last executing test programs: 450.684572ms ago: executing program 2 (id=9987): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x3c}}, 0x0) 397.654417ms ago: executing program 0 (id=9989): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00'}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001400b59500000000000000000a000000", @ANYBLOB="14000200fe8000000000000000000000000000aa080009003f0c0000140001"], 0x48}}, 0x0) 317.488021ms ago: executing program 0 (id=9990): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_SET_GUEST_DEBUG_x86(r2, 0x4048ae9b, &(0x7f0000000100)={0x180003, 0x0, {[0x5, 0x9, 0x9, 0xa, 0x0, 0x2, 0xbb, 0x100]}}) ioctl$KVM_CAP_X86_DISABLE_EXITS(r1, 0x4068aea3, &(0x7f0000000340)={0x8f, 0x0, 0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 317.197522ms ago: executing program 2 (id=9992): r0 = socket(0x2, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x40, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xe, 0xb}}}, 0x24}}, 0x800) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001840)=@bpf_ext={0x1c, 0x1, &(0x7f0000000300)=@raw=[@alu={0x4, 0x1, 0xf3767c68fa0481d3, 0x4, 0x7, 0x20, 0x8}], &(0x7f0000000340)='GPL\x00', 0xfffffc00, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x3, 0x3, 0x9, 0xc}, 0x10, 0x2469, r2, 0x0, 0x0, 0x0, 0x10, 0x878}, 0x94) 271.975855ms ago: executing program 2 (id=9993): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0xffffff9c, 0x0, 0x800, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x9, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 271.825692ms ago: executing program 1 (id=9994): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000e00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) 190.809234ms ago: executing program 1 (id=9995): r0 = creat(&(0x7f0000000200)='./file1\x00', 0x2) close(r0) fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) read$FUSE(r0, 0x0, 0x0) 190.637042ms ago: executing program 3 (id=9996): r0 = signalfd4(0xffffffffffffffff, &(0x7f00000008c0), 0x8, 0x0) r1 = signalfd(0xffffffffffffffff, &(0x7f00000000c0)={[0x6ba]}, 0x8) mount$9p_fd(0x0, 0x0, &(0x7f0000000040), 0xa, &(0x7f0000000900)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) signalfd4(r0, &(0x7f0000000080), 0x8, 0x0) 190.541592ms ago: executing program 1 (id=9997): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000400)={0x8}, 0x1) sendto$inet6(r0, &(0x7f0000000040)='l', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) shutdown(r0, 0x1) 190.491858ms ago: executing program 0 (id=9998): syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="040e07"], 0xa) 190.222163ms ago: executing program 3 (id=9999): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000001c0), 0x12) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r2, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = socket(0x2, 0x3, 0x100000001) setsockopt(r3, 0xff, 0x0, &(0x7f00000000c0)='O', 0x1) 118.509868ms ago: executing program 0 (id=10000): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7, 0x0, 0xa}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8}, @NFTA_SET_ELEM_KEY={0x4}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xd4}}, 0x0) 116.619266ms ago: executing program 1 (id=10001): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40) sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a400000000c0a010400000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d65b00001400000011000100"], 0x68}, 0x1, 0x0, 0x0, 0x24000840}, 0x40) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4451099e661a63b1}, 0x0) 116.055836ms ago: executing program 3 (id=10002): r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) close_range(r0, 0xffffffffffffffff, 0x2) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0xc, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000000200)='GPL\x00', 0x5, 0xdc, &(0x7f00000004c0)=""/220, 0x0, 0x2a}, 0x94) 70.353896ms ago: executing program 1 (id=10003): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYRES32=r1, @ANYBLOB="14000200fe8000000000000000000000000000aa080009003f0c0000140001"], 0x48}}, 0x0) 69.808108ms ago: executing program 2 (id=10004): ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3}) r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000080)={r2, 0x6}, 0x8) 69.695417ms ago: executing program 3 (id=10005): r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDGKBMODE(r0, 0x4b44, &(0x7f0000000380)) 69.526379ms ago: executing program 0 (id=10006): r0 = socket$netlink(0x10, 0x3, 0x0) close_range(r0, 0xffffffffffffffff, 0x2) sendmsg$nl_route(r0, 0x0, 0x0) 69.325466ms ago: executing program 1 (id=10007): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = fanotify_init(0x40, 0x181000) readv(r1, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1) fanotify_mark(r1, 0x1, 0x40001019, r0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) read$FUSE(r0, &(0x7f0000002280)={0x2020}, 0x2020) 64.955163ms ago: executing program 0 (id=10008): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)=@attr_irq_timer={0x0, 0x1, 0x0, &(0x7f0000000080)=0x13}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0xc000, 0x8, 0x5, 0x0, 0x8, 0x3, 0xa, 0xb9, 0x1, 0xe, 0x5, 0x204}, {0x804, 0x1, 0x1, 0x45, 0x7, 0x2, 0x1, 0xff, 0x0, 0x4, 0x8, 0x7f, 0x20c}, {0x1, 0x3, 0x38, 0x3, 0x84, 0x7, 0x3, 0x50, 0xfd, 0x70, 0x4, 0x5, 0x24ae}], 0xffffffff}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f00000000c0)=@arm64={0x10, 0x5, 0x8, '\x00', 0x3}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000000, 0x1, 0x0, 0x3e, 0x2000002, 0x0, 0x2004c7, 0x0, 0x0, 0x68ff, 0x5, 0x0, 0x40000000000003, 0x7, 0x2], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 419.194µs ago: executing program 2 (id=10009): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x58, 0x24, 0xd0f, 0x470bd30, 0x25dfdbff, {0x60, 0x0, 0x0, r2, {0x0, 0xfff2}, {0xfff1, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_ingress={0xc}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x80, 0x0, 0x2, 0x3, 0x2, 0x8000, 0x8, 0x1}}, {0x6, 0x2, [0x5]}}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x44080) 294.51µs ago: executing program 3 (id=10010): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@ipv6_newnexthop={0x34, 0x68, 0x5fb9a818fb7378e9, 0x70bd29, 0x0, {}, [@NHA_OIF={0x8, 0x5, r2}, @NHA_GATEWAY={0x14, 0x6, @in6_addr=@local}]}, 0x34}}, 0x4882) 127.066µs ago: executing program 2 (id=10011): syz_usb_connect(0x6, 0x1b7, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0x81, 0x1b, 0x25, 0x8, 0x846, 0x6a00, 0xedd0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1a5, 0x1, 0x83, 0x57, 0x10, 0x4, [{{0x9, 0x4, 0xc5, 0x8, 0x7, 0xb8, 0x70, 0xd8, 0x0, [@uac_as={[@format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0xe, 0x2, 0x6, 0xfd}, @format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0xd, 0x4, 0x1, 0xad}]}], [{{0x9, 0x5, 0x3, 0xc, 0x400, 0x1, 0x0, 0x0, [@generic={0x6a, 0x24, "2f401331c4e02c18fb5a78108bba9d463b1d966e763e62d1682b354a2e20f358a64c3d47c9cf244228351adb6a6cf56ff719de27e350f1789c86a2a36031f93dd467cd3366800f615882d7507645e68b16e41848978cb66bf9215dba6c2d52f7b8c8f8ab67568de1"}]}}, {{0x9, 0x5, 0xc, 0x8, 0x40, 0x3f, 0x8, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x7, 0x2, 0x7fff}]}}, {{0x9, 0x5, 0xb, 0xc, 0x8, 0xc, 0xa, 0xd, [@generic={0xb7, 0xb, "25dcc9348e4c228180dd1f8affc4e726ded25005212fc19071510ac1a132868d12466583c4046a3a6bc72302aaca2c2cc5aea644cb737d337257ba13d8ea33d7b6aadf9f3b370dc88bafbd3c26a609ce69ae3be0b8b6154de06f70101f42003d53ac57918553d74eaba152478f3e95abf11972707b9d3ad82079d49c7f9b5bb5ca213454f3616567cb9eac55d0c501617716eb84fb38de36037a6eb913289cc102dd4df6f397305a7f5e5ba168761cc5d901793320"}]}}, {{0x9, 0x5, 0xc, 0x0, 0x20, 0x5, 0x72, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x9f, 0x2}]}}, {{0x9, 0x5, 0x80, 0x4, 0x40, 0x2, 0x3, 0xa, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x5, 0x3}]}}, {{0x9, 0x5, 0xf, 0x310f167e2c79f110, 0x20, 0x6, 0x6, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x5, 0x8001}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x1, 0x400}]}}, {{0x9, 0x5, 0x9, 0x8, 0x8, 0x68, 0x8, 0xa}}]}}]}}]}}, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000068e04d206f0e2c586831010203010902240001000000000904000002ff47d000090509e700008000040905", @ANYBLOB="b717"], 0x0) r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee2000905"], 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000005c0)={0x44, &(0x7f0000000340)={0x40, 0x14}, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x83, 0x1, '('}, 0x0, 0x0}) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xfffffffffffffddf, 0x0) syz_open_dev$evdev(&(0x7f0000000000), 0x4cc6, 0x2) 0s ago: executing program 3 (id=10012): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) move_mount(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f0000000100)='./file0/../file0\x00', 0x145) 0s ago: executing program 3 (id=10014): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2) r1 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2) ftruncate(r1, 0xffff) fcntl$addseals(r1, 0x409, 0x7) r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x1, 0x0, 0x4000}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000007, 0x11, r2, 0x0) kernel console output (not intermixed with test programs): ng attributes in process `syz.3.4052'. [ 149.534015][T14781] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4053'. [ 149.558090][T14785] netlink: 'syz.2.4054': attribute type 4 has an invalid length. [ 149.562929][T14785] netlink: 'syz.2.4054': attribute type 5 has an invalid length. [ 149.565477][T14785] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.4054'. [ 149.585239][T11851] usb 5-1: config 0 has an invalid interface number: 231 but max is 0 [ 149.588574][T11851] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 149.595702][T11851] usb 5-1: config 0 has no interface number 0 [ 149.598280][T11851] usb 5-1: config 0 interface 231 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 149.604051][T11851] usb 5-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 149.614716][T11851] usb 5-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 149.621131][T11851] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.624551][T11851] usb 5-1: Product: syz [ 149.626375][T11851] usb 5-1: Manufacturer: syz [ 149.630330][T11851] usb 5-1: SerialNumber: syz [ 149.635238][T11851] usb 5-1: config 0 descriptor?? [ 149.638113][T14756] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 149.643573][T11851] plusb 5-1:0.231: probe with driver plusb failed with error -22 [ 149.845781][ T5988] usb 5-1: USB disconnect, device number 5 [ 150.852482][T14887] overlayfs: regular lower layers cannot follow data lower layers [ 151.194989][T14914] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 151.270898][T14919] overlay: Unknown parameter 'appraise' [ 151.595795][T14939] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4128'. [ 151.914500][T14970] netlink: 104 bytes leftover after parsing attributes in process `syz.0.4143'. [ 152.111171][T14822] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 152.341107][ T6018] usb 6-1: new full-speed USB device number 7 using dummy_hcd [ 152.522326][ T6018] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 152.526228][ T6018] usb 6-1: New USB device found, idVendor=056a, idProduct=005b, bcdDevice= 0.00 [ 152.529373][ T6018] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.533447][ T6018] usb 6-1: config 0 descriptor?? [ 152.535575][T14990] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 152.743406][T14990] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 152.748624][T14990] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 152.756982][ T6018] usbhid 6-1:0.0: can't add hid device: -71 [ 152.759639][ T6018] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 152.765010][ T6018] usb 6-1: USB disconnect, device number 7 [ 153.118474][T15077] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4193'. [ 153.417949][T15107] netlink: 'syz.1.4203': attribute type 4 has an invalid length. [ 153.421551][T15107] netlink: 17 bytes leftover after parsing attributes in process `syz.1.4203'. [ 153.621279][ T5988] usb 8-1: new full-speed USB device number 7 using dummy_hcd [ 153.701025][ T842] usb 7-1: new full-speed USB device number 9 using dummy_hcd [ 153.773086][ T5988] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 153.778222][ T5988] usb 8-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00 [ 153.782253][ T5988] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.788030][ T5988] usb 8-1: config 0 descriptor?? [ 153.852744][ T842] usb 7-1: config 0 has an invalid interface number: 231 but max is 0 [ 153.856116][ T842] usb 7-1: config 0 has no interface number 0 [ 153.858847][ T842] usb 7-1: config 0 interface 231 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 153.866301][ T842] usb 7-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 153.870248][ T842] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.881036][ T842] usb 7-1: Product: syz [ 153.882608][ T842] usb 7-1: Manufacturer: syz [ 153.884496][ T842] usb 7-1: SerialNumber: syz [ 153.888292][ T842] usb 7-1: config 0 descriptor?? [ 153.890732][T15111] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 153.900567][ T842] plusb 7-1:0.231 usb0: register 'plusb' at usb-dummy_hcd.2-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1, 26:cc:aa:d1:bb:2e [ 153.993951][ T5988] usbhid 8-1:0.0: can't add hid device: -71 [ 153.996695][ T5988] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 154.002059][ T5988] usb 8-1: USB disconnect, device number 7 [ 154.129788][T15155] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4223'. [ 154.136371][T15155] netlink: 104 bytes leftover after parsing attributes in process `syz.1.4223'. [ 154.140298][T15155] netlink: 104 bytes leftover after parsing attributes in process `syz.1.4223'. [ 154.417349][T15183] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4236'. [ 155.849554][T15269] tipc: Failed to remove unknown binding: 66,1,1/0:1576251772/1576251774 [ 156.098935][T15283] netlink: 'syz.1.4283': attribute type 4 has an invalid length. [ 156.102375][T15283] netlink: 17 bytes leftover after parsing attributes in process `syz.1.4283'. [ 156.475015][ T6019] usb 7-1: USB disconnect, device number 9 [ 156.478926][ T6019] plusb 7-1:0.231 usb0: unregister 'plusb' usb-dummy_hcd.2-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1 [ 156.581513][T15326] netlink: 156 bytes leftover after parsing attributes in process `syz.2.4304'. [ 157.594695][T15481] netlink: 240 bytes leftover after parsing attributes in process `syz.1.4376'. [ 157.598298][T15481] netlink: 240 bytes leftover after parsing attributes in process `syz.1.4376'. [ 157.628523][T15483] can: request_module (can-proto-0) failed. [ 157.689275][T15495] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4384'. [ 158.344465][T15602] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4436'. [ 158.612446][T15644] cgroup: Unknown subsys name 'fowner>00000000000000060929' [ 158.695761][T15653] overlayfs: missing 'workdir' [ 159.085796][T15689] netlink: 136 bytes leftover after parsing attributes in process `syz.2.4477'. [ 159.107478][ T63] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 159.112068][ T63] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 159.122657][ T63] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 159.125932][ T63] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 159.129929][ T63] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 