last executing test programs: 8m21.530141742s ago: executing program 32 (id=5370): mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0) move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0) execve(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={[&(0x7f00000001c0)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']}, &(0x7f0000000d00)={[&(0x7f0000000840)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']}) 6m44.226290323s ago: executing program 33 (id=6469): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0b0000000f000000cc000200060000ec05"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)='T', &(0x7f0000000240), 0x4af, r0}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000700)={0x0, &(0x7f0000000540)=""/245, &(0x7f00000000c0), &(0x7f0000000680), 0x2, r0}, 0x38) 6m44.135324254s ago: executing program 34 (id=6470): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fcdbdf250100000000000000094100000014001800000002753bda3493792a24625f750164"], 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x0) 6m23.144114013s ago: executing program 3 (id=6908): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000002c0)={0x30, r1, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x100000001}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xdb}]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0xc0) 6m23.101700963s ago: executing program 3 (id=6911): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0xfffe, 0x7, @mcast2}, {0xa, 0x0, 0xb, @mcast1}, r1}}, 0x48) 6m23.027842121s ago: executing program 3 (id=6914): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000380)={0xffffffffffffffff}, 0x106, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r0, &(0x7f0000000300)={0xb, 0x10, 0xfa00, {0x0, r1, 0x2}}, 0x18) 6m23.027521088s ago: executing program 3 (id=6916): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0) umount2(&(0x7f0000000100)='./file0\x00', 0xc) 6m22.943052201s ago: executing program 3 (id=6919): ioprio_set$uid(0x3, 0x0, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) write$cgroup_int(r0, &(0x7f0000000040)=0x1c8, 0x12) 6m22.635223179s ago: executing program 3 (id=6935): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x40940, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x2) ioctl$TIOCVHANGUP(r0, 0x5437, 0x2) 6m22.5619102s ago: executing program 35 (id=6935): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x40940, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x2) ioctl$TIOCVHANGUP(r0, 0x5437, 0x2) 5m33.919120925s ago: executing program 2 (id=8928): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001ec0)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@newqdisc={0x3c, 0x24, 0xd0f, 0x70bd2d, 0xfffffffc, {0x60, 0x0, 0x0, r1, {0x0, 0x7}, {0xffff, 0xffff}, {0x8, 0x1}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_INGRESS={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x3000c88c) 5m33.816100478s ago: executing program 2 (id=8929): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x8031, 0xffffffffffffffff, 0x67ea5000) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) 5m33.814126649s ago: executing program 7 (id=8930): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$peeksig(0x4209, r0, 0x0, 0x0) 5m33.619709289s ago: executing program 7 (id=8932): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000180)={0x84, @remote, 0x0, 0x0, 'lblc\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_DEL(r0, 0x0, 0x484, &(0x7f0000001280)={0x20000000000084, @remote, 0x0, 0x0, 'rr\x00'}, 0x2c) 5m33.466516106s ago: executing program 7 (id=8936): mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) connect$nfc_llcp(r0, &(0x7f0000000100)={0x27, 0x0, 0xffffffffffffffff, 0x4, 0x53, 0x7, "07cbdd3199047dc26d311f0f244b25ba35ea8f61cd07e107dab26da8d164f15b35c0b7669366c634dd2326e7f6dccdec8306910919e39811abd472ad0eab81", 0xd}, 0x60) 5m33.33619331s ago: executing program 2 (id=8939): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0xd, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@call={0x85, 0x0, 0x0, 0x50}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r1, 0x2000012, 0xe, 0x0, &(0x7f00000004c0)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) 5m33.160787071s ago: executing program 7 (id=8941): r0 = syz_open_dev$dri(&(0x7f0000000040), 0x20000000, 0x40800) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETGAMMA(r0, 0xc02064a4, &(0x7f0000000400)={r1, 0x1, &(0x7f00000002c0)=[0x0], 0x0, 0x0}) 5m33.008249339s ago: executing program 2 (id=8942): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), r0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x2c, r1, 0x1, 0x0, 0x25dfdbfb, {0x26}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x0) 5m32.964255756s ago: executing program 7 (id=8944): fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x1) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$bt_hci(r0, 0x84, 0x80, &(0x7f0000000000)=""/4087, &(0x7f0000001040)=0xff7) 5m21.85761841s ago: executing program 2 (id=8945): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x78, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x3, 0x0, 0xa, 0x0, 0x3}, 0x1, 0x1, 0x80000001, 0x6, 0x2, 0x1c, 0x14, 0xa, 0x5, 0x7f, {0xc609, 0x5, 0x80, 0x5, 0x6, 0xf}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x2}, 0x0) 5m21.753260749s ago: executing program 7 (id=8947): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x12) 5m21.674514635s ago: executing program 36 (id=8947): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x12) 5m21.561823704s ago: executing program 2 (id=8951): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8e, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000001}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) syslog(0x3, &(0x7f0000000700)=""/231, 0xe7) 5m21.474009758s ago: executing program 37 (id=8951): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8e, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000001}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) syslog(0x3, &(0x7f0000000700)=""/231, 0xe7) 4m32.43228879s ago: executing program 5 (id=10125): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="180200000000ff0100000000000000008500000020000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000001700000095000000000000002f81c461b3fea834ceb0e17d802cfb227e656a3698c792bd22555161b0010095448e9f7024b45ffcd2ce278009682dc8f7c867b177ed5bd50b92aedef35b6cd87b56690b4c96f63ab02174911d5e51b76d2c31b8bece7b0f841f393c401d8f51383f0f28d4c00fa2149870f1779f204103dbebff2a0e292b42f01b0bb114fa6e1889a6437285a0c9f00c4245e4d3524af00636736e812558294430bf4b365e0a9c468c9eb4977fb1311404a36503e63d66ddcf9b8e1035383b90de09d000c223ffb7f13639e3ac52b248f92d041959c1f7985eb94aad8c0adf4e8730313d1b02662c6847a9851f40a969486ebbe7bfcb5b28fc7dbe1bb80c4a2c18a53fecc51e51de59049b0400000000000000394000000000000000d27022ca2e6e8190f483d0da08eef67837ed671c2154513111dbc0ee58c70889a1c6306b98300a49147242d3f8a6e4aea9b51d0e182153e1283089c3b42cca072dce78b07806950d2b5fd0b448fdf18269cbe47fae4cedeb356536d94534260fa7d6e6b7aa30d8dd5c8261d4ef52da9f0894bb3993edafc976a143adbe9731dd41d181a9c200000000000000000722d6bea9c421a5e3cee8a113092129714154cc28d52373ba50325730d592cfd68cd128a770f41a34b4a0b9af61eab15e7d0a24a11be157dbaea473ab59af3efaf2f00426803f170d"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd2e}, 0x65) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 4m31.407253639s ago: executing program 5 (id=10133): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = dup(r0) ioctl$KVM_GET_DEVICE_ATTR(r1, 0x4018aee2, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)=0x10000}) 4m30.879967278s ago: executing program 5 (id=10137): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x48) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001d40)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xa, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0x6, 0x9, 0x0, 0x0, 0xffff7fff}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0x6, 0x0}, {0x18, 0x9, 0x2, 0x0, r1}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x6, 0x1, 0x5, 0x2}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0xd, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 4m30.766921835s ago: executing program 6 (id=10138): r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x8042) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000200)={0xc0000010}) 4m30.738977076s ago: executing program 5 (id=10140): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000480)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="adcd1a9a3fc36e961ed00fe41b0cd695", 0x20) 4m30.710947173s ago: executing program 6 (id=10142): timer_create(0x9, 0x0, &(0x7f0000000500)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{}, {0x0, 0x989680}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000700)={{0x77359400}}, &(0x7f0000000380)) 4m30.710676174s ago: executing program 5 (id=10143): r0 = socket(0x10, 0x3, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ppp={{0x8}, {0xc, 0x2, 0x0, 0x1, {0x8, 0x1, r1}}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x5}]}, 0x40}}, 0x0) 4m30.709958353s ago: executing program 6 (id=10144): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f7b01acfe2222d", 0x11}], 0x1, 0x0, 0x0, 0x7400}, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfe33) 4m30.694019421s ago: executing program 9 (id=10147): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000010000000500050001000000080004000000000005000e0001000000080003"], 0x34}}, 0x0) 4m30.584691792s ago: executing program 9 (id=10148): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f00080000000000000000850000000e000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', r0}, 0x10) getrandom(0x0, 0x0, 0x6) 4m30.584209922s ago: executing program 9 (id=10149): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000fc0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x8, &(0x7f0000000240)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000007}, [@call={0x85, 0x0, 0x0, 0x23}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002280)={r1, 0x0, 0xe, 0x0, &(0x7f00000008c0)="e02742e8680d85ff9782762f86dd", 0x0, 0x57af, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 4m30.408670151s ago: executing program 9 (id=10150): openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/rcu_expedited', 0x101a02, 0x0) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x48) 4m30.408182568s ago: executing program 6 (id=10151): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x700, &(0x7f0000000580)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x403, 0x70bd2b, 0x0, {0x0, 0x0, 0x4, 0x0, 0x3ef, 0xf00}, [@IFLA_LINK={0x8, 0x5, r1}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x2}]}}}]}, 0x44}}, 0x4004850) 4m30.376436782s ago: executing program 9 (id=10152): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x7) ioctl$TCFLSH(r0, 0x8926, 0x20001116) 4m30.173717005s ago: executing program 6 (id=10153): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, &(0x7f0000000480)={0x1, 0x0, @ioapic={0x1000, 0xfff, 0x2, 0x10000, 0x0, [{0xf9, 0xa, 0x9, '\x00', 0x8}, {0x8, 0x1a, 0x4b}, {0xa, 0xd, 0x74, '\x00', 0x6c}, {0x3, 0x9, 0x6, '\x00', 0x2}, {0x4, 0x3, 0x2, '\x00', 0x5}, {0x7, 0x2, 0x6, '\x00', 0x1}, {0x40, 0x2, 0x2, '\x00', 0xb}, {0x4, 0xe7, 0x6, '\x00', 0x4}, {0x8, 0x9, 0x5, '\x00', 0x2}, {0xd, 0x77, 0x9, '\x00', 0xb}, {0x0, 0x9, 0xec, '\x00', 0x4b}, {0xab, 0x95, 0x2, '\x00', 0x1}, {0x2, 0xff}, {0x7, 0xb7, 0x3, '\x00', 0x3}, {0xa, 0x4, 0xb0, '\x00', 0x46}, {0x4, 0x4, 0x4, '\x00', 0x1}, {0x8, 0xb2, 0x1, '\x00', 0x6}, {0x5, 0x0, 0x14, '\x00', 0x8}, {0x0, 0xe, 0x31, '\x00', 0x4}, {0x8, 0xd2, 0x9, '\x00', 0x7}, {0xb4, 0x4, 0x94, '\x00', 0x9}, {0xe0, 0x2, 0x2, '\x00', 0x5}, {0x8, 0x1, 0x1, '\x00', 0x84}, {0xa, 0x4, 0x2, '\x00', 0xc}]}}) 4m8.555878546s ago: executing program 6 (id=10154): sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x18, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x4, 0x2}]}, 0x18}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8b2b, &(0x7f0000000040)={'wlan1\x00', @random="0100"}) 4m1.770152043s ago: executing program 5 (id=10155): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x5, 0x2, 0x7, 0x1, 0x1, 0x10000}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x14, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7f}}]}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000003c0)={r1, r0}, 0xc) 4m1.747920883s ago: executing program 9 (id=10156): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100), 0x28041, 0x0) write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)=0x9) 4m1.747333813s ago: executing program 38 (id=10154): sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x18, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x4, 0x2}]}, 0x18}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8b2b, &(0x7f0000000040)={'wlan1\x00', @random="0100"}) 4m1.375657408s ago: executing program 39 (id=10155): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x5, 0x2, 0x7, 0x1, 0x1, 0x10000}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x14, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7f}}]}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000003c0)={r1, r0}, 0xc) 4m0.152671728s ago: executing program 40 (id=10156): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100), 0x28041, 0x0) write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)=0x9) 1.745355978s ago: executing program 1 (id=15652): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000380)={r0, r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x18, &(0x7f0000000480)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x80020}, 0x3) 1.660674904s ago: executing program 1 (id=15654): connect$qrtr(0xffffffffffffffff, &(0x7f0000000000)={0x2d, 0x0, 0x3fff}, 0xc) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r0, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) 1.658539116s ago: executing program 1 (id=15657): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x64}}, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0xd, 0x0, &(0x7f0000000000)) 1.627595823s ago: executing program 1 (id=15660): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x1c, 0x42, 0x1, 0x7fff9, 0x4, {0x1}, [@typed={0x8, 0x20, 0x0, 0x0, @uid}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4008094) 1.524110998s ago: executing program 1 (id=15665): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000}) fchown(r2, 0x0, 0x0) 1.311824982s ago: executing program 1 (id=15669): r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) read$dsp(r1, &(0x7f00000000c0)=""/108, 0x6c) write$dsp(r0, &(0x7f0000002000)='`', 0x88020) 1.042629071s ago: executing program 0 (id=15676): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000003c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$snapshot(0xffffff9c, &(0x7f0000000400), 0x8003, 0x0) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x8) 989.069671ms ago: executing program 0 (id=15678): r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) bind$inet(r0, &(0x7f0000000280)={0x2, 0x0, @loopback}, 0x61) sendmsg$rds(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0}, 0x4000000) 915.576614ms ago: executing program 0 (id=15680): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000080000000c"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=@framed={{0x5e, 0xa, 0xa, 0x0, 0x0, 0x71, 0x10, 0x10}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80) 910.711076ms ago: executing program 0 (id=15681): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x2}, 0x94) r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000500)={'tunl0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="48000000100003002abd70000000000000000000", @ANYRES32=r1, @ANYBLOB="0000000000000000280012800900010069706970000000001800028004001900080014000900000006000f"], 0x48}, 0x1, 0x2}, 0x0) 855.13664ms ago: executing program 0 (id=15683): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0b00000005000000020000000900000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000800)=ANY=[@ANYBLOB="180000000000000000000000fcffffff180100002020782500000000002020207b1a00ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800001c0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={r1, r2}, 0xc) 710.925951ms ago: executing program 0 (id=15686): syz_open_dev$video4linux(&(0x7f0000000000), 0x4, 0x109a00) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r1 = epoll_create(0x10001) mount$9p_fd(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 284.635004ms ago: executing program 4 (id=15697): socketpair$unix(0x1, 0x2, 0x0, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000001080)={0x200000, 0x200000}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) 279.171661ms ago: executing program 8 (id=15698): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="4400000000010104000000000000000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000000c000580050001000a"], 0x44}}, 0x0) 218.173607ms ago: executing program 4 (id=15699): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000081ffffff000000000000000095"], &(0x7f0000000300)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000d80)={0x1c, 0x1, 0x4, 0x301, 0x0, 0x0, {0x2, 0x0, 0x9}, [@NFULA_CFG_CMD={0x5, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x8c) 217.726041ms ago: executing program 8 (id=15700): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'erspan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000010c0)=@newlink={0x40, 0x10, 0xc3b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x0, 0x1006}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IGNORE_DF={0x5, 0x13, 0x1}]}}}]}, 0x40}}, 0x40080c0) 213.57338ms ago: executing program 4 (id=15701): r0 = open(&(0x7f00009e1000)='./file0\x00', 0x48141, 0x0) unshare(0x40600) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 208.017878ms ago: executing program 8 (id=15702): timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000480)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000400)=[{0x200000000006, 0x0, 0x2, 0x7ffc0002}]}) capget(&(0x7f0000000040)={0x20080522}, 0x0) 135.674654ms ago: executing program 4 (id=15703): r0 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000180)='%(,c\xbe\xfbL:', 0x0) r1 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='%(,:', 0x0) 47.706055ms ago: executing program 8 (id=15704): r0 = socket$inet6(0xa, 0x3, 0x5) r1 = socket$l2tp6(0xa, 0x2, 0x73) dup2(r1, r0) sendmmsg(r0, &(0x7f00000002c0)=[{{&(0x7f0000000340)=@l2tp6={0xa, 0x500, 0x80000, @dev={0xfe, 0x80, '\x00', 0x3b}, 0x80000001, 0x1}, 0x80, 0x0}, 0x5b4}], 0x1, 0x4840) 47.243458ms ago: executing program 4 (id=15705): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x200}, 0x18) mount$9p_virtio(&(0x7f0000000040), &(0x7f00000001c0)='.\x00', &(0x7f0000000080), 0x4, &(0x7f00000000c0)={'trans=virtio,', {[{@cachetag={'cachetag', 0x3d, '{+\xbb\xa1\xde\xd6\x9a\x9a#t\x93\x10\xf2v\xd5\xcf\x06&\x98\x1b\x9c\xf9\xc0\xb1\xaaE\xdc\xa2:\x0e\bBg\x06n\x0eD\x94\x91\xf0W\x90\xe74c!