last executing test programs: 3.990321173s ago: executing program 0 (id=218): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @empty}}}, &(0x7f0000000040)=0x84) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000004c0)={r3, 0x200}, &(0x7f0000000500)=0x8) 3.911105517s ago: executing program 0 (id=220): mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) io_setup(0x4, &(0x7f00000014c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000280)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0xfffe, 0xffffffffffffffff, 0x0}]) mount$fuseblk(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x28020, 0x0) 3.800926709s ago: executing program 0 (id=224): r0 = syz_open_dev$vcsu(&(0x7f0000000800), 0xfba5, 0x280000) unshare(0x8040480) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x3ff, r0}, 0x38) 3.800665432s ago: executing program 0 (id=225): r0 = fsopen(&(0x7f0000000140)='nilfs2\x00', 0x1) fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000002c0)='di?/ard', &(0x7f0000000280)='\t', 0x1) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) socket$alg(0x26, 0x5, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x85, &(0x7f0000000000)={r2, @in={{0x2, 0xfffd, @empty}}, 0x0, 0x7ffe}, 0x90) r3 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r3, 0xc0045516, &(0x7f00000001c0)=0x7) read(r3, &(0x7f00000042c0)=""/4116, 0x1014) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f0000000340)={{0xfffffffe, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x2, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r6, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e21, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r6, 0x84, 0x7a, &(0x7f0000000340)={r7, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) setsockopt(r5, 0x84, 0x7f, &(0x7f00000001c0)="020000000980000c", 0x8) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r8 = accept4(r4, 0x0, 0x0, 0x80800) sendmmsg$alg(r8, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000080)="f7", 0x1}, {&(0x7f0000000180)="68663274924c2418c733f6653b2265", 0xf}], 0x2}], 0x1, 0x40800) recvmsg(r8, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000002600)=[{&(0x7f00000001c0)=""/57, 0x39}], 0x1}, 0x40012160) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000001c0)={r2, @in6={{0xa, 0x4e24, 0x5, @empty, 0x2800}}, 0xf, 0x8000, 0x1000, 0x2, 0xad, 0x0, 0x7}, 0x9c) r9 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x0, 0x132) ftruncate(r9, 0x6000000) copy_file_range(r9, 0x0, r9, &(0x7f00000004c0)=0x100, 0x9, 0x0) openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 3.440719408s ago: executing program 2 (id=236): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_RATE_GET(r2, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0x144}, 0x1, 0x0, 0x0, 0x8801}, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r4, &(0x7f0000000480)={0x2, 0x22, @multicast1}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x4}, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xf60, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffa}, {}, 0x3, 0x0, 0x1}, {{@in6=@mcast1, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0xfffffffe, 0xfffffffe}}, 0xe8) sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x1c) syz_usb_connect(0x0, 0x2d, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0xc3, 0x9c, 0xab, 0x8, 0x10c4, 0x8857, 0x6f95, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, "", [{{0x9, 0x4, 0x5c, 0x0, 0x1, 0x5b, 0xc5, 0x11, 0x0, [], [{{0x9, 0x5, 0xf, 0x3, 0x10, 0x8, 0x1, 0xff}}]}}]}}]}}, 0x0) 2.940449954s ago: executing program 0 (id=247): r0 = memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1) r1 = dup(r0) write$binfmt_elf32(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c464a030103ff0700000000000002000300040000003e03000038000000d600000003000000fe03200001000700080007000000000003000000ffffff7f020000000004000080"], 0x79) r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha3-512)\x00'}, 0x58) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff7ff8}]}) r5 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0) r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r6, &(0x7f00000004c0)=""/172, 0xac) syz_usb_disconnect(r5) syz_usb_connect$cdc_ncm(0x3, 0x6e, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x0, 0x0}, {0x0, 0x0}, {0x7, &(0x7f00000000c0)=ANY=[@ANYBLOB="0703c5"]}]}) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$USBDEVFS_CONTROL(r2, 0xc0105500, &(0x7f00000001c0)={0x80, 0x6, 0x305, 0x4, 0x0, 0x2, 0x0}) r7 = socket$inet_smc(0x2b, 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/cgroup.procs\x00', 0x2, 0x128) io_submit(0x0, 0x0, &(0x7f0000000500)) setsockopt$inet_msfilter(r7, 0x0, 0x29, 0x0, 0x0) execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 2.021236236s ago: executing program 3 (id=269): sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000040)={0xa, 0x4e20, 0x7a, @mcast2, 0x9}, 0x1c, 0x0, 0x0, 0x0, 0x40}, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000800)="21ae1baf930b4569b9ddef9797ffd935c7d80e6466b3e4e62dc9603583f5d4b61fbc65b6ac744d7319535e75bf552062e4cfde1ba7ce29263322e18ea9740aa82ca692f123993e57cda00d2b1f4e799bd41e3f76258180fa91a42aaa8b1ebc4e0ea8fb12f2c71e6e5bc57a8e91f254005514721d93c13c5606ae1fea7f31f558d562bd5a8dfb0b9fed873efa221fccffa847cd374c92e6cbb03e6a9de890ce323f000000abcc6c01326d588495b7c1a7db31ec4129e6336f26bb9e0b7552af3cd2d5dda1632799bbc98425c433384d8a8e4071ff39a36dfdfdf05af35a4ddd340cfecd7ec935f4ce7d3e851583ba1cf53a90a7f7bce5703de57ce93ddef7849b30a01de0637e6d5e507b801d32e582e0c2d564539ebfc84c098a23e765552767b122885fb1629e9c180be47da7931bd125b80de15aab0c56a2edf2e0483b87f5ab299dc046076203dea10ccbfc631d5bf4a87ce67004519f248f086346ce6a8a9d181789a59f81d9b7f6781daac3e229914b8b8998c15c3b6302a519331cb05995bc60b7cb872dd3b5b43331c77c5d72e21f7bd2b1a915ff3204e3f20d3a20b22d6a58155b5a4ebf6d1d1cd90c656ecada531c07ff91deb3efa91762cdecfbcc43553750f22ac5c18cc5e8b6f790c2f4e6373af9f98d10e6df49ff8e5cbcbd68e11ed0b967add11410dc2e34f08dbfaf8eb95d4d1153b4c6093192a340eb30fcc71619888c6486746a049585d249efb96b9cace83320b8f96b40ebe3a9a788d05a053380d1026b9434df87a3a387549bcabe88684c4dbf0da9a5212f3dbc8d1dff240856691243b203d7edd4d3cc89a38a6c80fdb1229a01044af7aaecb20d5570ebf24b30bbc6dfc3f70d85cd9f0d60ebd8fedd161d199d9997a0e2d1", 0x27d}, {&(0x7f00000005c0)="05437c98b91b1455046f57b5fc913814bde2bbeac2104eaea9c9d01a7838d859007067c10aa7352abbdf98e9bf033a4784a11e84639d3b9164d9c5d7", 0x3c}, {&(0x7f0000000140)="f610e61ac81cc3edc86f0500194d27a5a443f10dfd1ecda0fd0ed9a444b7fb76afe3a0002f0a5eafcd", 0x29}], 0x3, 0x0, 0x0, 0x900}}], 0x1, 0x0) r0 = socket(0x10, 0x803, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001ec0)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000180)=""/215, 0xd7}], 0x1}, 0xffff}], 0x1, 0x0, 0x0) sendto(r0, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) openat$dma_heap(0xffffffffffffff9c, 0x0, 0xa8203, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000000)=""/102, 0x365}, {&(0x7f0000000280)=""/76, 0x14c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/92, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x188}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 2.021116873s ago: executing program 3 (id=270): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x20000000000, 0x840) syz_usb_disconnect(r0) syz_usb_connect(0x4, 0x24, &(0x7f0000000740)=ANY=[], 0x0) ioctl$EVIOCRMFF(r0, 0x550c, 0x0) 1.27305428s ago: executing program 3 (id=271): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fd\x00') fchdir(r1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x13, r0, 0x0) readlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/22, 0x16) 1.221233851s ago: executing program 3 (id=272): r0 = socket(0xa, 0x3, 0xff) setsockopt$inet6_int(r0, 0x29, 0x3a, &(0x7f0000000040)=0x85, 0x4) syz_emit_ethernet(0x4e, &(0x7f00000020c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3986dd6c370c8900182b01fe800000000000000000000000000025fe8000000000000000000000000000aaff"], 0x0) recvmmsg(r0, &(0x7f0000004fc0)=[{{0x0, 0x0, 0x0}, 0x8e11}], 0x1, 0x40010042, 0x0) 1.220985132s ago: executing program 3 (id=273): syz_usb_connect(0x5, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b00"], 0x0) write$tun(0xffffffffffffffff, 0x0, 0xb2) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd69010000001406fffe800000000000000000000039fe8000000000000000000000000000aa4e224e24000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="51c2"], 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000980)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac9", 0x3}], 0x1}}], 0x1, 0x4000000) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}}) 1.131116535s ago: executing program 1 (id=275): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x21) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r1, 0x29, 0x4b, &(0x7f0000000040)=0x10078, 0x4) bind$inet6(r1, &(0x7f0000000280)={0xa, 0x4e20, 0x20000003, @dev={0xfe, 0x80, '\x00', 0x2f}, 0xa}, 0x1c) 1.071165491s ago: executing program 1 (id=276): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x1}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x2c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x6, 0x0, 0x7fc00100}]}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x6, 0x8, 0x3, 0x0, 0x9, 0x1, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xfffd, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mlock2(&(0x7f000051a000/0x3000)=nil, 0x3000, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 588.68268ms ago: executing program 0 (id=277): r0 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r0, 0x0, 0x8080) getsockopt$sock_timeval(r0, 0x1, 0x15, 0x0, &(0x7f0000000240)) socket$kcm(0xa, 0x2, 0x73) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405668, 0x0) syz_usb_connect(0x1, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) 419.831902ms ago: executing program 2 (id=278): r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(0x3) r1 = socket$unix(0x1, 0x2, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10) close(r1) listen(r2, 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff7000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24040045) ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000140)={0x5, 0x0, &(0x7f0000ff6000/0x2000)=nil}) r4 = io_uring_setup(0x1595, &(0x7f0000000040)={0x0, 0x2150, 0xc000, 0xa, 0x400ce}) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000001480)}], 0x1) io_uring_enter(r4, 0x2219, 0xcf74, 0x16, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @cgroup_sysctl, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0) 331.206037ms ago: executing program 2 (id=279): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000000c0), 0x12) unshare(0x26020480) r2 = socket(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x2003, @loopback, 0x40004}, 0x1c) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f00000000c0)) ioctl$PPPIOCSMAXCID(r3, 0x40047451, &(0x7f0000000200)=0x8) ioctl$PPPIOCSFLAGS1(r3, 0x40047459, &(0x7f0000000100)=0x2000004) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioprio_set$pid(0x3, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) timer_settime(r5, 0x1, &(0x7f0000000040)={{r6, r7+60000000}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) r8 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r8, 0x4008af00, &(0x7f0000000140)=0x200000000) preadv2(r8, &(0x7f0000000080)=[{&(0x7f0000000000)=""/72, 0x48}], 0x1, 0x0, 0x0, 0x3) sendmsg$IPCTNL_MSG_EXP_NEW(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)={0x90, 0x0, 0x2, 0x401, 0x0, 0x0, {0xa}, [@CTA_EXPECT_MASTER={0x4}, @CTA_EXPECT_MASK={0x3c, 0x3, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x89}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x2a}}, {0x14, 0x4, @mcast1}}}]}, @CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @multicast2}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x86}}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x24000801}, 0x0) pwritev(r3, &(0x7f0000000080)=[{&(0x7f00000003c0)="00214717a70700000000430600000000000000000000721d5874f72c000000000000000feb56a29357215d78fc44fac3f44d", 0x32}], 0x1, 0x3e42, 0x407ff) 200.117254ms ago: executing program 1 (id=280): openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) close(0x3) r1 = socket(0x2, 0x80805, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000001280)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={r3, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000000)={r4, 0x1c0}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x83, &(0x7f0000000480)={r5, 0x2}, 0x8) 199.83536ms ago: executing program 1 (id=281): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fd\x00') fchdir(r1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x13, r0, 0x0) readlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/22, 0x16) 168.420135ms ago: executing program 1 (id=282): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x61) mount$bind(&(0x7f0000000200)='.