc: Resetting bearer [ 173.591957][T12326] tipc: Disabling bearer [ 173.659590][ T5986] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 173.662913][ T5986] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 173.667998][ T5986] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 173.670994][ T5986] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 173.674213][ T5986] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 173.695758][ T5986] Bluetooth: hci0: command tx timeout [ 173.783984][T12333] vxcan2: entered promiscuous mode [ 173.914220][T12328] chnl_net:caif_netlink_parms(): no params data found [ 174.002041][T12328] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.005414][T12328] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.010039][T12328] bridge_slave_0: entered allmulticast mode [ 174.012867][T12328] bridge_slave_0: entered promiscuous mode [ 174.016778][T12328] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.019902][T12328] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.022814][T12328] bridge_slave_1: entered allmulticast mode [ 174.026236][T12328] bridge_slave_1: entered promiscuous mode [ 174.064237][T12328] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 174.069252][T12328] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 174.104604][T12328] team0: Port device team_slave_0 added [ 174.109905][T12328] team0: Port device team_slave_1 added [ 174.157291][T12328] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 174.160323][T12328] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 174.173997][T12328] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 174.188862][T12328] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 174.191069][T12328] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 174.203467][T12328] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 174.243768][T12328] hsr_slave_0: entered promiscuous mode [ 174.246906][T12328] hsr_slave_1: entered promiscuous mode [ 174.249085][T12328] debugfs: 'hsr0' already exists in 'hsr' [ 174.250925][T12328] Cannot create hsr debugfs directory [ 174.305930][T12346] netlink: 'syz.3.2427': attribute type 17 has an invalid length. [ 174.357975][T12346] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.360487][T12346] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.419850][T12346] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 174.505016][ T1148] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.509213][ T1148] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.518158][ T60] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.520864][ T60] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.527676][T12328] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 174.584417][T12328] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 174.649723][T12328] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 174.710157][T12328] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 174.861391][T12328] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 174.868341][T12328] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 174.875521][T12328] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 174.882485][T12328] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 174.966819][T12328] 8021q: adding VLAN 0 to HW filter on device bond0 [ 174.982532][T12328] 8021q: adding VLAN 0 to HW filter on device team0 [ 174.989963][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.992398][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.002002][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.004870][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.078952][T12328] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 175.096514][T12367] syzkaller0: entered promiscuous mode [ 175.098341][T12367] syzkaller0: entered allmulticast mode [ 175.242637][T12328] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.273976][T12328] veth0_vlan: entered promiscuous mode [ 175.279290][T12328] veth1_vlan: entered promiscuous mode [ 175.298592][T12328] veth0_macvtap: entered promiscuous mode [ 175.304488][T12328] veth1_macvtap: entered promiscuous mode [ 175.313533][T12328] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 175.322312][T12328] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 175.331958][ T46] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.336550][ T46] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.342280][ T46] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.345397][ T46] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.390078][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.396787][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.411882][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.415223][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.450056][T12383] tipc: Enabling of bearer rejected, failed to enable media [ 175.586963][T12390] netlink: 'syz.2.2437': attribute type 12 has an invalid length. [ 175.590415][T12390] netlink: 'syz.2.2437': attribute type 29 has an invalid length. [ 175.593948][T12390] netlink: 148 bytes leftover after parsing attributes in process `syz.2.2437'. [ 175.685868][ T5986] Bluetooth: hci3: command tx timeout [ 175.765920][ T5986] Bluetooth: hci0: command tx timeout [ 176.009521][ T40] audit: type=1326 audit(1758543289.402:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12395 comm="syz.3.2439" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 176.017263][ T40] audit: type=1326 audit(1758543289.402:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12395 comm="syz.3.2439" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 176.024070][ T40] audit: type=1326 audit(1758543289.402:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12395 comm="syz.3.2439" exe="/syz-executor" sig=0 arch=40000003 syscall=292 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 176.031548][ T40] audit: type=1326 audit(1758543289.402:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12395 comm="syz.3.2439" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 176.039881][ T40] audit: type=1326 audit(1758543289.402:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12395 comm="syz.3.2439" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 176.046952][ T40] audit: type=1326 audit(1758543289.402:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12395 comm="syz.3.2439" exe="/syz-executor" sig=0 arch=40000003 syscall=40 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 176.054751][ T40] audit: type=1326 audit(1758543289.402:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12395 comm="syz.3.2439" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 176.062351][ T40] audit: type=1326 audit(1758543289.402:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12395 comm="syz.3.2439" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 176.070304][ T40] audit: type=1326 audit(1758543289.402:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12395 comm="syz.3.2439" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 176.077484][ T40] audit: type=1326 audit(1758543289.402:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12395 comm="syz.3.2439" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 176.225494][T12403] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2441'. [ 176.280997][T12408] tipc: Enabled bearer , priority 0 [ 176.284484][T12408] syzkaller0: entered promiscuous mode [ 176.287033][T12408] syzkaller0: entered allmulticast mode [ 176.307085][T12408] tipc: Resetting bearer [ 176.311428][T12407] tipc: Resetting bearer [ 176.322173][T12407] tipc: Disabling bearer [ 177.491688][T12440] tipc: Started in network mode [ 177.493428][T12440] tipc: Node identity 8ab4435e3d05, cluster identity 4711 [ 177.499107][T12440] tipc: Enabled bearer , priority 0 [ 177.504316][T12440] syzkaller0: entered promiscuous mode [ 177.506760][T12440] syzkaller0: entered allmulticast mode [ 177.520604][T12440] tipc: Resetting bearer [ 177.524330][T12439] tipc: Resetting bearer [ 177.533821][T12439] tipc: Disabling bearer [ 177.765787][ T5986] Bluetooth: hci3: command tx timeout [ 178.106903][T12452] vxcan2: entered promiscuous mode [ 178.236589][T12455] syz.2.2461 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 178.250712][ T6028] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 178.258773][ T6028] hid-generic 0000:0000:0000.0007: hidraw1: HID v0.00 Device [syz1] on syz0 [ 178.719026][T12470] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2465'. [ 178.722280][T12470] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 178.754961][T12470] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 178.966012][T12185] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 179.116010][T12185] usb 5-1: Using ep0 maxpacket: 8 [ 179.122676][T12185] usb 5-1: unable to get BOS descriptor or descriptor too short [ 179.135772][T12185] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 179.139395][T12185] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 8 [ 179.142550][T12185] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023 [ 179.154948][T12185] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 179.165686][T12185] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 179.168310][T12185] usb 5-1: Product: syz [ 179.169852][T12185] usb 5-1: Manufacturer: syz [ 179.171858][T12185] usb 5-1: SerialNumber: syz [ 179.255956][T12478] tipc: Enabled bearer , priority 0 [ 179.318087][T12479] tipc: Resetting bearer [ 179.334335][T12477] tipc: Disabling bearer [ 179.445332][T12483] vxcan2: entered promiscuous mode [ 179.845807][ T5986] Bluetooth: hci3: command tx