159.271867][T15690] chnl_net:caif_netlink_parms(): no params data found [ 159.383716][T15690] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.386808][T15690] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.390054][T15690] bridge_slave_0: entered allmulticast mode [ 159.394942][T15690] bridge_slave_0: entered promiscuous mode [ 159.398489][T15690] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.401362][T15690] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.404483][T15690] bridge_slave_1: entered allmulticast mode [ 159.408430][T15690] bridge_slave_1: entered promiscuous mode [ 159.435589][ T67] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.504029][T15690] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 159.515132][T15690] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 159.533067][ T67] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.604532][T15690] team0: Port device team_slave_0 added [ 159.608111][T15690] team0: Port device team_slave_1 added [ 159.682255][ T67] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.690732][T15690] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 159.693676][T15690] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 159.704376][T15690] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 159.709815][T15690] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 159.713890][T15690] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 159.723990][T15690] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 159.769901][ T67] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.812094][T15690] hsr_slave_0: entered promiscuous mode [ 159.815300][T15690] hsr_slave_1: entered promiscuous mode [ 159.818220][T15690] debugfs: 'hsr0' already exists in 'hsr' [ 159.820622][T15690] Cannot create hsr debugfs directory [ 159.993823][ T67] bridge_slave_1: left allmulticast mode [ 159.996257][ T67] bridge_slave_1: left promiscuous mode [ 159.998710][ T67] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.013676][ T67] bridge_slave_0: left allmulticast mode [ 160.016207][ T67] bridge_slave_0: left promiscuous mode [ 160.018681][ T67] bridge0: port 1(bridge_slave_0) entered disabled state [ 160.098074][T15786] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4519'. [ 160.324686][ T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 160.328985][ T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 160.334546][ T67] bond0 (unregistering): Released all slaves [ 160.723452][ T67] hsr_slave_0: left promiscuous mode [ 160.726609][ T67] hsr_slave_1: left promiscuous mode [ 160.729347][ T67] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 160.732647][ T67] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 160.736976][ T67] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 160.740093][ T67] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 160.774965][ T67] veth1_macvtap: left promiscuous mode [ 160.777343][ T67] veth0_macvtap: left promiscuous mode [ 160.779781][ T67] veth1_vlan: left promiscuous mode [ 160.783828][ T67] veth0_vlan: left promiscuous mode [ 161.151972][ T63] Bluetooth: hci4: command tx timeout [ 161.399938][ T67] team0 (unregistering): Port device team_slave_1 removed [ 161.481007][ T67] team0 (unregistering): Port device team_slave_0 removed [ 161.949806][T15867] netlink: 124 bytes leftover after parsing attributes in process `syz.2.4556'. [ 162.003019][T15690] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 162.021446][T15690] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 162.028550][T15690] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 162.037424][T15690] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 162.126032][T15690] 8021q: adding VLAN 0 to HW filter on device bond0 [ 162.150765][T15690] 8021q: adding VLAN 0 to HW filter on device team0 [ 162.159974][ T1259] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.163396][ T1259] bridge0: port 1(bridge_slave_0) entered forwarding state [ 162.174702][ T73] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.177658][ T73] bridge0: port 2(bridge_slave_1) entered forwarding state [ 162.382608][T15690] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 162.424244][T15690] veth0_vlan: entered promiscuous mode [ 162.434698][T15690] veth1_vlan: entered promiscuous mode [ 162.463528][T15690] veth0_macvtap: entered promiscuous mode [ 162.469446][T15690] veth1_macvtap: entered promiscuous mode [ 162.484443][T15690] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 162.496733][T15690] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 162.505390][ T1259] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.508185][ T1259] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.513872][ T1259] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.524629][ T1259] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.556730][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 162.560087][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 162.575556][ T1259] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 162.577982][ T1259] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 162.851280][T11134] usb 7-1: new full-speed USB device number 10 using dummy_hcd [ 162.933969][T16012] netlink: 192 bytes leftover after parsing attributes in process `syz.3.4618'. [ 163.024805][T11134] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB3, changing to 0x83 [ 163.029075][T11134] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 235, setting to 64 [ 163.033266][T11134] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 163.037981][T11134] usb 7-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00 [ 163.041628][T11134] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.047938][T11134] usb 7-1: config 0 descriptor?? [ 163.052535][T11134] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 163.231132][ T63] Bluetooth: hci4: command tx timeout [ 163.234088][T16045] overlayfs: failed to clone upperpath [ 163.254900][ T53] usb 7-1: USB disconnect, device number 10 [ 163.720883][T16079] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4652'. [ 163.726106][T16079] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4652'. [ 163.729675][T16081] netlink: 124 bytes leftover after parsing attributes in process `syz.3.4653'. [ 163.927564][T16105] netlink: 'syz.3.4664': attribute type 4 has an invalid length. [ 163.930891][T16105] netlink: 17 bytes leftover after parsing attributes in process `syz.3.4664'. [ 164.017887][T16115] netlink: 112 bytes leftover after parsing attributes in process `syz.3.4670'. [ 164.502780][T16188] overlayfs: failed to clone upperpath [ 164.743176][T16221] dummy0: entered allmulticast mode [ 164.745682][T16219] dummy0: left allmulticast mode [ 164.803354][T16227] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4724'. [ 165.100810][T16263] overlay: Unknown parameter 'appraise' [ 165.311201][ T63] Bluetooth: hci4: command tx timeout [ 165.484705][T16308] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4763'. [ 165.640472][T16329] netlink: 104 bytes leftover after parsing attributes in process `syz.2.4774'. [ 165.896910][T16356] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3851450944 (3851450944 ns) > initial count (1115526657 ns). Using initial count to start timer. [ 166.520829][T16399] netlink: 136 bytes leftover after parsing attributes in process `syz.0.4804'. [ 166.568047][T16403] overlayfs: overlapping lowerdir path [ 166.679157][T16411] binder: Unknown parameter 'context' [ 166.752243][T16420] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 167.120202][T16473] overlayfs: failed to clone lowerpath [ 167.126319][T16473] overlayfs: failed to clone lowerpath [ 167.332252][T16500] netlink: 'syz.0.4852': attribute type 64 has an invalid length. [ 167.335058][T16500] gretap0: entered allmulticast mode [ 167.337685][T16500] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 167.391097][ T63] Bluetooth: hci4: command tx timeout [ 167.441302][T16514] overlayfs: missing 'workdir' [ 168.162403][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 168.273704][ T5941] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 168.279118][ T5941] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 168.282995][ T5941] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 168.287889][ T5941] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 168.292434][ T5941] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 168.453384][T16599] chnl_net:caif_netlink_parms(): no params data found [ 168.505091][T16610] netlink: 'syz.0.4900': attribute type 4 has an invalid length. [ 168.508353][T16610] netlink: 'syz.0.4900': attribute type 5 has an invalid length. [ 168.515325][T16610] __nla_validate_parse: 11 callbacks suppressed [ 168.515339][T16610] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.4900'. [ 168.578477][T16599] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.583106][T16599] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.586278][T16599] bridge_slave_0: entered allmulticast mode [ 168.590180][T16599] bridge_slave_0: entered promiscuous mode [ 168.595776][T16599] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.599736][T16599] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.603615][T16599] bridge_slave_1: entered allmulticast mode [ 168.607749][T16599] bridge_slave_1: entered promiscuous mode [ 168.675956][T16599] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.684051][T16599] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 168.743627][T16599] team0: Port device team_slave_0 added [ 168.748821][T16599] team0: Port device team_slave_1 added [ 168.812576][ T1145] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.821828][T16599] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 168.824146][T16599] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 168.834183][T16599] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 168.839935][T16599] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 168.841315][T16430] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 168.845520][T16599] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 168.856308][T16599] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 168.927202][ T1145] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.937186][T16599] hsr_slave_0: entered promiscuous mode [ 168.939463][T16599] hsr_slave_1: entered promiscuous mode [ 168.941718][T16599] debugfs: 'hsr0' already exists in 'hsr' [ 168.943786][T16599] Cannot create hsr debugfs directory [ 168.971302][T16650] netlink: 'syz.3.4918': attribute type 4 has an invalid length. [ 168.974527][T16650] netlink: 'syz.3.4918': attribute type 5 has an invalid length. [ 168.977696][T16650] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.4918'. [ 169.058256][T16656] netlink: 192 bytes leftover after parsing attributes in process `syz.0.4920'. [ 169.079747][ T1145] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.155461][ T1145] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.260895][ T1145] bridge_slave_1: left allmulticast mode [ 169.263518][ T1145] bridge_slave_1: left promiscuous mode [ 169.266166][ T1145] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.273080][ T1145] bridge_slave_0: left allmulticast mode [ 169.275535][ T1145] bridge_slave_0: left promiscuous mode [ 169.278132][ T1145] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.587114][ T1145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 169.593009][ T1145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 169.599471][ T1145] bond0 (unregistering): Released all slaves [ 169.834548][T16715] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4949'. [ 169.953347][ T1145] hsr_slave_0: left promiscuous mode [ 169.955577][ T1145] hsr_slave_1: left promiscuous mode [ 169.957744][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 169.960151][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 169.963655][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 169.966438][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 170.002093][ T1145] veth1_macvtap: left promiscuous mode [ 170.004600][ T1145] veth0_macvtap: left promiscuous mode [ 170.008176][ T1145] veth1_vlan: left promiscuous mode [ 170.010507][ T1145] veth0_vlan: left promiscuous mode [ 170.351137][ T63] Bluetooth: hci1: command tx timeout [ 170.506339][ T1145] team0 (unregistering): Port device team_slave_1 removed [ 170.570023][ T1145] team0 (unregistering): Port device team_slave_0 removed [ 171.204225][T16599] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 171.218972][T16599] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 171.233458][T16599] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 171.238191][T16756] overlayfs: missing 'lowerdir' [ 171.249301][T16599] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 171.305581][T16770] overlayfs: missing 'workdir' [ 171.333063][T16599] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.334373][T16774] overlayfs: missing 'lowerdir' [ 171.348771][T16599] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.358163][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.361174][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.370097][ T73] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.373399][ T73] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.543924][T16599] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 171.575086][T16599] veth0_vlan: entered promiscuous mode [ 171.580916][T16599] veth1_vlan: entered promiscuous mode [ 171.592990][T16599] veth0_macvtap: entered promiscuous mode [ 171.598306][T16599] veth1_macvtap: entered promiscuous mode [ 171.613501][T16599] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 171.621157][T16599] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 171.629669][ T73] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.633958][ T73] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.641134][ T73] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.644601][ T73] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.686783][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 171.690184][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 171.702778][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 171.706026][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 171.833282][T16807] netlink: 136 bytes leftover after parsing attributes in process `syz.1.4985'. [ 171.912827][ T5941] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 171.916903][ T5941] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 171.921132][ T5941] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 171.923934][ T5941] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 171.927108][ T5941] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 171.946802][T16815] overlayfs: missing 'lowerdir' [ 172.025912][T16812] chnl_net:caif_netlink_parms(): no params data found [ 172.116811][ T73] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.127368][T16812] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.130406][T16812] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.133584][T16812] bridge_slave_0: entered allmulticast mode [ 172.137536][T16812] bridge_slave_0: entered promiscuous mode [ 172.142407][T16812] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.144737][T16812] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.147201][T16812] bridge_slave_1: entered allmulticast mode [ 172.149979][T16812] bridge_slave_1: entered promiscuous mode [ 172.214659][ T73] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.227486][T16812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 172.242030][T16812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 172.309286][T16812] team0: Port device team_slave_0 added [ 172.314081][T16812] team0: Port device team_slave_1 added [ 172.328028][ T73] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.379478][T16851] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5003'. [ 172.383447][T16851] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5003'. [ 172.424211][ T73] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.431546][T16812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 172.434386][T16812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 172.437051][ T63] Bluetooth: hci1: command tx timeout [ 172.445784][T16812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 172.458463][T16812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 172.461633][T16812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 172.472429][T16812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 172.551912][T16812] hsr_slave_0: entered promiscuous mode [ 172.554258][T16812] hsr_slave_1: entered promiscuous mode [ 172.556448][T16812] debugfs: 'hsr0' already exists in 'hsr' [ 172.561848][T16812] Cannot create hsr debugfs directory [ 172.642674][ T73] bridge_slave_1: left allmulticast mode [ 172.644724][ T73] bridge_slave_1: left promiscuous mode [ 172.646660][ T73] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.653054][ T73] bridge_slave_0: left allmulticast mode [ 172.654912][ T73] bridge_slave_0: left promiscuous mode [ 172.656754][ T73] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.666945][T16880] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5016'. [ 172.902579][ T73] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 172.908525][ T73] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 172.915623][ T73] bond0 (unregistering): Released all slaves [ 173.267108][ T73] hsr_slave_0: left promiscuous mode [ 173.270234][ T73] hsr_slave_1: left promiscuous mode [ 173.273284][ T73] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 173.276521][ T73] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 173.282051][ T73] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 173.285284][ T73] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 173.319385][ T73] veth1_macvtap: left promiscuous mode [ 173.321974][ T73] veth0_macvtap: left promiscuous mode [ 173.324557][ T73] veth1_vlan: left promiscuous mode [ 173.326963][ T73] veth0_vlan: left promiscuous mode [ 173.505205][T16934] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5039'. [ 173.560055][T16936] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 173.563319][T16936] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 173.934574][ T73] team0 (unregistering): Port device team_slave_1 removed [ 173.952435][ T63] Bluetooth: hci2: command tx timeout [ 174.004391][ T73] team0 (unregistering): Port device team_slave_0 removed [ 174.513328][ T5941] Bluetooth: hci1: command tx timeout [ 174.614445][T16812] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 174.618700][T16812] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 174.623388][T16812] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 174.628064][T16812] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 174.681882][T16969] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5053'. [ 174.691674][T16812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 174.704079][T16812] 8021q: adding VLAN 0 to HW filter on device team0 [ 174.717518][ T1259] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.719943][ T1259] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.724943][ T1259] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.727808][ T1259] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.893790][T16812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 174.932910][T16812] veth0_vlan: entered promiscuous mode [ 174.940292][T16812] veth1_vlan: entered promiscuous mode [ 174.988568][T16812] veth0_macvtap: entered promiscuous mode [ 174.994090][T16812] veth1_macvtap: entered promiscuous mode [ 175.007006][T16812] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 175.022212][T16812] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 175.030009][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.034696][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.045905][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.051602][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.074828][T17005] overlayfs: missing 'workdir' [ 175.099802][ T1259] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.102968][ T1259] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.126352][ T1259] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.129234][ T1259] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.367615][ T63] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 175.376209][ T63] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 175.380369][ T63] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 175.383401][ T63] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 175.385788][ T63] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 175.523105][T17032] chnl_net:caif_netlink_parms(): no params data found [ 175.617885][T17032] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.620912][T17032] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.626593][T17032] bridge_slave_0: entered allmulticast mode [ 175.630645][T17032] bridge_slave_0: entered promiscuous mode [ 175.635121][T17032] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.637985][T17032] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.640416][T17032] bridge_slave_1: entered allmulticast mode [ 175.643567][T17032] bridge_slave_1: entered promiscuous mode [ 175.681070][T17032] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 175.685805][T17032] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 175.702445][T17071] overlayfs: invalid origin (0000) [ 175.727826][T17032] team0: Port device team_slave_0 added [ 175.732395][T17032] team0: Port device team_slave_1 added [ 175.786791][T17032] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 175.789689][T17032] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 175.799122][T17032] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 175.804420][T17032] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 175.806595][T17032] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 175.815694][T17032] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 175.898600][T17032] hsr_slave_0: entered promiscuous mode [ 175.904566][T17032] hsr_slave_1: entered promiscuous mode [ 175.907619][T17032] debugfs: 'hsr0' already exists in 'hsr' [ 175.909995][T17032] Cannot create hsr debugfs directory [ 176.041344][ T63] Bluetooth: hci2: command tx timeout [ 176.101742][T17032] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.181477][T17032] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.255589][T17032] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.412285][T17032] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.546996][T17032] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 176.553609][T17032] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 176.562299][T17032] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 176.568959][T17032] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 176.601244][ T63] Bluetooth: hci1: command tx timeout [ 176.625599][T17032] 8021q: adding VLAN 0 to HW filter on device bond0 [ 176.636101][T17032] 8021q: adding VLAN 0 to HW filter on device team0 [ 176.640902][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.643238][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.653616][ T1259] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.656029][ T1259] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.788537][T17032] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 176.819848][T17032] veth0_vlan: entered promiscuous mode [ 176.829052][T17032] veth1_vlan: entered promiscuous mode [ 176.853890][T17032] veth0_macvtap: entered promiscuous mode [ 176.858008][T17032] veth1_macvtap: entered promiscuous mode [ 176.868998][T17032] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 176.878210][T17032] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 176.891374][ T1259] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.899084][ T1259] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.903432][ T1259] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.912991][ T1259] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.956823][ T73] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 176.959308][ T73] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 176.980386][ T1259] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 176.985336][ T1259] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 177.203204][T17210] Unsupported ieee802154 address type: 0 [ 177.473614][ T63] Bluetooth: hci3: command tx timeout [ 177.538946][T17274] netlink: 'syz.0.5187': attribute type 4 has an invalid length. [ 177.547010][T17274] netlink: 'syz.0.5187': attribute type 17 has an invalid length. [ 178.057582][T17343] netlink: 136 bytes leftover after parsing attributes in process `syz.1.5220'. [ 178.111160][ T63] Bluetooth: hci2: command tx timeout [ 178.427811][T17375] netlink: 'syz.1.5234': attribute type 12 has an invalid length. [ 178.480927][T17377] netlink: 'syz.1.5235': attribute type 4 has an invalid length. [ 178.482544][T17381] netlink: 'syz.3.5237': attribute type 6 has an invalid length. [ 178.506199][T17377] netlink: 'syz.1.5235': attribute type 17 has an invalid length. [ 178.596535][T17393] 9pnet_fd: Insufficient options for proto=fd [ 178.884114][T17437] sit0: entered promiscuous mode [ 178.893728][T17437] netlink: 'syz.0.5262': attribute type 1 has an invalid length. [ 178.897455][T17437] netlink: 1 bytes leftover after parsing attributes in process `syz.0.5262'. [ 179.520894][T17489] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 179.524469][T17489] overlayfs: missing 'lowerdir' [ 179.551621][ T63] Bluetooth: hci3: command tx timeout [ 180.191825][ T63] Bluetooth: hci2: command tx timeout [ 180.341107][ T6019] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 180.512640][ T6019] usb 7-1: Using ep0 maxpacket: 8 [ 180.516223][ T6019] usb 7-1: too many endpoints for config 0 interface 0 altsetting 250: 251, using maximum allowed: 30 [ 180.520187][ T6019] usb 7-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 251 [ 180.525580][ T53] usb 8-1: new low-speed USB device number 8 using dummy_hcd [ 180.528664][ T6019] usb 7-1: config 0 interface 0 has no altsetting 0 [ 180.531799][ T6019] usb 7-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 180.536013][ T6019] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.541117][ T6019] usb 7-1: config 0 descriptor?? [ 180.693622][ T53] usb 8-1: unable to get BOS descriptor or descriptor too short [ 180.698242][ T53] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 180.702659][ T53] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E [ 180.707217][ T53] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 4 [ 180.711783][ T53] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid maxpacket 221, setting to 0 [ 180.716147][ T53] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 180.720058][ T53] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0xC is Bulk; changing to Interrupt [ 180.724336][ T53] usb 8-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 5 [ 180.733354][ T53] usb 8-1: string descriptor 0 read error: -22 [ 180.735485][ T53] usb 8-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 180.739062][ T53] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.748083][ T6019] usbhid 7-1:0.0: can't add hid device: -71 [ 180.751997][ T53] usb 8-1: config 0 descriptor?? [ 180.754287][ T6019] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 180.760389][T17545] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 180.762414][ T6019] usb 7-1: USB disconnect, device number 11 [ 180.768903][ T53] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 180.800738][ T53] snd-usb-audio 8-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 180.969292][T11134] usb 8-1: USB disconnect, device number 8 [ 181.076185][T17590] netlink: 136 bytes leftover after parsing attributes in process `syz.0.5337'. [ 181.471114][ T34] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 181.557523][T17625] binder: Unknown parameter 'context' [ 181.622565][ T34] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 181.626159][ T34] usb 5-1: New USB device found, idVendor=056a, idProduct=005b, bcdDevice= 0.00 [ 181.629106][ T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.636035][ T34] usb 5-1: config 0 descriptor?? [ 181.638790][T17604] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 181.641944][ T63] Bluetooth: hci3: command tx timeout [ 181.847580][T17604] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 181.850579][T17604] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 181.861118][ T34] usbhid 5-1:0.0: can't add hid device: -71 [ 181.863726][ T34] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 181.868403][ T34] usb 5-1: USB disconnect, device number 6 [ 182.045671][T17682] netlink: 136 bytes leftover after parsing attributes in process `syz.2.5382'. [ 182.154766][T17696] binder: 17694:17696 ioctl 4008ae9c 0 returned -22 [ 182.971071][ T6019] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 183.133787][ T6019] usb 5-1: config 1 interface 0 altsetting 251 endpoint 0x81 has invalid wMaxPacketSize 0 [ 183.138029][ T6019] usb 5-1: config 1 interface 0 has no altsetting 0 [ 183.143398][ T6019] usb 5-1: New USB device found, idVendor=056a, idProduct=00b2, bcdDevice= 0.40 [ 183.147240][ T6019] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.150602][ T6019] usb 5-1: Product: syz [ 183.152802][ T6019] usb 5-1: Manufacturer: syz [ 183.154984][ T6019] usb 5-1: SerialNumber: syz [ 183.323722][T17779] netlink: 'syz.1.5427': attribute type 4 has an invalid length. [ 183.329344][T17779] netlink: 'syz.1.5427': attribute type 4 has an invalid length. [ 183.370406][ T6019] usbhid 5-1:1.0: can't add hid device: -71 [ 183.373118][ T6019] usbhid 5-1:1.0: probe with driver usbhid failed with error -71 [ 183.377956][ T6019] usb 5-1: USB disconnect, device number 7 [ 183.711048][ T63] Bluetooth: hci3: command tx timeout [ 183.889981][T17816] 9pnet_fd: Insufficient options for proto=fd [ 184.187261][ T40] audit: type=1326 audit(1763131359.685:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17824 comm="syz.0.5448" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x0 [ 184.346371][T17833] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5452'. [ 184.349198][T17833] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5452'. [ 184.352087][T17833] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5452'. [ 184.453302][T17841] veth0_to_batadv: entered allmulticast mode [ 184.604907][T17863] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 184.607899][T17863] overlayfs: missing 'lowerdir' [ 184.765119][T17880] netlink: 136 bytes leftover after parsing attributes in process `syz.2.5474'. [ 185.647282][T17938] overlayfs: missing 'workdir' [ 185.962488][T17977] netlink: 156 bytes leftover after parsing attributes in process `syz.2.5521'. [ 