\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x2125099, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x80000, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) close(r0) 163.41862ms ago: executing program 2 (id=283): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0xdffffffe, 0x80, 0x0, 0x0, "8100e1c8e80b598c36ff000800"}) r1 = syz_open_pts(r0, 0x141601) fcntl$setstatus(r1, 0x4, 0x102800) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x19) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]}) close_range(r2, 0xffffffffffffffff, 0x0) 80.283594ms ago: executing program 2 (id=284): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0xfffffffffffffdbc, 0x2, {{0x1, 0xd, 0x0, 0x9, 0x8}, 0x6, 0x1, 0x1, 0x4, 0x8, 0xe, 0x7, 0x1d, 0x3, 0x9, {0xa2d6, 0x200, 0xb, 0x40, 0x2, 0x1ff}}}}]}, 0x78}}, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000027c0)=@newtfilter={0x6c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x0, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x38, 0x2, [@TCA_MATCHALL_ACT={0x34, 0x2, [@m_police={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x600}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x10}, 0x0) 79.858844ms ago: executing program 1 (id=285): fanotify_init(0x4000, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) connect$packet(r0, &(0x7f0000000000)={0x11, 0x6, 0x0, 0x1, 0x0, 0x6, @remote}, 0x14) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000040)={0x4e, 0x40, 0x5, 0x80, 0x7c, 0x80, 0x9, 0x40, 0x7f, 0x7, 0x9, 0x40, 0x9e, 0x8}, 0xe) r2 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r2, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r3, 0xc0145b0e, 0x0) ioctl$FS_IOC_GETVERSION(r3, 0xc0145b0e, &(0x7f0000000000)) r4 = syz_usb_connect$hid(0x1, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0x46d, 0xc623, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x20, "", [{{0x9, 0x4, 0x0, 0x0, 0x5, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x8, 0x0, 0x1, {0x22, 0x29}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x0, 0xf, 0xfe}}}}}]}}]}}, 0x0) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000a40), 0x2, 0x0) write$UHID_INPUT(r5, 0x0, 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe8000000000000000000000000000aae000000100000000000000000000000000000000000000000000008000000000", @ANYRES32=0x0, @ANYRES32=0x0], 0xf8}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x3c, 0xfffd, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0xa, 0x10, 0x0, 0x0, 0x2d9, {[@timestamp={0x8, 0xa, 0x29, 0xffbffaa4}, @generic={0x5, 0x2}, @exp_smc={0xfe, 0x6}]}}}}}}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB="f800000016000100000000000000000000000000000000000000ffffffffffffff01000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe880000000000000000000000000001000000003300000000000000000000000000ffffac14142900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00"], 0xf8}}, 0x20) socket$netlink(0x10, 0x3, 0x14) syz_usb_control_io(r4, &(0x7f0000000100)={0x2c, &(0x7f0000000080)=ANY=[@ANYRES64=r1], 0x0, 0x0, 0x0, 0x0}, 0x0) r6 = creat(&(0x7f0000000040)='./file0\x00', 0x4b) close(r6) r7 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r7, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r8, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r6, 0xc06864ce, &(0x7f0000000680)={r9, 0x1ff, 0x0, 0x1, 0x3, [0x0, 0x0, 0x0, 0x0], [0x800020, 0x0, 0x1], [0x0, 0x1001000, 0x1], [0x0, 0x0, 0xfffffffffefffffc, 0x9]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r6, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x0, [r10, 0x0, 0x0, r11], [0x2b8]}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000280)={&(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_RMFB(r6, 0xc00464af, &(0x7f0000000480)=r12) 276.675µs ago: executing program 3 (id=286): r0 = syz_usb_connect(0x5, 0x58, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x8e, 0x3a, 0xc6, 0x20, 0x694, 0x1, 0x7813, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x46, 0x2, 0xe, 0x6, 0x10, 0x3, "", [{{0x9, 0x4, 0x39, 0xd8, 0x1, 0x1a, 0xda, 0xa8, 0x8, [], [{{0x9, 0x5, 0x8, 0x10, 0x20, 0x7, 0x9, 0x80}}]}}, {{0x9, 0x4, 0xe4, 0x5, 0x3, 0xb9, 0x56, 0xda, 0x2, [], [{{0x9, 0x5, 0x8, 0x0, 0x400, 0x1, 0x12, 0xfc}}, {{0x9, 0x5, 0xb, 0x0, 0x20, 0x7, 0x3, 0x9a, [@generic={0x7, 0x5, "d15b89f26d"}]}}, {{0x9, 0x5, 0x9, 0x3, 0x40, 0x7a, 0xa, 0x84}}]}}]}}]}}, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4098}, 0x200080d4) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24044010) syz_usb_control_io$hid(r0, &(0x7f0000000bc0)={0x24, 0x0, &(0x7f0000000b00)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1c01}}, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000011c0)={0x24, 0x0, &(0x7f0000001040)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000001600)={0x24, 0x0, &(0x7f0000001540)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x44a}}, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x2c, &(0x7f00000001c0)={0x40, 0x8, 0x8, "fde61e0ee4a63b9e"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000002280)={0x84, &(0x7f0000001e00)={0x20, 0x14, 0x4, "348b35e5"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000440)={'veth1\x00', &(0x7f0000000200)=@ethtool_per_queue_op={0x4b, 0xf, [0xa, 0x9, 0x2007fff, 0x1, 0x4, 0x9, 0x80000000, 0xffb, 0x7, 0xb69, 0xc1, 0x4, 0x1, 0x3, 0x5, 0x101, 0xffc, 0x9, 0x702, 0x3, 0x1, 0xfffffffa, 0xe, 0xa, 0x9, 0x4, 0x7, 0x10001, 0x100000, 0x762, 0x1, 0xd, 0xe, 0x2b12, 0x80100, 0x6, 0x1c00, 0xb, 0x7, 0xbed4, 0x8, 0x8000100, 0x3, 0x0, 0x10fdf, 0x8, 0x5, 0x79b, 0x2, 0x1, 0x7f, 0x4, 0xa, 0x7, 0xf, 0x101, 0xd3, 0x1fa0860a, 0x7, 0xaa, 0x81, 0x2, 0x180000, 0xd, 0x8b, 0x5, 0x2b3, 0xf7, 0x5, 0x2, 0x6, 0x9, 0x4, 0x7, 0x4009, 0x0, 0x200004, 0x100002, 0x9, 0x27f, 0x0, 0x3, 0x0, 0x10001, 0x0, 0xffffffff, 0x6, 0x6, 0x9, 0x80000000, 0xfdffffff, 0x2, 0x2, 0x800084, 0x100, 0x5, 0x2, 0x6, 0xb, 0x5, 0x20006, 0x5, 0x15, 0xb, 0x2, 0xd9a, 0xd, 0x2a2, 0xfffffffd, 0x3, 0x2, 0x5, 0x8, 0x3, 0x4, 0x2, 0x40, 0x8, 0x4, 0x4, 0x401, 0x66cd, 0x8, 0x8000, 0x1, 0x9fc, 0xc5c, 0xffffffdf]}}) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) 0s ago: executing program 2 (id=287): ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, 0x0, &(0x7f00000002c0)) r1 = socket$kcm(0x10, 0x2, 0x4) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f00000000c0)) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000002c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmsg$NL80211_CMD_GET_POWER_SAVE(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x4, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4084) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) ioctl$PPPIOCSMAXCID(r2, 0x40047451, &(0x7f0000000080)=0x4) pwritev(r2, &(0x7f0000000180)=[{&(0x7f0000000000)="00210600710a5eeb", 0x8}], 0x1, 0xee, 0x1) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000000)={0x2, [0x0, 0x0]}, &(0x7f0000000040)=0xc) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) tkill(r5, 0x2f) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) ptrace(0x10, r5) ptrace$peeksig(0x4209, r5, &(0x7f0000000140)={0x1, 0x0, 0x7b}, &(0x7f0000000fc0)) io_setup(0x3f, &(0x7f0000000140)=0x0) io_submit(r6, 0x1, &(0x7f0000000480)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2}]) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$kcm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000003c0)="790000140081af00eddb67d1ceda701e2357f9fffffffffbffff05213747233ed22715ec49520c1b4e6d80ccfe20a5ea0a42f89cf2b38304b5acee42ac8d1e26688a06", 0x43}], 0x1}, 0x80) ioctl$PPPIOCSFLAGS1(r2, 0x40047459, &(0x7f0000000200)=0x202808) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:51681' (ED25519) to the list of known hosts. [ 76.971045][ T5736] cgroup: Unknown subsys name 'net' [ 77.131286][ T5736] cgroup: Unknown subsys name 'cpuset' [ 77.135747][ T5736] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 78.022535][ T5736] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 82.036462][ T5750] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 82.058799][ T5759] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 82.062929][ T5759] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 82.065597][ T5764] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 82.066689][ T5765] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 82.066738][ T5759] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 82.067469][ T5759] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 82.068182][ T5759] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 82.070076][ T5764] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 82.070542][ T5764] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 82.070993][ T5764] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 82.071337][ T5764] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 82.071802][ T5765] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 82.072578][ T5767] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 82.073076][ T5767] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 82.075137][ T5759] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 82.076537][ T5766] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 82.104141][ T5766] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 82.108071][ T5766] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 82.113508][ T5766] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 82.631497][ T5757] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.635048][ T5757] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.637802][ T5757] bridge_slave_0: entered allmulticast mode [ 82.643314][ T5757] bridge_slave_0: entered promiscuous mode [ 82.660406][ T5757] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.662960][ T5757] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.665531][ T5757] bridge_slave_1: entered allmulticast mode [ 82.669179][ T5757] bridge_slave_1: entered promiscuous mode [ 82.725711][ T5757] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.757463][ T5757] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.760508][ T5749] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.763228][ T5749] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.766215][ T5749] bridge_slave_0: entered allmulticast mode [ 82.769248][ T5749] bridge_slave_0: entered promiscuous mode [ 82.795531][ T5749] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.797834][ T5749] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.800399][ T5749] bridge_slave_1: entered allmulticast mode [ 82.803087][ T5749] bridge_slave_1: entered promiscuous mode [ 82.832909][ T5757] team0: Port device team_slave_0 added [ 82.847325][ T5754] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.850337][ T5754] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.852586][ T5754] bridge_slave_0: entered allmulticast mode [ 82.855349][ T5754] bridge_slave_0: entered promiscuous mode [ 82.859392][ T5757] team0: Port device team_slave_1 added [ 82.869811][ T5749] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.877312][ T5754] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.880353][ T5754] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.883296][ T5754] bridge_slave_1: entered allmulticast mode [ 82.886602][ T5754] bridge_slave_1: entered promiscuous mode [ 82.901673][ T5749] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.931633][ T5757] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.934708][ T5757] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.944160][ T5757] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.950796][ T5757] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.953562][ T5757] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.963210][ T5757] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.983903][ T5754] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.995685][ T5754] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.000650][ T5749] team0: Port device team_slave_0 added [ 83.004836][ T5749] team0: Port device team_slave_1 added [ 83.007119][ T5752] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.010891][ T5752] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.013293][ T5752] bridge_slave_0: entered allmulticast mode [ 83.016790][ T5752] bridge_slave_0: entered promiscuous mode [ 83.021366][ T5752] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.023824][ T5752] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.026112][ T5752] bridge_slave_1: entered allmulticast mode [ 83.028788][ T5752] bridge_slave_1: entered promiscuous mode [ 83.057689][ T5754] team0: Port device team_slave_0 added [ 83.078125][ T5754] team0: Port device team_slave_1 added [ 83.092500][ T5749] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.094679][ T5749] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.102636][ T5749] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.107539][ T5752] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.119728][ T5757] hsr_slave_0: entered promiscuous mode [ 83.122106][ T5757] hsr_slave_1: entered promiscuous mode [ 83.124833][ T5749] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.127038][ T5749] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.134886][ T5749] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.140694][ T5752] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.144909][ T5754] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.147792][ T5754] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.158312][ T5754] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.167532][ T5754] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.170514][ T5754] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.180887][ T5754] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.202248][ T5752] team0: Port device team_slave_0 added [ 83.205320][ T5752] team0: Port device team_slave_1 added [ 83.266261][ T5752] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.268522][ T5752] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.276717][ T5752] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.293811][ T5749] hsr_slave_0: entered promiscuous mode [ 83.296083][ T5749] hsr_slave_1: entered promiscuous mode [ 83.298265][ T5749] debugfs: 'hsr0' already exists in 'hsr' [ 83.300765][ T5749] Cannot create hsr debugfs directory [ 83.304136][ T5752] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.306721][ T5752] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.315951][ T5752] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.345988][ T5754] hsr_slave_0: entered promiscuous mode [ 83.350062][ T5754] hsr_slave_1: entered promiscuous mode [ 83.352204][ T5754] debugfs: 'hsr0' already exists in 'hsr' [ 83.353947][ T5754] Cannot create hsr debugfs directory [ 83.438131][ T5752] hsr_slave_0: entered promiscuous mode [ 83.440399][ T5752] hsr_slave_1: entered promiscuous mode [ 83.442554][ T5752] debugfs: 'hsr0' already exists in 'hsr' [ 83.444303][ T5752] Cannot create hsr debugfs directory [ 83.601834][ T5757] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 83.609330][ T5757] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 83.614690][ T5757] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 83.619319][ T5757] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 83.621966][ T5757] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 83.626752][ T5757] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 83.640187][ T5757] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 83.647922][ T5757] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 83.698463][ T5754] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 83.705063][ T5754] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 83.708081][ T5754] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 83.713913][ T5754] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 83.716988][ T5754] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 83.721006][ T5754] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 83.723621][ T5754] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 83.727424][ T5754] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 83.777808][ T5749] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 83.782265][ T5749] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 83.784679][ T5749] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 83.788995][ T5749] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 83.791762][ T5749] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 83.795341][ T5749] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 83.797881][ T5749] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 83.802350][ T5749] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 83.846726][ T5752] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 83.850928][ T5752] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 83.853473][ T5752] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 83.857096][ T5752] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 83.862626][ T5752] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 83.866380][ T5752] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 83.873091][ T5752] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 83.876584][ T5752] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 83.915881][ T5754] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.926747][ T5757] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.952221][ T5754] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.971924][ T1180] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.974799][ T1180] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.983495][ T5757] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.990908][ T231] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.993182][ T231] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.001772][ T5749] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.007662][ T96] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.009981][ T96] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.042690][ T96] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.044928][ T96] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.051974][ T5749] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.061699][ T96] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.063903][ T96] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.072925][ T5752] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.086374][ T96] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.088689][ T96] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.106566][ T5752] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.114380][ T96] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.116816][ T96] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.134340][ T96] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.136610][ T96] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.149498][ T5766] Bluetooth: hci0: command tx timeout [ 84.149515][ T5750] Bluetooth: hci1: command tx timeout [ 84.159605][ T5750] Bluetooth: hci2: command tx timeout [ 84.159638][ T5766] Bluetooth: hci3: command tx timeout [ 84.366687][ T5754] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.376092][ T5749] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.400298][ T5757] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.411866][ T5752] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.422954][ T5754] veth0_vlan: entered promiscuous mode [ 84.433997][ T5749] veth0_vlan: entered promiscuous mode [ 84.437324][ T5754] veth1_vlan: entered promiscuous mode [ 84.446662][ T5749] veth1_vlan: entered promiscuous mode [ 84.476043][ T5754] veth0_macvtap: entered promiscuous mode [ 84.480973][ T5757] veth0_vlan: entered promiscuous mode [ 84.487357][ T5754] veth1_macvtap: entered promiscuous mode [ 84.493593][ T5752] veth0_vlan: entered promiscuous mode [ 84.498220][ T5757] veth1_vlan: entered promiscuous mode [ 84.505753][ T5749] veth0_macvtap: entered promiscuous mode [ 84.511981][ T5749] veth1_macvtap: entered promiscuous mode [ 84.516094][ T5754] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.524901][ T5754] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.527659][ T5752] veth1_vlan: entered promiscuous mode [ 84.545762][ T1180] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.549053][ T1180] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.557710][ T1180] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.564211][ T5749] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.567349][ T1180] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.571199][ T5757] veth0_macvtap: entered promiscuous mode [ 84.576012][ T5757] veth1_macvtap: entered promiscuous mode [ 84.583886][ T5749] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.607802][ T5752] veth0_macvtap: entered promiscuous mode [ 84.612826][ T231] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.625389][ T231] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.630041][ T5752] veth1_macvtap: entered promiscuous mode [ 84.634089][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.635539][ T231] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.636933][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.640309][ T231] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.655608][ T5757] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.676481][ T5757] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.682558][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.685213][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.691526][ T231] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.696880][ T5752] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.700928][ T231] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.704008][ T231] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.719949][ T5752] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.722649][ T231] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.736516][ T5754] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 84.748208][ T69] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.751970][ T69] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.763936][ T69] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.780623][ T69] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.794070][ T231] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.799239][ T231] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.827948][ T231] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.832430][ T231] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.838153][ T96] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.845425][ T96] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.851262][ T1180] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.854233][ T1180] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.868118][ T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.872838][ T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.889336][ T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.894544][ T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.578916][ T5909] bridge0: port 3(erspan0) entered blocking state [ 85.585577][ T5909] bridge0: port 3(erspan0) entered disabled state [ 85.592660][ T5909] erspan0: entered allmulticast mode [ 85.592704][ T5914] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2'. [ 85.612398][ T5909] erspan0: entered promiscuous mode [ 85.702846][ T5909] bridge0: port 3(erspan0) entered blocking state [ 85.705724][ T5909] bridge0: port 3(erspan0) entered forwarding state [ 85.844015][ T5917] Device name cannot be null; rc = [-22] [ 85.937950][ T5920] fuse: Unknown parameter '0x0000000000000007' [ 86.164255][ T2320] cfg80211: failed to load regulatory.db [ 86.228874][ T5766] Bluetooth: hci0: command tx timeout [ 86.230984][ T5766] Bluetooth: hci3: command tx timeout [ 86.233073][ T5750] Bluetooth: hci1: command tx timeout [ 86.233151][ T5759] Bluetooth: hci2: command tx timeout [ 86.368423][ T5843] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 86.548686][ T5843] usb 7-1: Using