timeout [ 180.462832][T12500] syzkaller0: entered promiscuous mode [ 180.464688][T12500] syzkaller0: entered allmulticast mode [ 180.592128][T12502] netlink: 'syz.1.2476': attribute type 4 has an invalid length. [ 181.306170][T12185] cdc_ncm 5-1:1.0: bind() failure [ 181.312944][T12185] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 181.316069][T12185] cdc_ncm 5-1:1.1: bind() failure [ 181.325906][T12185] usb 5-1: USB disconnect, device number 4 [ 181.526393][T12527] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2485'. [ 181.721462][T12536] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2489'. [ 181.925751][ T5986] Bluetooth: hci3: command tx timeout [ 182.145678][T12560] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2498'. [ 182.741206][T12582] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2507'. [ 183.003615][ T24] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 183.013578][ T24] hid-generic 0000:0000:0000.0008: hidraw1: HID v0.00 Device [syz1] on syz0 [ 183.275954][T12600] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2514'. [ 183.562680][T12611] netlink: 'syz.2.2519': attribute type 1 has an invalid length. [ 183.581022][T12611] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2519'. [ 183.584966][T12611] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2519'. [ 183.590488][T12611] 8021q: adding VLAN 0 to HW filter on device bond1 [ 183.754070][ T5979] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 183.767276][ T5979] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 183.771037][ T5979] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 183.774838][ T5979] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 183.778426][ T5979] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 184.011211][T12629] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2525'. [ 184.019796][T12629] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 184.041384][T12623] chnl_net:caif_netlink_parms(): no params data found [ 184.117242][T12623] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.120364][T12623] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.123646][T12623] bridge_slave_0: entered allmulticast mode [ 184.128252][T12623] bridge_slave_0: entered promiscuous mode [ 184.138220][T12629] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 184.145318][T12623] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.148463][T12623] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.151574][T12623] bridge_slave_1: entered allmulticast mode [ 184.154351][T12623] bridge_slave_1: entered promiscuous mode [ 184.211418][T12623] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 184.313267][T12623] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 184.353760][T12629] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 184.384797][T12623] team0: Port device team_slave_0 added [ 184.388836][T12623] team0: Port device team_slave_1 added [ 184.427659][T12623] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 184.429931][T12623] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 184.438149][T12623] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 184.442971][T12629] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 184.451128][T12623] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 184.453523][T12623] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 184.462528][T12623] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 184.589043][T12623] hsr_slave_0: entered promiscuous mode [ 184.592240][T12623] hsr_slave_1: entered promiscuous mode [ 184.596674][T12623] debugfs: 'hsr0' already exists in 'hsr' [ 184.599007][T12623] Cannot create hsr debugfs directory [ 184.600963][ T1148] bridge_slave_1: left allmulticast mode [ 184.603029][ T1148] bridge_slave_1: left promiscuous mode [ 184.605967][ T1148] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.612066][ T1148] bridge_slave_0: left allmulticast mode [ 184.614021][ T1148] bridge_slave_0: left promiscuous mode [ 184.617396][ T1148] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.628905][ T29] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 184.777098][ T29] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 184.780287][ T29] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 184.784706][ T29] usb 7-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 184.787735][ T29] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.790203][ T29] usb 7-1: Product: syz [ 184.791524][ T29] usb 7-1: Manufacturer: syz [ 184.793023][ T29] usb 7-1: SerialNumber: syz [ 184.797514][ T29] usb 7-1: config 0 descriptor?? [ 184.888683][ T1148] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 184.894387][ T1148] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 184.898993][ T1148] bond0 (unregistering): Released all