185.966130][T17977] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5521'. [ 185.969731][T17977] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5521'. [ 186.085941][T17991] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 186.341290][ T34] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 186.491046][ T34] usb 8-1: Using ep0 maxpacket: 32 [ 186.495804][ T34] usb 8-1: config 0 has an invalid interface number: 148 but max is 0 [ 186.499139][ T34] usb 8-1: config 0 has no interface number 0 [ 186.502451][ T34] usb 8-1: config 0 interface 148 has no altsetting 0 [ 186.507106][ T34] usb 8-1: New USB device found, idVendor=067b, idProduct=0307, bcdDevice=dd.c8 [ 186.510782][ T34] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.514683][ T34] usb 8-1: Product: syz [ 186.516371][ T34] usb 8-1: Manufacturer: syz [ 186.518279][ T34] usb 8-1: SerialNumber: syz [ 186.523389][ T34] usb 8-1: config 0 descriptor?? [ 186.527892][ T34] pl2303 8-1:0.148: required endpoints missing [ 186.539341][T18048] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5556'. [ 186.729103][ T34] usb 8-1: USB disconnect, device number 9 [ 187.361825][T18092] overlayfs: missing 'lowerdir' [ 187.946371][T18155] netlink: 156 bytes leftover after parsing attributes in process `syz.3.5606'. [ 187.947901][T18153] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 187.949298][T18155] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5606'. [ 188.054948][T18169] netlink: 72 bytes leftover after parsing attributes in process `syz.3.5613'. [ 188.134354][T18175] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 188.137166][T18175] overlayfs: missing 'lowerdir' [ 188.362306][T18209] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5633'. [ 188.438567][T18218] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5638'. [ 188.613390][T18240] tmpfs: Bad value for 'huge' [ 189.050352][T18291] sit0: entered promiscuous mode [ 189.060510][T18291] netlink: 'syz.1.5669': attribute type 1 has an invalid length. [ 189.063080][T18291] netlink: 1 bytes leftover after parsing attributes in process `syz.1.5669'. [ 189.361185][T18329] cgroup: Unknown subsys name 'fowner>00000000000000060929' [ 189.898421][T18387] netlink: 136 bytes leftover after parsing attributes in process `syz.3.5714'. [ 190.079222][T18403] netlink: 104 bytes leftover after parsing attributes in process `syz.3.5722'. [ 190.092022][T18405] netlink: 240 bytes leftover after parsing attributes in process `syz.2.5723'. [ 190.188242][T18417] overlayfs: failed to clone upperpath [ 190.463625][ T40] audit: type=1326 audit(1763131365.965:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18453 comm="syz.3.5747" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 190.470466][ T40] audit: type=1326 audit(1763131365.965:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18453 comm="syz.3.5747" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 190.478436][ T40] audit: type=1326 audit(1763131365.965:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18453 comm="syz.3.5747" exe="/syz-executor" sig=0 arch=40000003 syscall=174 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 190.485828][ T40] audit: type=1326 audit(1763131365.965:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18453 comm="syz.3.5747" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 190.492633][ T40] audit: type=1326 audit(1763131365.965:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18453 comm="syz.3.5747" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 190.499614][ T40] audit: type=1326 audit(1763131365.965:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18453 comm="syz.3.5747" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 190.506709][ T40] audit: type=1326 audit(1763131365.965:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18453 comm="syz.3.5747" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 190.514105][ T40] audit: type=1326 audit(1763131365.965:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18453 comm="syz.3.5747" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 190.520837][ T40] audit: type=1326 audit(1763131365.965:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18453 comm="syz.3.5747" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 190.528439][ T40] audit: type=1326 audit(1763131365.965:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18453 comm="syz.3.5747" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 190.742472][T18487] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 190.756730][T18489] netlink: 'syz.2.5764': attribute type 4 has an invalid length. [ 190.768667][T18489] netlink: 'syz.2.5764': attribute type 4 has an invalid length. [ 190.999991][T18511] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 191.003814][T18511] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 191.723525][T18578] netlink: 'syz.3.5804': attribute type 4 has an invalid length. [ 191.726702][T18578] netlink: 'syz.3.5804': attribute type 5 has an invalid length. [ 191.730027][T18578] __nla_validate_parse: 8 callbacks suppressed [ 191.730041][T18578] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.5804'. [ 191.732526][T18580] netlink: 156 bytes leftover after parsing attributes in process `syz.2.5806'. [ 191.740053][T18580] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5806'. [ 191.745638][T18580] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5806'. [ 191.909328][T18606] netlink: 92 bytes leftover after parsing attributes in process `syz.1.5818'. [ 191.957201][T18612] netlink: 'syz.1.5821': attribute type 13 has an invalid length. [ 192.022957][T18622] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 192.026027][T18622] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 192.273515][T18657] netlink: 120 bytes leftover after parsing attributes in process `syz.0.5841'. [ 192.276892][T18657] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5841'. [ 192.319595][T18671] netlink: 240 bytes leftover after parsing attributes in process `syz.1.5849'. [ 192.323335][T18671] netlink: 240 bytes leftover after parsing attributes in process `syz.1.5849'. [ 192.792926][ T6019] usb 7-1: new full-speed USB device number 12 using dummy_hcd [ 192.942533][ T6019] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 192.946704][ T6019] usb 7-1: New USB device found, idVendor=056a, idProduct=005b, bcdDevice= 0.00 [ 192.950344][ T6019] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.956445][ T6019] usb 7-1: config 0 descriptor?? [ 192.959222][T18717] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 193.168010][T18717] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 193.171948][T18717] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 193.178414][ T6019] usbhid 7-1:0.0: can't add hid device: -71 [ 193.181260][ T6019] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 193.186431][ T6019] usb 7-1: USB disconnect, device number 12 [ 193.188011][T18800] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5912'. [ 193.714599][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.717353][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.229436][T18889] batadv_slave_1: entered promiscuous mode [ 194.235089][T18888] batadv_slave_1: left promiscuous mode [ 195.404044][T19009] bridge0: entered allmulticast mode [ 195.903371][T19094] batadv_slave_1: entered promiscuous mode [ 195.905651][T19093] batadv_slave_1: left promiscuous mode [ 195.946300][T19098] warning: `syz.1.6055' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 196.304845][T19158] overlay: Unknown parameter '/'' [ 196.502644][T19187] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 196.905794][T19258] __nla_validate_parse: 3 callbacks suppressed [ 196.905810][T19258] netlink: 44 bytes leftover after parsing attributes in process `syz.1.6132'. [ 196.912729][T19258] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6132'. [ 197.163065][T19294] netlink: 'syz.3.6150': attribute type 63 has an invalid length. [ 197.166325][T19294] netlink: 5 bytes leftover after parsing attributes in process `syz.3.6150'. [ 197.169721][T19294] gretap0: entered allmulticast mode [ 197.172268][T19294] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 197.457984][ T40] kauditd_printk_skb: 19 callbacks suppressed [ 197.457999][ T40] audit: type=1326 audit(1763131372.955:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19337 comm="syz.0.6172" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x0 [ 197.655637][T19377] netlink: 156 bytes leftover after parsing attributes in process `syz.1.6191'. [ 197.659455][T19377] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6191'. [ 198.099955][T19447] overlayfs: missing 'lowerdir' [ 198.236940][T19473] netlink: 80 bytes leftover after parsing attributes in process `syz.2.6237'. [ 198.468085][T19512] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6256'. [ 198.881569][T19564] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 198.886237][T19564] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 198.995379][T19579] netlink: 'syz.2.6289': attribute type 3 has an invalid length. [ 198.999903][T19579] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6289'. [ 199.091891][T19589] overlayfs: missing 'workdir' [ 199.275307][T19614] overlayfs: empty lowerdir [ 199.379628][T19627] overlayfs: failed to clone upperpath [ 199.831061][ T34] usb 7-1: new full-speed USB device number 13 using dummy_hcd [ 200.005274][ T34] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 200.012521][ T34] usb 7-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00 [ 200.016309][ T34] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.021436][ T34] usb 7-1: config 0 descriptor?? [ 200.228085][ T34] usbhid 7-1:0.0: can't add hid device: -71 [ 200.230719][ T34] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 200.235862][ T34] usb 7-1: USB disconnect, device number 13 [ 200.250787][T19717] netlink: 104 bytes leftover after parsing attributes in process `syz.1.6353'. [ 200.893871][T19761] netlink: 236 bytes leftover after parsing attributes in process `syz.3.6374'. [ 201.645732][T19857] overlayfs: missing 'lowerdir' [ 201.698131][T19863] netlink: 'syz.1.6424': attribute type 63 has an invalid length. [ 201.700616][T19863] gretap0: entered allmulticast mode [ 201.702977][T19863] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 202.000439][T19901] __nla_validate_parse: 2 callbacks suppressed [ 202.000450][T19901] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6441'. [ 202.004778][T19903] netlink: 136 bytes leftover after parsing attributes in process `syz.0.6442'. [ 202.006656][T19901] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6441'. [ 202.969933][T20064] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6521'. [ 203.136234][T20089] kvm: pic: single mode not supported [ 203.136831][T20089] kvm: pic: non byte read [ 203.143554][T20089] kvm: pic: non byte read [ 203.147630][T20089] kvm: pic: non byte read [ 203.152962][T20089] kvm: pic: non byte read [ 203.156659][T20089] kvm: pic: single mode not supported [ 203.156861][T20089] kvm: pic: level sensitive irq not supported [ 203.159753][T20089] kvm: pic: non byte read [ 203.166945][T20089] kvm: pic: non byte read [ 203.171183][T20089] kvm: pic: non byte read [ 203.175272][T20089] kvm: pic: non byte read [ 203.179339][T20089] kvm: pic: non byte read [ 203.374798][T20130] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 203.378483][T20130] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 203.385006][T20130] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 203.759048][T20207] netlink: 136 bytes leftover after parsing attributes in process `syz.1.6590'. [ 203.929298][T20234] netlink: 136 bytes leftover after parsing attributes in process `syz.1.6603'. [ 204.121172][T20272] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 204.123958][T20272] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 204.249239][T20296] overlayfs: failed to clone upperpath [ 204.431366][T20335] netlink: 104 bytes leftover after parsing attributes in process `syz.3.6651'. [ 204.476473][T20342] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6654'. [ 204.672703][T20370] overlayfs: regular lower layers cannot follow data lower layers [ 204.851703][T11851] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 205.021000][T11851] usb 7-1: Using ep0 maxpacket: 8 [ 205.024343][T11851] usb 7-1: unable to get BOS descriptor or descriptor too short [ 205.028552][T11851] usb 7-1: config 8 interface 0 altsetting 7 endpoint 0x83 has invalid maxpacket 2560, setting to 1024 [ 205.033709][T11851] usb 7-1: config 8 interface 0 altsetting 7 bulk endpoint 0x83 has invalid maxpacket 1024 [ 205.037037][T11851] usb 7-1: config 8 interface 0 has no altsetting 0 [ 205.040731][T11851] usb 7-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 205.044279][T11851] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 205.046855][T11851] usb 7-1: Product: syz [ 205.048255][T11851] usb 7-1: Manufacturer: syz [ 205.049835][T11851] usb 7-1: SerialNumber: syz [ 205.260787][T11851] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 205.263797][T11851] usb 7-1: selecting invalid altsetting 0 [ 205.275105][T11851] usb 7-1: USB disconnect, device number 14 [ 205.735706][T20402] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 205.739117][T20402] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 205.744655][T20402] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 205.747339][T20402] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 205.749340][T20402] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 205.752790][T20402] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 205.755450][T20402] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 205.757365][T20402] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 205.760912][T20402] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 205.764075][T20402] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 205.766041][T20402] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 205.769228][T20402] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 205.926836][T20451] loop5: detected capacity change from 0 to 7 [ 206.036611][T20459] usb usb8: usbfs: interface 0 claimed by hub while 'syz.3.6709' resets device [ 206.086513][T20451] Dev loop5: unable to read RDB block 7 [ 206.089146][T20451] loop5: unable to read partition table [ 206.092067][T20451] loop5: partition table beyond EOD, truncated [ 206.094790][T20451] loop_reread_partitions: partition scan of loop5 (úù) failed (rc=-5) [ 206.288522][T20501] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6730'. [ 206.365394][T20520] netlink: 156 bytes leftover after parsing attributes in process `syz.2.6737'. [ 206.459077][T20538] binder: 20537:20538 ioctl c0306201 80000940 returned -22 [ 206.506407][T20546] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 206.991217][ T63] Bluetooth: hci4: command 0x0c1a tx timeout [ 207.072457][T20622] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 207.077122][T20622] overlayfs: missing 'lowerdir' [ 207.136278][T20632] __nla_validate_parse: 3 callbacks suppressed [ 207.136288][T20632] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6788'. [ 207.275834][T20651] netlink: 'syz.3.6794': attribute type 4 has an invalid length. [ 207.278501][T20651] netlink: 'syz.3.6794': attribute type 5 has an invalid length. [ 207.282748][T20651] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.6794'. [ 207.380506][T20659] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6798'. [ 