\xec]\x11\xe3_\xb0\xd95_k\xee=\x0f\xbd\xd8\xe9*E\x1e\x84\x8d\xfd/\xd6\xe8B\xf1\xd5\x92\xe4\x14U\x0f\xd8>\xcc4\x85\xa6\xf9\x060'}}]}}) 46.829139ms ago: executing program 8 (id=15706): r0 = socket$kcm(0x11, 0x2, 0x300) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r1, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000780)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x448c4}, 0x4010) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x541b, &(0x7f00000000c0)) 7.129149ms ago: executing program 8 (id=15707): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-160\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x800) recvmmsg$unix(r1, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0) 0s ago: executing program 4 (id=15708): r0 = socket$netlink(0x10, 0x3, 0x400000000000004) socket$xdp(0x2c, 0x3, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80fae0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6811778581acb6c0101ff0000000309", 0x48}], 0x1) syz_genetlink_get_family_id$batadv(&(0x7f0000000740), r0) kernel console output (not intermixed with test programs): disconnected [ 587.862317][ T2657] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 587.952675][ T40] audit: type=1326 audit(816.122:14224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2664 comm="syz.1.13440" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 587.959761][ T40] audit: type=1326 audit(816.122:14225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2664 comm="syz.1.13440" exe="/syz-executor" sig=0 arch=40000003 syscall=39 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 587.967471][ T40] audit: type=1326 audit(816.122:14226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2664 comm="syz.1.13440" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 587.974401][ T40] audit: type=1326 audit(816.122:14227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2664 comm="syz.1.13440" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 587.982775][ T40] audit: type=1326 audit(816.122:14228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2664 comm="syz.1.13440" exe="/syz-executor" sig=0 arch=40000003 syscall=226 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 587.997679][ T40] audit: type=1326 audit(816.122:14229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2664 comm="syz.1.13440" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 588.019508][ T40] audit: type=1326 audit(816.122:14230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2664 comm="syz.1.13440" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 588.028199][ T40] audit: type=1326 audit(816.122:14231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2664 comm="syz.1.13440" exe="/syz-executor" sig=0 arch=40000003 syscall=230 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 588.209766][ T2678] nvme_fabrics: missing parameter 'transport=%s' [ 588.213277][ T2678] nvme_fabrics: missing parameter 'nqn=%s' [ 588.256417][ T2681] input: syz0 as /devices/virtual/input/input62 [ 588.956504][ T24] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 589.116730][ T24] usb 6-1: Using ep0 maxpacket: 16 [ 589.121312][ T24] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 589.125620][ T24] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFC, changing to 0x8C [ 589.130948][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 7 [ 589.135722][ T24] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 589.148208][ T24] usb 6-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f [ 589.152278][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 589.155901][ T24] usb 6-1: Product: syz [ 589.157830][ T24] usb 6-1: Manufacturer: syz [ 589.160149][ T24] usb 6-1: SerialNumber: syz [ 589.164369][ T24] usb 6-1: config 0 descriptor?? [ 589.266380][ T24] rc_core: IR keymap rc-xbox-dvd not found [ 589.269038][ T24] Registered IR keymap rc-empty [ 589.272718][ T24] rc rc0: syz syz as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0 [ 589.278545][ T24] input: syz syz as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input63 [ 589.399116][ T6013] usb 6-1: USB disconnect, device number 21 [ 589.399269][ C2] xbox_remote 6-1:0.0: xbox_remote_irq_in: usb_submit_urb()=-19 [ 589.591996][ T2736] input: syz0 as /devices/virtual/input/input64 [ 589.649705][ T24] kernel read not supported for file /dsp (pid: 24 comm: kworker/2:0) [ 589.719888][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 589.719904][ T40] audit: type=1326 audit(817.769:14234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2743 comm="syz.8.13470" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 589.733898][ T40] audit: type=1326 audit(817.769:14235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2743 comm="syz.8.13470" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 589.743339][ T40] audit: type=1326 audit(817.788:14236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2743 comm="syz.8.13470" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 589.751939][ T40] audit: type=1326 audit(817.788:14237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2743 comm="syz.8.13470" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 589.768351][ T40] audit: type=1326 audit(817.788:14238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2743 comm="syz.8.13470" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 589.777168][ T40] audit: type=1326 audit(817.788:14239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2743 comm="syz.8.13470" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 589.785908][ T40] audit: type=1326 audit(817.788:14240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2743 comm="syz.8.13470" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 589.794637][ T40] audit: type=1326 audit(817.788:14241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2743 comm="syz.8.13470" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 589.811581][ T40] audit: type=1326 audit(817.788:14242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2743 comm="syz.8.13470" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 589.819373][ T40] audit: type=1326 audit(817.788:14243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2743 comm="syz.8.13470" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 589.954350][ T2767] netlink: 8 bytes leftover after parsing attributes in process `syz.8.13476'. [ 590.117688][ T2789] netlink: 28 bytes leftover after parsing attributes in process `syz.8.13485'. [ 590.225640][ T2806] input: syz0 as /devices/virtual/input/input65 [ 590.434342][ T2823] mkiss: ax0: crc mode is auto. [ 590.535859][ T2826] netlink: 212368 bytes leftover after parsing attributes in process `syz.8.13500'. [ 590.670560][ T2839] netlink: 32 bytes leftover after parsing attributes in process `syz.1.13506'. [ 590.676607][ T2839] netlink: 32 bytes leftover after parsing attributes in process `syz.1.13506'. [ 590.816375][ T5962] Bluetooth: hci1: command 0x0405 tx timeout [ 590.895245][ T2851] netlink: 48 bytes leftover after parsing attributes in process `syz.1.13514'. [ 590.923641][ T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 591.028450][ T2862] bad cache= option: none [ 591.028450][ T2862] async : no [ 591.028450][ T2862] blocksize : 1 [ 591.028450][ T2862] ivsize : 16 [ 591.028450][ T2862] maxauthsize : 16 [ 591.028450][ T2862] geniv : [ 591.028450][ T2862] [ 591.028450][ T2862] name : cbcmac(aes) [ 591.028450][ T2862] driver : cbcmac(aes-aesni) [ 591.028450][ T2862] module : kernel [ 591.028450][ T2862] priority : 300 [ 591.028450][ T2862] refcnt : 7 [ 591.028450][ T2862] selftest : passed [ 591.028450][ T2862] internal : no [ 591.028450][ T2862] type : shash [ 591.028450][ T2862] blocksize : 16 [ 591.028450][ T2862] digestsize : 16 [ 591.028450][ T2862] [ 591.028450][ T2862] name : gcm(aes) [ 591.028450][ T2862] driver : pcrypt(generic-gcm-aesni) [ 591.028450][ T2862] module : kernel [ 591.028450][ T2862] priority : 500 [ 591.028450][ T2862] refcnt : 1 [ 591.028450][ T2862] selftest : passed [ 591.028450][ T2862] internal : no [ 591.028450][ T2862] type : aead [ 591.028450][ T2862] async : yes [ 591.028450][ T2862] blocksize : 1 [ 591.028450][ T2862] ivsize : 12 [ 591.028450][ T2862] maxauthsize : 16 [ 591.028450][ T2862] geniv : [ 591.028450][ T2862] [ 591.028450][ T2862] name : essiv(cbc(aes) [ 591.028450][ T2862] [ 591.074938][ T2862] CIFS: VFS: bad cache= option: none [ 591.074938][ T2862] async : no [ 591.074938][ T2862] blocksize : 1 [ 591.074938][ T2862] ivsize : 16 [ 591.074938][ T2862] maxauthsize : 16 [ 591.074938][ T2862] geniv : [ 591.074938][ T2862] [ 591.074938][ T2862] name : cbcmac(aes) [ 591.074938][ T2862] driver : cbcmac(aes-aesni) [ 591.074938][ T2862] module : kernel [ 591.074938][ T2862] priority : 300 [ 591.074938][ T2862] refcnt : 7 [ 591.074938][ T2862] selftest : passed [ 591.074938][ T2862] internal : no [ 591.074938][ T2862] type : shash [ 591.074938][ T2862] blocksize : 16 [ 591.074938][ T2862] digestsize : 16 [ 591.074938][ T2862] [ 591.074938][ T2862] name : gcm(aes) [ 591.074938][ T2862] driver : pcrypt(generic-gcm-aesni) [ 591.074938][ T2862] module : kernel [ 591.074938][ T2862] priority : 500 [ 591.074938][ T2862] refcnt : 1 [ 591.074938][ T2862] selftest : passed [ 591.074938][ T2862] internal : no [ 591.074938][ T2862] type : aead [ 591.074938][ T2862] async : yes [ 591.074938][ T2862] blocksize : 1 [ 591.074938][ T2862] ivsize : 12 [ 591.074938][ T2862] maxauthsize : 16 [ 591.074938][ T2862] geniv : [ 591.074938][ T2862] [ 591.074938][ T2862] name : essiv(cbc(aes) [ 591.117754][ T2862] CIFS mount error: No usable UNC path provided in device string! [ 591.117754][ T2862] [ 591.121188][ T2862] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 591.468434][ T5949] usb 13-1: new high-speed USB device number 21 using dummy_hcd [ 591.628849][ T5949] usb 13-1: Using ep0 maxpacket: 8 [ 591.635056][ T5949] usb 13-1: config 0 has an invalid interface number: 186 but max is 0 [ 591.638409][ T5949] usb 13-1: config 0 has no interface number 0 [ 591.643491][ T5949] usb 13-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 591.647781][ T5949] usb 13-1: config 0 interface 186 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 591.651154][ T5949] usb 13-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 591.655015][ T5949] usb 13-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 591.659060][ T5949] usb 13-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 591.665418][ T5949] usb 13-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 591.668851][ T5949] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 591.671745][ T5949] usb 13-1: Product: syz [ 591.673371][ T5949] usb 13-1: Manufacturer: syz [ 591.675037][ T5949] usb 13-1: SerialNumber: syz [ 591.678989][ T5949] usb 13-1: config 0 descriptor?? [ 591.909739][ T5949] iowarrior 13-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0 [ 592.127063][ T24] usb 13-1: USB disconnect, device number 21 [ 592.174578][ T838] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 593.415892][ T2920] netlink: 'syz.4.13535': attribute type 10 has an invalid length. [ 593.420930][ T2920] syz_tun: entered promiscuous mode [ 593.422480][ T2922] netlink: 4 bytes leftover after parsing attributes in process `syz.0.13536'. [ 593.438073][ T2920] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 593.635180][ T2941] Attempt to restore checkpoint with obsolete wellknown handles [ 593.650073][ T2943] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13546'. [ 593.715678][ T2962] netlink: 8 bytes leftover after parsing attributes in process `syz.4.13551'. [ 593.758094][ T2964] netlink: 4 bytes leftover after parsing attributes in process `syz.8.13553'. [ 594.618927][ T3071] sch_fq: defrate 0 ignored. [ 595.130636][ T40] kauditd_printk_skb: 10 callbacks suppressed [ 595.130660][ T40] audit: type=1800 audit(822.830:14254): pid=3116 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.13614" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 595.434652][ T838] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 595.509234][ T7215] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 595.658813][T27864] usb 13-1: new high-speed USB device number 22 using dummy_hcd [ 595.704493][ T7215] usb 6-1: Using ep0 maxpacket: 16 [ 595.707925][ T7215] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 595.711671][ T7215] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 595.722400][ T7215] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 595.728138][ T7215] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 595.732001][ T7215] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 595.739162][ T7215] usb 6-1: config 0 descriptor?? [ 595.831175][T27864] usb 13-1: config index 0 descriptor too short (expected 23569, got 27) [ 595.834484][T27864] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 595.838754][T27864] usb 13-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 595.842206][T27864] usb 13-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 595.844856][T27864] usb 13-1: Manufacturer: syz [ 595.847652][T27864] usb 13-1: config 0 descriptor?? [ 595.979437][T27864] rc_core: IR keymap rc-hauppauge not found [ 595.982033][T27864] Registered IR keymap rc-empty [ 595.985266][T27864] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:0.0/rc/rc0 [ 595.991442][T27864] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:0.0/rc/rc0/input66 [ 596.074357][T27864] usb 13-1: USB disconnect, device number 22 [ 596.191137][ T7215] input: HID 0955:7214 Haptics as /devices/virtual/input/input67 [ 596.219155][ T7215] shield 0003:0955:7214.000C: Registered Thunderstrike controller [ 596.223017][ T7215] shield 0003:0955:7214.000C: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.1-1/input0 [ 596.391095][T19896] shield 0003:0955:7214.000C: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 596.391131][ T24] usb 6-1: USB disconnect, device number 22 [ 596.398785][T19896] shield 0003:0955:7214.000C: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 596.402656][T19896] shield 0003:0955:7214.000C: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 596.406338][T19896] shield 0003:0955:7214.000C: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 597.293854][ T3214] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 597.297053][ T3214] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 597.305121][ T3214] vhci_hcd vhci_hcd.0: Device attached [ 597.356227][ T3215] vhci_hcd: connection closed [ 597.357756][ T61] vhci_hcd vhci_hcd.1: stop threads [ 597.362286][ T61] vhci_hcd vhci_hcd.1: release socket [ 597.364983][ T61] vhci_hcd vhci_hcd.1: disconnect device [ 597.429081][ T40] audit: type=1326 audit(824.981:14255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3208 comm="syz.8.13651" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 597.441241][ T40] audit: type=1326 audit(825.000:14256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3208 comm="syz.8.13651" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000 [ 597.451119][ T3221] __nla_validate_parse: 2 callbacks suppressed [ 597.451138][ T3221] netlink: 4 bytes leftover after parsing attributes in process `syz.4.13657'. [ 597.453820][ T40] audit: type=1326 audit(825.000:14257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3208 comm="syz.8.13651" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 597.466952][ T40] audit: type=1326 audit(825.000:14258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3208 comm="syz.8.13651" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000 [ 597.474296][ T40] audit: type=1326 audit(825.000:14259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3208 comm="syz.8.13651" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000 [ 597.483311][ T40] audit: type=1326 audit(825.000:14260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3208 comm="syz.8.13651" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000 [ 597.492952][ T40] audit: type=1326 audit(825.000:14261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3208 comm="syz.8.13651" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000 [ 597.499919][ T40] audit: type=1326 audit(825.000:14262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3208 comm="syz.8.13651" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 597.507087][ T40] audit: type=1326 audit(825.000:14263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3208 comm="syz.8.13651" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 597.835105][ T30] block nbd2: Possible stuck request ffff8880269e8000: control (read@0,4096B). Runtime 60 seconds [ 597.865280][ T3245] comedi: valid board names for 8255 driver are: [ 597.867997][ T3245] 8255 [ 597.869517][ T3245] comedi: valid board names for vmk80xx driver are: [ 597.872809][ T3245] vmk80xx [ 597.874269][ T3245] comedi: valid board names for usbduxsigma driver are: [ 597.877193][ T3245] usbduxsigma [ 597.878681][ T3245] comedi: valid board names for usbduxfast driver are: [ 597.881809][ T3245] usbduxfast [ 597.883349][ T3245] comedi: valid board names for usbdux driver are: [ 597.886162][ T3245] usbdux [ 597.887472][ T3245] comedi: valid board names for ni6501 driver are: [ 597.890132][ T3245] ni6501 [ 597.891164][ T3245] comedi: valid board names for dt9812 driver are: [ 597.893763][ T3245] dt9812 [ 597.894855][ T3245] comedi: valid board names for ni_labpc_cs driver are: [ 597.897538][ T3245] ni_labpc_cs [ 597.898705][ T3245] comedi: valid board names for ni_daq_700 driver are: [ 597.901220][ T3245] ni_daq_700 [ 597.902271][ T3245] comedi: valid board names for labpc_pci driver are: [ 597.904850][ T3245] labpc_pci [ 597.906075][ T3245] comedi: valid board names for adl_pci9118 driver are: [ 597.908527][ T3245] pci9118dg [ 597.909667][ T3245] pci9118hg [ 597.910759][ T3245] pci9118hr [ 597.914296][ T3245] comedi: valid board names for 8255_pci driver are: [ 597.917216][ T3245] 8255_pci [ 597.918690][ T3245] comedi: valid board names for s526 driver are: [ 597.921362][ T3245] s526 [ 597.941292][ T3245] comedi: valid board names for multiq3 driver are: [ 597.944115][ T3245] multiq3 [ 597.945488][ T3245] comedi: valid board names for pcmuio driver are: [ 597.948913][ T3245] pcmuio48 [ 597.950299][ T3245] pcmuio96 [ 597.951731][ T3245] comedi: valid board names for pcmmio driver are: [ 597.954642][ T3245] pcmmio [ 597.955976][ T3245] comedi: valid board names for pcmda12 driver are: [ 597.962153][ T3245] pcmda12 [ 597.963541][ T3245] comedi: valid board names for pcmad driver are: [ 597.986695][ T3245] pcmad12 [ 597.988475][ T3245] pcmad16 [ 597.990520][ T3245] comedi: valid board names for ni_labpc driver are: [ 597.993812][ T3245] lab-pc-1200 [ 597.995430][ T3245] lab-pc-1200ai [ 597.997164][ T3245] lab-pc+ [ 597.998702][ T3245] comedi: valid board names for atmio16 driver are: [ 598.002106][ T3245] atmio16 [ 598.003747][ T3245] atmio16d [ 598.005244][ T3245] comedi: valid board names for ni_at_ao driver are: [ 598.008240][ T3245] at-ao-6 [ 598.014520][ T3245] at-ao-10 [ 598.016006][ T3245] comedi: valid board names for ni_at_a2150 driver are: [ 598.027313][ T3245] ni_at_a2150 [ 598.028839][ T3245] comedi: valid board names for adq12b driver