slaves [ 184.971084][ T1148] bond1 (unregistering): Released all slaves [ 185.003123][ T6875] usb 7-1: USB disconnect, device number 3 [ 185.069610][ T1137] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.073344][ T1148] tipc: Left network mode [ 185.090776][ T1137] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.133190][ T46] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.136171][ T46] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.343918][T12669] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.347423][T12669] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.420929][T12669] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 185.429534][T12669] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 185.557438][ T1148] hsr_slave_0: left promiscuous mode [ 185.561094][ T1148] hsr_slave_1: left promiscuous mode [ 185.563794][ T1148] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 185.571645][ T1148] batman_adv: batadv0: Removing interface: virt_wifi0 [ 185.684861][ T46] smc: removing ib device syz0 [ 185.846436][ T5979] Bluetooth: hci1: command tx timeout [ 186.096798][ T1148] team0 (unregistering): Port device team_slave_1 removed [ 186.162978][ T1148] team0 (unregistering): Port device team_slave_0 removed [ 186.652434][ T12] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.655556][ T12] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.692509][T12676] tipc: Enabling of bearer rejected, failed to enable media [ 186.701997][ T1215] ================================================================== [ 186.704696][ T1215] BUG: KASAN: slab-use-after-free in __ethtool_get_link_ksettings+0x1bf/0x200 [ 186.707563][ T1215] Read of size 8 at addr ffff88806d3682e8 by task kworker/0:2/1215 [ 186.711920][ T1215] [ 186.712698][ T1215] CPU: 0 UID: 0 PID: 1215 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT(full) [ 186.712711][ T1215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 186.712719][ T1215] Workqueue: events smc_ib_port_event_work [ 186.712738][ T1215] Call Trace: [ 186.712742][ T1215] [ 186.712747][ T1215] dump_stack_lvl+0x116/0x1f0 [ 186.712764][ T1215] print_report+0xcd/0x630 [ 186.712778][ T1215] ? __virt_addr_valid+0x81/0x610 [ 186.712791][ T1215] ? __phys_addr+0xe8/0x180 [ 186.712804][ T1215] ? __ethtool_get_link_ksettings+0x1bf/0x200 [ 186.712816][ T1215] kasan_report+0xe0/0x110 [ 186.712830][ T1215] ? __ethtool_get_link_ksettings+0x1bf/0x200 [ 186.712844][ T1215] __ethtool_get_link_ksettings+0x1bf/0x200 [ 186.712856][ T1215] __ethtool_get_link_ksettings+0x148/0x200 [ 186.712868][ T1215] ib_get_eth_speed+0x122/0xb50 [ 186.712880][ T1215] ? __pfx_ib_get_eth_speed+0x10/0x10 [ 186.712890][ T1215] ? __pfx___mutex_lock+0x10/0x10 [ 186.712909][ T1215] ? do_raw_spin_unlock+0x172/0x230 [ 186.712926][ T1215] rxe_query_port+0x108/0x330 [ 186.712939][ T1215] ib_query_port+0x441/0x8a0 [ 186.712949][ T1215] smc_ib_port_event_work+0x12f/0xbf0 [ 186.712966][ T1215] ? rcu_is_watching+0x12/0xc0 [ 186.712978][ T1215] process_one_work+0x9cf/0x1b70 [ 186.712997][ T1215] ? __pfx_process_one_work+0x10/0x10 [ 186.713015][ T1215] ? assign_work+0x1a0/0x250 [ 186.713030][ T1215] worker_thread+0x6c8/0xf10 [ 186.713042][ T1215] ? __pfx_worker_thread+0x10/0x10 [ 186.713051][ T1215] kthread+0x3c5/0x780 [ 186.713066][ T1215] ? __pfx_kthread+0x10/0x10 [ 186.713081][ T1215] ? rcu_is_watching+0x12/0xc0 [ 186.713091][ T1215] ? __pfx_kthread+0x10/0x10 [ 186.713106][ T1215] ret_from_fork+0x56d/0x730 [ 186.713122][ T1215] ? __pfx_kthread+0x10/0x10 [ 186.713137][ T1215] ret_from_fork_asm+0x1a/0x30 [ 186.713153][ T1215] [ 186.713157][ T1215] [ 186.769965][ T1215] Allocated by task 5981: [ 186.771325][ T1215] kasan_save_stack+0x33/0x60 [ 186.772809][ T1215] kasan_save_track+0x14/0x30 [ 186.774280][ T1215] __kasan_kmalloc+0xaa/0xb0 [ 186.775740][ T1215] __kvmalloc_node_noprof+0x27b/0x620 [ 186.777420][ T1215] alloc_netdev_mqs+0xd2/0x1530 [ 186.778952][ T1215] rtnl_create_link+0xc08/0xf90 [ 186.780485][ T1215] rtnl_newlink+0xb69/0x2000 [ 186.781939][ T1215] rtnetlink_rcv_msg+0x95e/0xe90 [ 186.783465][ T1215] netlink_rcv_skb+0x155/0x420 [ 186.784920][ T1215] netlink_unicast+0x5aa/0x870 [ 186.786414][ T1215] netlink_sendmsg+0x8d1/0xdd0 [ 186.787862][ T1215] __sys_sendto+0x4a3/0x520 [ 186.789115][ T1215] __ia32_compat_sys_socketcall+0x625/0x770 [ 186.790808][ T1215] __do_fast_syscall_32+0x7c/0x300 [ 186.792434][ T1215] do_fast_syscall_32+0x32/0x80 [ 186.793963][ T1215] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 186.795942][ T1215] [ 186.796703][ T1215] Freed by task 1148: [ 186.797954][ T1215] kasan_save_stack+0x33/0x60 [ 186.799424][ T1215] kasan_save_track+0x14/0x30 [ 186.800900][ T1215] kasan_save_free_info+0x3b/0x60 [ 186.802469][ T1215] __kasan_slab_free+0x60/0x70 [ 186.803968][ T1215] kfree+0x2b4/0x4d0 [ 