207.791423][ T63] Bluetooth: hci3: command 0x0c1a tx timeout [ 207.792705][ T5941] Bluetooth: hci2: command 0x0c1a tx timeout [ 207.794248][ T5937] Bluetooth: hci1: command 0x0c1a tx timeout [ 207.921043][ T6019] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 207.982602][ T60] hid_parser_main: 8 callbacks suppressed [ 207.982615][ T60] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 207.986861][ T60] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 207.989205][ T60] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 207.993624][ T60] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 207.998056][ T60] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 208.001159][ T60] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 208.003676][ T60] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 208.006002][ T60] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 208.008303][ T60] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 208.010608][ T60] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 208.014601][ T60] hid-generic 0003:0004:0000.0004: hidraw1: USB HID v0.00 Device [syz0] on syz1 [ 208.071043][ T6019] usb 5-1: Using ep0 maxpacket: 32 [ 208.075084][ T6019] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 208.078904][ T6019] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 208.083073][ T6019] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 208.087011][ T6019] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 208.091762][ T6019] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 208.096565][ T6019] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 208.102623][ T6019] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 208.106784][ T6019] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 208.113600][ T6019] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 208.117354][ T6019] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.124534][ T6019] usb 5-1: config 0 descriptor?? [ 208.253324][T20739] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6836'. [ 208.336273][ T6019] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 8 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 208.343190][ T6019] usb 5-1: USB disconnect, device number 8 [ 208.348831][ T6019] usblp0: removed [ 208.421613][T20755] overlayfs: failed to clone upperpath [ 208.458305][T20757] netlink: 136 bytes leftover after parsing attributes in process `syz.3.6845'. [ 208.781193][ T6018] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 208.941044][ T6018] usb 5-1: Using ep0 maxpacket: 32 [ 208.944935][ T6018] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 208.948434][ T6018] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 208.952142][ T6018] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 208.955881][ T6018] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 208.959861][ T6018] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 208.963950][ T6018] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 208.967945][ T6018] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 208.972051][ T6018] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 208.977422][ T6018] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 208.981267][ T6018] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.986550][ T6018] usb 5-1: config 0 descriptor?? [ 209.081347][ T5937] Bluetooth: hci4: command 0x0c1a tx timeout [ 209.136465][T20788] netlink: 4100 bytes leftover after parsing attributes in process `syz.2.6860'. [ 209.194280][ T6018] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 209.199025][ T6018] usb 5-1: USB disconnect, device number 9 [ 209.203407][ T6018] usblp0: removed [ 209.445328][T20821] netlink: 120 bytes leftover after parsing attributes in process `syz.1.6875'. [ 209.778575][T20867] binder: 20865:20867 ioctl c0306201 800001c0 returned -14 [ 209.847425][T20879] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6903'. [ 209.851121][T20879] netlink: 104 bytes leftover after parsing attributes in process `syz.0.6903'. [ 209.854086][T20879] netlink: 104 bytes leftover after parsing attributes in process `syz.0.6903'. [ 209.881026][ T5937] Bluetooth: hci1: command 0x0c1a tx timeout [ 209.881152][ T63] Bluetooth: hci2: command 0x0c1a tx timeout [ 209.881270][ T5941] Bluetooth: hci3: command 0x0c1a tx timeout [ 210.441002][T11134] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 210.602017][T11134] usb 7-1: Using ep0 maxpacket: 8 [ 210.609968][T11134] usb 7-1: too many endpoints for config 0 interface 0 altsetting 250: 251, using maximum allowed: 30 [ 210.621151][T11134] usb 7-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 251 [ 210.626787][T11134] usb 7-1: config 0 interface 0 has no altsetting 0 [ 210.629574][T11134] usb 7-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 210.634996][T11134] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.639969][T11134] usb 7-1: config 0 descriptor?? [ 210.723426][ T5937] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 210.727440][ T5937] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 210.731823][ T5937] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 210.735831][ T5937] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 210.738503][ T5937] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 210.846665][T11134] usbhid 7-1:0.0: can't add hid device: -71 [ 210.848619][T11134] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 210.852033][T11134] usb 7-1: USB disconnect, device number 15 [ 210.928792][T20946] chnl_net:caif_netlink_parms(): no params data found [ 211.006218][T20946] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.008424][T20946] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.011056][T20946] bridge_slave_0: entered allmulticast mode [ 211.013816][T20946] bridge_slave_0: entered promiscuous mode [ 211.016966][T20946] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.019307][T20946] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.023975][T20946] bridge_slave_1: entered allmulticast mode [ 211.026722][T20946] bridge_slave_1: entered promiscuous mode [ 211.059217][T20946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 211.064870][T20946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 211.104545][T20946] team0: Port device team_slave_0 added [ 211.107858][T20946] team0: Port device team_slave_1 added [ 211.194100][ T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.204640][T20946] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 211.206817][T20946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 211.216027][T20946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 211.221078][T20946] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 211.223286][T20946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 211.231087][T20946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 211.273366][T20946] hsr_slave_0: entered promiscuous mode [ 211.275704][T20946] hsr_slave_1: entered promiscuous mode [ 211.277768][T20946] debugfs: 'hsr0' already exists in 'hsr' [ 211.279572][T20946] Cannot create hsr debugfs directory [ 211.292317][ T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.386048][ T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.459199][ T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.553142][ T13] bridge_slave_1: left allmulticast mode [ 211.555082][ T13] bridge_slave_1: left promiscuous mode [ 211.557124][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.561736][ T13] bridge_slave_0: left allmulticast mode [ 211.563558][ T13] bridge_slave_0: left promiscuous mode [ 211.565452][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.694133][ T13] bridge0 (unregistering): left allmulticast mode [ 211.789758][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 211.794609][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 211.799634][ T13] bond0 (unregistering): Released all slaves [ 211.951183][ T5937] Bluetooth: hci1: command 0x0c1a tx timeout [ 211.951400][ T5941] Bluetooth: hci3: command 0x0c1a tx timeout [ 211.954436][ T63] Bluetooth: hci2: command 0x0c1a tx timeout [ 212.014829][T21062] netlink: 'syz.1.6988': attribute type 4 has an invalid length. [ 212.018079][T21062] netlink: 'syz.1.6988': attribute type 5 has an invalid length. [ 212.141286][ T13] hsr_slave_0: left promiscuous mode [ 212.144399][ T13] hsr_slave_1: left promiscuous mode [ 212.147101][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 212.150170][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 212.154790][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 212.157720][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 212.201951][ T13] veth1_macvtap: left promiscuous mode [ 212.204260][ T13] veth0_macvtap: left promiscuous mode [ 212.206651][ T13] veth1_vlan: left promiscuous mode [ 212.208912][ T13] veth0_vlan: left promiscuous mode [ 212.221854][T21077] __nla_validate_parse: 3 callbacks suppressed [ 212.221868][T21077] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6995'. [ 212.516028][T21103] netlink: 'syz.2.7005': attribute type 4 has an invalid length. [ 212.519201][T21103] netlink: 'syz.2.7005': attribute type 5 has an invalid length. [ 212.524012][T21103] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.7005'. [ 212.783025][ T13] team0 (unregistering): Port device team_slave_1 removed [ 212.835060][ T13] team0 (unregistering): Port device team_slave_0 removed [ 213.307324][T20946] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 213.311446][T21014] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 213.311943][T20946] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 213.324189][T20946] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 213.331395][T20946] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 213.380106][T20946] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.390580][T20946] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.396279][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.399159][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.415662][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.418791][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.554621][T20946] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 213.588312][T20946] veth0_vlan: entered promiscuous mode [ 213.594196][T20946] veth1_vlan: entered promiscuous mode [ 213.615891][T20946] veth0_macvtap: entered promiscuous mode [ 213.620802][T20946] veth1_macvtap: entered promiscuous mode [ 213.634528][T20946] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 213.642474][T20946] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 213.648493][ T46] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.653390][ T46] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.657029][ T46] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.665840][ T46] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.703462][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 213.705893][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.729153][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 213.734088][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 214.018202][ T40] audit: type=1326 audit(1763131389.505:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21199 comm="syz.1.7047" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 214.029872][ T40] audit: type=1326 audit(1763131389.515:611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21199 comm="syz.1.7047" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 214.038252][ T40] audit: type=1326 audit(1763131389.515:612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21199 comm="syz.1.7047" exe="/syz-executor" sig=0 arch=40000003 syscall=174 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 214.045375][ T40] audit: type=1326 audit(1763131389.515:613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21199 comm="syz.1.7047" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 214.053550][ T40] audit: type=1326 audit(1763131389.515:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21199 comm="syz.1.7047" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 214.060144][ T40] audit: type=1326 audit(1763131389.515:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21199 comm="syz.1.7047" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 214.067074][ T40] audit: type=1326 audit(1763131389.515:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21199 comm="syz.1.7047" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 214.073790][ T40] audit: type=1326 audit(1763131389.515:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21199 comm="syz.1.7047" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 214.080256][ T40] audit: type=1326 audit(1763131389.515:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21199 comm="syz.1.7047" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 214.087210][ T40] audit: type=1326 audit(1763131389.515:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21199 comm="syz.1.7047" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000 [ 214.466537][T21245] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 214.470023][T21245] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 214.572492][T21260] overlayfs: overlapping lowerdir path [ 214.622819][T21264] overlayfs: missing 'workdir' [ 214.819177][ T5941] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 214.824841][ T5941] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 214.828546][ T5941] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 214.844906][ T5941] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 214.852253][ T5941] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 214.911866][T21286] netlink: 156 bytes leftover after parsing attributes in process `syz.3.7084'. [ 215.008965][T21278] chnl_net:caif_netlink_parms(): no params data found [ 215.097385][T21278] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.099927][T21278] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.103104][T21278] bridge_slave_0: entered allmulticast mode [ 215.106468][T21278] bridge_slave_0: entered promiscuous mode [ 215.110322][T21278] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.114365][T21278] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.116617][T21278] bridge_slave_1: entered allmulticast mode [ 215.119506][T21278] bridge_slave_1: entered promiscuous mode [ 215.186963][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.199056][T21278] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 215.205723][T21278] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 215.246064][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.270619][T21278] team0: Port device team_slave_0 added [ 215.282566][T21278] team0: Port device team_slave_1 added [ 215.333809][T21278] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 215.336740][T21278] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 215.349192][T21278] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 215.364434][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.375133][T21278] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 215.377404][T21278] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 215.385404][T21278] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 215.455944][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.465465][T21278] hsr_slave_0: entered promiscuous mode [ 215.467819][T21278] hsr_slave_1: entered promiscuous mode [ 215.469974][T21278] debugfs: 