are: [ 598.031695][ T3245] adq12b [ 598.034067][ T3245] comedi: valid board names for mpc624 driver are: [ 598.036929][ T3245] mpc624 [ 598.038454][ T3245] comedi: valid board names for c6xdigio driver are: [ 598.041563][ T3245] c6xdigio [ 598.043276][ T3245] comedi: valid board names for aio_iiro_16 driver are: [ 598.046704][ T3245] aio_iiro_16 [ 598.048668][ T3245] comedi: valid board names for aio_aio12_8 driver are: [ 598.052137][ T3245] aio_aio12_8 [ 598.054822][ T3258] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 598.055400][ T3245] aio_ai12_8 [ 598.058509][ T3258] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 598.058658][ T3258] overlayfs: failed to set uuid (864/file0, err=-13); falling back to uuid=null. [ 598.075718][ T3245] aio_ao12_4 [ 598.077615][ T3245] comedi: valid board names for fl512 driver are: [ 598.083680][ T3245] fl512 [ 598.084685][ T3245] comedi: valid board names for dmm32at driver are: [ 598.087125][ T3245] dmm32at [ 598.088394][ T3245] comedi: valid board names for dt282x driver are: [ 598.090656][ T3245] dt2821 [ 598.091678][ T3245] dt2821-f [ 598.093082][ T3245] dt2821-g [ 598.094529][ T3245] dt2823 [ 598.095638][ T3245] dt2824-pgh [ 598.097234][ T3245] dt2824-pgl [ 598.098925][ T3245] dt2825 [ 598.103518][ T3245] dt2827 [ 598.104668][ T3245] dt2828 [ 598.105678][ T3245] dt2829 [ 598.106806][ T3245] dt21-ez [ 598.108142][ T3245] dt23-ez [ 598.109317][ T3245] dt24-ez [ 598.110453][ T3245] dt24-ez-pgl [ 598.111684][ T3245] comedi: valid board names for dt2817 driver are: [ 598.113933][ T3245] dt2817 [ 598.114946][ T3245] comedi: valid board names for dt2815 driver are: [ 598.117640][ T3245] dt2815 [ 598.119124][ T3245] comedi: valid board names for dt2814 driver are: [ 598.121388][ T3245] dt2814 [ 598.122382][ T3245] comedi: valid board names for dt2811 driver are: [ 598.124575][ T3245] dt2811-pgh [ 598.125777][ T3245] dt2811-pgl [ 598.126988][ T3245] comedi: valid board names for dt2801 driver are: [ 598.129591][ T3245] dt2801 [ 598.130690][ T3245] comedi: valid board names for das6402 driver are: [ 598.133168][ T3245] das6402-12 [ 598.134352][ T3245] das6402-16 [ 598.136596][ T3245] comedi: valid board names for das1800 driver are: [ 598.139437][ T3245] das-1701st [ 598.141166][ T3245] das-1701st-da [ 598.142766][ T3245] das-1702st [ 598.144250][ T3245] das-1702st-da [ 598.145805][ T3245] das-1702hr [ 598.147231][ T3245] das-1702hr-da [ 598.149022][ T3245] das-1701ao [ 598.150701][ T3245] das-1702ao [ 598.152317][ T3245] das-1801st [ 598.153928][ T3245] das-1801st-da [ 598.155628][ T3245] das-1802st [ 598.157587][ T3245] das-1802st-da [ 598.159597][ T3245] das-1802hr [ 598.162613][ T3245] das-1802hr-da [ 598.164188][ T3245] das-1801hc [ 598.165777][ T3245] das-1802hc [ 598.167117][ T3245] das-1801ao [ 598.168267][ T3245] das-1802ao [ 598.169467][ T3245] comedi: valid board names for das800 driver are: [ 598.171740][ T3245] das-800 [ 598.172839][ T3245] cio-das800 [ 598.173972][ T3245] das-801 [ 598.175106][ T3245] cio-das801 [ 598.176311][ T3245] das-802 [ 598.177428][ T3245] cio-das802 [ 598.178573][ T3245] cio-das802/16 [ 598.179803][ T3245] comedi: valid board names for isa-das08 driver are: [ 598.182122][ T3245] isa-das08 [ 598.183243][ T3245] das08-pgm [ 598.184385][ T3245] das08-pgh [ 598.185503][ T3245] das08-pgl [ 598.186652][ T3245] das08-aoh [ 598.187767][ T3245] das08-aol [ 598.188881][ T3245] das08-aom [ 598.190004][ T3245] das08/jr-ao [ 598.191178][ T3245] das08jr-16-ao [ 598.192508][ T3245] pc104-das08 [ 598.193690][ T3245] das08jr/16 [ 598.194847][ T3245] comedi: valid board names for das16m1 driver are: [ 598.197120][ T3245] das16m1 [ 598.198244][ T3245] comedi: valid board names for dac02 driver are: [ 598.200341][ T3245] dac02 [ 598.201324][ T3245] comedi: valid board names for rti802 driver are: [ 598.203528][ T3245] rti802 [ 598.204537][ T3245] comedi: valid board names for rti800 driver are: [ 598.206774][ T3245] rti800 [ 598.207833][ T3245] rti815 [ 598.208850][ T3245] comedi: valid board names for pcm3724 driver are: [ 598.211014][ T3245] pcm3724 [ 598.212117][ T3245] comedi: valid board names for pcl818 driver are: [ 598.214515][ T3245] pcl818l [ 598.215569][ T3245] pcl818h [ 598.216725][ T3245] pcl818hd [ 598.217927][ T3245] pcl818hg [ 598.219027][ T3245] pcl818 [ 598.220032][ T3245] pcl718 [ 598.221039][ T3245] pcm3718 [ 598.222109][ T3245] comedi: valid board names for pcl816 driver are: [ 598.224367][ T3245] pcl816 [ 598.225374][ T3245] pcl814b [ 598.226478][ T3245] comedi: valid board names for pcl812 driver are: [ 598.228621][ T3245] pcl812 [ 598.229607][ T3245] pcl812pg [ 598.230689][ T3245] acl8112pg [ 598.231792][ T3245] acl8112dg [ 598.232909][ T3245] acl8112hg [ 598.234019][ T3245] a821pgl [ 598.235161][ T3245] a821pglnda [ 598.236688][ T3245] a821pgh [ 598.237857][ T3245] a822pgl [ 598.238969][ T3245] a822pgh [ 598.240024][ T3245] a823pgl [ 598.241136][ T3245] a823pgh [ 598.242178][ T3245] pcl813 [ 598.243178][ T3245] pcl813b [ 598.244228][ T3245] acl8113 [ 598.245336][ T3245] iso813 [ 598.246483][ T3245] acl8216 [ 598.247530][ T3245] a826pg [ 598.248644][ T3245] comedi: valid board names for pcl730 driver are: [ 598.250885][ T3245] pcl730 [ 598.251887][ T3245] iso730 [ 598.252913][ T3245] acl7130 [ 598.253966][ T3245] pcm3730 [ 598.255066][ T3245] pcl725 [ 598.256081][ T3245] p8r8dio [ 598.257357][ T3245] acl7225b [ 598.258448][ T3245] p16r16dio [ 598.259646][ T3245] pcl733 [ 598.260688][ T3245] pcl734 [ 598.261690][ T3245] opmm-1616-xt [ 598.262835][ T3245] pearl-mm-p [ 598.263970][ T3245] ir104-pbf [ 598.265149][ T3245] comedi: valid board names for pcl726 driver are: [ 598.267355][ T3245] pcl726 [ 598.268376][ T3245] pcl727 [ 598.269443][ T3245] pcl728 [ 598.270452][ T3245] acl6126 [ 598.271499][ T3245] acl6128 [ 598.272582][ T3245] comedi: valid board names for pcl724 driver are: [ 598.274711][ T3245] pcl724 [ 598.275606][ T3245] pcl722 [ 598.276598][ T3245] pcl731 [ 598.277724][ T3245] acl7122 [ 598.278858][ T3245] acl7124 [ 598.280008][ T3245] pet48dio [ 598.281128][ T3245] pcmio48 [ 598.282184][ T3245] onyx-mm-dio [ 598.283399][ T3245] comedi: valid board names for pcl711 driver are: [ 598.285595][ T3245] pcl711 [ 598.286590][ T3245] pcl711b [ 598.287637][ T3245] acl8112hg [ 598.288862][ T3245] acl8112dg [ 598.289990][ T3245] comedi: valid board names for amplc_pc263 driver are: [ 598.292287][ T3245] pc263 [ 598.293568][ T3245] comedi: valid board names for amplc_pc236 driver are: [ 598.295841][ T3245] pc36at [ 598.296863][ T3245] comedi: valid board names for amplc_dio200 driver are: [ 598.299433][ T3245] pc212e [ 598.300488][ T3245] pc214e [ 598.301505][ T3245] pc215e [ 598.302519][ T3245] pc218e [ 598.303523][ T3245] pc272e [ 598.304542][ T3245] comedi: valid board names for comedi_parport driver are: [ 598.306927][ T3245] comedi_parport [ 598.308165][ T3245] comedi: valid board names for comedi_test driver are: [ 598.310518][ T3245] comedi_test [ 598.311691][ T3245] comedi: valid board names for comedi_bond driver are: [ 598.314041][ T3245] comedi_bond [ 598.543428][ T3285] misc userio: Begin command sent, but we're already running [ 599.924829][ T3401] netlink: 52 bytes leftover after parsing attributes in process `syz.0.13739'. [ 599.984498][ T3409] netlink: 'syz.8.13743': attribute type 14 has an invalid length. [ 600.001448][ T3411] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 600.160811][ T3416] block nbd4: server does not support multiple connections per device. [ 600.165072][ T3416] block nbd4: shutting down sockets [ 600.745867][ T3475] netlink: 'syz.0.13773': attribute type 10 has an invalid length. [ 600.748928][ T3475] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 600.756811][ T3475] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 600.764846][ T3475] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 600.799944][ T3481] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:1) [ 601.123708][ T3434] orangefs_mount: mount request failed with -4 [ 601.253077][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 601.284652][ T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 601.735661][ T3498] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 602.285549][ T3501] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13786'. [ 602.290518][ T3501] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13786'. [ 602.310520][ T3504] dlm: no local IP address has been set [ 602.312649][ T3504] dlm: cannot start dlm midcomms -107 [ 602.436339][ T3510] netem: invalid attributes len -22 [ 602.438458][ T3510] netem: change failed [ 602.478907][ T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 602.514133][ T3517] usb usb8: usbfs: process 3517 (syz.0.13792) did not claim interface 0 before use [ 603.468476][ T3534] random: crng reseeded on system resumption [ 603.539191][ T40] kauditd_printk_skb: 132 callbacks suppressed [ 603.539203][ T40] audit: type=1326 audit(830.707:14396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3543 comm="syz.0.13804" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf705d579 code=0x0 [ 603.569554][ T838] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 604.733262][ T3573] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13815'. [ 604.738647][ T3573] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13815'. [ 604.898433][ T838] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 605.009902][ T3592] netlink: 28 bytes leftover after parsing attributes in process `syz.8.13823'. [ 606.012011][ T3615] tipc: Started in network mode [ 606.013926][ T3615] tipc: Node identity ac14140f, cluster identity 4711 [ 606.016331][ T3615] tipc: New replicast peer: 255.255.255.255 [ 606.019979][ T3615] tipc: Enabled bearer , priority 10 [ 606.134809][ T3625] veth0_to_team: entered promiscuous mode [ 606.404925][ T3648] input: syz0 as /devices/virtual/input/input69 [ 606.463550][ T40] audit: type=1326 audit(833.429:14397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3651 comm="syz.4.13852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 606.481833][ T40] audit: type=1326 audit(833.429:14398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3651 comm="syz.4.13852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 606.493974][ T40] audit: type=1326 audit(833.448:14399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3651 comm="syz.4.13852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 606.493990][ T3658] [U] [ 606.494030][ T3658] [U] [ 606.503538][ T40] audit: type=1326 audit(833.448:14400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3651 comm="syz.4.13852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 606.504420][ T3658] [U] [ 606.505651][ T40] audit: type=1326 audit(833.448:14401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3651 comm="syz.4.13852" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 606.514843][ T3658] [U] [ 606.515042][ T3658] [U] [ 606.522867][ T40] audit: type=1326 audit(833.448:14402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3651 comm="syz.4.13852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 606.526358][ T3658] [U] [ 606.526398][ T3658] [U] [ 606.526432][ T3658] [U] [ 606.527022][ T3658] [U] [ 606.528064][ T40] audit: type=1326 audit(833.448:14403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3651 comm="syz.4.13852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 606.529365][ T3658] [U] [ 606.529403][ T3658] [U] [ 606.543360][ T40] audit: type=1326 audit(833.448:14404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3651 comm="syz.4.13852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 606.551888][ T3658] [U] [ 606.552165][ T3658] [U] [ 606.552198][ T3658] [U] [ 606.552228][ T3658] [U] [ 606.552259][ T3658] [U] [ 606.553435][ T3664] netlink: 190972 bytes leftover after parsing attributes in process `syz.0.13863'. [ 606.561856][ T40] audit: type=1326 audit(833.448:14405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3651 comm="syz.4.13852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 606.566967][ T3658] [U] [ 606.584940][ T3658] [U] [ 606.586378][ T3658] [U] [ 606.587619][ T3658] [U] [ 606.592865][ T3658] [U] [ 606.594192][ T3658] [U] [ 606.595422][ T3658] [U] [ 606.596645][ T3658] [U] [ 606.597981][ T3658] [U] [ 606.599169][ T3658] [U] [ 606.600430][ T3658] [U] [ 606.601627][ T3658] [U] [ 606.602833][ T3658] [U] [ 606.603795][ T3658] [U] [ 606.604799][ T3658] [U] [ 606.605787][ T3658] [U] [ 606.606865][ T3658] [U] [ 606.607783][ T3658] [U] [ 606.608760][ T3658] [U] [ 606.609686][ T3658] [U] [ 606.610690][ T3658] [U] [ 606.611868][ T3658] [U] [ 606.613058][ T3658] [U] [ 606.614145][ T3658] [U] [ 606.614933][ T3673] netlink: 'syz.0.13857': attribute type 10 has an invalid length. [ 606.615381][ T3658] [U] [ 606.619372][ T3658] [U] [ 606.620636][ T3658] [U] [ 606.621887][ T3658] [U] [ 606.623558][ T3658] [U] [ 606.624533][ T3658] [U] [ 606.625480][ T3658] [U] [ 606.626418][ T3658] [U] [ 606.627625][ T3658] [U] [ 606.627775][ T3673] bridge0: port 3(syz_tun) entered disabled state [ 606.628740][ T3658] [U] [ 606.631641][ T3673] syz_tun: left allmulticast mode [ 606.632115][ T3658] [U] [ 606.634087][ T3673] bridge0: port 3(syz_tun) entered disabled state [ 606.635183][ T3658] [U] [ 606.635307][ T3658] [U] [ 606.640048][ T3658] [U] [ 606.641216][ T3658] [U] [ 606.642459][ T3658] [U] [ 606.644079][ T3658] [U] [ 606.645286][ T3658] [U] [ 606.646360][ T3658] [U] [ 606.647440][ T3658] [U] [ 606.652019][ T3658] [U] [ 606.652500][ T3673] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 606.653291][ T3658] [U] [ 606.653325][ T3658] [U] [ 606.658309][ T3658] [U] [ 606.659625][ T3658] [U] [ 606.660986][ T3658] [U] [ 606.662219][ T3658] [U] [ 606.663498][ T3658] [U] [ 606.664856][ T3658] [U] [ 606.666012][ T3658] [U] [ 606.667130][ T3658] [U] [ 606.668259][ T3658] [U] [ 606.669680][ T3658] [U] [ 606.670884][ T3658] [U] [ 606.672009][ T3658] [U] [ 606.673267][ T3658] [U] [ 606.674441][ T3658] [U] [ 606.675655][ T3658] [U] [ 606.676878][ T3658] [U] [ 606.678009][ T3658] [U] [ 606.680217][ T3658] [U] [ 606.681396][ T3658] [U] [ 606.682590][ T3658] [U] [ 606.683770][ T3658] [U] [ 606.685025][ T3658] [U] [ 606.686282][ T3658] [U] [ 606.687489][ T3658] [U] [ 606.688676][ T3658] [U] [ 606.690025][ T3658] [U] [ 606.691255][ T3658] [U] [ 606.692510][ T3658] [U] [ 606.693733][ T3658] [U] [ 606.695149][ T3658] [U] [ 606.696431][ T3658] [U] [ 606.698095][ T3658] [U] [ 606.699282][ T3658] [U] [ 606.701197][ T3658] [U] [ 606.702439][ T3658] [U] [ 606.703758][ T3658] [U] [ 606.705356][ T3658] [U] [ 606.707843][ T3658] [U] [ 606.709527][ T3658] [U] [ 606.710777][ T3658] [U] [ 606.712223][ T3658] [U] [ 606.715115][ T3658] [U] [ 606.716344][ T3658] [U] [ 606.717548][ T3658] [U] [ 606.718747][ T3658] [U] [ 606.719991][ T3658] [U] [ 606.721248][ T3658] [U] [ 606.722486][ T3658] [U] [ 606.723694][ T3658] [U] [ 606.743914][ T3658] [U] [ 606.745142][ T3658] [U] [ 606.746374][ T3658] [U] [ 606.747609][ T3658] [U] [ 606.748841][ T3658] [U] [ 606.750059][ T3658] [U] [ 606.751318][ T3658] [U] [ 606.752580][ T3658] [U] [ 606.753538][ T3658] [U] [ 606.754481][ T3658] [U] [ 606.755406][ T3658] [U] [ 606.756364][ T3658] [U] [ 606.776174][ T3658] [U] [ 606.777192][ T3658] [U] [ 606.778149][ T3658] [U] [ 606.809450][ T3657] [U] [ 607.096704][ T34] tipc: Node number set to 2886997007 [ 608.116136][ T3713] bad cache= option: none [ 608.116136][ T3713] async : no [ 608.116136][ T3713] blocksize : 1 [ 608.116136][ T3713] ivsize : 16 [ 608.116136][ T3713] maxauthsize : 16 [ 608.116136][ T3713] geniv : [ 608.116136][ T3713] [ 608.116136][ T3713] name : cbcmac(aes) [ 608.116136][ T3713] driver : cbcmac(aes-aesni) [ 608.116136][ T3713] module : kernel [ 608.116136][ T3713] priority : 300 [ 608.116136][ T3713] refcnt : 7 [ 608.116136][ T3713] selftest : passed [ 608.116136][ T3713] internal : no [ 608.116136][ T3713] type : shash [ 608.116136][ T3713] blocksize : 16 [ 608.116136][ T3713] digestsize : 16 [ 608.116136][ T3713] [ 608.116136][ T3713] name : gcm(aes) [ 608.116136][ T3713] driver : pcrypt(generic-gcm-aesni) [ 608.116136][ T3713] module : kernel [ 608.116136][ T3713] priority : 500 [ 608.116136][ T3713] refcnt : 1 [ 608.116136][ T3713] selftest : passed [ 608.116136][ T3713] internal : no [ 608.116136][ T3713] type : aead [ 608.116136][ T3713] async : yes [ 608.116136][ T3713] blocksize : 1 [ 608.116136][ T3713] ivsize : 12 [ 608.116136][ T3713] maxauthsize : 16 [ 608.116136][ T3713] geniv : [ 608.116136][ T3713] [ 608.116136][ T3713] name : essiv(cbc(aes) [ 608.116136][ T3713] [ 608.163116][ T3713] CIFS: VFS: bad cache= option: none [ 608.163116][ T3713] async : no [ 608.163116][ T3713] blocksize : 1 [ 608.163116][ T3713] ivsize : 16 [ 608.163116][ T3713] maxauthsize : 16 [ 608.163116][ T3713] geniv : [ 608.163116][ T3713] [ 608.163116][ T3713] name : cbcmac(aes) [ 608.163116][ T3713] driver : cbcmac(aes-aesni) [ 608.163116][ T3713] module : kernel [ 608.163116][ T3713] priority : 300 [ 608.163116][ T3713] refcnt : 7 [ 608.163116][ T3713] selftest : passed [ 608.163116][ T3713] internal : no [ 608.163116][ T3713] type : shash [ 608.163116][ T3713] blocksize : 16 [ 608.163116][ T3713] digestsize : 16 [ 608.163116][ T3713] [ 608.163116][ T3713] name : gcm(aes) [ 608.163116][ T3713] driver : pcrypt(generic-gcm-aesni) [ 608.163116][ T3713] module : kernel [ 608.163116][ T3713] priority : 500 [ 608.163116][ T3713] refcnt : 1 [ 608.163116][ T3713] selftest : passed [ 608.163116][ T3713] internal : no [ 608.163116][ T3713] type : aead [ 608.163116][ T3713] async : yes [ 608.163116][ T3713] blocksize : 1 [ 608.163116][ T3713] ivsize : 12 [ 608.163116][ T3713] maxauthsize : 16 [ 608.163116][ T3713] geniv : [ 608.163116][ T3713] [ 608.163116][ T3713] name : essiv(cbc(aes) [ 608.216685][ T3713] CIFS mount error: No usable UNC path provided in device string! [ 608.216685][ T3713] [ 608.224896][ T838] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 608.224989][ T3713] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 608.299570][ T3717] netlink: 48 bytes leftover after parsing attributes in process `syz.8.13880'. [ 608.604041][ T53] usb 13-1: new high-speed USB device number 23 using dummy_hcd [ 608.764497][ T53] usb 13-1: Using ep0 maxpacket: 16 [ 608.769141][ T53] usb 13-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 608.773685][ T53] usb 13-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFC, changing to 0x8C [ 608.779334][ T53] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 7 [ 608.784058][ T53] usb 13-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 608.794001][ T53] usb 13-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f [ 608.798767][ T53] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 608.802334][ T53] usb 13-1: Product: syz [ 608.804245][ T53] usb 13-1: Manufacturer: syz [ 608.806394][ T53] usb 13-1: SerialNumber: syz [ 608.811037][ T53] usb 13-1: config 0 descriptor?? [ 608.956685][ T53] rc_core: IR keymap rc-xbox-dvd not found [ 608.959351][ T53] Registered IR keymap rc-empty [ 608.963672][ T53] rc rc0: syz syz