186.805195][ T1215] device_release+0xa4/0x240 [ 186.806657][ T1215] kobject_put+0x1e7/0x5a0 [ 186.808062][ T1215] netdev_run_todo+0x7e9/0x1320 [ 186.809587][ T1215] default_device_exit_batch+0x858/0xaf0 [ 186.811328][ T1215] ops_undo_list+0x363/0xab0 [ 186.812782][ T1215] cleanup_net+0x408/0x890 [ 186.814185][ T1215] process_one_work+0x9cf/0x1b70 [ 186.815721][ T1215] worker_thread+0x6c8/0xf10 [ 186.817172][ T1215] kthread+0x3c5/0x780 [ 186.818456][ T1215] ret_from_fork+0x56d/0x730 [ 186.819917][ T1215] ret_from_fork_asm+0x1a/0x30 [ 186.821410][ T1215] [ 186.822173][ T1215] The buggy address belongs to the object at ffff88806d368000 [ 186.822173][ T1215] which belongs to the cache kmalloc-cg-4k of size 4096 [ 186.826543][ T1215] The buggy address is located 744 bytes inside of [ 186.826543][ T1215] freed 4096-byte region [ffff88806d368000, ffff88806d369000) [ 186.830738][ T1215] [ 186.831512][ T1215] The buggy address belongs to the physical page: [ 186.833486][ T1215] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6d368 [ 186.836182][ T1215] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 186.838730][ T1215] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 186.841079][ T1215] page_type: f5(slab) [ 186.842334][ T1215] raw: 04fff00000000040 ffff88801b84c280 dead000000000122 0000000000000000 [ 186.844976][ T1215] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 186.847650][ T1215] head: 04fff00000000040 ffff88801b84c280 dead000000000122 0000000000000000 [ 186.850289][ T1215] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 186.852917][ T1215] head: 04fff00000000003 ffffea0001b4da01 00000000ffffffff 00000000ffffffff [ 186.855487][ T1215] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 186.858065][ T1215] page dumped because: kasan: bad access detected [ 186.860052][ T1215] page_owner tracks the page as allocated [ 186.861813][ T1215] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5981, tgid 5981 (syz-executor), ts 46787565735, free_ts 0 [ 186.868527][ T1215] post_alloc_hook+0x1c0/0x230 [ 186.870026][ T1215] get_page_from_freelist+0x132b/0x38e0 [ 186.871762][ T1215] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 186.873604][ T1215] alloc_pages_mpol+0x1fb/0x550 [ 186.875119][ T1215] new_slab+0x247/0x330 [ 186.876438][ T1215] ___slab_alloc+0xcf2/0x1750 [ 186.877913][ T1215] __slab_alloc.constprop.0+0x56/0xb0 [ 186.879580][ T1215] __kvmalloc_node_noprof+0x3b1/0x620 [ 186.881288][ T1215] alloc_netdev_mqs+0xd2/0x1530 [ 186.882818][ T1215] rtnl_create_link+0xc08/0xf90 [ 186.884349][ T1215] rtnl_newlink+0xb69/0x2000 [ 186.885832][ T1215] rtnetlink_rcv_msg+0x95e/0xe90 [ 186.887372][ T1215] netlink_rcv_skb+0x155/0x420 [ 186.888890][ T1215] netlink_unicast+0x5aa/0x870 [ 186.890390][ T1215] netlink_sendmsg+0x8d1/0xdd0 [ 186.891928][ T1215] __sys_sendto+0x4a3/0x520 [ 186.893358][ T1215] page_owner free stack trace missing [ 186.895024][ T1215] [ 186.895808][ T1215] Memory state around the buggy address: [ 186.897542][ T1215] ffff88806d368180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 186.900027][ T1215] ffff88806d368200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 186.902490][ T1215] >ffff88806d368280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 186.904970][ T1215] ^ [ 186.907283][ T1215] ffff88806d368300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 186.909760][ T1215] ffff88806d368380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 186.912253][ T1215] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 186.925870][ T1215] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 186.928127][ T1215] CPU: 0 UID: 0 PID: 1215 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT(full) [ 186.930998][ T1215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 186.934540][ T1215] Workqueue: events smc_ib_port_event_work [ 186.936406][ T1215] Call Trace: [ 186.937463][ T1215] [ 186.938398][ T1215] dump_stack_lvl+0x3d/0x1f0 [ 186.939872][ T1215] vpanic+0x6e8/0x7a0 [ 186.941136][ T1215] ? __pfx_vpanic+0x10/0x10 [ 186.942578][ T1215] ? __pfx_vprintk_emit+0x10/0x10 [ 186.944166][ T1215] ? __ethtool_get_link_ksettings+0x1bf/0x200 [ 186.946093][ T1215] panic+0xca/0xd0 [ 186.947282][ T1215] ? __pfx_panic+0x10/0x10 [ 186.948698][ T1215] ? __ethtool_get_link_ksettings+0x1bf/0x200 [ 186.950610][ T1215] ? preempt_schedule_common+0x44/0xc0 [ 186.952319][ T1215] ? preempt_schedule_thunk+0x16/0x30 [ 186.953975][ T1215] ? check_panic_on_warn+0x1f/0xb0 [ 186.955584][ T1215] check_panic_on_warn+0xab/0xb0 [ 186.957166][ T1215] end_report+0x107/0x170 [ 186.958522][ T1215] kasan_report+0xee/0x110 [ 186.959934][ T1215] ? __ethtool_get_link_ksettings+0x1bf/0x200 [ 186.961823][ T1215] __ethtool_get_link_ksettings+0x1bf/0x200 [ 186.963661][ T1215] __ethtool_get_link_ksettings+0x148/0x200 [ 186.965504][ T1215] ib_get_eth_speed+0x122/0xb50 [ 186.967044][ T1215] ? __pfx_ib_get_eth_speed+0x10/0x10 [ 186.968719][ T1215] ? __pfx___mutex_lock+0x10/0x10 [ 186.970292][ T1215] ? do_raw_spin_unlock+0x172/0x230 [ 186.971961][ T1215] rxe_query_port+0x108/0x330 [ 186.973439][ T1215] ib_query_port+0x441/0x8a0 [ 186.974888][ T1215] smc_ib_port_event_work+0x12f/0xbf0 [ 186.976586][ T1215] ? rcu_is_watching+0x12/0xc0 [ 186.978080][ T1215] process_one_work+0x9cf/0x1b70 [ 186.979638][ T1215] ? __pfx_process_one_work+0x10/0x10 [ 186.981324][ T1215] ? assign_work+0x1a0/0x250 [ 186.982775][ T1215] worker_thread+0x6c8/0xf10 [ 186.984231][ T1215] ? __pfx_worker_thread+0x10/0x10 [ 186.985853][ T1215] kthread+0x3c5/0x780 [ 186.987151][ T1215] ? __pfx_kthread+0x10/0x10 [ 186.988616][ T1215] ? rcu_is_watching+0x12/0xc0 [ 186.990116][ T1215] ? __pfx_kthread+0x10/0x10 [ 186.991587][ T1215] ret_from_fork+0x56d/0x730 [ 186.993048][ T1215] ? __pfx_kthread+0x10/0x10 [ 186.994499][ T1215] ret_from_fork_asm+0x1a/0x30 [ 186.996018][ T1215] [ 186.997674][ T1215] Kernel Offset: disabled [ 186.999025][ T1215] Rebooting in 86400 seconds.. VM DIAGNOSIS: 12:15:00 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8561e695 RDI=ffffffff9b102780 RBP=ffffffff9b102740 RSP=ffffc90006e1f440 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3630383838666666 R12=0000000000000000 R13=0000000000000038 R14=ffffffff9b102740 R15=ffffffff8561e630 RIP=ffffffff8561e6bf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880974ba000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c2e3869 CR3=0000000061d51000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=ffffc9000392f570 RCX=0000000000000000 RDX=0000000000000003 RSI=800000005a16a007 RDI=ffff888023736500 RBP=dffffc0000000000 RSP=ffffc9000392f570 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=ffff888023736500 R13=ffffc9000392f778 R14=dffffc0000000000 R15=0000000000000000 RIP=ffffffff816c80a4 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880975ba000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c3fdcf2 CR3=00000000643f7000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000104080 Opmask01=0000000000000000 Opmask02=000000000fffffff Opmask03=0000000010400004 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 44455a494c414954 494e495f43455355 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000559612c01f60 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0bb83f1b20 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0bb83f1b20 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0bb8352c80 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 326874652f74656e 2f336d6973766564 74656e2f73656369 7665642f7379732f ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000032687465 2f74656e2f336d69 7376656474656e2f 736563697665642f ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7377685f31313230 3863616d2f6c6175 747269762f736563 697665642f737973 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3837322c3737322c 3637322c3537322c 3437322c3337322c 3237322c3137322c ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7766736c2c346d61 722c2b2c4337322c 4237322c4137322c 3937322c3837322c ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3737322c3637322c 3537322c3437322c 3337322c3237322c 3137322c3037322c ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4636322c4536322c 4436322c4336322c 4236322c4136322c 3936322c3836322c ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3736322c3636322c 3536322c3436322c 3336322c3236322c 3136322c3036322c ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000035 00000005533f1b31 0000000000000021 0000000000000020 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000007 RBX=ffff888024a9af30 RCX=ffffffff95de85d0 RDX=0000000000000000 RSI=ffff888024a9af58 RDI=ffff888024a9a440 RBP=0000000000000000 RSP=ffffc90002b4ef20 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000028 R11=0000000000000001 R12=ffff888024a9af58 R13=ffff888024a9a440 R14=0000000000000001 R15=0000000000000001 RIP=ffffffff81974187 RFL=00000047 [---Z-PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880976ba000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7ff6e40 CR3=000000004f9bc000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f7494ff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=ffff88802b241d80 RCX=ffffffff81af1301 RDX=ffff888027cca440 RSI=ffffffff81af12db RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc90003faf660 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=dffffc0000000000 R13=ffffed10056483b1 R14=0000000000000001 R15=0000000000000000 RIP=ffffffff81af12dd RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880977ba000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7fa55c0 CR3=0000000075c86000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000