'hsr0' already exists in 'hsr' [ 215.472787][T21278] Cannot create hsr debugfs directory [ 215.524233][T21331] batadv_slave_1: entered promiscuous mode [ 215.550680][T21330] batadv_slave_1: left promiscuous mode [ 215.586984][ T12] bridge_slave_1: left allmulticast mode [ 215.588691][ T12] bridge_slave_1: left promiscuous mode [ 215.590458][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.594567][ T12] bridge_slave_0: left allmulticast mode [ 215.596396][ T12] bridge_slave_0: left promiscuous mode [ 215.598379][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.843722][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 215.849074][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 215.853706][ T12] bond0 (unregistering): Released all slaves [ 216.025609][T21354] overlayfs: missing 'lowerdir' [ 216.111259][T21204] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 216.171645][ T12] hsr_slave_0: left promiscuous mode [ 216.173734][ T12] hsr_slave_1: left promiscuous mode [ 216.175675][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 216.177971][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 216.180603][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 216.182977][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 216.205903][ T12] veth1_macvtap: left promiscuous mode [ 216.207784][ T12] veth0_macvtap: left promiscuous mode [ 216.209560][ T12] veth1_vlan: left promiscuous mode [ 216.211589][ T12] veth0_vlan: left promiscuous mode [ 216.722136][ T12] team0 (unregistering): Port device team_slave_1 removed [ 216.778187][ T12] team0 (unregistering): Port device team_slave_0 removed [ 216.914200][ T63] Bluetooth: hci4: command tx timeout [ 217.272702][T21386] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7124'. [ 217.408108][T21398] netlink: 188 bytes leftover after parsing attributes in process `syz.0.7130'. [ 217.427256][T21278] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 217.435747][T21278] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 217.445348][T21278] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 217.458965][T21278] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 217.515922][T21278] 8021q: adding VLAN 0 to HW filter on device bond0 [ 217.528761][T21278] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.535047][ T73] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.537149][ T73] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.545847][ T73] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.548614][ T73] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.685727][T21278] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.708057][T21278] veth0_vlan: entered promiscuous mode [ 217.715344][T21278] veth1_vlan: entered promiscuous mode [ 217.737944][T21278] veth0_macvtap: entered promiscuous mode [ 217.744257][T21278] veth1_macvtap: entered promiscuous mode [ 217.758361][T21278] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 217.770071][T21278] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 217.778823][ T67] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.781763][ T67] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.785483][ T67] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.788210][ T67] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.821316][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 217.824642][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 217.846242][ T1259] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 217.848683][ T1259] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.005928][ T845] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 218.152633][ T845] usb 8-1: config 10 has an invalid interface number: 92 but max is 1 [ 218.155597][ T845] usb 8-1: config 10 has an invalid descriptor of length 0, skipping remainder of the config [ 218.159033][ T845] usb 8-1: config 10 has 1 interface, different from the descriptor's value: 2 [ 218.162191][ T845] usb 8-1: config 10 has no interface number 0 [ 218.164195][ T845] usb 8-1: config 10 interface 92 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 218.167433][ T845] usb 8-1: config 10 interface 92 has no altsetting 0 [ 218.169528][ T845] usb 8-1: New USB device found, idVendor=0763, idProduct=2019, bcdDevice=a0.36 [ 218.172929][ T845] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.342127][T21431] IPv6: syztnl0: Disabled Multicast RS [ 218.380190][ T845] usb 8-1: string descriptor 0 read error: -71 [ 218.389964][ T845] usb 8-1: USB disconnect, device number 10 [ 218.915288][T21456] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7151'. [ 218.938720][T21458] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 218.940798][T21458] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 218.944350][T21458] vhci_hcd vhci_hcd.0: Device attached [ 218.947598][T21459] vhci_hcd: connection closed [ 218.949599][ T1259] vhci_hcd: stop threads [ 218.954208][ T1259] vhci_hcd: release socket [ 218.956029][ T1259] vhci_hcd: disconnect device [ 218.991335][ T63] Bluetooth: hci4: command tx timeout [ 219.222342][T21474] bridge0: entered allmulticast mode [ 219.225159][T21474] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7159'. [ 219.228894][T21474] bridge_slave_1: left allmulticast mode [ 219.230797][T21474] bridge_slave_1: left promiscuous mode [ 219.234046][T21474] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.240845][T21474] bridge_slave_0: left allmulticast mode [ 219.245072][T21474] bridge_slave_0: left promiscuous mode [ 219.247190][T21474] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.262716][T21474] bridge0 (unregistering): left allmulticast mode [ 219.391025][T21395] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 219.731515][T21514] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7174'. [ 219.998784][T21544] loop5: detected capacity change from 0 to 7 [ 220.101313][T21549] bridge0: entered allmulticast mode [ 220.114089][T21549] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7188'. [ 220.117696][T21549] bridge_slave_1: left allmulticast mode [ 220.120474][T21549] bridge_slave_1: left promiscuous mode [ 220.123145][T21549] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.128200][T21549] bridge_slave_0: left allmulticast mode [ 220.130446][T21549] bridge_slave_0: left promiscuous mode [ 220.133076][T21549] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.143965][T21544] Dev loop5: unable to read RDB block 7 [ 220.146462][T21544] loop5: unable to read partition table [ 220.149163][T21544] loop5: partition table beyond EOD, truncated [ 220.152299][T21544] loop_reread_partitions: partition scan of loop5 (úù) failed (rc=-5) [ 220.156414][T21549] bridge0 (unregistering): left allmulticast mode [ 220.211942][ T40] kauditd_printk_skb: 81 callbacks suppressed [ 220.211958][ T40] audit: type=1326 audit(1763131395.715:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21561 comm="syz.2.7194" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 220.225764][ T40] audit: type=1326 audit(1763131395.715:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21561 comm="syz.2.7194" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 220.237559][ T40] audit: type=1326 audit(1763131395.715:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21561 comm="syz.2.7194" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 220.246248][ T40] audit: type=1326 audit(1763131395.715:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21561 comm="syz.2.7194" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 220.255817][ T40] audit: type=1326 audit(1763131395.715:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21561 comm="syz.2.7194" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 220.262763][ T40] audit: type=1326 audit(1763131395.715:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21561 comm="syz.2.7194" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 220.316171][T21571] overlayfs: missing 'lowerdir' [ 220.610210][T21608] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7217'. [ 221.026127][T21630] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7226'. [ 221.071082][ T63] Bluetooth: hci4: command tx timeout [ 221.317773][T21643] Driver unsupported XDP return value 0 on prog (id 81) dev N/A, expect packet loss! [ 221.532722][T21664] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7242'. [ 221.912694][ T40] audit: type=1326 audit(1763131397.415:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21690 comm="syz.2.7253" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 221.920144][ T40] audit: type=1326 audit(1763131397.415:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21690 comm="syz.2.7253" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 221.927497][ T40] audit: type=1326 audit(1763131397.415:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21690 comm="syz.2.7253" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 221.934312][ T40] audit: type=1326 audit(1763131397.415:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21690 comm="syz.2.7253" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 222.511769][T21730] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7272'. [ 222.615457][T21746] netlink: 'syz.1.7278': attribute type 2 has an invalid length. [ 222.618633][T21746] netlink: 1 bytes leftover after parsing attributes in process `syz.1.7278'. [ 222.696799][T21756] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7285'. [ 222.796623][T21772] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7291'. [ 222.801814][T21772] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7291'. [ 223.023310][T21810] netlink: 'syz.0.7310': attribute type 64 has an invalid length. [ 223.025745][T21810] netlink: 5 bytes leftover after parsing attributes in process `syz.0.7310'. [ 223.028633][T21810] gretap0: entered allmulticast mode [ 223.030511][T21810] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 223.132192][T21829] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7319'. [ 223.135557][T21829] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7319'. [ 223.161485][ T63] Bluetooth: hci4: command tx timeout [ 223.220581][T21841] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7325'. [ 223.371445][T11134] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 223.523963][T11134] usb 8-1: config 0 has an invalid interface number: 51 but max is 0 [ 223.527283][T11134] usb 8-1: config 0 has no interface number 0 [ 223.531863][T11134] usb 8-1: New USB device found, idVendor=061c, idProduct=c084, bcdDevice=f5.fc [ 223.535834][T11134] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.539118][T11134] usb 8-1: Product: syz [ 223.540896][T11134] usb 8-1: Manufacturer: syz [ 223.543515][T11134] usb 8-1: SerialNumber: syz [ 223.547376][T11134] usb 8-1: config 0 descriptor?? [ 223.753299][ T6019] usb 8-1: USB disconnect, device number 11 [ 223.972450][T21883] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7343'. [ 223.975192][T21883] bridge_slave_1: left allmulticast mode [ 223.976931][T21883] bridge_slave_1: left promiscuous mode [ 223.978847][T21883] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.985878][T21883] bridge_slave_0: left allmulticast mode [ 223.988226][T21883] bridge_slave_0: left promiscuous mode [ 223.990906][T21883] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.387525][T21903] capability: warning: `syz.0.7352' uses 32-bit capabilities (legacy support in use) [ 224.399505][T21895] fuse: Bad value for 'fd' [ 224.651036][ T6019] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 224.804329][ T6019] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 224.808546][ T6019] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 224.812851][ T6019] usb 8-1: config 1 has no interface number 0 [ 224.815436][ T6019] usb 8-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 224.822778][ T6019] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 224.830140][ T6019] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.833713][ T6019] usb 8-1: Product: syz [ 224.835467][ T6019] usb 8-1: Manufacturer: syz [ 224.837435][ T6019] usb 8-1: SerialNumber: syz [ 224.842204][ T6019] usb 8-1: selecting invalid altsetting 1 [ 225.046037][ T6019] cdc_ncm 8-1:1.1: bind() failure [ 225.051579][ T6019] usb 8-1: USB disconnect, device number 12 [ 225.525256][ T5941] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 225.528449][ T5941] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 225.531245][ T5941] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 225.534382][ T5941] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 225.537050][ T5941] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 225.704424][T22010] chnl_net:caif_netlink_parms(): no params data found [ 225.781997][T22031] sit0: left promiscuous mode [ 225.783712][T22031] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 225.834643][T22010] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.836969][T22010] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.839349][T22010] bridge_slave_0: entered allmulticast mode [ 225.842772][T22010] bridge_slave_0: entered promiscuous mode [ 225.846329][T22010] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.848651][T22010] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.852742][T22010] bridge_slave_1: entered allmulticast mode [ 225.857475][T22010] bridge_slave_1: entered promiscuous mode [ 225.898958][T22010] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 225.903864][T22010] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 225.956827][T22010] team0: Port device team_slave_0 added [ 225.960006][T22010] team0: Port device team_slave_1 added [ 225.992329][T22010] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 225.994565][T22010] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 226.005958][T22010] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 226.016081][T22010] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 226.018942][T22010] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 226.027074][T22010] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 226.071699][T22010] hsr_slave_0: entered promiscuous mode [ 226.073988][T22010] hsr_slave_1: entered promiscuous mode [ 226.076213][T22010] debugfs: 'hsr0' already exists in 'hsr' [ 226.078039][T22010] Cannot create hsr debugfs directory [ 226.233887][T22010] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.316374][T22010] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.397378][T22010] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.497095][T22010] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.627812][T22010] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 226.639380][T22010] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 226.644942][T22010] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 226.650116][T22010] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 226.728535][T22010] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.753547][T22010] 8021q: adding VLAN 0 to HW filter on device team0 [ 226.761965][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.764778][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 226.777003][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.780043][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 226.927806][T22010] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 226.953583][T22010] veth0_vlan: entered promiscuous mode [ 226.958394][T22010] veth1_vlan: entered promiscuous mode [ 226.976914][T22010] veth0_macvtap: entered promiscuous mode [ 226.980666][T22010] veth1_macvtap: entered promiscuous mode [ 226.989960][T22010] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 226.998337][T22010] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 227.006578][ T67] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.010179][ T67] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.018892][ T67] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.023328][ T67] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.053680][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 227.060303][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 227.075500][ T1259] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 227.078011][ T1259] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 227.311154][ T40] kauditd_printk_skb: 76 callbacks suppressed [ 227.311176][ T40] audit: type=1326 audit(1763131402.805:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22187 comm="syz.2.7477" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 227.324833][ T40] audit: type=1326 audit(1763131402.805:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22187 comm="syz.2.7477" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 227.336690][ T40] audit: type=1326 audit(1763131402.805:789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22187 comm="syz.2.7477" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 227.350401][ T40] audit: type=1326 audit(1763131402.805:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22187 comm="syz.2.7477" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 227.363972][ T40] audit: type=1326 audit(1763131402.805:791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22187 comm="syz.2.7477" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 227.444752][ T40] audit: type=1326 audit(1763131402.805:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22187 comm="syz.2.7477" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 227.456020][ T40] audit: type=1326 audit(1763131402.805:793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22187 comm="syz.2.7477" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 227.462926][ T40] audit: type=1326 audit(1763131402.805:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22187 comm="syz.2.7477" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 227.469760][ T40] audit: type=1326 audit(1763131402.805:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22187 comm="syz.2.7477" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 227.477321][ T40] audit: type=1326 audit(1763131402.805:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22187 comm="syz.2.7477" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 227.551148][ T5941] Bluetooth: hci1: command tx timeout [ 228.302023][T22266] __nla_validate_parse: 6 callbacks suppressed [ 228.302040][T22266] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7513'. [ 228.453388][T22282] netlink: 72 bytes leftover after parsing attributes in process `syz.0.7522'. [ 228.543220][T22292] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3851450944 (3851450944 ns) > initial count (1115526657 ns). Using initial count to start timer. [ 228.891305][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 229.135621][T22357] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7556'. [ 229.258537][T22369] batadv_slave_1: entered promiscuous mode [ 229.262661][T22368] batadv_slave_1: left promiscuous mode [ 229.445612][T22378] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7566'. [ 229.566564][T22388] netlink: 40 bytes leftover after parsing attributes in process `syz.2.7571'. [ 229.578861][ T67] bridge_slave_1: left allmulticast mode [ 229.580880][ T67] bridge_slave_1: left promiscuous mode [ 229.583042][ T67] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.588289][ T67] bridge_slave_0: left allmulticast mode [ 229.590406][ T67] bridge_slave_0: left promiscuous mode [ 229.592892][ T67] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.632025][ T5941] Bluetooth: hci1: command tx timeout [ 229.708582][T22399] IPv6: addrconf: prefix option has invalid lifetime [ 229.877948][ T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 229.882804][ T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 229.886766][ T67] bond0 (unregistering): Released all slaves [ 230.135242][T22441] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7602'. [ 230.172509][ T67] hsr_slave_0: left promiscuous mode [ 230.175946][ T67] hsr_slave_1: left promiscuous mode [ 230.181330][ T67] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 230.184434][ T67] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 230.187941][ T67] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 230.190272][ T67] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 230.207453][T22448] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7605'. [ 230.228812][ T67] veth1_macvtap: left promiscuous mode [ 230.231293][ T67] veth0_macvtap: left promiscuous mode [ 230.233381][ T67] veth1_vlan: left promiscuous mode [ 230.235106][ T67] veth0_vlan: left promiscuous mode [ 230.826486][ T67] team0 (unregistering): Port device team_slave_1 removed [ 230.889910][ T67] team0 (unregistering): Port device team_slave_0 removed [ 231.371465][T22463] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7603'. [ 231.454799][T22506] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7623'. [ 231.653374][ T6018] usb 8-1: new full-speed USB device number 13 using dummy_hcd [ 231.711128][ T5941] Bluetooth: hci1: command tx timeout [ 231.737440][T22529] netlink: 'syz.1.7633': attribute type 6 has an invalid length. [ 231.760068][T22531] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7634'. [ 231.811936][ T6018] usb 8-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 231.816582][ T6018] usb 8-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 231.821131][ T6018] usb 8-1: config 0 interface 0 has no altsetting 0 [ 231.823896][ T6018] usb 8-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00 [ 231.827406][ T6018] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.832332][ T6018] usb 8-1: config 0 descriptor?? [ 231.834486][T22504] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 232.262103][ T6018] usbhid 8-1:0.0: can't add hid device: -71 [ 232.264407][ T6018] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 232.268976][ T6018] usb 8-1: USB disconnect, device number 13 [ 232.504250][ T40] kauditd_printk_skb: 55 callbacks suppressed [ 232.504266][ T40] audit: type=1326 audit(1763131408.005:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22592 comm="syz.0.7664" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 232.516514][ T40] audit: type=1326 audit(1763131408.005:853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22592 comm="syz.0.7664" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 232.525725][ T40] audit: type=1326 audit(1763131408.005:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22592 comm="syz.0.7664" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 232.534831][ T40] audit: type=1326 audit(1763131408.005:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22592 comm="syz.0.7664" exe="/syz-executor" sig=0 arch=40000003 syscall=297 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 232.541957][ T40] audit: type=1326 audit(1763131408.005:856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22592 comm="syz.0.7664" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 232.548736][ T40] audit: type=1326 audit(1763131408.005:857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22592 comm="syz.0.7664" exe="/syz-executor" sig=0 arch=40000003 syscall=341 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 232.556216][ T40] audit: type=1326 audit(1763131408.005:858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22592 comm="syz.0.7664" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 233.791265][ T5941] Bluetooth: hci1: command tx timeout [ 234.051536][ T63] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 234.056188][ T63] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 234.059613][ T63] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 234.074068][ T63] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 234.077691][ T63] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 234.240804][T22675] chnl_net:caif_netlink_parms(): no params data found [ 234.363800][T22675] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.366198][T22675] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.368655][T22675] bridge_slave_0: entered allmulticast mode [ 234.372541][T22675] bridge_slave_0: entered promiscuous mode [ 234.375843][T22675] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.378144][T22675] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.380456][T22675] bridge_slave_1: entered allmulticast mode [ 234.383467][T22675] bridge_slave_1: entered promiscuous mode [ 234.427517][T22675] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 234.433738][T22675] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 234.472257][T22675] team0: Port device team_slave_0 added [ 234.475640][T22675] team0: Port device team_slave_1 added [ 234.509655][T22675] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 234.513850][T22675] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 234.524329][T22675] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 234.528570][T22675] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 234.530751][T22675] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 234.538877][T22675] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 234.581462][T22675] hsr_slave_0: entered promiscuous mode [ 234.584185][T22675] hsr_slave_1: entered promiscuous mode [ 234.586788][T22675] debugfs: 'hsr0' already exists in 'hsr' [ 234.589002][T22675] Cannot create hsr debugfs directory [ 234.690310][T22727] netlink: 32 bytes leftover after parsing attributes in process `syz.1.7721'. [ 234.739922][T22675] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.163406][T22675] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.270837][T22675] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.361306][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 235.365162][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 235.376212][T22675] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.402700][ T40] audit: type=1326 audit(1763131410.905:859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22744 comm="syz.2.7728" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ad598 code=0x7ffc0000 [ 235.413158][ T40] audit: type=1326 audit(1763131410.905:860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22744 comm="syz.2.7728" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 235.430329][ T40] audit: type=1326 audit(1763131410.905:861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22744 comm="syz.2.7728" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 235.518537][T22754] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7733'. [ 235.566958][T22675] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 235.576111][T22675] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 235.581024][T22675] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 235.585989][T22675] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 235.650182][T22675] 8021q: adding VLAN 0 to HW filter on device bond0 [ 235.666075][T22675] 8021q: adding VLAN 0 to HW filter on device team0 [ 235.673694][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.676008][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 235.681757][ T218] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.684051][ T218] bridge0: port 2(bridge_slave_1) entered forwarding state [ 235.882024][T22675] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 235.929134][T22675] veth0_vlan: entered promiscuous mode [ 235.935934][T22675] veth1_vlan: entered promiscuous mode [ 235.956139][T22675] veth0_macvtap: entered promiscuous mode [ 235.961992][T22675] veth1_macvtap: entered promiscuous mode [ 235.976758][T22675] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 235.983901][T22675] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 235.997558][ T46] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.000361][ T46] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.004502][ T46] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.007949][ T46] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.052890][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 236.057131][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 236.069789][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 236.072366][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 236.111386][ T5941] Bluetooth: hci3: command tx timeout [ 236.201132][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 236.360591][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 236.629293][T22818] netlink: 188 bytes leftover after parsing attributes in process `syz.0.7755'. [ 236.963588][T22851] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 236.966343][T22851] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 236.969768][T22851] vhci_hcd vhci_hcd.0: Device attached [ 236.973769][T22852] vhci_hcd: connection closed [ 236.973999][ T218] vhci_hcd: stop threads [ 236.979047][ T218] vhci_hcd: release socket [ 236.983082][ T218] vhci_hcd: disconnect device [ 236.999590][T22855] batadv_slave_1: entered promiscuous mode [ 237.002198][T22854] batadv_slave_1: left promiscuous mode [ 237.686546][T22879] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7781'. [ 237.866529][ T40] kauditd_printk_skb: 17 callbacks suppressed [ 237.866545][ T40] audit: type=1326 audit(1763131413.365:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22901 comm="syz.0.7792" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 237.880218][ T40] audit: type=1326 audit(1763131413.365:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22901 comm="syz.0.7792" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 237.889562][ T40] audit: type=1326 audit(1763131413.365:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22901 comm="syz.0.7792" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 238.063542][T22923] netlink: 36 bytes leftover after parsing attributes in process `syz.0.7800'. [ 238.119465][T22930] netlink: 392 bytes leftover after parsing attributes in process `syz.3.7805'. [ 238.192570][ T5941] Bluetooth: hci3: command tx timeout [ 239.302677][T23044] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7857'. [ 239.604243][T23086] netlink: 16 bytes leftover after parsing attributes in process `syz.1.7877'. [ 240.042263][T23135] netlink: 'syz.0.7899': attribute type 34 has an invalid length. [ 240.281112][ T5941] Bluetooth: hci3: command tx timeout [ 240.981318][ T842] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 241.151325][ T842] usb 5-1: Using ep0 maxpacket: 32 [ 241.155072][ T842] usb 5-1: config 1 has an invalid interface number: 3 but max is 0 [ 241.157617][ T842] usb 5-1: config 1 has no interface number 0 [ 241.159556][ T842] usb 5-1: config 1 interface 3 has no altsetting 0 [ 241.163341][ T842] usb 5-1: New USB device found, idVendor=d084, idProduct=c487, bcdDevice=f4.ce [ 241.166174][ T842] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.168649][ T842] usb 5-1: Product: syz [ 241.169938][ T842] usb 5-1: Manufacturer: syz [ 241.171682][ T842] usb 5-1: SerialNumber: syz [ 241.385303][ T842] usb 5-1: USB