as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:0.0/rc/rc0 [ 608.970926][ T53] input: syz syz as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:0.0/rc/rc0/input70 [ 609.044172][ T7215] usb 13-1: USB disconnect, device number 23 [ 609.044452][ C1] xbox_remote 13-1:0.0: xbox_remote_irq_in: usb_submit_urb()=-19 [ 612.675888][ T3737] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 613.251872][ T3783] input: syz1 as /devices/virtual/input/input71 [ 614.356414][ T40] kauditd_printk_skb: 11 callbacks suppressed [ 614.356433][ T40] audit: type=1326 audit(840.819:14417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3855 comm="syz.1.13950" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 614.390203][ T40] audit: type=1326 audit(840.819:14418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3855 comm="syz.1.13950" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 614.399774][ T40] audit: type=1326 audit(840.819:14419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3855 comm="syz.1.13950" exe="/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 614.409310][ T40] audit: type=1326 audit(840.819:14420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3855 comm="syz.1.13950" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 614.419341][ T40] audit: type=1326 audit(840.819:14421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3855 comm="syz.1.13950" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 614.428347][ T40] audit: type=1326 audit(840.819:14422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3855 comm="syz.1.13950" exe="/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 614.443959][ T3861] bridge0: port 3(syz_tun) entered disabled state [ 614.446553][ T40] audit: type=1326 audit(840.819:14423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3855 comm="syz.1.13950" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 614.456329][ T40] audit: type=1326 audit(840.819:14424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3855 comm="syz.1.13950" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 614.465624][ T40] audit: type=1326 audit(840.838:14425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3855 comm="syz.1.13950" exe="/syz-executor" sig=0 arch=40000003 syscall=302 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 614.483317][ T40] audit: type=1326 audit(840.838:14426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3855 comm="syz.1.13950" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 614.494896][ T3856] block nbd4: server does not support multiple connections per device. [ 614.502363][ T3856] block nbd4: shutting down sockets [ 614.635930][ T3875] netlink: 4 bytes leftover after parsing attributes in process `syz.4.13953'. [ 614.663783][ T3878] netlink: 24 bytes leftover after parsing attributes in process `syz.8.13952'. [ 614.667923][ T3878] netlink: 32 bytes leftover after parsing attributes in process `syz.8.13952'. [ 614.861485][ T61] Bluetooth: hci3: Frame reassembly failed (-84) [ 614.864065][T27620] Bluetooth: hci3: Frame reassembly failed (-84) [ 614.866370][ T3898] Bluetooth: hci3: Frame reassembly failed (-84) [ 615.679776][ T3932] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13980'. [ 615.685787][ T3932] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13980'. [ 615.732335][ T3940] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13984'. [ 615.816789][ T3953] overlayfs: workdir and upperdir must reside under the same mount [ 615.898684][ T3957] can0: slcan on ptm1. [ 616.161674][T19343] usb 9-1: new high-speed USB device number 12 using dummy_hcd [ 616.335616][T19343] usb 9-1: Using ep0 maxpacket: 16 [ 616.338946][T19343] usb 9-1: config 0 has no interfaces? [ 616.341929][T19343] usb 9-1: New USB device found, idVendor=0000, idProduct=0000, bcdDevice= 0.00 [ 616.345169][T19343] usb 9-1: New USB device strings: Mfr=0, Product=8, SerialNumber=0 [ 616.347833][T19343] usb 9-1: Product: syz [ 616.354510][T19343] usb 9-1: config 0 descriptor?? [ 616.418637][ T838] e1000 0000:00:06.0 eth0: Reset adapter [ 616.572817][T19343] usb 9-1: USB disconnect, device number 12 [ 616.653590][ T3956] can0 (unregistered): slcan off ptm1. [ 617.070395][ T5962] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 618.696151][ T838] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 619.153059][ T4025] netlink: 8 bytes leftover after parsing attributes in process `syz.8.14025'. [ 619.158076][ T4025] netlink: 4 bytes leftover after parsing attributes in process `syz.8.14025'. [ 619.161516][ T4025] netlink: 'syz.8.14025': attribute type 13 has an invalid length. [ 619.164211][ T4025] netlink: 'syz.8.14025': attribute type 12 has an invalid length. [ 619.185412][ T4028] input: syz1 as /devices/virtual/input/input72 [ 619.320694][ T4039] loop5: detected capacity change from 0 to 1 [ 619.327348][T18216] Dev loop5: unable to read RDB block 1 [ 619.330018][T18216] loop5: unable to read partition table [ 619.332678][T18216] loop5: partition table beyond EOD, truncated [ 619.343907][ T4039] Dev loop5: unable to read RDB block 1 [ 619.354792][ T4039] loop5: unable to read partition table [ 619.357002][ T4039] loop5: partition table beyond EOD, truncated [ 619.360684][ T4039] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 619.470368][ T4049] input: syz0 as /devices/virtual/input/input73 [ 619.668463][ T4067] netlink: 12 bytes leftover after parsing attributes in process `syz.0.14046'. [ 619.676418][ T4069] netlink: 'syz.4.14045': attribute type 1 has an invalid length. [ 619.679511][ T4069] netlink: 224 bytes leftover after parsing attributes in process `syz.4.14045'. [ 619.765006][ T4077] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 619.767382][ T4077] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 619.829305][ T4080] kvm: kvm [4079]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x4000006f) = 0x6 [ 619.971104][ T4093] netem: unknown loss type 0 [ 619.973048][ T4093] netem: change failed [ 620.648641][ T4144] __nla_validate_parse: 1 callbacks suppressed [ 620.648660][ T4144] netlink: 16 bytes leftover after parsing attributes in process `syz.8.14079'. [ 620.663489][ T1144] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 620.667904][ T1144] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 620.694864][ T7215] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 620.731031][ T34] IPVS: starting estimator thread 0... [ 620.848546][ T4153] IPVS: using max 27 ests per chain, 64800 per kthread [ 620.925906][ T4167] netlink: 68 bytes leftover after parsing attributes in process `syz.8.14089'. [ 620.931964][ T4167] netlink: 68 bytes leftover after parsing attributes in process `syz.8.14089'. [ 621.110248][ T4183] netlink: 16 bytes leftover after parsing attributes in process `syz.8.14096'. [ 621.115276][ T4183] netlink: 16 bytes leftover after parsing attributes in process `syz.8.14096'. [ 621.506764][ T838] usb 9-1: new high-speed USB device number 13 using dummy_hcd [ 621.517828][ T7215] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 621.677693][ T838] usb 9-1: Using ep0 maxpacket: 16 [ 621.681722][ T838] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 621.688321][ T838] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 621.692459][ T838] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 621.696226][ T838] usb 9-1: Product: syz [ 621.698404][ T838] usb 9-1: Manufacturer: syz [ 621.701008][ T838] usb 9-1: SerialNumber: syz [ 621.705438][ T838] usb 9-1: config 0 descriptor?? [ 621.711456][ T838] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 621.715641][ T838] em28xx 9-1:0.0: DVB interface 0 found: bulk [ 621.784818][ T7215] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 622.009967][ T838] em28xx 9-1:0.0: unknown em28xx chip ID (0) [ 622.087414][ T838] em28xx 9-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 622.090876][ T838] em28xx 9-1:0.0: board has no eeprom [ 622.150752][ T4190] em28xx 9-1:0.0: writing to i2c device at 0x6 failed (error=-5) [ 622.158710][ T838] em28xx 9-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 622.162093][ T838] em28xx 9-1:0.0: dvb set to bulk mode. [ 622.169363][ T24] em28xx 9-1:0.0: Binding DVB extension [ 622.179780][ T838] usb 9-1: USB disconnect, device number 13 [ 622.187641][ T838] em28xx 9-1:0.0: Disconnecting em28xx [ 622.286557][ T24] em28xx 9-1:0.0: Registering input extension [ 622.288879][ T838] em28xx 9-1:0.0: Closing input extension [ 622.299815][ T838] em28xx 9-1:0.0: Freeing device [ 622.636914][ T4233] wireguard0: entered promiscuous mode [ 623.050148][T16519] Bluetooth: hci3: Frame reassembly failed (-84) [ 623.203340][ T4274] netlink: 'syz.4.14140': attribute type 2 has an invalid length. [ 623.212764][ T4274] !: entered promiscuous mode [ 623.221655][ T4274] netlink: 'syz.4.14140': attribute type 2 has an invalid length. [ 623.225231][ T4274] !: left promiscuous mode [ 623.308990][ T4278] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0 [ 623.586703][ T4294] netlink: 4 bytes leftover after parsing attributes in process `syz.8.14148'. [ 623.861100][ T4316] netlink: 4 bytes leftover after parsing attributes in process `syz.4.14159'. [ 623.865060][ T4316] openvswitch: netlink: nsh attr 15600 is out of range max 3 [ 624.483564][ T4353] netlink: 28 bytes leftover after parsing attributes in process `syz.4.14177'. [ 624.535555][ T4360] netlink: 4 bytes leftover after parsing attributes in process `syz.8.14180'. [ 624.842449][ T4382] netlink: 212368 bytes leftover after parsing attributes in process `syz.8.14191'. [ 624.938623][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 625.194818][T28026] Bluetooth: hci3: command 0x1003 tx timeout [ 625.200299][ T5962] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 626.394038][ T4464] __nla_validate_parse: 1 callbacks suppressed [ 626.394060][ T4464] netlink: 24 bytes leftover after parsing attributes in process `syz.4.14227'. [ 626.594745][ T4481] netem: invalid attributes len -22 [ 626.599045][ T4481] netem: change failed [ 626.894671][ T5949] usb 13-1: new high-speed USB device number 24 using dummy_hcd [ 626.953816][ T4502] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 626.956874][ T4502] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 626.963741][ T4502] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 626.966690][ T4502] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 626.969034][ T4502] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 626.986869][ T4502] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 627.068407][ T5949] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 627.078273][ T5949] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 627.082179][ T5949] usb 13-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 627.088264][ T5949] usb 13-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00 [ 627.097654][ T5949] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 627.102750][ T5949] usb 13-1: config 0 descriptor?? [ 627.546388][ T5949] hid_parser_main: 6 callbacks suppressed [ 627.546402][ T5949] hid-udraw 0003:20D6:CB17.000D: unknown main item tag 0x0 [ 627.556350][ T5949] input: THQ uDraw Game Tablet for PS3 Joypad as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:0.0/0003:20D6:CB17.000D/input/input76 [ 627.568926][ T5949] input: THQ uDraw Game Tablet for PS3 Touchpad as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:0.0/0003:20D6:CB17.000D/input/input77 [ 627.581151][ T5949] input: THQ uDraw Game Tablet for PS3 Pen as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:0.0/0003:20D6:CB17.000D/input/input78 [ 627.612672][ T5949] input: THQ uDraw Game Tablet for PS3 Accelerometer as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:0.0/0003:20D6:CB17.000D/input/input79 [ 627.685876][ T5949] hid-udraw 0003:20D6:CB17.000D: hidraw1: USB HID v0.00 Device [HID 20d6:cb17] on usb-dummy_hcd.8-1/input0 [ 627.842842][T19896] usb 13-1: USB disconnect, device number 24 [ 628.066030][ T4547] bond0: entered promiscuous mode [ 628.067953][ T4547] bond_slave_0: entered promiscuous mode [ 628.070368][ T4547] bond_slave_1: entered promiscuous mode [ 628.074048][ T4547] batadv0: entered promiscuous mode [ 628.079208][ T4547] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 628.086209][ T4547] bond0: left promiscuous mode [ 628.088423][ T4547] bond_slave_0: left promiscuous mode [ 628.090311][ T4547] bond_slave_1: left promiscuous mode [ 628.094514][ T4547] batadv0: left promiscuous mode [ 628.216208][ T4556] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14270'. [ 629.046685][T28026] Bluetooth: hci0: command 0x0c1a tx timeout [ 629.083072][ T4604] netlink: 24 bytes leftover after parsing attributes in process `syz.0.14294'. [ 629.087845][ T4604] netlink: 32 bytes leftover after parsing attributes in process `syz.0.14294'. [ 629.139600][T28026] Bluetooth: hci1: command 0x0405 tx timeout [ 629.140121][ T5962] Bluetooth: hci6: command 0x0c1a tx timeout [ 629.141951][ T5948] Bluetooth: hci2: command 0x0c1a tx timeout [ 629.155051][ T40] kauditd_printk_skb: 50 callbacks suppressed [ 629.155063][ T40] audit: type=1326 audit(1110.663:14477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4609 comm="syz.8.14297" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 629.198440][ T40] audit: type=1326 audit(1110.663:14478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4609 comm="syz.8.14297" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 629.207309][ T40] audit: type=1326 audit(1110.682:14479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4609 comm="syz.8.14297" exe="/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 629.215342][ T40] audit: type=1326 audit(1110.682:14480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4609 comm="syz.8.14297" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 629.224637][ T40] audit: type=1326 audit(1110.682:14481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4609 comm="syz.8.14297" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 629.238569][ T40] audit: type=1326 audit(1110.682:14482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4609 comm="syz.8.14297" exe="/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 629.248991][ T40] audit: type=1326 audit(1110.682:14483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4609 comm="syz.8.14297" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 629.260704][ T40] audit: type=1326 audit(1110.682:14484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4609 comm="syz.8.14297" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 629.269775][ T40] audit: type=1326 audit(1110.682:14485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4609 comm="syz.8.14297" exe="/syz-executor" sig=0 arch=40000003 syscall=302 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 629.280196][ T40] audit: type=1326 audit(1110.682:14486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4609 comm="syz.8.14297" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 629.481803][ T4626] netlink: 'syz.8.14303': attribute type 1 has an invalid length. [ 630.007088][ T30] block nbd2: Possible stuck request ffff8880269e8000: control (read@0,4096B). Runtime 90 seconds [ 630.145470][ T4688] input: syz1 as /devices/virtual/input/input80 [ 630.433236][ T4698] input: syz0 as /devices/virtual/input/input81 [ 630.498961][ T4704] netlink: 774 bytes leftover after parsing attributes in process `syz.1.14342'. [ 630.503130][ T4704] netlink: 52 bytes leftover after parsing attributes in process `syz.1.14342'. [ 630.547655][ T4712] netlink: 56 bytes leftover after parsing attributes in process `syz.1.14344'. [ 630.706528][ T4723] netlink: 20 bytes leftover after parsing attributes in process `syz.0.14349'. [ 631.171100][ T24] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 631.219281][ T4771] netlink: 340 bytes leftover after parsing attributes in process `syz.8.14372'. [ 631.267507][ T5962] Bluetooth: hci0: command 0x0c1a tx timeout [ 631.359582][T19343] IPVS: starting estimator thread 0... [ 631.366484][ T5962] Bluetooth: hci1: command 0x0405 tx timeout [ 631.388220][ T24] usb 5-1: config index 0 descriptor too short (expected 39, got 27) [ 631.391675][ T24] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 631.394972][ T24] usb 5-1: config 0 interface 0 has no altsetting 0 [ 631.401808][ T24] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 631.405370][ T24] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 631.410019][ T24] usb 5-1: Product: syz [ 631.411790][ T24] usb 5-1: Manufacturer: syz [ 631.413954][ T24] usb 5-1: SerialNumber: syz [ 631.417277][ T24] usb 5-1: config 0 descriptor?? [ 631.427028][ T24] hub 5-1:0.0: bad descriptor, ignoring hub [ 631.429641][ T24] hub 5-1:0.0: probe with driver hub failed with error -5 [ 631.435121][ T24] usb 5-1: selecting invalid altsetting 0 [ 631.459453][ T4782] IPVS: using max 33 ests per chain, 79200 per kthread [ 631.647574][ T4799] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 631.711073][ T4804] netlink: 'syz.1.14387': attribute type 6 has an invalid length. [ 631.715088][ T4804] netlink: 'syz.1.14387': attribute type 6 has an invalid length. [ 631.770460][ T4808] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14389'. [ 631.776537][ T4808] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14389'. [ 632.090190][ T5949] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 632.261339][ T5949] usb 6-1: Using ep0 maxpacket: 8 [ 632.264873][ T5949] usb 6-1: config 0 has an invalid interface number: 186 but max is 0 [ 632.269319][ T5949] usb 6-1: config 0 has no interface number 0 [ 632.272011][ T5949] usb 6-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 632.275921][ T5949] usb 6-1: config 0 interface 186 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 632.279549][ T5949] usb 6-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 632.284037][ T5949] usb 6-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 632.288172][ T5949] usb 6-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 632.297277][ T5949] usb 6-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 632.300266][ T5949] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 632.302860][ T5949] usb 6-1: Product: syz [ 632.304388][ T5949] usb 6-1: Manufacturer: syz [ 632.305929][ T5949] usb 6-1: SerialNumber: syz [ 632.309124][ T5949] usb 6-1: config 0 descriptor?? [ 632.424022][ T4741] usb 5-1: reset high-speed USB device number 15 using dummy_hcd [ 632.535036][ T5949] iowarrior 6-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0 [ 632.599478][ T4741] usb 5-1: device firmware changed [ 632.602833][T19343] usb 5-1: USB disconnect, device number 15 [ 632.754800][T19896] usb 6-1: USB disconnect, device number 23 [ 632.774677][T19343] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 632.870358][ T4838] loop5: detected capacity change from 0 to 1 [ 632.874197][ T4838] Dev loop5: unable to read RDB block 1 [ 632.876289][ T4838] loop5: unable to read partition table [ 632.878750][ T4838] loop5: partition table beyond EOD, truncated [ 632.881232][ T4838] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 