ep0 maxpacket: 8 [ 86.553836][ T5843] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 86.558663][ T5843] usb 7-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 86.562106][ T5843] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 86.565558][ T5843] usb 7-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 86.569580][ T5843] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 86.575205][ T5843] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 86.578733][ T5843] usb 7-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 86.585184][ T5843] usb 7-1: config 168 interface 0 has no altsetting 0 [ 86.598116][ T5843] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 86.601272][ T5843] usb 7-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 86.604705][ T5843] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 86.608227][ T5843] usb 7-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 86.612187][ T5843] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 86.615621][ T5843] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 86.619366][ T5843] usb 7-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 86.623684][ T5843] usb 7-1: config 168 interface 0 has no altsetting 0 [ 86.626526][ T5843] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 86.631909][ T5843] usb 7-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 86.635398][ T5843] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 86.639232][ T5843] usb 7-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 86.642895][ T5843] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 86.646277][ T5843] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 86.650393][ T5843] usb 7-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 86.654491][ T5843] usb 7-1: config 168 interface 0 has no altsetting 0 [ 86.660381][ T5843] usb 7-1: string descriptor 0 read error: -22 [ 86.662396][ T5843] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 86.665430][ T5843] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.688485][ T5843] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 88.182647][ T40] audit: type=1326 audit(1781393658.291:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5950 comm="syz.3.11" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef7c code=0x7ffc0000 [ 88.200378][ T40] audit: type=1326 audit(1781393658.291:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5950 comm="syz.3.11" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef7c code=0x7ffc0000 [ 88.223483][ T40] audit: type=1326 audit(1781393658.291:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5950 comm="syz.3.11" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef7c code=0x7ffc0000 [ 88.245481][ T40] audit: type=1326 audit(1781393658.291:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5950 comm="syz.3.11" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef7c code=0x7ffc0000 [ 88.272191][ T40] audit: type=1326 audit(1781393658.291:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5950 comm="syz.3.11" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef7c code=0x7ffc0000 [ 88.288458][ T40] audit: type=1326 audit(1781393658.301:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5950 comm="syz.3.11" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf705ef7c code=0x7ffc0000 [ 88.299125][ T40] audit: type=1326 audit(1781393658.341:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5950 comm="syz.3.11" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef7c code=0x7ffc0000 [ 88.307205][ T40] audit: type=1326 audit(1781393658.341:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5950 comm="syz.3.11" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef7c code=0x7ffc0000 [ 88.315393][ T5759] Bluetooth: hci3: command tx timeout [ 88.315577][ T5766] Bluetooth: hci1: command tx timeout [ 88.317510][ T5759] Bluetooth: hci2: command tx timeout [ 88.317524][ T5759] Bluetooth: hci0: command tx timeout [ 88.326800][ T40] audit: type=1326 audit(1781393658.341:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5950 comm="syz.3.11" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf705ef7c code=0x7ffc0000 [ 88.334986][ T40] audit: type=1326 audit(1781393658.341:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5950 comm="syz.3.11" exe="/syz-executor" sig=0 arch=40000003 syscall=125 compat=1 ip=0xf705ef7c code=0x7ffc0000 [ 89.854051][ T5977] netlink: 36 bytes leftover after parsing attributes in process `syz.1.15'. [ 89.967864][ T5979] XFS (nullb0): Invalid superblock magic number [ 90.388491][ T5759] Bluetooth: hci1: command tx timeout [ 90.390330][ T5106] Bluetooth: hci3: command tx timeout [ 90.390364][ T5766] Bluetooth: hci2: command tx timeout [ 90.398572][ T5766] Bluetooth: hci0: command tx timeout [ 90.927629][ T6005] fuse: Unknown parameter '0x0000000000000007' [ 91.018960][ T1343] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 91.178380][ T1343] usb 8-1: Using ep0 maxpacket: 8 [ 91.182449][ T1343] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 91.184882][ T1343] usb 8-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 91.188465][ T1343] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 91.192020][ T1343] usb 8-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 91.195737][ T1343] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 91.199233][ T1343] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 91.206858][ T1343] usb 8-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 91.211317][ T1343] usb 8-1: config 168 interface 0 has no altsetting 0 [ 91.211861][ T5760] usb 7-1: USB disconnect, device number 2 [ 91.214629][ T1343] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 91.219387][ T1343] usb 8-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 91.223075][ T1343] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 91.226928][ T1343] usb 8-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 91.230599][ T1343] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 91.234425][ T1343] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 91.238172][ T1343] usb 8-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 91.252195][ T1343] usb 8-1: config 168 interface 0 has no altsetting 0 [ 91.255885][ T1343] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 91.258582][ T1343] usb 8-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 91.262038][ T1343] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 91.269476][ T1343] usb 8-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 91.273414][ T1343] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 91.276850][ T1343] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 91.280490][ T1343] usb 8-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 91.284610][ T1343] usb 8-1: config 168 interface 0 has no altsetting 0 [ 91.289987][ T1343] usb 8-1: string descriptor 0 read error: -22 [ 91.292115][ T1343] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 91.295026][ T1343] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.339928][ T1343] adutux 8-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 91.514222][ T5990] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 91.519259][ T5990] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 91.543267][ T5990] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 91.545168][ T5990] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 91.569426][ T5990] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 91.571482][ T5990] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 91.591069][ T5990] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 91.599274][ T5990] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 92.695105][ T5760] usb 8-1: USB disconnect, device number 2 [ 92.805314][ T6048] fuse: Bad value for 'fd' [ 94.070554][ T5856] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 94.110004][ T6067] overlayfs: missing 'lowerdir' [ 94.220145][ T5856] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 94.223494][ T5856] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 94.226886][ T5856] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 94.230607][ T5856] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 94.234360][ T5856] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 94.238681][ T5856] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 94.243326][ T5856] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 94.245940][ T5856] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.254255][ T5856] usb 5-1: config 0 descriptor?? [ 94.258668][ T6040] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 94.368517][ T6070] netlink: 260 bytes leftover after parsing attributes in process `syz.1.30'. [ 94.618486][ T5843] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 94.725971][ T5856] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 94.733224][ T5856] usb 5-1: USB disconnect, device number 2 [ 94.742491][ T5856] usblp0: removed [ 94.778465][ T5843] usb 7-1: Using ep0 maxpacket: 8 [ 94.783955][ T5843] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 94.805019][ T5843] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 94.808270][ T5843] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 94.811507][ T5843] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 94.814552][ T5843] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 94.827632][ T5843] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 94.831009][ T5843] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.888618][ T6077] fuse: Unknown parameter '0x0000000000000007' [ 95.044209][ T5843] usb 7-1: GET_CAPABILITIES returned 0 [ 95.048253][ T5843] usbtmc 7-1:16.0: can't read capabilities [ 95.248748][ T5843] usb 7-1: USB disconnect, device number 3 qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0x203000) [ 95.712535][ T6087] netlink: 'syz.0.34': attribute type 10 has an invalid length. [ 95.715261][ T6087] syz_tun: entered promiscuous mode [ 95.720952][ T6087] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 97.420508][ T6111] fuse: Invalid rootmode [ 97.810796][ T1130] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1 [ 97.813451][ T1130] ata1: failed to read log page 10h (errno=-5) [ 97.816080][ T1130] ata1.00: NCQ disabled due to excessive errors [ 97.818736][ T1130] ata1.00: exception Emask 0x1 SAct 0x40000000 SErr 0x0 action 0x0 [ 97.822333][ T1130] ata1.00: irq_stat 0x41000000 [ 97.824286][ T1130] ata1.00: failed command: READ FPDMA QUEUED [ 97.826770][ T1130] ata1.00: cmd 60/18:f0:36:13:08/10:00:00:00:00/40 tag 30 ncq dma 2109440 in [ 97.826770][ T1130] res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error) [ 97.835349][ T1130] ata1.00: status: { DRDY } [ 97.837422][ T1130] ata1.00: error: { ABRT } [ 97.842215][ T1130] ata1.00: configured for UDMA/100 [ 97.845309][ T1130] sd 0:0:0:0: [sda] tag#30 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=2s [ 97.849904][ T1130] sd 0:0:0:0: [sda] tag#30 Sense Key : Aborted Command [current] [ 97.853158][ T1130] sd 0:0:0:0: [sda] tag#30 Add. Sense: No additional sense information [ 97.856765][ T1130] sd 0:0:0:0: [sda] tag#30 CDB: Read(10) 28 00 00 08 13 36 00 10 18 00 [ 97.896957][ T1130] I/O error, dev sda, sector 529206 op 0x0:(READ) flags 0x80700 phys_seg 33 prio class 2 [ 97.906997][ T1130] ata1: EH complete [ 98.278974][ T843] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 98.438448][ T843] usb 7-1: Using ep0 maxpacket: 16 [ 98.571794][ T6116] smbdirect: ib_dev[syz1]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 98.578477][ T6116] smbdirect: ib_dev[syz1]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 98.591069][ T6116] smbdirect: ib_dev[syz1]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 98.619023][ T6116] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 98.636780][ T6116] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 98.649581][ T6133] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 98.651699][ T6133] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 98.679212][ T6133] vhci_hcd vhci_hcd.0: Device attached [ 98.753749][ T843] usb 7-1: unable to get BOS descriptor or descriptor too short [ 98.759042][ T843] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 98.764887][ T843] usb 7-1: can't read configurations, error -71 [ 98.949170][ T857] usb 38-1: SetAddress Request (2) to port 0 [ 98.957321][ T857] usb 38-1: new SuperSpeed USB device number 2 using vhci_hcd [ 99.454032][ T6134] vhci_hcd: connection reset by peer [ 99.458065][ T1263] vhci_hcd vhci_hcd.0: stop threads [ 99.462216][ T1263] vhci_hcd vhci_hcd.0: release socket [ 99.465119][ T1263] vhci_hcd vhci_hcd.0: disconnect device [ 99.828421][ T5838] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 99.998606][ T5838] usb 6-1: Using ep0 maxpacket: 32 [ 100.016689][ T5838] usb 6-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f [ 100.025419][ T5838] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.037825][ T5838] usb 6-1: Product: syz [ 100.041302][ T5838] usb 6-1: Manufacturer: syz [ 100.044192][ T5838] usb 6-1: SerialNumber: syz [ 100.058566][ T5838] usb 6-1: config 0 descriptor?? [ 100.065285][ T5838] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state. [ 100.071887][ T5838] dvb-usb: bulk message failed: -22 (4/0) [ 100.077754][ T5838] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 100.085842][ T5838] dvb-usb: bulk message failed: -22 (5/0) [ 100.089187][ T5838] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 100.117584][ T5838] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 100.125182][ T5838] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0) [ 100.132850][ T5838] usb 6-1: media controller created [ 100.334852][ T6141] ttusb2: i2c wr len=133 too high [ 100.483338][ T6148] binder: Binderfs stats mode cannot be changed during a remount [ 100.551749][ T5838] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 100.574528][ T5838] usb 6-1: selecting invalid altsetting 3 [ 100.577829][ T5838] ttusb2: set interface to alts=3 failed [ 100.609732][ T5838] DVB: Unable to find symbol tda10086_attach() [ 100.611753][ T5838] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0' [ 100.623970][ T5838] dvb-usb: bulk message failed: -22 (4/0) [ 100.629451][ T5838] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 100.709590][ T5838] dvb-usb: bulk message failed: -22 (5/0) [ 100.711515][ T5838] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 100.714675][ T5838] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected. [ 100.720295][ T5838] usb 6-1: USB disconnect, device number 2 [ 100.735532][ T5838] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected. [ 101.165273][ T6186] fuse: Unknown parameter '0x0000000000000007' [ 102.564492][ T6210] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.601908][ T6210] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.459164][ T10] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 104.554175][ T857] usb 38-1: device descriptor read/8, error -110 [ 104.810588][ T6238] Zero length message leads to an empty skb [ 105.568600][ T10] usb 7-1: Using ep0 maxpacket: 32 [ 105.582894][ T10] usb 7-1: config index 0 descriptor too short (expected 13339, got 27) [ 105.586630][ T10] usb 7-1: config 108 has an invalid descriptor of length 32, skipping remainder of the config [ 105.604290][ T10] usb 7-1: config 108 has 0 interfaces, different from the descriptor's value: 32 [ 105.611865][ T10] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 105.615552][ T10] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 105.618664][ T10] usb 7-1: Product: syz [ 105.620882][ T10] usb 7-1: Manufacturer: syz [ 105.624117][ T10] usb 7-1: SerialNumber: syz [ 105.718626][ T6267] fuse: Bad value for 'rootmode' [ 105.738945][ T857] usb usb38-port1: attempt power cycle [ 105.808394][ T34] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 105.958630][ T34] usb 6-1: Using ep0 maxpacket: 32 [ 105.964363][ T34] usb 6-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 105.970918][ T34] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.977141][ T34] usb 6-1: config 0 descriptor?? [ 105.995204][ T34] as10x_usb: device has been detected [ 106.000906][ T34] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 106.012800][ T34] usb 6-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 106.053594][ T34] as10x_usb: error during firmware upload part1 [ 106.057941][ T34] Registered device nBox DVB-T Dongle [ 106.071001][ T10] usb 7-1: USB disconnect, device number 6 [ 106.196978][ T34] usb 6-1: USB disconnect, device number 3 [ 106.223638][ T34] Unregistered device nBox DVB-T Dongle [ 106.225241][ T34] as10x_usb: device has been disconnected [ 106.318868][ T857] usb usb38-port1: unable to enumerate USB device [ 107.248206][ T40] kauditd_printk_skb: 59 callbacks suppressed [ 107.248226][ T40] audit: type=1326 audit(1781393677.351:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6304 comm="syz.1.67" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf701ef7c code=0x0 [ 107.265288][ T6306] ======================================================= [ 107.265288][ T6306] WARNING: The mand mount option has been deprecated and [ 107.265288][ T6306] and is ignored by this kernel. Remove the mand [ 107.265288][ T6306] option from the mount to silence this warning. [ 107.265288][ T6306] ======================================================= [ 107.376912][ T6309] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 107.378981][ T6309] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 107.384256][ T6309] vhci_hcd vhci_hcd.0: Device attached [ 107.668417][ T857] usb 38-1: SetAddress Request (6) to port 0 [ 107.670335][ T857] usb 38-1: new SuperSpeed USB device number 6 using vhci_hcd [ 108.113663][ T6310] vhci_hcd: connection reset by peer [ 108.118721][ T13] vhci_hcd vhci_hcd.0: stop threads [ 108.121281][ T13] vhci_hcd vhci_hcd.0: release socket [ 108.123152][ T13] vhci_hcd vhci_hcd.0: disconnect device [ 108.368396][ T9] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 108.521839][ T9] usb 6-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 108.525708][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.528427][ T5838] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 108.529121][ T9] usb 6-1: Product: syz [ 108.533654][ T9] usb 6-1: Manufacturer: syz [ 108.535628][ T9] usb 6-1: SerialNumber: syz [ 108.680567][ T5838] usb 7-1: Using ep0 maxpacket: 16 [ 108.685798][ T5838] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 108.692251][ T5838] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 109.737345][ T6326] comedi comedi3: comedi_config --init_data is deprecated [ 109.768658][ T5838] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 109.771453][ T5838] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.777486][ T5838] usb 7-1: config 0 descriptor?? [ 109.898532][ T5856] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 110.058399][ T5856] usb 8-1: Using ep0 maxpacket: 8 [ 110.061137][ T5856] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 110.064346][ T5856] usb 8-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 110.067634][ T5856] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 110.071105][ T5856] usb 8-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 110.074508][ T5856] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 110.077739][ T5856] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 110.081363][ T5856] usb 8-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 110.085301][ T5856] usb 8-1: config 168 interface 0 has no altsetting 0 [ 110.087978][ T6346] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 110.088191][ T5856] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 110.090003][ T6346] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 110.095460][ T5856] usb 8-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 110.095946][ T6346] vhci_hcd vhci_hcd.0: Device attached [ 110.098784][ T5856] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 110.103636][ T5856] usb 8-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 110.107035][ T5856] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 110.110501][ T5856] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 110.113688][ T5856] usb 8-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 110.118168][ T5856] usb 8-1: config 168 interface 0 has no altsetting 0 [ 110.121160][ T5856] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 110.123402][ T5856] usb 8-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 110.126759][ T5856] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 110.130278][ T5856] usb 8-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 110.133689][ T5856] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 110.137279][ T5856] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 110.140873][ T5856] usb 8-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 110.144620][ T5856] usb 8-1: config 168 interface 0 has no altsetting 0 [ 110.149232][ T5856] usb 8-1: string descriptor 0 read error: -22 [ 110.151321][ T5856] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 110.153997][ T5856] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.167102][ T5856] adutux 8-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 110.289035][ T6346] geneve2: entered allmulticast mode [ 110.338722][ T9] rtl8150 6-1:1.0: couldn't reset the device [ 110.342423][ T9] rtl8150 6-1:1.0: probe with driver rtl8150 failed with error -5 [ 110.457785][ T5838] usbhid 7-1:0.0: can't add hid device: -71 [ 110.459759][ T5838] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 110.466607][ T6326] usb usb7: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 110.470688][ T5838] usb 7-1: USB disconnect, device number 7 [ 110.487948][ T39] usb 6-1: USB disconnect, device number 4 [ 111.418366][ T6347] vhci_hcd: connection closed [ 111.421352][ T96] vhci_hcd vhci_hcd.0: stop threads [ 111.431351][ T96] vhci_hcd vhci_hcd.0: release socket [ 111.436363][ T96] vhci_hcd vhci_hcd.0: disconnect device [ 111.788482][ T5760] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 111.948492][ T5760] usb 7-1: Using ep0 maxpacket: 32 [ 111.952482][ T5760] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 111.974836][ T5760] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 111.981224][ T5760] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 111.984674][ T5760] usb 7-1: Product: syz [ 111.986531][ T5760] usb 7-1: Manufacturer: syz [ 111.995153][ T5760] usb 7-1: SerialNumber: syz [ 112.002452][ T5760] usb 7-1: config 0 descriptor?? [ 112.008285][ T6360] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 112.016401][ T5760] hub 7-1:0.0: bad descriptor, ignoring hub [ 112.019181][ T5760] hub 7-1:0.0: probe with driver hub failed with error -5 [ 112.408882][ T5856] usb 7-1: USB disconnect, device number 8 [ 112.708669][ T857] usb 38-1: device descriptor read/8, error -110 [ 113.109362][ T857] usb usb38-port1: attempt power cycle [ 113.129936][ T39] usb 8-1: USB disconnect, device number 3 [ 113.449309][ T5856] usb 7-1: new full-speed USB device number 9 using dummy_hcd [ 113.661328][ T5856] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 1024, setting to 64 [ 113.667798][ T5856] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 113.670067][ T857] usb usb38-port1: unable to enumerate USB device [ 113.672537][ T5856] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 113.675299][ T5856] usb 7-1: Product: syz [ 113.676609][ T5856] usb 7-1: Manufacturer: syz [ 113.678194][ T5856] usb 7-1: SerialNumber: syz [ 113.718932][ T5856] usb 7-1: config 0 descriptor?? [ 113.722641][ T6365] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 113.732428][ T5856] hub 7-1:0.0: bad descriptor, ignoring hub [ 113.734379][ T5856] hub 7-1:0.0: probe with driver hub failed with error -5 [ 113.776651][ T6380] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 113.778690][ T6380] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 113.790509][ T6380] vhci_hcd vhci_hcd.0: Device attached [ 114.043789][ T6365] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 114.063161][ T6365] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 114.195895][ T5898] usb 44-1: SetAddress Request (2) to port 0 [ 114.198606][ T5898] usb 44-1: new SuperSpeed USB device number 2 using vhci_hcd [ 114.374733][ T6380] geneve2: entered allmulticast mode [ 114.856382][ T6388] syz.1.83 (6388) used greatest stack depth: 18936 bytes left [ 114.996796][ T6381] vhci_hcd: connection reset by peer [ 114.999185][ T12] vhci_hcd vhci_hcd.3: stop threads [ 115.002441][ T12] vhci_hcd vhci_hcd.3: release socket [ 115.006245][ T12] vhci_hcd vhci_hcd.3: disconnect device [ 115.333346][ T34] usb 7-1: USB disconnect, device number 9 [ 115.362140][ T6394] random: crng reseeded on system resumption [ 115.370856][ T6394] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.85'. [ 115.703429][ T6403] bridge0: port 3(erspan0) entered disabled state [ 115.728751][ T6403] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.733908][ T6403] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.934210][ T6404] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 115.936276][ T6404] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 115.939836][ T6404] vhci_hcd vhci_hcd.0: Device attached [ 116.121295][ T6404] geneve2: entered allmulticast mode [ 116.261056][ T58] usb 42-1: SetAddress Request (2) to port 0 [ 116.263309][ T58] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd [ 116.646115][ T6407] vhci_hcd: connection reset by peer [ 116.649803][ T13] vhci_hcd vhci_hcd.2: stop threads [ 116.651490][ T13] vhci_hcd vhci_hcd.2: release socket [ 116.654691][ T13] vhci_hcd vhci_hcd.2: disconnect device [ 117.951427][ T6416] mmap: syz.1.90 (6416) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 118.114458][ T6416] bond1: ARP target 9.0.0.0 is already present [ 118.116426][ T6416] bond1: option arp_ip_target: invalid value (9) [ 118.132562][ T6416] bond1 (unregistering): Released all slaves [ 118.196853][ T6427] 8021q: adding VLAN 0 to HW filter on device bond1 [ 118.304630][ T6433] fuse: Unknown parameter '0x0000000000000007' [ 118.365326][ T6437] netlink: 'syz.1.96': attribute type 1 has an invalid length. [ 118.379241][ T6437] 8021q: adding VLAN 0 to HW filter on device bond1 [ 118.424956][ T6437] bond1: (slave veth3): Enslaving as an active interface with a down link [ 118.455059][ T6437] vlan2: entered allmulticast mode [ 118.456686][ T6437] veth0_to_bond: entered allmulticast mode [ 118.460284][ T6437] veth0_to_bond: entered promiscuous mode [ 118.463658][ T6437] veth0_to_bond: left promiscuous mode [ 118.466936][ T6437] bond1: (slave vlan2): making interface the new active one [ 118.469867][ T6437] veth0_to_bond: entered promiscuous mode [ 118.472113][ T6437] vlan2: entered promiscuous mode [ 118.474652][ T6437] bond1: (slave vlan2): Enslaving as an active interface with an up link [ 119.268477][ T5898] usb 44-1: device descriptor read/8, error -110 [ 120.209030][ T5898] usb usb44-port1: attempt power cycle [ 120.792210][ T5898] usb usb44-port1: unable to enumerate USB device [ 120.874367][ T6462] netlink: 'syz.1.100': attribute type 1 has an invalid length. [ 121.156050][ T6467] bond2: (slave geneve0): making interface the new active one [ 121.183487][ T6467] bond2: (slave geneve0): Enslaving as an active interface with an up link [ 121.199664][ T1263] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 121.210805][ T1263] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 121.223773][ T1263] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 121.231413][ T1263] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 121.359612][ T58] usb 42-1: device descriptor read/8, error -110 [ 121.385771][ T6476] faux_driver vgem: [drm] Unknown color mode 5; guessing buffer size. [ 121.391673][ T40] audit: type=1326 audit(1781393691.501:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6475 comm="syz.3.103" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf705ef7c code=0x0 [ 121.409108][ T6473] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 121.425820][ T6459] ptrace attach of ""[6469] was attempted by "/syz-executor exec"[6459] [ 121.447917][ T40] audit: type=1800 audit(1781393691.551:73): pid=6459 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.100" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 121.481431][ T6473] kvm: pic: non byte read [ 121.495969][ T6473] kvm: pic: non byte read [ 121.503336][ T6459] workqueue: name exceeds WQ_NAME_LEN. Truncating to: 1^!l1*$pOcɔr$G [ 121.750054][ T58] usb usb42-port1: attempt power cycle [ 121.936035][ T6485] fuse: Unknown parameter 'user_id0000000000000000000000000000000000000000' [ 122.310046][ T58] usb usb42-port1: unable to enumerate USB device [ 122.791162][ T6493] syz.0.107 uses obsolete (PF_INET,SOCK_PACKET) [ 123.055004][ T6500] fuse: Unknown parameter 'user_id0000000000000000000000000000000000000000' [ 123.528676][ T9] usb 8-1: new full-speed USB device number 4 using dummy_hcd [ 123.683050][ T9] usb 8-1: config index 0 descriptor too short (expected 29220, got 36) [ 123.694746][ T9] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 123.705556][ T9] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 123.712640][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 123.722343][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 123.740185][ T9] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 123.759226][ T9] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 123.774895][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.787878][ T9] usb 8-1: config 0 descriptor?? [ 123.790226][ T6490] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 124.012352][ T40] audit: type=1326 audit(1781393694.121:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6507 comm="syz.0.111" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f28f7c code=0x0 [ 124.085264][ T9] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 124.086743][ C1] usblp0: nonzero read bulk status received: -71 [ 124.108112][ T5838] usb 8-1: USB disconnect, device number 4 [ 124.125984][ T5838] usblp0: removed [ 124.818795][ T40] audit: type=1326 audit(1781393694.931:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6515 comm="syz.2.114" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf702ef7c code=0x0 [ 125.782093][ T6528] kvm: pic: non byte read [ 125.786148][ T6528] kvm: pic: non byte read [ 125.789441][ T6528] kvm: pic: non byte read [ 125.793512][ T6528] kvm: pic: non byte read [ 125.795149][ T6528] kvm: pic: non byte read [ 125.796748][ T6528] kvm: pic: non byte read [ 125.798944][ T6528] kvm: pic: non byte read [ 125.800674][ T6528] kvm: pic: non byte read [ 126.004886][ T6538] fuse: Bad value for 'fd' [ 127.018507][ T34] usb 7-1: new full-speed USB device number 10 using dummy_hcd [ 127.180017][ T34] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 127.183269][ T34] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 127.186826][ T34] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 127.190695][ T34] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 127.194514][ T34] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 127.199057][ T34] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 127.204170][ T34] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 127.207312][ T34] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.215952][ T34] usb 7-1: config 0 descriptor?? [ 127.220523][ T6532] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 127.486661][ T34] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 127.638541][ T5843] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 127.694653][ C3] usblp0: nonzero read bulk status received: -71 [ 127.700910][ T34] usb 7-1: USB disconnect, device number 10 [ 127.715379][ T6529] usblp0: removed [ 127.790662][ T5843] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 127.793426][ T5843] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 127.795948][ T5843] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 127.798839][ T5843] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 127.801813][ T5843] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 127.805199][ T5843] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 127.809335][ T5843] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 127.812220][ T5843] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.820473][ T5843] usb 5-1: config 0 descriptor?? [ 127.826696][ T6537] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 128.062835][ T5843] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 128.068139][ T5843] usb 5-1: USB disconnect, device number 3 [ 128.078615][ T5843] usblp0: removed [ 128.340531][ T10] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 128.354636][ T10] hid-generic 0000:0000:0000.0002: hidraw1: HID v0.00 Device [syz1] on syz0 [ 128.868431][ T5838] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 128.918248][ T6592] warning: `syz.0.137' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 128.924330][ T6590] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 128.928922][ T6590] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 129.019727][ T5838] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 129.022659][ T5838] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 129.025662][ T5838] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 129.028301][ T5838] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.032966][ T5838] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 129.035825][ T5838] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 129.038295][ T5838] usb 6-1: Product: syz [ 129.039673][ T5838] usb 6-1: Manufacturer: syz [ 129.053931][ T5838] cdc_wdm 6-1:1.0: skipping garbage [ 129.057771][ T5838] cdc_wdm 6-1:1.0: skipping garbage [ 129.062930][ T5838] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 129.067179][ T5838] cdc_wdm 6-1:1.0: Unknown control protocol [ 129.254228][ T10] usb 6-1: USB disconnect, device number 5 [ 129.569786][ T1263] vlan2: left promiscuous mode [ 129.669981][ T6629] syzkaller0: entered promiscuous mode [ 129.672276][ T6629] syzkaller0: entered allmulticast mode [ 129.685759][ T6629] tipc: Started in network mode [ 129.688019][ T6629] tipc: Node identity baa13cbe1336, cluster identity 4711 [ 129.690608][ T6629] tipc: Enabled bearer , priority 0 [ 129.693489][ T6628] tipc: Resetting bearer [ 129.698436][ T10] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 129.701446][ T6628] tipc: Disabling bearer [ 129.863055][ T10] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 129.868687][ T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 129.878481][ T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 129.884433][ T10] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.900059][ T10] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 129.907349][ T10] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 129.915261][ T10] usb 6-1: Product: syz [ 129.917022][ T10] usb 6-1: Manufacturer: syz [ 129.943681][ T10] cdc_wdm 6-1:1.0: skipping garbage [ 129.946760][ T10] cdc_wdm 6-1:1.0: skipping garbage [ 129.960891][ T10] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 129.962898][ T10] cdc_wdm 6-1:1.0: Unknown control protocol [ 130.072943][ T6634] netlink: 184 bytes leftover after parsing attributes in process `syz.2.156'. [ 130.075751][ T6634] netlink: 184 bytes leftover after parsing attributes in process `syz.2.156'. [ 130.380060][ T9] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 130.528399][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 130.531218][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 130.534427][ T9] usb 5-1: config 0 has no interfaces? [ 130.537198][ T9] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 130.540435][ T9] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 130.542949][ T9] usb 5-1: Product: syz [ 130.544239][ T9] usb 5-1: SerialNumber: syz [ 130.547120][ T9] usb 5-1: config 0 descriptor?? [ 130.760463][ T6647] loop2: detected capacity change from 0 to 7 [ 130.766722][ T6647] Dev loop2: unable to read RDB block 7 [ 130.768609][ T6647] loop2: unable to read partition table [ 130.771024][ T6647] loop2: partition table beyond EOD, truncated [ 130.777530][ T6647] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 130.790187][ T5156] Dev loop2: unable to read RDB block 7 [ 130.791977][ T5156] loop2: unable to read partition table [ 130.794070][ T5156] loop2: partition table beyond EOD, truncated [ 130.797144][ T39] usb 5-1: USB disconnect, device number 4 [ 131.205442][ T6692] program syz.3.183 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 131.241426][ T6695] netlink: 4 bytes leftover after parsing attributes in process `syz.2.185'. [ 131.418964][ T6711] loop5: detected capacity change from 0 to 7 [ 131.426302][ T6711] Dev loop5: unable to read RDB block 7 [ 131.431762][ T6711] loop5: unable to read partition table [ 131.434963][ T6711] loop5: partition table beyond EOD, truncated [ 131.438237][ T6711] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 131.619309][ T9] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 131.769492][ C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 131.770657][ T5838] usb 6-1: USB disconnect, device number 6 [ 131.770927][ T9] usb 5-1: config 0 has an invalid interface number: 120 but max is 0 [ 131.770941][ T9] usb 5-1: config 0 has no interface number 0 [ 131.770966][ T9] usb 5-1: config 0 interface 120 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 131.770983][ T9] usb 5-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 131.770994][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.771560][ C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 131.787578][ C2] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 131.794124][ T9] usb 5-1: config 0 descriptor?? [ 131.822370][ T6724] loop2: detected capacity change from 0 to 7 [ 131.828411][ T6724] Dev loop2: unable to read RDB block 7 [ 131.830552][ T6724] loop2: AHDI p1 p2 p3 [ 131.831906][ T6724] loop2: partition table partially beyond EOD, truncated [ 131.835123][ T6724] loop2: p1 start 1601398130 is beyond EOD, truncated [ 131.837296][ T6724] loop2: p2 start 1702059890 is beyond EOD, truncated [ 132.015017][ T6738] netlink: 28 bytes leftover after parsing attributes in process `syz.1.203'. [ 132.017934][ T6738] netlink: 28 bytes leftover after parsing attributes in process `syz.1.203'. [ 132.021960][ T6738] netlink: 28 bytes leftover after parsing attributes in process `syz.1.203'. [ 132.093912][ T5838] usb 5-1: USB disconnect, device number 5 [ 132.220980][ T6748] loop2: detected capacity change from 0 to 7 [ 132.230053][ T6748] Dev loop2: unable to read RDB block 7 [ 132.235281][ T6748] loop2: AHDI p1 p2 p3 [ 132.237111][ T6748] loop2: partition table partially beyond EOD, truncated [ 132.240638][ T6748] loop2: p1 start 1601398130 is beyond EOD, truncated [ 132.243453][ T6748] loop2: p2 start 1702059890 is beyond EOD, truncated [ 132.294287][ T6750] netlink: 8 bytes leftover after parsing attributes in process `syz.2.208'. [ 132.338215][ T6755] syzkaller0: entered promiscuous mode [ 132.340004][ T6755] syzkaller0: entered allmulticast mode [ 132.420906][ T6758] random: crng reseeded on system resumption [ 132.608518][ T6770] loop2: detected capacity change from 0 to 7 [ 132.612400][ T6770] Dev loop2: unable to read RDB block 7 [ 132.614096][ T6770] loop2: AHDI p1 p2 p3 [ 132.615440][ T6770] loop2: partition table partially beyond EOD, truncated [ 132.617790][ T6770] loop2: p1 start 1601398130 is beyond EOD, truncated [ 132.622074][ T6770] loop2: p2 start 1702059890 is beyond EOD, truncated [ 132.965936][ T6800] syz_tun: entered allmulticast mode [ 132.976614][ T6800] dvmrp8: entered allmulticast mode [ 133.019352][ T6798] syz_tun: left allmulticast mode [ 133.119558][ T6812] process 'syz.1.234' launched './file0' with NULL argv: empty string added [ 133.609198][ T5838] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 133.634031][ T6838] netlink: 76 bytes leftover after parsing attributes in process `syz.3.246'. [ 133.637963][ T6838] netlink: 'syz.3.246': attribute type 3 has an invalid length. [ 133.640392][ T6838] netlink: 5548 bytes leftover after parsing attributes in process `syz.3.246'. [ 133.778428][ T5838] usb 7-1: Using ep0 maxpacket: 8 [ 133.782221][ T5838] usb 7-1: config 0 has an invalid interface number: 92 but max is 0 [ 133.785028][ T5838] usb 7-1: config 0 has no interface number 0 [ 133.787201][ T5838] usb 7-1: New USB device found, idVendor=10c4, idProduct=8857, bcdDevice=6f.95 [ 133.790392][ T5838] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.794390][ T5838] usb 7-1: config 0 descriptor?? [ 133.800181][ T5838] cp210x 7-1:0.92: cp210x converter detected [ 133.958506][ T5856] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 134.118485][ T5856] usb 5-1: Using ep0 maxpacket: 32 [ 134.121892][ T5856] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 134.126524][ T5856] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 134.129754][ T5856] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 134.132789][ T5856] usb 5-1: Product: syz [ 134.134128][ T5856] usb 5-1: Manufacturer: syz [ 134.135539][ T5856] usb 5-1: SerialNumber: syz [ 134.138167][ T5856] usb 5-1: config 0 descriptor?? [ 134.142590][ T6840] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 134.145779][ T5856] hub 5-1:0.0: bad descriptor, ignoring hub [ 134.147812][ T5856] hub 5-1:0.0: probe with driver hub failed with error -5 [ 134.790147][ T6840] usb 5-1: reset high-speed USB device number 6 using dummy_hcd [ 134.941211][ T6840] usb 5-1: device firmware changed [ 134.945522][ T5898] usb 5-1: USB disconnect, device number 6 [ 135.078523][ T5898] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 135.228618][ T5898] usb 5-1: Using ep0 maxpacket: 32 [ 135.233723][ T5898] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 135.239885][ T5898] usb 5-1: string descriptor 0 read error: -22 [ 135.241761][ T5898] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 135.244342][ T5898] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 135.250765][ T5898] usb 5-1: config 0 descriptor?? [ 135.255368][ T6875] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 135.259080][ T5898] hub 5-1:0.0: bad descriptor, ignoring hub [ 135.260794][ T5898] hub 5-1:0.0: probe with driver hub failed with error -5 [ 135.588613][ T5898] usb 5-1: USB disconnect, device number 7 [ 135.628412][ T5856] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 135.788456][ T5856] usb 8-1: Using ep0 maxpacket: 16 [ 135.792173][ T5856] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 135.798500][ T5856] usb 8-1: config 0 has no interfaces? [ 135.809891][ T5856] usb 8-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 135.812764][ T5856] usb 8-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 135.815407][ T5856] usb 8-1: Product: syz [ 135.816754][ T5856] usb 8-1: SerialNumber: syz [ 135.821324][ T5856] usb 8-1: config 0 descriptor?? [ 136.045988][ T58] usb 8-1: USB disconnect, device number 5 [ 136.168536][ T5838] cp210x 7-1:0.92: failed to get vendor val 0x370b size 1: -71 [ 136.170703][ T5838] cp210x 7-1:0.92: querying part number failed [ 136.186147][ T5838] usb 7-1: cp210x converter now attached to ttyUSB0 [ 136.190920][ T5838] usb 7-1: USB disconnect, device number 11 [ 136.205976][ T5838] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 136.208931][ T5838] cp210x 7-1:0.92: device disconnected [ 136.268448][ T5856] usb 5-1: new low-speed USB device number 8 using dummy_hcd [ 136.443787][ T5856] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 136.450935][ T5856] usb 5-1: config 179 has no interface number 0 [ 136.452913][ T5856] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10 [ 136.461440][ T5856] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 8 [ 136.466198][ T5856] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 136.470954][ T5856] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 45824, setting to 8 [ 136.474311][ T5856] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 136.479759][ T5856] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 136.482602][ T5856] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.489124][ T6922] netlink: 76 bytes leftover after parsing attributes in process `syz.2.284'. [ 136.489178][ T6907] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 136.494175][ T6907] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 136.612581][ T40] audit: type=1326 audit(1781393706.721:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6927 comm="syz.2.287" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf702ef7c code=0x0 [ 136.706015][ T5838] usb 5-1: USB disconnect, device number 8 [ 136.706148][ C3] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 136.710511][ C3] ================================================================== [ 136.712973][ C3] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x23b/0x260 [ 136.715332][ C3] Read of size 4 at addr ffff88806a97805c by task swapper/3/0 [ 136.718754][ C3] [ 136.719961][ C3] CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Tainted: G L syzkaller #0 PREEMPT(full) [ 136.719987][ C3] Tainted: [L]=SOFTLOCKUP [ 136.719994][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 136.720004][ C3] Call Trace: [ 136.720011][ C3] [ 136.720018][ C3] dump_stack_lvl+0x100/0x190 [ 136.720049][ C3] print_report+0x13d/0x4b0 [ 136.720074][ C3] ? __virt_addr_valid+0x239/0x430 [ 136.720102][ C3] ? do_raw_spin_lock+0x23b/0x260 [ 136.720121][ C3] kasan_report+0xdf/0x1d0 [ 136.720142][ C3] ? do_raw_spin_lock+0x23b/0x260 [ 136.720162][ C3] do_raw_spin_lock+0x23b/0x260 [ 136.720182][ C3] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 136.720201][ C3] ? kcov_remote_stop+0x201/0x540 [ 136.720224][ C3] ? kcov_remote_stop+0x201/0x540 [ 136.720248][ C3] _raw_spin_lock_irqsave+0x42/0x60 [ 136.720269][ C3] ? __wake_up+0x1c/0x60 [ 136.720293][ C3] __wake_up+0x1c/0x60 [ 136.720316][ C3] usb_anchor_resume_wakeups+0xc7/0xf0 [ 136.720344][ C3] __usb_hcd_giveback_urb+0x3d6/0x610 [ 136.720368][ C3] usb_hcd_giveback_urb+0x3ca/0x4a0 [ 136.720392][ C3] dummy_timer+0xda1/0x36c0 [ 136.720415][ C3] ? find_held_lock+0x2b/0x80 [ 136.720440][ C3] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 136.720462][ C3] ? debug_object_deactivate+0x2e4/0x3b0 [ 136.720485][ C3] ? __pfx_debug_object_deactivate+0x10/0x10 [ 136.720509][ C3] ? __pfx_dummy_timer+0x10/0x10 [ 136.720527][ C3] ? rcu_is_watching+0x12/0xc0 [ 136.720547][ C3] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 136.720570][ C3] ? __pfx_dummy_timer+0x10/0x10 [ 136.720589][ C3] __hrtimer_run_queues+0x470/0xa00 [ 136.720614][ C3] hrtimer_run_softirq+0x17d/0x2c0 [ 136.720633][ C3] handle_softirqs+0x1ea/0xa00 [ 136.720656][ C3] ? __pfx_handle_softirqs+0x10/0x10 [ 136.720677][ C3] ? _raw_spin_unlock+0x28/0x50 [ 136.720698][ C3] ? __hrtimer_rearm_deferred+0x9b/0x740 [ 136.720720][ C3] __irq_exit_rcu+0x162/0x210 [ 136.720739][ C3] irq_exit_rcu+0x9/0x30 [ 136.720765][ C3] sysvec_apic_timer_interrupt+0xa3/0xc0 [ 136.720789][ C3] [ 136.720796][ C3] [ 136.720802][ C3] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 136.720822][ C3] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 136.720847][ C3] Code: a6 95 02 e9 43 44 03 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 83 80 24 00 fb f4 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 136.720863][ C3] RSP: 0000:ffffc9000048fdf0 EFLAGS: 00000202 [ 136.720878][ C3] RAX: 00000000001764c1 RBX: ffff88801bfd2540 RCX: ffffffff8b871225 [ 136.720891][ C3] RDX: 0000000000000000 RSI: ffffffff8df1ac79 RDI: ffffffff8c1c4680 [ 136.720902][ C3] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed10056a67b5 [ 136.720913][ C3] R10: ffff88802b533dab R11: 0000000000000000 R12: 0000000000000003 [ 136.720923][ C3] R13: ffffed10037fa4a8 R14: 0000000000000003 R15: ffffffff90d74750 [ 136.720938][ C3] ? ct_kernel_exit+0x125/0x180 [ 136.720964][ C3] default_idle+0x9/0x10 [ 136.720978][ C3] default_idle_call+0x6c/0xb0 [ 136.720994][ C3] do_idle+0x464/0x590 [ 136.721015][ C3] ? __pfx_do_idle+0x10/0x10 [ 136.721034][ C3] ? finish_task_switch.isra.0+0x152/0x1010 [ 136.721060][ C3] cpu_startup_entry+0x4f/0x60 [ 136.721080][ C3] start_secondary+0x21d/0x2d0 [ 136.721106][ C3] ? __pfx_start_secondary+0x10/0x10 [ 136.721134][ C3] common_startup_64+0x13e/0x148 [ 136.721161][ C3] [ 136.721167][ C3] [ 136.748693][ T9] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 136.749772][ C3] Allocated by task 5856: [ 136.808429][ T10] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 136.808533][ C3] kasan_save_stack+0x30/0x50 [ 136.844851][ C3] kasan_save_track+0x14/0x30 [ 136.846272][ C3] __kasan_kmalloc+0xaa/0xb0 [ 136.847617][ C3] xpad_probe+0x28e/0x1f60 [ 136.848983][ C3] usb_probe_interface+0x303/0x8f0 [ 136.850537][ C3] really_probe+0x241/0xa60 [ 136.851945][ C3] __driver_probe_device+0x22e/0x480 [ 136.853539][ C3] driver_probe_device+0x4c/0x1b0 [ 136.855085][ C3] __device_attach_driver+0x1df/0x340 [ 136.856720][ C3] bus_for_each_drv+0x159/0x1e0 [ 136.858214][ C3] __device_attach+0x1e4/0x4d0 [ 136.859680][ C3] device_initial_probe+0xaf/0xd0 [ 136.861240][ C3] bus_probe_device+0x64/0x160 [ 136.862713][ C3] device_add+0x1210/0x1950 [ 136.864098][ C3] usb_set_configuration+0xd97/0x1c60 [ 136.865723][ C3] usb_generic_driver_probe+0xa1/0xe0 [ 136.867338][ C3] usb_probe_device+0xef/0x400 [ 136.868789][ C3] really_probe+0x241/0xa60 [ 136.870191][ C3] __driver_probe_device+0x22e/0x480 [ 136.871817][ C3] driver_probe_device+0x4c/0x1b0 [ 136.873359][ C3] __device_attach_driver+0x1df/0x340 [ 136.875004][ C3] bus_for_each_drv+0x159/0x1e0 [ 136.876487][ C3] __device_attach+0x1e4/0x4d0 [ 136.877957][ C3] device_initial_probe+0xaf/0xd0 [ 136.879489][ C3] bus_probe_device+0x64/0x160 [ 136.880963][ C3] device_add+0x1210/0x1950 [ 136.882352][ C3] usb_new_device.cold+0x685/0x115c [ 136.883930][ C3] hub_event+0x314d/0x4af0 [ 136.885319][ C3] process_one_work+0xa0e/0x1980 [ 136.886810][ C3] worker_thread+0x5ef/0xe50 [ 136.888188][ C3] kthread+0x370/0x450 [ 136.889435][ C3] ret_from_fork+0x72b/0xd50 [ 136.890850][ C3] ret_from_fork_asm+0x1a/0x30 [ 136.892314][ C3] [ 136.893056][ C3] Freed by task 5838: [ 136.894279][ C3] kasan_save_stack+0x30/0x50 [ 136.895694][ C3] kasan_save_track+0x14/0x30 [ 136.897097][ C3] kasan_save_free_info+0x3b/0x70 [ 136.898595][ C3] __kasan_slab_free+0x5f/0x80 [ 136.900045][ C3] kfree+0x223/0x6c0 [ 136.901273][ C3] xpad_disconnect+0x1cf/0x530 [ 136.902748][ C3] usb_unbind_interface+0x1dd/0x9e0 [ 136.904326][ C3] device_remove+0x12a/0x180 [ 136.905758][ C3] device_release_driver_internal+0x44e/0x620 [ 136.907615][ C3] bus_remove_device+0x2bc/0x560 [ 136.909091][ C3] device_del+0x376/0x9b0 [ 136.910416][ C3] usb_disable_device+0x367/0x810 [ 136.911961][ C3] usb_disconnect+0x2e2/0x9a0 [ 136.913404][ C3] hub_event+0x1d0c/0x4af0 [ 136.914755][ C3] process_one_work+0xa0e/0x1980 [ 136.916266][ C3] worker_thread+0x5ef/0xe50 [ 136.917703][ C3] kthread+0x370/0x450 [ 136.918947][ C3] ret_from_fork+0x72b/0xd50 [ 136.920348][ C3] ret_from_fork_asm+0x1a/0x30 [ 136.921860][ C3] [ 136.922611][ C3] The buggy address belongs to the object at ffff88806a978000 [ 136.922611][ C3] which belongs to the cache kmalloc-1k of size 1024 [ 136.926769][ C3] The buggy address is located 92 bytes inside of [ 136.926769][ C3] freed 1024-byte region [ffff88806a978000, ffff88806a978400) [ 136.928401][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 136.930770][ C3] [ 136.930777][ C3] The buggy address belongs to the physical page: [ 136.930782][ C3] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88806a97e000 pfn:0x6a978 [ 136.930796][ C3] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 136.930805][ C3] flags: 0x4fff00000000240(workingset|head|node=1|zone=1|lastcpupid=0x7ff) [ 136.930816][ C3] page_type: f5(slab) [ 136.930826][ C3] raw: 04fff00000000240 ffff88801b842dc0 ffffea0001389210 ffffea0001ab3410 [ 136.930835][ C3] raw: ffff88806a97e000 000000080010000f 00000000f5000000 0000000000000000 [ 136.934070][ T9] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 136.934848][ C3] head: 04fff00000000240 ffff88801b842dc0 ffffea0001389210 ffffea0001ab3410 [ 136.934859][ C3] head: ffff88806a97e000 000000080010000f 00000000f5000000 0000000000000000 [ 136.934868][ C3] head: 04fff00000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff [ 136.934879][ C3] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 136.938218][ T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 136.940571][ C3] page dumped because: kasan: bad access detected [ 136.940578][ C3] page_owner tracks the page as allocated [ 136.940582][ C3] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5749, tgid 5749 (syz-executor), ts 84422167058, free_ts 84396900522 [ 136.940601][ C3] post_alloc_hook+0xfd/0x120 [ 136.940618][ C3] get_page_from_freelist+0x11a6/0x3410 [ 136.940634][ C3] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 136.940650][ C3] new_slab+0xa6/0x6c0 [ 136.940662][ C3] refill_objects+0x277/0x420 [ 136.940677][ C3] __pcs_replace_empty_main+0x375/0x650 [ 136.940692][ C3] __kmalloc_node_noprof+0x69a/0x850 [ 136.943224][ T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 136.944317][ C3] qdisc_alloc+0xbb/0xb30 [ 136.944330][ C3] qdisc_create_dflt+0x97/0x4b0 [ 136.944340][ C3] dev_activate+0x64f/0xce0 [ 136.944350][ C3] __dev_open+0x490/0x8f0 [ 136.944361][ C3] __dev_change_flags+0x596/0x850 [ 136.947050][ T9] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 136.949557][ C3] netif_change_flags+0x8d/0x160 [ 136.949569][ C3] do_setlink.isra.0+0x1ac4/0x3e60 [ 136.949579][ C3] rtnl_newlink+0x11c2/0x2380 [ 136.949589][ C3] rtnetlink_rcv_msg+0x95e/0xe90 [ 136.949599][ C3] page last free pid 5749 tgid 5749 stack trace: [ 136.949605][ C3] __free_frozen_pages+0x794/0x10a0 [ 136.949618][ C3] qlist_free_all+0x47/0xf0 [ 136.949627][ C3] kasan_quarantine_reduce+0x1a0/0x1f0 [ 136.949636][ C3] __kasan_slab_alloc+0x69/0x90 [ 136.949646][ C3] kmem_cache_alloc_noprof+0x241/0x6e0 [ 136.952726][ T9] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 136.955208][ C3] security_inode_alloc+0x3b/0x2c0 [ 136.955223][ C3] inode_init_always_gfp+0xc77/0xfb0 [ 136.955240][ C3] alloc_inode+0x8e/0x250 [ 136.957935][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.960415][ C3] sock_alloc+0x44/0x280 [ 136.960428][ C3] __sock_create+0xc2/0x860 [ 136.960440][ C3] __sys_socket+0x14d/0x260 [ 136.960453][ C3] __ia32_compat_sys_socketcall+0x65b/0x770 [ 136.960465][ C3] __do_fast_syscall_32+0xe7/0x970 [ 136.960481][ C3] do_fast_syscall_32+0x32/0x70 [ 137.034856][ C3] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 137.036724][ C3] [ 137.037459][ C3] Memory state around the buggy address: [ 137.039130][ C3] ffff88806a977f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 137.041522][ C3] ffff88806a977f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 137.043849][ C3] >ffff88806a978000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 137.046243][ C3] ^ [ 137.048295][ C3] ffff88806a978080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 137.050605][ C3] ffff88806a978100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 137.052926][ C3] ================================================================== [ 137.055308][ C3] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 137.057483][ C3] CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Tainted: G L syzkaller #0 PREEMPT(full) [ 137.060572][ C3] Tainted: [L]=SOFTLOCKUP [ 137.061888][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 137.064897][ C3] Call Trace: [ 137.065945][ C3] [ 137.066864][ C3] dump_stack_lvl+0x100/0x190 [ 137.068309][ C3] vpanic+0x552/0x970 [ 137.069541][ C3] ? __pfx_vpanic+0x10/0x10 [ 137.070960][ C3] ? __pfx_vprintk_emit+0x10/0x10 [ 137.072516][ C3] ? do_raw_spin_lock+0x23b/0x260 [ 137.074072][ C3] panic+0xd1/0xe0 [ 137.075181][ C3] ? __pfx_panic+0x10/0x10 [ 137.076420][ C3] ? end_report.part.0+0x23/0x90 [ 137.077947][ C3] ? rcu_is_watching+0x12/0xc0 [ 137.079411][ C3] ? end_report.part.0+0x23/0x90 [ 137.080955][ C3] ? check_panic_on_warn+0x1f/0x90 [ 137.082531][ C3] check_panic_on_warn.cold+0x19/0x34 [ 137.084179][ C3] end_report.part.0+0x3a/0x90 [ 137.085669][ C3] kasan_report.cold+0xe/0x18 [ 137.087129][ C3] ? do_raw_spin_lock+0x23b/0x260 [ 137.088664][ C3] do_raw_spin_lock+0x23b/0x260 [ 137.090162][ C3] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 137.091825][ C3] ? kcov_remote_stop+0x201/0x540 [ 137.093368][ C3] ? kcov_remote_stop+0x201/0x540 [ 137.094960][ C3] _raw_spin_lock_irqsave+0x42/0x60 [ 137.096567][ C3] ? __wake_up+0x1c/0x60 [ 137.097895][ C3] __wake_up+0x1c/0x60 [ 137.099164][ C3] usb_anchor_resume_wakeups+0xc7/0xf0 [ 137.100862][ C3] __usb_hcd_giveback_urb+0x3d6/0x610 [ 137.102511][ C3] usb_hcd_giveback_urb+0x3ca/0x4a0 [ 137.104111][ C3] dummy_timer+0xda1/0x36c0 [ 137.105539][ C3] ? find_held_lock+0x2b/0x80 [ 137.107042][ C3] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 137.108826][ C3] ? debug_object_deactivate+0x2e4/0x3b0 [ 137.110593][ C3] ? __pfx_debug_object_deactivate+0x10/0x10 [ 137.112443][ C3] ? __pfx_dummy_timer+0x10/0x10 [ 137.113981][ C3] ? rcu_is_watching+0x12/0xc0 [ 137.115465][ C3] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 137.117252][ C3] ? __pfx_dummy_timer+0x10/0x10 [ 137.118781][ C3] __hrtimer_run_queues+0x470/0xa00 [ 137.120362][ C3] hrtimer_run_softirq+0x17d/0x2c0 [ 137.121963][ C3] handle_softirqs+0x1ea/0xa00 [ 137.123429][ C3] ? __pfx_handle_softirqs+0x10/0x10 [ 137.125049][ C3] ? _raw_spin_unlock+0x28/0x50 [ 137.126580][ C3] ? __hrtimer_rearm_deferred+0x9b/0x740 [ 137.128276][ C3] __irq_exit_rcu+0x162/0x210 [ 137.129737][ C3] irq_exit_rcu+0x9/0x30 [ 137.131066][ C3] sysvec_apic_timer_interrupt+0xa3/0xc0 [ 137.132773][ C3] [ 137.133703][ C3] [ 137.134614][ C3] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 137.136466][ C3] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 137.138194][ C3] Code: a6 95 02 e9 43 44 03 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 83 80 24 00 fb f4 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 137.144038][ C3] RSP: 0000:ffffc9000048fdf0 EFLAGS: 00000202 [ 137.145976][ C3] RAX: 00000000001764c1 RBX: ffff88801bfd2540 RCX: ffffffff8b871225 [ 137.148379][ C3] RDX: 0000000000000000 RSI: ffffffff8df1ac79 RDI: ffffffff8c1c4680 [ 137.150795][ C3] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed10056a67b5 [ 137.153179][ C3] R10: ffff88802b533dab R11: 0000000000000000 R12: 0000000000000003 [ 137.155613][ C3] R13: ffffed10037fa4a8 R14: 0000000000000003 R15: ffffffff90d74750 [ 137.158045][ C3] ? ct_kernel_exit+0x125/0x180 [ 137.159569][ C3] default_idle+0x9/0x10 [ 137.160915][ C3] default_idle_call+0x6c/0xb0 [ 137.162424][ C3] do_idle+0x464/0x590 [ 137.163718][ C3] ? __pfx_do_idle+0x10/0x10 [ 137.165171][ C3] ? finish_task_switch.isra.0+0x152/0x1010 [ 137.166997][ C3] cpu_startup_entry+0x4f/0x60 [ 137.168467][ C3] start_secondary+0x21d/0x2d0 [ 137.169946][ C3] ? __pfx_start_secondary+0x10/0x10 [ 137.171593][ C3] common_startup_64+0x13e/0x148 [ 137.173115][ C3] [ 137.174778][ C3] Kernel Offset: disabled [ 137.176114][ C3] Rebooting in 86400 seconds.. VM DIAGNOSIS: 23:35:06 Registers: info registers vcpu 0 CPU#0 RAX=00000000002bc5a7 RBX=ffffffff8e4955c0 RCX=ffffffff8b871225 RDX=0000000000000000 RSI=ffffffff8df1ac79 RDI=ffffffff8c1c4680 RBP=0000000000000000 RSP=ffffffff8e407e00 R8 =0000000000000001 R9 =ffffed10056467b5 R10=ffff88802b233dab R11=0000000000000000 R12=0000000000000000 R13=fffffbfff1c92ab8 R14=0000000000000000 R15=ffffffff90d74750 RIP=ffffffff8b86f87f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809718e000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7425014 CR3=000000004d968000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000029101f RBX=ffff88801bf22540 RCX=ffffffff8b871225 RDX=0000000000000000 RSI=ffffffff8df1ac79 RDI=ffffffff8c1c4680 RBP=0000000000000000 RSP=ffffc9000046fdf0 R8 =0000000000000001 R9 =ffffed10056667b5 R10=ffff88802b333dab R11=0000000000000000 R12=0000000000000001 R13=ffffed10037e44a8 R14=0000000000000001 R15=ffffffff90d74750 RIP=ffffffff8b86f87f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809728e000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f71e7810 CR3=000000005a7af000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000010c6f7a0b5 RBX=0000000000abcc77 RCX=00000000000f4240 RDX=00000000000e28bf RSI=ffffffff89964e6b RDI=0000000000000000 RBP=000000a7c5ac471b RSP=ffffc90000538b68 R8 =0000000000000005 R9 =00000000000f4240 R10=00000000000186a0 R11=0000000000000000 R12=00000000000f4240 R13=0000000000000002 R14=0000000000000000 R15=0000000000112e0b RIP=ffffffff89964e84 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809738e000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fcddcb225d0 CR3=000000005328d000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000585858585858 2e7a797300000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000000000002e RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff857c4615 RDI=ffffffff9b449300 RBP=ffffffff9b4492c0 RSP=ffffc900005e84e0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=000000000000002e R14=0000000000000010 R15=ffffffff857c45b0 RIP=ffffffff857c463f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809748e000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c33749b CR3=000000004b0c1000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000017800000000 0000000300000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000