disconnect, device number 10 [ 242.051296][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 242.271079][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 242.318018][T23299] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7976'. [ 242.320868][T23299] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7976'. [ 242.381153][ T5941] Bluetooth: hci3: command tx timeout [ 242.452328][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 242.671470][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 243.373873][ T40] audit: type=1326 audit(1763131418.875:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23339 comm="syz.0.7993" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 243.396283][ T40] audit: type=1326 audit(1763131418.875:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23339 comm="syz.0.7993" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 243.425371][ T40] audit: type=1326 audit(1763131418.875:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23339 comm="syz.0.7993" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 243.451415][ T40] audit: type=1326 audit(1763131418.875:885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23339 comm="syz.0.7993" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 243.460295][ T40] audit: type=1326 audit(1763131418.875:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23339 comm="syz.0.7993" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 243.476536][ T40] audit: type=1326 audit(1763131418.875:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23339 comm="syz.0.7993" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 243.497303][ T40] audit: type=1326 audit(1763131418.875:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23339 comm="syz.0.7993" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 243.512175][ T40] audit: type=1326 audit(1763131418.875:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23339 comm="syz.0.7993" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 243.519134][ T40] audit: type=1326 audit(1763131418.875:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23339 comm="syz.0.7993" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 243.551160][ T40] audit: type=1326 audit(1763131418.875:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23339 comm="syz.0.7993" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 243.647864][T23348] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7997'. [ 243.895456][T23356] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8001'. [ 243.998009][T23363] netlink: 96 bytes leftover after parsing attributes in process `syz.0.8003'. [ 244.800423][T23402] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 244.802459][T23404] netlink: 44 bytes leftover after parsing attributes in process `syz.1.8023'. [ 244.803413][T23402] IPv6: NLM_F_CREATE should be set when creating new route [ 245.021797][T23436] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.185517][T23459] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 245.188457][T23459] IPv6: NLM_F_CREATE should be set when creating new route [ 245.495567][T23489] netlink: 'syz.0.8063': attribute type 12 has an invalid length. [ 245.647443][T23512] netlink: 44 bytes leftover after parsing attributes in process `syz.2.8074'. [ 245.828013][ T842] kernel read not supported for file /574/pagemap (pid: 842 comm: kworker/0:2) [ 245.859909][T23551] netlink: 84 bytes leftover after parsing attributes in process `syz.1.8093'. [ 246.061139][ T6020] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 246.223391][ T6020] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 246.227283][ T6020] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 246.230733][ T6020] usb 5-1: config 1 has no interface number 0 [ 246.233277][ T6020] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 246.239471][ T6020] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 246.243008][ T6020] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.246117][ T6020] usb 5-1: Product: syz [ 246.247761][ T6020] usb 5-1: Manufacturer: syz [ 246.249583][ T6020] usb 5-1: SerialNumber: syz [ 246.254335][ T6020] usb 5-1: selecting invalid altsetting 1 [ 246.311221][ T5988] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 246.455126][ T6020] cdc_ncm 5-1:1.1: bind() failure [ 246.460403][ T6020] usb 5-1: USB disconnect, device number 11 [ 246.481081][ T5988] usb 6-1: Using ep0 maxpacket: 32 [ 246.484515][ T5988] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 246.487823][ T5988] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 246.491451][ T5988] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 246.495420][ T5988] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 81 [ 246.499525][ T5988] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 246.503497][ T5988] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.507231][ T5988] usb 6-1: config 0 descriptor?? [ 246.711703][ T842] usb 6-1: USB disconnect, device number 8 [ 246.736347][ T6465] kernel read not supported for file /403/pagemap (pid: 6465 comm: kworker/3:3) [ 247.095876][T23635] kernel profiling enabled (shift: 5) [ 251.555545][T23833] loop5: detected capacity change from 0 to 7 [ 251.712563][T23833] Dev loop5: unable to read RDB block 7 [ 251.714403][T23833] loop5: unable to read partition table [ 251.716264][T23833] loop5: partition table beyond EOD, truncated [ 251.718202][T23833] loop_reread_partitions: partition scan of loop5 (úù) failed (rc=-5) [ 251.831058][ T842] usb 7-1: new full-speed USB device number 16 using dummy_hcd [ 251.838330][T23839] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3851450944 (3851450944 ns) > initial count (1115526657 ns). Using initial count to start timer. [ 252.013730][ T842] usb 7-1: config 1 has an invalid interface number: 105 but max is 0 [ 252.017180][ T842] usb 7-1: config 1 has no interface number 0 [ 252.019751][ T842] usb 7-1: config 1 interface 105 has no altsetting 0 [ 252.027657][ T842] usb 7-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 252.031785][ T842] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 252.034909][ T842] usb 7-1: Product: syz [ 252.036542][ T842] usb 7-1: Manufacturer: syz [ 252.038159][ T842] usb 7-1: SerialNumber: syz [ 252.244851][ T842] aqc111 7-1:1.105: probe with driver aqc111 failed with error -71 [ 252.252932][ T842] usb 7-1: USB disconnect, device number 16 [ 252.837269][T23892] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8249'. [ 252.932151][T23902] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8254'. [ 254.029376][T23979] netlink: 52 bytes leftover after parsing attributes in process `syz.0.8288'. [ 255.163957][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.166876][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.370230][T24042] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8317'. [ 255.813462][T24075] loop5: detected capacity change from 0 to 7 [ 255.949787][T24075] Dev loop5: unable to read RDB block 7 [ 255.953423][T24075] loop5: unable to read partition table [ 255.955369][T24075] loop5: partition table beyond EOD, truncated [ 255.957335][T24075] loop_reread_partitions: partition scan of loop5 (úù) failed (rc=-5) [ 256.314227][T24097] loop5: detected capacity change from 0 to 7 [ 256.342768][ T6465] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 256.448962][T24097] Dev loop5: unable to read RDB block 7 [ 256.451267][T24097] loop5: unable to read partition table [ 256.453681][T24097] loop5: partition table beyond EOD, truncated [ 256.455952][T24097] loop_reread_partitions: partition scan of loop5 (úù) failed (rc=-5) [ 256.514161][ T6465] usb 7-1: Using ep0 maxpacket: 16 [ 256.517204][ T6465] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 256.521533][ T6465] usb 7-1: config 1 has 0 interfaces, different from the descriptor's value: 3 [ 256.526803][ T6465] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 256.529642][ T6465] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.532437][ T6465] usb 7-1: Product: syz [ 256.534347][ T6465] usb 7-1: Manufacturer: syz [ 256.535804][ T6465] usb 7-1: SerialNumber: syz [ 256.644964][T24122] netlink: 44 bytes leftover after parsing attributes in process `syz.1.8353'. [ 256.647947][T24122] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8353'. [ 256.650797][T24122] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8353'. [ 256.742340][T11851] usb 7-1: USB disconnect, device number 17 [ 258.241291][T24212] netlink: 44 bytes leftover after parsing attributes in process `syz.1.8392'. [ 258.245067][T24212] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8392'. [ 258.248763][T24212] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8392'. [ 258.841021][ T844] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 258.992077][ T844] usb 6-1: Using ep0 maxpacket: 32 [ 258.997901][ T844] usb 6-1: unable to get BOS descriptor or descriptor too short [ 259.002672][ T844] usb 6-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 259.006271][ T844] usb 6-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 259.010420][ T844] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 259.016345][ T844] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 259.020118][ T844] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.024245][ T844] usb 6-1: Product: syz [ 259.026027][ T844] usb 6-1: Manufacturer: syz [ 259.027942][ T844] usb 6-1: SerialNumber: syz [ 259.091115][T24257] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8413'. [ 259.237919][ T844] usb 6-1: 0:2 : does not exist [ 259.249612][ T844] usb 6-1: USB disconnect, device number 9 [ 259.784271][T24286] TCP: TCP_TX_DELAY enabled [ 259.945226][T24295] bridge0: port 2(bridge_slave_1) entered disabled state [ 259.947780][T24295] bridge0: port 1(bridge_slave_0) entered disabled state [ 260.016367][T24295] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 260.028839][T24295] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 260.173482][ T73] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.176643][ T73] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.179686][ T73] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.182796][ T73] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 331.891786][T27823] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 331.894396][T27823] CPU: 2 UID: 0 PID: 27823 Comm: syz.3.10014 Not tainted syzkaller #0 PREEMPT(full) [ 331.900240][T27823] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 331.904753][T27823] Call Trace: [ 331.906261][T27823] [ 331.907515][T27823] dump_stack_lvl+0x3d/0x1f0 [ 331.909531][T27823] vpanic+0x640/0x6f0 [ 331.911253][T27823] ? path_noexec+0x1ca/0x230 [ 331.913278][T27823] panic+0xca/0xd0 [ 331.914885][T27823] ? __pfx_panic+0x10/0x10 [ 331.916773][T27823] check_panic_on_warn+0xab/0xb0 [ 331.918904][T27823] __warn+0xf6/0x3c0 [ 331.920168][T27823] ? path_noexec+0x1ca/0x230 [ 331.921721][T27823] report_bug+0x3c3/0x580 [ 331.923448][T27823] ? path_noexec+0x1ca/0x230 [ 331.925465][T27823] handle_bug+0x184/0x210 [ 331.927304][T27823] exc_invalid_op+0x17/0x50 [ 331.929235][T27823] asm_exc_invalid_op+0x1a/0x20 [ 331.931291][T27823] RIP: 0010:path_noexec+0x1ca/0x230 [ 331.933485][T27823] Code: ff 83 e3 02 48 89 de e8 64 27 84 ff 48 85 db 41 0f 95 c4 e8 e8 2b 84 ff 44 89 e0 5b 5d 41 5c c3 cc cc cc cc e8 d7 2b 84 ff 90 <0f> 0b 90 e9 47 ff ff ff e8 29 d5 eb ff e9 a8 fe ff ff e8 1f d5 eb [ 331.941272][T27823] RSP: 0018:ffffc9000c927c88 EFLAGS: 00010287 [ 331.943864][T27823] RAX: 00000000000000b2 RBX: ffff88801fd341e0 RCX: ffffc9000d8cf000 [ 331.947187][T27823] RDX: 0000000000080000 RSI: ffffffff82382c89 RDI: 0000000000000007 [ 331.950514][T27823] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000 [ 331.953846][T27823] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000080000000 [ 331.956639][T27823] R13: 0000000000000001 R14: 0000000000000002 R15: 0000000000000000 [ 331.959368][T27823] ? path_noexec+0x1c9/0x230 [ 331.960967][T27823] ? path_noexec+0x1c9/0x230 [ 331.962372][T27823] do_mmap+0xd23/0x1210 [ 331.963688][T27823] ? __pfx_do_mmap+0x10/0x10 [ 331.965353][T27823] ? __pfx_down_write_killable+0x10/0x10 [ 331.967682][T27823] vm_mmap_pgoff+0x29e/0x470 [ 331.969659][T27823] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 331.971809][T27823] ? __fget_files+0x20e/0x3c0 [ 331.973798][T27823] ksys_mmap_pgoff+0x32c/0x5c0 [ 331.975829][T27823] ? __ia32_sys_mmap_pgoff+0x11/0x1b0 [ 331.977980][T27823] __do_fast_syscall_32+0x7c/0x300 [ 331.979696][T27823] do_fast_syscall_32+0x32/0x80 [ 331.981304][T27823] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 331.983322][T27823] RIP: 0023:0xf708d579 [ 331.984646][T27823] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 331.991276][T27823] RSP: 002b:00000000f547d55c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0 [ 331.994318][T27823] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000003000 [ 331.996901][T27823] RDX: 0000000003000007 RSI: 0000000000000011 RDI: 0000000000000005 [ 331.999602][T27823] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 332.002251][T27823] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 332.004783][T27823] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 332.007432][T27823] [ 332.009019][T27823] Kernel Offset: disabled [ 332.010534][T27823] Rebooting in 86400 seconds.. VM DIAGNOSIS: 14:45:07 Registers: info registers vcpu 0 CPU#0 RAX=0000000000378153 RBX=0000000000000000 RCX=ffffffff8b5d82a9 RDX=ffffed1005646656 RSI=ffffffff8da28b0b RDI=ffffffff8bf075c0 RBP=fffffbfff1c12f40 RSP=ffffffff8e007df8 R8 =0000000000000001 R9 =ffffed1005646655 R10=ffff88802b2332ab R11=0000000000000001 R12=0000000000000000 R13=ffffffff8e097a00 R14=ffffffff908246d0 R15=0000000000000000 RIP=ffffffff8b5d6d5f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809780d000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000800bd01c CR3=000000006c557000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=00000000004917cb RBX=0000000000000001 RCX=ffffffff8b5d82a9 RDX=ffffed1005666656 RSI=ffffffff8da28b0b RDI=ffffffff8bf075c0 RBP=ffffed1003b5a490 RSP=ffffc9000046fde8 R8 =0000000000000001 R9 =ffffed1005666655 R10=ffff88802b3332ab R11=0000000000000001 R12=0000000000000001 R13=ffff88801dad2480 R14=ffffffff908246d0 R15=0000000000000000 RIP=ffffffff8b5d6d5f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809790d000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000035020ffc CR3=000000006c557000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000079 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85268ed5 RDI=ffffffff9adc5de0 RBP=ffffffff9adc5da0 RSP=ffffc9000c9274c8 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=0000000000000079 R14=ffffffff9adc5da0 R15=ffffffff85268e70 RIP=ffffffff85268eff RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097a0d000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000576394c0 CR3=0000000072f2b000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000000031303f RBX=0000000000000003 RCX=ffffffff8b5d82a9 RDX=ffffed10056a6656 RSI=ffffffff8da28b0b RDI=ffffffff8bf075c0 RBP=ffffed10037e0000 RSP=ffffc9000048fde8 R8 =0000000000000001 R9 =ffffed10056a6655 R10=ffff88802b5332ab R11=0000000000000001 R12=0000000000000003 R13=ffff88801bf00000 R14=ffffffff908246d0 R15=0000000000000000 RIP=ffffffff8b5d6d5f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097b0d000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c3b4e35 CR3=0000000060f2f000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000