632.936750][T19343] usb 5-1: config index 0 descriptor too short (expected 39, got 27) [ 632.940841][T19343] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 632.945298][T19343] usb 5-1: config 0 interface 0 has no altsetting 0 [ 632.951588][T19343] usb 5-1: language id specifier not provided by device, defaulting to English [ 632.963766][T19343] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 632.968158][T19343] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 632.971819][T19343] usb 5-1: Product: syz [ 632.976198][T19343] usb 5-1: config 0 descriptor?? [ 632.981149][T19343] hub 5-1:0.0: bad descriptor, ignoring hub [ 632.983894][T19343] hub 5-1:0.0: probe with driver hub failed with error -5 [ 632.991158][T19343] usb 5-1: selecting invalid altsetting 0 [ 633.330576][ T5949] usb 5-1: USB disconnect, device number 16 [ 633.405270][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 633.528094][ T4859] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 633.531067][ T4859] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 634.543412][ T4914] netlink: 'syz.0.14436': attribute type 8 has an invalid length. [ 634.716018][ T4929] netlink: 'syz.1.14443': attribute type 31 has an invalid length. [ 634.719150][ T4929] netlink: 'syz.1.14443': attribute type 1 has an invalid length. [ 634.915028][ T4940] netlink: 'syz.0.14447': attribute type 10 has an invalid length. [ 634.917851][ T4940] netlink: 40 bytes leftover after parsing attributes in process `syz.0.14447'. [ 634.921588][ T4940] dummy0: entered promiscuous mode [ 634.924896][ T4940] bridge0: port 3(dummy0) entered blocking state [ 634.927595][ T4940] bridge0: port 3(dummy0) entered disabled state [ 634.933975][ T4940] dummy0: entered allmulticast mode [ 634.938167][ T4940] bridge0: port 3(dummy0) entered blocking state [ 634.940893][ T4940] bridge0: port 3(dummy0) entered forwarding state [ 635.030548][T19896] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 635.058269][ T4954] netlink: 24 bytes leftover after parsing attributes in process `syz.8.14456'. [ 635.089212][ T4955] ip6_vti0 speed is unknown, defaulting to 1000 [ 635.095264][ T4955] ip6_vti0 speed is unknown, defaulting to 1000 [ 635.098690][ T4955] ip6_vti0 speed is unknown, defaulting to 1000 [ 635.190457][T19896] usb 6-1: Using ep0 maxpacket: 8 [ 635.193550][T19896] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 635.196365][T19896] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 635.199538][T19896] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 635.203153][T19896] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 635.206700][T19896] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 635.210950][T19896] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 635.214535][T19896] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 635.243546][ T5949] ip6_vti0 speed is unknown, defaulting to 1000 [ 635.247489][ T4955] infiniband syz2: set down [ 635.249288][ T4955] infiniband syz2: added ip6_vti0 [ 635.290083][ T4955] RDS/IB: syz2: added [ 635.291878][ T4955] smc: adding ib device syz2 with port count 1 [ 635.296296][ T4955] smc: ib device syz2 port 1 has no pnetid [ 635.300468][ T24] ip6_vti0 speed is unknown, defaulting to 1000 [ 635.303189][ T4955] ip6_vti0 speed is unknown, defaulting to 1000 [ 635.422144][ T4955] ip6_vti0 speed is unknown, defaulting to 1000 [ 635.522979][ T4955] ip6_vti0 speed is unknown, defaulting to 1000 [ 635.606505][ T4955] ip6_vti0 speed is unknown, defaulting to 1000 [ 635.630043][ T5949] usb 9-1: new high-speed USB device number 14 using dummy_hcd [ 635.661881][ T53] usb 6-1: USB disconnect, device number 24 [ 635.739403][ T4955] ip6_vti0 speed is unknown, defaulting to 1000 [ 635.789160][ T5949] usb 9-1: Using ep0 maxpacket: 8 [ 635.792932][ T5949] usb 9-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 635.796389][ T5949] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 635.806159][ T5949] pvrusb2: Hardware description: Terratec Grabster AV400 [ 635.809358][ T5949] pvrusb2: ********** [ 635.813824][ T5949] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 635.817898][ T5949] pvrusb2: Important functionality might not be entirely working. [ 635.821220][ T5949] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 635.825844][ T5949] pvrusb2: ********** [ 636.023270][ T2488] pvrusb2: Invalid write control endpoint [ 636.120669][ T2488] pvrusb2: Invalid write control endpoint [ 636.122765][ T2488] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 636.126083][ T2488] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 636.129184][ T2488] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 636.133707][ T2488] pvrusb2: Device being rendered inoperable [ 636.136277][ T2488] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 636.139281][ T2488] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 636.143467][ T2488] pvrusb2: Attached sub-driver cx25840 [ 636.146613][ T2488] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 636.150806][ T2488] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 636.249635][T19896] usb 9-1: USB disconnect, device number 14 [ 636.315728][ T40] kauditd_printk_skb: 87 callbacks suppressed [ 636.315739][ T40] audit: type=1326 audit(1117.361:14574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4975 comm="syz.0.14471" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 636.326405][ T40] audit: type=1326 audit(1117.370:14575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4975 comm="syz.0.14471" exe="/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 636.333751][ T40] audit: type=1326 audit(1117.370:14576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4975 comm="syz.0.14471" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 636.341547][ T40] audit: type=1326 audit(1117.370:14577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4975 comm="syz.0.14471" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 636.341573][ T40] audit: type=1326 audit(1117.370:14578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4975 comm="syz.0.14471" exe="/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 636.341594][ T40] audit: type=1326 audit(1117.370:14579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4975 comm="syz.0.14471" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 636.341615][ T40] audit: type=1326 audit(1117.370:14580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4975 comm="syz.0.14471" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 636.341636][ T40] audit: type=1326 audit(1117.370:14581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4975 comm="syz.0.14471" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 636.341659][ T40] audit: type=1326 audit(1117.370:14582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4975 comm="syz.0.14471" exe="/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 636.341680][ T40] audit: type=1326 audit(1117.370:14583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4975 comm="syz.0.14471" exe="/syz-executor" sig=0 arch=40000003 syscall=252 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 636.924338][ T5021] binder: 5020:5021 ioctl c0306201 800001c0 returned -14 [ 637.009909][ T5026] block nbd4: Unsupported socket: should be TCP or UNIX. [ 637.082740][ T5949] usb 13-1: new high-speed USB device number 25 using dummy_hcd [ 637.253781][ T5949] usb 13-1: Using ep0 maxpacket: 8 [ 637.256815][ T5949] usb 13-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 637.259808][ T5949] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 637.272600][ T5949] pvrusb2: Hardware description: Terratec Grabster AV400 [ 637.281377][ T5949] pvrusb2: ********** [ 637.283931][ T5949] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 637.290425][ T5949] pvrusb2: Important functionality might not be entirely working. [ 637.293411][ T5949] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 637.298566][ T5949] pvrusb2: ********** [ 637.315983][ T5048] Bluetooth: MGMT ver 1.23 [ 637.317908][ T5048] Bluetooth: hci1: too big key_count value 11787 [ 637.461144][ T5058] IPVS: wrr: SCTP 172.20.20.187:0 - no destination available [ 637.493190][ T2488] pvrusb2: Invalid write control endpoint [ 637.526560][ T2488] pvrusb2: Invalid write control endpoint [ 637.529156][ T2488] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 637.533811][ T2488] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 637.537287][ T2488] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 637.541937][ T2488] pvrusb2: Device being rendered inoperable [ 637.544824][ T2488] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 637.547624][ T2488] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 637.552905][ T2488] pvrusb2: Attached sub-driver cx25840 [ 637.554975][ T2488] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 637.558822][ T2488] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 637.715847][T19896] usb 13-1: USB disconnect, device number 25 [ 638.627365][ T5125] netlink: 24 bytes leftover after parsing attributes in process `syz.0.14535'. [ 638.635859][ T5125] netlink: 24 bytes leftover after parsing attributes in process `syz.0.14535'. [ 638.722647][ T5128] netlink: 12 bytes leftover after parsing attributes in process `syz.0.14536'. [ 639.567770][ T5189] netlink: 8 bytes leftover after parsing attributes in process `syz.8.14563'. [ 639.570803][ T5189] netlink: 4 bytes leftover after parsing attributes in process `syz.8.14563'. [ 639.740690][ T5204] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14571'. [ 639.744302][ T5204] openvswitch: netlink: nsh attr 15600 is out of range max 3 [ 639.887900][ T5199] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 639.891795][ T5199] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 639.895214][ T5199] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 639.897596][ T5199] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 639.900229][ T5199] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 640.007213][ T5222] Bluetooth: hci3: Frame reassembly failed (-84) [ 640.552359][ T5266] netlink: 24 bytes leftover after parsing attributes in process `syz.0.14597'. [ 640.593077][ T5268] netlink: 16 bytes leftover after parsing attributes in process `syz.0.14599'. [ 640.596630][ T5268] netlink: 16 bytes leftover after parsing attributes in process `syz.0.14599'. [ 640.683846][ T5277] bond0: entered promiscuous mode [ 640.686792][ T5277] bond_slave_0: entered promiscuous mode [ 640.689472][ T5277] bond_slave_1: entered promiscuous mode [ 640.694267][ T5277] batadv0: entered promiscuous mode [ 640.698860][ T5277] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 640.704943][ T5277] bond0: left promiscuous mode [ 640.709391][ T5277] bond_slave_0: left promiscuous mode [ 640.712012][ T5277] bond_slave_1: left promiscuous mode [ 640.716149][ T5277] batadv0: left promiscuous mode [ 641.113068][ T5949] usb 13-1: new high-speed USB device number 26 using dummy_hcd [ 641.273393][ T5949] usb 13-1: Using ep0 maxpacket: 16 [ 641.277458][ T5949] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 641.283768][ T5949] usb 13-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 641.287089][ T5949] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 641.289819][ T5949] usb 13-1: Product: syz [ 641.291297][ T5949] usb 13-1: Manufacturer: syz [ 641.293001][ T5949] usb 13-1: SerialNumber: syz [ 641.299035][ T5949] usb 13-1: config 0 descriptor?? [ 641.304302][ T5949] em28xx 13-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 641.307504][ T5949] em28xx 13-1:0.0: DVB interface 0 found: bulk [ 641.594442][ T5949] em28xx 13-1:0.0: unknown em28xx chip ID (0) [ 641.660689][ T5949] em28xx 13-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 641.664833][ T5949] em28xx 13-1:0.0: board has no eeprom [ 641.733189][ T5949] em28xx 13-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 641.736458][ T5949] em28xx 13-1:0.0: dvb set to bulk mode. [ 641.738636][ T53] em28xx 13-1:0.0: Binding DVB extension [ 641.742212][ T5294] em28xx 13-1:0.0: writing to i2c device at 0x6 failed (error=-5) [ 641.749500][ T5949] usb 13-1: USB disconnect, device number 26 [ 641.752084][ T5949] em28xx 13-1:0.0: Disconnecting em28xx [ 641.785566][ T53] em28xx 13-1:0.0: Registering input extension [ 641.789991][ T5949] em28xx 13-1:0.0: Closing input extension [ 641.809248][ T5949] em28xx 13-1:0.0: Freeing device [ 641.968328][T28026] Bluetooth: hci0: command 0x0c1a tx timeout [ 642.043180][T28026] Bluetooth: hci1: command 0x0405 tx timeout [ 642.043201][ T5948] Bluetooth: hci6: command 0x0c1a tx timeout [ 642.053894][T28026] Bluetooth: hci2: command 0x0c1a tx timeout [ 642.139945][ T5962] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 642.238532][ T5325] netlink: 'syz.4.14622': attribute type 10 has an invalid length. [ 642.241342][ T5325] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 642.247450][ T5325] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 642.253686][ T5325] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 642.515558][ T5351] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14634'. [ 642.792882][ T5379] batadv1: entered allmulticast mode [ 642.795420][ T5379] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 642.798257][ T5379] bridge0: port 4(batadv1) entered blocking state [ 642.800763][ T5379] bridge0: port 4(batadv1) entered disabled state [ 642.807022][ T5379] batadv1: entered promiscuous mode [ 642.811586][ T5379] bridge0: port 4(batadv1) entered blocking state [ 642.814665][ T5379] bridge0: port 4(batadv1) entered forwarding state [ 643.022201][ T5401] usb usb8: usbfs: process 5401 (syz.8.14659) did not claim interface 0 before use [ 643.326340][T27620] batman_adv: batadv1: IGMP Querier appeared [ 643.329338][T27620] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 643.587043][ T40] kauditd_printk_skb: 163 callbacks suppressed [ 643.587056][ T40] audit: type=1326 audit(1380.163:14747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5457 comm="syz.8.14683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 643.596814][ T5453] Falling back ldisc for ttyS3. [ 643.615336][ T40] audit: type=1326 audit(1380.163:14748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5457 comm="syz.8.14683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 643.623364][ T40] audit: type=1326 audit(1380.163:14749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5457 comm="syz.8.14683" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 643.631996][ T40] audit: type=1326 audit(1380.163:14750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5457 comm="syz.8.14683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 643.641013][ T40] audit: type=1326 audit(1380.163:14751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5457 comm="syz.8.14683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 643.648748][ T40] audit: type=1326 audit(1380.163:14752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5457 comm="syz.8.14683" exe="/syz-executor" sig=0 arch=40000003 syscall=118 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 643.657061][ T40] audit: type=1326 audit(1380.163:14753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5457 comm="syz.8.14683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 643.667400][ T40] audit: type=1326 audit(1380.163:14754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5457 comm="syz.8.14683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 643.824299][ T5480] netlink: 'syz.0.14693': attribute type 13 has an invalid length. [ 643.826988][ T5480] netlink: 'syz.0.14693': attribute type 12 has an invalid length. [ 644.127753][ T5503] netlink: 'syz.0.14705': attribute type 1 has an invalid length. [ 644.192024][ T5962] Bluetooth: hci0: command 0x0c1a tx timeout [ 646.276611][ T5949] usb 13-1: new high-speed USB device number 27 using dummy_hcd [ 646.339879][ T24] IPVS: starting estimator thread 0... [ 646.422717][ T5601] netlink: 'syz.0.14748': attribute type 6 has an invalid length. [ 646.427810][ T5601] netlink: 'syz.0.14748': attribute type 6 has an invalid length. [ 646.437035][ T5949] usb 13-1: Using ep0 maxpacket: 16 [ 646.440339][ T5949] usb 13-1: config 0 has an invalid interface number: 132 but max is 0 [ 646.444533][ T5949] usb 13-1: config 0 has no interface number 0 [ 646.450552][ T5949] usb 13-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 646.454531][ T5949] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 646.458103][ T5949] usb 13-1: Product: syz [ 646.458884][ T5595] IPVS: using max 48 ests per chain, 115200 per kthread [ 646.459953][ T5949] usb 13-1: Manufacturer: syz [ 646.464282][ T5949] usb 13-1: SerialNumber: syz [ 646.469385][ T5949] usb 13-1: config 0 descriptor?? [ 646.473068][ T5949] hub 13-1:0.132: bad descriptor, ignoring hub [ 646.475316][ T5949] hub 13-1:0.132: probe with driver hub failed with error -5 [ 646.480477][ T5949] input: bcm5974 as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:0.132/input/input83 [ 646.527270][ T5607] netlink: 'syz.0.14751': attribute type 4 has an invalid length. [ 647.282022][T19343] usb 13-1: USB disconnect, device number 27 [ 647.539863][ T5649] __nla_validate_parse: 9 callbacks suppressed [ 647.539882][ T5649] netlink: 128 bytes leftover after parsing attributes in process `syz.4.14770'. [ 647.545868][ T5649] netlink: 40 bytes leftover after parsing attributes in process `syz.4.14770'. [ 648.751004][ T5698] netlink: 12 bytes leftover after parsing attributes in process `syz.1.14781'. [ 648.795449][ T5702] bridge0: the hash_elasticity option has been deprecated and is always 16 [ 649.008609][ T5721] netlink: 16 bytes leftover after parsing attributes in process `syz.8.14792'. [ 649.013962][ T5721] netlink: 12 bytes leftover after parsing attributes in process `syz.8.14792'. [ 649.017980][ T5721] netlink: 12 bytes leftover after parsing attributes in process `syz.8.14792'. [ 649.218866][ T5735] netlink: 4 bytes leftover after parsing attributes in process `syz.8.14799'. [ 649.339441][ T5744] vlan0: entered promiscuous mode [ 649.341881][ T5744] vlan0: entered allmulticast mode [ 649.344246][ T5744] bridge0: entered allmulticast mode [ 649.605549][ T5766] batman_adv: batadv0: Adding interface: vlan2 [ 649.608418][ T5766] batman_adv: batadv0: The MTU of interface vlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 649.620096][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 649.627751][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 649.632230][ T5766] batman_adv: batadv0: Not using interface vlan2 (retrying later): interface not active [ 649.781767][ T5780] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14820'. [ 649.826121][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 649.944077][ T5788] can0: slcan on ttyS3. [ 650.019170][ T5788] can0 (unregistered): slcan off ttyS3. [ 650.028288][ T5792] can0: slcan on ttyS3. [ 650.105353][ T5791] can0 (unregistered): slcan off ttyS3. [ 650.198054][ T5807] netlink: 4 bytes leftover after parsing attributes in process `syz.0.14833'. [ 650.539188][ T40] audit: type=1326 audit(1386.664:14755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5822 comm="syz.0.14840" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 650.550592][ T40] audit: type=1326 audit(1386.664:14756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5822 comm="syz.0.14840" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 650.559873][ T40] audit: type=1326 audit(1386.664:14757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5822 comm="syz.0.14840" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 650.569430][ T40] audit: type=1326 audit(1386.664:14758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5822 comm="syz.0.14840" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 650.579077][ T40] audit: type=1326 audit(1386.664:14759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5822 comm="syz.0.14840" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 650.588258][ T40] audit: type=1326 audit(1386.664:14760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5822 comm="syz.0.14840" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 650.597558][ T40] audit: type=1326 audit(1386.664:14761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5822 comm="syz.0.14840" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 650.606808][ T40] audit: type=1326 audit(1386.664:14762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5822 comm="syz.0.14840" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 650.615954][ T40] audit: type=1326 audit(1386.664:14763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5822 comm="syz.0.14840" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 650.625224][ T40] audit: type=1326 audit(1386.664:14764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5822 comm="syz.0.14840" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 651.612344][ T5876] erspan0: entered promiscuous mode [ 653.193697][T19896] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 653.234754][ T6011] netlink: 8 bytes leftover after parsing attributes in process `syz.4.14917'. [ 653.385885][T19896] usb 6-1: Using ep0 maxpacket: 16 [ 653.390999][T19896] usb 6-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35 [ 653.394064][T19896] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 653.396827][T19896] usb 6-1: Product: syz [ 653.398239][T19896] usb 6-1: Manufacturer: syz [ 653.399878][T19896] usb 6-1: SerialNumber: syz [ 653.406740][T19896] usb 6-1: config 0 descriptor?? [ 653.416988][T19896] as10x_usb: device has been detected [ 653.419436][T19896] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led)) [ 653.430988][T19896] usb 6-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))... [ 653.447490][T19896] as10x_usb: error during firmware upload part1 [ 653.450130][T19896] Registered device Sky IT Digital Key (green led) [ 653.637032][ T24] usb 6-1: USB disconnect, device number 25 [ 653.655976][ T24] Unregistered device Sky IT Digital Key (green led) [ 653.657634][ T24] as10x_usb: device has been disconnected [ 654.251239][ T6043] netlink: 'syz.1.14929': attribute type 1 has an invalid length. [ 654.254704][ T6043] netlink: 224 bytes leftover after parsing attributes in process `syz.1.14929'. [ 654.880933][ T6091] Bluetooth: hci1: too big key_count value 11787 [ 655.056729][ T6107] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 655.101884][ T6111] netlink: 4 bytes leftover after parsing attributes in process `syz.4.14959'. [ 655.733703][ T6143] netlink: 'syz.1.14968': attribute type 10 has an invalid length. [ 655.737323][ T6143] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 655.744342][ T6143] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 655.753480][ T6143] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 656.026506][T19896] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 656.186822][T19896] usb 5-1: Using ep0 maxpacket: 16 [ 656.190943][T19896] usb 5-1: config index 0 descriptor too short (expected 65, got 36) [ 656.194595][T19896] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 656.206051][T19896] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 656.212241][T19896] usb 5-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 656.216021][T19896] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 656.227442][T19896] usb 5-1: config 0 descriptor?? [ 656.238964][T19896] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input84 [ 656.451148][ T34] usb 5-1: USB disconnect, device number 17 [ 657.010253][T19896] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 657.103272][ T6186] Falling back ldisc for ttyS3. [ 657.149624][ T6192] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 657.181164][T19896] usb 6-1: Using ep0 maxpacket: 8 [ 657.194103][T19896] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 657.198404][T19896] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 657.207445][T19896] pvrusb2: Hardware description: Terratec Grabster AV400 [ 657.210899][T19896] pvrusb2: ********** [ 657.216660][T19896] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 657.221327][T19896] pvrusb2: Important functionality might not be entirely working. [ 657.226572][T19896] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 657.231347][T19896] pvrusb2: ********** [ 657.424454][ T2488] pvrusb2: Invalid write control endpoint [ 657.428498][ T6213] lo: entered promiscuous mode [ 657.438049][ T6213] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 657.502171][ T2488] pvrusb2: Invalid write control endpoint [ 657.513582][ T2488] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 657.517440][ T2488] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 657.520928][ T2488] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 657.525593][ T2488] pvrusb2: Device being rendered inoperable [ 657.528597][ T2488] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 657.531980][ T2488] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 657.541528][ T2488] pvrusb2: Attached sub-driver cx25840 [ 657.544542][ T2488] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 657.549467][ T2488] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 657.638943][ T6181] pvrusb2: Killing an I2C write to 6 that is too large (desired=63 limit=61) [ 657.644067][T19896] usb 6-1: USB disconnect, device number 26 [ 658.037707][ T24] e1000 0000:00:06.0 eth0: Reset adapter [ 658.071322][ T6256] netlink: 4 bytes leftover after parsing attributes in process `syz.8.15025'. [ 660.347343][ T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 660.500527][ T6275] kernel read not supported for file /eth0 (pid: 6275 comm: syz.8.15033) [ 660.505369][ T40] kauditd_printk_skb: 188 callbacks suppressed [ 660.505385][ T40] audit: type=1800 audit(1396.981:14953): pid=6275 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.15033" name="eth0" dev="mqueue" ino=128363 res=0 errno=0 [ 660.652025][ T6290] input: syz0 as /devices/virtual/input/input85 [ 661.201584][ T6310] hid-generic 0003:0627:0001.0001: pid 6310 passed too short report [ 661.318275][ T34] usb 13-1: new high-speed USB device number 28 using dummy_hcd [ 661.489853][ T34] usb 13-1: Using ep0 maxpacket: 32 [ 661.494680][ T34] usb 13-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 661.498672][ T34] usb 13-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 661.503352][ T34] usb 13-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 661.507334][ T34] usb 13-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 661.518894][ T34] usb 13-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 661.524707][ T34] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 661.528514][ T34] usb 13-1: Product: syz [ 661.539329][ T34] usb 13-1: Manufacturer: syz [ 661.541524][ T34] usb 13-1: SerialNumber: syz [ 661.551027][ C3] imon 13-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 661.561349][ T34] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:155.0/input/input86 [ 661.788668][ T34] imon 13-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 661.797308][ T34] (id 0x00) [ 661.862050][ T6381] netlink: 190972 bytes leftover after parsing attributes in process `syz.1.15080'. [ 661.875480][ T34] rc_core: IR keymap rc-imon-pad not found [ 661.877549][ T34] Registered IR keymap rc-empty [ 661.879365][ T34] imon 13-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 661.883036][ T34] imon 13-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 662.005618][ T34] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:155.0/rc/rc0 [ 662.011725][ T34] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:155.0/rc/rc0/input87 [ 662.020901][ T34] imon 13-1:155.0: iMON device (15c2:ffdc, intf0) on usb<13:28> initialized [ 662.153748][ T30] block nbd2: Possible stuck request ffff8880269e8000: control (read@0,4096B). Runtime 120 seconds [ 662.202077][T19896] usb 13-1: USB disconnect, device number 28 [ 662.633639][T19896] usb 9-1: new high-speed USB device number 15 using dummy_hcd [ 662.735382][ T6443] netlink: 16 bytes leftover after parsing attributes in process `syz.0.15110'. [ 662.793642][T19896] usb 9-1: Using ep0 maxpacket: 16 [ 662.796816][T19896] usb 9-1: config 0 has an invalid interface number: 132 but max is 0 [ 662.800076][T19896] usb 9-1: config 0 has no interface number 0 [ 662.806255][T19896] usb 9-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 662.809620][T19896] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 662.812532][T19896] usb 9-1: Product: syz [ 662.813890][T19896] usb 9-1: Manufacturer: syz [ 662.815561][T19896] usb 9-1: SerialNumber: syz [ 662.818291][T19896] usb 9-1: config 0 descriptor?? [ 662.824897][T19896] hub 9-1:0.132: bad descriptor, ignoring hub [ 662.828154][T19896] hub 9-1:0.132: probe with driver hub failed with error -5 [ 662.834187][T19896] input: bcm5974 as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.132/input/input88 [ 662.847338][ T24] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 663.018466][ T24] usb 6-1: Using ep0 maxpacket: 8 [ 663.022164][ T24] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 663.025711][ T24] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 663.030204][ T24] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 663.034540][ T24] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 663.050405][ T24] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 663.053974][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 663.283442][ T6467] netlink: 4 bytes leftover after parsing attributes in process `syz.8.15121'. [ 663.285402][ T24] usb 6-1: GET_CAPABILITIES returned 0 [ 663.289784][ T24] usbtmc 6-1:16.0: can't read capabilities [ 663.343243][ T6470] netlink: 4 bytes leftover after parsing attributes in process `syz.8.15122'. [ 663.508147][ T6439] usb 6-1: usbtmc_ioctl_clear_in_halt returned -32 [ 663.512891][T19343] usb 6-1: USB disconnect, device number 27 [ 664.322380][ T5949] usb 9-1: USB disconnect, device number 15 [ 664.482875][ T5949] usb 9-1: new full-speed USB device number 16 using dummy_hcd [ 664.660614][ T5949] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 664.665418][ T5949] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 664.669271][ T5949] usb 9-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 664.672041][ T6524] macvlan1: entered allmulticast mode [ 664.674049][ T5949] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 664.676171][ T6524] macsec0: entered allmulticast mode [ 664.676191][ T6524] veth1_macvtap: entered allmulticast mode [ 664.678779][ T6524] macsec0: left allmulticast mode [ 664.687728][ T6524] veth1_macvtap: left allmulticast mode [ 664.691652][ T5949] usb 9-1: config 0 descriptor?? [ 664.701441][ T5949] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 664.704524][ T5949] dvb-usb: bulk message failed: -22 (3/0) [ 664.708289][ T5949] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 664.714244][ T5949] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 664.717075][ T5949] usb 9-1: media controller created [ 664.720741][ T5949] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 664.727512][ T5949] dvb-usb: bulk message failed: -22 (6/0) [ 664.730206][ T5949] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 664.734376][ T5949] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb9/9-1/input/input89 [ 664.740839][ T5949] dvb-usb: schedule remote query interval to 150 msecs. [ 664.743215][ T5949] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 664.886878][ T6536] nfs: Unknown parameter 'ntext' [ 664.914246][ T5949] dvb-usb: bulk message failed: -22 (1/0) [ 664.917815][ T5949] dvb-usb: error while querying for an remote control event. [ 664.933005][T19896] usb 9-1: USB disconnect, device number 16 [ 664.959684][T19896] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 665.015497][ T6545] netlink: 60 bytes leftover after parsing attributes in process `syz.8.15158'. [ 665.418727][ T6577] netlink: 40 bytes leftover after parsing attributes in process `syz.1.15173'. [ 665.967644][ T6627] netlink: 'syz.1.15195': attribute type 1 has an invalid length. [ 666.041989][ T6635] sp0: Synchronizing with TNC [ 666.056283][ T6633] [U] `` [ 666.308514][ T6651] netlink: 28 bytes leftover after parsing attributes in process `syz.8.15207'. [ 666.359333][ T6654] input: syz0 as /devices/virtual/input/input90 [ 666.701386][ T6667] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 666.932861][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 666.950833][ T6707] misc userio: Can't change port type on an already running userio instance [ 667.117313][ T6719] 8021q: adding VLAN 0 to HW filter on device bond1 [ 667.122436][ T6719] bond0: (slave bond1): Enslaving as an active interface with an up link [ 667.308519][ T6737] block nbd4: Unsupported socket: should be TCP or UNIX. [ 668.663070][ T24] usb 9-1: new high-speed USB device number 17 using dummy_hcd [ 668.788565][ T6795] sctp: [Deprecated]: syz.8.15266 (pid 6795) Use of int in maxseg socket option. [ 668.788565][ T6795] Use struct sctp_assoc_value instead [ 668.836021][ T24] usb 9-1: config index 0 descriptor too short (expected 23569, got 27) [ 668.839495][ T24] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 668.858442][ T24] usb 9-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 668.862215][ T24] usb 9-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 668.865479][ T24] usb 9-1: Manufacturer: syz [ 668.875224][ T24] usb 9-1: config 0 descriptor?? [ 668.940684][ T24] rc_core: IR keymap rc-hauppauge not found [ 668.942656][ T24] Registered IR keymap rc-empty [ 668.944747][ T24] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/rc/rc0 [ 668.967977][ T24] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/rc/rc0/input92 [ 669.074031][ T40] audit: type=1326 audit(1405.007:14954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6822 comm="syz.1.15278" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fd3598 code=0x7ffc0000 [ 669.080978][ T40] audit: type=1326 audit(1405.007:14955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6822 comm="syz.1.15278" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fd3598 code=0x7ffc0000 [ 669.087829][ T40] audit: type=1326 audit(1405.007:14956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6822 comm="syz.1.15278" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fd3598 code=0x7ffc0000 [ 669.105861][ T40] audit: type=1326 audit(1405.007:14957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6822 comm="syz.1.15278" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fd3598 code=0x7ffc0000 [ 669.122521][ T40] audit: type=1326 audit(1405.007:14958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6822 comm="syz.1.15278" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fd3598 code=0x7ffc0000 [ 669.122622][ T6769] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 669.140855][ T40] audit: type=1326 audit(1405.007:14959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6822 comm="syz.1.15278" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fd3598 code=0x7ffc0000 [ 669.151631][ T40] audit: type=1326 audit(1405.007:14960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6822 comm="syz.1.15278" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fd3598 code=0x7ffc0000 [ 669.155008][ T6769] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 669.170548][ T40] audit: type=1326 audit(1405.007:14961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6822 comm="syz.1.15278" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fd3598 code=0x7ffc0000 [ 669.186588][ T40] audit: type=1326 audit(1405.007:14962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6822 comm="syz.1.15278" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fd3598 code=0x7ffc0000 [ 669.206076][T19343] usb 9-1: USB disconnect, device number 17 [ 669.208451][ T40] audit: type=1326 audit(1405.007:14963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6822 comm="syz.1.15278" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fd3598 code=0x7ffc0000 [ 669.456845][ T6839] overlayfs: invalid origin (0000) [ 669.719160][ T6858] netlink: 8 bytes leftover after parsing attributes in process `syz.0.15294'. [ 669.725107][ T6858] netlink: 8 bytes leftover after parsing attributes in process `syz.0.15294'. [ 669.837401][ T6871] loop7: detected capacity change from 0 to 7 [ 669.846144][ C3] blk_print_req_error: 26 callbacks suppressed [ 669.846163][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 669.853147][ C3] buffer_io_error: 25 callbacks suppressed [ 669.853163][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 669.860587][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 669.863747][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 669.866543][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 669.869822][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 669.870957][T19896] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 669.873249][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 669.880363][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 669.884156][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 669.887104][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 669.889876][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 669.893423][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 669.896392][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 669.900765][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 669.904402][T18216] ldm_validate_partition_table(): Disk read failed. [ 669.967325][ T6875] support for the xor transformation has been removed. [ 669.972038][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 669.976291][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 669.980295][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 669.984472][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 669.988181][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 669.992147][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 669.997301][T18216] Dev loop7: unable to read RDB block 0 [ 670.002698][T18216] loop7: unable to read partition table [ 670.008989][T18216] loop7: partition table beyond EOD, truncated [ 670.014980][ T6885] netlink: 12 bytes leftover after parsing attributes in process `syz.8.15308'. [ 670.017792][ T6871] ldm_validate_partition_table(): Disk read failed. [ 670.019077][ T6885] netlink: 12 bytes leftover after parsing attributes in process `syz.8.15308'. [ 670.028380][ T6871] Dev loop7: unable to read RDB block 0 [ 670.033775][ T6871] loop7: unable to read partition table [ 670.036283][ T6871] loop7: partition table beyond EOD, truncated [ 670.037755][T19896] usb 6-1: Using ep0 maxpacket: 16 [ 670.039038][ T6871] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 670.049435][T19896] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 670.059062][T19896] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 670.063417][T19896] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 670.067158][T19896] usb 6-1: Product: syz [ 670.069169][T19896] usb 6-1: Manufacturer: syz [ 670.071293][T19896] usb 6-1: SerialNumber: syz [ 670.075824][T19896] usb 6-1: config 0 descriptor?? [ 670.076509][ T5350] ldm_validate_partition_table(): Disk read failed. [ 670.081061][ T5350] Dev loop7: unable to read RDB block 0 [ 670.081128][T19896] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 670.085147][ T5350] loop7: unable to read partition table [ 670.088462][T19896] em28xx 6-1:0.0: DVB interface 0 found: bulk [ 670.097676][ T5350] loop7: partition table beyond EOD, truncated [ 670.362995][T19896] em28xx 6-1:0.0: unknown em28xx chip ID (0) [ 670.432292][T19896] em28xx 6-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 670.435804][T19896] em28xx 6-1:0.0: board has no eeprom [ 670.501571][T19896] em28xx 6-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 670.505058][T19896] em28xx 6-1:0.0: dvb set to bulk mode. [ 670.507580][ T7215] em28xx 6-1:0.0: Binding DVB extension [ 670.520920][T19896] usb 6-1: USB disconnect, device number 28 [ 670.525551][T19896] em28xx 6-1:0.0: Disconnecting em28xx [ 670.544872][ T7215] em28xx 6-1:0.0: Registering input extension [ 670.548299][T19896] em28xx 6-1:0.0: Closing input extension [ 670.556175][T19896] em28xx 6-1:0.0: Freeing device [ 670.701690][ T6925] netlink: 'syz.8.15327': attribute type 6 has an invalid length. [ 670.709760][ T6925] netlink: 'syz.8.15327': attribute type 6 has an invalid length. [ 670.804561][ T6940] Context (ID=0x1) not attached to queue pair (handle=0x1:0x81) [ 670.843996][ T5949] kernel write not supported for file /uinput (pid: 5949 comm: kworker/1:4) [ 671.944855][ T5949] usb 13-1: new low-speed USB device number 29 using dummy_hcd [ 672.117506][ T5949] usb 13-1: config 0 has an invalid interface number: 1 but max is 0 [ 672.121222][ T5949] usb 13-1: config 0 has no interface number 0 [ 672.124021][ T5949] usb 13-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 672.129040][ T5949] usb 13-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 672.132895][ T5949] usb 13-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 672.136413][ T5949] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 672.145064][ T5949] usb 13-1: config 0 descriptor?? [ 672.147335][ T7024] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 672.155987][ T5949] iowarrior 13-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 672.290122][ T7056] netlink: 27 bytes leftover after parsing attributes in process `syz.4.15385'. [ 672.320915][ T7049] hid-generic 0003:0627:0001.0001: pid 7049 passed too short report [ 672.380995][ T5949] usb 13-1: USB disconnect, device number 29 [ 672.492092][ T7074] syzkaller0: tun_chr_ioctl cmd 1074025678 [ 672.494607][ T7074] syzkaller0: group set to 0 [ 672.903549][ T7103] veth1_to_bond: entered allmulticast mode [ 672.905834][ T7102] veth1_to_bond: left allmulticast mode [ 672.943428][ T7106] team_slave_0: entered promiscuous mode [ 672.945374][ T7106] team_slave_1: entered promiscuous mode [ 672.948086][ T7106] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 672.998218][ T7116] netlink: 190972 bytes leftover after parsing attributes in process `syz.8.15412'. [ 673.444502][ T7150] netlink: 12 bytes leftover after parsing attributes in process `syz.1.15428'. [ 674.125753][ T5949] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 674.296703][ T5949] usb 5-1: Using ep0 maxpacket: 8 [ 674.299429][ T7204] netlink: 8 bytes leftover after parsing attributes in process `syz.4.15453'. [ 674.300226][ T5949] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 674.306380][ T5949] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 674.317166][ T5949] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 674.321140][ T5949] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 674.324572][ T5949] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 674.339463][ T5949] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 674.342446][ T5949] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 674.570001][ T5949] usb 5-1: GET_CAPABILITIES returned 0 [ 674.572699][ T5949] usbtmc 5-1:16.0: can't read capabilities [ 674.748663][ T7223] netlink: 4 bytes leftover after parsing attributes in process `syz.4.15459'. [ 674.791590][ T7178] usbtmc 5-1:16.0: send_request_dev_dep_msg_in returned -90 [ 674.795875][ T5949] usb 5-1: USB disconnect, device number 18 [ 674.855959][ T7231] netlink: 16 bytes leftover after parsing attributes in process `syz.1.15466'. [ 675.988256][ T40] kauditd_printk_skb: 1308 callbacks suppressed [ 675.988269][ T40] audit: type=1326 audit(1411.470:16272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7280 comm="syz.8.15490" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000 [ 675.997813][ T40] audit: type=1326 audit(1411.470:16273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7280 comm="syz.8.15490" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000 [ 676.007919][ T40] audit: type=1326 audit(1411.470:16274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7280 comm="syz.8.15490" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000 [ 676.015244][ T40] audit: type=1326 audit(1411.470:16275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7280 comm="syz.8.15490" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000 [ 676.023118][ T40] audit: type=1326 audit(1411.470:16276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7280 comm="syz.8.15490" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000 [ 676.030068][ T40] audit: type=1326 audit(1411.470:16277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7280 comm="syz.8.15490" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000 [ 676.037062][ T40] audit: type=1326 audit(1411.470:16278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7280 comm="syz.8.15490" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000 [ 676.044070][ T40] audit: type=1326 audit(1411.470:16279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7280 comm="syz.8.15490" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000 [ 676.052470][ T40] audit: type=1326 audit(1411.470:16280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7280 comm="syz.8.15490" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000 [ 676.060135][ T40] audit: type=1326 audit(1411.470:16281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7280 comm="syz.8.15490" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000 [ 676.265338][T19896] usb 9-1: new high-speed USB device number 18 using dummy_hcd [ 676.424470][T19896] usb 9-1: Using ep0 maxpacket: 8 [ 676.437995][T19896] usb 9-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 676.442281][T19896] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 676.457023][T19896] pvrusb2: Hardware description: Terratec Grabster AV400 [ 676.460616][T19896] pvrusb2: ********** [ 676.462500][T19896] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 676.467472][T19896] pvrusb2: Important functionality might not be entirely working. [ 676.471421][T19896] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 676.476561][T19896] pvrusb2: ********** [ 676.677403][ T2488] pvrusb2: Invalid write control endpoint [ 676.747259][ T2488] pvrusb2: Invalid write control endpoint [ 676.749340][ T2488] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 676.752778][ T2488] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 676.757149][ T2488] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 676.761264][ T2488] pvrusb2: Device being rendered inoperable [ 676.765561][ T2488] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 676.768296][ T2488] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_d) [ 676.771252][ T2488] pvrusb2: Attached sub-driver cx25840 [ 676.773180][ T2488] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 676.776566][ T2488] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 676.819857][ T24] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 676.893386][ T7283] pvrusb2: Attempted to execute control transfer when device not ok [ 676.897413][ T34] usb 9-1: USB disconnect, device number 18 [ 676.990815][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 676.993871][ T24] usb 5-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 676.997600][ T24] usb 5-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 677.002088][ T24] usb 5-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 677.005572][ T24] usb 5-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 677.011225][ T24] usb 5-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 677.014465][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 677.016910][ T24] usb 5-1: Product: syz [ 677.018252][ T24] usb 5-1: Manufacturer: syz [ 677.019813][ T24] usb 5-1: SerialNumber: syz [ 677.025583][ C2] imon 5-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 677.029692][ T24] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:155.0/input/input94 [ 677.108382][ T5962] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 677.108945][T28026] Bluetooth: hci3: command 0x1003 tx timeout [ 677.188762][ T7311] netlink: 60 bytes leftover after parsing attributes in process `syz.1.15501'. [ 677.269084][ T24] imon 5-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 677.272015][ T24] (id 0x00) [ 677.332864][ T24] rc_core: IR keymap rc-imon-pad not found [ 677.334968][ T24] Registered IR keymap rc-empty [ 677.336702][ T24] imon 5-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 677.340286][ T24] imon 5-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 677.469880][ T7320] macvlan3: entered allmulticast mode [ 677.472116][ T7320] macsec0: entered allmulticast mode [ 677.474104][ T7320] veth1_macvtap: entered allmulticast mode [ 677.477496][ T7320] macsec0: left allmulticast mode [ 677.479195][ T7320] veth1_macvtap: left allmulticast mode [ 677.485425][ T24] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:155.0/rc/rc0 [ 677.493010][ T24] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:155.0/rc/rc0/input95 [ 677.508115][ T24] imon 5-1:155.0: iMON device (15c2:ffdc, intf0) on usb<5:19> initialized [ 677.685409][ T24] usb 5-1: USB disconnect, device number 19 [ 678.011246][ T7344] netlink: 8 bytes leftover after parsing attributes in process `syz.8.15518'. [ 678.274045][ T7366] netlink: 28 bytes leftover after parsing attributes in process `syz.4.15527'. [ 678.730480][ T7398] binder: 7397:7398 ioctl c00c620f 800000c0 returned -22 [ 679.100176][ T7425] netlink: 4 bytes leftover after parsing attributes in process `syz.8.15556'. [ 679.105130][ T7425] netlink: 4 bytes leftover after parsing attributes in process `syz.8.15556'. [ 679.187695][ T7431] netlink: 4 bytes leftover after parsing attributes in process `syz.1.15560'. [ 679.671700][ T7462] kvm: kvm [7461]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x11e) = 0x1 [ 680.251914][ T24] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 680.415696][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 680.427322][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 680.432067][ T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 680.438837][ T24] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 680.445602][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 680.455085][ T24] usb 5-1: config 0 descriptor?? [ 680.907636][ T24] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 680.911089][ T24] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 680.923869][ T24] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 680.927721][ T24] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 680.931064][ T24] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 680.934339][ T24] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 680.946916][ T24] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 680.950963][ T24] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 680.954217][ T24] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 680.958148][ T24] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 680.976820][ T24] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 681.185597][ T24] usb 5-1: USB disconnect, device number 20 [ 681.218357][ T7536] gfs2: error -5 reading superblock [ 681.226029][ T5350] udevd[5350]: worker [18216] terminated by signal 33 (Unknown signal 33) [ 681.235775][ T5350] udevd[5350]: worker [18216] failed while handling '/devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0' [ 681.864659][ T7578] overlayfs: invalid origin (0000) [ 682.195189][ T7599] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 682.291333][ T7609] netlink: 8 bytes leftover after parsing attributes in process `syz.0.15644'. [ 682.295527][ T7609] netlink: 'syz.0.15644': attribute type 30 has an invalid length. [ 682.316232][T19671] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 682.319351][T19671] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 682.325599][ T12] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 682.329535][ T12] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 682.489917][ T7622] netlink: 8 bytes leftover after parsing attributes in process `syz.8.15651'. [ 682.493854][ T7622] netlink: 12 bytes leftover after parsing attributes in process `syz.8.15651'. [ 682.498491][ T7622] netlink: 'syz.8.15651': attribute type 20 has an invalid length. [ 682.667540][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 682.725249][ T7642] netlink: 4 bytes leftover after parsing attributes in process `syz.1.15660'. [ 683.202194][ T7669] Context (ID=0x1) not attached to queue pair (handle=0x1:0x81) [ 683.246505][ T7674] random: crng reseeded on system resumption [ 683.485652][ T7692] GUP no longer grows the stack in syz.4.15685 (7692): 80004000-80005000 (80001000) [ 683.489661][ T7692] CPU: 1 UID: 0 PID: 7692 Comm: syz.4.15685 Tainted: G L syzkaller #0 PREEMPT(full) [ 683.489682][ T7692] Tainted: [L]=SOFTLOCKUP [ 683.489686][ T7692] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 683.489694][ T7692] Call Trace: [ 683.489699][ T7692] [ 683.489704][ T7692] dump_stack_lvl+0x16c/0x1f0 [ 683.489727][ T7692] gup_vma_lookup+0x1d2/0x220 [ 683.489746][ T7692] __get_user_pages+0x241/0x3590 [ 683.489768][ T7692] ? register_lock_class+0x41/0x4b0 [ 683.489780][ T7692] ? __pfx___get_user_pages+0x10/0x10 [ 683.489801][ T7692] __gup_longterm_locked+0xa92/0x17e0 [ 683.489818][ T7692] ? __lock_acquire+0x436/0x2890 [ 683.489831][ T7692] ? __pfx___gup_longterm_locked+0x10/0x10 [ 683.489856][ T7692] pin_user_pages_remote+0xed/0x140 [ 683.489874][ T7692] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 683.489891][ T7692] ? mm_access+0x22d/0x2e0 [ 683.489912][ T7692] process_vm_rw_core.constprop.0+0x41b/0x970 [ 683.489930][ T7692] ? trace_kmalloc+0x2b/0xb0 [ 683.489949][ T7692] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 683.489966][ T7692] ? iovec_from_user+0xbb/0x140 [ 683.489985][ T7692] ? iovec_from_user+0xbb/0x140 [ 683.489999][ T7692] process_vm_rw+0x216/0x2c0 [ 683.490022][ T7692] ? __pfx_process_vm_rw+0x10/0x10 [ 683.490049][ T7692] ? __pfx___mm_populate+0x10/0x10 [ 683.490099][ T7692] ? xfd_validate_state+0x61/0x180 [ 683.490117][ T7692] __ia32_sys_process_vm_writev+0xdf/0x1b0 [ 683.490133][ T7692] ? __do_fast_syscall_32+0x9a/0x680 [ 683.490151][ T7692] ? lockdep_hardirqs_on+0x7c/0x110 [ 683.490182][ T7692] __do_fast_syscall_32+0xe8/0x680 [ 683.490203][ T7692] do_fast_syscall_32+0x32/0x80 [ 683.490215][ T7692] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 683.490231][ T7692] RIP: 0023:0xf70ad579 [ 683.490241][ T7692] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 683.490253][ T7692] RSP: 002b:00000000f549d55c EFLAGS: 00000296 ORIG_RAX: 000000000000015c [ 683.490266][ T7692] RAX: ffffffffffffffda RBX: 0000000000000b80 RCX: 0000000080c22000 [ 683.490273][ T7692] RDX: 000000000000002b RSI: 0000000080c22fa0 RDI: 0000000000000001 [ 683.490280][ T7692] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 683.490287][ T7692] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 683.490293][ T7692] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 683.490308][ T7692] [ 684.105369][ T40] kauditd_printk_skb: 253 callbacks suppressed [ 684.105382][ T40] audit: type=1326 audit(1419.066:16535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7726 comm="syz.8.15702" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 684.121722][ T40] audit: type=1326 audit(1419.066:16536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7726 comm="syz.8.15702" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000 [ 684.125416][ T7729] kAFS: unable to lookup cell '(,cL' [ 684.129005][ T40] audit: type=1326 audit(1419.066:16537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7726 comm="syz.8.15702" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000 [ 684.138521][ T40] audit: type=1326 audit(1419.066:16538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7726 comm="syz.8.15702" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000 [ 684.140970][ T7729] kAFS: unable to lookup cell '(,' [ 684.145356][ T40] audit: type=1326 audit(1419.066:16539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7726 comm="syz.8.15702" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000 [ 684.145382][ T40] audit: type=1326 audit(1419.066:16540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7726 comm="syz.8.15702" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000 [ 684.145404][ T40] audit: type=1326 audit(1419.066:16541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7726 comm="syz.8.15702" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000 [ 684.145425][ T40] audit: type=1326 audit(1419.066:16542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7726 comm="syz.8.15702" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000 [ 684.145446][ T40] audit: type=1326 audit(1419.066:16543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7726 comm="syz.8.15702" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000 [ 684.145467][ T40] audit: type=1326 audit(1419.066:16544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7726 comm="syz.8.15702" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000 [ 684.303441][ C2] ================================================================== [ 684.306274][ C2] BUG: KASAN: slab-use-after-free in rcu_cblist_dequeue+0xb0/0xe0 [ 684.309175][ C2] Read of size 8 at addr ffff8880513d8dd8 by task syz.8.15707/7738 [ 684.313984][ C2] [ 684.314821][ C2] CPU: 2 UID: 0 PID: 7738 Comm: syz.8.15707 Tainted: G L syzkaller #0 PREEMPT(full) [ 684.314843][ C2] Tainted: [L]=SOFTLOCKUP [ 684.314848][ C2] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 684.314855][ C2] Call Trace: [ 684.314860][ C2] [ 684.314866][ C2] dump_stack_lvl+0x116/0x1f0 [ 684.314886][ C2] print_report+0xcd/0x630 [ 684.314903][ C2] ? __virt_addr_valid+0x81/0x610 [ 684.314920][ C2] ? __phys_addr+0xe8/0x180 [ 684.314935][ C2] ? rcu_cblist_dequeue+0xb0/0xe0 [ 684.314950][ C2] kasan_report+0xe0/0x110 [ 684.314968][ C2] ? rcu_cblist_dequeue+0xb0/0xe0 [ 684.314991][ C2] ? rcu_core+0x797/0x15f0 [ 684.315011][ C2] rcu_cblist_dequeue+0xb0/0xe0 [ 684.315036][ C2] rcu_core+0x6f6/0x15f0 [ 684.315060][ C2] ? __pfx_rcu_core+0x10/0x10 [ 684.315087][ C2] handle_softirqs+0x219/0x950 [ 684.315111][ C2] ? __pfx_handle_softirqs+0x10/0x10 [ 684.315126][ C2] __irq_exit_rcu+0x109/0x170 [ 684.315141][ C2] irq_exit_rcu+0x9/0x30 [ 684.315154][ C2] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 684.315171][ C2] [ 684.315175][ C2] [ 684.315179][ C2] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 684.315191][ C2] RIP: 0010:lock_release+0x183/0x2d0 [ 684.315203][ C2] Code: 0f c1 05 78 07 19 12 83 f8 01 0f 85 03 01 00 00 9c 58 f6 c4 02 0f 85 ee 00 00 00 41 f7 c5 00 02 00 00 74 01 fb 48 8b 44 24 10 <65> 48 2b 05 0d c0 18 12 0f 85 32 01 00 00 48 83 c4 18 5b 41 5c 41 [ 684.315213][ C2] RSP: 0018:ffffc90003dc7430 EFLAGS: 00000206 [ 684.315223][ C2] RAX: 6d3c59a4689cd100 RBX: ffffffff8e3c9520 RCX: ffffc90003dc743c [ 684.315231][ C2] RDX: 0000000000000001 RSI: ffffffff8daa494a RDI: ffffffff8bf2b580 [ 684.315238][ C2] RBP: 0000000000000001 R08: ffffffff911ae744 R09: 0000000082608fbb [ 684.315245][ C2] R10: 0000000000000002 R11: 000000000000001e R12: ffffffff816c79a4 [ 684.315252][ C2] R13: 0000000000000206 R14: ffff888024e224c0 R15: 0000000000000002 [ 684.315259][ C2] ? unwind_next_frame+0x3f4/0x20b0 [ 684.315278][ C2] unwind_next_frame+0x3f9/0x20b0 [ 684.315291][ C2] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 684.315305][ C2] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 684.315322][ C2] arch_stack_walk+0x94/0x100 [ 684.315338][ C2] stack_trace_save+0x8e/0xc0 [ 684.315353][ C2] ? __pfx_stack_trace_save+0x10/0x10 [ 684.315370][ C2] ? __pfx_stack_trace_save+0x10/0x10 [ 684.315386][ C2] ? stack_depot_save_flags+0x29/0x9b0 [ 684.315399][ C2] kasan_save_stack+0x33/0x60 [ 684.315413][ C2] ? kasan_save_stack+0x33/0x60 [ 684.315426][ C2] ? kasan_save_track+0x14/0x30 [ 684.315440][ C2] ? __kasan_kmalloc+0xaa/0xb0 [ 684.315453][ C2] ? __kmalloc_noprof+0x33d/0x910 [ 684.315464][ C2] ? sock_kmalloc+0x111/0x170 [ 684.315479][ C2] ? hash_alloc_result+0xd7/0x150 [ 684.315494][ C2] ? hash_recvmsg+0x198/0x960 [ 684.315507][ C2] ? ____sys_recvmsg+0x5f9/0x6b0 [ 684.315523][ C2] ? ___sys_recvmsg+0x114/0x1a0 [ 684.315535][ C2] ? do_recvmmsg+0x55d/0x750 [ 684.315547][ C2] ? __sys_recvmmsg+0x21c/0x280 [ 684.315560][ C2] ? __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 684.315602][ C2] ? __do_fast_syscall_32+0xe8/0x680 [ 684.315620][ C2] ? do_fast_syscall_32+0x32/0x80 [ 684.315629][ C2] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 684.315650][ C2] kasan_save_track+0x14/0x30 [ 684.315664][ C2] __kasan_kmalloc+0xaa/0xb0 [ 684.315678][ C2] __kmalloc_noprof+0x33d/0x910 [ 684.315689][ C2] ? do_raw_spin_lock+0x12c/0x2b0 [ 684.315701][ C2] ? sock_kmalloc+0x111/0x170 [ 684.315717][ C2] ? sock_kmalloc+0x111/0x170 [ 684.315732][ C2] sock_kmalloc+0x111/0x170 [ 684.315747][ C2] hash_alloc_result+0xd7/0x150 [ 684.315762][ C2] hash_recvmsg+0x198/0x960 [ 684.315777][ C2] ? iovec_from_user+0xbb/0x140 [ 684.315790][ C2] ____sys_recvmsg+0x5f9/0x6b0 [ 684.315807][ C2] ? __pfx_____sys_recvmsg+0x10/0x10 [ 684.315822][ C2] ? import_iovec+0x86/0xb0 [ 684.315841][ C2] ? __lock_acquire+0x436/0x2890 [ 684.315852][ C2] ___sys_recvmsg+0x114/0x1a0 [ 684.315865][ C2] ? __pfx____sys_recvmsg+0x10/0x10 [ 684.315879][ C2] ? find_held_lock+0x2b/0x80 [ 684.315895][ C2] ? __pfx___might_resched+0x10/0x10 [ 684.315912][ C2] do_recvmmsg+0x55d/0x750 [ 684.315926][ C2] ? __pfx_do_recvmmsg+0x10/0x10 [ 684.315943][ C2] ? fd_install+0x223/0x570 [ 684.315959][ C2] __sys_recvmmsg+0x21c/0x280 [ 684.315973][ C2] ? __pfx___sys_recvmmsg+0x10/0x10 [ 684.315989][ C2] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 684.316004][ C2] ? __do_fast_syscall_32+0x9a/0x680 [ 684.316020][ C2] ? lockdep_hardirqs_on+0x7c/0x110 [ 684.316036][ C2] __do_fast_syscall_32+0xe8/0x680 [ 684.316053][ C2] do_fast_syscall_32+0x32/0x80 [ 684.316062][ C2] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 684.316075][ C2] RIP: 0023:0xf7fc7579 [ 684.316085][ C2] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 684.316095][ C2] RSP: 002b:00000000f54b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 684.316105][ C2] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080003700 [ 684.316112][ C2] RDX: 0000000000000600 RSI: 0000000000000000 RDI: 0000000000000000 [ 684.316119][ C2] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 684.316125][ C2] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 684.316132][ C2] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 684.316142][ C2] [ 684.316146][ C2] [ 684.533798][ C2] Allocated by task 7729: [ 684.535632][ C2] kasan_save_stack+0x33/0x60 [ 684.537665][ C2] kasan_save_track+0x14/0x30 [ 684.539882][ C2] __kasan_slab_alloc+0x89/0x90 [ 684.542209][ C2] kmem_cache_alloc_noprof+0x25e/0x770 [ 684.544709][ C2] radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 684.547461][ C2] idr_get_free+0x528/0xa30 [ 684.549480][ C2] idr_alloc_u32+0x190/0x2f0 [ 684.551603][ C2] idr_alloc_cyclic+0x10b/0x230 [ 684.553779][ C2] afs_lookup_cell+0x11d1/0x1900 [ 684.555991][ C2] afs_parse_param+0x5c4/0x970 [ 684.558091][ C2] vfs_parse_fs_param+0x20b/0x3c0 [ 684.560338][ C2] __do_sys_fsconfig+0x930/0xbe0 [ 684.562540][ C2] __do_fast_syscall_32+0xe8/0x680 [ 684.564828][ C2] do_fast_syscall_32+0x32/0x80 [ 684.566968][ C2] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 684.569726][ C2] [ 684.570812][ C2] Freed by task 33: [ 684.572532][ C2] kasan_save_stack+0x33/0x60 [ 684.574604][ C2] kasan_save_track+0x14/0x30 [ 684.576648][ C2] kasan_save_free_info+0x3b/0x60 [ 684.578903][ C2] __kasan_slab_free+0x5f/0x80 [ 684.580917][ C2] kmem_cache_free+0x2d8/0x770 [ 684.583150][ C2] rcu_core+0x79c/0x15f0 [ 684.584996][ C2] handle_softirqs+0x219/0x950 [ 684.587051][ C2] run_ksoftirqd+0x3a/0x60 [ 684.589037][ C2] smpboot_thread_fn+0x3f7/0xae0 [ 684.591255][ C2] kthread+0x3c5/0x780 [ 684.593093][ C2] ret_from_fork+0x983/0xb10 [ 684.595127][ C2] ret_from_fork_asm+0x1a/0x30 [ 684.597250][ C2] [ 684.598303][ C2] Last potentially related work creation: [ 684.600415][ C2] kasan_save_stack+0x33/0x60 [ 684.602139][ C2] kasan_record_aux_stack+0xa7/0xc0 [ 684.604120][ C2] __call_rcu_common.constprop.0+0xa5/0xa10 [ 684.606064][ C2] delete_node+0x1fc/0x8d0 [ 684.607592][ C2] __radix_tree_delete+0x193/0x3d0 [ 684.609440][ C2] radix_tree_delete_item+0xea/0x230 [ 684.611616][ C2] afs_cell_destroy+0x1db/0x310 [ 684.613398][ C2] rcu_core+0x79c/0x15f0 [ 684.614833][ C2] handle_softirqs+0x219/0x950 [ 684.616451][ C2] __irq_exit_rcu+0x109/0x170 [ 684.618013][ C2] irq_exit_rcu+0x9/0x30 [ 684.619453][ C2] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 684.621515][ C2] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 684.623467][ C2] [ 684.624263][ C2] The buggy address belongs to the object at ffff8880513d8dc0 [ 684.624263][ C2] which belongs to the cache radix_tree_node of size 576 [ 684.630052][ C2] The buggy address is located 24 bytes inside of [ 684.630052][ C2] freed 576-byte region [ffff8880513d8dc0, ffff8880513d9000) [ 684.635690][ C2] [ 684.636774][ C2] The buggy address belongs to the physical page: [ 684.639604][ C2] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x513d8 [ 684.643632][ C2] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 684.647288][ C2] memcg:ffff888040f04501 [ 684.649144][ C2] anon flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 684.652642][ C2] page_type: f5(slab) [ 684.654408][ C2] raw: 04fff00000000040 ffff88801b44cc80 0000000000000000 dead000000000001 [ 684.658177][ C2] raw: 0000000000000000 0000000080170017 00000000f5000000 ffff888040f04501 [ 684.662414][ C2] head: 04fff00000000040 ffff88801b44cc80 0000000000000000 dead000000000001 [ 684.665744][ C2] head: 0000000000000000 0000000080170017 00000000f5000000 ffff888040f04501 [ 684.668561][ C2] head: 04fff00000000002 ffffea000144f601 00000000ffffffff 00000000ffffffff [ 684.671472][ C2] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 684.674404][ C2] page dumped because: kasan: bad access detected [ 684.676627][ C2] page_owner tracks the page as allocated [ 684.678498][ C2] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x52810(GFP_NOWAIT|__GFP_RECLAIMABLE|__GFP_NORETRY|__GFP_COMP), pid 5557, tgid 5556 (syz.4.14728), ts 645627099578, free_ts 633604523094 [ 684.685305][ C2] post_alloc_hook+0x1af/0x220 [ 684.686911][ C2] get_page_from_freelist+0xd0b/0x31a0 [ 684.688743][ C2] __alloc_frozen_pages_noprof+0x25f/0x2430 [ 684.690938][ C2] alloc_pages_mpol+0x1fb/0x550 [ 684.693066][ C2] new_slab+0x2c3/0x430 [ 684.694861][ C2] ___slab_alloc+0xe18/0x1c90 [ 684.696891][ C2] __slab_alloc.constprop.0+0x63/0x110 [ 684.699271][ C2] kmem_cache_alloc_lru_noprof+0x451/0x770 [ 684.702128][ C2] xas_alloc+0x34f/0x460 [ 684.704206][ C2] xas_create+0x72b/0x1460 [ 684.706117][ C2] xas_store+0x90/0x1910 [ 684.707940][ C2] shmem_add_to_page_cache+0x7b7/0xa70 [ 684.710280][ C2] shmem_alloc_and_add_folio+0x662/0xc20 [ 684.712673][ C2] shmem_get_folio_gfp+0x67f/0x1610 [ 684.714908][ C2] shmem_fault+0x1fe/0xa00 [ 684.716956][ C2] __do_fault+0x10d/0x490 [ 684.718925][ C2] page last free pid 27875 tgid 27875 stack trace: [ 684.721750][ C2] __free_frozen_pages+0x7df/0x1170 [ 684.723978][ C2] __put_partials+0x130/0x170 [ 684.725988][ C2] qlist_free_all+0x4c/0xf0 [ 684.727929][ C2] kasan_quarantine_reduce+0x195/0x1e0 [ 684.730205][ C2] __kasan_slab_alloc+0x69/0x90 [ 684.732319][ C2] kmem_cache_alloc_noprof+0x25e/0x770 [ 684.734631][ C2] getname_flags.part.0+0x4c/0x550 [ 684.736900][ C2] getname_flags+0x93/0xf0 [ 684.739058][ C2] __ia32_sys_unlinkat+0xe4/0x130 [ 684.741234][ C2] __do_fast_syscall_32+0xe8/0x680 [ 684.743451][ C2] do_fast_syscall_32+0x32/0x80 [ 684.745658][ C2] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 684.748691][ C2] [ 684.749783][ C2] Memory state around the buggy address: [ 684.752303][ C2] ffff8880513d8c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 684.755778][ C2] ffff8880513d8d00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 684.759130][ C2] >ffff8880513d8d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 684.762692][ C2] ^ [ 684.765740][ C2] ffff8880513d8e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 684.769369][ C2] ffff8880513d8e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 684.772924][ C2] ================================================================== [ 684.776728][ C2] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 684.780022][ C2] CPU: 2 UID: 0 PID: 7738 Comm: syz.8.15707 Tainted: G L syzkaller #0 PREEMPT(full) [ 684.784570][ C2] Tainted: [L]=SOFTLOCKUP [ 684.786384][ C2] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 684.790938][ C2] Call Trace: [ 684.792438][ C2] [ 684.793642][ C2] dump_stack_lvl+0x3d/0x1f0 [ 684.795814][ C2] vpanic+0x640/0x6f0 [ 684.797615][ C2] panic+0xca/0xd0 [ 684.799270][ C2] ? __pfx_panic+0x10/0x10 [ 684.801363][ C2] ? check_panic_on_warn+0x1f/0xb0 [ 684.803634][ C2] check_panic_on_warn+0xab/0xb0 [ 684.805826][ C2] end_report+0x107/0x160 [ 684.807764][ C2] kasan_report+0xee/0x110 [ 684.809879][ C2] ? rcu_cblist_dequeue+0xb0/0xe0 [ 684.812167][ C2] ? rcu_core+0x797/0x15f0 [ 684.814135][ C2] rcu_cblist_dequeue+0xb0/0xe0 [ 684.815811][ C2] rcu_core+0x6f6/0x15f0 [ 684.817232][ C2] ? __pfx_rcu_core+0x10/0x10 [ 684.819331][ C2] handle_softirqs+0x219/0x950 [ 684.821103][ C2] ? __pfx_handle_softirqs+0x10/0x10 [ 684.822913][ C2] __irq_exit_rcu+0x109/0x170 [ 684.824544][ C2] irq_exit_rcu+0x9/0x30 [ 684.826021][ C2] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 684.828367][ C2] [ 684.829677][ C2] [ 684.830840][ C2] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 684.833068][ C2] RIP: 0010:lock_release+0x183/0x2d0 [ 684.834928][ C2] Code: 0f c1 05 78 07 19 12 83 f8 01 0f 85 03 01 00 00 9c 58 f6 c4 02 0f 85 ee 00 00 00 41 f7 c5 00 02 00 00 74 01 fb 48 8b 44 24 10 <65> 48 2b 05 0d c0 18 12 0f 85 32 01 00 00 48 83 c4 18 5b 41 5c 41 [ 684.841363][ C2] RSP: 0018:ffffc90003dc7430 EFLAGS: 00000206 [ 684.843380][ C2] RAX: 6d3c59a4689cd100 RBX: ffffffff8e3c9520 RCX: ffffc90003dc743c [ 684.845998][ C2] RDX: 0000000000000001 RSI: ffffffff8daa494a RDI: ffffffff8bf2b580 [ 684.848598][ C2] RBP: 0000000000000001 R08: ffffffff911ae744 R09: 0000000082608fbb [ 684.851638][ C2] R10: 0000000000000002 R11: 000000000000001e R12: ffffffff816c79a4 [ 684.854485][ C2] R13: 0000000000000206 R14: ffff888024e224c0 R15: 0000000000000002 [ 684.857210][ C2] ? unwind_next_frame+0x3f4/0x20b0 [ 684.858937][ C2] unwind_next_frame+0x3f9/0x20b0 [ 684.860722][ C2] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 684.862869][ C2] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 684.864933][ C2] arch_stack_walk+0x94/0x100 [ 684.866486][ C2] stack_trace_save+0x8e/0xc0 [ 684.868053][ C2] ? __pfx_stack_trace_save+0x10/0x10 [ 684.870269][ C2] ? __pfx_stack_trace_save+0x10/0x10 [ 684.872530][ C2] ? stack_depot_save_flags+0x29/0x9b0 [ 684.874799][ C2] kasan_save_stack+0x33/0x60 [ 684.876849][ C2] ? kasan_save_stack+0x33/0x60 [ 684.878908][ C2] ? kasan_save_track+0x14/0x30 [ 684.881018][ C2] ? __kasan_kmalloc+0xaa/0xb0 [ 684.883053][ C2] ? __kmalloc_noprof+0x33d/0x910 [ 684.885202][ C2] ? sock_kmalloc+0x111/0x170 [ 684.887208][ C2] ? hash_alloc_result+0xd7/0x150 [ 684.889357][ C2] ? hash_recvmsg+0x198/0x960 [ 684.891455][ C2] ? ____sys_recvmsg+0x5f9/0x6b0 [ 684.893607][ C2] ? ___sys_recvmsg+0x114/0x1a0 [ 684.895775][ C2] ? do_recvmmsg+0x55d/0x750 [ 684.897837][ C2] ? __sys_recvmmsg+0x21c/0x280 [ 684.900075][ C2] ? __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 684.902888][ C2] ? __do_fast_syscall_32+0xe8/0x680 [ 684.905211][ C2] ? do_fast_syscall_32+0x32/0x80 [ 684.907399][ C2] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 684.910258][ C2] kasan_save_track+0x14/0x30 [ 684.912372][ C2] __kasan_kmalloc+0xaa/0xb0 [ 684.914406][ C2] __kmalloc_noprof+0x33d/0x910 [ 684.916572][ C2] ? do_raw_spin_lock+0x12c/0x2b0 [ 684.918820][ C2] ? sock_kmalloc+0x111/0x170 [ 684.920926][ C2] ? sock_kmalloc+0x111/0x170 [ 684.923017][ C2] sock_kmalloc+0x111/0x170 [ 684.925052][ C2] hash_alloc_result+0xd7/0x150 [ 684.927206][ C2] hash_recvmsg+0x198/0x960 [ 684.929244][ C2] ? iovec_from_user+0xbb/0x140 [ 684.931514][ C2] ____sys_recvmsg+0x5f9/0x6b0 [ 684.933461][ C2] ? __pfx_____sys_recvmsg+0x10/0x10 [ 684.935333][ C2] ? import_iovec+0x86/0xb0 [ 684.936889][ C2] ? __lock_acquire+0x436/0x2890 [ 684.938530][ C2] ___sys_recvmsg+0x114/0x1a0 [ 684.940254][ C2] ? __pfx____sys_recvmsg+0x10/0x10 [ 684.941991][ C2] ? find_held_lock+0x2b/0x80 [ 684.943844][ C2] ? __pfx___might_resched+0x10/0x10 [ 684.945792][ C2] do_recvmmsg+0x55d/0x750 [ 684.947342][ C2] ? __pfx_do_recvmmsg+0x10/0x10 [ 684.949028][ C2] ? fd_install+0x223/0x570 [ 684.950997][ C2] __sys_recvmmsg+0x21c/0x280 [ 684.952826][ C2] ? __pfx___sys_recvmmsg+0x10/0x10 [ 684.954580][ C2] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 684.956918][ C2] ? __do_fast_syscall_32+0x9a/0x680 [ 684.958664][ C2] ? lockdep_hardirqs_on+0x7c/0x110 [ 684.960628][ C2] __do_fast_syscall_32+0xe8/0x680 [ 684.962366][ C2] do_fast_syscall_32+0x32/0x80 [ 684.964352][ C2] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 684.966682][ C2] RIP: 0023:0xf7fc7579 [ 684.968362][ C2] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 684.975243][ C2] RSP: 002b:00000000f54b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 684.978704][ C2] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080003700 [ 684.982188][ C2] RDX: 0000000000000600 RSI: 0000000000000000 RDI: 0000000000000000 [ 684.985657][ C2] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 684.989130][ C2] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 684.992191][ C2] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 684.994955][ C2] [ 684.996995][ C2] Kernel Offset: disabled [ 684.998444][ C2] Rebooting in 86400 seconds.. VM DIAGNOSIS: 00:05:51 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=ffff88802b440e00 RCX=ffffffff81b203e1 RDX=ffff888020990000 RSI=ffffffff81b203bb RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc900007cf808 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=ffff888020990b30 R12=dffffc0000000000 R13=ffffed10056881c1 R14=0000000000000001 R15=0000000000000002 RIP=ffffffff81b203bd RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880976fc000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f74047b4 CR3=000000000e184000 CR4=00352ef0 DR0=000000006000003f DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000600 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000023a39f RBX=0000000000000001 RCX=ffffffff8b7576d9 RDX=0000000000000000 RSI=ffffffff8daca977 RDI=ffffffff8bf2b580 RBP=ffffed1003adc498 RSP=ffffc9000046fde8 R8 =0000000000000001 R9 =ffffed100566673d R10=ffff88802b3339eb R11=ffff88801d6e2ff0 R12=0000000000000001 R13=ffff88801d6e24c0 R14=ffffffff9088e8d0 R15=0000000000000000 RIP=ffffffff8b755dcf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977fc000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000057cca4c0 CR3=000000004bdad000 CR4=00352ef0 DR0=000000006000003f DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000600 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=000000000000006b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85301205 RDI=ffffffff9aed9260 RBP=ffffffff9aed9220 RSP=ffffc90000538850 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3530383838666666 R12=0000000000000000 R13=000000000000006b R14=ffffffff9aed9220 R15=ffffffff853011a0 RIP=ffffffff8530122f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880978fc000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000080007018 CR3=00000000605be000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000000024061f RBX=0000000000000003 RCX=ffffffff8b7576d9 RDX=0000000000000000 RSI=ffffffff8daca977 RDI=ffffffff8bf2b580 RBP=ffffed1003b51000 RSP=ffffc9000048fde8 R8 =0000000000000001 R9 =ffffed10056a673d R10=ffff88802b5339eb R11=ffff88801da88b30 R12=0000000000000003 R13=ffff88801da88000 R14=ffffffff9088e8d0 R15=0000000000000000 RIP=ffffffff8b755dcf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880979fc000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f2b9e0b6d00 CR3=0000000071773000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000